8000 Merge pull request #396 from dependabot/nishnha/grouped-updates-support · dependabot/fetch-metadata@62c4c8d · GitHub
[go: up one dir, main page]
Skip to content

Commit 62c4c8d

Browse files
NishnhaNishnha
authored
Merge pull request #396 from dependabot/nishnha/grouped-updates-support
Support for Grouped Updates
2 parents 73e8a46 + 11c0ea4 commit 62c4c8d

File tree

7 files changed

+187
-3
lines changed

7 files changed

+187
-3
lines changed

README.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -84,6 +84,8 @@ Subsequent actions will have access to the following outputs:
8484
- If this PR has a known compatibility score and `compat-lookup` is `true`, this contains the compatibility score (otherwise it contains 0).
8585
- `steps.dependabot-metadata.outputs.maintainer-changes`
8686
- Whether or not the the body of this PR contains the phrase "Maintainer changes" which is an indicator of whether or not any maintainers have changed.
87+
- `steps.dependabot-metadata.outputs.dependency-group`
88+
- The dependency group that the PR is associated with (otherwise it is an empty string).
8789

8890
**Note:** By default, these outputs will only be populated if the target Pull Request was opened by Dependabot and contains
8991
**only** Dependabot-created commits. To override, see `skip-commit-verification` / `skip-verification`.

dist/index.js

Lines changed: 7 additions & 2 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/dependabot/output.test.ts

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@ const baseDependency = {
2020
newVersion: '',
2121
compatScore: 0,
2222
maintainerChanges: false,
23+
dependencyGroup: '',
2324
alertState: '',
2425
ghsaId: '',
2526
cvss: 0
@@ -38,6 +39,7 @@ test('when given a single dependency it sets its values', async () => {
3839
newVersion: '1.1.3-beta',
3940
compatScore: 43,
4041
maintainerChanges: true,
42+
dependencyGroup: '',
4143
alertState: 'FIXED',
4244
ghsaId: 'VERY_LONG_ID',
4345
cvss: 4.6

src/dependabot/output.ts

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,7 @@ export function set (updatedDependencies: Array<updatedDependency>): void {
2828
const newVersion = firstDependency?.newVersion
2929
const compatScore = firstDependency?.compatScore
3030
const maintainerChanges = firstDependency?.maintainerChanges
31+
const dependencyGroup = firstDependency?.dependencyGroup
3132
const alertState = firstDependency?.alertState
3233
const ghsaId = firstDependency?.ghsaId
3334
const cvss = firstDependency?.cvss
@@ -43,6 +44,7 @@ export function set (updatedDependencies: Array<updatedDependency>): void {
4344
core.info(`outputs.new-version: ${newVersion}`)
4445
core.info(`outputs.compatibility-score: ${compatScore}`)
4546
core.info(`outputs.maintainer-changes: ${maintainerChanges}`)
47+
core.info(`outputs.dependency-group: ${dependencyGroup}`)
4648
core.info(`outputs.alert-state: ${alertState}`)
4749
core.info(`outputs.ghsa-id: ${ghsaId}`)
4850
core.info(`outputs.cvss: ${cvss}`)
@@ -59,6 +61,7 @@ export function set (updatedDependencies: Array<updatedDependency>): void {
5961
core.setOutput('new-version', newVersion)
6062
core.setOutput('compatibility-score', compatScore)
6163
core.setOutput('maintainer-changes', maintainerChanges)
64+
core.setOutput('dependency-group', dependencyGroup)
6265
core.setOutput('alert-state', alertState)
6366
core.setOutput('ghsa-id', ghsaId)
6467
core.setOutput('cvss', cvss)

src/dependabot/update_metadata.test.ts

Lines changed: 50 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,7 @@ test('it returns the updated dependency information when there is a yaml fragmen
6161
expect(updatedDependencies[0].alertState).toEqual('DISMISSED')
6262
expect(updatedDependencies[0].ghsaId).toEqual('GHSA-III-BBB')
6363
expect(updatedDependencies[0].cvss).toEqual(4.6)
64+
expect(updatedDependencies[0].dependencyGroup).toEqual('')
6465
})
6566

