Compare commits
96 Commits
add-summary
...
v2.2.0
| Author | SHA1 | Date | |
|---|---|---|---|
| 2b96ea7f03 | |||
| 4300ce8d38 | |||
| de48c615a3 | |||
| fd959624bf | |||
| 11dd186eb0 | |||
| 1ab05cf855 | |||
| 7d7d5e7c84 | |||
| 8a8fa8bd07 | |||
| 06daf8e801 | |||
| fc4fb55b25 | |||
| 31c132fdca | |||
| 10bc05df70 | |||
| e641ee9a41 | |||
| eaeaeb3d57 | |||
| 1eaf30e6eb | |||
| 5da3462152 | |||
| 6fa5a8f9c0 | |||
| 0d23c39a5d | |||
| 6549b27685 | |||
| f4b16c52e5 | |||
| 1a7a37c468 | |||
| 38b459efad | |||
| 6410b2cdd2 | |||
| fd3a3b1051 | |||
| 6771e49f11 | |||
| c7c07e1117 | |||
| 59fdb0cce7 | |||
| 950228f7f7 | |||
| 6973819203 | |||
| eee2e3260e | |||
| 7eeddef885 | |||
| 8c58cdad09 | |||
| 380290a89b | |||
| 50c3ed0ba6 | |||
| 0455501026 | |||
| bac3f038ac | |||
| 2d81062605 | |||
| 2ae4b932b7 | |||
| c7d4075ae0 | |||
| 49a0208abf | |||
| 94941958fb | |||
| 2764e60363 | |||
| bcd1b9ab86 | |||
| d96759fedc | |||
| bfd72e7da2 | |||
| d8efcf0c1f | |||
| 3b74514266 | |||
| 7a364ecd6b | |||
| 435083feb7 | |||
| 781a55eaaa | |||
| 335c64c139 | |||
| af9a4fa160 | |||
| 3e04d4bc87 | |||
| be076ebeca | |||
| b74c52c335 | |||
| 2233eb2b88 | |||
| ca11176434 | |||
| c8f5c5518e | |||
| 469156603d | |||
| 6b1d7e7207 | |||
| a57a1dd454 | |||
| 0e8bd1f46f | |||
| dd931c7005 | |||
| d8d78b6ace | |||
| a1eafc653a | |||
| 35b0f5ded9 | |||
| 5a25f0b1b3 | |||
| 88dd76a7ef | |||
| b1427bfe58 | |||
| 0d079c6553 | |||
| ce3b0c8116 | |||
| d01dd09c36 | |||
| 21d1a080df | |||
| c869fcfa38 | |||
| 20229aad71 | |||
| 65d6c26087 | |||
| 8b6795d89d | |||
| 030c97ab49 | |||
| dc44a85a96 | |||
| 9cdfbb83fa | |||
| b1f8412445 | |||
| 0d02efb12c | |||
| 2a09e52261 | |||
| e86dfd8cc0 | |||
| a39d9063b3 | |||
| 9809e06c2d | |||
| 70bbe4186e | |||
| 23d1ffffb6 | |||
| d792f3e8ca | |||
| 5da7945e2b | |||
| a8e7c378a3 | |||
| 0e0d6ec5d6 | |||
| 47f663b6ee | |||
| dfcdb87cb3 | |||
| 79f5aede88 | |||
| aef949f026 |
@@ -75,6 +75,7 @@ Here are a few things you can do that will increase the likelihood of your pull
|
||||
|
||||
## Cutting a new release
|
||||
|
||||
1. Update the version number in [package.json](https://github.com/actions/dependency-review-action/blob/main/package.json).
|
||||
1. Go to [Draft a new
|
||||
release](https://github.com/actions/dependency-review-action/releases/new)
|
||||
in the Releases page.
|
||||
|
||||
@@ -5,8 +5,14 @@ raise an error if any vulnerabilities or invalid licenses are being introduced.
|
||||
|
||||
The action is available for all public repositories, as well as private repositories that have GitHub Advanced Security licensed.
|
||||
|
||||
You can see the results on the job logs
|
||||
|
||||
<img width="854" alt="Screen Shot 2022-03-31 at 1 10 51 PM" src="https://user-images.githubusercontent.com/2161/161042286-b22d7dd3-13cb-458d-8744-ce70ed9bf562.png">
|
||||
|
||||
or on the job summary
|
||||
|
||||
<img src="https://user-images.githubusercontent.com/7847935/182871416-50332bbb-b279-4621-a136-ca72a4314301.png">
|
||||
|
||||
## Installation
|
||||
|
||||
**Please keep in mind that you need a [GitHub Advanced Security](https://docs.github.com/en/enterprise-cloud@latest/get-started/learning-about-github/about-github-advanced-security) license if you're running this action on private repositories.**
|
||||
@@ -32,7 +38,7 @@ jobs:
|
||||
|
||||
### GitHub Enterprise Server
|
||||
|
||||
This action is available in GHES starting with version 3.6. Make sure
|
||||
This action is available in Enterprise Server starting with version 3.6. Make sure
|
||||
[GitHub Advanced
|
||||
Security](https://docs.github.com/en/enterprise-server@3.6/admin/code-security/managing-github-advanced-security-for-your-enterprise/enabling-github-advanced-security-for-your-enterprise)
|
||||
and [GitHub
|
||||
@@ -44,7 +50,6 @@ with the label of any of your runners (the default label
|
||||
is `self-hosted`):
|
||||
|
||||
```yaml
|
||||
|
||||
# ...
|
||||
|
||||
jobs:
|
||||
@@ -80,11 +85,14 @@ jobs:
|
||||
# Possible values: "critical", "high", "moderate", "low"
|
||||
# fail-on-severity: critical
|
||||
#
|
||||
# Possible values in comma separated list: "unknown", "runtime", or "development"
|
||||
# fail-on-scopes: runtime, development
|
||||
#
|
||||
# Possible values: Any available git ref
|
||||
# base-ref: ${{ github.event.pull_request.base.ref }}
|
||||
# head-ref: ${{ github.event.pull_request.head.ref }}
|
||||
#
|
||||
# You can only include one of these two options: `allow-licenses` and `deny-licenses`. These options are not supported on GHES.
|
||||
# You can only include one of these two options: `allow-licenses` and `deny-licenses`. These options are not supported on Enterprise Server.
|
||||
#
|
||||
# Possible values: Any `spdx_id` value(s) from https://docs.github.com/en/rest/licenses
|
||||
# allow-licenses: GPL-3.0, BSD-3-Clause, MIT
|
||||
@@ -114,12 +122,23 @@ This example will only fail on pull requests with `critical` and `high` vulnerab
|
||||
fail-on-severity: high
|
||||
```
|
||||
|
||||
### Dependency Scoping
|
||||
|
||||
By default the action will only fail on `runtime` dependencies that have vulnerabilities or unacceptable licenses, ignoring `development` dependencies. You can override this behavior with the `fail-on-scopes` option, which will allow you to list the specific dependency scopes you care about. The possible values are: `unknown`, `runtime`, and `development`. Note: Filtering by scope will not be supported on Enterprise Server just yet, as the REST API's introduction of `scope` will be released in an upcoming Enterprise Server version. We will treat all dependencies on Enterprise Server as having a `runtime` scope and thus will not be filtered away.
|
||||
|
||||
```yaml
|
||||
- name: Dependency Review
|
||||
uses: actions/dependency-review-action@v2
|
||||
with:
|
||||
fail-on-scopes: runtime, development
|
||||
```
|
||||
|
||||
### Licenses
|
||||
|
||||
You can set the action to fail on pull requests based on the licenses of the dependencies
|
||||
they introduce. With `allow-licenses` you can define the list of licenses
|
||||
your repository will accept. Alternatively, you can use `deny-licenses` to only
|
||||
forbid a subset of licenses. These options are not supported on GHES.
|
||||
forbid a subset of licenses. These options are not supported on Enterprise Server.
|
||||
|
||||
You can use the [Licenses
|
||||
API](https://docs.github.com/en/rest/licenses) to see the full list of
|
||||
@@ -144,7 +163,7 @@ to filter. A couple of examples:
|
||||
|
||||
**Important**
|
||||
|
||||
<<<<<<< HEAD
|
||||
- Checking for licenses is not supported on Enterprise Server.
|
||||
- The action will only accept one of the two parameters; an error will
|
||||
be raised if you provide both.
|
||||
- By default both parameters are empty (no license checking is
|
||||
@@ -152,16 +171,6 @@ to filter. A couple of examples:
|
||||
- We don't have license information for all of your dependents. If we
|
||||
can't detect the license for a dependency **we will inform you, but the
|
||||
action won't fail**.
|
||||
=======
|
||||
* Checking for licenses is not supported on GHES.
|
||||
* The action will only accept one of the two parameters; an error will
|
||||
be raised if you provide both.
|
||||
* By default both parameters are empty (no license checking is
|
||||
performed).
|
||||
* We don't have license information for all of your dependents. If we
|
||||
can't detect the license for a dependency **we will inform you, but the
|
||||
action won't fail**.
