src/main.ts

import * as core from '@actions/core'
import * as github from '@actions/github'
import {Octokit} from '@octokit/rest'
import {Audit} from './audit'
import {IssueOption} from './interface'
import * as issue from './issue'
import * as pr from './pr'
import * as workdir from './workdir'

export async function run(): Promise<void> {
  try {
    // move to working directory
    const workingDirectory = core.getInput('working_directory')
    if (workingDirectory) {
      if (!workdir.isValid(workingDirectory)) {
        throw new Error('Invalid input: working_directory')
      }
      process.chdir(workingDirectory)
    }
    core.info(`Current working directory: ${process.cwd()}`)

    // get audit-level
    const auditLevel = core.getInput('audit_level', {required: true})
    if (!['critical', 'high', 'moderate', 'low'].includes(auditLevel)) {
      throw new Error('Invalid input: audit_level')
    }

    const productionFlag = core.getInput('production_flag', {required: false})
    if (!['true', 'false'].includes(productionFlag)) {
      throw new Error('Invalid input: production_flag')
    }

    const jsonFlag = core.getInput('json_flag', {required: false})
    if (!['true', 'false'].includes(jsonFlag)) {
      throw new Error('Invalid input: json_flag')
    }


    // run `npm audit`
    const audit = new Audit()
    audit.run(auditLevel, productionFlag, jsonFlag)
    core.info(audit.stdout)
    core.setOutput('npm_audit', audit.stdout);

    if (audit.foundVulnerability()) {
      // vulnerabilities are found

      // get GitHub information
      const ctx = JSON.parse(core.getInput('github_context'))
      const token: string = core.getInput('github_token', {required: true})
      const octokit = new Octokit({
        auth: token
      })

      if (ctx.event_name === 'pull_request') {
        await pr.createComment(
          token,
          github.context.repo.owner,
          github.context.repo.repo,
          ctx.event.number,
          audit.strippedStdout()
        )
        core.setFailed('This repo has some vulnerabilities')
        return
      } else {
        core.debug('open an issue')
        // remove control characters and create a code block
        const issueBody = audit.strippedStdout()
        const option: IssueOption = issue.getIssueOption(issueBody)

        const existingIssueNumber =
          core.getInput('dedupe_issues') === 'true'
            ? await issue.getExistingIssueNumber(
                octokit.issues.listForRepo,
                github.context.repo
              )
            : null

        if (existingIssueNumber !== null) {
          const {data: createdComment} = await octokit.issues.createComment({
            ...github.context.repo,
            issue_number: existingIssueNumber,
            body: option.body
          })
          core.debug(`comment ${createdComment.url}`)
        } else {
          const {data: createdIssue} = await octokit.issues.create({
            ...github.context.repo,
            ...option
          })
          core.debug(`#${createdIssue.number}`)
        }
        core.setFailed('This repo has some vulnerabilities')
      }
    }
  } catch (error) {
    core.setFailed(error.message)
  }
}

run()
Initial commit 2019-12-08 19:17:13 +09:00			`import * as core from '@actions/core'`
Open a GitHub Issue if vulnerabilities are found (#8) * Get GitHub access token from input * install npm package * fix TypeScript error to successfully build ref: https://github.com/actions/toolkit/issues/199 * npm i strip-ansi to remove control characters * create an issue * use template literal to pass lint * npm run format; npm run lint * use inputs.issue_title as issue title * document inputs.issue_title * add inputs.issue_title 2019-12-09 08:51:14 +09:00			`import * as github from '@actions/github'`
update @actions/github and @octokit/rest (#46) 2020-03-14 18:04:03 +09:00			`import {Octokit} from '@octokit/rest'`
Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00			`import {Audit} from './audit'`
Creates an issue even if inputs.issue_labels is not given (#21) * Creates an issue even if inputs.issue_labels is not given * 1.0.0 * Use v1.0.0 in example, daily scan 2019-12-09 22:49:41 +09:00			`import {IssueOption} from './interface'`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`import * as issue from './issue'`
			`import * as pr from './pr'`
support different working directory (#64) * support different working directory * validate working_directory 2020-05-23 15:59:51 +09:00			`import * as workdir from './workdir'`
Initial commit 2019-12-08 19:17:13 +09:00
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`export async function run(): Promise<void> {`
Initial commit 2019-12-08 19:17:13 +09:00			`try {`
support different working directory (#64) * support different working directory * validate working_directory 2020-05-23 15:59:51 +09:00			`// move to working directory`
			`const workingDirectory = core.getInput('working_directory')`
			`if (workingDirectory) {`
			`if (!workdir.isValid(workingDirectory)) {`
			`throw new Error('Invalid input: working_directory')`
			`}`
			`process.chdir(workingDirectory)`
			`}`
			core.info(`Current working directory: ${process.cwd()}`)

filter vulnerabilities by audit_level (#55) * filter vulnerabilities by audit_level * update README.md * fix test cases * restrict audit_level value * update dist/index.js 2020-03-21 07:08:53 +09:00			`// get audit-level`
			`const auditLevel = core.getInput('audit_level', {required: true})`
			`if (!['critical', 'high', 'moderate', 'low'].includes(auditLevel)) {`
			`throw new Error('Invalid input: audit_level')`
			`}`

