npm - @dependabit/action - Versions diffs - 0.1.1 - Mend

@dependabit/action 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (92) hide show

package/CHANGELOG.md +12 -0
package/LICENSE +21 -0
package/README.md +225 -0
package/action.yml +85 -0
package/dist/actions/check.d.ts +33 -0
package/dist/actions/check.d.ts.map +1 -0
package/dist/actions/check.js +162 -0
package/dist/actions/check.js.map +1 -0
package/dist/actions/generate.d.ts +9 -0
package/dist/actions/generate.d.ts.map +1 -0
package/dist/actions/generate.js +152 -0
package/dist/actions/generate.js.map +1 -0
package/dist/actions/update.d.ts +9 -0
package/dist/actions/update.d.ts.map +1 -0
package/dist/actions/update.js +246 -0
package/dist/actions/update.js.map +1 -0
package/dist/actions/validate.d.ts +33 -0
package/dist/actions/validate.d.ts.map +1 -0
package/dist/actions/validate.js +226 -0
package/dist/actions/validate.js.map +1 -0
package/dist/index.d.ts +8 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +35 -0
package/dist/index.js.map +1 -0
package/dist/logger.d.ts +114 -0
package/dist/logger.d.ts.map +1 -0
package/dist/logger.js +154 -0
package/dist/logger.js.map +1 -0
package/dist/utils/agent-config.d.ts +31 -0
package/dist/utils/agent-config.d.ts.map +1 -0
package/dist/utils/agent-config.js +42 -0
package/dist/utils/agent-config.js.map +1 -0
package/dist/utils/agent-router.d.ts +33 -0
package/dist/utils/agent-router.d.ts.map +1 -0
package/dist/utils/agent-router.js +57 -0
package/dist/utils/agent-router.js.map +1 -0
package/dist/utils/errors.d.ts +51 -0
package/dist/utils/errors.d.ts.map +1 -0
package/dist/utils/errors.js +219 -0
package/dist/utils/errors.js.map +1 -0
package/dist/utils/inputs.d.ts +35 -0
package/dist/utils/inputs.d.ts.map +1 -0
package/dist/utils/inputs.js +47 -0
package/dist/utils/inputs.js.map +1 -0
package/dist/utils/metrics.d.ts +66 -0
package/dist/utils/metrics.d.ts.map +1 -0
package/dist/utils/metrics.js +116 -0
package/dist/utils/metrics.js.map +1 -0
package/dist/utils/outputs.d.ts +43 -0
package/dist/utils/outputs.d.ts.map +1 -0
package/dist/utils/outputs.js +146 -0
package/dist/utils/outputs.js.map +1 -0
package/dist/utils/performance.d.ts +100 -0
package/dist/utils/performance.d.ts.map +1 -0
package/dist/utils/performance.js +185 -0
package/dist/utils/performance.js.map +1 -0
package/dist/utils/reporter.d.ts +43 -0
package/dist/utils/reporter.d.ts.map +1 -0
package/dist/utils/reporter.js +122 -0
package/dist/utils/reporter.js.map +1 -0
package/dist/utils/secrets.d.ts +45 -0
package/dist/utils/secrets.d.ts.map +1 -0
package/dist/utils/secrets.js +94 -0
package/dist/utils/secrets.js.map +1 -0
package/package.json +45 -0
package/src/actions/check.ts +223 -0
package/src/actions/generate.ts +181 -0
package/src/actions/update.ts +284 -0
package/src/actions/validate.ts +292 -0
package/src/index.ts +43 -0
package/src/logger.test.ts +200 -0
package/src/logger.ts +210 -0
package/src/utils/agent-config.ts +61 -0
package/src/utils/agent-router.ts +67 -0
package/src/utils/errors.ts +251 -0
package/src/utils/inputs.ts +75 -0
package/src/utils/metrics.ts +169 -0
package/src/utils/outputs.ts +202 -0
package/src/utils/performance.ts +248 -0
package/src/utils/reporter.ts +169 -0
package/src/utils/secrets.ts +124 -0
package/test/actions/check.test.ts +216 -0
package/test/actions/generate.test.ts +82 -0
package/test/actions/update.test.ts +70 -0
package/test/actions/validate.test.ts +257 -0
package/test/utils/agent-config.test.ts +112 -0
package/test/utils/agent-router.test.ts +129 -0
package/test/utils/metrics.test.ts +221 -0
package/test/utils/reporter.test.ts +196 -0
package/test/utils/secrets.test.ts +217 -0
package/tsconfig.json +15 -0
package/tsconfig.tsbuildinfo +1 -0