6667
test('it supports multiple dependencies within a single fragment', async () => {
@@ -122,6 +123,8 @@ test('it supports multiple dependencies within a single fragment', async () => {
122123
expect(updatedDependencies[0].alertState).toEqual('DISMISSED')
123124
expect(updatedDependencies[0].ghsaId).toEqual('GHSA-III-BBB')
124125
expect(updatedDependencies[0].cvss).toEqual(4.6)
126+
expect(updatedDependencies[0].dependencyGroup).toEqual('')
127+
expect(updatedDependencies[0].dependencyGroup).toEqual('')
125128

126129
expect(updatedDependencies[1].dependencyName).toEqual('coffeescript')
127130
expect(updatedDependencies[1].dependencyType).toEqual('indirect')
@@ -135,6 +138,7 @@ test('it supports multiple dependencies within a single fragment', async () => {
135138
expect(updatedDependencies[1].alertState).toEqual('')
136139
expect(updatedDependencies[1].ghsaId).toEqual('')
137140
expect(updatedDependencies[1].cvss).toEqual(0)
141+
expect(updatedDependencies[1].dependencyGroup).toEqual('')
138142
})
139143

140144
test('it returns the updated dependency information when there is a leading v in the commit message versions', async () => {
@@ -170,6 +174,50 @@ test('it returns the updated dependency information when there is a leading v in
170174
expect(updatedDependencies[0].alertState).toEqual('DISMISSED')
171175
expect(updatedDependencies[0].ghsaId).toEqual('GHSA-III-BBB')
172176
expect(updatedDependencies[0].cvss).toEqual(4.6)
177+
expect(updatedDependencies[0].dependencyGroup).toEqual('')
178+
})
179+
180+
test('it supports returning information about grouped updates', async () => {
181+
const commitMessage =
182+
'Bumps the docker group with 3 updates: [github.com/docker/cli](https://github.com/docker/cli), [github.com/docker/docker](https://github.com/docker/docker) and [github.com/moby/moby](https://github.com/moby/moby).\n' +
183+
'\n' +
184+
'Updates `github.com/docker/cli` from 24.0.1+incompatible to 24.0.2+incompatible\n' +
185+
'- [Commits](docker/cli@v24.0.1...v24.0.2)\n' +
186+
'\n' +
187+
'Updates `github.com/docker/docker` from 24.0.1+incompatible to 24.0.2+incompatible\n' +
188+
'- [Release notes](https://github.com/docker/docker/releases)\n' +
189+
'- [Commits](moby/moby@v24.0.1...v24.0.2)\n' +
190+
'\n' +
191+
'Updates `github.com/moby/moby` from 24.0.1+incompatible to 24.0.2+incompatible\n' +
192+
'- [Release notes](https://github.com/moby/moby/releases)\n' +
193+
'- [Commits](moby/moby@v24.0.1...v24.0.2)\n' +
194+
'\n' +
195+
'---\n' +
196+
'updated-dependencies:\n' +
197+
'- dependency-name: github.com/docker/cli\n' +
198+
' dependency-type: direct:production\n' +
199+
' update-type: version-update:semver-patch\n' +
200+
' dependency-group: docker\n' +
201+
'- dependency-name: github.com/docker/docker\n' +
202+
' dependency-type: direct:production\n' +
203+
' update-type: version-update:semver-patch\n' +
204+
' dependency-group: docker\n' +
205+
'- dependency-name: github.com/moby/moby\n' +
206+
' dependency-type: direct:production\n' +
207+
' update-type: version-update:semver-patch\n' +
208+
' dependency-group: docker\n' +
209+
'...\n' +
210+
'\n' +
211+
'Signed-off-by: dependabot[bot] <support@github.com>\n'
212+
213+
const getAlert = async () => Promise.resolve({ alertState: 'DISMISSED', ghsaId: 'GHSA-III-BBB', cvss: 4.6 })
214+
const getScore = async () => Promise.resolve(43)
215+
const updatedDependencies = await updateMetadata.parse(commitMessage, '', 'dependabot/docker/gh-base-image/docker-1234566789', 'main', getAlert, getScore)
216+
217+
expect(updatedDependencies).toHaveLength(3)
218+
219+
expect(updatedDependencies[0].dependencyName).toEqual('github.com/docker/cli')
220+
expect(updatedDependencies[0].dependencyGroup).toEqual('docker')
173221
})
174222

