feat(nixpkgs-crate-holes): cc maintainers allowed by a whitelist
Change-Id: Iffbe173a48b466c52669efc70f9b5e5d4a6aff9a Reviewed-on: https://cl.tvl.fyi/c/depot/+/3730 Tested-by: BuildkiteCI Reviewed-by: Alyssa Ross <hi@alyssa.is> Reviewed-by: sterni <sternenseemann@systemli.org>
This commit is contained in:
parent
795a8de942
commit
9239868daa
2 changed files with 19 additions and 3 deletions
|
@ -24,6 +24,15 @@ let
|
|||
eprintf = depot.tools.eprintf;
|
||||
};
|
||||
|
||||
# list of maintainers we may @mention on GitHub
|
||||
maintainerWhitelist = builtins.attrValues {
|
||||
inherit (lib.maintainers)
|
||||
sternenseemann
|
||||
qyliss
|
||||
jk
|
||||
;
|
||||
};
|
||||
|
||||
# buildRustPackage handling
|
||||
|
||||
/* Predicate by which we identify rust packages we are interested in,
|
||||
|
@ -98,9 +107,12 @@ let
|
|||
|
||||
# Report generation and formatting
|
||||
|
||||
reportFor = { attr, lock, ... }: let
|
||||
reportFor = { attr, lock, maintainers ? [] }: let
|
||||
# naïve attribute path to Nix syntax conversion
|
||||
strAttr = lib.concatStringsSep "." attr;
|
||||
strMaintainers = lib.concatMapStringsSep " " (m: "@${m.github}") (
|
||||
builtins.filter (x: builtins.elem x maintainerWhitelist) maintainers
|
||||
);
|
||||
in
|
||||
if lock == null
|
||||
then pkgs.emptyFile
|
||||
|
@ -113,7 +125,9 @@ let
|
|||
]
|
||||
"importas" "out" "out"
|
||||
"redirfd" "-w" "1" "$out"
|
||||
bins.jq "-rj" "-f" ./format-audit-result.jq "--arg" "attr" strAttr
|
||||
bins.jq "-rj" "-f" ./format-audit-result.jq
|
||||
"--arg" "attr" strAttr
|
||||
"--arg" "maintainers" strMaintainers
|
||||
];
|
||||
|
||||
# GHMF in issues splits paragraphs on newlines
|
||||
|
|
|
@ -53,7 +53,9 @@ else
|
|||
([ "- [ ] "
|
||||
, "`", $attr, "`: "
|
||||
, (.vulnerabilities.count | tostring)
|
||||
, " vulnerabilities in Cargo.lock\n"
|
||||
, " vulnerabilities in Cargo.lock"
|
||||
, if $maintainers != "" then " (cc " + $maintainers + ")" else "" end
|
||||
, "\n"
|
||||
] + (.vulnerabilities.list | map(format_vulnerability))
|
||||
) | add
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue