Skip to content

Commit

Permalink
Merge pull request #225 from dependabot/brrygrdn/skip-commit-verifica…
Browse files Browse the repository at this point in the history
…tion

Add 'skip-commit-verification' as an input for GitHub Enterprise Server users
  • Loading branch information
brrygrdn authored Jun 30, 2022
2 parents a7c13a8 + 6c87543 commit cfb7274
Show file tree
Hide file tree
Showing 7 changed files with 31 additions and 6 deletions.
3 changes: 3 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,9 @@ Supported inputs are:
- `compat-lookup` (boolean)
- If `true`, then populate the `compatibility-score` output.
- Defaults to `false`
- `skip-commit-verification` (boolean)
- If `true`, then the action will not expect the commits to have a verification signature. **It is required to set this to 'true' in GitHub Enterprise Server**
- Defaults to `false`

Subsequent actions will have access to the following outputs:

Expand Down
4 changes: 4 additions & 0 deletions action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,10 @@ inputs:
github-token:
description: 'The GITHUB_TOKEN secret'
default: ${{ github.token }}
skip-commit-verification:
type: boolean
description: 'If true, the action will not expect Dependabot commits to be verified. This should be set as 'true' in GHES environments.'
default: false
outputs:
dependency-names:
description: 'A comma-separated list of all package names updated.'
Expand Down
6 changes: 3 additions & 3 deletions dist/index.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

17 changes: 17 additions & 0 deletions src/dependabot/verified_commits.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -70,6 +70,23 @@ test('it returns false if the commit is has no verification payload', async () =
expect(await getMessage(mockGitHubClient, mockGitHubPullContext())).toBe(false)
})

test('it returns the message if the commit is has no verification payload but verification is skipped', async () => {
nock('https://api.github.com').get('/repos/dependabot/dependabot/pulls/101/commits')
.reply(200, [
{
author: {
login: 'dependabot[bot]'
},
commit: {
message: 'Bump lodash from 1.0.0 to 2.0.0',
verification: null
}
}
])

expect(await getMessage(mockGitHubClient, mockGitHubPullContext(), true)).toEqual('Bump lodash from 1.0.0 to 2.0.0')
})

test('it returns false if the commit is not verified', async () => {
nock('https://api.github.com').get('/repos/dependabot/dependabot/pulls/101/commits')
.reply(200, [
Expand Down
4 changes: 2 additions & 2 deletions src/dependabot/verified_commits.ts
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ import https from 'https'

const DEPENDABOT_LOGIN = 'dependabot[bot]'

export async function getMessage (client: InstanceType<typeof GitHub>, context: Context): Promise<string | false> {
export async function getMessage (client: InstanceType<typeof GitHub>, context: Context, skipCommitVerification = false): Promise<string | false> {
core.debug('Verifying the job is for an authentic Dependabot Pull Request')

const { pull_request: pr } = context.payload
Expand Down Expand Up @@ -43,7 +43,7 @@ export async function getMessage (client: InstanceType<typeof GitHub>, context:
return false
}

if (!commit.verification?.verified) {
if (!skipCommitVerification && !commit.verification?.verified) {
// TODO: Promote to setFailed
core.warning(
"Dependabot's commit signature is not verified, refusing to proceed."
Expand Down
1 change: 1 addition & 0 deletions src/main.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@ beforeEach(() => {
jest.spyOn(core, 'info').mockImplementation(jest.fn())
jest.spyOn(core, 'setFailed').mockImplementation(jest.fn())
jest.spyOn(core, 'startGroup').mockImplementation(jest.fn())
jest.spyOn(core, 'getBooleanInput').mockReturnValue(false)
})

test('it early exits with an error if github-token is not set', async () => {
Expand Down
2 changes: 1 addition & 1 deletion src/main.ts
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ export async function run (): Promise<void> {
const githubClient = github.getOctokit(token)

// Validate the job
const commitMessage = await verifiedCommits.getMessage(githubClient, github.context)
const commitMessage = await verifiedCommits.getMessage(githubClient, github.context, core.getBooleanInput('skip-commit-verification'))
const branchNames = util.getBranchNames(github.context)
let alertLookup: updateMetadata.alertLookup | undefined
if (core.getInput('alert-lookup')) {
Expand Down

0 comments on commit cfb7274

Please sign in to comment.