__tests__/main.test.ts

import * as fs from 'fs'
import * as path from 'path'
import * as core from '../__fixtures__/core'
import { Audit } from '../src/audit'
import { run } from '../src/main'
import * as issue from '../src/issue'
import * as pr from '../src/pr'
import { fileURLToPath } from 'url'
import { dirname } from 'path'

const __filename = fileURLToPath(import.meta.url)
const __dirname = dirname(__filename)

// Mocks should be declared before the module being tested is imported.
vi.mock('@actions/core', () => core)
vi.mock('../src/audit')
vi.mock('../src/issue')
vi.mock('../src/pr')
vi.mock('@octokit/rest', () => {
  return {
    Octokit: vi.fn().mockImplementation(() => {
      return {
        issues: {
          listForRepo: vi.fn(),
          createComment: vi.fn(),
          create: vi.fn()
        }
      }
    })
  }
})

describe('run: pr', () => {
  beforeEach(() => {
    // initialize mock
    vi.mocked(Audit).mockClear()
    vi.mocked(pr).createComment.mockClear()

    process.env.INPUT_AUDIT_LEVEL = 'low'
    process.env.INPUT_PRODUCTION_FLAG = 'false'
    process.env.INPUT_JSON_FLAG = 'false'
    process.env.INPUT_GITHUB_CONTEXT =
      '{ "event_name": "pull_request", "event": { "number": 100} }'
    process.env.INPUT_GITHUB_TOKEN = '***'
    process.env.GITHUB_REPOSITORY = 'alice/example'
    process.env.INPUT_CREATE_PR_COMMENTS = 'true'
  })

  test('does not call pr.createComment if vulnerabilities are not found', () => {
    vi.mocked(Audit).mockImplementation((): any => {
      return {
        stdout: fs.readFileSync(
          path.join(__dirname, 'testdata/audit/success.txt')
        ),
        status: 0,
        run: (): Promise<void> => {
          return Promise.resolve(void 0)
        },
        foundVulnerability: (): boolean => {
          return false
        },
        strippedStdout: (): string => {
          return path.join(__dirname, 'testdata/audit/success.txt')
        }
      }
    })

    vi.mocked(pr).createComment.mockResolvedValue()

    expect(run).not.toThrowError()
    expect(pr.createComment).not.toHaveBeenCalled()
  })

  test('calls pr.createComment if vulnerabilities are found in PR', () => {
    vi.mocked(Audit).mockImplementation((): any => {
      return {
        stdout: fs.readFileSync(
          path.join(__dirname, 'testdata/audit/error.txt')
        ),
        status: 1,
        run: (): Promise<void> => {
          return Promise.resolve(void 0)
        },
        foundVulnerability: (): boolean => {
          return true
        },
        strippedStdout: (): string => {
          return path.join(__dirname, 'testdata/audit/error.txt')
        }
      }
    })

    vi.mocked(pr).createComment.mockResolvedValue()

    expect(run).not.toThrowError()
    expect(pr.createComment).toHaveBeenCalled()
  })

  test('does not call pr.createComment if create_pr_comments is set to false', () => {
    process.env.INPUT_CREATE_PR_COMMENTS = 'false'

    vi.mocked(Audit).mockImplementation((): any => {
      return {
        stdout: fs.readFileSync(
          path.join(__dirname, 'testdata/audit/error.txt')
        ),
        status: 1,
        run: (): Promise<void> => {
          return Promise.resolve(void 0)
        },
        foundVulnerability: (): boolean => {
          return true
        },
        strippedStdout: (): string => {
          return path.join(__dirname, 'testdata/audit/error.txt')
        }
      }
    })

    expect(run).not.toThrowError()
    expect(pr.createComment).not.toHaveBeenCalled()
  })
})

describe('run: issue', () => {
  beforeEach(() => {
    // initialize mock
    vi.mocked(Audit).mockClear()
    vi.mocked(issue).getExistingIssueNumber.mockClear()

    process.env.INPUT_AUDIT_LEVEL = 'low'
    process.env.INPUT_PRODUCTION_FLAG = 'false'
    process.env.INPUT_JSON_FLAG = 'false'
    process.env.INPUT_GITHUB_CONTEXT = '{ "event_name": "push" }'
    process.env.INPUT_GITHUB_TOKEN = '***'
    process.env.GITHUB_REPOSITORY = 'alice/example'
    process.env.INPUT_CREATE_ISSUES = 'true'
    process.env.INPUT_DEDUPE_ISSUES = 'true'
  })

  test('does not call octokit.rest.issues.create if create_issues is set to false', () => {
    process.env.INPUT_CREATE_ISSUES = 'false'

    vi.mocked(Audit).mockImplementation((): any => {
      return {
        stdout: fs.readFileSync(
          path.join(__dirname, 'testdata/audit/error.txt')
        ),
        status: 1,
        run: (): Promise<void> => {
          return Promise.resolve(void 0)
        },
        foundVulnerability: (): boolean => {
          return true
        },
        strippedStdout: (): string => {
          return path.join(__dirname, 'testdata/audit/error.txt')
        }
      }
    })

    vi.mocked(issue).getExistingIssueNumber.mockResolvedValue(null)

    expect(run).not.toThrowError()
    expect(issue.getExistingIssueNumber).not.toHaveBeenCalled()
  })
})
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`import * as fs from 'fs'`
			`import * as path from 'path'`
fix: suppress unnecessary output during test execution 2025-05-07 11:18:01 +00:00			`import * as core from '../__fixtures__/core'`
fix: resolve prettier and eslint conflict by removing bracketSpacing: false 2025-05-03 12:32:25 +00:00			`import { Audit } from '../src/audit'`
			`import { run } from '../src/main'`
feature: support create_issues, create_pr_comments flag (#93) * doc: support new parameter create_issues, create_pr_comments * feature: support create_pr_comments flag * feature: support create_issues flag 2021-10-03 09:26:16 +09:00			`import * as issue from '../src/issue'`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`import * as pr from '../src/pr'`
fix: resolve prettier and eslint conflict by removing bracketSpacing: false 2025-05-03 12:32:25 +00:00			`import { fileURLToPath } from 'url'`
			`import { dirname } from 'path'`
feat: migrate codebase to ES Modules 2025-05-03 02:15:44 +00:00
			`const __filename = fileURLToPath(import.meta.url)`
			`const __dirname = dirname(__filename)`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00
fix: suppress unnecessary output during test execution 2025-05-07 11:18:01 +00:00			`// Mocks should be declared before the module being tested is imported.`
			`vi.mock('@actions/core', () => core)`
refactor(testing): migrate from Jest to Vitest for testing framework 2025-05-02 14:03:34 +00:00			`vi.mock('../src/audit')`
			`vi.mock('../src/issue')`
			`vi.mock('../src/pr')`
			`vi.mock('@octokit/rest', () => {`
Fix tests to work with @octokit/rest v21.1.1 2025-05-01 13:16:23 +00:00			`return {`
refactor(testing): migrate from Jest to Vitest for testing framework 2025-05-02 14:03:34 +00:00			`Octokit: vi.fn().mockImplementation(() => {`
Fix tests to work with @octokit/rest v21.1.1 2025-05-01 13:16:23 +00:00			`return {`
			`issues: {`
refactor(testing): migrate from Jest to Vitest for testing framework 2025-05-02 14:03:34 +00:00			`listForRepo: vi.fn(),`
			`createComment: vi.fn(),`
			`create: vi.fn()`
Fix tests to work with @octokit/rest v21.1.1 2025-05-01 13:16:23 +00:00			`}`
			`}`
			`})`
			`}`
			`})`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00
feature: support create_issues, create_pr_comments flag (#93) * doc: support new parameter create_issues, create_pr_comments * feature: support create_pr_comments flag * feature: support create_issues flag 2021-10-03 09:26:16 +09:00			`describe('run: pr', () => {`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`beforeEach(() => {`
			`// initialize mock`
refactor(testing): migrate from Jest to Vitest for testing framework 2025-05-02 14:03:34 +00:00			`vi.mocked(Audit).mockClear()`
			`vi.mocked(pr).createComment.mockClear()`
Correct test case 2019-12-14 21:08:54 +09:00
filter vulnerabilities by audit_level (#55) * filter vulnerabilities by audit_level * update README.md * fix test cases * restrict audit_level value * update dist/index.js 2020-03-21 07:08:53 +09:00			`process.env.INPUT_AUDIT_LEVEL = 'low'`
feat: add the ability to run with '--production' (#75) * feat: add the ability to run with '--production' Adding the config options to run npm audit with the --production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com> * fix: add tests Adding the relevant tests for the new production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com> 2020-11-12 12:33:56 +02:00			`process.env.INPUT_PRODUCTION_FLAG = 'false'`
feat: add the ability to run with '--json' and output the result (#78) * addition-of-json-flag * Set output of npn audit 2020-12-12 13:56:05 +02:00			`process.env.INPUT_JSON_FLAG = 'false'`
Correct test case 2019-12-14 21:08:54 +09:00			`process.env.INPUT_GITHUB_CONTEXT =`
			`'{ "event_name": "pull_request", "event": { "number": 100} }'`
			`process.env.INPUT_GITHUB_TOKEN = '***'`
			`process.env.GITHUB_REPOSITORY = 'alice/example'`
feature: support create_issues, create_pr_comments flag (#93) * doc: support new parameter create_issues, create_pr_comments * feature: support create_pr_comments flag * feature: support create_issues flag 2021-10-03 09:26:16 +09:00			`process.env.INPUT_CREATE_PR_COMMENTS = 'true'`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`})`

