add unit test and cleanup (#28)

* remove unnessary import

* use mock for child_process.spawnSync()

* document useful resources

* use v1.1.0 for daily scan

.github/workflows/daily.yml

@@ -12,7 +12,7 @@ jobs:
       - uses: actions/checkout@v1
       - name: install dependencies
         run: npm ci
-      - uses: oke-py/npm-audit-action@v1.0.0
+      - uses: oke-py/npm-audit-action@v1.1.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           issue_assignees: oke-py

DEVELOPMENT.md

@@ -0,0 +1,16 @@
+## Resources
+
+### @actions/core
+
+- https://www.npmjs.com/package/@actions/core
+- https://github.com/actions/toolkit
+
+### @octokit/rest
+
+- https://www.npmjs.com/package/@octokit/rest
+- https://github.com/octokit/rest.js
+- https://octokit.github.io/rest.js/
+
+### GitHub REST API v3
+
+- https://developer.github.com/v3/

__tests__/audit.test.ts

@@ -1,15 +1,57 @@
+import * as child_process from 'child_process'
+import * as fs from 'fs'
+import * as path from 'path'
+import {mocked} from 'ts-jest/utils'
 import {Audit} from '../src/audit'
 
+jest.mock('child_process')
+
 const audit = new Audit()
 
-describe('npm audit', () => {
+describe('run', () => {
+  beforeEach(() => {
+    mocked(child_process).spawnSync.mockClear()
+  })
+
   test('finds vulnerabilities', () => {
-    audit.status = 1
+    mocked(child_process).spawnSync.mockImplementation((): any => {
+      const stdout = fs.readFileSync(
+        path.join(__dirname, 'testdata/audit/error.txt')
+      )
+
+      return {
+        pid: 100,
+        output: [stdout],
+        stdout,
+        stderr: '',
+        status: 1,
+        signal: null,
+        error: null
+      }
+    })
+
+    audit.run()
     expect(audit.foundVulnerability()).toBeTruthy()
   })
 
   test('does not find vulnerabilities', () => {
-    audit.status = 0
+    mocked(child_process).spawnSync.mockImplementation((): any => {
+      const stdout = fs.readFileSync(
+        path.join(__dirname, 'testdata/audit/success.txt')
+      )
+
+      return {
+        pid: 100,
+        output: [stdout],
+        stdout,
+        stderr: '',
+        status: 0,
+        signal: null,
+        error: null
+      }
+    })
+
+    audit.run()
     expect(audit.foundVulnerability()).toBeFalsy()
   })
 })

__tests__/main.test.ts

@@ -1,7 +1,6 @@
 import * as fs from 'fs'
 import * as path from 'path'
 import {mocked} from 'ts-jest/utils'
-import axios, {AxiosResponse} from 'axios'
 import {Audit} from '../src/audit'
 import {run} from '../src/main'
 import * as pr from '../src/pr'

src/audit.ts

@@ -3,7 +3,7 @@ import stripAnsi from 'strip-ansi'
 
 export class Audit {
   stdout: string = ''
-  status: number | null = null
+  private status: number | null = null
 
   public async run(): Promise<void> {
     const result: SpawnSyncReturns<string> = spawnSync('npm', ['audit'], {