package/src/utils/reporter.ts ADDED Viewed

@@ -0,0 +1,169 @@
+/**
+ * Summary Reporter
+ * Generates human-readable summaries for dependency change reports
+ */
+export interface DependencyChange {
+  dependency: {
+    id: string;
+    name?: string | undefined;
+    url: string;
+    type?: string | undefined;
+  };
+  severity: 'breaking' | 'major' | 'minor';
+  changes: string[];
+  oldVersion?: string | undefined;
+  newVersion?: string | undefined;
+  releaseNotes?: string;
+  diff?: string;
+  contentDiff?: string;
+}
+export class SummaryReporter {
+  /**
+   * Generates a summary report for all dependency changes
+   */
+  generateSummary(changes: DependencyChange[]): string {
+    if (changes.length === 0) {
+      return '✅ All dependencies are up to date. No changes detected.';
+    }
+    const breaking = changes.filter((c) => c.severity === 'breaking');
+    const major = changes.filter((c) => c.severity === 'major');
+    const minor = changes.filter((c) => c.severity === 'minor');
+    let summary = '# Dependency Changes Detected\n\n';
+    summary += `**Total Changes**: ${changes.length}\n`;
+    summary += `- 🔴 Breaking: ${breaking.length}\n`;
+    summary += `- 🟡 Major: ${major.length}\n`;
+    summary += `- 🟢 Minor: ${minor.length}\n\n`;
+    if (breaking.length > 0) {
+      summary += '## ⚠️ Breaking Changes\n\n';
+      breaking.forEach((change) => {
+        summary += this.formatChangeItem(change);
+      });
+    }
+    if (major.length > 0) {
+      summary += '## 🔔 Major Updates\n\n';
+      major.forEach((change) => {
+        summary += this.formatChangeItem(change);
+      });
+    }
+    if (minor.length > 0) {
+      summary += '## 📝 Minor Updates\n\n';
+      minor.forEach((change) => {
+        summary += this.formatChangeItem(change);
+      });
+    }
+    return summary;
+  }
+  /**
+   * Generates detailed issue body for a single dependency change
+   */
+  generateIssueBody(change: DependencyChange): string {
+    const { dependency, severity, changes, oldVersion, newVersion, releaseNotes } = change;
+    let body = '';
+    // Header with severity indicator
+    const severityEmoji = {
+      breaking: '⚠️',
+      major: '🔔',
+      minor: '📝'
+    }[severity];
+    body += `${severityEmoji} **${severity.toUpperCase()}** dependency update detected\n\n`;
+    // Dependency information
+    body += `## Dependency: ${dependency.name || dependency.id}\n\n`;
+    body += `- **URL**: ${dependency.url}\n`;
+    if (dependency.type) {
+      body += `- **Type**: ${dependency.type}\n`;
+    }
+    // Version change
+    if (oldVersion && newVersion) {
+      body += `\n## Version Change\n\n`;
+      body += `\`${oldVersion}\` → \`${newVersion}\`\n`;
+    }
+    // Changes detected
+    body += `\n## Changes Detected\n\n`;
+    changes.forEach((change) => {
+      body += `- ${change}\n`;
+    });
+    // Release notes if available
+    if (releaseNotes) {
+      body += `\n## Release Notes\n\n`;
+      body += releaseNotes;
+    }
+    // Action required for breaking changes
+    if (severity === 'breaking') {
+      body += `\n## ⚠️ Action Required\n\n`;
+      body += `This is a **breaking change** that may require updates to your code.\n`;
+      body += `Please review the changes and update your implementation accordingly.\n`;
+    }
+    return body;
+  }
+  /**
+   * Formats change summary for display
+   */
+  formatChangeSummary(change: {
+    changes: string[];
+    oldVersion?: string;
+    newVersion?: string;
+    contentDiff?: string;
+  }): string {
+    let summary = '';
+    if (change.oldVersion && change.newVersion) {
+      summary += `Version: ${change.oldVersion} → ${change.newVersion}\n`;
+    }
+    if (change.changes.includes('content')) {
+      summary += 'content updated\n';
+      if (change.contentDiff) {
+        summary += `Changes: ${change.contentDiff}\n`;
+      }
+    }
+    if (change.changes.includes('metadata')) {
+      summary += 'metadata updated\n';
+    }
+    if (change.changes.includes('version')) {
+      summary += 'version updated\n';
+    }
+    return summary.trim();
+  }
+  /**
+   * Formats a single change item for the summary
+   */
+  private formatChangeItem(change: DependencyChange): string {
+    const name = change.dependency.name || change.dependency.id;
+    let item = `### ${name}\n\n`;
+    item += `- **URL**: ${change.dependency.url}\n`;
+    if (change.oldVersion && change.newVersion) {
+      item += `- **Version**: \`${change.oldVersion}\` → \`${change.newVersion}\`\n`;
+    }
+    if (change.changes.length > 0) {
+      item += `- **Changes**: ${change.changes.join(', ')}\n`;
+    }
+    item += '\n';
+    return item;
+  }
+}

