supersetbot - npm Package Compare versions

Comparing version 0.1.1 to 0.1.2

package.json

 {
   "name": "supersetbot",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "A bot for the Superset GitHub repo",
@@ -5,0 +5,0 @@ "type": "module",

src/cli.js

@@ -8,5 +8,6 @@ import { program } from 'commander';
     .option('-v, --verbose', 'Output extra debugging information')
-    .option('-r, --repo', 'The GitHub repo to use (ie: "apache/superset")', (v) => v, process.env.GITHUB_REPOSITORY);
+    .option('-r, --repo <repo>', 'The GitHub repo to use (ie: "apache/superset")', process.env.GITHUB_REPOSITORY)
+    .option('-a, --actor <actor>', 'The actor', process.env.GITHUB_ACTOR);
 
-  const issueOptionParams = ['-i, --issue <issue>', 'The issue number', (v) => v, process.env.GITHUB_ISSUE_NUMBER];
+  const issueOptionParams = ['-i, --issue <issue>', 'The issue number', process.env.GITHUB_ISSUE_NUMBER];
 
@@ -18,20 +19,11 @@ program.command('label <label>')
       const opts = envContext.processOptions(this, ['issue', 'repo']);
-      const wrapped = envContext.commandWrapper(
-        commands.label,
-        `SUCCESS: label "${label}" added to issue ${opts.issue}`,
-        null,
-        opts.verbose);
-      await wrapped(opts.repo, opts.issue, label, envContext);
+      commands.label(opts.repo, opts.issue, label, envContext, opts.actor, opts.verbose);
     });
 
   program.command('unlabel <label>')
-    .description('Add a label to an issue or PR')
+    .description('Remove a label from an issue or PR')
     .option(...issueOptionParams)
     .action(async function (label) {
       const opts = envContext.processOptions(this, ['issue', 'repo']);
-      const wrapped = envContext.commandWrapper(
-        commands.unlabel,
-        `SUCCESS: label "${label}" removed from issue ${opts.issue}`,
-        opts.verbose);
-      await wrapped(opts.repo, opts.issue, label, envContext);
+      commands.unlabel(opts.repo, opts.issue, label, envContext, opts.actor, opts.verbose);
     });
@@ -44,6 +36,8 @@
       const opts = envContext.processOptions(this, ['issue', 'repo']);
-      const wrapped = envContext.commandWrapper(
-        commands.unlabel,
-        'SUCCESS: added the right labels',
-        opts.verbose);
+      const wrapped = envContext.commandWrapper({
+        func: commands.unlabel,
+        successMsg: 'SUCCESS: added the right labels',
+        errorMsg: 'FAILED at stuff',
+        verbose: opts.verbose,
+      });
       await wrapped(opts.repo, opts.issue, envContext);
@@ -50,0 +44,0 @@ });

src/commands.js

@@ -1,2 +0,2 @@
-import { ORG_LIST } from './metadata.js';
+import { ORG_LIST, PROTECTED_LABEL_PATTERNS, COMMITTER_TEAM } from './metadata.js';
 /* eslint-disable no-shadow */
@@ -9,8 +9,35 @@
 
+function isLabelProtected(label) {
+  return PROTECTED_LABEL_PATTERNS.some(pattern => new RegExp(pattern).test(label));
+}
+
+async function checkIfUserInTeam(username, team, context, verbose) {
+  const [org, team_slug] = team.split('/');
+  const wrapped = context.commandWrapper({
+    func: context.github.teams.getMembershipForUserInOrg,
+    errorMsg: "User is not authorized to alter protected labels.",
+    verbose,
+  });
+  const resp = await wrapped({
+    org,
+    team_slug,
+    username,
+  });
+  return resp?.data?.state === 'active';
+}
+
 // -------------------------------------
 // Individual commands
 // -------------------------------------
-export async function label(repo, issueNumber, label, context) {
-  await context.github.rest.issues.addLabels({
-    ...unPackRepo(repo),
+export async function label(longRepo, issueNumber, label, context, actor = null, verbose = false) {
+  if (actor && isLabelProtected(label)) {
+    checkIfUserInTeam(actor, COMMITTER_TEAM, context, verbose);
+  }
+  const addLabelWrapped = context.commandWrapper({
+    func: context.github.rest.issues.addLabels,
+    successMsg:`SUCCESS: label "${label}" added to issue ${issueNumber}`,
+    verbose,
+  });
+  await addLabelWrapped({
+    ...unPackRepo(longRepo),
     issue_number: issueNumber,
@@ -21,5 +48,13 @@ labels: [label],
 
