diff --git a/README.md b/README.md index b253dc7d..46e25b85 100644 --- a/README.md +++ b/README.md @@ -84,6 +84,8 @@ Subsequent actions will have access to the following outputs: - If this PR has a known compatibility score and `compat-lookup` is `true`, this contains the compatibility score (otherwise it contains 0). - `steps.dependabot-metadata.outputs.maintainer-changes` - Whether or not the the body of this PR contains the phrase "Maintainer changes" which is an indicator of whether or not any maintainers have changed. +- `steps.dependabot-metadata.outputs.dependency-group` + - The dependency group that the PR is associated with (otherwise it is an empty string). **Note:** By default, these outputs will only be populated if the target Pull Request was opened by Dependabot and contains **only** Dependabot-created commits. To override, see `skip-commit-verification` / `skip-verification`. diff --git a/src/dependabot/output.ts b/src/dependabot/output.ts index 3748c9ff..dda815e2 100644 --- a/src/dependabot/output.ts +++ b/src/dependabot/output.ts @@ -28,6 +28,7 @@ export function set (updatedDependencies: Array): void { const newVersion = firstDependency?.newVersion const compatScore = firstDependency?.compatScore const maintainerChanges = firstDependency?.maintainerChanges + const dependencyGroup = firstDependency?.dependencyGroup const alertState = firstDependency?.alertState const ghsaId = firstDependency?.ghsaId const cvss = firstDependency?.cvss @@ -43,6 +44,7 @@ export function set (updatedDependencies: Array): void { core.info(`outputs.new-version: ${newVersion}`) core.info(`outputs.compatibility-score: ${compatScore}`) core.info(`outputs.maintainer-changes: ${maintainerChanges}`) + core.info(`outputs.dependency-group: ${dependencyGroup}`) core.info(`outputs.alert-state: ${alertState}`) core.info(`outputs.ghsa-id: ${ghsaId}`) core.info(`outputs.cvss: ${cvss}`) @@ -59,6 +61,7 @@ export function set (updatedDependencies: Array): void { core.setOutput('new-version', newVersion) core.setOutput('compatibility-score', compatScore) core.setOutput('maintainer-changes', maintainerChanges) + core.setOutput('dependency-group', dependencyGroup) core.setOutput('alert-state', alertState) core.setOutput('ghsa-id', ghsaId) core.setOutput('cvss', cvss) diff --git a/src/dependabot/update_metadata.ts b/src/dependabot/update_metadata.ts index 244f2ac6..5ba3667a 100644 --- a/src/dependabot/update_metadata.ts +++ b/src/dependabot/update_metadata.ts @@ -16,7 +16,8 @@ export interface updatedDependency extends dependencyAlert { prevVersion: string, newVersion: string, compatScore: number, - maintainerChanges: boolean + maintainerChanges: boolean, + dependencyGroup: string } export interface alertLookup { @@ -31,6 +32,7 @@ export async function parse (commitMessage: string, body: string, branchName: st const bumpFragment = commitMessage.match(/^Bumps .* from (?v?\d[^ ]*) to (?v?\d[^ ]*)\.$/m) const updateFragment = commitMessage.match(/^Update .* requirement from \S*? ?(?v?\d\S*) to \S*? ?(?v?\d\S*)$/m) const yamlFragment = commitMessage.match(/^-{3}\n(?[\S|\s]*?)\n^\.{3}\n/m) + const groupName = body.match(/^Bumps the (?\S*) group with/m) const newMaintainer = !!body.match(/Maintainer changes/m) const lookupFn = lookup ?? (() => Promise.resolve({ alertState: '', ghsaId: '', cvss: 0 })) const scoreFn = getScore ?? (() => Promise.resolve(0)) @@ -43,6 +45,7 @@ export async function parse (commitMessage: string, body: string, branchName: st const chunks = branchName.split(delim) const prev = bumpFragment?.groups?.from ?? (updateFragment?.groups?.from ?? '') const next = bumpFragment?.groups?.to ?? (updateFragment?.groups?.to ?? '') + const dependencyGroup = groupName?.groups?.name ?? '' if (data['updated-dependencies']) { return await Promise.all(data['updated-dependencies'].map(async (dependency, index) => { @@ -61,6 +64,7 @@ export async function parse (commitMessage: string, body: string, branchName: st newVersion: nextVersion, compatScore: await scoreFn(dependency['dependency-name'], lastVersion, nextVersion, chunks[1]), maintainerChanges: newMaintainer, + dependencyGroup: dependencyGroup, ...await lookupFn(dependency['dependency-name'], lastVersion, dirname) } }))