diff --git a/.github/workflows/daily.yml b/.github/workflows/daily.yml index efe0570..44b669e 100644 --- a/.github/workflows/daily.yml +++ b/.github/workflows/daily.yml @@ -12,7 +12,7 @@ jobs: - uses: actions/checkout@v1 - name: install dependencies run: npm ci - - uses: oke-py/npm-audit-action@v1.0.0 + - uses: oke-py/npm-audit-action@v1.1.0 with: github_token: ${{ secrets.GITHUB_TOKEN }} issue_assignees: oke-py diff --git a/DEVELOPMENT.md b/DEVELOPMENT.md new file mode 100644 index 0000000..e3ba2da --- /dev/null +++ b/DEVELOPMENT.md @@ -0,0 +1,16 @@ +## Resources + +### @actions/core + +- https://www.npmjs.com/package/@actions/core +- https://github.com/actions/toolkit + +### @octokit/rest + +- https://www.npmjs.com/package/@octokit/rest +- https://github.com/octokit/rest.js +- https://octokit.github.io/rest.js/ + +### GitHub REST API v3 + +- https://developer.github.com/v3/ diff --git a/__tests__/audit.test.ts b/__tests__/audit.test.ts index a700516..320a476 100644 --- a/__tests__/audit.test.ts +++ b/__tests__/audit.test.ts @@ -1,15 +1,57 @@ +import * as child_process from 'child_process' +import * as fs from 'fs' +import * as path from 'path' +import {mocked} from 'ts-jest/utils' import {Audit} from '../src/audit' +jest.mock('child_process') + const audit = new Audit() -describe('npm audit', () => { +describe('run', () => { + beforeEach(() => { + mocked(child_process).spawnSync.mockClear() + }) + test('finds vulnerabilities', () => { - audit.status = 1 + mocked(child_process).spawnSync.mockImplementation((): any => { + const stdout = fs.readFileSync( + path.join(__dirname, 'testdata/audit/error.txt') + ) + + return { + pid: 100, + output: [stdout], + stdout, + stderr: '', + status: 1, + signal: null, + error: null + } + }) + + audit.run() expect(audit.foundVulnerability()).toBeTruthy() }) test('does not find vulnerabilities', () => { - audit.status = 0 + mocked(child_process).spawnSync.mockImplementation((): any => { + const stdout = fs.readFileSync( + path.join(__dirname, 'testdata/audit/success.txt') + ) + + return { + pid: 100, + output: [stdout], + stdout, + stderr: '', + status: 0, + signal: null, + error: null + } + }) + + audit.run() expect(audit.foundVulnerability()).toBeFalsy() }) }) diff --git a/__tests__/main.test.ts b/__tests__/main.test.ts index 6693740..d0f0ccc 100644 --- a/__tests__/main.test.ts +++ b/__tests__/main.test.ts @@ -1,7 +1,6 @@ import * as fs from 'fs' import * as path from 'path' import {mocked} from 'ts-jest/utils' -import axios, {AxiosResponse} from 'axios' import {Audit} from '../src/audit' import {run} from '../src/main' import * as pr from '../src/pr' diff --git a/src/audit.ts b/src/audit.ts index 844b2c8..85a8790 100644 --- a/src/audit.ts +++ b/src/audit.ts @@ -3,7 +3,7 @@ import stripAnsi from 'strip-ansi' export class Audit { stdout: string = '' - status: number | null = null + private status: number | null = null public async run(): Promise { const result: SpawnSyncReturns = spawnSync('npm', ['audit'], {