github
/
privileged-requester
зеркало из https://github.com/github/privileged-requester.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

support commit verification

This commit is contained in:
GrantBirki 2024-08-12 13:18:56 -07:00
Родитель 7069216403
Коммит 97a5ed6db5
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 65497A530F6F9405
4 изменённых файлов: 93 добавлений и 13 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

60
__tests__/runner.test.js
Просмотреть файл

@ -31,7 +31,8 @@ afterEach(() => {
describe("processCommits", () => {
test("We process commits successfully", async () => {
let prCommits = [{ author: { login: "robot" } }];
process.env["INPUT_COMMITVERIFICATION"] = "false";
let prCommits = [{ author: { login: "robot" }, verification: {verified: false} }];
jest.spyOn(pullRequest, "listCommits").mockImplementation(() => prCommits);
expect(pullRequest.listCommits()).toBe(prCommits);
@ -39,11 +40,32 @@ describe("processCommits", () => {
expect(commits).toStrictEqual(true);
});
test("We process commits unsuccessfully", async () => {
let prCommits = [
{ author: { login: "robot" } },
{ author: { login: "danhoerst" } },
];
test("We process commits successfully with missing commit verification objects", async () => {
process.env["INPUT_COMMITVERIFICATION"] = "false";
let prCommits = [{ author: { login: "robot" } }];
jest.spyOn(pullRequest, "listCommits").mockImplementation(() => prCommits);
expect(pullRequest.listCommits()).toBe(prCommits);
let commits = await runner.processCommits("robot");
expect(commits).toStrictEqual(true);
});
});
describe("processCommits without verification", () => {
test("We process commits unsuccessfully due to verification missing", async () => {
jest.clearAllMocks();
process.env["INPUT_COMMITVERIFICATION"] = "true";
let prCommits = [{ author: { login: "robot" }, verification: {verified: false} }];
jest.spyOn(pullRequest, "listCommits").mockImplementation(() => prCommits);
expect(pullRequest.listCommits()).toBe(prCommits);
let commits = await runner.processCommits("robot");
expect(commits).toStrictEqual(false);
});
test("We process commits unsuccessfully with missing commit verification objects", async () => {
process.env["INPUT_COMMITVERIFICATION"] = "true";
let prCommits = [{ author: { login: "robot" } }];
jest.spyOn(pullRequest, "listCommits").mockImplementation(() => prCommits);
expect(pullRequest.listCommits()).toBe(prCommits);
@ -142,11 +164,12 @@ describe("processPrivilegedReviewer", () => {
process.env["INPUT_CHECKCOMMITS"] = "true";
process.env["INPUT_CHECKLABELS"] = "true";
process.env["INPUT_CHECKDIFF"] = "true";
process.env["INPUT_COMMITVERIFICATION"] = "false";
let prLabels = [{ name: "bug" }, { name: "feature-request" }];
jest.spyOn(pullRequest, "listLabels").mockImplementation(() => prLabels);
expect(pullRequest.listLabels()).toBe(prLabels);
let prCommits = [{ author: { login: "robot" } }];
let prCommits = [{ author: { login: "robot" }, verification: {verified: false} }];
jest.spyOn(pullRequest, "listCommits").mockImplementation(() => prCommits);
expect(pullRequest.listCommits()).toBe(prCommits);
@ -175,8 +198,25 @@ index 2f4e8d9..93c2072 100644
process.env["INPUT_CHECKCOMMITS"] = "true";
let prCommits = [
{ author: { login: "robot" } },
{ author: { login: "malicious" } },
{ author: { login: "robot" }, verification: {verified: false} },
{ author: { login: "malicious" }, verification: {verified: false} },
];
jest.spyOn(pullRequest, "listCommits").mockImplementation(() => prCommits);
expect(pullRequest.listCommits()).toBe(prCommits);
let processed = await runner.processPrivilegedReviewer("robot", {
labels: ["bug", "feature-request"],
});
expect(processed).toStrictEqual(false);
});
test("We process commits unsuccessfully due to missing verification", async () => {
process.env["INPUT_CHECKCOMMITS"] = "true";
process.env["INPUT_COMMITVERIFICATION"] = "true";
let prCommits = [
{ author: { login: "robot" }, verification: {verified: false} },
{ author: { login: "malicious" }, verification: {verified: false} },
];
jest.spyOn(pullRequest, "listCommits").mockImplementation(() => prCommits);
expect(pullRequest.listCommits()).toBe(prCommits);
@ -203,6 +243,7 @@ index 2f4e8d9..93c2072 100644
test("We process labels unsuccessfully with the option enabled", async () => {
process.env["INPUT_CHECKLABELS"] = "true";
process.env["INPUT_COMMITVERIFICATION"] = "false";
let prLabels = [{ name: "bug" }, { name: "feature-request" }];
jest.spyOn(pullRequest, "listLabels").mockImplementation(() => prLabels);
expect(pullRequest.listLabels()).toBe(prLabels);
@ -226,6 +267,7 @@ index 2f4e8d9..93c2072 100644
test("We process the diff unsuccessfully with the option enabled", async () => {
process.env["INPUT_CHECKDIFF"] = "true";
process.env["INPUT_COMMITVERIFICATION"] = "false";
let prDiff = `| diff --git a/.github/workflows/check-dist.yml b/.github/workflows/check-dist.yml
index 2f4e8d9..93c2072 100644
--- a/.github/workflows/check-dist.yml

16
dist/index.js сгенерированный поставляемый
Просмотреть файл

@ -38121,9 +38121,21 @@ class Runner {
lib_core.info(
`Commits: Comparing the PR commits to verify that they are all from ${privileged_requester_username}`,
);
var allCommitsVerified = true;
for (const [, commit] of Object.entries(this.pullRequest.listCommits())) {
let commitAuthor = commit.author.login.toLowerCase();
if (!commit.verification.verified) {
allCommitsVerified = false;
if (this.commitVerification === true) {
lib_core.warning("Unexpected unverified commit");
return false;
}
}
if (commitAuthor !== privileged_requester_username) {
lib_core.warning(
`Unexpected commit author found by ${commitAuthor}! Commits should be authored by ${privileged_requester_username} I will not proceed with the privileged reviewer process.`,
@ -38134,6 +38146,9 @@ class Runner {
lib_core.info(
`Commits: All commits are made by ${privileged_requester_username}. Success!`,
);
lib_core.setOutput("commits_verified", allCommitsVerified)
return true;
}
@ -38254,6 +38269,7 @@ class Runner {
);
this.checkCommits = lib_core.getInput("checkCommits");
this.commitVerification = lib_core.getInput("commitVerification");
if (this.checkCommits === "true") {
let commits = await this.processCommits(privileged_requester_username);
if (commits === false) {

2
dist/index.js.map сгенерированный поставляемый
Просмотреть файл

Различия файлов скрыты, потому что одна или несколько строк слишком длинны

28
src/runner.js
Просмотреть файл

@ -13,19 +13,41 @@ class Runner {
core.info(
`Commits: Comparing the PR commits to verify that they are all from ${privileged_requester_username}`,
);
for (const [, commit] of Object.entries(this.pullRequest.listCommits())) {
let commitAuthor = commit.author.login.toLowerCase();
const useCommitVerification = core.getBooleanInput("commitVerification");
const commits = this.pullRequest.listCommits();
let allCommitsVerified = true;
for (const commit of commits) {
const commitAuthor = commit.author.login.toLowerCase();
const commitVerification = commit?.verification?.verified;
// check if the commit is verified
if (!commitVerification) {
allCommitsVerified = false;
if (useCommitVerification === true) {
core.warning("Unexpected unverified commit");
// if we are using commit verification, return false
return false;
}
}
if (commitAuthor !== privileged_requester_username) {
core.warning(
`Unexpected commit author found by ${commitAuthor}! Commits should be authored by ${privileged_requester_username} I will not proceed with the privileged reviewer process.`,
`Unexpected commit author found by ${commitAuthor}! Commits should be authored by ${privileged_requester_username}. I will not proceed with the privileged reviewer process.`,
);
return false;
}
}
core.info(
`Commits: All commits are made by ${privileged_requester_username}. Success!`,
);
core.setOutput("commits_verified", allCommitsVerified);
// if we make it this far, we have verified that all commits are from the privileged requester
return true;
}