From 1da53671b8fce885f81bd9edc1a8b9f1659731fb Mon Sep 17 00:00:00 2001
From: Rhys Arkins <rhys@arkins.net>
Date: Sun, 29 Jul 2018 08:43:53 +0200
Subject: [PATCH] feat: vulnerabilityAlertsOnly
For use in new app
---
lib/config/definitions.js | 1 +
lib/config/validation.js | 1 +
lib/workers/repository/error.js | 4 ++++
lib/workers/repository/init/vulnerability.js | 5 +++++
.../repository/updates/__snapshots__/flatten.spec.js.snap | 4 ++++
5 files changed, 15 insertions(+)
diff --git a/lib/config/definitions.js b/lib/config/definitions.js
index 5c177150a3..498ec6d78b 100644
--- a/lib/config/definitions.js
+++ b/lib/config/definitions.js
@@ -692,6 +692,7 @@ const options = [
'Config to apply when Renovate detects a PR is necessary due to vulnerability of existing package version.',
type: 'object',
default: {
+ enabled: true,
groupName: null,
schedule: [],
commitMessageSuffix: '[SECURITY]',
diff --git a/lib/config/validation.js b/lib/config/validation.js
index ebd81d3b3f..09e25d7cda 100644
--- a/lib/config/validation.js
+++ b/lib/config/validation.js
@@ -41,6 +41,7 @@ async function validateConfig(config, isPreset, parentPath) {
'packageFile',
'forkToken',
'repository',
+ 'vulnerabilityAlertsOnly',
];
return ignoredNodes.includes(key);
}
diff --git a/lib/workers/repository/error.js b/lib/workers/repository/error.js
index b90ea2a74a..1cc0f277ab 100644
--- a/lib/workers/repository/error.js
+++ b/lib/workers/repository/error.js
@@ -50,6 +50,10 @@ async function handleError(config, err) {
logger.info('Repository has no package files - skipping');
return err.message;
}
+ if (err.message === 'no-vulnerability-alerts') {
+ logger.info('Repository has no vulnerability alerts - skipping');
+ return err.message;
+ }
if (err.message === 'repository-changed') {
logger.info('Repository has changed during renovation - aborting');
delete config.branchList; // eslint-disable-line no-param-reassign
diff --git a/lib/workers/repository/init/vulnerability.js b/lib/workers/repository/init/vulnerability.js
index 1b68304741..7a852ccaf4 100644
--- a/lib/workers/repository/init/vulnerability.js
+++ b/lib/workers/repository/init/vulnerability.js
@@ -7,10 +7,15 @@ async function detectVulnerabilityAlerts(input) {
return input;
}
if (input.vulnerabilityAlerts.enabled === false) {
+ logger.debug('Vulnerability alerts are disabled');
return input;
}
const alerts = await platform.getVulnerabilityAlerts();
if (!alerts.length) {
+ logger.debug('No vulnerability alerts found');
+ if (input.vulnerabilityAlertsOnly) {
+ throw new Error('no-vulnerability-alerts');
+ }
return input;
}
const config = { ...input };
diff --git a/test/workers/repository/updates/__snapshots__/flatten.spec.js.snap b/test/workers/repository/updates/__snapshots__/flatten.spec.js.snap
index 52de9513e8..84c5517342 100644
--- a/test/workers/repository/updates/__snapshots__/flatten.spec.js.snap
+++ b/test/workers/repository/updates/__snapshots__/flatten.spec.js.snap
@@ -63,6 +63,7 @@ Array [
"updateNotScheduled": true,
"vulnerabilityAlerts": Object {
"commitMessageSuffix": "[SECURITY]",
+ "enabled": true,
"groupName": null,
"schedule": Array [],
},
@@ -129,6 +130,7 @@ Array [
"updateNotScheduled": true,
"vulnerabilityAlerts": Object {
"commitMessageSuffix": "[SECURITY]",
+ "enabled": true,
"groupName": null,
"schedule": Array [],
},
@@ -209,6 +211,7 @@ Array [
"updateType": "lockFileMaintenance",
"vulnerabilityAlerts": Object {
"commitMessageSuffix": "[SECURITY]",
+ "enabled": true,
"groupName": null,
"schedule": Array [],
},
@@ -276,6 +279,7 @@ Array [
"updateNotScheduled": true,
"vulnerabilityAlerts": Object {
"commitMessageSuffix": "[SECURITY]",
+ "enabled": true,
"groupName": null,
"schedule": Array [],
},
--
GitLab