feat(nixpkgs-crate-holes): cc maintainers allowed by a whitelist

Change-Id: Iffbe173a48b466c52669efc70f9b5e5d4a6aff9a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3730
Tested-by: BuildkiteCI
Reviewed-by: Alyssa Ross <hi@alyssa.is>
Reviewed-by: sterni <sternenseemann@systemli.org>
This commit is contained in:
sterni 2021-10-15 20:48:57 +02:00
parent 795a8de942
commit 9239868daa
2 changed files with 19 additions and 3 deletions

View file

@ -24,6 +24,15 @@ let
eprintf = depot.tools.eprintf;
};
# list of maintainers we may @mention on GitHub
maintainerWhitelist = builtins.attrValues {
inherit (lib.maintainers)
sternenseemann
qyliss
jk
;
};
# buildRustPackage handling
/* Predicate by which we identify rust packages we are interested in,
@ -98,9 +107,12 @@ let
# Report generation and formatting
reportFor = { attr, lock, ... }: let
reportFor = { attr, lock, maintainers ? [] }: let
# naïve attribute path to Nix syntax conversion
strAttr = lib.concatStringsSep "." attr;
strMaintainers = lib.concatMapStringsSep " " (m: "@${m.github}") (
builtins.filter (x: builtins.elem x maintainerWhitelist) maintainers
);
in
if lock == null
then pkgs.emptyFile
@ -113,7 +125,9 @@ let
]
"importas" "out" "out"
"redirfd" "-w" "1" "$out"
bins.jq "-rj" "-f" ./format-audit-result.jq "--arg" "attr" strAttr
bins.jq "-rj" "-f" ./format-audit-result.jq
"--arg" "attr" strAttr
"--arg" "maintainers" strMaintainers
];
# GHMF in issues splits paragraphs on newlines

View file

@ -53,7 +53,9 @@ else
([ "- [ ] "
, "`", $attr, "`: "
, (.vulnerabilities.count | tostring)
, " vulnerabilities in Cargo.lock\n"
, " vulnerabilities in Cargo.lock"
, if $maintainers != "" then " (cc " + $maintainers + ")" else "" end
, "\n"
] + (.vulnerabilities.list | map(format_vulnerability))
) | add
end