update README & npm run all 2020-11-12 10:45:24 +00:00			`const productionFlag = core.getInput('production_flag', {required: false})`
feat: add the ability to run with '--production' (#75) * feat: add the ability to run with '--production' Adding the config options to run npm audit with the --production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com> * fix: add tests Adding the relevant tests for the new production flag. Contributes to: #74 Signed-off-by: Stelios Gkiokas <s_giokas@hotmail.com> 2020-11-12 12:33:56 +02:00			`if (!['true', 'false'].includes(productionFlag)) {`
			`throw new Error('Invalid input: production_flag')`
			`}`

feat: add the ability to run with '--json' and output the result (#78) * addition-of-json-flag * Set output of npn audit 2020-12-12 13:56:05 +02:00			`const jsonFlag = core.getInput('json_flag', {required: false})`
			`if (!['true', 'false'].includes(jsonFlag)) {`
			`throw new Error('Invalid input: json_flag')`
			`}`


use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			// run `npm audit`
Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00			`const audit = new Audit()`
feat: add the ability to run with '--json' and output the result (#78) * addition-of-json-flag * Set output of npn audit 2020-12-12 13:56:05 +02:00			`audit.run(auditLevel, productionFlag, jsonFlag)`
Set Issue labels by inputs & add unit test (#12) * Set Issue labels by inputs * Add unit test 2019-12-09 12:43:13 +09:00			`core.info(audit.stdout)`
feat: add the ability to run with '--json' and output the result (#78) * addition-of-json-flag * Set output of npn audit 2020-12-12 13:56:05 +02:00			`core.setOutput('npm_audit', audit.stdout);`
setup repo & run `npm audit` (#1) 2019-12-08 22:10:35 +09:00
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`if (audit.foundVulnerability()) {`
			`// vulnerabilities are found`
setup repo & run `npm audit` (#1) 2019-12-08 22:10:35 +09:00
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`// get GitHub information`
			`const ctx = JSON.parse(core.getInput('github_context'))`
			`const token: string = core.getInput('github_token', {required: true})`
update @octokit/rest from 16.43.1 to 17.9.2 (#62) 2020-05-23 14:46:31 +09:00			`const octokit = new Octokit({`
			`auth: token`
			`})`
Open a GitHub Issue if vulnerabilities are found (#8) * Get GitHub access token from input * install npm package * fix TypeScript error to successfully build ref: https://github.com/actions/toolkit/issues/199 * npm i strip-ansi to remove control characters * create an issue * use template literal to pass lint * npm run format; npm run lint * use inputs.issue_title as issue title * document inputs.issue_title * add inputs.issue_title 2019-12-09 08:51:14 +09:00
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`if (ctx.event_name === 'pull_request') {`
			`await pr.createComment(`
			`token,`
			`github.context.repo.owner,`
			`github.context.repo.repo,`
			`ctx.event.number,`
			`audit.strippedStdout()`
			`)`
			`core.setFailed('This repo has some vulnerabilities')`
			`return`
			`} else {`
			`core.debug('open an issue')`
			`// remove control characters and create a code block`
			`const issueBody = audit.strippedStdout()`
			`const option: IssueOption = issue.getIssueOption(issueBody)`
Support de-duping issues (#65) * De-dupe against open issues when dedupe_issues = true * Update README * Fix compile errors * Add unit tests for issue.ts 2020-05-27 15:18:45 -07:00
			`const existingIssueNumber =`
			`core.getInput('dedupe_issues') === 'true'`
			`? await issue.getExistingIssueNumber(`
			`octokit.issues.listForRepo,`
			`github.context.repo`
			`)`
			`: null`

			`if (existingIssueNumber !== null) {`
			`const {data: createdComment} = await octokit.issues.createComment({`
			`...github.context.repo,`
npm audit fix & npm update (#70) * npm audit fix & modify eslint rules * update axios, @types/jest, eslint-plugin-jest * update @octokit/rest, @typescript-eslint/parser * update @actions/github 2020-09-11 22:04:02 +09:00			`issue_number: existingIssueNumber,`
Support de-duping issues (#65) * De-dupe against open issues when dedupe_issues = true * Update README * Fix compile errors * Add unit tests for issue.ts 2020-05-27 15:18:45 -07:00			`body: option.body`
			`})`
			core.debug(`comment ${createdComment.url}`)
			`} else {`
			`const {data: createdIssue} = await octokit.issues.create({`
			`...github.context.repo,`
			`...option`
			`})`
			core.debug(`#${createdIssue.number}`)
			`}`
Action fails always if vulnerabilities are found (#35) 2020-01-09 18:59:40 +09:00			`core.setFailed('This repo has some vulnerabilities')`
use GitHub context to branch processing (#22) 2019-12-13 12:18:28 +09:00			`}`
			`}`
Initial commit 2019-12-08 19:17:13 +09:00			`} catch (error) {`
			`core.setFailed(error.message)`
			`}`
			`}`

			`run()`