Skip to content

Commit

Permalink
Merge branch 'main' into patch-1
Browse files Browse the repository at this point in the history
  • Loading branch information
brrygrdn authored Feb 28, 2022
2 parents 0caf82f + a30bbbb commit 26e18ca
Show file tree
Hide file tree
Showing 4 changed files with 17 additions and 52 deletions.
10 changes: 5 additions & 5 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ Extract information about the dependencies being updated by a Dependabot-generat

## Usage instructions

Create a workflow file that contains a step that uses: `dependabot/fetch-metadata@v1.1.1`, e.g.
Create a workflow file that contains a step that uses: `dependabot/fetch-metadata@v1.2.1`, e.g.

```yaml
-- .github/workflows/dependabot-prs.yml
Expand All @@ -22,7 +22,7 @@ jobs:
steps:
- name: Fetch Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1.1.1
uses: dependabot/fetch-metadata@v1.2.1
with:
alert-lookup: true
```
Expand Down Expand Up @@ -87,7 +87,7 @@ jobs:
steps:
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1.1.1
uses: dependabot/fetch-metadata@v1.2.1
- name: Approve a PR
run: gh pr review --approve "$PR_URL"
env:
Expand Down Expand Up @@ -115,7 +115,7 @@ jobs:
steps:
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1.1.1
uses: dependabot/fetch-metadata@v1.2.1
- name: Enable auto-merge for Dependabot PRs
if: ${{contains(steps.dependabot-metadata.outputs.dependency-names, 'rails') && steps.dependabot-metadata.outputs.update-type == 'version-update:semver-patch'}}
run: gh pr merge --auto --merge "$PR_URL"
Expand Down Expand Up @@ -144,7 +144,7 @@ jobs:
steps:
- name: Dependabot metadata
id: dependabot-metadata
uses: dependabot/fetch-metadata@v1.1.1
uses: dependabot/fetch-metadata@v1.2.1
- name: Add a label for all production dependencies
if: ${{ steps.dependabot-metadata.outputs.dependency-type == 'direct:production' }}
run: gh pr edit "$PR_URL" --add-label "production"
Expand Down
12 changes: 2 additions & 10 deletions dist/index.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

29 changes: 6 additions & 23 deletions src/dependabot/verified_commits.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -33,28 +33,6 @@ test('it returns false for an event triggered by someone other than Dependabot',
)
})

test('it returns false if there is more than 1 commit', async () => {
nock('https://api.github.com').get('/repos/dependabot/dependabot/pulls/101/commits')
.reply(200, [
{
commit: {
message: 'Bump lodash from 1.0.0 to 2.0.0'
}
},
{
commit: {
message: 'Add some more things.'
}
}
])

expect(await getMessage(mockGitHubClient, mockGitHubPullContext())).toBe(false)

expect(core.warning).toHaveBeenCalledWith(
expect.stringContaining("It looks like this PR has contains commits that aren't part of a Dependabot update.")
)
})

test('it returns false if the commit was authored by someone other than Dependabot', async () => {
nock('https://api.github.com').get('/repos/dependabot/dependabot/pulls/101/commits')
.reply(200, [
Expand All @@ -71,7 +49,7 @@ test('it returns false if the commit was authored by someone other than Dependab
expect(await getMessage(mockGitHubClient, mockGitHubPullContext())).toBe(false)

expect(core.warning).toHaveBeenCalledWith(
expect.stringContaining("It looks like this PR has contains commits that aren't part of a Dependabot update.")
expect.stringContaining('It looks like this PR was not created by Dependabot, refusing to proceed.')
)
})

Expand Down Expand Up @@ -124,6 +102,11 @@ test('it returns the commit message for a PR authored exclusively by Dependabot
verified: true
}
}
},
{
commit: {
message: 'Add some more things.'
}
}
])

Expand Down
18 changes: 4 additions & 14 deletions src/dependabot/verified_commits.ts
Original file line number Diff line number Diff line change
Expand Up @@ -32,15 +32,13 @@ export async function getMessage (client: InstanceType<typeof GitHub>, context:
pull_number: pr.number
})

if (commits.length > 1) {
warnOtherCommits()
return false
}

const { commit, author } = commits[0]

if (author?.login !== DEPENDABOT_LOGIN) {
warnOtherCommits()
// TODO: Promote to setFailed
core.warning(
'It looks like this PR was not created by Dependabot, refusing to proceed.'
)
return false
}

Expand All @@ -55,14 +53,6 @@ export async function getMessage (client: InstanceType<typeof GitHub>, context:
return commit.message
}

function warnOtherCommits (): void {
core.warning(
"It looks like this PR has contains commits that aren't part of a Dependabot update. " +
"Try using '@dependabot rebase' to remove merge commits or '@dependabot recreate' to remove " +
'any non-Dependabot changes.'
)
}

export async function getAlert (name: string, version: string, directory: string, client: InstanceType<typeof GitHub>, context: Context): Promise<dependencyAlert> {
const alerts: any = await client.graphql(`
{
Expand Down

0 comments on commit 26e18ca

Please sign in to comment.