Set Issue labels by inputs & add unit test (#12)

* Set Issue labels by inputs

* Add unit test

.eslintrc.json

@@ -12,7 +12,7 @@
       "import/no-namespace": "off",
       "no-unused-vars": "off",
       "@typescript-eslint/no-unused-vars": "error",
-      "@typescript-eslint/explicit-member-accessibility": ["error", {"accessibility": "no-public"}],
+      "@typescript-eslint/explicit-member-accessibility": "off",
       "@typescript-eslint/no-require-imports": "error",
       "@typescript-eslint/array-type": "error",
       "@typescript-eslint/await-thenable": "error",

README.md

@@ -8,7 +8,8 @@ GitHub Action to run `npm audit`
 
 |Parameter|Required|Default Value|Description|
 |:--:|:--:|:--:|:--|
-|issue_assignees|false|N/A|Issue assignees (separeted by commma)|
+|issue_assignees|false|N/A|Issue assignees (separated by commma)|
+|issue_labels|false|N/A|Issue labels (separated by commma)|
 |issue_title|false|npm audit found vulnerabilities|Issue title|
 |token|true|N/A|GitHub Access Token.<br>${{ secrets.GITHUB_TOKEN }} is recommended.|
 

__tests__/audit.test.ts

@@ -0,0 +1,15 @@
+import {Audit} from '../src/audit'
+
+const audit = new Audit()
+
+describe('npm audit', () => {
+  test('finds vulnerabilities', () => {
+    audit.status = 1
+    expect(audit.foundVulnerability()).toBeTruthy()
+  })
+
+  test('does not find vulnerabilities', () => {
+    audit.status = 0
+    expect(audit.foundVulnerability()).toBeFalsy()
+  })
+})

action.yml

@@ -6,7 +6,10 @@ inputs:
     description: 'GitHub access token used to create an issue'
     required: true
   issue_assignees:
-    description: 'Issue assignees (separeted by commma)'
+    description: 'Issue assignees (separated by commma)'
+    required: false
+  issue_labels:
+    description: 'Issue assignees (separated by commma)'
     required: false
   issue_title:
     description: 'Issue title'

dist/index.js

@@ -3012,6 +3012,55 @@ const windowsRelease = release => {
 module.exports = windowsRelease;
 
 
+/***/ }),
+
+/***/ 50:
+/***/ (function(__unusedmodule, exports, __webpack_require__) {
+
+"use strict";
+
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const child_process_1 = __webpack_require__(129);
+class Audit {
+    constructor() {
+        this.stdout = '';
+        this.status = null;
+    }
+    run() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const result = child_process_1.spawnSync('npm', ['audit'], {
+                encoding: 'utf-8'
+            });
+            if (result.error) {
+                throw result.error;
+            }
+            if (result.status === null) {
+                throw new Error('the subprocess terminated due to a signal.');
+            }
+            if (result.stderr && result.stderr.length > 0) {
+                throw new Error(result.stderr);
+            }
+            this.status = result.status;
+            this.stdout = result.stdout;
+        });
+    }
+    foundVulnerability() {
+        // `npm audit` return 1 when it found vulnerabilities
+        return this.status === 1;
+    }
+}
+exports.Audit = Audit;
+
+
 /***/ }),
 
 /***/ 87:
@@ -4620,18 +4669,14 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(__webpack_require__(470));
 const github = __importStar(__webpack_require__(469));
 const strip_ansi_1 = __importDefault(__webpack_require__(90));
-const child_process_1 = __webpack_require__(129);
+const audit_1 = __webpack_require__(50);
 function run() {
     return __awaiter(this, void 0, void 0, function* () {
         try {
-            const result = child_process_1.spawnSync('npm', ['audit'], {
+            const audit = new audit_1.Audit();
-                encoding: 'utf-8'
+            audit.run();
-            });
+            core.info(audit.stdout);
-            if (result.stderr && result.stderr.length > 0) {
+            if (!audit.foundVulnerability()) {
-                throw new Error(result.stderr);
-            }
-            core.info(result.stdout);
-            if (result.status === 0) {
                 // vulnerabilities are not found
                 return;
             }
@@ -4639,13 +4684,17 @@ function run() {
             const token = core.getInput('token', { required: true });
             const client = new github.GitHub(token);
             // remove control characters and create a code block
-            const issueBody = `\`\`\`\n${strip_ansi_1.default(result.stdout)}\n\`\`\``;
+            const issueBody = `\`\`\`\n${strip_ansi_1.default(audit.stdout)}\n\`\`\``;
             const issueOptions = {
                 title: core.getInput('issue_title'),
                 body: issueBody,
                 assignees: core
                     .getInput('issue_assignees')
                     .replace(/\s+/g, '')
+                    .split(','),
+                labels: core
+                    .getInput('issue_labels')
+                    .replace(/\s+/g, '')
                     .split(',')
             };
             const { data: issue } = yield client.issues.create(Object.assign(Object.assign({}, github.context.repo), issueOptions));

src/audit.ts

@@ -0,0 +1,30 @@
+import {spawnSync, SpawnSyncReturns} from 'child_process'
+
+export class Audit {
+  stdout: string = ''
+  status: number | null = null
+
+  public async run(): Promise<void> {
+    const result: SpawnSyncReturns<string> = spawnSync('npm', ['audit'], {
+      encoding: 'utf-8'
+    })
+
+    if (result.error) {
+      throw result.error
+    }
+    if (result.status === null) {
+      throw new Error('the subprocess terminated due to a signal.')
+    }
+    if (result.stderr && result.stderr.length > 0) {
+      throw new Error(result.stderr)
+    }
+
+    this.status = result.status
+    this.stdout = result.stdout
+  }
+
+  public foundVulnerability(): boolean {
+    // `npm audit` return 1 when it found vulnerabilities
+    return this.status === 1
+  }
+}

src/main.ts

@@ -2,21 +2,16 @@ import * as core from '@actions/core'
 import * as github from '@actions/github'
 import stripAnsi from 'strip-ansi'
 import Octokit, {IssuesCreateResponse} from '@octokit/rest'
-import {spawnSync, SpawnSyncReturns} from 'child_process'
+import {Audit} from './audit'
 
 async function run(): Promise<void> {
   try {
-    const result: SpawnSyncReturns<string> = spawnSync('npm', ['audit'], {
+    const audit = new Audit()
-      encoding: 'utf-8'
+    audit.run()
-    })
 
-    if (result.stderr && result.stderr.length > 0) {
+    core.info(audit.stdout)
-      throw new Error(result.stderr)
-    }
 
-    core.info(result.stdout)
+    if (!audit.foundVulnerability()) {
-
-    if (result.status === 0) {
       // vulnerabilities are not found
       return
     }
@@ -26,13 +21,17 @@ async function run(): Promise<void> {
     const client: Octokit = new github.GitHub(token)
 
     // remove control characters and create a code block
-    const issueBody = `\`\`\`\n${stripAnsi(result.stdout)}\n\`\`\``
+    const issueBody = `\`\`\`\n${stripAnsi(audit.stdout)}\n\`\`\``
     const issueOptions = {
       title: core.getInput('issue_title'),
       body: issueBody,
       assignees: core
         .getInput('issue_assignees')
         .replace(/\s+/g, '')
+        .split(','),
+      labels: core
+        .getInput('issue_labels')
+        .replace(/\s+/g, '')
         .split(',')
     }
     const {