npm - @dependabit/action - Versions diffs - 0.1.1 - Mend

@dependabit/action 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (92) hide show

package/CHANGELOG.md +12 -0
package/LICENSE +21 -0
package/README.md +225 -0
package/action.yml +85 -0
package/dist/actions/check.d.ts +33 -0
package/dist/actions/check.d.ts.map +1 -0
package/dist/actions/check.js +162 -0
package/dist/actions/check.js.map +1 -0
package/dist/actions/generate.d.ts +9 -0
package/dist/actions/generate.d.ts.map +1 -0
package/dist/actions/generate.js +152 -0
package/dist/actions/generate.js.map +1 -0
package/dist/actions/update.d.ts +9 -0
package/dist/actions/update.d.ts.map +1 -0
package/dist/actions/update.js +246 -0
package/dist/actions/update.js.map +1 -0
package/dist/actions/validate.d.ts +33 -0
package/dist/actions/validate.d.ts.map +1 -0
package/dist/actions/validate.js +226 -0
package/dist/actions/validate.js.map +1 -0
package/dist/index.d.ts +8 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +35 -0
package/dist/index.js.map +1 -0
package/dist/logger.d.ts +114 -0
package/dist/logger.d.ts.map +1 -0
package/dist/logger.js +154 -0
package/dist/logger.js.map +1 -0
package/dist/utils/agent-config.d.ts +31 -0
package/dist/utils/agent-config.d.ts.map +1 -0
package/dist/utils/agent-config.js +42 -0
package/dist/utils/agent-config.js.map +1 -0
package/dist/utils/agent-router.d.ts +33 -0
package/dist/utils/agent-router.d.ts.map +1 -0
package/dist/utils/agent-router.js +57 -0
package/dist/utils/agent-router.js.map +1 -0
package/dist/utils/errors.d.ts +51 -0
package/dist/utils/errors.d.ts.map +1 -0
package/dist/utils/errors.js +219 -0
package/dist/utils/errors.js.map +1 -0
package/dist/utils/inputs.d.ts +35 -0
package/dist/utils/inputs.d.ts.map +1 -0
package/dist/utils/inputs.js +47 -0
package/dist/utils/inputs.js.map +1 -0
package/dist/utils/metrics.d.ts +66 -0
package/dist/utils/metrics.d.ts.map +1 -0
package/dist/utils/metrics.js +116 -0
package/dist/utils/metrics.js.map +1 -0
package/dist/utils/outputs.d.ts +43 -0
package/dist/utils/outputs.d.ts.map +1 -0
package/dist/utils/outputs.js +146 -0
package/dist/utils/outputs.js.map +1 -0
package/dist/utils/performance.d.ts +100 -0
package/dist/utils/performance.d.ts.map +1 -0
package/dist/utils/performance.js +185 -0
package/dist/utils/performance.js.map +1 -0
package/dist/utils/reporter.d.ts +43 -0
package/dist/utils/reporter.d.ts.map +1 -0
package/dist/utils/reporter.js +122 -0
package/dist/utils/reporter.js.map +1 -0
package/dist/utils/secrets.d.ts +45 -0
package/dist/utils/secrets.d.ts.map +1 -0
package/dist/utils/secrets.js +94 -0
package/dist/utils/secrets.js.map +1 -0
package/package.json +45 -0
package/src/actions/check.ts +223 -0
package/src/actions/generate.ts +181 -0
package/src/actions/update.ts +284 -0
package/src/actions/validate.ts +292 -0
package/src/index.ts +43 -0
package/src/logger.test.ts +200 -0
package/src/logger.ts +210 -0
package/src/utils/agent-config.ts +61 -0
package/src/utils/agent-router.ts +67 -0
package/src/utils/errors.ts +251 -0
package/src/utils/inputs.ts +75 -0
package/src/utils/metrics.ts +169 -0
package/src/utils/outputs.ts +202 -0
package/src/utils/performance.ts +248 -0
package/src/utils/reporter.ts +169 -0
package/src/utils/secrets.ts +124 -0
package/test/actions/check.test.ts +216 -0
package/test/actions/generate.test.ts +82 -0
package/test/actions/update.test.ts +70 -0
package/test/actions/validate.test.ts +257 -0
package/test/utils/agent-config.test.ts +112 -0
package/test/utils/agent-router.test.ts +129 -0
package/test/utils/metrics.test.ts +221 -0
package/test/utils/reporter.test.ts +196 -0
package/test/utils/secrets.test.ts +217 -0
package/tsconfig.json +15 -0
package/tsconfig.tsbuildinfo +1 -0

package/src/actions/generate.ts ADDED Viewed

@@ -0,0 +1,181 @@
+/**
+ * Generate Action
