Skip to content

Commit

Permalink
Merge pull request #93 from github/jm-date-issue-fix
Browse files Browse the repository at this point in the history
fix: ensure created_after_date is formatted string before date comparison
  • Loading branch information
jmeridth authored Apr 11, 2024
2 parents 8a2ec26 + 7de01f7 commit 420f960
Show file tree
Hide file tree
Showing 4 changed files with 64 additions and 23 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ This action can be configured to authenticate with GitHub App Installation or Pe
| `TITLE` | False | "Enable Dependabot" | The title of the issue or pull request that will be created if dependabot could be enabled. |
| `BODY` | False | **Pull Request:** "Dependabot could be enabled for this repository. Please enable it by merging this pull request so that we can keep our dependencies up to date and secure." **Issue:** "Please update the repository to include a Dependabot configuration file. This will ensure our dependencies remain updated and secure.Follow the guidelines in [creating Dependabot configuration files](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file) to set it up properly.Here's an example of the code:" | The body of the issue or pull request that will be created if dependabot could be enabled. |
| `COMMIT_MESSAGE` | False | "Create dependabot.yaml" | The commit message for the pull request that will be created if dependabot could be enabled. |
| `CREATED_AFTER_DATE` | False | none | If a value is set, this action will only consider repositories created on or after this date for dependabot enablement. This is useful if you want to only consider newly created repositories. If I set up this action to run weekly and I only want to scan for repos created in the last week that need dependabot enabled, then I would set `CREATED_AFTER_DATE` to 7 days ago. That way only repositories created after 7 days ago will be considered for dependabot enablement. If not set or set to nothing, all repositories will be scanned and a duplicate issue/pull request may occur. Ex: 2023-12-31 for Dec. 31st 2023 |
| `CREATED_AFTER_DATE` | False | none | If a value is set, this action will only consider repositories created on or after this date for dependabot enablement. This is useful if you want to only consider newly created repositories. If I set up this action to run weekly and I only want to scan for repos created in the last week that need dependabot enabled, then I would set `CREATED_AFTER_DATE` to 7 days ago. That way only repositories created after 7 days ago will be considered for dependabot enablement. If not set or set to nothing, all repositories will be scanned and a duplicate issue/pull request may occur. Ex: 2023-12-31 for Dec. 31st 2023 |
| `PROJECT_ID` | False | "" | If set, this will assign the issue or pull request to the project with the given ID. ( The project ID on GitHub can be located by navigating to the respective project and observing the URL's end.) **The `ORGANIZATION` variable is required** |
| `DRY_RUN` | False | false | If set to true, this action will not create any issues or pull requests. It will only log the repositories that could have dependabot enabled. This is useful for testing. |
| `GROUP_DEPENDENCIES` | False | false | If set to true, dependabot configuration will group dependencies updates based on [dependency type](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups) (production or development, where supported) |
Expand Down
13 changes: 8 additions & 5 deletions env.py
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
"""

import os
import re
from os.path import dirname, join

from dotenv import load_dotenv
Expand Down Expand Up @@ -54,7 +55,7 @@ def get_env_vars() -> tuple[
str,
str,
str,
str | None,
str,
bool,
str,
str | None,
Expand Down Expand Up @@ -184,10 +185,12 @@ def get_env_vars() -> tuple[
else:
commit_message = "Create dependabot.yaml"

created_after_date = os.getenv("CREATED_AFTER_DATE")
# make sure that created_after_date is a date in the format YYYY-MM-DD
if created_after_date and len(created_after_date) != 10:
raise ValueError("CREATED_AFTER_DATE environment variable not in YYYY-MM-DD")
created_after_date = os.getenv("CREATED_AFTER_DATE", "")
is_match = re.match(r"\d{4}-\d{2}-\d{2}", created_after_date)
if created_after_date and not is_match:
raise ValueError(
f"CREATED_AFTER_DATE '{created_after_date}' environment variable not in YYYY-MM-DD"
)

