eslint-plugin-github-actions-2 1.0.5 → 1.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/plugin.cjs +30 -3
- package/dist/plugin.cjs.map +2 -2
- package/dist/rules/require-dependabot-open-pull-requests-limit.d.ts.map +1 -1
- package/dist/rules/require-dependabot-open-pull-requests-limit.js +32 -2
- package/dist/rules/require-dependabot-open-pull-requests-limit.js.map +1 -1
- package/docs/rules/require-dependabot-open-pull-requests-limit.md +21 -4
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"require-dependabot-open-pull-requests-limit.d.ts","sourceRoot":"","sources":["../../src/rules/require-dependabot-open-pull-requests-limit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;
|
|
1
|
+
{"version":3,"file":"require-dependabot-open-pull-requests-limit.d.ts","sourceRoot":"","sources":["../../src/rules/require-dependabot-open-pull-requests-limit.ts"],"names":[],"mappings":"AAAA;;;GAGG;AACH,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,QAAQ,CAAC;AAanC,kEAAkE;AAClE,QAAA,MAAM,IAAI,EAAE,IAAI,CAAC,UA+GhB,CAAC;AAEF,eAAe,IAAI,CAAC"}
|
|
@@ -1,8 +1,9 @@
|
|
|
1
|
-
import { getDependabotRoot, getDependabotUpdateEntries, getDependabotUpdateLabel, } from "../_internal/dependabot-yaml.js";
|
|
1
|
+
import { getDependabotReferencedGroup, getDependabotRoot, getDependabotUpdateEntries, getDependabotUpdateLabel, } from "../_internal/dependabot-yaml.js";
|
|
2
2
|
import { getMappingPair, getScalarNumberValue, } from "../_internal/workflow-yaml.js";
|
|
3
3
|
/** Rule implementation for requiring open-pull-requests-limit. */
|
|
4
4
|
const rule = {
|
|
5
5
|
create(context) {
|
|
6
|
+
const reportedGroupNames = new Set();
|
|
6
7
|
return {
|
|
7
8
|
Program() {
|
|
8
9
|
const root = getDependabotRoot(context);
|
|
@@ -11,6 +12,33 @@ const rule = {
|
|
|
11
12
|
}
|
|
12
13
|
for (const update of getDependabotUpdateEntries(root)) {
|
|
13
14
|
const limitPair = getMappingPair(update.mapping, "open-pull-requests-limit");
|
|
15
|
+
if (update.multiEcosystemGroup !== null) {
|
|
16
|
+
if (limitPair !== null) {
|
|
17
|
+
context.report({
|
|
18
|
+
data: {
|
|
19
|
+
updateLabel: getDependabotUpdateLabel(update),
|
|
20
|
+
},
|
|
21
|
+
messageId: "unsupportedOpenPullRequestsLimitOnGroupedUpdate",
|
|
22
|
+
node: limitPair.key,
|
|
23
|
+
});
|
|
24
|
+
}
|
|
25
|
+
const groupMapping = getDependabotReferencedGroup(root, update);
|
|
26
|
+
const groupLimitPair = groupMapping === null
|
|
27
|
+
? null
|
|
28
|
+
: getMappingPair(groupMapping, "open-pull-requests-limit");