+ * Initial manifest generation by analyzing the repository
+ */
+import * as core from '@actions/core';
+import { join } from 'node:path';
+import { Detector, GitHubCopilotProvider } from '@dependabit/detector';
+import { writeManifest, type DependencyManifest } from '@dependabit/manifest';
+import { createLogger, withTiming } from '../logger.js';
+import { parseGenerateInputs } from '../utils/inputs.js';
+import {
+  setGenerateOutputs,
+  createGenerateSummary,
+  createDependencyListSummary
+} from '../utils/outputs.js';
+/**
+ * Main entry point for the generate action wrapped for error handling
+ */
+export async function run(): Promise<void> {
+  try {
+    await generateAction();
+  } catch (error) {
+    core.setFailed(error instanceof Error ? error.message : String(error));
+  }
+}
+/**
+ * Generate action implementation
+ */
+async function generateAction(): Promise<void> {
+  const logger = createLogger({ enableDebug: true });
+  try {
+    logger.startGroup('📋 Parsing Action Inputs');
+    const inputs = parseGenerateInputs();
+    logger.info('Action inputs parsed', {
+      repoPath: inputs.repoPath,
+      llmProvider: inputs.llmProvider,
+      llmModel: inputs.llmModel || 'default',
+      manifestPath: inputs.manifestPath
+    });
+    logger.endGroup();
+    // Initialize LLM provider
+    logger.startGroup('🤖 Initializing LLM Provider');
+    const llmProvider = new GitHubCopilotProvider({
+      ...(inputs.llmApiKey && { apiKey: inputs.llmApiKey }),
+      ...(inputs.llmModel && { model: inputs.llmModel })
+    });
+    logger.info('LLM provider initialized', {
+      provider: inputs.llmProvider,
+      model: inputs.llmModel || 'gpt-4',
+      hasApiKey: !!inputs.llmApiKey
+    });
+    logger.endGroup();
+    // Create detector
+    logger.startGroup('🔍 Detecting Dependencies');
+    const detector = new Detector({
+      repoPath: inputs.repoPath,
+      llmProvider
+    });
+    const result = await withTiming(logger, 'dependency-detection', async () => {
+      return await detector.detectDependencies();
+    });
+    logger.info('Detection complete', {
+      dependencyCount: result.dependencies.length,
+      filesScanned: result.statistics.filesScanned,
+      urlsFound: result.statistics.urlsFound,
+      llmCalls: result.statistics.llmCalls,
+      totalTokens: result.statistics.totalTokens
+    });
+    logger.endGroup();
+    // Create manifest
+    logger.startGroup('📄 Creating Manifest');
+    const manifest = await createManifest(inputs.repoPath, result.dependencies, inputs.llmProvider);
+    const manifestPath = join(inputs.repoPath, inputs.manifestPath);
+    await writeManifest(manifestPath, manifest);
+    logger.info('Manifest written', {
+      path: manifestPath,
+      dependencyCount: manifest.dependencies.length
+    });
+    logger.endGroup();
+    // Set outputs
+    logger.startGroup('📊 Setting Outputs');
+    setGenerateOutputs(manifest, inputs.manifestPath, result.statistics);
+    logger.endGroup();
+    // Create summary
+    logger.startGroup('📝 Creating Summary');
+    await createGenerateSummary(manifest, result.statistics);
+    await createDependencyListSummary(
+      manifest.dependencies.map((dep) => ({
+        name: dep.name,
+        url: dep.url,
+        type: dep.type,
+        confidence: dep.detectionConfidence
+      }))
+    );
+    logger.endGroup();
+    logger.info('✅ Generate action completed successfully');
+  } catch (error) {
+    logger.error('Generate action failed', {
+      error: error instanceof Error ? error.message : String(error),
+      stack: error instanceof Error ? error.stack : undefined
+    });
+    core.setFailed(error instanceof Error ? error.message : String(error));
+  }
+}
+/**
+ * Create the manifest structure
+ */
+async function createManifest(
+  repoPath: string,
