Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add 'skip-commit-verification' as an input for GitHub Enterprise Server users #225

Merged
merged 4 commits into from
Jun 30, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,9 @@ Supported inputs are:
- `compat-lookup` (boolean)
- If `true`, then populate the `compatibility-score` output.
- Defaults to `false`
- `skip-commit-verification` (boolean)
- If `true`, then the action will not expect the commits to have a verification signature. **It is required to set this to 'true' in GitHub Enterprise Server**
- Defaults to `false`

Subsequent actions will have access to the following outputs:

Expand Down
4 changes: 4 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@ inputs:
github-token:
description: 'The GITHUB_TOKEN secret'
default: ${{ github.token }}
skip-commit-verification:
type: boolean
description: 'If true, the action will not expect Dependabot commits to be verified. This should be set as 'true' in GHES environments.'
default: false
outputs:
dependency-names:
description: 'A comma-separated list of all package names updated.'
Expand Down
6 changes: 3 additions & 3 deletions dist/index.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

17 changes: 17 additions & 0 deletions src/dependabot/verified_commits.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,23 @@ test('it returns false if the commit is has no verification payload', async () =
expect(await getMessage(mockGitHubClient, mockGitHubPullContext())).toBe(false)
})

test('it returns the message if the commit is has no verification payload but verification is skipped', async () => {
nock('https://api.github.com').get('/repos/dependabot/dependabot/pulls/101/commits')
.reply(200, [
{
author: {
login: 'dependabot[bot]'
},
commit: {
message: 'Bump lodash from 1.0.0 to 2.0.0',
verification: null
}
}
])

expect(await getMessage(mockGitHubClient, mockGitHubPullContext(), true)).toEqual('Bump lodash from 1.0.0 to 2.0.0')
})

test('it returns false if the commit is not verified', async () => {
nock('https://api.github.com').get('/repos/dependabot/dependabot/pulls/101/commits')
.reply(200, [
Expand Down
4 changes: 2 additions & 2 deletions src/dependabot/verified_commits.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import https from 'https'

const DEPENDABOT_LOGIN = 'dependabot[bot]'

export async function getMessage (client: InstanceType<typeof GitHub>, context: Context): Promise<string | false> {
export async function getMessage (client: InstanceType<typeof GitHub>, context: Context, skipCommitVerification = false): Promise<string | false> {
core.debug('Verifying the job is for an authentic Dependabot Pull Request')

const { pull_request: pr } = context.payload
Expand Down Expand Up @@ -43,7 +43,7 @@ export async function getMessage (client: InstanceType<typeof GitHub>, context:
return false
}

if (!commit.verification?.verified) {
if (!skipCommitVerification && !commit.verification?.verified) {
// TODO: Promote to setFailed
core.warning(
"Dependabot's commit signature is not verified, refusing to proceed."
Expand Down
1 change: 1 addition & 0 deletions src/main.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ beforeEach(() => {
jest.spyOn(core, 'info').mockImplementation(jest.fn())
jest.spyOn(core, 'setFailed').mockImplementation(jest.fn())
jest.spyOn(core, 'startGroup').mockImplementation(jest.fn())
jest.spyOn(core, 'getBooleanInput').mockReturnValue(false)
})

test('it early exits with an error if github-token is not set', async () => {
Expand Down
2 changes: 1 addition & 1 deletion src/main.ts
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ export async function run (): Promise<void> {
const githubClient = github.getOctokit(token)

// Validate the job
const commitMessage = await verifiedCommits.getMessage(githubClient, github.context)
const commitMessage = await verifiedCommits.getMessage(githubClient, github.context, core.getBooleanInput('skip-commit-verification'))
const branchNames = util.getBranchNames(github.context)
let alertLookup: updateMetadata.alertLookup | undefined
if (core.getInput('alert-lookup')) {
Expand Down