Skip to content

Commit

Permalink
Check PR Author instead of Action Actor
Browse files Browse the repository at this point in the history
closes issue #112
  • Loading branch information
mwaddell committed Feb 7, 2022
1 parent ffa0846 commit 960d125
Show file tree
Hide file tree
Showing 6 changed files with 21 additions and 18 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/dependabot-auto-merge.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ permissions:
jobs:
dependabot:
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' }}
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
steps:
- name: Check out code
uses: actions/checkout@v2
Expand Down
8 changes: 4 additions & 4 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,8 @@ permissions:
jobs:
dependabot:
runs-on: ubuntu-latest
# Checking the actor will prevent your Action run failing on non-Dependabot PRs
if: ${{ github.actor == 'dependabot[bot]' }}
# Checking the author will prevent your Action run failing on non-Dependabot PRs
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
steps:
- name: Dependabot metadata
id: dependabot-metadata
Expand Down Expand Up @@ -88,7 +88,7 @@ permissions:
jobs:
dependabot:
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' }}
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
steps:
- name: Dependabot metadata
id: dependabot-metadata
Expand Down Expand Up @@ -119,7 +119,7 @@ permissions:
jobs:
dependabot:
runs-on: ubuntu-latest
if: ${{ github.actor == 'dependabot[bot]' }}
if: ${{ github.event.pull_request.user.login == 'dependabot[bot]' }}
steps:
- name: Dependabot metadata
id: dependabot-metadata
Expand Down
6 changes: 3 additions & 3 deletions dist/index.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

10 changes: 6 additions & 4 deletions src/dependabot/verified_commits.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ test('it returns false for an event triggered by someone other than Dependabot',
expect(await getMessage(mockGitHubClient, mockGitHubPullContext('jane-doe'))).toBe(false)

expect(core.debug).toHaveBeenCalledWith(
expect.stringContaining("Event actor 'jane-doe' is not Dependabot.")
expect.stringContaining("PR author 'jane-doe' is not Dependabot.")
)
})

Expand Down Expand Up @@ -142,11 +142,14 @@ function mockGitHubOtherContext (): Context {
return ctx
}

function mockGitHubPullContext (actor = 'dependabot[bot]'): Context {
function mockGitHubPullContext (author = 'dependabot[bot]'): Context {
const ctx = new Context()
ctx.payload = {
pull_request: {
number: 101
number: 101,
user: {
login: author
}
},
repository: {
name: 'dependabot',
Expand All @@ -155,6 +158,5 @@ function mockGitHubPullContext (actor = 'dependabot[bot]'): Context {
}
}
}
ctx.actor = actor
return ctx
}
6 changes: 3 additions & 3 deletions src/dependabot/verified_commits.ts
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@ export async function getMessage (client: InstanceType<typeof GitHub>, context:
return false
}

// Don't bother hitting the API if the event actor isn't Dependabot
if (context.actor !== DEPENDABOT_LOGIN) {
core.debug(`Event actor '${context.actor}' is not Dependabot.`)
// Don't bother hitting the API if the PR author isn't Dependabot
if (pr.user.login !== DEPENDABOT_LOGIN) {
core.debug(`PR author '${pr.user.login}' is not Dependabot.`)
return false
}

Expand Down
7 changes: 4 additions & 3 deletions src/dry-run.ts
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,10 @@ async function check (args: any): Promise<void> {
// Convert the CLI args into a stubbed Webhook payload
actionContext.payload = {
pull_request: {
number: args.prNumber
number: args.prNumber,
user: {
login: 'dependabot[bot]'
}
},
repository: {
owner: {
Expand All @@ -32,8 +35,6 @@ async function check (args: any): Promise<void> {
name: repoDetails.repo
}
}
// Bypass the actor check for purpose of a dry run
actionContext.actor = 'dependabot[bot]'

const githubClient = github.getOctokit(githubToken)

Expand Down

0 comments on commit 960d125

Please sign in to comment.