|
||||
>>>>>>> main
|
||||
|
||||
## Blocking pull requests
|
||||
|
||||
|
||||
@@ -13,6 +13,7 @@ function setInput(input: string, value: string) {
|
||||
function clearInputs() {
|
||||
const allowedOptions = [
|
||||
'FAIL-ON-SEVERITY',
|
||||
'FAIL-ON-SCOPES',
|
||||
'ALLOW-LICENSES',
|
||||
'DENY-LICENSES',
|
||||
'BASE-REF',
|
||||
@@ -82,3 +83,22 @@ test('it raises an error when no refs are provided and the event is not a pull r
|
||||
})
|
||||
).toThrow()
|
||||
})
|
||||
|
||||
test('it defaults to runtime scope', async () => {
|
||||
const options = readConfig()
|
||||
expect(options.fail_on_scopes).toEqual(['runtime'])
|
||||
})
|
||||
test('it parses custom scopes preference', async () => {
|
||||
setInput('fail-on-scopes', 'runtime, development')
|
||||
let options = readConfig()
|
||||
expect(options.fail_on_scopes).toEqual(['runtime', 'development'])
|
||||
|
||||
clearInputs()
|
||||
setInput('fail-on-scopes', 'development')
|
||||
options = readConfig()
|
||||
expect(options.fail_on_scopes).toEqual(['development'])
|
||||
})
|
||||
test('it raises an error when given invalid scope', async () => {
|
||||
setInput('fail-on-scopes', 'runtime, zombies')
|
||||
expect(() => readConfig()).toThrow()
|
||||
})
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
import {expect, test} from '@jest/globals'
|
||||
import {Change, Changes} from '../src/schemas'
|
||||
import {filterChangesBySeverity} from '../src/filter'
|
||||
import {filterChangesBySeverity, filterChangesByScopes} from '../src/filter'
|
||||
|
||||
let npmChange: Change = {
|
||||
manifest: 'package.json',
|
||||
@@ -11,6 +11,7 @@ let npmChange: Change = {
|
||||
package_url: 'pkg:npm/reeuhq@1.0.2',
|
||||
license: 'MIT',
|
||||
source_repository_url: 'github.com/some-repo',
|
||||
scope: 'runtime',
|
||||
vulnerabilities: [
|
||||
{
|
||||
severity: 'critical',
|
||||
@@ -30,6 +31,7 @@ let rubyChange: Change = {
|
||||
package_url: 'pkg:gem/actionsomething@3.2.0',
|
||||
license: 'BSD',
|
||||
source_repository_url: 'github.com/some-repo',
|
||||
scope: 'development',
|
||||
vulnerabilities: [
|
||||
{
|
||||
severity: 'moderate',
|
||||
@@ -57,3 +59,16 @@ test('it properly filters changes by severity', async () => {
|
||||
result = filterChangesBySeverity('critical', changes)
|
||||
expect(changes).toEqual([npmChange, rubyChange])
|
||||
})
|
||||
|
||||
test('it properly filters changes by scope', async () => {
|
||||
const changes = [npmChange, rubyChange]
|
||||
|
||||
let result = filterChangesByScopes(['runtime'], changes)
|
||||
expect(result).toEqual([npmChange])
|
||||
|
||||
result = filterChangesByScopes(['development'], changes)
|
||||
expect(result).toEqual([rubyChange])
|
||||
|
||||
result = filterChangesByScopes(['runtime', 'development'], changes)
|
||||
expect(result).toEqual([npmChange, rubyChange])
|
||||
})
|
||||
|
||||
@@ -11,6 +11,7 @@ let npmChange: Change = {
|
||||
package_url: 'pkg:npm/reeuhq@1.0.2',
|
||||
license: 'MIT',
|
||||
source_repository_url: 'github.com/some-repo',
|
||||
scope: 'runtime',
|
||||
vulnerabilities: [
|
||||
{
|
||||
severity: 'critical',
|
||||
@@ -30,6 +31,7 @@ let rubyChange: Change = {
|
||||
package_url: 'pkg:gem/actionsomething@3.2.0',
|
||||
license: 'BSD',
|
||||
source_repository_url: 'github.com/some-repo',
|
||||
scope: 'runtime',
|
||||
vulnerabilities: [
|
||||
{
|
||||
severity: 'moderate',
|
||||
|
||||
@@ -10,6 +10,10 @@ inputs:
|
||||
description: Don't block PRs below this severity. Possible values are `low`, `moderate`, `high`, `critical`.
|
||||
required: false
|
||||
default: 'low'
|
||||
fail-on-scopes:
|
||||
description: Dependency scopes to block PRs on. Comma-separated list. Possible values are 'unknown', 'runtime', and 'development' (e.g. "runtime, development")
|
||||
required: false
|
||||
default: 'runtime'
|
||||
base-ref:
|
||||
description: The base git ref to be used for this check. Has a default value when the workflow event is `pull_request` or `pull_request_target`. Must be provided otherwise.
|
||||
required: false
|
||||
|
||||
+399
-164
@@ -201,6 +201,7 @@ const request_error_1 = __nccwpck_require__(537);
|
||||
const config_1 = __nccwpck_require__(6373);
|
||||
const filter_1 = __nccwpck_require__(8752);
|
||||
const licenses_1 = __nccwpck_require__(3247);
|
||||
const summary = __importStar(__nccwpck_require__(8608));
|
||||
const git_refs_1 = __nccwpck_require__(1086);
|
||||
function run() {
|
||||
return __awaiter(this, void 0, void 0, function* () {
|
||||
@@ -219,21 +220,26 @@ function run() {
|
||||
allow: config.allow_licenses,
|
||||
deny: config.deny_licenses
|
||||
};
|
||||
const filteredChanges = (0, filter_1.filterChangesBySeverity)(minSeverity, changes);
|
||||
for (const change of filteredChanges) {
|
||||
if (change.change_type === 'added' &&
|
||||
change.vulnerabilities !== undefined &&
|
||||
change.vulnerabilities.length > 0) {
|
||||
const scopes = config.fail_on_scopes;
|
||||
const scopedChanges = (0, filter_1.filterChangesByScopes)(scopes, changes);
|
||||
const addedChanges = (0, filter_1.filterChangesBySeverity)(minSeverity, scopedChanges).filter(change => change.change_type === 'added' &&
|
||||
change.vulnerabilities !== undefined &&
|
||||
change.vulnerabilities.length > 0);
|
||||
const [licenseErrors, unknownLicenses] = (0, licenses_1.getDeniedLicenseChanges)(scopedChanges, licenses);
|
||||
summary.addSummaryToSummary(addedChanges, licenseErrors, unknownLicenses);
|
||||
if (addedChanges.length > 0) {
|
||||
for (const change of addedChanges) {
|
||||
printChangeVulnerabilities(change);
|
||||
failed = true;
|
||||
}
|
||||
failed = true;
|
||||
}
|
||||
const [licenseErrors, unknownLicenses] = (0, licenses_1.getDeniedLicenseChanges)(changes, licenses);
|
||||
summary.addChangeVulnerabilitiesToSummary(addedChanges, minSeverity || '');
|
||||
if (licenseErrors.length > 0) {
|
||||
printLicensesError(licenseErrors);
|
||||
core.setFailed('Dependency review detected incompatible licenses.');
|
||||
}
|
||||
printNullLicenses(unknownLicenses);
|
||||
summary.addLicensesToSummary(licenseErrors, unknownLicenses, config);
|
||||
if (failed) {
|
||||
core.setFailed('Dependency review detected vulnerable packages.');
|
||||
}
|
||||
@@ -257,6 +263,9 @@ function run() {
|
||||
}
|
||||
}
|
||||
}
|
||||
finally {
|
||||
yield core.summary.write();
|
||||
}
|
||||
});
|
||||
}
|
||||
function printChangeVulnerabilities(change) {
|
||||
@@ -326,9 +335,10 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
||||
return result;
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||
exports.ChangesSchema = exports.ConfigurationOptionsSchema = exports.PullRequestSchema = exports.ChangeSchema = exports.SEVERITIES = void 0;
|
||||
exports.ChangesSchema = exports.ConfigurationOptionsSchema = exports.PullRequestSchema = exports.ChangeSchema = exports.SCOPES = exports.SEVERITIES = void 0;
|
||||
const z = __importStar(__nccwpck_require__(3301));
|
||||
exports.SEVERITIES = ['critical', 'high', 'moderate', 'low'];
|
||||
exports.SCOPES = ['unknown', 'runtime', 'development'];
|
||||
exports.ChangeSchema = z.object({
|
||||
change_type: z.enum(['added', 'removed']),
|
||||
manifest: z.string(),
|
||||
@@ -338,9 +348,10 @@ exports.ChangeSchema = z.object({
|
||||
package_url: z.string(),
|
||||
license: z.string().nullable(),
|
||||
source_repository_url: z.string().nullable(),
|
||||
scope: z.enum(exports.SCOPES).optional(),
|
||||
vulnerabilities: z
|
||||
.array(z.object({
|
||||
severity: z.enum(['critical', 'high', 'moderate', 'low']),
|
||||
severity: z.enum(exports.SEVERITIES),
|
||||
advisory_ghsa_id: z.string(),
|
||||
advisory_summary: z.string(),
|
||||
advisory_url: z.string()
|
||||
@@ -356,6 +367,7 @@ exports.PullRequestSchema = z.object({
|
||||
exports.ConfigurationOptionsSchema = z
|
||||
.object({
|
||||
fail_on_severity: z.enum(exports.SEVERITIES).default('low'),
|
||||
fail_on_scopes: z.array(z.enum(exports.SCOPES)).default(['runtime']),
|
||||
allow_licenses: z.array(z.string()).default([]),
|
||||
deny_licenses: z.array(z.string()).default([]),
|
||||
base_ref: z.string(),
|
||||
@@ -366,6 +378,156 @@ exports.ConfigurationOptionsSchema = z
|
||||
exports.ChangesSchema = z.array(exports.ChangeSchema);
|
||||
|
||||
|
||||
/***/ }),
|
||||
|
||||
/***/ 8608:
|
||||
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
|
||||
|
||||
"use strict";
|
||||
|
||||
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
||||
if (k2 === undefined) k2 = k;
|
||||
var desc = Object.getOwnPropertyDescriptor(m, k);
|
||||
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
||||
desc = { enumerable: true, get: function() { return m[k]; } };
|
||||
}
|
||||
Object.defineProperty(o, k2, desc);
|
||||
}) : (function(o, m, k, k2) {
|
||||
if (k2 === undefined) k2 = k;
|
||||
o[k2] = m[k];
|
||||
}));
|
||||
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
||||
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
||||
}) : function(o, v) {
|
||||
o["default"] = v;
|
||||
});
|
||||
var __importStar = (this && this.__importStar) || function (mod) {
|
||||
if (mod && mod.__esModule) return mod;
|
||||
var result = {};
|
||||
if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
|
||||
__setModuleDefault(result, mod);
|
||||
return result;
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||
exports.addLicensesToSummary = exports.addChangeVulnerabilitiesToSummary = exports.addSummaryToSummary = void 0;
|
||||
const core = __importStar(__nccwpck_require__(2186));
|
||||
function addSummaryToSummary(addedPackages, licenseErrors, unknownLicenses) {
|
||||
core.summary
|
||||
.addHeading('Dependency Review')
|
||||
.addRaw(`We found ${addedPackages.length} vulnerable package(s), ${licenseErrors.length} package(s) with incompatible licenses, and ${unknownLicenses.length} package(s) with unknown licenses.`);
|
||||
}
|
||||
exports.addSummaryToSummary = addSummaryToSummary;
|
||||
function addChangeVulnerabilitiesToSummary(addedPackages, severity) {
|
||||
const rows = [];
|
||||
const manifests = getManifests(addedPackages);
|
||||
core.summary
|
||||
.addHeading('Vulnerabilities')
|
||||
.addQuote(`Vulnerabilites were filtered by mininum severity <strong>${severity}</strong>.`);
|
||||
if (addedPackages.length === 0) {
|
||||
core.summary.addQuote('No vulnerabilities found in added packages.');
|
||||
return;
|
||||
}
|
||||
for (const manifest of manifests) {
|
||||
for (const change of addedPackages.filter(pkg => pkg.manifest === manifest)) {
|
||||
let previous_package = '';
|
||||
let previous_version = '';
|
||||
for (const vuln of change.vulnerabilities) {
|
||||
const sameAsPrevious = previous_package === change.name &&
|
||||
previous_version === change.version;
|
||||
if (!sameAsPrevious) {
|
||||
rows.push([
|
||||
renderUrl(change.source_repository_url, change.name),
|
||||
change.version,
|
||||
renderUrl(vuln.advisory_url, vuln.advisory_summary),
|
||||
vuln.severity
|
||||
]);
|
||||
}
|
||||
else {
|
||||
rows.push([
|
||||
{ data: '', colspan: '2' },
|
||||
renderUrl(vuln.advisory_url, vuln.advisory_summary),
|
||||
vuln.severity
|
||||
]);
|
||||
}
|
||||
previous_package = change.name;
|
||||
previous_version = change.version;
|
||||
}
|
||||
}
|
||||
core.summary.addHeading(`<em>${manifest}</em>`, 3).addTable([
|
||||
[
|
||||
{ data: 'Name', header: true },
|
||||
{ data: 'Version', header: true },
|
||||
{ data: 'Vulnerability', header: true },
|
||||
{ data: 'Severity', header: true }
|
||||
],
|
||||
...rows
|
||||
]);
|
||||
}
|
||||
}
|
||||
exports.addChangeVulnerabilitiesToSummary = addChangeVulnerabilitiesToSummary;
|
||||
function addLicensesToSummary(licenseErrors, unknownLicenses, config) {
|
||||
core.summary.addHeading('Licenses');
|
||||
if (config.allow_licenses && config.allow_licenses.length > 0) {
|
||||
core.summary.addQuote(`<strong>Allowed Licenses</strong>: ${config.allow_licenses.join(', ')}`);
|
||||
}
|
||||
if (config.deny_licenses && config.deny_licenses.length > 0) {
|
||||
core.summary.addQuote(`<strong>Denied Licenses</strong>: ${config.deny_licenses.join(', ')}`);
|
||||
}
|
||||
if (licenseErrors.length === 0 && unknownLicenses.length === 0) {
|
||||
core.summary.addQuote('No license violations detected.');
|
||||
return;
|
||||
}
|
||||
if (licenseErrors.length > 0) {
|
||||
const rows = [];
|
||||
const manifests = getManifests(licenseErrors);
|
||||
core.summary.addHeading('Incompatible Licenses', 3).addSeparator();
|
||||
for (const manifest of manifests) {
|
||||
core.summary.addHeading(`<em>${manifest}</em>`, 4);
|
||||
for (const change of licenseErrors.filter(pkg => pkg.manifest === manifest)) {
|
||||
rows.push([
|
||||
renderUrl(change.source_repository_url, change.name),
|
||||
change.version,
|
||||
change.license || ''
|
||||
]);
|
||||
}
|
||||
core.summary.addTable([['Package', 'Version', 'License'], ...rows]);
|
||||
}
|
||||
}
|
||||
else {
|
||||
core.summary.addQuote('No license violations detected.');
|
||||
}
|
||||
core.debug(`found ${unknownLicenses.length} unknown licenses`);
|
||||
if (unknownLicenses.length > 0) {
|
||||
const rows = [];
|
||||
const manifests = getManifests(unknownLicenses);
|
||||
core.debug(`found ${manifests.entries.length} manifests for unknown licenses`);
|
||||
core.summary.addHeading('Unknown Licenses', 3).addSeparator();
|
||||
for (const manifest of manifests) {
|
||||
core.summary.addHeading(`<em>${manifest}</em>`, 4);
|
||||
for (const change of unknownLicenses.filter(pkg => pkg.manifest === manifest)) {
|
||||
rows.push([
|
||||
renderUrl(change.source_repository_url, change.name),
|
||||
change.version
|
||||
]);
|
||||
}
|
||||
core.summary.addTable([['Package', 'Version'], ...rows]);
|
||||
}
|
||||
}
|
||||
}
|
||||
exports.addLicensesToSummary = addLicensesToSummary;
|
||||
function getManifests(changes) {
|
||||
return new Set(changes.flatMap(c => c.manifest));
|
||||
}
|
||||
function renderUrl(url, text) {
|
||||
if (url) {
|
||||
return `<a href="${url}">${text}</a>`;
|
||||
}
|
||||
else {
|
||||
return text;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/***/ }),
|
||||
|
||||
/***/ 7351:
|
||||
@@ -11486,8 +11648,7 @@ function wrappy (fn, cb) {
|
||||
"use strict";
|
||||
|
||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||
exports.getErrorMap = exports.setErrorMap = exports.defaultErrorMap = exports.ZodError = exports.quotelessJson = exports.ZodIssueCode = void 0;
|
||||
const parseUtil_1 = __nccwpck_require__(888);
|
||||
exports.ZodError = exports.quotelessJson = exports.ZodIssueCode = void 0;
|
||||
const util_1 = __nccwpck_require__(3985);
|
||||
exports.ZodIssueCode = util_1.util.arrayToEnum([
|
||||
"invalid_type",
|
||||
@@ -11588,7 +11749,7 @@ class ZodError extends Error {
|
||||
return this.message;
|
||||
}
|
||||
get message() {
|
||||
return JSON.stringify(this.issues, parseUtil_1.jsonStringifyReplacer, 2);
|
||||
return JSON.stringify(this.issues, util_1.util.jsonStringifyReplacer, 2);
|
||||
}
|
||||
get isEmpty() {
|
||||
return this.issues.length === 0;
|
||||
@@ -11616,101 +11777,23 @@ ZodError.create = (issues) => {
|
||||
const error = new ZodError(issues);
|
||||
return error;
|
||||
};
|
||||
const defaultErrorMap = (issue, _ctx) => {
|
||||
let message;
|
||||
switch (issue.code) {
|
||||
case exports.ZodIssueCode.invalid_type:
|
||||
if (issue.received === util_1.ZodParsedType.undefined) {
|
||||
message = "Required";
|
||||
}
|
||||
else {
|
||||
message = `Expected ${issue.expected}, received ${issue.received}`;
|
||||
}
|
||||
break;
|
||||
case exports.ZodIssueCode.invalid_literal:
|
||||
message = `Invalid literal value, expected ${JSON.stringify(issue.expected, parseUtil_1.jsonStringifyReplacer)}`;
|
||||
break;
|
||||
case exports.ZodIssueCode.unrecognized_keys:
|
||||
message = `Unrecognized key(s) in object: ${util_1.util.joinValues(issue.keys, ", ")}`;
|
||||
break;
|
||||
case exports.ZodIssueCode.invalid_union:
|
||||
message = `Invalid input`;
|
||||
break;
|
||||
case exports.ZodIssueCode.invalid_union_discriminator:
|
||||
message = `Invalid discriminator value. Expected ${util_1.util.joinValues(issue.options)}`;
|
||||
break;
|
||||
case exports.ZodIssueCode.invalid_enum_value:
|
||||
message = `Invalid enum value. Expected ${util_1.util.joinValues(issue.options)}, received '${issue.received}'`;
|
||||
break;
|
||||
case exports.ZodIssueCode.invalid_arguments:
|
||||
message = `Invalid function arguments`;
|
||||
break;
|
||||
case exports.ZodIssueCode.invalid_return_type:
|
||||
message = `Invalid function return type`;
|
||||
break;
|
||||
case exports.ZodIssueCode.invalid_date:
|
||||
message = `Invalid date`;
|
||||
break;
|
||||
case exports.ZodIssueCode.invalid_string:
|
||||
if (typeof issue.validation === "object") {
|
||||
if ("startsWith" in issue.validation) {
|
||||
message = `Invalid input: must start with "${issue.validation.startsWith}"`;
|
||||
}
|
||||
else if ("endsWith" in issue.validation) {
|
||||
message = `Invalid input: must end with "${issue.validation.endsWith}"`;
|
||||
}
|
||||
else {
|
||||
util_1.util.assertNever(issue.validation);
|
||||
}
|
||||
}
|
||||
else if (issue.validation !== "regex") {
|
||||
message = `Invalid ${issue.validation}`;
|
||||
}
|
||||
else {
|
||||
message = "Invalid";
|
||||
}
|
||||
break;
|
||||
case exports.ZodIssueCode.too_small:
|
||||
if (issue.type === "array")
|
||||
message = `Array must contain ${issue.inclusive ? `at least` : `more than`} ${issue.minimum} element(s)`;
|
||||
else if (issue.type === "string")
|
||||
message = `String must contain ${issue.inclusive ? `at least` : `over`} ${issue.minimum} character(s)`;
|
||||
else if (issue.type === "number")
|
||||
message = `Number must be greater than ${issue.inclusive ? `or equal to ` : ``}${issue.minimum}`;
|
||||
else if (issue.type === "date")
|
||||
message = `Date must be greater than ${issue.inclusive ? `or equal to ` : ``}${new Date(issue.minimum)}`;
|
||||
else
|
||||
message = "Invalid input";
|
||||
break;
|
||||
case exports.ZodIssueCode.too_big:
|
||||
if (issue.type === "array")
|
||||
message = `Array must contain ${issue.inclusive ? `at most` : `less than`} ${issue.maximum} element(s)`;
|
||||
else if (issue.type === "string")
|
||||
message = `String must contain ${issue.inclusive ? `at most` : `under`} ${issue.maximum} character(s)`;
|
||||
else if (issue.type === "number")
|
||||
message = `Number must be less than ${issue.inclusive ? `or equal to ` : ``}${issue.maximum}`;
|
||||
else if (issue.type === "date")
|
||||
message = `Date must be smaller than ${issue.inclusive ? `or equal to ` : ``}${new Date(issue.maximum)}`;
|
||||
else
|
||||
message = "Invalid input";
|
||||
break;
|
||||
case exports.ZodIssueCode.custom:
|
||||
message = `Invalid input`;
|
||||
break;
|
||||
case exports.ZodIssueCode.invalid_intersection_types:
|
||||
message = `Intersection results could not be merged`;
|
||||
break;
|
||||
case exports.ZodIssueCode.not_multiple_of:
|
||||
message = `Number must be a multiple of ${issue.multipleOf}`;
|
||||
break;
|
||||
default:
|
||||
message = _ctx.defaultError;
|
||||
util_1.util.assertNever(issue);
|
||||
}
|
||||
return { message };
|
||||
|
||||
|
||||
/***/ }),
|
||||
|
||||
/***/ 9566:
|
||||
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
|
||||
|
||||
"use strict";
|
||||
|
||||
var __importDefault = (this && this.__importDefault) || function (mod) {
|
||||
return (mod && mod.__esModule) ? mod : { "default": mod };
|
||||
};
|
||||
exports.defaultErrorMap = defaultErrorMap;
|
||||
let overrideErrorMap = exports.defaultErrorMap;
|
||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||
exports.getErrorMap = exports.setErrorMap = exports.defaultErrorMap = void 0;
|
||||
const en_1 = __importDefault(__nccwpck_require__(468));
|
||||
exports.defaultErrorMap = en_1.default;
|
||||
let overrideErrorMap = en_1.default;
|
||||
function setErrorMap(map) {
|
||||
overrideErrorMap = map;
|
||||
}
|
||||
@@ -11740,6 +11823,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||
exports.ZodParsedType = exports.getParsedType = void 0;
|
||||
__exportStar(__nccwpck_require__(9566), exports);
|
||||
__exportStar(__nccwpck_require__(888), exports);
|
||||
__exportStar(__nccwpck_require__(9449), exports);
|
||||
var util_1 = __nccwpck_require__(3985);
|
||||
@@ -11768,13 +11852,17 @@ var errorUtil;
|
||||
/***/ }),
|
||||
|
||||
/***/ 888:
|
||||
/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
|
||||
/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
|
||||
|
||||
"use strict";
|
||||
|
||||
var __importDefault = (this && this.__importDefault) || function (mod) {
|
||||
return (mod && mod.__esModule) ? mod : { "default": mod };
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||
exports.jsonStringifyReplacer = exports.isAsync = exports.isValid = exports.isDirty = exports.isAborted = exports.OK = exports.DIRTY = exports.INVALID = exports.ParseStatus = exports.addIssueToContext = exports.EMPTY_PATH = exports.makeIssue = void 0;
|
||||
const ZodError_1 = __nccwpck_require__(9892);
|
||||
exports.isAsync = exports.isValid = exports.isDirty = exports.isAborted = exports.OK = exports.DIRTY = exports.INVALID = exports.ParseStatus = exports.addIssueToContext = exports.EMPTY_PATH = exports.makeIssue = void 0;
|
||||
const errors_1 = __nccwpck_require__(9566);
|
||||
const en_1 = __importDefault(__nccwpck_require__(468));
|
||||
const makeIssue = (params) => {
|
||||
const { data, path, errorMaps, issueData } = params;
|
||||
const fullPath = [...path, ...(issueData.path || [])];
|
||||
@@ -11806,8 +11894,8 @@ function addIssueToContext(ctx, issueData) {
|
||||
errorMaps: [
|
||||
ctx.common.contextualErrorMap,
|
||||
ctx.schemaErrorMap,
|
||||
ZodError_1.getErrorMap(),
|
||||
ZodError_1.defaultErrorMap,
|
||||
errors_1.getErrorMap(),
|
||||
en_1.default,
|
||||
].filter((x) => !!x),
|
||||
});
|
||||
ctx.common.issues.push(issue);
|
||||
@@ -11881,13 +11969,6 @@ const isValid = (x) => x.status === "valid";
|
||||
exports.isValid = isValid;
|
||||
const isAsync = (x) => typeof Promise !== undefined && x instanceof Promise;
|
||||
exports.isAsync = isAsync;
|
||||
const jsonStringifyReplacer = (_, value) => {
|
||||
if (typeof value === "bigint") {
|
||||
return value.toString();
|
||||
}
|
||||
return value;
|
||||
};
|
||||
exports.jsonStringifyReplacer = jsonStringifyReplacer;
|
||||
|
||||
|
||||
/***/ }),
|
||||
@@ -11965,6 +12046,12 @@ var util;
|
||||
.join(separator);
|
||||
}
|
||||
util.joinValues = joinValues;
|
||||
util.jsonStringifyReplacer = (_, value) => {
|
||||
if (typeof value === "bigint") {
|
||||
return value.toString();
|
||||
}
|
||||
return value;
|
||||
};
|
||||
})(util = exports.util || (exports.util = {}));
|
||||
exports.ZodParsedType = util.arrayToEnum([
|
||||
"string",
|
||||
@@ -12070,6 +12157,112 @@ __exportStar(__nccwpck_require__(9906), exports);
|
||||
exports["default"] = mod;
|
||||
|
||||
|
||||
/***/ }),
|
||||
|
||||
/***/ 468:
|
||||
/***/ ((__unused_webpack_module, exports, __nccwpck_require__) => {
|
||||
|
||||
"use strict";
|
||||
|
||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||
const util_1 = __nccwpck_require__(3985);
|
||||
const ZodError_1 = __nccwpck_require__(9892);
|
||||
const errorMap = (issue, _ctx) => {
|
||||
let message;
|
||||
switch (issue.code) {
|
||||
case ZodError_1.ZodIssueCode.invalid_type:
|
||||
if (issue.received === util_1.ZodParsedType.undefined) {
|
||||
message = "Required";
|
||||
}
|
||||
else {
|
||||
message = `Expected ${issue.expected}, received ${issue.received}`;
|
||||
}
|
||||
break;
|
||||
case ZodError_1.ZodIssueCode.invalid_literal:
|
||||
message = `Invalid literal value, expected ${JSON.stringify(issue.expected, util_1.util.jsonStringifyReplacer)}`;
|
||||
break;
|
||||
case ZodError_1.ZodIssueCode.unrecognized_keys:
|
||||
message = `Unrecognized key(s) in object: ${util_1.util.joinValues(issue.keys, ", ")}`;
|
||||
break;
|
||||
case ZodError_1.ZodIssueCode.invalid_union:
|
||||
message = `Invalid input`;
|
||||
break;
|
||||
case ZodError_1.ZodIssueCode.invalid_union_discriminator:
|
||||
message = `Invalid discriminator value. Expected ${util_1.util.joinValues(issue.options)}`;
|
||||
break;
|
||||
case ZodError_1.ZodIssueCode.invalid_enum_value:
|
||||
message = `Invalid enum value. Expected ${util_1.util.joinValues(issue.options)}, received '${issue.received}'`;
|
||||
break;
|
||||
case ZodError_1.ZodIssueCode.invalid_arguments:
|
||||
message = `Invalid function arguments`;
|
||||
break;
|
||||
case ZodError_1.ZodIssueCode.invalid_return_type:
|
||||
message = `Invalid function return type`;
|
||||
break;
|
||||
case ZodError_1.ZodIssueCode.invalid_date:
|
||||
message = `Invalid date`;
|
||||
break;
|
||||
case ZodError_1.ZodIssueCode.invalid_string:
|
||||
if (typeof issue.validation === "object") {
|
||||
if ("startsWith" in issue.validation) {
