Skip to content

Commit

Permalink
Release v1.2.0
Browse files Browse the repository at this point in the history
  • Loading branch information
svartalf committed May 7, 2020
1 parent d6b76c8 commit 35b7b53
Show file tree
Hide file tree
Showing 7 changed files with 75 additions and 67 deletions.
5 changes: 3 additions & 2 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,11 +5,12 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

## [1.2.0]
## [1.2.0] - 2020-05-07

### Fixed

- Do not fail check if no critical vulnerabilities were found when executed for a fork repository (closes #104)
- Compatibility with latest `cargo-audit == 0.12` JSON output (#115)
- Do not fail check if no critical vulnerabilities were found when executed for a fork repository (closes #104)

## [1.1.0]

Expand Down
2 changes: 1 addition & 1 deletion dist/index.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "rust-audit-check",
"version": "1.1.0",
"version": "1.2.0",
"private": false,
"description": "Security audit for security vulnerabilities",
"main": "lib/main.js",
Expand Down
22 changes: 3 additions & 19 deletions src/interfaces.ts
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ export interface Report {
database: DatabaseInfo;
lockfile: LockfileInfo;
vulnerabilities: VulnerabilitiesInfo;
warnings: Warning[];
warnings: Warning[] | { [key: string]: Warning[] };
}

export interface DatabaseInfo {
Expand Down Expand Up @@ -47,23 +47,7 @@ export interface Package {
}

export interface Warning {
kind: Kind;
package: Package;
}

// TypeScript types system is weird :(
export interface Kind {
unmaintained?: KindUnmaintained;
informational?: KindInformational;
yanked?: KindYanked;
}

export interface KindUnmaintained {
advisory: Advisory;
}

export interface KindInformational {
kind: 'unmaintained' | 'informational' | 'yanked' | string;
advisory: Advisory;
package: Package;
}

export interface KindYanked {} // eslint-disable-line @typescript-eslint/no-empty-interface
20 changes: 16 additions & 4 deletions src/main.ts
Original file line number Diff line number Diff line change
Expand Up @@ -53,10 +53,22 @@ export async function run(actionInput: input.Input): Promise<void> {
shouldReport = true;
}

if (report.warnings.length === 0) {
// In `cargo-audit < 0.12` report contained an array of `Warning`.
// In `cargo-audit >= 0.12` it is a JSON object,
// where key is a warning type, and value is an array of `Warning` of that type.
let warnings: Array<interfaces.Warning> = [];
if (Array.isArray(report.warnings)) {
warnings = report.warnings;
} else {
for (const items of Object.values(report.warnings)) {
warnings = warnings.concat(items);
}
}

if (warnings.length === 0) {
core.info('No warnings were found');
} else {
core.warning(`${report.warnings.length} warnings found!`);
core.warning(`${warnings.length} warnings found!`);
shouldReport = true;
}

Expand All @@ -72,12 +84,12 @@ export async function run(actionInput: input.Input): Promise<void> {
core.debug(
'Action was triggered on a schedule event, creating an Issues report',
);
await reporter.reportIssues(client, advisories, report.warnings);
await reporter.reportIssues(client, advisories, warnings);
} else {
core.debug(
`Action was triggered on a ${github.context.eventName} event, creating a Check report`,
);
await reporter.reportCheck(client, advisories, report.warnings);
await reporter.reportCheck(client, advisories, warnings);
}
}

Expand Down
89 changes: 50 additions & 39 deletions src/reporter.ts
Original file line number Diff line number Diff line change
Expand Up @@ -26,26 +26,32 @@ function makeReport(
): string {
const preparedWarnings: Array<templates.ReportWarning> = [];
for (const warning of warnings) {
// TODO: Is there any better way?
if ('unmaintained' in warning.kind) {
preparedWarnings.push({
advisory: warning.kind.unmaintained!.advisory, // eslint-disable-line @typescript-eslint/no-non-null-assertion
package: warning.package,
});
} else if ('informational' in warning.kind) {
preparedWarnings.push({
advisory: warning.kind.informational!.advisory, // eslint-disable-line @typescript-eslint/no-non-null-assertion
package: warning.package,
});
} else if ('yanked' in warning.kind) {
preparedWarnings.push({
package: warning.package,
});
} else {
core.warning(
`Unknown warning kind ${warning.kind} found, please, file a bug`,
);
continue;
switch (warning.kind) {
case 'unmaintained':
preparedWarnings.push({
advisory: warning.advisory,
package: warning.package,
});
break;

case 'informational':
preparedWarnings.push({
advisory: warning.advisory,
package: warning.package,
});
break;

case 'yanked':
preparedWarnings.push({
package: warning.package,
});
break;

default:
core.warning(
`Unknown warning kind ${warning.kind} found, please, file a bug`,
);
break;
}
}

Expand Down Expand Up @@ -85,11 +91,15 @@ function getStats(
}

for (const warning of warnings) {
if (warning.kind.unmaintained) {
unmaintained += 1;
} else {
// Both yanked and informational types of kind
other += 1;
switch (warning.kind) {
case 'unmaintained':
unmaintained += 1;
break;

default:
// Both yanked and informational types of kind
other += 1;
break;
}
}

Expand Down Expand Up @@ -243,20 +253,21 @@ export async function reportIssues(

for (const warning of warnings) {
let advisory: interfaces.Advisory;
if ('unmaintained' in warning.kind) {
advisory = warning.kind.unmaintained!.advisory; // eslint-disable-line @typescript-eslint/no-non-null-assertion
} else if ('informational' in warning.kind) {
advisory = warning.kind.informational!.advisory; // eslint-disable-line @typescript-eslint/no-non-null-assertion
} else if ('yanked' in warning.kind) {
core.warning(
`Crate ${warning.package.name} was yanked, but no issue will be reported about it`,
);
continue;
} else {
core.warning(
`Unknown warning kind ${warning.kind} found, please, file a bug`,
);
continue;
switch (warning.kind) {
case 'unmaintained':
case 'informational':
advisory = warning.advisory;
break;
case 'yanked':
core.warning(
`Crate ${warning.package.name} was yanked, but no issue will be reported about it`,
);
continue;
default:
core.warning(
`Unknown warning kind ${warning.kind} found, please, file a bug`,
);
continue;
}

const reported = await alreadyReported(client, advisory.id);
Expand Down

0 comments on commit 35b7b53

Please sign in to comment.