Skip to content

Commit

Permalink
refactor: some refactoring
Browse files Browse the repository at this point in the history
  • Loading branch information
@Aleksey28
Aleksey28 committed Nov 29, 2023
1 parent 534658d commit e0b54cf
Showing 1 changed file with 42 additions and 48 deletions.
90 changes: 42 additions & 48 deletions workflows/check-security-alerts.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,11 @@ jobs:
return;
const { owner, repo } = context.repo;
const state = 'open';
const states = {
open: 'open',
closed: 'closed',
};
const labels = {
dependabot: 'dependabot',
Expand All @@ -31,19 +35,18 @@ jobs:
owner,
repo: '${{ secrets.SECURITY_ISSUE_REPO }}',
labels: [labels.security],
state
state: states.open,
});
const alertDictionary = existedIssues.reduce((res, issue) => {
const [,alertUrl, alertNumber] = issue.body.match(/Link:\s*(https.*?(\d+)$)/);
const [,url, number] = issue.body.match(/Link:\s*(https.*?(\d+)$)/);
if (!alertUrl)
if (!url)
return res;
res[alertUrl] = {
issue,
number: alertNumber,
isDependabot: alertUrl.includes('dependabot'),
res[url] = {
issue, number,
isDependabot: url.includes('dependabot'),
};
return res;
Expand All @@ -58,19 +61,15 @@ jobs:
if (isAlertOpened)
continue;
await closeIssue({owner,
repo: '${{ secrets.SECURITY_ISSUE_REPO }}',
issue_number: alert.issue.number
})
await closeIssue(alert.issue.number)
}
}
dependabotAlerts.forEach(alert => {
if (!needCreateIssue(alert))
return;
createIssue({ owner,
repo: '${{ secrets.SECURITY_ISSUE_REPO }}',
createIssue({
labels: [labels.dependabot, labels.security, alert.dependency.scope],
originRepo: repo,
summary: alert.security_advisory.summary,
Expand All @@ -84,8 +83,7 @@ jobs:
if (!needCreateIssue(alert))
return;
createIssue({ owner,
repo: '${{ secrets.SECURITY_ISSUE_REPO }}',
createIssue({
labels: [labels.codeql, labels.security],
originRepo: repo,
summary: alert.rule.description,
Expand All @@ -95,59 +93,49 @@ jobs:
});
async function getDependabotAlerts () {
const dependabotListAlertsUrl = `https://api.github.com/repos/${ owner }/${ repo }/dependabot/alerts?state=${ state }`;
const dependabotRequestOptions = {
headers: { 'Authorization': 'Bearer ${{ secrets.ACTIVE_TOKEN }}' }
}
const response = await fetch(dependabotListAlertsUrl, dependabotRequestOptions);
const data = await response.json();
// If data isn't arry somethig goes wrong
if (Array.isArray(data))
return data;
const { data } = await github.rest.dependabot.listAlertsForRepo({ owner, repo, state: states.open });
return [];
return data;
}
async function getCodeqlAlerts () {
// When CodeQL is turned of it throws error
try {
const { data } = await github.rest.codeScanning.listAlertsForRepo({ owner, repo, state });
const { data } = await github.rest.codeScanning.listAlertsForRepo({ owner, repo, state: states.open });
return data;
} catch (_) {
return [];
} catch (e) {
if (e.message.includes('no analysis found'))
return [];
throw e;
}
}
async function isDependabotAlertOpened (alertNumber) {
const alert = await getDependabotAlertInfo(alertNumber);
return alert?.state == 'open';
return alert.state === states.open;
}
async function getDependabotAlertInfo (alertNumber) {
const dependabotListAlertsUrl = `https://api.github.com/repos/${ owner }/${ repo }/dependabot/alerts/${ alertNumber }`;
const dependabotRequestOptions = {
headers: { 'Authorization': 'Bearer ${{ secrets.ACTIVE_TOKEN }}' }
}
const response = await fetch(dependabotListAlertsUrl, dependabotRequestOptions);
const data = await response.json();
try {
const { data } = await github.rest.dependabot.getAlert({ owner, repo, alert_number: alertNumber });
if (data.state)
return data;
} catch (e) {
if (e.message.includes('No alert found for alert number'))
return {};
return null;
throw e;
}
}
function needCreateIssue (alert) {
return !alertDictionary[alert.html_url]
&& Date.now() - new Date(alert.created_at) <= 1000 * 60 * 60 * 24;
}
async function createIssue ({owner, repo, labels, originRepo, summary, description, link, package = ''}) {
async function createIssue ({labels, originRepo, summary, description, link, package = ''}) {
const title = `[${originRepo}] ${summary}`;
const body = ''
+ `#### Repository: \`${ originRepo }\`\n`
Expand All @@ -156,11 +144,17 @@ jobs:
+ `${ description }\n`
+ `#### Link: ${ link }`
return github.rest.issues.create({ owner, repo, title, body, labels });
return github.rest.issues.create({
owner, title, body, labels,
repo: '${{ secrets.SECURITY_ISSUE_REPO }}',
});
}
async function closeIssue ({ owner, repo, issue_number}) {
const state = 'closed';
return github.rest.issues.update({ owner, repo, issue_number, state });
async function closeIssue (issueNumber) {
return github.rest.issues.update({
owner,
repo: '${{ secrets.SECURITY_ISSUE_REPO }}',
issue_number: issueNumber,
state: states.closed
});
}

0 comments on commit e0b54cf

Please sign in to comment.