|
||||
message = `Invalid input: must start with "${issue.validation.startsWith}"`;
|
||||
}
|
||||
else if ("endsWith" in issue.validation) {
|
||||
message = `Invalid input: must end with "${issue.validation.endsWith}"`;
|
||||
}
|
||||
else {
|
||||
util_1.util.assertNever(issue.validation);
|
||||
}
|
||||
}
|
||||
else if (issue.validation !== "regex") {
|
||||
message = `Invalid ${issue.validation}`;
|
||||
}
|
||||
else {
|
||||
message = "Invalid";
|
||||
}
|
||||
break;
|
||||
case ZodError_1.ZodIssueCode.too_small:
|
||||
if (issue.type === "array")
|
||||
message = `Array must contain ${issue.inclusive ? `at least` : `more than`} ${issue.minimum} element(s)`;
|
||||
else if (issue.type === "string")
|
||||
message = `String must contain ${issue.inclusive ? `at least` : `over`} ${issue.minimum} character(s)`;
|
||||
else if (issue.type === "number")
|
||||
message = `Number must be greater than ${issue.inclusive ? `or equal to ` : ``}${issue.minimum}`;
|
||||
else if (issue.type === "date")
|
||||
message = `Date must be greater than ${issue.inclusive ? `or equal to ` : ``}${new Date(issue.minimum)}`;
|
||||
else
|
||||
message = "Invalid input";
|
||||
break;
|
||||
case ZodError_1.ZodIssueCode.too_big:
|
||||
if (issue.type === "array")
|
||||
message = `Array must contain ${issue.inclusive ? `at most` : `less than`} ${issue.maximum} element(s)`;
|
||||
else if (issue.type === "string")
|
||||
message = `String must contain ${issue.inclusive ? `at most` : `under`} ${issue.maximum} character(s)`;
|
||||
else if (issue.type === "number")
|
||||
message = `Number must be less than ${issue.inclusive ? `or equal to ` : ``}${issue.maximum}`;
|
||||
else if (issue.type === "date")
|
||||
message = `Date must be smaller than ${issue.inclusive ? `or equal to ` : ``}${new Date(issue.maximum)}`;
|
||||
else
|
||||
message = "Invalid input";
|
||||
break;
|
||||
case ZodError_1.ZodIssueCode.custom:
|
||||
message = `Invalid input`;
|
||||
break;
|
||||
case ZodError_1.ZodIssueCode.invalid_intersection_types:
|
||||
message = `Intersection results could not be merged`;
|
||||
break;
|
||||
case ZodError_1.ZodIssueCode.not_multiple_of:
|
||||
message = `Number must be a multiple of ${issue.multipleOf}`;
|
||||
break;
|
||||
default:
|
||||
message = _ctx.defaultError;
|
||||
util_1.util.assertNever(issue);
|
||||
}
|
||||
return { message };
|
||||
};
|
||||
exports["default"] = errorMap;
|
||||
|
||||
|
||||
/***/ }),
|
||||
|
||||
/***/ 9335:
|
||||
@@ -12079,7 +12272,8 @@ exports["default"] = mod;
|
||||
|
||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||
exports["function"] = exports["enum"] = exports.effect = exports.discriminatedUnion = exports.date = exports.boolean = exports.bigint = exports.array = exports.any = exports.ZodFirstPartyTypeKind = exports.late = exports.ZodSchema = exports.Schema = exports.custom = exports.ZodBranded = exports.BRAND = exports.ZodNaN = exports.ZodDefault = exports.ZodNullable = exports.ZodOptional = exports.ZodTransformer = exports.ZodEffects = exports.ZodPromise = exports.ZodNativeEnum = exports.ZodEnum = exports.ZodLiteral = exports.ZodLazy = exports.ZodFunction = exports.ZodSet = exports.ZodMap = exports.ZodRecord = exports.ZodTuple = exports.ZodIntersection = exports.ZodDiscriminatedUnion = exports.ZodUnion = exports.ZodObject = exports.objectUtil = exports.ZodArray = exports.ZodVoid = exports.ZodNever = exports.ZodUnknown = exports.ZodAny = exports.ZodNull = exports.ZodUndefined = exports.ZodDate = exports.ZodBoolean = exports.ZodBigInt = exports.ZodNumber = exports.ZodString = exports.ZodType = void 0;
|
||||
exports["void"] = exports.unknown = exports.union = exports.undefined = exports.tuple = exports.transformer = exports.string = exports.strictObject = exports.set = exports.record = exports.promise = exports.preprocess = exports.ostring = exports.optional = exports.onumber = exports.oboolean = exports.object = exports.number = exports.nullable = exports["null"] = exports.never = exports.nativeEnum = exports.nan = exports.map = exports.literal = exports.lazy = exports.intersection = exports["instanceof"] = void 0;
|
||||
exports.NEVER = exports["void"] = exports.unknown = exports.union = exports.undefined = exports.tuple = exports.transformer = exports.string = exports.strictObject = exports.set = exports.record = exports.promise = exports.preprocess = exports.ostring = exports.optional = exports.onumber = exports.oboolean = exports.object = exports.number = exports.nullable = exports["null"] = exports.never = exports.nativeEnum = exports.nan = exports.map = exports.literal = exports.lazy = exports.intersection = exports["instanceof"] = void 0;
|
||||
const errors_1 = __nccwpck_require__(9566);
|
||||
const errorUtil_1 = __nccwpck_require__(2513);
|
||||
const parseUtil_1 = __nccwpck_require__(888);
|
||||
const util_1 = __nccwpck_require__(3985);
|
||||
@@ -12112,7 +12306,7 @@ function processCreateParams(params) {
|
||||
return {};
|
||||
const { errorMap, invalid_type_error, required_error, description } = params;
|
||||
if (errorMap && (invalid_type_error || required_error)) {
|
||||
throw new Error(`Can't use "invalid" or "required" in conjunction with custom error map.`);
|
||||
throw new Error(`Can't use "invalid_type_error" or "required_error" in conjunction with custom error map.`);
|
||||
}
|
||||
if (errorMap)
|
||||
return { errorMap: errorMap, description };
|
||||
@@ -13248,9 +13442,12 @@ class ZodObject extends ZodType {
|
||||
const { status, ctx } = this._processInputParams(input);
|
||||
const { shape, keys: shapeKeys } = this._getCached();
|
||||
const extraKeys = [];
|
||||
for (const key in ctx.data) {
|
||||
if (!shapeKeys.includes(key)) {
|
||||
extraKeys.push(key);
|
||||
if (!(this._def.catchall instanceof ZodNever &&
|
||||
this._def.unknownKeys === "strip")) {
|
||||
for (const key in ctx.data) {
|
||||
if (!shapeKeys.includes(key)) {
|
||||
extraKeys.push(key);
|
||||
}
|
||||
}
|
||||
}
|
||||
const pairs = [];
|
||||
@@ -13824,6 +14021,9 @@ class ZodTuple extends ZodType {
|
||||
}
|
||||
exports.ZodTuple = ZodTuple;
|
||||
ZodTuple.create = (schemas, params) => {
|
||||
if (!Array.isArray(schemas)) {
|
||||
throw new Error("You must pass an array of schemas to z.tuple([ ... ])");
|
||||
}
|
||||
return new ZodTuple({
|
||||
items: schemas,
|
||||
typeName: ZodFirstPartyTypeKind.ZodTuple,
|
||||
@@ -14054,8 +14254,8 @@ class ZodFunction extends ZodType {
|
||||
errorMaps: [
|
||||
ctx.common.contextualErrorMap,
|
||||
ctx.schemaErrorMap,
|
||||
ZodError_1.getErrorMap(),
|
||||
ZodError_1.defaultErrorMap,
|
||||
errors_1.getErrorMap(),
|
||||
errors_1.defaultErrorMap,
|
||||
].filter((x) => !!x),
|
||||
issueData: {
|
||||
code: ZodError_1.ZodIssueCode.invalid_arguments,
|
||||
@@ -14070,8 +14270,8 @@ class ZodFunction extends ZodType {
|
||||
errorMaps: [
|
||||
ctx.common.contextualErrorMap,
|
||||
ctx.schemaErrorMap,
|
||||
ZodError_1.getErrorMap(),
|
||||
ZodError_1.defaultErrorMap,
|
||||
errors_1.getErrorMap(),
|
||||
errors_1.defaultErrorMap,
|
||||
].filter((x) => !!x),
|
||||
issueData: {
|
||||
code: ZodError_1.ZodIssueCode.invalid_return_type,
|
||||
@@ -14141,18 +14341,18 @@ class ZodFunction extends ZodType {
|
||||
const validatedFunc = this.parse(func);
|
||||
return validatedFunc;
|
||||
}
|
||||
static create(args, returns, params) {
|
||||
return new ZodFunction({
|
||||
args: (args
|
||||
? args
|
||||
: ZodTuple.create([]).rest(ZodUnknown.create())),
|
||||
returns: returns || ZodUnknown.create(),
|
||||
typeName: ZodFirstPartyTypeKind.ZodFunction,
|
||||
...processCreateParams(params),
|
||||
});
|
||||
}
|
||||
}
|
||||
exports.ZodFunction = ZodFunction;
|
||||
ZodFunction.create = (args, returns, params) => {
|
||||
return new ZodFunction({
|
||||
args: (args
|
||||
? args.rest(ZodUnknown.create())
|
||||
: ZodTuple.create([]).rest(ZodUnknown.create())),
|
||||
returns: returns || ZodUnknown.create(),
|
||||
typeName: ZodFirstPartyTypeKind.ZodFunction,
|
||||
...processCreateParams(params),
|
||||
});
|
||||
};
|
||||
class ZodLazy extends ZodType {
|
||||
get schema() {
|
||||
return this._def.getter();
|
||||
@@ -14610,6 +14810,12 @@ var ZodFirstPartyTypeKind;
|
||||
ZodFirstPartyTypeKind["ZodPromise"] = "ZodPromise";
|
||||
ZodFirstPartyTypeKind["ZodBranded"] = "ZodBranded";
|
||||
})(ZodFirstPartyTypeKind = exports.ZodFirstPartyTypeKind || (exports.ZodFirstPartyTypeKind = {}));
|
||||
// new approach that works for abstract classes
|
||||
// but required TS 4.4+
|
||||
// abstract class Class {
|
||||
// constructor(..._: any[]) {}
|
||||
// }
|
||||
// const instanceOfType = <T extends typeof Class>(
|
||||
const instanceOfType = (cls, params = {
|
||||
message: `Input not instance of ${cls.name}`,
|
||||
}) => exports.custom((data) => data instanceof cls, params, true);
|
||||
@@ -14685,6 +14891,7 @@ const onumber = () => numberType().optional();
|
||||
exports.onumber = onumber;
|
||||
const oboolean = () => booleanType().optional();
|
||||
exports.oboolean = oboolean;
|
||||
exports.NEVER = parseUtil_1.INVALID;
|
||||
|
||||
|
||||
/***/ }),
|
||||
@@ -14726,11 +14933,23 @@ function getOptionalInput(name) {
|
||||
const value = core.getInput(name);
|
||||
return value.length > 0 ? value : undefined;
|
||||
}
|
||||
function parseList(list) {
|
||||
if (list === undefined) {
|
||||
return list;
|
||||
}
|
||||
else {
|
||||
return list.split(',').map(x => x.trim());
|
||||
}
|
||||
}
|
||||
function readConfig() {
|
||||
const fail_on_severity = z
|
||||
.enum(schemas_1.SEVERITIES)
|
||||
.default('low')
|
||||
.parse(getOptionalInput('fail-on-severity'));
|
||||
const fail_on_scopes = z
|
||||
.array(z.enum(schemas_1.SCOPES))
|
||||
.default(['runtime'])
|
||||
.parse(parseList(getOptionalInput('fail-on-scopes')));
|
||||
const allow_licenses = getOptionalInput('allow-licenses');
|
||||
const deny_licenses = getOptionalInput('deny-licenses');
|
||||
if (allow_licenses !== undefined && deny_licenses !== undefined) {
|
||||
@@ -14740,8 +14959,9 @@ function readConfig() {
|
||||
const head_ref = getOptionalInput('head-ref');
|
||||
return {
|
||||
fail_on_severity,
|
||||
allow_licenses: allow_licenses === null || allow_licenses === void 0 ? void 0 : allow_licenses.split(',').map(x => x.trim()),
|
||||
deny_licenses: deny_licenses === null || deny_licenses === void 0 ? void 0 : deny_licenses.split(',').map(x => x.trim()),
|
||||
fail_on_scopes,
|
||||
allow_licenses: parseList(allow_licenses),
|
||||
deny_licenses: parseList(deny_licenses),
|
||||
base_ref,
|
||||
head_ref
|
||||
};
|
||||
@@ -14757,7 +14977,7 @@ exports.readConfig = readConfig;
|
||||
"use strict";
|
||||
|
||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||
exports.filterChangesBySeverity = void 0;
|
||||
exports.filterChangesByScopes = exports.filterChangesBySeverity = void 0;
|
||||
const schemas_1 = __nccwpck_require__(1129);
|
||||
function filterChangesBySeverity(severity, changes) {
|
||||
const severityIdx = schemas_1.SEVERITIES.indexOf(severity);
|
||||
@@ -14781,6 +15001,15 @@ function filterChangesBySeverity(severity, changes) {
|
||||
return filteredChanges;
|
||||
}
|
||||
exports.filterChangesBySeverity = filterChangesBySeverity;
|
||||
function filterChangesByScopes(scopes, changes) {
|
||||
const filteredChanges = changes.filter(change => {
|
||||
// if there is no scope on the change (Enterprise Server API for now), we will assume it is a runtime scope
|
||||
const scope = change.scope || 'runtime';
|
||||
return scopes.includes(scope);
|
||||
});
|
||||
return filteredChanges;
|
||||
}
|
||||
exports.filterChangesByScopes = filterChangesByScopes;
|
||||
|
||||
|
||||
/***/ }),
|
||||
@@ -14814,9 +15043,10 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
||||
return result;
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", ({ value: true }));
|
||||
exports.ChangesSchema = exports.ConfigurationOptionsSchema = exports.PullRequestSchema = exports.ChangeSchema = exports.SEVERITIES = void 0;
|
||||
exports.ChangesSchema = exports.ConfigurationOptionsSchema = exports.PullRequestSchema = exports.ChangeSchema = exports.SCOPES = exports.SEVERITIES = void 0;
|
||||
const z = __importStar(__nccwpck_require__(3301));
|
||||
exports.SEVERITIES = ['critical', 'high', 'moderate', 'low'];
|
||||
exports.SCOPES = ['unknown', 'runtime', 'development'];
|
||||
exports.ChangeSchema = z.object({
|
||||
change_type: z.enum(['added', 'removed']),
|
||||
manifest: z.string(),
|
||||
@@ -14826,9 +15056,10 @@ exports.ChangeSchema = z.object({
|
||||
package_url: z.string(),
|
||||
license: z.string().nullable(),
|
||||
source_repository_url: z.string().nullable(),
|
||||
scope: z.enum(exports.SCOPES).optional(),
|
||||
vulnerabilities: z
|
||||
.array(z.object({
|
||||
severity: z.enum(['critical', 'high', 'moderate', 'low']),
|
||||
severity: z.enum(exports.SEVERITIES),
|
||||
advisory_ghsa_id: z.string(),
|
||||
advisory_summary: z.string(),
|
||||
advisory_url: z.string()
|
||||
@@ -14844,6 +15075,7 @@ exports.PullRequestSchema = z.object({
|
||||
exports.ConfigurationOptionsSchema = z
|
||||
.object({
|
||||
fail_on_severity: z.enum(exports.SEVERITIES).default('low'),
|
||||
fail_on_scopes: z.array(z.enum(exports.SCOPES)).default(['runtime']),
|
||||
allow_licenses: z.array(z.string()).default([]),
|
||||
deny_licenses: z.array(z.string()).default([]),
|
||||
base_ref: z.string(),
|
||||
@@ -15013,7 +15245,7 @@ function assembleStyles() {
|
||||
overline: [53, 55],
|
||||
inverse: [7, 27],
|
||||
hidden: [8, 28],
|
||||
strikethrough: [9, 29]
|
||||
strikethrough: [9, 29],
|
||||
},
|
||||
color: {
|
||||
black: [30, 39],
|
||||
@@ -15033,7 +15265,7 @@ function assembleStyles() {
|
||||
blueBright: [94, 39],
|
||||
magentaBright: [95, 39],
|
||||
cyanBright: [96, 39],
|
||||
whiteBright: [97, 39]
|
||||
whiteBright: [97, 39],
|
||||
},
|
||||
bgColor: {
|
||||
bgBlack: [40, 49],
|
||||
@@ -15053,8 +15285,8 @@ function assembleStyles() {
|
||||
bgBlueBright: [104, 49],
|
||||
bgMagentaBright: [105, 49],
|
||||
bgCyanBright: [106, 49],
|
||||
bgWhiteBright: [107, 49]
|
||||
}
|
||||
bgWhiteBright: [107, 49],
|
||||
},
|
||||
};
|
||||
|
||||
// Alias bright black as gray (and grey)
|
||||
@@ -15067,7 +15299,7 @@ function assembleStyles() {
|
||||
for (const [styleName, style] of Object.entries(group)) {
|
||||
styles[styleName] = {
|
||||
open: `\u001B[${style[0]}m`,
|
||||
close: `\u001B[${style[1]}m`
|
||||
close: `\u001B[${style[1]}m`,
|
||||
};
|
||||
|
||||
group[styleName] = styles[styleName];
|
||||
@@ -15077,13 +15309,13 @@ function assembleStyles() {
|
||||
|
||||
Object.defineProperty(styles, groupName, {
|
||||
value: group,
|
||||
enumerable: false
|
||||
enumerable: false,
|
||||
});
|
||||
}
|
||||
|
||||
Object.defineProperty(styles, 'codes', {
|
||||
value: codes,
|
||||
enumerable: false
|
||||
enumerable: false,
|
||||
});
|
||||
|
||||
styles.color.close = '\u001B[39m';
|
||||
@@ -15114,39 +15346,41 @@ function assembleStyles() {
|
||||
return Math.round(((red - 8) / 247) * 24) + 232;
|
||||
}
|
||||
|
||||
return 16 +
|
||||
(36 * Math.round(red / 255 * 5)) +
|
||||
(6 * Math.round(green / 255 * 5)) +
|
||||
Math.round(blue / 255 * 5);
|
||||
return 16
|
||||
+ (36 * Math.round(red / 255 * 5))
|
||||
+ (6 * Math.round(green / 255 * 5))
|
||||
+ Math.round(blue / 255 * 5);
|
||||
},
|
||||
enumerable: false
|
||||
enumerable: false,
|
||||
},
|
||||
hexToRgb: {
|
||||
value: hex => {
|
||||
const matches = /(?<colorString>[a-f\d]{6}|[a-f\d]{3})/i.exec(hex.toString(16));
|
||||
const matches = /[a-f\d]{6}|[a-f\d]{3}/i.exec(hex.toString(16));
|
||||
if (!matches) {
|
||||
return [0, 0, 0];
|
||||
}
|
||||
|
||||
let {colorString} = matches.groups;
|
||||
let [colorString] = matches;
|
||||
|
||||
if (colorString.length === 3) {
|
||||
colorString = colorString.split('').map(character => character + character).join('');
|
||||
colorString = [...colorString].map(character => character + character).join('');
|
||||
}
|
||||
|
||||
const integer = Number.parseInt(colorString, 16);
|
||||
|
||||
return [
|
||||
/* eslint-disable no-bitwise */
|
||||
(integer >> 16) & 0xFF,
|
||||
(integer >> 8) & 0xFF,
|
||||
integer & 0xFF
|
||||
integer & 0xFF,
|
||||
/* eslint-enable no-bitwise */
|
||||
];
|
||||
},
|
||||
enumerable: false
|
||||
enumerable: false,
|
||||
},
|
||||
hexToAnsi256: {
|
||||
value: hex => styles.rgbToAnsi256(...styles.hexToRgb(hex)),
|
||||
enumerable: false
|
||||
enumerable: false,
|
||||
},
|
||||
ansi256ToAnsi: {
|
||||
value: code => {
|
||||