|
|
29
|
+
if (groupLimitPair !== null &&
|
|
30
|
+
!reportedGroupNames.has(update.multiEcosystemGroup)) {
|
|
31
|
+
reportedGroupNames.add(update.multiEcosystemGroup);
|
|
32
|
+
context.report({
|
|
33
|
+
data: {
|
|
34
|
+
groupName: update.multiEcosystemGroup,
|
|
35
|
+
},
|
|
36
|
+
messageId: "unsupportedOpenPullRequestsLimitOnGroup",
|
|
37
|
+
node: groupLimitPair.key,
|
|
38
|
+
});
|
|
39
|
+
}
|
|
40
|
+
continue;
|
|
41
|
+
}
|
|
14
42
|
const limitValue = getScalarNumberValue(limitPair?.value ?? null);
|
|
15
43
|
if (limitValue !== null) {
|
|
16
44
|
continue;
|
|
@@ -35,7 +63,7 @@ const rule = {
|
|
|
35
63
|
"github-actions.configs.all",
|
|
36
64
|
"github-actions.configs.dependabot",
|
|
37
65
|
],
|
|
38
|
-
description: "require Dependabot update entries to define `open-pull-requests-limit`.",
|
|
66
|
+
description: "require standalone Dependabot update entries to define `open-pull-requests-limit`.",
|
|
39
67
|
dialects: ["Dependabot configuration"],
|
|
40
68
|
frozen: false,
|
|
41
69
|
recommended: true,
|
|
@@ -46,6 +74,8 @@ const rule = {
|
|
|
46
74
|
},
|
|
47
75
|
messages: {
|
|
48
76
|
missingOpenPullRequestsLimit: "{{updateLabel}} should define `open-pull-requests-limit` so Dependabot pull request volume is explicitly controlled.",
|
|
77
|
+
unsupportedOpenPullRequestsLimitOnGroup: "Multi-ecosystem group '{{groupName}}' should not define `open-pull-requests-limit`. Grouped updates already consolidate into a single Dependabot pull request.",
|
|
78
|
+
unsupportedOpenPullRequestsLimitOnGroupedUpdate: "{{updateLabel}} uses `multi-ecosystem-group` and should not define `open-pull-requests-limit`. Grouped updates already consolidate into a single Dependabot pull request.",
|
|
49
79
|
},
|
|
50
80
|
schema: [],
|
|
51
81
|
type: "suggestion",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"require-dependabot-open-pull-requests-limit.js","sourceRoot":"","sources":["../../src/rules/require-dependabot-open-pull-requests-limit.ts"],"names":[],"mappings":"AAMA,OAAO,EACH,iBAAiB,EACjB,0BAA0B,EAC1B,wBAAwB,GAC3B,MAAM,iCAAiC,CAAC;AACzC,OAAO,EACH,cAAc,EACd,oBAAoB,GACvB,MAAM,+BAA+B,CAAC;AAEvC,kEAAkE;AAClE,MAAM,IAAI,GAAoB;IAC1B,MAAM,CAAC,OAAO;QACV,OAAO;YACH,OAAO;gBACH,MAAM,IAAI,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;gBAExC,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;oBAChB,OAAO;gBACX,CAAC;gBAED,KAAK,MAAM,MAAM,IAAI,0BAA0B,CAAC,IAAI,CAAC,EAAE,CAAC;oBACpD,MAAM,SAAS,GAAG,cAAc,CAC5B,MAAM,CAAC,OAAO,EACd,0BAA0B,CAC7B,CAAC;
