Merge pull request #224 from kachick/fix-get-info-for-library

Fix parser for libraries
dependabot · Jan 24, 2023 · 2b4e168 · 2b4e168
2 parents 6b3627f + 0a3f183
commit 2b4e168
Show file tree

Hide file tree

Showing 3 changed files with 78 additions and 6 deletions.
diff --git a/dist/index.js b/dist/index.js
diff --git a/src/dependabot/update_metadata.ts b/src/dependabot/update_metadata.ts
@@ -28,6 +28,7 @@ export interface scoreLookup {
 
 export async function parse (commitMessage: string, branchName: string, mainBranch: string, lookup?: alertLookup, getScore?: scoreLookup): Promise<Array<updatedDependency>> {
   const bumpFragment = commitMessage.match(/^Bumps .* from (?<from>\d[^ ]*) to (?<to>\d[^ ]*)\.$/m)
+  const updateFragment = commitMessage.match(/^Update .* requirement from \S*? ?(?<from>\d[^ ]*) to \S*? ?(?<to>\d[^ ]*)$/m)
   const yamlFragment = commitMessage.match(/^-{3}\n(?<dependencies>[\S|\s]*?)\n^\.{3}\n/m)
   const lookupFn = lookup ?? (() => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 }))
   const scoreFn = getScore ?? (() => Promise.resolve(0))
@@ -38,8 +39,8 @@ export async function parse (commitMessage: string, branchName: string, mainBran
     // Since we are on the `dependabot` branch (9 letters), the 10th letter in the branch name is the delimiter
     const delim = branchName[10]
     const chunks = branchName.split(delim)
-    const prev = bumpFragment?.groups?.from ?? ''
-    const next = bumpFragment?.groups?.to ?? ''
+    const prev = bumpFragment?.groups?.from ?? (updateFragment?.groups?.from ?? '')
+    const next = bumpFragment?.groups?.to ?? (updateFragment?.groups?.to ?? '')
 
     if (data['updated-dependencies']) {
       return await Promise.all(data['updated-dependencies'].map(async (dependency, index) => {

diff --git a/src/main.test.ts b/src/main.test.ts
@@ -62,7 +62,7 @@ test('it does nothing if there is no metadata in the commit', async () => {
   /* eslint-enable no-unused-expressions */
 })
 
-test('it sets the updated dependency as an output for subsequent actions', async () => {
+test('it sets the updated dependency as an output for subsequent actions when given a commit message for application', async () => {
   const mockCommitMessage =
     'Bumps [coffee-rails](https://github.com/rails/coffee-rails) from 4.0.1 to 4.2.2.\n' +
     '- [Release notes](https://github.com/rails/coffee-rails/releases)\n' +
@@ -132,6 +132,76 @@ test('it sets the updated dependency as an output for subsequent actions', async
   expect(core.setOutput).toBeCalledWith('cvss', 0)
 })
 
+test('it sets the updated dependency as an output for subsequent actions when given a commit message for library', async () => {
+  const mockCommitMessage =
+    'Update rubocop requirement from ~> 1.30.1 to ~> 1.31.0\n' +
+    'Updates the requirements on [rubocop](https://github.com/rubocop/rubocop) to permit the latest version.\n' +
+    '- [Release notes](https://github.com/rubocop/rubocop/releases)\n' +
+    '- [Changelog](https://github.com/rubocop/rubocop/blob/master/CHANGELOG.md)\n' +
+    '- [Commits](rubocop/rubocop@v1.30.1...v1.31.0)\n' +
+    '\n' +
+    '---\n' +
+    'updated-dependencies:\n' +
+    '- dependency-name: rubocop\n' +
+    '  dependency-type: direct:development\n' +
+    '...\n' +
+    '\n' +
+    'Signed-off-by: dependabot[bot] <support@github.com>'
+  const mockAlert = { alertState: 'FIXED', ghsaId: 'GSHA', cvss: 3.4 }
+
+  jest.spyOn(core, 'getInput').mockImplementation(jest.fn((name) => { return name === 'github-token' ? 'mock-token' : '' }))
+  jest.spyOn(util, 'getBranchNames').mockReturnValue({ headName: 'dependabot|bundler|feature1', baseName: 'main' })
+  jest.spyOn(dependabotCommits, 'getMessage').mockImplementation(jest.fn(
+    () => Promise.resolve(mockCommitMessage)
+  ))
+  jest.spyOn(dependabotCommits, 'getAlert').mockImplementation(jest.fn(
+    () => Promise.resolve(mockAlert)
+  ))
+  jest.spyOn(dependabotCommits, 'getCompatibility').mockImplementation(jest.fn(
+    () => Promise.resolve(34)
+  ))
+  jest.spyOn(core, 'setOutput').mockImplementation(jest.fn())
+
+  await run()
+
+  expect(core.startGroup).toHaveBeenCalledWith(
+    expect.stringContaining('Outputting metadata for 1 updated dependency')
+  )
+
+  expect(core.setOutput).toHaveBeenCalledWith(
+    'updated-dependencies-json',
+    [
+      {
+        dependencyName: 'rubocop',
+        dependencyType: 'direct:development',
+        updateType: 'version-update:semver-minor',
+        directory: '/',
+        packageEcosystem: 'bundler',
+        targetBranch: 'main',
+        prevVersion: '1.30.1',
+        newVersion: '1.31.0',
+        compatScore: 0,
+        alertState: '',
+        ghsaId: '',
+        cvss: 0
+      }
+    ]
+  )
+
+  expect(core.setOutput).toBeCalledWith('dependency-names', 'rubocop')
+  expect(core.setOutput).toBeCalledWith('dependency-type', 'direct:development')
+  expect(core.setOutput).toBeCalledWith('update-type', 'version-update:semver-minor')
+  expect(core.setOutput).toBeCalledWith('directory', '/')
+  expect(core.setOutput).toBeCalledWith('package-ecosystem', 'bundler')
+  expect(core.setOutput).toBeCalledWith('target-branch', 'main')
+  expect(core.setOutput).toBeCalledWith('previous-version', '1.30.1')
+  expect(core.setOutput).toBeCalledWith('new-version', '1.31.0')
+  expect(core.setOutput).toBeCalledWith('compatibility-score', 0)
+  expect(core.setOutput).toBeCalledWith('alert-state', '')
+  expect(core.setOutput).toBeCalledWith('ghsa-id', '')
+  expect(core.setOutput).toBeCalledWith('cvss', 0)
+})
+
 test('if there are multiple dependencies, it summarizes them', async () => {
   const mockCommitMessage =
     'Bump coffee-rails from 4.0.1 to 4.2.2 in api/main\n' +