From 9561273b7fe1cd155398a0a41e65331512e3909e Mon Sep 17 00:00:00 2001 From: Rhys Koedijk Date: Mon, 7 Oct 2024 02:01:57 +1300 Subject: [PATCH] Clean up --- extension/tasks/dependabotV2/index.ts | 12 +----- .../DependabotOutputProcessor.ts | 39 ++----------------- 2 files changed, 5 insertions(+), 46 deletions(-) diff --git a/extension/tasks/dependabotV2/index.ts b/extension/tasks/dependabotV2/index.ts index 94c4c87f..c52ad2d5 100644 --- a/extension/tasks/dependabotV2/index.ts +++ b/extension/tasks/dependabotV2/index.ts @@ -4,7 +4,6 @@ import { DependabotCli } from './utils/dependabot-cli/DependabotCli'; import { DependabotJobBuilder } from './utils/dependabot-cli/DependabotJobBuilder'; import { DependabotOutputProcessor, - parseProjectDependencyListProperty, parsePullRequestProperties, } from './utils/dependabot-cli/DependabotOutputProcessor'; import { IDependabotUpdate } from './utils/dependabot/interfaces/IDependabotConfig'; @@ -84,15 +83,6 @@ async function run() { for (const update of updates) { const updateId = updates.indexOf(update).toString(); - // Parse the last dependency list snapshot (if any) from the project properties. - // This is required when doing a security-only update as dependabot requires the list of vulnerable dependencies to be updated. - // Automatic discovery of vulnerable dependencies during a security-only update is not currently supported by dependabot-updater. - const dependencyList = parseProjectDependencyListProperty( - await prAuthorClient.getProjectProperties(taskInputs.projectId), - taskInputs.repository, - update['package-ecosystem'], - ); - // Parse the Dependabot metadata for the existing pull requests that are related to this update // Dependabot will use this to determine if we need to create new pull requests or update/close existing ones const existingPullRequests = parsePullRequestProperties(prAuthorActivePullRequests, update['package-ecosystem']); @@ -104,7 +94,7 @@ async function run() { updateId, update, dependabotConfig.registries, - dependencyList?.['dependencies'], + undefined, // TODO: Implement this, required for security-only updates existingPullRequestDependencies, ); const allDependenciesUpdateOutputs = await dependabot.update(allDependenciesJob, dependabotUpdaterOptions); diff --git a/extension/tasks/dependabotV2/utils/dependabot-cli/DependabotOutputProcessor.ts b/extension/tasks/dependabotV2/utils/dependabot-cli/DependabotOutputProcessor.ts index dc8428b5..8fdd2fc8 100644 --- a/extension/tasks/dependabotV2/utils/dependabot-cli/DependabotOutputProcessor.ts +++ b/extension/tasks/dependabotV2/utils/dependabot-cli/DependabotOutputProcessor.ts @@ -18,10 +18,6 @@ export class DependabotOutputProcessor implements IDependabotUpdateOutputProcess private readonly existingPullRequests: IPullRequestProperties[]; private readonly taskInputs: ISharedVariables; - // Custom properties used to store dependabot metadata in projects. - // https://learn.microsoft.com/en-us/rest/api/azure/devops/core/projects/set-project-properties - public static PROJECT_PROPERTY_NAME_DEPENDENCY_LIST = 'Dependabot.DependencyList'; - // Custom properties used to store dependabot metadata in pull requests. // https://learn.microsoft.com/en-us/rest/api/azure/devops/git/pull-request-properties public static PR_PROPERTY_NAME_PACKAGE_MANAGER = 'Dependabot.PackageManager'; @@ -58,25 +54,9 @@ export class DependabotOutputProcessor implements IDependabotUpdateOutputProcess // See: https://github.com/dependabot/cli/blob/main/internal/model/update.go case 'update_dependency_list': - // Store the dependency list snapshot in project properties, if configured + // Store the dependency list snapshot, if configured if (this.taskInputs.storeDependencyList) { - console.info(`Storing the dependency list snapshot for project '${project}'...`); - await this.prAuthorClient.updateProjectProperty( - this.taskInputs.projectId, - DependabotOutputProcessor.PROJECT_PROPERTY_NAME_DEPENDENCY_LIST, - function (existingValue: string) { - const repoDependencyLists = JSON.parse(existingValue || '{}'); - repoDependencyLists[repository] = repoDependencyLists[repository] || {}; - repoDependencyLists[repository][update.job['package-manager']] = { - 'dependencies': data['dependencies'], - 'dependency-files': data['dependency_files'], - 'last-updated': new Date().toISOString(), - }; - - return JSON.stringify(repoDependencyLists); - }, - ); - console.info(`Dependency list snapshot was updated for project '${project}'`); + // TODO: Store the dependency list snapshot } return true; @@ -180,11 +160,10 @@ export class DependabotOutputProcessor implements IDependabotUpdateOutputProcess repository: repository, pullRequestId: pullRequestToUpdate.id, changes: getPullRequestChangedFilesForOutputData(data), - skipIfDraft: true, // TODO: Add config for this? - // TODO: Add config for this? + skipIfDraft: true, skipIfCommitsFromAuthorsOtherThan: this.taskInputs.authorEmail || DependabotOutputProcessor.PR_DEFAULT_AUTHOR_EMAIL, - skipIfNotBehindTargetBranch: true, // TODO: Add config for this? + skipIfNotBehindTargetBranch: true, }); // Re-approve the pull request, if required @@ -286,16 +265,6 @@ export function buildPullRequestProperties(packageManager: string, dependencies: ]; } -export function parseProjectDependencyListProperty( - properties: Record, - repository: string, - packageManager: string, -): any { - const dependencyList = properties?.[DependabotOutputProcessor.PROJECT_PROPERTY_NAME_DEPENDENCY_LIST] || '{}'; - const repoDependencyLists = JSON.parse(dependencyList); - return repoDependencyLists[repository]?.[packageManager]; -} - export function parsePullRequestProperties( pullRequests: IPullRequestProperties[], packageManager: string | null,