Merge pull request #828 from actions/hm/summary

Do not list changed dependencies in summary
actions · Sep 16, 2024 · 6ea3b24 · 6ea3b24
2 parents b3559aa + 05042db
commit 6ea3b24
Show file tree

Hide file tree

Showing 6 changed files with 55 additions and 70 deletions.
diff --git a/__tests__/summary.test.ts b/__tests__/summary.test.ts
@@ -109,42 +109,6 @@ test('prints headline as h1', () => {
   expect(text).toContain('<h1>Dependency Review</h1>')
 })
 
-test('returns minimal summary in case the core.summary is too large for a PR comment', () => {
-  let changes: Changes = [
-    createTestChange({name: 'lodash', version: '1.2.3'}),
-    createTestChange({name: 'colors', version: '2.3.4'}),
-    createTestChange({name: '@foo/bar', version: '*'})
-  ]
-
-  let minSummary: string = summary.addSummaryToSummary(
-    changes,
-    emptyInvalidLicenseChanges,
-    emptyChanges,
-    scorecard,
-    defaultConfig
-  )
-
-  // side effect DR report into core.summary as happens in main.ts
-  summary.addScannedDependencies(changes)
-  const text = core.summary.stringify()
-
-  expect(text).toContain('<h1>Dependency Review</h1>')
-  expect(minSummary).toContain('# Dependency Review')
-
-  expect(text).toContain('❌ 3 vulnerable package(s)')
-  expect(text).not.toContain('* ❌ 3 vulnerable package(s)')
-  expect(text).toContain('lodash')
-  expect(text).toContain('colors')
-  expect(text).toContain('@foo/bar')
-
-  expect(minSummary).toContain('* ❌ 3 vulnerable package(s)')
-  expect(minSummary).not.toContain('lodash')
-  expect(minSummary).not.toContain('colors')
-  expect(minSummary).not.toContain('@foo/bar')
-
-  expect(text.length).toBeGreaterThan(minSummary.length)
-})
-
 test('returns minimal summary formatted for posting as a PR comment', () => {
   const OLD_ENV = process.env
 
@@ -232,14 +196,10 @@ test('groups dependencies with empty manifest paths together', () => {
     emptyScorecard,
     defaultConfig
   )
-  summary.addScannedDependencies(changesWithEmptyManifests)
+  summary.addScannedFiles(changesWithEmptyManifests)
   const text = core.summary.stringify()
-
-  expect(text).toContain('<summary>Unnamed Manifest</summary>')
-  expect(text).toContain('castore')
-  expect(text).toContain('connection')
-  expect(text).toContain('<summary>python/dist-info/METADATA</summary>')
-  expect(text).toContain('pygments')
+  expect(text).toContain('Unnamed Manifest')
+  expect(text).toContain('python/dist-info/METADATA')
 })
 
 test('does not include status section if nothing was found', () => {

diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/scripts/create_summary.ts b/scripts/create_summary.ts
@@ -143,7 +143,7 @@ async function createSummary(
     ...licenseIssues.unlicensed
   ]
 
-  summary.addScannedDependencies(allChanges)
+  summary.addScannedFiles(allChanges)
 
   const text = core.summary.stringify()
   await fs.promises.writeFile(path.resolve(tmpDir, fileName), text, {

diff --git a/src/main.ts b/src/main.ts
@@ -166,7 +166,7 @@ async function run(): Promise<void> {
     }
 
     core.setOutput('dependency-changes', JSON.stringify(changes))
-    summary.addScannedDependencies(changes)
+    summary.addScannedFiles(changes)
     printScannedDependencies(changes)
 
     // include full summary in output; Actions will truncate if oversized

diff --git a/src/summary.ts b/src/summary.ts
@@ -1,7 +1,7 @@
 import * as core from '@actions/core'
-import {ConfigurationOptions, Changes, Change, Scorecard} from './schemas'
 import {SummaryTableRow} from '@actions/core/lib/summary'
 import {InvalidLicenseChanges, InvalidLicenseChangeTypes} from './licenses'
+import {Change, Changes, ConfigurationOptions, Scorecard} from './schemas'
 import {groupDependenciesByManifest, getManifestsSet, renderUrl} from './utils'
 
 const icons = {
@@ -10,6 +10,8 @@ const icons = {
   warning: '⚠️'
 }
 
+const MAX_SCANNED_FILES_BYTES = 1048576
+
 // generates the DR report summmary and caches it to the Action's core.summary.
 // returns the DR summary string, ready to be posted as a PR comment if the
 // final DR report is too large
@@ -263,21 +265,33 @@ function formatLicense(license: string | null): string {
   return license
 }
 
-export function addScannedDependencies(changes: Changes): void {
-  const dependencies = groupDependenciesByManifest(changes)
-  const manifests = dependencies.keys()
+export function addScannedFiles(changes: Changes): void {
+  const manifests = Array.from(
+    groupDependenciesByManifest(changes).keys()
+  ).sort()
 
-  const summary = core.summary.addHeading('Scanned Manifest Files', 2)
+  let sf_size = 0
+  let trunc_at = -1
 
-  for (const manifest of manifests) {
-    const deps = dependencies.get(manifest)
-    if (deps) {
-      const dependencyNames = deps.map(
-        dependency => `<li>${dependency.name}@${dependency.version}</li>`
-      )
-      summary.addDetails(manifest, `<ul>${dependencyNames.join('')}</ul>`)
+  for (const [index, entry] of manifests.entries()) {
+    if (sf_size + entry.length >= MAX_SCANNED_FILES_BYTES) {
+      trunc_at = index
+      break
     }
+    sf_size += entry.length
   }
+
+  if (trunc_at >= 0) {
+    // truncate the manifests list if it will overflow the summary output
+    manifests.slice(0, trunc_at)
+    // if there's room between cutoff size and list size, add a warning
+    const size_diff = MAX_SCANNED_FILES_BYTES - sf_size
+    if (size_diff < 12) {
+      manifests.push('(truncated)')
+    }
+  }
+
+  core.summary.addHeading('Scanned Files', 2).addList(manifests)
 }
 
 function snapshotWarningRecommendation(