175223
test('it only returns information within the first fragment if there are multiple yaml documents', async () => {
@@ -211,6 +259,7 @@ test('it only returns information within the first fragment if there are multipl
211259
expect(updatedDependencies[0].alertState).toEqual('')
212260
expect(updatedDependencies[0].ghsaId).toEqual('')
213261
expect(updatedDependencies[0].cvss).toEqual(0)
262+
expect(updatedDependencies[0].dependencyGroup).toEqual('')
214263
})
215264

216265
test('it properly handles dependencies which contain slashes', async () => {
@@ -247,6 +296,7 @@ test('it properly handles dependencies which contain slashes', async () => {
247296
expect(updatedDependencies[0].alertState).toEqual('')
248297
expect(updatedDependencies[0].ghsaId).toEqual('')
249298
expect(updatedDependencies[0].cvss).toEqual(0)
299+
expect(updatedDependencies[0].dependencyGroup).toEqual('')
250300
})
251301

252302
test('calculateUpdateType should handle all paths', () => {

src/dependabot/update_metadata.ts

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,7 +16,8 @@ export interface updatedDependency extends dependencyAlert {
1616
prevVersion: string,
1717
newVersion: string,
1818
compatScore: number,
19-
maintainerChanges: boolean
19+
maintainerChanges: boolean,
20+
dependencyGroup: string
2021
}
2122

2223
export interface alertLookup {
@@ -31,6 +32,7 @@ export async function parse (commitMessage: string, body: string, branchName: st
3132
const bumpFragment = commitMessage.match(/^Bumps .* from (?<from>v?\d[^ ]*) to (?<to>v?\d[^ ]*)\.$/m)
3233
const updateFragment = commitMessage.match(/^Update .* requirement from \S*? ?(?<from>v?\d\S*) to \S*? ?(?<to>v?\d\S*)$/m)
3334
const yamlFragment = commitMessage.match(/^-{3}\n(?<dependencies>[\S|\s]*?)\n^\.{3}\n/m)
35+
const groupName = commitMessage.match(/dependency-group:\s(?<name>\S*)/m)
3436
const newMaintainer = !!body.match(/Maintainer changes/m)
3537
const lookupFn = lookup ?? (() => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 }))
3638
const scoreFn = getScore ?? (() => Promise.resolve(0))
@@ -43,6 +45,7 @@ export async function parse (commitMessage: string, body: string, branchName: st
4345
const chunks = branchName.split(delim)
4446
const prev = bumpFragment?.groups?.from ?? (updateFragment?.groups?.from ?? '')
4547
const next = bumpFragment?.groups?.to ?? (updateFragment?.groups?.to ?? '')
48+
const dependencyGroup = groupName?.groups?.name ?? ''
4649

4750
if (data['updated-dependencies']) {
4851
return await Promise.all(data['updated-dependencies'].map(async (dependency, index) => {
@@ -61,6 +64,7 @@ export async function parse (commitMessage: string, body: string, branchName: st
6164
newVersion: nextVersion,
6265
compatScore: await scoreFn(dependency['dependency-name'], lastVersion, nextVersion, chunks[1]),
6366
maintainerChanges: newMaintainer,
67+
dependencyGroup: dependencyGroup,
6468
...await lookupFn(dependency['dependency-name'], lastVersion, dirname)
6569
}
6670
}))

0 commit comments

Comments
 (0)
0