From e0b54cf2a88bd0a6fa675360682311d317faf938 Mon Sep 17 00:00:00 2001 From: Popov Aleksey Date: Wed, 29 Nov 2023 22:16:29 +0200 Subject: [PATCH] refactor: some refactoring --- workflows/check-security-alerts.yml | 90 ++++++++++++++--------------- 1 file changed, 42 insertions(+), 48 deletions(-) diff --git a/workflows/check-security-alerts.yml b/workflows/check-security-alerts.yml index beef8f6..9da8049 100644 --- a/workflows/check-security-alerts.yml +++ b/workflows/check-security-alerts.yml @@ -17,7 +17,11 @@ jobs: return; const { owner, repo } = context.repo; - const state = 'open'; + + const states = { + open: 'open', + closed: 'closed', + }; const labels = { dependabot: 'dependabot', @@ -31,19 +35,18 @@ jobs: owner, repo: '${{ secrets.SECURITY_ISSUE_REPO }}', labels: [labels.security], - state + state: states.open, }); const alertDictionary = existedIssues.reduce((res, issue) => { - const [,alertUrl, alertNumber] = issue.body.match(/Link:\s*(https.*?(\d+)$)/); + const [,url, number] = issue.body.match(/Link:\s*(https.*?(\d+)$)/); - if (!alertUrl) + if (!url) return res; - res[alertUrl] = { - issue, - number: alertNumber, - isDependabot: alertUrl.includes('dependabot'), + res[url] = { + issue, number, + isDependabot: url.includes('dependabot'), }; return res; @@ -58,10 +61,7 @@ jobs: if (isAlertOpened) continue; - await closeIssue({owner, - repo: '${{ secrets.SECURITY_ISSUE_REPO }}', - issue_number: alert.issue.number - }) + await closeIssue(alert.issue.number) } } @@ -69,8 +69,7 @@ jobs: if (!needCreateIssue(alert)) return; - createIssue({ owner, - repo: '${{ secrets.SECURITY_ISSUE_REPO }}', + createIssue({ labels: [labels.dependabot, labels.security, alert.dependency.scope], originRepo: repo, summary: alert.security_advisory.summary, @@ -84,8 +83,7 @@ jobs: if (!needCreateIssue(alert)) return; - createIssue({ owner, - repo: '${{ secrets.SECURITY_ISSUE_REPO }}', + createIssue({ labels: [labels.codeql, labels.security], originRepo: repo, summary: alert.rule.description, @@ -95,51 +93,41 @@ jobs: }); async function getDependabotAlerts () { - const dependabotListAlertsUrl = `https://api.github.com/repos/${ owner }/${ repo }/dependabot/alerts?state=${ state }`; - const dependabotRequestOptions = { - headers: { 'Authorization': 'Bearer ${{ secrets.ACTIVE_TOKEN }}' } - } - - const response = await fetch(dependabotListAlertsUrl, dependabotRequestOptions); - const data = await response.json(); - - // If data isn't arry somethig goes wrong - if (Array.isArray(data)) - return data; + const { data } = await github.rest.dependabot.listAlertsForRepo({ owner, repo, state: states.open }); - return []; + return data; } async function getCodeqlAlerts () { - // When CodeQL is turned of it throws error try { - const { data } = await github.rest.codeScanning.listAlertsForRepo({ owner, repo, state }); + const { data } = await github.rest.codeScanning.listAlertsForRepo({ owner, repo, state: states.open }); return data; - } catch (_) { - return []; + } catch (e) { + if (e.message.includes('no analysis found')) + return []; + + throw e; } } async function isDependabotAlertOpened (alertNumber) { const alert = await getDependabotAlertInfo(alertNumber); - return alert?.state == 'open'; + return alert.state === states.open; } async function getDependabotAlertInfo (alertNumber) { - const dependabotListAlertsUrl = `https://api.github.com/repos/${ owner }/${ repo }/dependabot/alerts/${ alertNumber }`; - const dependabotRequestOptions = { - headers: { 'Authorization': 'Bearer ${{ secrets.ACTIVE_TOKEN }}' } - } - - const response = await fetch(dependabotListAlertsUrl, dependabotRequestOptions); - const data = await response.json(); + try { + const { data } = await github.rest.dependabot.getAlert({ owner, repo, alert_number: alertNumber }); - if (data.state) return data; + } catch (e) { + if (e.message.includes('No alert found for alert number')) + return {}; - return null; + throw e; + } } function needCreateIssue (alert) { @@ -147,7 +135,7 @@ jobs: && Date.now() - new Date(alert.created_at) <= 1000 * 60 * 60 * 24; } - async function createIssue ({owner, repo, labels, originRepo, summary, description, link, package = ''}) { + async function createIssue ({labels, originRepo, summary, description, link, package = ''}) { const title = `[${originRepo}] ${summary}`; const body = '' + `#### Repository: \`${ originRepo }\`\n` @@ -156,11 +144,17 @@ jobs: + `${ description }\n` + `#### Link: ${ link }` - return github.rest.issues.create({ owner, repo, title, body, labels }); + return github.rest.issues.create({ + owner, title, body, labels, + repo: '${{ secrets.SECURITY_ISSUE_REPO }}', + }); } - async function closeIssue ({ owner, repo, issue_number}) { - const state = 'closed'; - - return github.rest.issues.update({ owner, repo, issue_number, state }); + async function closeIssue (issueNumber) { + return github.rest.issues.update({ + owner, + repo: '${{ secrets.SECURITY_ISSUE_REPO }}', + issue_number: issueNumber, + state: states.closed + }); } \ No newline at end of file