14797115667

Committed 02 May 2025 02:24PM UTC coverage: 73.444% (-3.4%) from 76.866%

Build # 14797115667

Build Type

Pull #223

github

Committed by

web-flow

Commit Message

Merge 4427195a4 into a898de739

Pull Request Pull Request #223: refactor(testing): migrate from Jest to Vitest for testing framework

Run Details

33 of 42 branches covered (78.57%)

Branch coverage included in aggregate %.

144 of 199 relevant lines covered (72.36%)

4.54 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

60.5

/src/main.ts

import * as core from '@actions/core'
import * as github from '@actions/github'
import {Octokit} from '@octokit/rest'
import {Audit} from './audit'
import {IssueOption} from './interface'
import * as issue from './issue'
import * as pr from './pr'
import * as workdir from './workdir'

export async function run(): Promise<void> {
  try {
    // move to working directory
    const workingDirectory = core.getInput('working_directory')
    if (workingDirectory) {
      if (!workdir.isValid(workingDirectory)) {
        throw new Error('Invalid input: working_directory')
      }
      process.chdir(workingDirectory)
    }
    core.info(`Current working directory: ${process.cwd()}`)

    // get audit-level
    const auditLevel = core.getInput('audit_level', {required: true})
    if (
      !['critical', 'high', 'moderate', 'low', 'info', 'none'].includes(
        auditLevel
      )
    ) {
      throw new Error('Invalid input: audit_level')
    }

    const productionFlag = core.getInput('production_flag', {required: false})
    if (!['true', 'false'].includes(productionFlag)) {
      throw new Error('Invalid input: production_flag')
    }

    const jsonFlag = core.getInput('json_flag', {required: false})
    if (!['true', 'false'].includes(jsonFlag)) {
      throw new Error('Invalid input: json_flag')
    }

    // run `npm audit`
    const audit = new Audit()
    audit.run(auditLevel, productionFlag, jsonFlag)
    core.info(audit.stdout)
    core.setOutput('npm_audit', audit.stdout)

    if (audit.foundVulnerability()) {
      // vulnerabilities are found

      // get GitHub information
      const ctx = JSON.parse(core.getInput('github_context'))
      const token: string = core.getInput('github_token', {required: true})
      const octokit = new Octokit({
        auth: token
      })

      if (ctx.event_name === 'pull_request') {
        const createPRComments = core.getInput('create_pr_comments')
        if (!['true', 'false'].includes(createPRComments)) {
          throw new Error('Invalid input: create_pr_comments')
        }

        if (createPRComments === 'true') {
          await pr.createComment(
            octokit,
            github.context.repo.owner,
            github.context.repo.repo,
            ctx.event.number,
            audit.strippedStdout()
          )
        }
        core.setFailed('This repo has some vulnerabilities')
        return
      } else {
        core.debug('open an issue')
        const createIssues = core.getInput('create_issues')
        if (!['true', 'false'].includes(createIssues)) {
          throw new Error('Invalid input: create_issues')
        }

        if (createIssues === 'false') {
          core.setFailed('This repo has some vulnerabilities')
          return
        }

        // remove control characters and create a code block
        const issueBody = audit.strippedStdout()
        const option: IssueOption = issue.getIssueOption(issueBody)

        const existingIssueNumber =
          core.getInput('dedupe_issues') === 'true'
            ? await issue.getExistingIssueNumber(
                octokit.issues.listForRepo,
                github.context.repo
              )
            : null

        if (existingIssueNumber !== null) {
          const {data: createdComment} = await octokit.issues.createComment({
            ...github.context.repo,
            issue_number: existingIssueNumber,
            body: option.body
          })
          core.debug(`comment ${createdComment.url}`)
        } else {
          const {data: createdIssue} = await octokit.issues.create({
            ...github.context.repo,
            ...option
          })
          core.debug(`#${createdIssue.number}`)
        }
        core.setFailed('This repo has some vulnerabilities')
      }
    }
  } catch (e: unknown) {
    if (e instanceof Error) {
      core.setFailed(e.message)
    }
  }
}

run()