group_dependencies_bool = get_bool_env_var("GROUP_DEPENDENCIES")
enable_security_updates_bool = get_bool_env_var(
Expand Down
47 changes: 33 additions & 14 deletions test_env.py
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ def setUp(self):
"TYPE": "issue",
"TITLE": "Dependabot Alert custom title",
"BODY": "Dependabot custom body",
"CREATED_AFTER_DATE": "2023-01-01",
"CREATED_AFTER_DATE": "2020-01-01",
"COMMIT_MESSAGE": "Create dependabot configuration",
"PROJECT_ID": "123",
"GROUP_DEPENDENCIES": "false",
Expand All @@ -60,7 +60,7 @@ def test_get_env_vars_with_org(self):
"issue",
"Dependabot Alert custom title",
"Dependabot custom body",
"2023-01-01",
"2020-01-01",
False,
"Create dependabot configuration",
"123",
Expand Down Expand Up @@ -140,7 +140,7 @@ def test_get_env_vars_optional_values(self):
"Dependabot could be enabled for this repository. \
Please enable it by merging this pull request so that \
we can keep our dependencies up to date and secure.",
None,
"",
False,
"Create dependabot.yaml",
None,
Expand Down Expand Up @@ -192,7 +192,7 @@ def test_get_env_vars_auth_with_github_app_installation(self):
"Dependabot could be enabled for this repository. Please enable it by merging "
"this pull request so that we can keep our dependencies up to date and "
"secure.",
None,
"",
False,
"Create dependabot.yaml",
None,
Expand Down Expand Up @@ -252,7 +252,7 @@ def test_get_env_vars_with_repos_no_dry_run(self):
"Dependabot could be enabled for this repository. \
Please enable it by merging this pull request so that \
we can keep our dependencies up to date and secure.",
None,
"",
False,
"Create dependabot.yaml",
None,
Expand Down Expand Up @@ -290,7 +290,7 @@ def test_get_env_vars_with_repos_disabled_security_updates(self):
"Dependabot could be enabled for this repository. \
Please enable it by merging this pull request so that \
we can keep our dependencies up to date and secure.",
None,
"",
False,
"Create dependabot.yaml",
None,
Expand Down Expand Up @@ -329,7 +329,7 @@ def test_get_env_vars_with_repos_filter_visibility_multiple_values(self):
"Dependabot could be enabled for this repository. \
Please enable it by merging this pull request so that \
we can keep our dependencies up to date and secure.",
None,
"",
False,
"Create dependabot.yaml",
None,
Expand Down Expand Up @@ -368,7 +368,7 @@ def test_get_env_vars_with_repos_filter_visibility_single_value(self):
"Dependabot could be enabled for this repository. \
Please enable it by merging this pull request so that \
we can keep our dependencies up to date and secure.",
None,
"",
False,
"Create dependabot.yaml",
None,
Expand Down Expand Up @@ -437,7 +437,7 @@ def test_get_env_vars_with_repos_filter_visibility_no_duplicates(self):
"Dependabot could be enabled for this repository. \
Please enable it by merging this pull request so that \
we can keep our dependencies up to date and secure.",
None,
"",
False,
"Create dependabot.yaml",
None,
Expand Down Expand Up @@ -477,7 +477,7 @@ def test_get_env_vars_with_repos_exempt_ecosystems(self):
"Dependabot could be enabled for this repository. \
Please enable it by merging this pull request so that \
we can keep our dependencies up to date and secure.",
None,
"",
False,
"Create dependabot.yaml",
None,
Expand Down Expand Up @@ -516,7 +516,7 @@ def test_get_env_vars_with_no_batch_size(self):
"Dependabot could be enabled for this repository. \
Please enable it by merging this pull request so that \
we can keep our dependencies up to date and secure.",
None,
"",
False,
"Create dependabot.yaml",
None,
Expand Down Expand Up @@ -556,7 +556,7 @@ def test_get_env_vars_with_batch_size(self):
"Dependabot could be enabled for this repository. \
Please enable it by merging this pull request so that \
we can keep our dependencies up to date and secure.",
None,
"",
False,
"Create dependabot.yaml",
None,
Expand All @@ -581,7 +581,7 @@ def test_get_env_vars_with_batch_size(self):
clear=True,
)
def test_get_env_vars_with_invalid_batch_size_int(self):
"""Test that filter_visibility is set correctly when there are duplicate values"""
"""Test that invalid batch size with negative 1 throws exception"""
with self.assertRaises(ValueError):
get_env_vars()