package/src/utils/secrets.ts ADDED Viewed

@@ -0,0 +1,124 @@
+/**
+ * Secret resolution utility for GitHub Actions and environment variables
+ * Safely resolves secrets from GitHub Secrets and environment variables
+ */
+export interface SecretResolverConfig {
+  prefix?: string;
+  enableCache?: boolean;
+}
+export interface DependencyAuthConfig {
+  [domain: string]: {
+    secretName: string;
+  };
+}
+/**
+ * Resolves secrets from environment variables and GitHub Secrets
+ */
+export class SecretResolver {
+  private prefix: string;
+  private enableCache: boolean;
+  private cache: Map<string, string>;
+  constructor(config: SecretResolverConfig = {}) {
+    this.prefix = config.prefix || '';
+    this.enableCache = config.enableCache ?? false;
+    this.cache = new Map();
+  }
+  /**
+   * Resolve a single secret by name
+   */
+  async resolve(secretName: string): Promise<string> {
+    // Parse GitHub Actions secret reference format: ${{ secrets.NAME }}
+    const match = secretName.match(/\$\{\{\s*secrets\.([A-Z_]+)\s*\}\}/);
+    const actualName = match ? match[1] : secretName;
+    const envKey = this.prefix + actualName;
+    // Check cache first
+    if (this.enableCache && this.cache.has(envKey)) {
+      return this.cache.get(envKey)!;
+    }
+    // Resolve from environment
+    const value = process.env[envKey];
+    if (value === undefined) {
+      throw new Error(`Secret ${actualName} not found`);
+    }
+    // Cache if enabled
+    if (this.enableCache) {
+      this.cache.set(envKey, value);
+    }
+    return value;
+  }
+  /**
+   * Resolve multiple secrets at once
+   */
+  async resolveMultiple(
+    secretNames: string[],
+    options?: { allowPartial?: boolean }
+  ): Promise<Record<string, string>> {
+    const result: Record<string, string> = {};
+    const errors: string[] = [];
+    for (const name of secretNames) {
+      try {
+        result[name] = await this.resolve(name);
+      } catch (error) {
+        if (options?.allowPartial) {
+          // Skip missing secrets when allowPartial is true
+          continue;
+        }
+        errors.push((error as Error).message);
+      }
+    }
+    if (errors.length > 0 && !options?.allowPartial) {
+      throw new Error(errors[0]); // Throw first error
+    }
+    return result;
+  }
+  /**
+   * Resolve per-dependency authentication configuration
+   */
+  async resolveDependencyAuth(config: DependencyAuthConfig): Promise<Record<string, string>> {
+    const result: Record<string, string> = {};
+    for (const [domain, authConfig] of Object.entries(config)) {
+      const secretValue = await this.resolve(authConfig.secretName);
+      result[domain] = secretValue;
+    }
+    return result;
+  }
+  /**
+   * Validate secret name format
+   */
+  validate(secretName: string): boolean {
+    // Handle GitHub Actions secret reference
+    if (secretName.startsWith('${{')) {
+      const match = secretName.match(/\$\{\{\s*secrets\.([A-Z_][A-Z0-9_]*)\s*\}\}/);
+      return match !== null;
+    }
+    // Standard environment variable naming convention
+    // Must start with letter or underscore, contain only alphanumeric and underscores
+    return /^[A-Z_][A-Z0-9_]*$/.test(secretName);
+  }
+  /**
+   * Clear the secret cache
+   */
+  clearCache(): void {
+    this.cache.clear();
+  }
+}

