use GitHub context to branch processing (#22)

src/audit.ts

@@ -1,4 +1,5 @@
 import {spawnSync, SpawnSyncReturns} from 'child_process'
+import stripAnsi from 'strip-ansi'
 
 export class Audit {
   stdout: string = ''
@@ -27,4 +28,8 @@ export class Audit {
     // `npm audit` return 1 when it found vulnerabilities
     return this.status === 1
   }
+
+  public strippedStdout(): string {
+    return `\`\`\`\n${stripAnsi(this.stdout)}\n\`\`\``
+  }
 }

src/issue.ts

@@ -6,10 +6,16 @@ export function getIssueOption(body: string): IssueOption {
   let labels
 
   if (core.getInput('issue_assignees')) {
-    assignees = core.getInput('issue_assignees').replace(/\s+/g, '').split(',')
+    assignees = core
+      .getInput('issue_assignees')
+      .replace(/\s+/g, '')
+      .split(',')
   }
   if (core.getInput('issue_labels')) {
-    labels = core.getInput('issue_labels').replace(/\s+/g, '').split(',')
+    labels = core
+      .getInput('issue_labels')
+      .replace(/\s+/g, '')
+      .split(',')
   }
 
   return {

src/main.ts

@@ -1,37 +1,50 @@
 import * as core from '@actions/core'
 import * as github from '@actions/github'
-import stripAnsi from 'strip-ansi'
 import Octokit, {IssuesCreateResponse} from '@octokit/rest'
 import {Audit} from './audit'
-import * as issue from './issue'
 import {IssueOption} from './interface'
+import * as issue from './issue'
+import * as pr from './pr'
 
-async function run(): Promise<void> {
+export async function run(): Promise<void> {
   try {
+    // run `npm audit`
     const audit = new Audit()
     audit.run()
-
     core.info(audit.stdout)
 
-    if (!audit.foundVulnerability()) {
-      // vulnerabilities are not found
-      return
+    if (audit.foundVulnerability()) {
+      // vulnerabilities are found
+
+      // get GitHub information
+      const ctx = JSON.parse(core.getInput('github_context'))
+      const token: string = core.getInput('github_token', {required: true})
+      const client: Octokit = new github.GitHub(token)
+
+      if (ctx.event_name === 'pull_request') {
+        await pr.createComment(
+          token,
+          github.context.repo.owner,
+          github.context.repo.repo,
+          ctx.event.number,
+          audit.strippedStdout()
+        )
+        core.setFailed('This repo has some vulnerabilities')
+        return
+      } else {
+        core.debug('open an issue')
+        // remove control characters and create a code block
+        const issueBody = audit.strippedStdout()
+        const option: IssueOption = issue.getIssueOption(issueBody)
+        const {
+          data: createdIssue
+        }: Octokit.Response<IssuesCreateResponse> = await client.issues.create({
+          ...github.context.repo,
+          ...option
+        })
+        core.debug(`#${createdIssue.number}`)
+      }
     }
-
-    core.debug('open an issue')
-    const token: string = core.getInput('token', {required: true})
-    const client: Octokit = new github.GitHub(token)
-
-    // remove control characters and create a code block
-    const issueBody = `\`\`\`\n${stripAnsi(audit.stdout)}\n\`\`\``
-    const option: IssueOption = issue.getIssueOption(issueBody)
-    const {
-      data: createdIssue
-    }: Octokit.Response<IssuesCreateResponse> = await client.issues.create({
-      ...github.context.repo,
-      ...option
-    })
-    core.debug(`#${createdIssue.number}`)
   } catch (error) {
     core.setFailed(error.message)
   }

src/pr.ts

@@ -0,0 +1,19 @@
+import axios, {AxiosResponse} from 'axios'
+
+export async function createComment(
+  token: string,
+  owner: string,
+  repo: string,
+  prNumber: number,
+  body: string
+): Promise<AxiosResponse> {
+  const instance = axios.create({
+    baseURL: 'https://api.github.com',
+    headers: {
+      Authorization: `token ${token}`
+    }
+  })
+  return instance.post(`/repos/${owner}/${repo}/issues/${prNumber}/comments`, {
+    body
+  })
+}