Expand All @@ -597,10 +597,29 @@ def test_get_env_vars_with_invalid_batch_size_int(self):
clear=True,
)
def test_get_env_vars_with_invalid_batch_size_str(self):
"""Test that filter_visibility is set correctly when there are duplicate values"""
"""Test that invalid batch size of string throws exception"""
with self.assertRaises(ValueError):
get_env_vars()

@patch.dict(
os.environ,
{
"ORGANIZATION": "my_organization",
"GH_TOKEN": "my_token",
"CREATED_AFTER_DATE": "20200101",
},
clear=True,
)
def test_get_env_vars_with_badly_formatted_created_after_date(self):
"""Test that"""
with self.assertRaises(ValueError) as context_manager:
get_env_vars()
the_exception = context_manager.exception
self.assertEqual(
str(the_exception),
"CREATED_AFTER_DATE '20200101' environment variable not in YYYY-MM-DD",
)


if __name__ == "__main__":
unittest.main()
25 changes: 22 additions & 3 deletions test_evergreen.py
Original file line number Diff line number Diff line change
Expand Up @@ -584,7 +584,7 @@ class TestIsRepoCreateDateBeforeCreatedAfterDate(unittest.TestCase):
"""Test the is_repo_create_date_before_created_after_date function in evergreen.py"""

def test_is_repo_create_date_before_created_after_date(self):
"""Test the repo.created_at date is before created_after_date."""
"""Test the repo.created_at date is before created_after_date and has timezone."""
repo_created_at = "2020-01-01T05:00:00Z"
created_after_date = "2021-01-01"

Expand All @@ -593,7 +593,7 @@ def test_is_repo_create_date_before_created_after_date(self):
self.assertTrue(result)

def test_is_repo_create_date_is_after_created_after_date(self):
"""Test the repo.created_at date is after created_after_date."""
"""Test the repo.created_at date is after created_after_date and has timezone."""
repo_created_at = "2022-01-01T05:00:00Z"
created_after_date = "2021-01-01"

Expand All @@ -602,7 +602,7 @@ def test_is_repo_create_date_is_after_created_after_date(self):
self.assertFalse(result)

def test_is_repo_created_date_has_no_time_zone(self):
"""Test the repo.created_at date is after created_after_date."""
"""Test the repo.created_at date is before created_after_date with no timezone."""
repo_created_at = "2020-01-01"
created_after_date = "2021-01-01"

Expand All @@ -619,6 +619,25 @@ def test_is_created_after_date_is_empty_string(self):

self.assertFalse(result)

def test_is_repo_created_date_is_before_created_after_date_without_timezene_again(
self,
):
"""Test the repo.created_at date is before created_after_date without timezone again."""
repo_created_at = "2018-01-01"
created_after_date = "2020-01-01"

result = is_repo_created_date_before(repo_created_at, created_after_date)

self.assertTrue(result)

def test_is_repo_created_date_and_created_after_date_is_not_a_date(self):
"""Test the repo.created_at date and the created_after_date argument is not a date."""
repo_created_at = "2018-01-01"
created_after_date = "Not a date"

with self.assertRaises(ValueError):
is_repo_created_date_before(repo_created_at, created_after_date)


if __name__ == "__main__":
unittest.main()

0 comments on commit 420f960

Please sign in to comment.