Clean up

tinglesoftware · Oct 6, 2024 · 9561273 · 9561273
1 parent 587aea9
commit 9561273
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 46 deletions.
diff --git a/extension/tasks/dependabotV2/index.ts b/extension/tasks/dependabotV2/index.ts
@@ -4,7 +4,6 @@ import { DependabotCli } from './utils/dependabot-cli/DependabotCli';
 import { DependabotJobBuilder } from './utils/dependabot-cli/DependabotJobBuilder';
 import {
   DependabotOutputProcessor,
-  parseProjectDependencyListProperty,
   parsePullRequestProperties,
 } from './utils/dependabot-cli/DependabotOutputProcessor';
 import { IDependabotUpdate } from './utils/dependabot/interfaces/IDependabotConfig';
@@ -84,15 +83,6 @@ async function run() {
     for (const update of updates) {
       const updateId = updates.indexOf(update).toString();
 
-      // Parse the last dependency list snapshot (if any) from the project properties.
-      // This is required when doing a security-only update as dependabot requires the list of vulnerable dependencies to be updated.
-      // Automatic discovery of vulnerable dependencies during a security-only update is not currently supported by dependabot-updater.
-      const dependencyList = parseProjectDependencyListProperty(
-        await prAuthorClient.getProjectProperties(taskInputs.projectId),
-        taskInputs.repository,
-        update['package-ecosystem'],
-      );
-
       // Parse the Dependabot metadata for the existing pull requests that are related to this update
       // Dependabot will use this to determine if we need to create new pull requests or update/close existing ones
       const existingPullRequests = parsePullRequestProperties(prAuthorActivePullRequests, update['package-ecosystem']);
@@ -104,7 +94,7 @@ async function run() {
         updateId,
         update,
         dependabotConfig.registries,
-        dependencyList?.['dependencies'],
+        undefined, // TODO: Implement this, required for security-only updates
         existingPullRequestDependencies,
       );
       const allDependenciesUpdateOutputs = await dependabot.update(allDependenciesJob, dependabotUpdaterOptions);

diff --git a/extension/tasks/dependabotV2/utils/dependabot-cli/DependabotOutputProcessor.ts b/extension/tasks/dependabotV2/utils/dependabot-cli/DependabotOutputProcessor.ts
@@ -18,10 +18,6 @@ export class DependabotOutputProcessor implements IDependabotUpdateOutputProcess
   private readonly existingPullRequests: IPullRequestProperties[];
   private readonly taskInputs: ISharedVariables;
 
-  // Custom properties used to store dependabot metadata in projects.
-  // https://learn.microsoft.com/en-us/rest/api/azure/devops/core/projects/set-project-properties
-  public static PROJECT_PROPERTY_NAME_DEPENDENCY_LIST = 'Dependabot.DependencyList';
-
   // Custom properties used to store dependabot metadata in pull requests.
   // https://learn.microsoft.com/en-us/rest/api/azure/devops/git/pull-request-properties
   public static PR_PROPERTY_NAME_PACKAGE_MANAGER = 'Dependabot.PackageManager';
@@ -58,25 +54,9 @@ export class DependabotOutputProcessor implements IDependabotUpdateOutputProcess
       // See: https://github.com/dependabot/cli/blob/main/internal/model/update.go
 
       case 'update_dependency_list':
-        // Store the dependency list snapshot in project properties, if configured
+        // Store the dependency list snapshot, if configured
         if (this.taskInputs.storeDependencyList) {
-          console.info(`Storing the dependency list snapshot for project '${project}'...`);
-          await this.prAuthorClient.updateProjectProperty(
-            this.taskInputs.projectId,
-            DependabotOutputProcessor.PROJECT_PROPERTY_NAME_DEPENDENCY_LIST,
-            function (existingValue: string) {
-              const repoDependencyLists = JSON.parse(existingValue || '{}');
-              repoDependencyLists[repository] = repoDependencyLists[repository] || {};
-              repoDependencyLists[repository][update.job['package-manager']] = {
-                'dependencies': data['dependencies'],
-                'dependency-files': data['dependency_files'],
-                'last-updated': new Date().toISOString(),
-              };
-
-              return JSON.stringify(repoDependencyLists);
-            },
-          );
-          console.info(`Dependency list snapshot was updated for project '${project}'`);
+          // TODO: Store the dependency list snapshot
         }
 
         return true;
@@ -180,11 +160,10 @@ export class DependabotOutputProcessor implements IDependabotUpdateOutputProcess
           repository: repository,
           pullRequestId: pullRequestToUpdate.id,
           changes: getPullRequestChangedFilesForOutputData(data),
-          skipIfDraft: true, // TODO: Add config for this?
-          // TODO: Add config for this?
+          skipIfDraft: true,
           skipIfCommitsFromAuthorsOtherThan:
             this.taskInputs.authorEmail || DependabotOutputProcessor.PR_DEFAULT_AUTHOR_EMAIL,
-          skipIfNotBehindTargetBranch: true, // TODO: Add config for this?
+          skipIfNotBehindTargetBranch: true,
         });
 
         // Re-approve the pull request, if required
@@ -286,16 +265,6 @@ export function buildPullRequestProperties(packageManager: string, dependencies:
   ];
 }
 
-export function parseProjectDependencyListProperty(
-  properties: Record<string, string>,
-  repository: string,
-  packageManager: string,
-): any {
-  const dependencyList = properties?.[DependabotOutputProcessor.PROJECT_PROPERTY_NAME_DEPENDENCY_LIST] || '{}';
-  const repoDependencyLists = JSON.parse(dependencyList);
-  return repoDependencyLists[repository]?.[packageManager];
-}
-
 export function parsePullRequestProperties(
   pullRequests: IPullRequestProperties[],
   packageManager: string | null,