+  dependencies: any[],
+  llmProvider: string
+): Promise<DependencyManifest> {
+  // Get repository info from GitHub context or git
+  const owner = process.env['GITHUB_REPOSITORY']?.split('/')[0] || 'unknown';
+  const name = process.env['GITHUB_REPOSITORY']?.split('/')[1] || 'unknown';
+  const branch = process.env['GITHUB_REF_NAME'] || 'main';
+  const commit = process.env['GITHUB_SHA'] || 'unknown';
+  // Calculate statistics
+  const byType: Record<string, number> = {};
+  const byAccessMethod: Record<string, number> = {};
+  const byDetectionMethod: Record<string, number> = {};
+  let totalConfidence = 0;
+  for (const dep of dependencies) {
+    byType[dep.type] = (byType[dep.type] || 0) + 1;
+    byAccessMethod[dep.accessMethod] = (byAccessMethod[dep.accessMethod] || 0) + 1;
+    byDetectionMethod[dep.detectionMethod] = (byDetectionMethod[dep.detectionMethod] || 0) + 1;
+    totalConfidence += dep.detectionConfidence;
+  }
+  const averageConfidence = dependencies.length > 0 ? totalConfidence / dependencies.length : 0;
+  const manifest: DependencyManifest = {
+    version: '1.0.0',
+    generatedAt: new Date().toISOString(),
+    generatedBy: {
+      action: 'dependabit',
+      version: '1.0.0',
+      llmProvider: llmProvider,
+      llmModel: 'gpt-4'
+    },
+    repository: {
+      owner,
+      name,
+      branch,
+      commit
+    },
+    dependencies,
+    statistics: {
+      totalDependencies: dependencies.length,
+      byType,
+      byAccessMethod,
+      byDetectionMethod,
+      averageConfidence
+    }
+  };
+  return manifest;
+}
+// Run the action
+if (import.meta.url === `file://${process.argv[1]}`) {
+  run();
+}

package/src/actions/update.ts ADDED Viewed

@@ -0,0 +1,284 @@
+/**
+ * Update Action
+ * Analyze commits and update manifest with new/removed dependencies
+ */
+import * as core from '@actions/core';
+import { join } from 'node:path';
+import { existsSync } from 'node:fs';
+import { readFile } from 'node:fs/promises';
+import { Detector, GitHubCopilotProvider, extractDependencyChanges } from '@dependabit/detector';
+import {
+  readManifest,
+  writeManifest,
+  mergeManifests,
+  type DependencyManifest
+} from '@dependabit/manifest';
+import { createGitHubClient, getCommitDiff } from '@dependabit/github-client';
+import { createLogger, withTiming } from '../logger.js';
+import { parseUpdateInputs } from '../utils/inputs.js';
+import { setUpdateOutputs, createUpdateSummary } from '../utils/outputs.js';
+/**
+ * Main entry point for the update action
+ */
+export async function run(): Promise<void> {
+  const logger = createLogger({ enableDebug: true });
+  try {
+    logger.startGroup('📋 Parsing Action Inputs');
+    const inputs = parseUpdateInputs();
+    logger.info('Action inputs parsed', {
+      repoPath: inputs.repoPath,
+      manifestPath: inputs.manifestPath,
+      commits: inputs.commits.length > 0 ? inputs.commits : 'auto-detect'
+    });
+    logger.endGroup();
+    // Get repository information from environment
+    const repository = process.env['GITHUB_REPOSITORY'];
+    if (!repository) {
+      throw new Error('GITHUB_REPOSITORY environment variable not set');
+    }
+    const [owner, repo] = repository.split('/');
+    if (!owner || !repo) {
+      throw new Error(`Invalid GITHUB_REPOSITORY format: ${repository}`);
+    }
+    // Check if manifest exists
+    const manifestPath = join(inputs.repoPath, inputs.manifestPath);
+    if (!existsSync(manifestPath)) {
+      logger.info('⚠️  No existing manifest found. Run generate action first.');
+      core.setOutput('changes_detected', false);
+      core.setOutput('dependencies_added', 0);
+      core.setOutput('dependencies_removed', 0);
+      core.setOutput('total_dependencies', 0);
+      core.setOutput('files_analyzed', 0);
