Action now removes all vulnerability labels on a PR if all vulnerabil…

…ities have been fixed
abraxxas · Apr 13, 2021 · 7e26f3e · 7e26f3e
1 parent a24abd1
commit 7e26f3e
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 9 deletions.
diff --git a/dist/index.js b/dist/index.js
@@ -1757,14 +1757,14 @@ function run() {
             audit.run(auditLevel, productionFlag, 'true');
             core.info(audit.stdout);
             core.setOutput('npm_audit', audit.stdout);
+            // get GitHub information
+            const ctx = JSON.parse(core.getInput('github_context'));
+            const token = core.getInput('github_token', { required: true });
+            const octokit = new rest_1.Octokit({
+                auth: token
+            });
             if (audit.foundVulnerability()) {
                 // vulnerabilities are found
-                // get GitHub information
-                const ctx = JSON.parse(core.getInput('github_context'));
-                const token = core.getInput('github_token', { required: true });
-                const octokit = new rest_1.Octokit({
-                    auth: token
-                });
                 if (ctx.event_name === 'pull_request') {
                     yield pr.createComment(token, github.context.repo.owner, github.context.repo.repo, ctx.event.number, audit.strippedStdout());
                     if (addPrLabels === 'true') {
@@ -1810,6 +1810,23 @@ function run() {
                     }
                 }
             }
+            else {
+                // remove all vulnerability labels once the PR is fixed
+                const labels = yield octokit.issues.listLabelsOnIssue({
+                    owner: github.context.repo.owner,
+                    repo: github.context.repo.repo,
+                    issue_number: ctx.event.number
+                });
+                const filteredLabelNames = labels.data
+                    .filter(label => !Object.values(audit_1.VULNERABILITIY_TYPE).includes(label.name))
+                    .map(label => label.name);
+                octokit.issues.setLabels({
+                    owner: github.context.repo.owner,
+                    repo: github.context.repo.repo,
+                    issue_number: ctx.event.number,
+                    labels: [...filteredLabelNames]
+                });
+            }
         }
         catch (error) {
             core.setFailed(error.message);

diff --git a/src/main.ts b/src/main.ts
@@ -54,16 +54,18 @@ export async function run(): Promise<void> {
     core.info(audit.stdout)
     core.setOutput('npm_audit', audit.stdout)
 
-    if (audit.foundVulnerability()) {
-      // vulnerabilities are found
-
       // get GitHub information
       const ctx = JSON.parse(core.getInput('github_context'))
       const token: string = core.getInput('github_token', {required: true})
       const octokit = new Octokit({
         auth: token
       })
 
+    if (audit.foundVulnerability()) {
+      // vulnerabilities are found
+
+
+
       if (ctx.event_name === 'pull_request') {
         await pr.createComment(
           token,
@@ -130,6 +132,24 @@ export async function run(): Promise<void> {
           core.setFailed('This repo has some vulnerabilities')
         }
       }
+    } else {
+      // remove all vulnerability labels once the PR is fixed
+      const labels = await octokit.issues.listLabelsOnIssue({
+        owner: github.context.repo.owner,
+        repo: github.context.repo.repo,
+        issue_number: ctx.event.number
+      })
+
+      const filteredLabelNames = labels.data
+        .filter(label => !Object.values(VULNERABILITIY_TYPE).includes(label.name as VULNERABILITIY_TYPE))
+        .map(label => label.name)
+
+      octokit.issues.setLabels({
+        owner: github.context.repo.owner,
+        repo: github.context.repo.repo,
+        issue_number: ctx.event.number,
+        labels: [...filteredLabelNames]
+      })
     }
   } catch (error) {
     core.setFailed(error.message)