Merge branch 'main' into fix/comment-warn-only

Author: ebickle

.github/workflows/stale.yaml

@@ -15,9 +15,12 @@ jobs:
     - uses: actions/[email protected]
       name: Clean up stale PRs and Issues
       with:
-        stale-pr-message: "👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the `Keep` label to hold stale off permanently, or do nothing. If you do nothing, this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details."
+        stale-pr-message: "👋 This pull request has been marked as stale because it has been open with no activity for 180 days. You can: comment on the PR or remove the stale label to hold stalebot off for a while, add the `Keep` label to hold stale off permanently, or do nothing. If you do nothing, this pull request will be closed eventually by the stalebot. Please see CONTRIBUTING.md for more policy details."
         stale-pr-label: "Stale"
+        close-pr-message: "👋 This pull request has been closed by stalebot because it has been open with no activity for over 180 days. Please see CONTRIBUTING.md for more policy details."
         stale-issue-label: "Stale"
+        stale-issue-message: "👋 This issue has been marked as stale because it has been open with no activity for 180 days. You can: comment on the issue or remove the stale label to hold stalebot off for a while, add the `Keep` label to hold stale off permanently, or do nothing. If you do nothing, this issue will be closed eventually by the stalebot. Please see CONTRIBUTING.md for more policy details."
+        close-issue-message: "👋 This issue has been closed by stalebot because it has been open with no activity for over 180 days. Please see CONTRIBUTING.md for more policy details."
         exempt-pr-labels: "Keep" # a "Keep" label will keep the PR from being closed as stale
         exempt-issue-labels: "Keep" # a "Keep" label will keep the issue from being closed as stale
         days-before-pr-stale: 180 # when the PR is considered stale

__tests__/config.test.ts

@@ -124,11 +124,7 @@ test('it raises an error when no refs are provided and the event is not a pull r
   ).toThrow()
 })
 
-const pullRequestLikeEvents = [
-  'pull_request',
-  'pull_request_target',
-  'merge_group'
-]
+const pullRequestLikeEvents = ['pull_request', 'pull_request_target']
 
 test.each(pullRequestLikeEvents)(
   'it uses the given refs even when the event is %s',
@@ -152,7 +148,7 @@ test.each(pullRequestLikeEvents)(
 )
 
 test.each(pullRequestLikeEvents)(
-  'it uses the event refs when the event is %s and the no refs are input',
+  'it uses the event refs when the event is %s and no refs are provided in config',
   async eventName => {
     const refs = getRefs(await readConfig(), {
       payload: {
@@ -169,6 +165,37 @@ test.each(pullRequestLikeEvents)(
   }
 )
 
+test('it uses the given refs even when the event is merge_group', async () => {
+  setInput('base-ref', 'a-custom-base-ref')
+  setInput('head-ref', 'a-custom-head-ref')
+
+  const refs = getRefs(await readConfig(), {
+    payload: {
+      merge_group: {
+        base_sha: 'pr-base-ref',
+        head_sha: 'pr-head-ref'
+      }
+    },
+    eventName: 'merge_group'
+  })
+  expect(refs.base).toEqual('a-custom-base-ref')
+  expect(refs.head).toEqual('a-custom-head-ref')
+})
+
+test('it uses the event refs when the event is merge_group and no refs are provided in config', async () => {
+  const refs = getRefs(await readConfig(), {
+    payload: {
+      merge_group: {
+        base_sha: 'pr-base-ref',
+        head_sha: 'pr-head-ref'
+      }
+    },
+    eventName: 'merge_group'
+  })
+  expect(refs.base).toEqual('pr-base-ref')
+  expect(refs.head).toEqual('pr-head-ref')
+})
+
 test('it defaults to runtime scope', async () => {
   const config = await readConfig()
   expect(config.fail_on_scopes).toEqual(['runtime'])

__tests__/summary.test.ts

@@ -109,42 +109,6 @@ test('prints headline as h1', () => {
   expect(text).toContain('<h1>Dependency Review</h1>')
 })
 
-test('returns minimal summary in case the core.summary is too large for a PR comment', () => {
-  let changes: Changes = [
-    createTestChange({name: 'lodash', version: '1.2.3'}),
-    createTestChange({name: 'colors', version: '2.3.4'}),
-    createTestChange({name: '@foo/bar', version: '*'})
-  ]
-
-  let minSummary: string = summary.addSummaryToSummary(
-    changes,
-    emptyInvalidLicenseChanges,
-    emptyChanges,
-    scorecard,
-    defaultConfig
-  )
-
-  // side effect DR report into core.summary as happens in main.ts
-  summary.addScannedDependencies(changes)
-  const text = core.summary.stringify()
-
-  expect(text).toContain('<h1>Dependency Review</h1>')
-  expect(minSummary).toContain('# Dependency Review')
-
-  expect(text).toContain('❌ 3 vulnerable package(s)')
-  expect(text).not.toContain('* ❌ 3 vulnerable package(s)')
-  expect(text).toContain('lodash')
-  expect(text).toContain('colors')
-  expect(text).toContain('@foo/bar')
-
-  expect(minSummary).toContain('* ❌ 3 vulnerable package(s)')
-  expect(minSummary).not.toContain('lodash')
-  expect(minSummary).not.toContain('colors')
-  expect(minSummary).not.toContain('@foo/bar')
-
-  expect(text.length).toBeGreaterThan(minSummary.length)
-})
-
 test('returns minimal summary formatted for posting as a PR comment', () => {
   const OLD_ENV = process.env
 
@@ -232,14 +196,10 @@ test('groups dependencies with empty manifest paths together', () => {
     emptyScorecard,
     defaultConfig
   )
-  summary.addScannedDependencies(changesWithEmptyManifests)
+  summary.addScannedFiles(changesWithEmptyManifests)
   const text = core.summary.stringify()
-
-  expect(text).toContain('<summary>Unnamed Manifest</summary>')
-  expect(text).toContain('castore')
-  expect(text).toContain('connection')
-  expect(text).toContain('<summary>python/dist-info/METADATA</summary>')
-  expect(text).toContain('pygments')
+  expect(text).toContain('Unnamed Manifest')
+  expect(text).toContain('python/dist-info/METADATA')
 })
 
 test('does not include status section if nothing was found', () => {