setup repo & run npm audit (#1)

2019-12-08 22:10:35 +09:00
parent 284541286f
commit 2167fa39e5
9 changed files with 39 additions and 169 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -0,0 +1,7 @@
+[*]
+charset = utf-8
+end_of_line = lf
+indent_size = 2
+indent_style = space
+insert_final_newline = true
+trim_trailing_whitespace = true
--- a/2
+++ b/2
@@ -1,7 +1,7 @@

 The MIT License (MIT)

-Copyright (c) 2018 GitHub, Inc. and contributors
+Copyright (c) 2019 Naoki Oketani

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/README.md
+++ b/README.md
@@ -1,117 +1,3 @@
-<p align="center">
-  <a href="https://github.com/actions/typescript-action/actions"><img alt="typescript-action status" src="https://github.com/actions/typescript-action/workflows/build-test/badge.svg"></a>
-</p>
+# npm audit action

-# Create a JavaScript Action using TypeScript
-
-Use this template to bootstrap the creation of a JavaScript action.:rocket:
-
-This template includes compilication support, tests, a validation workflow, publishing, and versioning guidance.  
-
-If you are new, there's also a simpler introduction.  See the [Hello World JavaScript Action](https://github.com/actions/hello-world-javascript-action)
-
-## Create an action from this template
-
-Click the `Use this Template` and provide the new repo details for your action
-
-## Code in Master
-
-Install the dependencies  
-```bash
-$ npm install
-```
-
-Build the typescript
-```bash
-$ npm run build
-```
-
-Run the tests :heavy_check_mark:  
-```bash
-$ npm test
-
- PASS  ./index.test.js
-  ✓ throws invalid number (3ms)
-  ✓ wait 500 ms (504ms)
-  ✓ test runs (95ms)
-
-...
-```
-
-## Change action.yml
-
-The action.yml contains defines the inputs and output for your action.
-
-Update the action.yml with your name, description, inputs and outputs for your action.
-
-See the [documentation](https://help.github.com/en/articles/metadata-syntax-for-github-actions)
-
-## Change the Code
-
-Most toolkit and CI/CD operations involve async operations so the action is run in an async function.
-
-```javascript
-import * as core from '@actions/core';
-...
-
-async function run() {
-  try { 
-      ...
-  } 
-  catch (error) {
-    core.setFailed(error.message);
-  }
-}
-
-run()
-```
-
-See the [toolkit documentation](https://github.com/actions/toolkit/blob/master/README.md#packages) for the various packages.
-
-## Publish to a distribution branch
-
-Actions are run from GitHub repos.  We will create a releases branch and only checkin production modules (core in this case). 
-
-Comment out node_modules in .gitignore and create a releases/v1 branch
-```bash
-# comment out in distribution branches
-# node_modules/
-```
-
-```bash
-$ git checkout -b releases/v1
-$ git commit -a -m "prod dependencies"
-```
-
-```bash
-$ npm prune --production
-$ git add node_modules
-$ git commit -a -m "prod dependencies"
-$ git push origin releases/v1
-```
-
-Your action is now published! :rocket: 
-
-See the [versioning documentation](https://github.com/actions/toolkit/blob/master/docs/action-versioning.md)
-
-## Validate
-
-You can now validate the action by referencing the releases/v1 branch
-
-```yaml
-uses: actions/typescript-action@releases/v1
-with:
-  milliseconds: 1000
-```
-
-See the [actions tab](https://github.com/actions/javascript-action/actions) for runs of this action! :rocket:
-
-## Usage:
-
-After testing you can [create a v1 tag](https://github.com/actions/toolkit/blob/master/docs/action-versioning.md) to reference the stable and tested action
-
-```yaml
-uses: actions/typescript-action@v1
-with:
-  milliseconds: 1000
-```