package/test/actions/check.test.ts ADDED Viewed

@@ -0,0 +1,216 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import { checkAction } from '../../src/actions/check.js';
+// Mock the Monitor module
+vi.mock('@dependabit/monitor', () => {
+  class MockMonitor {
+    checkAll = vi.fn().mockImplementation((dependencies) => {
+      // Return error for invalid URLs
+      return Promise.resolve(
+        dependencies.map((dep) => {
+          if (dep.url === 'https://invalid-url.com') {
+            return {
+              dependency: dep,
+              hasChanged: false,
+              error: 'Failed to fetch URL content: connect ENOTFOUND invalid-url.com'
+            };
+          }
+          return {
+            dependency: dep,
+            hasChanged: false,
+            newSnapshot: {
+              stateHash: dep.currentStateHash,
+              fetchedAt: new Date()
+            }
+          };
+        })
+      );
+    });
+  }
+  return {
+    Monitor: MockMonitor
+  };
+});
+// Mock the IssueManager module
+vi.mock('@dependabit/github-client', () => {
+  class MockIssueManager {
+    createIssue = vi.fn().mockResolvedValue({
+      number: 123,
+      url: 'https://github.com/owner/repo/issues/123',
+      labels: ['dependabit', 'severity:major']
+    });
+    findExistingIssue = vi.fn().mockResolvedValue(null);
+    updateIssue = vi.fn().mockResolvedValue({
+      number: 123,
+      url: 'https://github.com/owner/repo/issues/123',
+      labels: ['dependabit', 'severity:major']
+    });
+  }
+  class MockRateLimitHandler {
+    checkRateLimit = vi.fn().mockResolvedValue({
+      limit: 5000,
+      remaining: 4000,
+      reset: new Date(Date.now() + 3600000),
+      used: 1000
+    });
+    waitIfNeeded = vi.fn().mockResolvedValue(undefined);
+    reserveBudget = vi.fn().mockResolvedValue({
+      reserved: true
+    });
+  }
+  return {
+    IssueManager: MockIssueManager,
+    RateLimitHandler: MockRateLimitHandler
+  };
+});
+describe('Check Action', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+  describe('checkAction', () => {
+    it('should check all dependencies in manifest', async () => {
+      const manifest = {
+        version: '1.0.0',
+        dependencies: [
+          {
+            id: 'dep1',
+            url: 'https://github.com/owner/repo',
+            type: 'reference-implementation',
+            accessMethod: 'github-api',
+            currentStateHash: 'hash1',
+            monitoring: { enabled: true }
+          }
+        ]
+      };
+      const result = await checkAction(manifest);
+      expect(result).toBeDefined();
+      expect(result.checked).toBeGreaterThan(0);
+      expect(result.changes).toBeDefined();
+    });
+    it('should skip disabled dependencies', async () => {
+      const manifest = {
+        version: '1.0.0',
+        dependencies: [
+          {
+            id: 'enabled',
+            url: 'https://github.com/owner/repo1',
+            type: 'reference-implementation',
+            accessMethod: 'github-api',