@@ -15182,6 +15416,7 @@ function assembleStyles() {
|
||||
return 30;
|
||||
}
|
||||
|
||||
// eslint-disable-next-line no-bitwise
|
||||
let result = 30 + ((Math.round(blue) << 2) | (Math.round(green) << 1) | Math.round(red));
|
||||
|
||||
if (value === 2) {
|
||||
@@ -15190,16 +15425,16 @@ function assembleStyles() {
|
||||
|
||||
return result;
|
||||
},
|
||||
enumerable: false
|
||||
enumerable: false,
|
||||
},
|
||||
rgbToAnsi: {
|
||||
value: (red, green, blue) => styles.ansi256ToAnsi(styles.rgbToAnsi256(red, green, blue)),
|
||||
enumerable: false
|
||||
enumerable: false,
|
||||
},
|
||||
hexToAnsi: {
|
||||
value: hex => styles.ansi256ToAnsi(styles.hexToAnsi256(hex)),
|
||||
enumerable: false
|
||||
}
|
||||
enumerable: false,
|
||||
},
|
||||
});
|
||||
|
||||
return styles;
|
||||
|
||||
+1
-1
File diff suppressed because one or more lines are too long
Generated
+278
-430
File diff suppressed because it is too large
Load Diff
+12
-12
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "dependency-review-action",
|
||||
"version": "2.0.4",
|
||||
"version": "2.2.0",
|
||||
"private": true,
|
||||
"description": "A GitHub Action for Dependency Review",
|
||||
"main": "lib/main.js",
|
||||
@@ -29,26 +29,26 @@
|
||||
"@actions/github": "^5.0.3",
|
||||
"@octokit/plugin-retry": "^3.0.9",
|
||||
"@octokit/request-error": "^3.0.1",
|
||||
"ansi-styles": "^6.1.0",
|
||||
"got": "^12.3.1",
|
||||
"nodemon": "^2.0.19",
|
||||
"ansi-styles": "^6.1.1",
|
||||
"got": "^12.5.0",
|
||||
"nodemon": "^2.0.20",
|
||||
"yaml": "^2.1.1",
|
||||
"zod": "^3.18.0"
|
||||
"zod": "^3.19.1"
|
||||
},
|
||||
"devDependencies": {
|
||||
"@types/node": "^16.11.49",
|
||||
"@typescript-eslint/eslint-plugin": "^5.33.1",
|
||||
"@typescript-eslint/parser": "^5.33.1",
|
||||
"@types/node": "^16.11.59",
|
||||
"@typescript-eslint/eslint-plugin": "^5.38.0",
|
||||
"@typescript-eslint/parser": "^5.38.0",
|
||||
"@vercel/ncc": "^0.34.0",
|
||||
"esbuild-register": "^3.3.3",
|
||||
"eslint": "^8.22.0",
|
||||
"eslint": "^8.23.1",
|
||||
"eslint-plugin-github": "^4.3.7",
|
||||
"eslint-plugin-jest": "^26.8.3",
|
||||
"eslint-plugin-jest": "^27.0.4",
|
||||
"jest": "^27.5.1",
|
||||
"js-yaml": "^4.1.0",
|
||||
"nodemon": "^2.0.19",
|
||||
"nodemon": "^2.0.20",
|
||||
"prettier": "2.7.1",
|
||||
"ts-jest": "^27.1.4",
|
||||
"typescript": "^4.7.4"
|
||||
"typescript": "^4.8.3"
|
||||
}
|
||||
}
|
||||
|
||||
+15
-7
@@ -32,17 +32,25 @@ event_file = Tempfile.new
|
||||
event_file.write("{ \"pull_request\": #{pr.to_h.to_json}}")
|
||||
event_file.close
|
||||
|
||||
dev_cmd_env = {
|
||||
"INPUT_REPO-TOKEN" => github_token,
|
||||
"GITHUB_REPOSITORY" => repo_nwo,
|
||||
"GITHUB_EVENT_NAME" => "pull_request",
|
||||
"GITHUB_EVENT_PATH" => event_file.path
|
||||
action_inputs = {
|
||||
"repo-token" => github_token
|
||||
}
|
||||
|
||||
dev_cmd = "./node_modules/.bin/nodemon --exec \"node -r esbuild-register\" src/main.ts"
|
||||
dev_cmd_env = {
|
||||
"GITHUB_REPOSITORY" => repo_nwo,
|
||||
"GITHUB_EVENT_NAME" => "pull_request",
|
||||
"GITHUB_EVENT_PATH" => event_file.path,
|
||||
"GITHUB_STEP_SUMMARY" => "/dev/null"
|
||||
}
|
||||
|
||||
# bash does not like variable names with dashes like the ones Actions
|
||||
# uses (e.g. INPUT_REPO-TOKEN). Passing them through `env` instead of
|
||||
# manually setting them does the job.
|
||||
action_inputs_env_str = action_inputs.map { |name, value| "\"INPUT_#{name.upcase}=#{value}\"" }.join(" ")
|
||||
dev_cmd = "./node_modules/.bin/nodemon --exec \"env #{action_inputs_env_str} node -r esbuild-register\" src/main.ts"
|
||||
|
||||
Open3.popen2e(dev_cmd_env, dev_cmd) do |stdin, out|
|
||||
while line = out.gets
|
||||
puts line
|
||||
puts line.gsub(github_token, "<REDACTED>")
|
||||
end
|
||||
end
|
||||
|
||||
+16
-3
@@ -1,17 +1,29 @@
|
||||
import * as core from '@actions/core'
|
||||
import * as z from 'zod'
|
||||
import {ConfigurationOptions, SEVERITIES} from './schemas'
|
||||
import {ConfigurationOptions, SEVERITIES, SCOPES} from './schemas'
|
||||
|
||||
function getOptionalInput(name: string): string | undefined {
|
||||
const value = core.getInput(name)
|
||||
return value.length > 0 ? value : undefined
|
||||
}
|
||||
|
||||
function parseList(list: string | undefined): string[] | undefined {
|
||||
if (list === undefined) {
|
||||
return list
|
||||
} else {
|
||||
return list.split(',').map(x => x.trim())
|
||||
}
|
||||
}
|
||||
|
||||
export function readConfig(): ConfigurationOptions {
|
||||
const fail_on_severity = z
|
||||
.enum(SEVERITIES)
|
||||
.default('low')
|
||||
.parse(getOptionalInput('fail-on-severity'))
|
||||
const fail_on_scopes = z
|
||||
.array(z.enum(SCOPES))
|
||||
.default(['runtime'])
|
||||
.parse(parseList(getOptionalInput('fail-on-scopes')))
|
||||
const allow_licenses = getOptionalInput('allow-licenses')
|
||||
const deny_licenses = getOptionalInput('deny-licenses')
|
||||
|
||||
@@ -24,8 +36,9 @@ export function readConfig(): ConfigurationOptions {
|
||||
|
||||
return {
|
||||
fail_on_severity,
|
||||
allow_licenses: allow_licenses?.split(',').map(x => x.trim()),
|
||||
deny_licenses: deny_licenses?.split(',').map(x => x.trim()),
|
||||
fail_on_scopes,
|
||||
allow_licenses: parseList(allow_licenses),
|
||||
deny_licenses: parseList(deny_licenses),
|
||||
base_ref,
|
||||
head_ref
|
||||
}
|
||||
|
||||
+14
-1
@@ -1,4 +1,4 @@
|
||||
import {Changes, Severity, SEVERITIES} from './schemas'
|
||||
import {Changes, Severity, SEVERITIES, Scope} from './schemas'
|
||||
|
||||
export function filterChangesBySeverity(
|
||||
severity: Severity,
|
||||
@@ -33,3 +33,16 @@ export function filterChangesBySeverity(
|
||||
)
|
||||
return filteredChanges
|
||||
}
|
||||
|
||||
export function filterChangesByScopes(
|
||||
scopes: Scope[],
|
||||
changes: Changes
|
||||
): Changes {
|
||||
const filteredChanges = changes.filter(change => {
|
||||
// if there is no scope on the change (Enterprise Server API for now), we will assume it is a runtime scope
|
||||
const scope = change.scope || 'runtime'
|
||||
return scopes.includes(scope)
|
||||
})
|
||||
|
||||
return filteredChanges
|
||||
}
|
||||
|
||||
+28
-14
@@ -3,10 +3,11 @@ import * as dependencyGraph from './dependency-graph'
|
||||
import * as github from '@actions/github'
|
||||
import styles from 'ansi-styles'
|
||||
import {RequestError} from '@octokit/request-error'
|
||||
import {Change, Severity} from './schemas'
|
||||
import {Change, Severity, Scope} from './schemas'
|
||||
import {readConfig} from '../src/config'
|
||||
import {filterChangesBySeverity} from '../src/filter'
|
||||
import {filterChangesBySeverity, filterChangesByScopes} from '../src/filter'
|
||||
import {getDeniedLicenseChanges} from './licenses'
|
||||
import * as summary from './summary'
|
||||
import {getRefs} from './git-refs'
|
||||
|
||||
async function run(): Promise<void> {
|
||||
@@ -29,27 +30,36 @@ async function run(): Promise<void> {
|
||||
deny: config.deny_licenses
|
||||
}
|
||||
|
||||
const filteredChanges = filterChangesBySeverity(
|
||||
minSeverity as Severity,
|
||||
changes
|
||||
)
|
||||
const scopes = config.fail_on_scopes
|
||||
|
||||
for (const change of filteredChanges) {
|
||||
if (
|
||||
const scopedChanges = filterChangesByScopes(scopes as Scope[], changes)
|
||||
|
||||
const addedChanges = filterChangesBySeverity(
|
||||
minSeverity as Severity,
|
||||
scopedChanges
|
||||
).filter(
|
||||
change =>
|
||||
change.change_type === 'added' &&
|
||||
change.vulnerabilities !== undefined &&
|
||||
change.vulnerabilities.length > 0
|
||||
) {
|
||||
printChangeVulnerabilities(change)
|
||||
failed = true
|
||||
}
|
||||
}
|
||||
)
|
||||
|
||||
const [licenseErrors, unknownLicenses] = getDeniedLicenseChanges(
|
||||
changes,
|
||||
scopedChanges,
|
||||
licenses
|
||||
)
|
||||
|
||||
summary.addSummaryToSummary(addedChanges, licenseErrors, unknownLicenses)
|
||||
|
||||
if (addedChanges.length > 0) {
|
||||
for (const change of addedChanges) {
|
||||
printChangeVulnerabilities(change)
|
||||
}
|
||||
failed = true
|
||||
}
|
||||
|
||||
summary.addChangeVulnerabilitiesToSummary(addedChanges, minSeverity || '')
|
||||
|
||||
if (licenseErrors.length > 0) {
|
||||
printLicensesError(licenseErrors)
|
||||
core.setFailed('Dependency review detected incompatible licenses.')