+GitHub Action to run `npm audit`
--- a/tests/main.test.ts
+++ b/tests/main.test.ts
@@ -1,27 +1,3 @@
-import {wait} from '../src/wait'
-import * as process from 'process'
-import * as cp from 'child_process'
-import * as path from 'path'
-
-test('throws invalid number', async () => {
-  const input = parseInt('foo', 10)
-  await expect(wait(input)).rejects.toThrow('milliseconds not a number')
-})
-
-test('wait 500 ms', async () => {
-  const start = new Date()
-  await wait(500)
-  const end = new Date()
-  var delta = Math.abs(end.getTime() - start.getTime())
-  expect(delta).toBeGreaterThan(450)
-})
-
-// shows how the runner will run a javascript action with env / stdout protocol
-test('test runs', () => {
-  process.env['INPUT_MILLISECONDS'] = '500'
-  const ip = path.join(__dirname, '..', 'lib', 'main.js')
-  const options: cp.ExecSyncOptions = {
-    env: process.env
-  }
-  console.log(cp.execSync(`node ${ip}`, options).toString())
-})
+describe('main', () => {
+  test.todo('Add a test suite');
+});
--- a/action.yml
+++ b/action.yml
@@ -1,6 +1,6 @@
-name: 'Your name here'
-description: 'Provide a description here'
-author: 'Your name or organization here'
+name: 'npm audit action'
+description: 'run npm audit'
+author: 'Naoki Oketani <okepy.naoki@gmail.com>'
 inputs:
  myInput:              # change this
    description: 'input description here'
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,5 +1,5 @@
 {
-  "name": "typescript-action",
+  "name": "npm-audit-action",
  "version": "0.0.0",
  "lockfileVersion": 1,
  "requires": true,
--- a/package.json
+++ b/package.json
@@ -1,8 +1,8 @@
 {
-  "name": "typescript-action",
+  "name": "npm-audit-action",
  "version": "0.0.0",
  "private": true,
-  "description": "TypeScript template action",
+  "description": "GitHub Action to run `npm audit`",
  "main": "lib/main.js",
  "scripts": {
    "build": "tsc",
@@ -15,14 +15,15 @@
  },
  "repository": {
    "type": "git",
-    "url": "git+https://github.com/actions/typescript-action.git"
+    "url": "git+https://github.com/oke-py/npm-audit-action"
  },
  "keywords": [
    "actions",
    "node",
-    "setup"
+    "security",
+    "vulnerability"
  ],
-  "author": "YourNameOrOrganization",
+  "author": "Naoki Oketani <okepy.naoki@gmail.com>",
  "license": "MIT",
  "dependencies": {
    "@actions/core": "^1.2.0"
--- a/src/main.ts
+++ b/src/main.ts
@@ -1,16 +1,25 @@
 import * as core from '@actions/core'
-import {wait} from './wait'
+import { spawnSync, SpawnSyncReturns } from 'child_process';

 async function run(): Promise<void> {
  try {
-    const ms: string = core.getInput('milliseconds')
-    core.debug(`Waiting ${ms} milliseconds ...`)
+    const result: SpawnSyncReturns<string> = spawnSync('npm', ['audit'], {
+      encoding: 'utf-8',
+    });

-    core.debug(new Date().toTimeString())
-    await wait(parseInt(ms, 10))
-    core.debug(new Date().toTimeString())
+    if (result.stderr && result.stderr.length > 0) {
+      throw new Error(result.stderr)
+    }

-    core.setOutput('time', new Date().toTimeString())
+    core.info(result.stdout)
+
+    if (result.status === 0) {
+      // vulnerabilities are not found
+      return
+    }
+
+    // TODO: open an issue
+    core.debug('open an issue')
  } catch (error) {
    core.setFailed(error.message)
  }
--- a/src/wait.ts
+++ b/src/wait.ts
@@ -1,9 +0,0 @@
-export async function wait(milliseconds: number): Promise<string> {
-  return new Promise(resolve => {
-    if (isNaN(milliseconds)) {
-      throw new Error('milliseconds not a number')
-    }
-
-    setTimeout(() => resolve('done!'), milliseconds)
-  })
-}