setup repo & run npm audit (#1)

2019-12-08 22:10:35 +09:00
parent 284541286f
commit 2167fa39e5
9 changed files with 39 additions and 169 deletions
--- a/.editorconfig
+++ b/.editorconfig
@@ -0,0 +1,7 @@
 [*]
 charset = utf-8
 end_of_line = lf
 indent_size = 2
 indent_style = space
 insert_final_newline = true
 trim_trailing_whitespace = true
--- a/2
+++ b/2
@@ -1,7 +1,7 @@
 The MIT License (MIT)
-Copyright (c) 2018 GitHub, Inc. and contributors
+Copyright (c) 2019 Naoki Oketani
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/README.md
+++ b/README.md
@@ -1,117 +1,3 @@
-<p align="center">
+# npm audit action
  <a href="https://github.com/actions/typescript-action/actions"><img alt="typescript-action status" src="https://github.com/actions/typescript-action/workflows/build-test/badge.svg"></a>
 </p>
-# Create a JavaScript Action using TypeScript
+GitHub Action to run `npm audit`
 Use this template to bootstrap the creation of a JavaScript action.:rocket:
 This template includes compilication support, tests, a validation workflow, publishing, and versioning guidance.  
 If you are new, there's also a simpler introduction.  See the [Hello World JavaScript Action](https://github.com/actions/hello-world-javascript-action)
 ## Create an action from this template
 Click the `Use this Template` and provide the new repo details for your action
 ## Code in Master
 Install the dependencies  
 ```bash
 $ npm install
 ```
 Build the typescript
 ```bash
 $ npm run build
 ```
 Run the tests :heavy_check_mark:  
 ```bash
 $ npm test
 PASS  ./index.test.js
  ✓ throws invalid number (3ms)
  ✓ wait 500 ms (504ms)
  ✓ test runs (95ms)
 ...
 ```
 ## Change action.yml
 The action.yml contains defines the inputs and output for your action.
 Update the action.yml with your name, description, inputs and outputs for your action.
 See the [documentation](https://help.github.com/en/articles/metadata-syntax-for-github-actions)
 ## Change the Code
 Most toolkit and CI/CD operations involve async operations so the action is run in an async function.
 ```javascript
 import * as core from '@actions/core';
 ...
 async function run() {
  try { 
      ...
  } 
  catch (error) {
    core.setFailed(error.message);
  }
 }
 run()
 ```
 See the [toolkit documentation](https://github.com/actions/toolkit/blob/master/README.md#packages) for the various packages.
 ## Publish to a distribution branch
 Actions are run from GitHub repos.  We will create a releases branch and only checkin production modules (core in this case). 
 Comment out node_modules in .gitignore and create a releases/v1 branch
 ```bash
 # comment out in distribution branches
 # node_modules/
 ```
 ```bash
 $ git checkout -b releases/v1
 $ git commit -a -m "prod dependencies"
 ```
 ```bash
 $ npm prune --production
 $ git add node_modules
 $ git commit -a -m "prod dependencies"
 $ git push origin releases/v1
 ```
 Your action is now published! :rocket: 
 See the [versioning documentation](https://github.com/actions/toolkit/blob/master/docs/action-versioning.md)
 ## Validate
 You can now validate the action by referencing the releases/v1 branch
 ```yaml
 uses: actions/typescript-action@releases/v1
 with:
  milliseconds: 1000
 ```
 See the [actions tab](https://github.com/actions/javascript-action/actions) for runs of this action! :rocket:
 ## Usage:
 After testing you can [create a v1 tag](https://github.com/actions/toolkit/blob/master/docs/action-versioning.md) to reference the stable and tested action
 ```yaml
 uses: actions/typescript-action@v1
 with:
  milliseconds: 1000
 ```
--- a/tests/main.test.ts
+++ b/tests/main.test.ts
@@ -1,27 +1,3 @@
-import {wait} from '../src/wait'
+describe('main', () => {
-import * as process from 'process'
+  test.todo('Add a test suite');
-import * as cp from 'child_process'
+});
 import * as path from 'path'
 test('throws invalid number', async () => {
  const input = parseInt('foo', 10)
  await expect(wait(input)).rejects.toThrow('milliseconds not a number')
 })
 test('wait 500 ms', async () => {
  const start = new Date()
  await wait(500)
  const end = new Date()
  var delta = Math.abs(end.getTime() - start.getTime())
  expect(delta).toBeGreaterThan(450)
 })
 // shows how the runner will run a javascript action with env / stdout protocol
 test('test runs', () => {
  process.env['INPUT_MILLISECONDS'] = '500'
  const ip = path.join(__dirname, '..', 'lib', 'main.js')
  const options: cp.ExecSyncOptions = {
    env: process.env
  }
  console.log(cp.execSync(`node ${ip}`, options).toString())
 })
--- a/action.yml
+++ b/action.yml
@@ -1,6 +1,6 @@
-name: 'Your name here'
+name: 'npm audit action'
-description: 'Provide a description here'
+description: 'run npm audit'
-author: 'Your name or organization here'
+author: 'Naoki Oketani <okepy.naoki@gmail.com>'
 inputs:
  myInput:              # change this
    description: 'input description here'
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,5 +1,5 @@
 {
-  "name": "typescript-action",
+  "name": "npm-audit-action",
  "version": "0.0.0",
  "lockfileVersion": 1,
  "requires": true,
--- a/package.json
+++ b/package.json
@@ -1,8 +1,8 @@
 {
-  "name": "typescript-action",
+  "name": "npm-audit-action",
  "version": "0.0.0",
  "private": true,
-  "description": "TypeScript template action",
+  "description": "GitHub Action to run `npm audit`",
  "main": "lib/main.js",
  "scripts": {
    "build": "tsc",
@@ -15,14 +15,15 @@
  },
  "repository": {
    "type": "git",
-    "url": "git+https://github.com/actions/typescript-action.git"
+    "url": "git+https://github.com/oke-py/npm-audit-action"
  },
  "keywords": [
    "actions",
    "node",
-    "setup"
+    "security",
    "vulnerability"
  ],
-  "author": "YourNameOrOrganization",
+  "author": "Naoki Oketani <okepy.naoki@gmail.com>",
  "license": "MIT",
  "dependencies": {
    "@actions/core": "^1.2.0"
--- a/src/main.ts
+++ b/src/main.ts
@@ -1,16 +1,25 @@
 import * as core from '@actions/core'
-import {wait} from './wait'
+import { spawnSync, SpawnSyncReturns } from 'child_process';
 async function run(): Promise<void> {
  try {
-    const ms: string = core.getInput('milliseconds')
+    const result: SpawnSyncReturns<string> = spawnSync('npm', ['audit'], {
-    core.debug(`Waiting ${ms} milliseconds ...`)
+      encoding: 'utf-8',
    });
-    core.debug(new Date().toTimeString())
+    if (result.stderr && result.stderr.length > 0) {
-    await wait(parseInt(ms, 10))
+      throw new Error(result.stderr)
-    core.debug(new Date().toTimeString())
+    }
-    core.setOutput('time', new Date().toTimeString())
+    core.info(result.stdout)
    if (result.status === 0) {
      // vulnerabilities are not found
      return
    }
    // TODO: open an issue
    core.debug('open an issue')
  } catch (error) {
    core.setFailed(error.message)
  }
--- a/src/wait.ts
+++ b/src/wait.ts
@@ -1,9 +0,0 @@
 export async function wait(milliseconds: number): Promise<string> {
  return new Promise(resolve => {
    if (isNaN(milliseconds)) {
      throw new Error('milliseconds not a number')
    }
    setTimeout(() => resolve('done!'), milliseconds)
  })
 }