+            currentStateHash: 'hash1',
+            monitoring: { enabled: true }
+          },
+          {
+            id: 'disabled',
+            url: 'https://github.com/owner/repo2',
+            type: 'reference-implementation',
+            accessMethod: 'github-api',
+            currentStateHash: 'hash2',
+            monitoring: { enabled: false }
+          }
+        ]
+      };
+      const result = await checkAction(manifest);
+      expect(result.checked).toBe(1);
+      expect(result.skipped).toBe(1);
+    });
+    it('should create issues for detected changes', async () => {
+      const manifest = {
+        version: '1.0.0',
+        dependencies: [
+          {
+            id: 'changed-dep',
+            url: 'https://github.com/owner/repo',
+            type: 'reference-implementation',
+            accessMethod: 'github-api',
+            currentStateHash: 'old-hash',
+            monitoring: { enabled: true }
+          }
+        ]
+      };
+      const result = await checkAction(manifest);
+      if (result.changes.length > 0) {
+        expect(result.issuesCreated).toBeGreaterThan(0);
+      }
+    });
+    it('should handle errors gracefully', async () => {
+      const manifest = {
+        version: '1.0.0',
+        dependencies: [
+          {
+            id: 'invalid',
+            url: 'https://invalid-url.com',
+            type: 'documentation',
+            accessMethod: 'http',
+            currentStateHash: 'hash1',
+            monitoring: { enabled: true }
+          }
+        ]
+      };
+      const result = await checkAction(manifest);
+      expect(result).toBeDefined();
+      expect(result.errors).toBeGreaterThan(0);
+    });
+    it('should respect rate limits', async () => {
+      const manifest = {
+        version: '1.0.0',
+        dependencies: Array.from({ length: 100 }, (_, i) => ({
+          id: `dep${i}`,
+          url: `https://github.com/owner/repo${i}`,
+          type: 'reference-implementation',
+          accessMethod: 'github-api',
+          currentStateHash: `hash${i}`,
+          monitoring: { enabled: true }
+        }))
+      };
+      const result = await checkAction(manifest);
+      expect(result).toBeDefined();
+      expect(result.rateLimitWarnings).toBeDefined();
+    });
+    it('should update manifest with new state hashes', async () => {
+      const manifest = {
+        version: '1.0.0',
+        dependencies: [
+          {
+            id: 'dep1',
+            url: 'https://github.com/owner/repo',
+            type: 'reference-implementation',
+            accessMethod: 'github-api',
+            currentStateHash: 'old-hash',
+            lastChecked: '2024-01-01T00:00:00Z',
+            monitoring: { enabled: true }
+          }
+        ]
+      };
+      const result = await checkAction(manifest);
+      expect(result.updatedManifest).toBeDefined();
+      expect(result.updatedManifest.dependencies[0].lastChecked).not.toBe('2024-01-01T00:00:00Z');
+    });
+  });
+});

