From 3f84b2848875019d08e5426bf57c3c9b2d6038b1 Mon Sep 17 00:00:00 2001 From: Andrea Brancaleoni Date: Thu, 29 Aug 2024 16:02:29 +0200 Subject: [PATCH] dependabotNudge: add elected maintainers --- actions/dependabot-nudge/action.cjs | 2 +- src/dependabotNudge.js | 45 +++++++++++++++++------------ 2 files changed, 28 insertions(+), 19 deletions(-) diff --git a/actions/dependabot-nudge/action.cjs b/actions/dependabot-nudge/action.cjs index 979180c9..786a980d 100644 --- a/actions/dependabot-nudge/action.cjs +++ b/actions/dependabot-nudge/action.cjs @@ -17,7 +17,7 @@ module.exports = async ({ github, context, inputs, actionPath, core, debug = fal minlevel = 'high' } - const messages = await dependabotNudge({ debug, org: context.repo.owner, github, minlevel, githubToSlack }) + const messages = await dependabotNudge({ debug, org: context.repo.owner, github, minlevel, githubToSlack, actionPath }) for (const message of messages) { try { diff --git a/src/dependabotNudge.js b/src/dependabotNudge.js index cb368b09..bd947e7b 100644 --- a/src/dependabotNudge.js +++ b/src/dependabotNudge.js @@ -33,8 +33,12 @@ export default async function dependabotNudge ({ skipHotwords = ['dos', 'denial of service', 'redos', 'denial-of-service', 'memory explosion', 'inefficient regular expression', 'regular expression complexity'], defaultContact = ['yan'], githubToSlack = {}, - singleOutputMessage = false + singleOutputMessage = false, + actionPath }) { + const { default: getConfig } = await import(`${actionPath}/src/getConfig.js`) + const { default: getProperties } = await import(`${actionPath}/src/getProperties.js`) + if (!github && githubToken) { const { Octokit } = await import('octokit') @@ -76,26 +80,26 @@ export default async function dependabotNudge ({ type: 'all' })).filter(r => r.archived === false).filter(r => r.disabled === false) - const properties = await github.paginate('GET /orgs/{org}/properties/values', { - org, - headers: { - 'X-GitHub-Api-Version': '2022-11-28' - } - }) - - // hash out of properties array - const props = {} - for (const prop of properties) { - props[prop.repository_name] = prop.properties.reduce((obj, item) => { - obj[item.property_name] = item.value - return obj - }, {}) - } - // get dependabot alerts for each repository for (const repo of repos) { if (debug) { console.log(`scanning repo ${repo.name} in org ${org}`) } + const config = await getConfig({ owner: org, repo: repo.name, path: '.github/security-action.json', debug, github }) + const props = await getProperties({ owner: org, repo: repo.name, debug, github, prefix: 'security_action_' }) + + const options = Object.assign({ + elected_maintainers: '' + }, config, props) + + // elected maintainer is a string of comma separated github usernames map. + // E.g "original_maintainer_1:elected_maintaner_1,original_maintainer_2:elected_maintaner_2" + // split it and convert to object + options.elected_maintainers = options.elected_maintainers.split(/\s*,\s*/).reduce((obj, item) => { + const [original, elected] = item.split(/\s*:\s*/) + obj[original] = elected + return obj + }, {}) + if (skipRepositories.includes(repo.name)) { continue } @@ -115,7 +119,12 @@ export default async function dependabotNudge ({ // get property values for this repository const prop = props[repo.name] || { properties: {} } - const maintainers = (prop.maintainers || '').toLowerCase().split(',').filter(Boolean).map(m => githubToSlack[m] ? githubToSlack[m] : `@${m}`) || [] + let maintainers = (prop.maintainers || '').toLowerCase().split(',').filter(Boolean) + .map(m => options.elected_maintainers[m] || m) + .map(m => githubToSlack[m] ? githubToSlack[m] : `@${m}`) || [] + + // remove duplicates + maintainers = Array.from(new Set(maintainers)) if (alerts.length > 0) { if (debug) { console.log(`alerts len: ${alerts.length}`) }