Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: check that the author is defined when comparing it with dependab… #258

Merged
merged 2 commits into from
Aug 23, 2022
Merged

fix: check that the author is defined when comparing it with dependab… #258

merged 2 commits into from
Aug 23, 2022

Conversation

marco-ippolito
Copy link
Member

@marco-ippolito marco-ippolito commented Aug 22, 2022
edited
Loading

resolves: #259

Checklist

@Uzlopak
Copy link
Contributor

Uzlopak commented Aug 22, 2022
edited
Loading

This would reintroduce GHSA-v5vr-h3xq-8v6w

(accidently closed)

@Uzlopak Uzlopak closed this Aug 22, 2022
@Uzlopak Uzlopak reopened this Aug 22, 2022
@Uzlopak Uzlopak requested a review from simoneb August 22, 2022 16:06
@marco-ippolito marco-ippolito changed the title fix: check that the author is defined when comparing it with dependab… fix: check that the author is defined when comparing it with dependab… https://github.com/fastify/github-action-merge-dependabot/issues/259 Aug 22, 2022
@marco-ippolito marco-ippolito changed the title fix: check that the author is defined when comparing it with dependab… https://github.com/fastify/github-action-merge-dependabot/issues/259 fix: check that the author is defined when comparing it with dependab… Aug 22, 2022
simoneb
simoneb reviewed Aug 22, 2022
View reviewed changes
Copy link
Collaborator

@simoneb simoneb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We need a test that a missing author is considered the same as a non-dependabot author. Meaning, commits made by anybody who's not dependabot are not automerged

@simoneb
Copy link
Collaborator

simoneb commented Aug 22, 2022

This would reintroduce GHSA-v5vr-h3xq-8v6w

(accidently closed)

This would not. The intention is to consider a missing author as anybody who's not dependabot.

simoneb
simoneb reviewed Aug 23, 2022
View reviewed changes
test/action.test.js Outdated
author: {
login: 'not dependabot',
},
author: undefined,
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need to test both cases, not just once. to avoid duplication of the whole test, just create an array with the two users and create the 2 tests in a loop

Uzlopak
Uzlopak approved these changes Aug 23, 2022
View reviewed changes
Copy link
Contributor

@Uzlopak Uzlopak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@simoneb simoneb merged commit 64a2b98 into fastify:main Aug 23, 2022
@optic-release-automation optic-release-automation bot mentioned this pull request Aug 23, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simoneb simoneb simoneb approved these changes

@Uzlopak Uzlopak Uzlopak approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Automerge fails when author of a commit is not defined
3 participants
@marco-ippolito @Uzlopak @simoneb