-export async function unlabel(repo, issueNumber, label, context) {
-  await context.github.rest.issues.removeLabel({
-    ...unPackRepo(repo),
+export async function unlabel(longRepo, issueNumber, label, context, actor = null, verbose = false) {
+  if (actor && isLabelProtected(label)) {
+    checkIfUserInTeam(actor, COMMITTER_TEAM, context, verbose);
+  }
+  const addLabelWrapped = context.commandWrapper({
+    func: context.github.rest.issues.removeLabel,
+    successMsg:`SUCCESS: label "${label}" removed from issue ${issueNumber}`,
+    verbose,
+  });
+  await addLabelWrapped({
+    ...unPackRepo(longRepo),
     issue_number: issueNumber,
@@ -26,0 +61,0 @@ name: label,

src/context.js

@@ -23,2 +23,3 @@ import { Octokit } from '@octokit/rest';
       }
+      process.env.GITHUB_ACTOR = ghaContext?.actor || 'UNKNOWN';
     }
@@ -56,2 +57,7 @@
 
+    if (this.source === 'GHA') {
+      this.options.actor = process.env.GITHUB_ACTOR || 'UNKNOWN';
+      this.options.repo = process.env.GITHUB_REPOSITORY;
+    }
+
     return this.options;
@@ -67,33 +73,23 @@ }
 
-  commandWrapper(commandFunc, successMsg, errorMsg = null, verbose = false) {
+  commandWrapper({func, successMsg, errorMsg = null, verbose = false, exitOnError = true}) {
     return async (...args) => {
       this.preCommand();
-      let hasErrors = false;
       let resp;
       try {
-        resp = await commandFunc(...args);
-        if (verbose && this.source === 'CLI' && resp) {
-          this.log(JSON.stringify(resp, null, 2));
-        }
+        resp = await func(...args);
       } catch (error) {
-        this.logError(`🔴 ERROR: ${error}`);
-        if (verbose && this.source === 'CLI' && resp) {
-          this.logError(JSON.stringify(resp, null, 2));
+        if (errorMsg) {
+          this.logError(`🔴 ERROR: ${errorMsg}`);
+        } else {
+          this.logError(`🔴 ERROR: ${error}`);
         }
-        hasErrors = true;
+        if (exitOnError) {
+          process.exit(1);
+        }
       }
-      if (hasErrors) {
-        if (errorMsg) {
-          this.logError(`🔴 ${errorMsg}`);
-        }
-        this.onError();
-      } else {
+      if (successMsg) {
         this.log(`🟢 ${successMsg}`);
-        this.onSuccess();
       }
       await this.onDone();
-
-      if (hasErrors) {
-        process.exit(1);
-      }
+      return resp;
     };
@@ -121,10 +117,4 @@ }
 
-  onError() {
-  }
-
-  onSuccess() {
-  }
-
 }
 
 export default Context;

src/metadata.js

@@ -10,1 +10,6 @@ export const ORG_LIST = [
 ];
+export const PROTECTED_LABEL_PATTERNS = [
+  'protected.*',
+  '^v\\d+(\\.\\d+)*$',
+];
+export const COMMITTER_TEAM = "apache/superset-committers";

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

Major refactor

Supply chain risk

Package has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

9730

increased by12.93%

Lines of code

264

increased by10%

Number of medium supply chain risk alerts

0

decreased by-100%

Worsened metrics

Number of low supply chain risk alerts

11

increased by57.14%

No dependency changes