feat: Allow to ignore specific dependencies #196
Conversation
|
Good day @kunalnagar , could you please take a look into this PR? |
|
Hey @kunalnagar any chance to take a look into? |
|
@rndev15 - I do like this idea of being able to mute/ignore certain dependencies that one does not care about. Have you looked at if the dependabot API allows passing in a list of packages to ignore instead of manually doing a |
|
hey @kunalnagar I took a look into docs for |
kunalnagar
left a comment
kunalnagar
left a comment
There was a problem hiding this comment.
Thanks for the contribution! Couple of things:
- Could you make sure that the CI passes with your changes?
- Can you post a few screenshots of how the action behaves with this
ignore_packagesfield? Null, empty values etc and let's test this out thoroughly
.github/workflows/ci.yml
Outdated
| # slack_webhook: ${{ secrets.SLACK_WEBHOOK }} | ||
| # severity: low,medium | ||
| # ecosystem: npm,rubygems | ||
| # ignore_dependencies: lodash,devise |
There was a problem hiding this comment.
Let's call it ignore_packages since GitHub calls them packages instead of dependencies
action.yml
Outdated
| ecosystem: | ||
| description: 'A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.' | ||
| ignore_dependencies: | ||
| description: 'A comma-separated list of dependencies to ignore. If specified, these dependencies will not be alerted.' |
There was a problem hiding this comment.
| description: 'A comma-separated list of dependencies to ignore. If specified, these dependencies will not be alerted.' | |
| description: 'A comma-separated list of package names. If specified, alerts for these packages will be ignored.' |
src/fetch-alerts.ts
Outdated
| repositoryOwner: string, | ||
| severity: string, | ||
| ecosystem: string, | ||
| ignoreDependencies: string[], |
There was a problem hiding this comment.
| ignoreDependencies: string[], | |
| ignorePackages: string[], |
src/fetch-alerts.ts
Outdated
| const alerts: Alert[] = response | ||
| .data | ||
| .filter((dependabotAlert) => | ||
| !ignoreDependencies.includes(dependabotAlert.security_vulnerability.package.name) | ||
| ) | ||
| .map((dependabotAlert) => | ||
| toRepositoryAlert(dependabotAlert, repositoryName, repositoryOwner), | ||
| ) |
There was a problem hiding this comment.
- Do you mind running the lint task and see if it passes? I feel like your editor may not be set up correctly to format the code automatically.
- We only need to filter the alerts if the
ignorePackagesfield contains a value. We should check for that, and only filter if required.
src/fetch-alerts.ts
Outdated
| const alerts: Alert[] = response | ||
| .data | ||
| .filter((dependabotOrgAlert) => | ||
| !ignoreDependencies.includes(dependabotOrgAlert.security_vulnerability.package.name) | ||
| ) | ||
| .map((dependabotOrgAlert) => | ||
| toOrgAlert(dependabotOrgAlert), | ||
| ) |
src/fetch-alerts.ts
Outdated
| const alerts: Alert[] = response | ||
| .data | ||
| .filter((dependabotEnterpriseAlert) => | ||
| !ignoreDependencies.includes(dependabotEnterpriseAlert.security_vulnerability.package.name) | ||
| ) | ||
| .map((dependabotEnterpriseAlert) => | ||
| toEnterpriseAlert(dependabotEnterpriseAlert), | ||
| ) |
src/main.ts
Outdated
| getInput('ignore_dependencies') || '' | ||
| ).split(',').map((str: string) => str.trim()) |
There was a problem hiding this comment.
Let's pass the value here directly using getInput and do the transform inside the logic where we check if this field has values. We don't need to do this transform if no values exist.
rndev15
force-pushed
the
allow-ignore-deps
branch
10 times, most recently
from
4ea676e to
811c916
Compare
|
Good day, @kunalnagar With the help of my colleague we made some changes to original PR:
Here is the example of how feature works (I blurred repo & org name). On first slack message we can see how code works with
|
rndev15
force-pushed
the
allow-ignore-deps
branch
from
811c916 to
46c0ef5
Compare
|
Good day, @kunalnagar |
2 participants
Hey there, in this PR I try to resolve #195