package/test/actions/generate.test.ts ADDED Viewed

@@ -0,0 +1,82 @@
+import { describe, it, expect, beforeEach, vi } from 'vitest';
+describe('GenerateAction', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+  });
+  describe('run', () => {
+    it('should parse action inputs', async () => {
+      expect(true).toBe(true);
+    });
+    it('should initialize detector with LLM provider', async () => {
+      expect(true).toBe(true);
+    });
+    it('should detect dependencies in repository', async () => {
+      expect(true).toBe(true);
+    });
+    it('should create manifest structure', async () => {
+      // Expected: DependencyManifest with metadata
+      expect(true).toBe(true);
+    });
+    it('should write manifest to .dependabit/manifest.json', async () => {
+      expect(true).toBe(true);
+    });
+    it('should set action outputs', async () => {
+      // Expected: manifestPath, dependencyCount, statistics
+      expect(true).toBe(true);
+    });
+    it('should create summary report', async () => {
+      // Expected: Markdown summary with stats
+      expect(true).toBe(true);
+    });
+    it('should handle empty repository', async () => {
+      // Expected: Create valid but empty manifest
+      expect(true).toBe(true);
+    });
+    it('should handle LLM failures with informational issue', async () => {
+      // Expected: Create GitHub issue, continue with parser results
+      expect(true).toBe(true);
+    });
+    it('should log all LLM interactions', async () => {
+      // Expected: Structured logs with prompt, model, tokens, latency
+      expect(true).toBe(true);
+    });
+    it('should respect GITHUB_TOKEN for private repos', async () => {
+      expect(true).toBe(true);
+    });
+    it('should complete within 5 minutes for typical repo', async () => {
+      // Performance requirement from SC-001
+      expect(true).toBe(true);
+    });
+  });
+  describe('calculateStatistics', () => {
+    it('should count dependencies by type', () => {
+      expect(true).toBe(true);
+    });
+    it('should count dependencies by access method', () => {
+      expect(true).toBe(true);
+    });
+    it('should count dependencies by detection method', () => {
+      expect(true).toBe(true);
+    });
+    it('should calculate average confidence', () => {
+      expect(true).toBe(true);
+    });
+  });
+});

package/test/actions/update.test.ts ADDED Viewed

@@ -0,0 +1,70 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import * as core from '@actions/core';
+// Mock dependencies before importing the module under test
+vi.mock('@actions/core');
+vi.mock('@dependabit/github-client');
+vi.mock('@dependabit/detector');
+vi.mock('@dependabit/manifest');
+const mockGetInput = vi.mocked(core.getInput);
+describe('Update Action Integration Tests', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    // Set up default input mocks
+    mockGetInput.mockImplementation((name: string) => {
+      const inputs: Record<string, string> = {
+        action: 'update',
+        repo_path: '/test/repo',
+        manifest_path: '.dependabit/manifest.json',
+        commits: '',
+        llm_provider: 'github-copilot',
+        llm_api_key: 'test-token'
+      };
+      return inputs[name] || '';
+    });
+  });
+  it('should process commits and update manifest', async () => {
+    // This test will be implemented after the update action is created
+    expect(true).toBe(true);
+  });
+  it('should handle multiple commits in a single push', async () => {
+    // Test for requirement: handle multiple commits pushed at once
+    expect(true).toBe(true);
+  });
+  it('should preserve manually added entries', async () => {
+    // Test for requirement: non-destructive merge
+    expect(true).toBe(true);
+  });
+  it('should detect new dependencies in commits', async () => {
+    // Test for requirement: analyze commits for added dependencies
+    expect(true).toBe(true);
+  });
+  it('should mark removed dependencies', async () => {
+    // Test for requirement: analyze commits for removed dependencies
+    expect(true).toBe(true);
+  });
+  it('should handle errors gracefully', async () => {
+    // Test error handling
+    expect(true).toBe(true);
+  });
+  it('should complete within time limit', async () => {
+    // Test for SC-002: complete within 2 minutes
+    const startTime = Date.now();
+    // Simulate update action (will be implemented)
+    // await run();
+    const duration = Date.now() - startTime;
+    expect(duration).toBeLessThan(2 * 60 * 1000); // 2 minutes
+  });
+});