@currents/commit-info
Advanced tools
Comparing version 1.0.0 to 1.0.1-beta.0
{ | ||
"name": "@currents/commit-info", | ||
"description": "Collects Git commit info from CI or from CLI", | ||
"version": "1.0.0", | ||
"version": "1.0.1-beta.0", | ||
"author": "Gleb Bahmutov <gleb.bahmutov@gmail.com>", | ||
@@ -66,2 +66,3 @@ "contributors": [ | ||
"unit": "mocha src/*-spec.js", | ||
"gha-e2e": "mocha src/utils-e2e.js", | ||
"semantic-release": "semantic-release pre && npm publish --access public && semantic-release post" | ||
@@ -92,2 +93,3 @@ }, | ||
"simple-commit-message": "4.1.3", | ||
"sinon": "17.0.1", | ||
"snap-shot-it": "7.9.3", | ||
@@ -94,0 +96,0 @@ "standard": "13.1.0", |
@@ -14,3 +14,7 @@ 'use strict' | ||
} = require('./git-api') | ||
const { getBranch, getCommitInfoFromEnvironment } = require('./utils') | ||
const { | ||
getBranch, | ||
getCommitInfoFromEnvironment, | ||
getGhaEventData | ||
} = require('./utils') | ||
const Promise = require('bluebird') | ||
@@ -30,3 +34,7 @@ const { mergeWith, or } = require('ramda') | ||
timestamp: getTimestamp(folder), | ||
remote: getRemoteOrigin(folder) | ||
remote: getRemoteOrigin(folder), | ||
ghaEventData: getGhaEventData( | ||
process.env.GITHUB_EVENT_PATH, | ||
process.env.GITHUB_ACTIONS | ||
) | ||
}).then(info => { | ||
@@ -33,0 +41,0 @@ const envVariables = getCommitInfoFromEnvironment() |
const { getGitBranch } = require('./git-api') | ||
const debug = require('debug')('commit-info') | ||
const fs = require('fs') | ||
@@ -52,2 +53,33 @@ function firstFoundValue (keys, object = process.env) { | ||
/** | ||
* Gets the event data in github actions environment | ||
* @param {string} eventFilePath | ||
* @param {string 'true' | 'false' | undefined} isGha | ||
* @returns {headRef: string; headSha: string; baseRef: string; baseSha: string; issueUrl: string; htmlUrl: string; prTitle: string; senderAvatarUrl: string; senderHtmlUrl: string;} | ||
*/ | ||
function getGhaEventData (eventFilePath, isGha) { | ||
try { | ||
if (!eventFilePath || isGha !== 'true') { | ||
return | ||
} | ||
debug('Retreiving GitHub Actions data from %s', eventFilePath) | ||
const data = JSON.parse(fs.readFileSync(eventFilePath)) | ||
return { | ||
headRef: data.pull_request.head.ref, | ||
headSha: data.pull_request.head.sha, | ||
baseRef: data.pull_request.base.ref, | ||
baseSha: data.pull_request.base.sha, | ||
issueUrl: data.pull_request.issue_url, | ||
htmlUrl: data.pull_request.html_url, | ||
prTitle: data.pull_request.title, | ||
senderAvatarUrl: data.sender.avatar_url, | ||
senderHtmlUrl: data.sender.html_url | ||
} | ||
} catch (e) { | ||
debug('Retreiving GitHub Actions data error: %s', e) | ||
} | ||
} | ||
module.exports = { | ||
@@ -57,3 +89,4 @@ firstFoundValue, | ||
getCommitInfoFromEnvironment, | ||
getFields | ||
getFields, | ||
getGhaEventData | ||
} |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 2 instances in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
14232
6
255
18
1
7
1