|
|
1
|
+
{"version":3,"file":"require-dependabot-open-pull-requests-limit.js","sourceRoot":"","sources":["../../src/rules/require-dependabot-open-pull-requests-limit.ts"],"names":[],"mappings":"AAMA,OAAO,EACH,4BAA4B,EAC5B,iBAAiB,EACjB,0BAA0B,EAC1B,wBAAwB,GAC3B,MAAM,iCAAiC,CAAC;AACzC,OAAO,EACH,cAAc,EACd,oBAAoB,GACvB,MAAM,+BAA+B,CAAC;AAEvC,kEAAkE;AAClE,MAAM,IAAI,GAAoB;IAC1B,MAAM,CAAC,OAAO;QACV,MAAM,kBAAkB,GAAG,IAAI,GAAG,EAAU,CAAC;QAE7C,OAAO;YACH,OAAO;gBACH,MAAM,IAAI,GAAG,iBAAiB,CAAC,OAAO,CAAC,CAAC;gBAExC,IAAI,IAAI,KAAK,IAAI,EAAE,CAAC;oBAChB,OAAO;gBACX,CAAC;gBAED,KAAK,MAAM,MAAM,IAAI,0BAA0B,CAAC,IAAI,CAAC,EAAE,CAAC;oBACpD,MAAM,SAAS,GAAG,cAAc,CAC5B,MAAM,CAAC,OAAO,EACd,0BAA0B,CAC7B,CAAC;oBAEF,IAAI,MAAM,CAAC,mBAAmB,KAAK,IAAI,EAAE,CAAC;wBACtC,IAAI,SAAS,KAAK,IAAI,EAAE,CAAC;4BACrB,OAAO,CAAC,MAAM,CAAC;gCACX,IAAI,EAAE;oCACF,WAAW,EACP,wBAAwB,CAAC,MAAM,CAAC;iCACvC;gCACD,SAAS,EACL,iDAAiD;gCACrD,IAAI,EAAE,SAAS,CAAC,GAA2B;6BAC9C,CAAC,CAAC;wBACP,CAAC;wBAED,MAAM,YAAY,GAAG,4BAA4B,CAC7C,IAAI,EACJ,MAAM,CACT,CAAC;wBACF,MAAM,cAAc,GAChB,YAAY,KAAK,IAAI;4BACjB,CAAC,CAAC,IAAI;4BACN,CAAC,CAAC,cAAc,CACV,YAAY,EACZ,0BAA0B,CAC7B,CAAC;wBAEZ,IACI,cAAc,KAAK,IAAI;4BACvB,CAAC,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC,mBAAmB,CAAC,EACrD,CAAC;4BACC,kBAAkB,CAAC,GAAG,CAAC,MAAM,CAAC,mBAAmB,CAAC,CAAC;4BAEnD,OAAO,CAAC,MAAM,CAAC;gCACX,IAAI,EAAE;oCACF,SAAS,EAAE,MAAM,CAAC,mBAAmB;iCACxC;gCACD,SAAS,EACL,yCAAyC;gCAC7C,IAAI,EAAE,cAAc,CAAC,GAA2B;6BACnD,CAAC,CAAC;wBACP,CAAC;wBAED,SAAS;oBACb,CAAC;oBAED,MAAM,UAAU,GAAG,oBAAoB,CACnC,SAAS,EAAE,KAAK,IAAI,IAAI,CAC3B,CAAC;oBAEF,IAAI,UAAU,KAAK,IAAI,EAAE,CAAC;wBACtB,SAAS;oBACb,CAAC;oBAED,OAAO,CAAC,MAAM,CAAC;wBACX,IAAI,EAAE;4BACF,WAAW,EAAE,wBAAwB,CAAC,MAAM,CAAC;yBAChD;wBACD,SAAS,EAAE,8BAA8B;wBACzC,IAAI,EAAE,CAAC,SAAS,EAAE,KAAK;4BACnB,SAAS;4BACT,MAAM,CAAC,IAAI,CAAyB;qBAC3C,CAAC,CAAC;gBACP,CAAC;YACL,CAAC;SACJ,CAAC;IACN,CAAC;IACD,IAAI,EAAE;QACF,UAAU,EAAE,KAAK;QACjB,IAAI,EAAE;YACF,OAAO,EAAE;gBACL,4BAA4B;gBAC5B,mCAAmC;aACtC;YACD,WAAW,EACP,oFAAoF;YACxF,QAAQ,EAAE,CAAC,0BAA0B,CAAC;YACtC,MAAM,EAAE,KAAK;YACb,WAAW,EAAE,IAAI;YACjB,oBAAoB,EAAE,KAAK;YAC3B,MAAM,EAAE,MAAM;YACd,UAAU,EAAE,EAAE;YACd,GAAG,EAAE,oHAAoH;SAC5H;QACD,QAAQ,EAAE;YACN,4BAA4B,EACxB,sHAAsH;YAC1H,uCAAuC,EACnC,gKAAgK;YACpK,+CAA+C,EAC3C,2KAA2K;SAClL;QACD,MAAM,EAAE,EAAE;QACV,IAAI,EAAE,YAAY;KACA;CACzB,CAAC;AAEF,eAAe,IAAI,CAAC"}
|
|
@@ -4,16 +4,20 @@
|
|
|
4
4
|
|
|
5
5
|
## Targeted pattern scope
|
|
6
6
|
|
|
7
|
-
Dependabot update entries in `.github/dependabot.yml`.