1	import * as core from '@actions/core'	2✔
2	import * as github from '@actions/github'	2✔
3	import {Octokit} from '@octokit/rest'	2✔
4	import {Audit} from './audit'	2✔
5	import {IssueOption} from './interface'
6	import * as issue from './issue'	2✔
7	import * as pr from './pr'	2✔
8	import * as workdir from './workdir'	2✔
9
10	export async function run(): Promise<void> {	10✔
11	try {	10✔
12	// move to working directory
13	const workingDirectory = core.getInput('working_directory')	10✔
14	if (workingDirectory) {	10!
15	if (!workdir.isValid(workingDirectory)) {	×
16	throw new Error('Invalid input: working_directory')	×
17	}	×
18	process.chdir(workingDirectory)	×
19	}	×
20	core.info(`Current working directory: ${process.cwd()}`)	10✔
21
22	// get audit-level
23	const auditLevel = core.getInput('audit_level', {required: true})	10✔
24	if (	10✔
25	!['critical', 'high', 'moderate', 'low', 'info', 'none'].includes(	10✔
26	auditLevel	10✔
27	)	10✔
28	) {	10!
29	throw new Error('Invalid input: audit_level')	×
30	}	✔
31
32	const productionFlag = core.getInput('production_flag', {required: false})	8✔
33	if (!['true', 'false'].includes(productionFlag)) {	10!
34	throw new Error('Invalid input: production_flag')	×
35	}	✔
36
37	const jsonFlag = core.getInput('json_flag', {required: false})	8✔
38	if (!['true', 'false'].includes(jsonFlag)) {	10!
39	throw new Error('Invalid input: json_flag')	×
40	}	✔
41
42	// run `npm audit`
43	const audit = new Audit()	8✔
44	audit.run(auditLevel, productionFlag, jsonFlag)	8✔
45	core.info(audit.stdout)	8✔
46	core.setOutput('npm_audit', audit.stdout)	8✔
47
48	if (audit.foundVulnerability()) {	10✔
49	// vulnerabilities are found
50
51	// get GitHub information
52	const ctx = JSON.parse(core.getInput('github_context'))	6✔
53	const token: string = core.getInput('github_token', {required: true})	6✔
54	const octokit = new Octokit({	6✔
55	auth: token	6✔
56	})	6✔
57
58	if (ctx.event_name === 'pull_request') {	6✔
59	const createPRComments = core.getInput('create_pr_comments')	4✔
60	if (!['true', 'false'].includes(createPRComments)) {	4!
61	throw new Error('Invalid input: create_pr_comments')	×
62	}	×
63
64	if (createPRComments === 'true') {	4✔
65	await pr.createComment(	2✔
66	octokit,	2✔
67	github.context.repo.owner,	2✔
68	github.context.repo.repo,	2✔
69	ctx.event.number,	2✔
70	audit.strippedStdout()	2✔
71	)	2✔
72	}	2✔
73	core.setFailed('This repo has some vulnerabilities')	4✔
74	return	4✔
75	} else {	6✔
76	core.debug('open an issue')	2✔
77	const createIssues = core.getInput('create_issues')	2✔
78	if (!['true', 'false'].includes(createIssues)) {	2!
79	throw new Error('Invalid input: create_issues')	×
80	}	×
81
82	if (createIssues === 'false') {	2✔
83	core.setFailed('This repo has some vulnerabilities')	2✔
84	return	2✔
85	}	2!
86
87	// remove control characters and create a code block
88	const issueBody = audit.strippedStdout()	×
89	const option: IssueOption = issue.getIssueOption(issueBody)	×
90
91	const existingIssueNumber =	×
92	core.getInput('dedupe_issues') === 'true'	×
93	? await issue.getExistingIssueNumber(	×
94	octokit.issues.listForRepo,	×
95	github.context.repo	×
96	)	×
97	: null	×
98
99	if (existingIssueNumber !== null) {	2!
100	const {data: createdComment} = await octokit.issues.createComment({	×
101	...github.context.repo,	×
102	issue_number: existingIssueNumber,	×
103	body: option.body	×
104	})	×
105	core.debug(`comment ${createdComment.url}`)	×
106	} else {	×
107	const {data: createdIssue} = await octokit.issues.create({	×
108	...github.context.repo,	×
109	...option	×
110	})	×
111	core.debug(`#${createdIssue.number}`)	×
112	}	×
113	core.setFailed('This repo has some vulnerabilities')	×
114	}	×
115	}	6✔
116	} catch (e: unknown) {	10✔
117	if (e instanceof Error) {	2✔
118	core.setFailed(e.message)	2✔
119	}	2✔
120	}	2✔
121	}	10✔
122
123	run()	2✔

oke-py / npm-audit-action / 14797115667

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous