create config option for ghsa allowlist

actions · Sep 22, 2022 · bd61ea0 · bd61ea0
1 parent 2843194
commit bd61ea0
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 8 deletions.
diff --git a/__tests__/config.test.ts b/__tests__/config.test.ts
@@ -16,6 +16,7 @@ function clearInputs() {
     'FAIL-ON-SCOPES',
     'ALLOW-LICENSES',
     'DENY-LICENSES',
+    'ALLOW-GHSAS',
     'CONFIG-FILE',
     'BASE-REF',
     'HEAD-REF'
@@ -160,3 +161,17 @@ test('it raises an error when given invalid scope', async () => {
   setInput('fail-on-scopes', 'runtime, zombies')
   expect(() => readConfig()).toThrow()
 })
+
+test('it defaults to an empty GHSA allowlist', async () => {
+  const options = readConfig()
+  expect(options.allow_ghsas).toEqual(undefined)
+})
+
+test('it successfully parses GHSA allowlist', async () => {
+  setInput('allow-ghsas', 'GHSA-abcd-1234-5679, GHSA-efgh-1234-5679')
+  const options = readConfig()
+  expect(options.allow_ghsas).toEqual([
+    'GHSA-abcd-1234-5679',
+    'GHSA-efgh-1234-5679'
+  ])
+})
diff --git a/src/config.ts b/src/config.ts
@@ -47,23 +47,26 @@ export function readInlineConfig(): ConfigurationOptions {
     .default(['runtime'])
     .parse(parseList(getOptionalInput('fail-on-scopes')))
 
-  const allow_licenses = getOptionalInput('allow-licenses')
-  const deny_licenses = getOptionalInput('deny-licenses')
+  const allow_licenses = parseList(getOptionalInput('allow-licenses'))
+  const deny_licenses = parseList(getOptionalInput('deny-licenses'))
 
   if (allow_licenses !== undefined && deny_licenses !== undefined) {
     throw new Error("Can't specify both allow_licenses and deny_licenses")
   }
 
+  const allow_ghsas = parseList(getOptionalInput('allow-ghsas'))
+
   const base_ref = getOptionalInput('base-ref')
   const head_ref = getOptionalInput('head-ref')
 
   return {
-    fail_on_severity,
-    fail_on_scopes,
-    allow_licenses: parseList(allow_licenses),
-    deny_licenses: parseList(deny_licenses),
-    base_ref,
-    head_ref
+    fail_on_severity: fail_on_severity,
+    fail_on_scopes: fail_on_scopes,
+    allow_licenses: allow_licenses,
+    deny_licenses: deny_licenses,
+    allow_ghsas: allow_ghsas,
+    base_ref: base_ref,
+    head_ref: head_ref
   }
 }
 

diff --git a/src/schemas.ts b/src/schemas.ts
@@ -40,6 +40,7 @@ export const ConfigurationOptionsSchema = z
     fail_on_scopes: z.array(z.enum(SCOPES)).default(['runtime']),
     allow_licenses: z.array(z.string()).default([]),
     deny_licenses: z.array(z.string()).default([]),
+    allow_ghsas: z.array(z.string()).default([]),
     config_file: z.string().optional().default('false'),
     base_ref: z.string(),
     head_ref: z.string()