+      return;
+    }
+    // Read existing manifest
+    logger.startGroup('📄 Reading Existing Manifest');
+    const existingManifest = await readManifest(manifestPath);
+    logger.info('Manifest loaded', {
+      dependencyCount: existingManifest.dependencies.length,
+      version: existingManifest.version
+    });
+    logger.endGroup();
+    // Initialize GitHub client
+    logger.startGroup('🔗 Initializing GitHub Client');
+    const githubToken = process.env['GITHUB_TOKEN'];
+    if (!githubToken) {
+      throw new Error('GITHUB_TOKEN environment variable not set');
+    }
+    const client = createGitHubClient({ auth: githubToken });
+    logger.info('GitHub client initialized');
+    logger.endGroup();
+    // Determine commits to analyze
+    logger.startGroup('📊 Analyzing Commits');
+    let commitsToAnalyze = inputs.commits;
+    if (commitsToAnalyze.length === 0) {
+      // Auto-detect commits from the push event
+      const headRef = process.env['GITHUB_SHA'];
+      if (headRef) {
+        // For push events, get commits from the push payload
+        const eventPath = process.env['GITHUB_EVENT_PATH'];
+        if (eventPath) {
+          try {
+            const eventContent = await readFile(eventPath, 'utf-8');
+            const event = JSON.parse(eventContent);
+            if (event.commits && Array.isArray(event.commits)) {
+              commitsToAnalyze = event.commits.map((c: any) => c.id || c.sha);
+              logger.info('Detected commits from push event', { count: commitsToAnalyze.length });
+            }
+          } catch (error) {
+            logger.warning('Failed to parse GitHub event payload', {
+              error: String(error),
+              eventPath
+            });
+          }
+        }
+        // Fallback: analyze the last commit
+        if (commitsToAnalyze.length === 0) {
+          commitsToAnalyze = [headRef];
+          logger.info('Using HEAD commit', { sha: headRef });
+        }
+      }
+    }
+    if (commitsToAnalyze.length === 0) {
+      logger.info('⚠️  No commits to analyze');
+      core.setOutput('changes_detected', false);
+      return;
+    }
+    logger.info('Commits to analyze', {
+      count: commitsToAnalyze.length,
+      shas: commitsToAnalyze.slice(0, 5)
+    });
+    logger.endGroup();
+    // Fetch and analyze commit diffs
+    logger.startGroup('🔍 Analyzing Commit Diffs');
+    const allChangedFiles: string[] = [];
+    const allAddedUrls: Set<string> = new Set();
+    const allRemovedUrls: Set<string> = new Set();
+    for (const sha of commitsToAnalyze) {
+      const diff = await withTiming(logger, `fetch-commit-${sha.substring(0, 7)}`, async () => {
+        return await getCommitDiff(client, owner, repo, sha);
+      });
+      const changes = extractDependencyChanges(diff.files);
+      // Track changed files
+      for (const file of changes.changedFiles.relevantFiles) {
+        if (!allChangedFiles.includes(file)) {
+          allChangedFiles.push(file);
+        }
+      }
+      // Track URL changes
+      changes.addedUrls.forEach((url) => allAddedUrls.add(url));
+      changes.removedUrls.forEach((url) => allRemovedUrls.add(url));
+      logger.info('Commit analyzed', {
+        sha: sha.substring(0, 7),
+        filesChanged: diff.files.length,
+        relevantFiles: changes.changedFiles.relevantFiles.length,
+        addedUrls: changes.addedUrls.length,
+        removedUrls: changes.removedUrls.length
+      });
+    }
+    logger.info('All commits analyzed', {
+      totalChangedFiles: allChangedFiles.length,
+      totalAddedUrls: allAddedUrls.size,
+      totalRemovedUrls: allRemovedUrls.size
+    });
+    logger.endGroup();
+    // Re-analyze changed files if any
+    logger.startGroup('🔍 Re-analyzing Changed Files');
+    let newDependencies: DependencyManifest['dependencies'] = [];