|
|
7
|
+
Standalone Dependabot update entries in `.github/dependabot.yml` that do not use `multi-ecosystem-group`.
|
|
8
8
|
|
|
9
9
|
## What this rule reports
|
|
10
10
|
|
|
11
|
-
This rule reports update entries that do not define `open-pull-requests-limit`.
|
|
11
|
+
This rule reports standalone update entries that do not define `open-pull-requests-limit`.
|
|
12
|
+
|
|
13
|
+
It also reports grouped configurations that set `open-pull-requests-limit` on either the update entry or the referenced multi-ecosystem group.
|
|
12
14
|
|
|
13
15
|
## Why this rule exists
|
|
14
16
|
|
|
15
17
|
Dependabot defaults can be reasonable, but they are still implicit. Requiring an explicit open pull request limit makes update volume a deliberate repository policy.
|
|
16
18
|
|
|
19
|
+
Updates that use `multi-ecosystem-group` are intentionally excluded. GitHub creates a single pull request per multi-ecosystem group, so `open-pull-requests-limit` does not apply there and should not be set.
|
|
20
|
+
|
|
17
21
|
## ❌ Incorrect
|
|
18
22
|
|
|
19
23
|
```yaml
|
|
@@ -25,6 +29,19 @@ updates:
|
|
|
25
29
|
interval: "weekly"
|
|
26
30
|
```
|
|
27
31
|
|
|
32
|
+
```yaml
|
|
33
|
+
version: 2
|
|
34
|
+
multi-ecosystem-groups:
|
|
35
|
+
app:
|
|
36
|
+
open-pull-requests-limit: 5
|
|
37
|
+
updates:
|
|
38
|
+
- package-ecosystem: "npm"
|
|
39
|
+
directory: "/"
|
|
40
|
+
multi-ecosystem-group: "app"
|
|
41
|
+
schedule:
|
|
42
|
+
interval: "weekly"
|
|
43
|
+
```
|
|
44
|
+
|
|
28
45
|
## ✅ Correct
|
|
29
46
|
|
|
30
47
|
```yaml
|
|
@@ -39,7 +56,7 @@ updates:
|
|
|
39
56
|
|
|
40
57
|
## Additional examples
|
|
41
58
|
|
|
42
|
-
This rule
|
|
59
|
+
This rule is intentionally limited to standalone update entries. Grouped updates already consolidate into one pull request per multi-ecosystem group.
|
|
43
60
|
|
|
44
61
|
## ESLint flat config example
|
|
45
62
|
|
|
@@ -51,7 +68,7 @@ export default [githubActions.configs.dependabot];
|
|
|
51
68
|
|
|
52
69
|
## When not to use it
|
|
53
70
|
|
|
54
|
-
Disable this rule if the repository intentionally relies on Dependabot's built-in default PR limit.
|
|
71
|
+
Disable this rule if the repository intentionally relies on Dependabot's built-in default PR limit for standalone updates.
|
|
55
72
|
|
|
56
73
|
## Further reading
|
|
57
74
|
|
package/package.json
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
{
|
|
2
2
|
"$schema": "https://www.schemastore.org/package.json",
|
|
3
3
|
"name": "eslint-plugin-github-actions-2",
|
|
4
|
-
"version": "1.0.
|
|
4
|
+
"version": "1.0.6",
|
|
5
5
|
"private": false,
|
|
6
6
|
"description": "ESLint plugin for GitHub Actions workflow quality, reliability, and security rules.",
|
|
7
7
|
"keywords": [
|