|
||||
@@ -57,6 +67,8 @@ async function run(): Promise<void> {
|
||||
|
||||
printNullLicenses(unknownLicenses)
|
||||
|
||||
summary.addLicensesToSummary(licenseErrors, unknownLicenses, config)
|
||||
|
||||
if (failed) {
|
||||
core.setFailed('Dependency review detected vulnerable packages.')
|
||||
} else {
|
||||
@@ -80,6 +92,8 @@ async function run(): Promise<void> {
|
||||
core.setFailed('Unexpected fatal error')
|
||||
}
|
||||
}
|
||||
} finally {
|
||||
await core.summary.write()
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
+5
-1
@@ -1,6 +1,7 @@
|
||||
import * as z from 'zod'
|
||||
|
||||
export const SEVERITIES = ['critical', 'high', 'moderate', 'low'] as const
|
||||
export const SCOPES = ['unknown', 'runtime', 'development'] as const
|
||||
|
||||
export const ChangeSchema = z.object({
|
||||
change_type: z.enum(['added', 'removed']),
|
||||
@@ -11,10 +12,11 @@ export const ChangeSchema = z.object({
|
||||
package_url: z.string(),
|
||||
license: z.string().nullable(),
|
||||
source_repository_url: z.string().nullable(),
|
||||
scope: z.enum(SCOPES).optional(),
|
||||
vulnerabilities: z
|
||||
.array(
|
||||
z.object({
|
||||
severity: z.enum(['critical', 'high', 'moderate', 'low']),
|
||||
severity: z.enum(SEVERITIES),
|
||||
advisory_ghsa_id: z.string(),
|
||||
advisory_summary: z.string(),
|
||||
advisory_url: z.string()
|
||||
@@ -33,6 +35,7 @@ export const PullRequestSchema = z.object({
|
||||
export const ConfigurationOptionsSchema = z
|
||||
.object({
|
||||
fail_on_severity: z.enum(SEVERITIES).default('low'),
|
||||
fail_on_scopes: z.array(z.enum(SCOPES)).default(['runtime']),
|
||||
allow_licenses: z.array(z.string()).default([]),
|
||||
deny_licenses: z.array(z.string()).default([]),
|
||||
base_ref: z.string(),
|
||||
@@ -50,3 +53,4 @@ export type Change = z.infer<typeof ChangeSchema>
|
||||
export type Changes = z.infer<typeof ChangesSchema>
|
||||
export type ConfigurationOptions = z.infer<typeof ConfigurationOptionsSchema>
|
||||
export type Severity = typeof SEVERITIES[number]
|
||||
export type Scope = typeof SCOPES[number]
|
||||
|
||||
+163
@@ -0,0 +1,163 @@
|
||||
import * as core from '@actions/core'
|
||||
import {ConfigurationOptions, Change, Changes} from './schemas'
|
||||
import {SummaryTableRow} from '@actions/core/lib/summary'
|
||||
|
||||
export function addSummaryToSummary(
|
||||
addedPackages: Changes,
|
||||
licenseErrors: Change[],
|
||||
unknownLicenses: Change[]
|
||||
): void {
|
||||
core.summary
|
||||
.addHeading('Dependency Review')
|
||||
.addRaw(
|
||||
`We found ${addedPackages.length} vulnerable package(s), ${licenseErrors.length} package(s) with incompatible licenses, and ${unknownLicenses.length} package(s) with unknown licenses.`
|
||||
)
|
||||
}
|
||||
|
||||
export function addChangeVulnerabilitiesToSummary(
|
||||
addedPackages: Changes,
|
||||
severity: string
|
||||
): void {
|
||||
const rows: SummaryTableRow[] = []
|
||||
|
||||
const manifests = getManifests(addedPackages)
|
||||
|
||||
core.summary
|
||||
.addHeading('Vulnerabilities')
|
||||
.addQuote(
|
||||
`Vulnerabilites were filtered by mininum severity <strong>${severity}</strong>.`
|
||||
)
|
||||
|
||||
if (addedPackages.length === 0) {
|
||||
core.summary.addQuote('No vulnerabilities found in added packages.')
|
||||
return
|
||||
}
|
||||
|
||||
for (const manifest of manifests) {
|
||||
for (const change of addedPackages.filter(
|
||||
pkg => pkg.manifest === manifest
|
||||
)) {
|
||||
let previous_package = ''
|
||||
let previous_version = ''
|
||||
for (const vuln of change.vulnerabilities) {
|
||||
const sameAsPrevious =
|
||||
previous_package === change.name &&
|
||||
previous_version === change.version
|
||||
|
||||
if (!sameAsPrevious) {
|
||||
rows.push([
|
||||
renderUrl(change.source_repository_url, change.name),
|
||||
change.version,
|
||||
renderUrl(vuln.advisory_url, vuln.advisory_summary),
|
||||
vuln.severity
|
||||
])
|
||||
} else {
|
||||
rows.push([
|
||||
{data: '', colspan: '2'},
|
||||
renderUrl(vuln.advisory_url, vuln.advisory_summary),
|
||||
vuln.severity
|
||||
])
|
||||
}
|
||||
previous_package = change.name
|
||||
previous_version = change.version
|
||||
}
|
||||
}
|
||||
core.summary.addHeading(`<em>${manifest}</em>`, 3).addTable([
|
||||
[
|
||||
{data: 'Name', header: true},
|
||||
{data: 'Version', header: true},
|
||||
{data: 'Vulnerability', header: true},
|
||||
{data: 'Severity', header: true}
|
||||
],
|
||||
...rows
|
||||
])
|
||||
}
|
||||
}
|
||||
|
||||
export function addLicensesToSummary(
|
||||
licenseErrors: Change[],
|
||||
unknownLicenses: Change[],
|
||||
config: ConfigurationOptions
|
||||
): void {
|
||||
core.summary.addHeading('Licenses')
|
||||
|
||||
if (config.allow_licenses && config.allow_licenses.length > 0) {
|
||||
core.summary.addQuote(
|
||||
`<strong>Allowed Licenses</strong>: ${config.allow_licenses.join(', ')}`
|
||||
)
|
||||
}
|
||||
if (config.deny_licenses && config.deny_licenses.length > 0) {
|
||||
core.summary.addQuote(
|
||||
`<strong>Denied Licenses</strong>: ${config.deny_licenses.join(', ')}`
|
||||
)
|
||||
}
|
||||
|
||||
if (licenseErrors.length === 0 && unknownLicenses.length === 0) {
|
||||
core.summary.addQuote('No license violations detected.')
|
||||
return
|
||||
}
|
||||
|
||||
if (licenseErrors.length > 0) {
|
||||
const rows: SummaryTableRow[] = []
|
||||
const manifests = getManifests(licenseErrors)
|
||||
|
||||
core.summary.addHeading('Incompatible Licenses', 3).addSeparator()
|
||||
|
||||
for (const manifest of manifests) {
|
||||
core.summary.addHeading(`<em>${manifest}</em>`, 4)
|
||||
|
||||
for (const change of licenseErrors.filter(
|
||||
pkg => pkg.manifest === manifest
|
||||
)) {
|
||||
rows.push([
|
||||
renderUrl(change.source_repository_url, change.name),
|
||||
change.version,
|
||||
change.license || ''
|
||||
])
|
||||
}
|
||||
core.summary.addTable([['Package', 'Version', 'License'], ...rows])
|
||||
}
|
||||
} else {
|
||||
core.summary.addQuote('No license violations detected.')
|
||||
}
|
||||
|
||||
core.debug(`found ${unknownLicenses.length} unknown licenses`)
|
||||
|
||||
if (unknownLicenses.length > 0) {
|
||||
const rows: SummaryTableRow[] = []
|
||||
const manifests = getManifests(unknownLicenses)
|
||||
|
||||
core.debug(
|
||||
`found ${manifests.entries.length} manifests for unknown licenses`
|
||||
)
|
||||
|
||||
core.summary.addHeading('Unknown Licenses', 3).addSeparator()
|
||||
|
||||
for (const manifest of manifests) {
|
||||
core.summary.addHeading(`<em>${manifest}</em>`, 4)
|
||||
|
||||
for (const change of unknownLicenses.filter(
|
||||
pkg => pkg.manifest === manifest
|
||||
)) {
|
||||
rows.push([
|
||||
renderUrl(change.source_repository_url, change.name),
|
||||
change.version
|
||||
])
|
||||
}
|
||||
|
||||
core.summary.addTable([['Package', 'Version'], ...rows])
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function getManifests(changes: Changes): Set<string> {
|
||||
return new Set(changes.flatMap(c => c.manifest))
|
||||
}
|
||||
|
||||
function renderUrl(url: string | null, text: string): string {
|
||||
if (url) {
|
||||
return `<a href="${url}">${text}</a>`
|
||||
} else {
|
||||
return text
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user