diff options
| author | sterni <sternenseemann@systemli.org> | 2021-10-15T18·48+0200 |
|---|---|---|
| committer | sterni <sternenseemann@systemli.org> | 2021-11-10T20·15+0000 |
| commit | 9239868daa54e4f17e6778910c7a49036c49e72e (patch) | |
| tree | 5356c8e5fce76aeff3292e9d1ec7b3976e6a04f4 | |
| parent | 795a8de9420672b8eaea0b5bba2a373b69b54130 (diff) | |
feat(nixpkgs-crate-holes): cc maintainers allowed by a whitelist r/3034
Change-Id: Iffbe173a48b466c52669efc70f9b5e5d4a6aff9a Reviewed-on: https://cl.tvl.fyi/c/depot/+/3730 Tested-by: BuildkiteCI Reviewed-by: Alyssa Ross <hi@alyssa.is> Reviewed-by: sterni <sternenseemann@systemli.org>
| -rw-r--r-- | users/sterni/nixpkgs-crate-holes/default.nix | 18 | ||||
| -rw-r--r-- | users/sterni/nixpkgs-crate-holes/format-audit-result.jq | 4 |
2 files changed, 19 insertions, 3 deletions
diff --git a/users/sterni/nixpkgs-crate-holes/default.nix b/users/sterni/nixpkgs-crate-holes/default.nix index 9ca72e5463..d2557d4bd5 100644 --- a/users/sterni/nixpkgs-crate-holes/default.nix +++ b/users/sterni/nixpkgs-crate-holes/default.nix @@ -24,6 +24,15 @@ let eprintf = depot.tools.eprintf; }; + # list of maintainers we may @mention on GitHub + maintainerWhitelist = builtins.attrValues { + inherit (lib.maintainers) + sternenseemann + qyliss + jk + ; + }; + # buildRustPackage handling /* Predicate by which we identify rust packages we are interested in, @@ -98,9 +107,12 @@ let # Report generation and formatting - reportFor = { attr, lock, ... }: let + reportFor = { attr, lock, maintainers ? [] }: let # naïve attribute path to Nix syntax conversion strAttr = lib.concatStringsSep "." attr; + strMaintainers = lib.concatMapStringsSep " " (m: "@${m.github}") ( + builtins.filter (x: builtins.elem x maintainerWhitelist) maintainers + ); in if lock == null then pkgs.emptyFile @@ -113,7 +125,9 @@ let ] "importas" "out" "out" "redirfd" "-w" "1" "$out" - bins.jq "-rj" "-f" ./format-audit-result.jq "--arg" "attr" strAttr + bins.jq "-rj" "-f" ./format-audit-result.jq + "--arg" "attr" strAttr + "--arg" "maintainers" strMaintainers ]; # GHMF in issues splits paragraphs on newlines diff --git a/users/sterni/nixpkgs-crate-holes/format-audit-result.jq b/users/sterni/nixpkgs-crate-holes/format-audit-result.jq index c527bc4da9..e3147b8016 100644 --- a/users/sterni/nixpkgs-crate-holes/format-audit-result.jq +++ b/users/sterni/nixpkgs-crate-holes/format-audit-result.jq @@ -53,7 +53,9 @@ else ([ "- [ ] " , "`", $attr, "`: " , (.vulnerabilities.count | tostring) - , " vulnerabilities in Cargo.lock\n" + , " vulnerabilities in Cargo.lock" + , if $maintainers != "" then " (cc " + $maintainers + ")" else "" end + , "\n" ] + (.vulnerabilities.list | map(format_vulnerability)) ) | add end |