			`test('does not call pr.createComment if vulnerabilities are not found', () => {`
refactor(testing): migrate from Jest to Vitest for testing framework 2025-05-02 14:03:34 +00:00			`vi.mocked(Audit).mockImplementation((): any => {`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`return {`
			`stdout: fs.readFileSync(`
			`path.join(__dirname, 'testdata/audit/success.txt')`
			`),`
			`status: 0,`
fix(eslint): resolve @typescript-eslint/no-unused-vars errors 2025-05-07 11:58:37 +00:00			`run: (): Promise<void> => {`
Refactor (#54) * run `npm ci` instead of `npm install` for PR build * bump version * return Promise for test mock 2020-03-19 17:46:36 +09:00			`return Promise.resolve(void 0)`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`},`
			`foundVulnerability: (): boolean => {`
Correct test case 2019-12-14 21:08:54 +09:00			`return false`
			`},`
			`strippedStdout: (): string => {`
			`return path.join(__dirname, 'testdata/audit/success.txt')`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`}`
			`}`
			`})`

refactor(testing): migrate from Jest to Vitest for testing framework 2025-05-02 14:03:34 +00:00			`vi.mocked(pr).createComment.mockResolvedValue()`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00
Correct test case 2019-12-14 21:08:54 +09:00			`expect(run).not.toThrowError()`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`expect(pr.createComment).not.toHaveBeenCalled()`
			`})`

			`test('calls pr.createComment if vulnerabilities are found in PR', () => {`
refactor(testing): migrate from Jest to Vitest for testing framework 2025-05-02 14:03:34 +00:00			`vi.mocked(Audit).mockImplementation((): any => {`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`return {`
			`stdout: fs.readFileSync(`
			`path.join(__dirname, 'testdata/audit/error.txt')`
			`),`
			`status: 1,`
fix(eslint): resolve @typescript-eslint/no-unused-vars errors 2025-05-07 11:58:37 +00:00			`run: (): Promise<void> => {`
Refactor (#54) * run `npm ci` instead of `npm install` for PR build * bump version * return Promise for test mock 2020-03-19 17:46:36 +09:00			`return Promise.resolve(void 0)`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`},`
			`foundVulnerability: (): boolean => {`
			`return true`
			`},`
			`strippedStdout: (): string => {`
			`return path.join(__dirname, 'testdata/audit/error.txt')`
			`}`
			`}`
			`})`

refactor(testing): migrate from Jest to Vitest for testing framework 2025-05-02 14:03:34 +00:00			`vi.mocked(pr).createComment.mockResolvedValue()`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00
Correct test case 2019-12-14 21:08:54 +09:00			`expect(run).not.toThrowError()`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`expect(pr.createComment).toHaveBeenCalled()`
			`})`
feature: support create_issues, create_pr_comments flag (#93) * doc: support new parameter create_issues, create_pr_comments * feature: support create_pr_comments flag * feature: support create_issues flag 2021-10-03 09:26:16 +09:00
			`test('does not call pr.createComment if create_pr_comments is set to false', () => {`
			`process.env.INPUT_CREATE_PR_COMMENTS = 'false'`

refactor(testing): migrate from Jest to Vitest for testing framework 2025-05-02 14:03:34 +00:00			`vi.mocked(Audit).mockImplementation((): any => {`
feature: support create_issues, create_pr_comments flag (#93) * doc: support new parameter create_issues, create_pr_comments * feature: support create_pr_comments flag * feature: support create_issues flag 2021-10-03 09:26:16 +09:00			`return {`
			`stdout: fs.readFileSync(`
			`path.join(__dirname, 'testdata/audit/error.txt')`
			`),`
			`status: 1,`
fix(eslint): resolve @typescript-eslint/no-unused-vars errors 2025-05-07 11:58:37 +00:00			`run: (): Promise<void> => {`
feature: support create_issues, create_pr_comments flag (#93) * doc: support new parameter create_issues, create_pr_comments * feature: support create_pr_comments flag * feature: support create_issues flag 2021-10-03 09:26:16 +09:00			`return Promise.resolve(void 0)`
			`},`
			`foundVulnerability: (): boolean => {`
			`return true`
			`},`
			`strippedStdout: (): string => {`
			`return path.join(__dirname, 'testdata/audit/error.txt')`
			`}`
			`}`
			`})`