+    if (allChangedFiles.length > 0) {
+      // Initialize LLM provider for selective analysis
+      const llmProvider = new GitHubCopilotProvider({
+        apiKey: githubToken
+      });
+      // Create detector
+      const detector = new Detector({
+        repoPath: inputs.repoPath,
+        llmProvider
+      });
+      const result = await withTiming(logger, 'selective-analysis', async () => {
+        return await detector.analyzeFiles(allChangedFiles);
+      });
+      newDependencies = result.dependencies;
+      logger.info('Selective analysis complete', {
+        filesAnalyzed: result.statistics.filesScanned,
+        dependenciesFound: newDependencies.length,
+        llmCalls: result.statistics.llmCalls
+      });
+    }
+    logger.endGroup();
+    // Create updated manifest
+    logger.startGroup('🔄 Merging Manifests');
+    const updatedManifest: DependencyManifest = {
+      ...existingManifest,
+      generatedAt: new Date().toISOString(),
+      generatedBy: {
+        action: 'dependabit-update',
+        version: '1.0.0',
+        llmProvider: 'github-copilot',
+        llmModel: 'gpt-4'
+      },
+      repository: {
+        owner,
+        name: repo,
+        branch: process.env['GITHUB_REF_NAME'] || existingManifest.repository.branch || 'main',
+        commit: process.env['GITHUB_SHA'] || existingManifest.repository.commit || 'unknown'
+      },
+      dependencies: newDependencies
+    };
+    // Merge with existing manifest (preserves manual entries)
+    const merged = mergeManifests(existingManifest, updatedManifest, {
+      preserveManual: true,
+      preserveHistory: true
+    });
+    // Mark removed dependencies
+    const removedUrls = Array.from(allRemovedUrls);
+    for (const dep of merged.dependencies) {
+      if (removedUrls.includes(dep.url)) {
+        // Mark as potentially removed (could be a false positive)
+        logger.info('Dependency potentially removed', {
+          name: dep.name,
+          url: dep.url
+        });
+      }
+    }
+    const dependenciesAdded = merged.dependencies.length - existingManifest.dependencies.length;
+    const changesDetected = dependenciesAdded !== 0 || removedUrls.length > 0;
+    logger.info('Manifests merged', {
+      before: existingManifest.dependencies.length,
+      after: merged.dependencies.length,
+      added: Math.max(0, dependenciesAdded),
+      manualPreserved: merged.dependencies.filter((d) => d.detectionMethod === 'manual').length
+    });
+    logger.endGroup();
+    // Write updated manifest
+    logger.startGroup('💾 Writing Updated Manifest');
+    await writeManifest(manifestPath, merged);
+    logger.info('Manifest updated', { path: manifestPath });
+    logger.endGroup();
+    // Set outputs
+    logger.startGroup('📊 Setting Outputs');
+    setUpdateOutputs(merged, existingManifest, allChangedFiles.length);
+    logger.endGroup();
+    // Create summary
+    logger.startGroup('📝 Creating Summary');
+    await createUpdateSummary(existingManifest, merged, {
+      commitsAnalyzed: commitsToAnalyze.length,
+      filesChanged: allChangedFiles.length,
+      urlsAdded: allAddedUrls.size,
+      urlsRemoved: allRemovedUrls.size
+    });
+    logger.endGroup();
+    if (changesDetected) {
+      logger.info('✅ Update action completed with changes');
+    } else {
+      logger.info('✅ Update action completed - no changes detected');
+    }
+  } catch (error) {
+    logger.error('Update action failed', {
+      error: error instanceof Error ? error.message : String(error),
+      stack: error instanceof Error ? error.stack : undefined
+    });
+    core.setFailed(error instanceof Error ? error.message : String(error));
+  }
+}
+// Run the action
+if (import.meta.url === `file://${process.argv[1]}`) {
+  run();
+}