			`expect(run).not.toThrowError()`
			`expect(pr.createComment).not.toHaveBeenCalled()`
			`})`
			`})`

			`describe('run: issue', () => {`
			`beforeEach(() => {`
			`// initialize mock`
refactor(testing): migrate from Jest to Vitest for testing framework 2025-05-02 14:03:34 +00:00			`vi.mocked(Audit).mockClear()`
			`vi.mocked(issue).getExistingIssueNumber.mockClear()`
feature: support create_issues, create_pr_comments flag (#93) * doc: support new parameter create_issues, create_pr_comments * feature: support create_pr_comments flag * feature: support create_issues flag 2021-10-03 09:26:16 +09:00
			`process.env.INPUT_AUDIT_LEVEL = 'low'`
			`process.env.INPUT_PRODUCTION_FLAG = 'false'`
			`process.env.INPUT_JSON_FLAG = 'false'`
			`process.env.INPUT_GITHUB_CONTEXT = '{ "event_name": "push" }'`
			`process.env.INPUT_GITHUB_TOKEN = '***'`
			`process.env.GITHUB_REPOSITORY = 'alice/example'`
			`process.env.INPUT_CREATE_ISSUES = 'true'`
			`process.env.INPUT_DEDUPE_ISSUES = 'true'`
			`})`

update dependencies (#96) * Bump @actions/core from 1.3.0 to 1.6.0 * Bump @actions/github from 4.0.0 to 5.0.0 * Bump @octokit/rest from 18.5.6 to 18.12.0 * Bump strip-ansi from 6.0.0 to 6.0.1 2021-10-09 12:22:18 +09:00			`test('does not call octokit.rest.issues.create if create_issues is set to false', () => {`
feature: support create_issues, create_pr_comments flag (#93) * doc: support new parameter create_issues, create_pr_comments * feature: support create_pr_comments flag * feature: support create_issues flag 2021-10-03 09:26:16 +09:00			`process.env.INPUT_CREATE_ISSUES = 'false'`

refactor(testing): migrate from Jest to Vitest for testing framework 2025-05-02 14:03:34 +00:00			`vi.mocked(Audit).mockImplementation((): any => {`
feature: support create_issues, create_pr_comments flag (#93) * doc: support new parameter create_issues, create_pr_comments * feature: support create_pr_comments flag * feature: support create_issues flag 2021-10-03 09:26:16 +09:00			`return {`
			`stdout: fs.readFileSync(`
			`path.join(__dirname, 'testdata/audit/error.txt')`
			`),`
			`status: 1,`
fix(eslint): resolve @typescript-eslint/no-unused-vars errors 2025-05-07 11:58:37 +00:00			`run: (): Promise<void> => {`
feature: support create_issues, create_pr_comments flag (#93) * doc: support new parameter create_issues, create_pr_comments * feature: support create_pr_comments flag * feature: support create_issues flag 2021-10-03 09:26:16 +09:00			`return Promise.resolve(void 0)`
			`},`
			`foundVulnerability: (): boolean => {`
			`return true`
			`},`
			`strippedStdout: (): string => {`
			`return path.join(__dirname, 'testdata/audit/error.txt')`
			`}`
			`}`
			`})`

refactor(testing): migrate from Jest to Vitest for testing framework 2025-05-02 14:03:34 +00:00			`vi.mocked(issue).getExistingIssueNumber.mockResolvedValue(null)`
feature: support create_issues, create_pr_comments flag (#93) * doc: support new parameter create_issues, create_pr_comments * feature: support create_pr_comments flag * feature: support create_issues flag 2021-10-03 09:26:16 +09:00
			`expect(run).not.toThrowError()`
			`expect(issue.getExistingIssueNumber).not.toHaveBeenCalled()`
			`})`
Open a GitHub Issue if vulnerabilities are found (#8) * Get GitHub access token from input * install npm package * fix TypeScript error to successfully build ref: https://github.com/actions/toolkit/issues/199 * npm i strip-ansi to remove control characters * create an issue * use template literal to pass lint * npm run format; npm run lint * use inputs.issue_title as issue title * document inputs.issue_title * add inputs.issue_title 2019-12-09 08:51:14 +09:00			`})`