diff options
Diffstat (limited to 'users/sterni')
-rw-r--r-- | users/sterni/nixpkgs-crate-holes/default.nix | 18 | ||||
-rw-r--r-- | users/sterni/nixpkgs-crate-holes/format-audit-result.jq | 4 |
2 files changed, 19 insertions, 3 deletions
diff --git a/users/sterni/nixpkgs-crate-holes/default.nix b/users/sterni/nixpkgs-crate-holes/default.nix index 9ca72e5463b3..d2557d4bd5c7 100644 --- a/users/sterni/nixpkgs-crate-holes/default.nix +++ b/users/sterni/nixpkgs-crate-holes/default.nix @@ -24,6 +24,15 @@ let eprintf = depot.tools.eprintf; }; + # list of maintainers we may @mention on GitHub + maintainerWhitelist = builtins.attrValues { + inherit (lib.maintainers) + sternenseemann + qyliss + jk + ; + }; + # buildRustPackage handling /* Predicate by which we identify rust packages we are interested in, @@ -98,9 +107,12 @@ let # Report generation and formatting - reportFor = { attr, lock, ... }: let + reportFor = { attr, lock, maintainers ? [] }: let # naïve attribute path to Nix syntax conversion strAttr = lib.concatStringsSep "." attr; + strMaintainers = lib.concatMapStringsSep " " (m: "@${m.github}") ( + builtins.filter (x: builtins.elem x maintainerWhitelist) maintainers + ); in if lock == null then pkgs.emptyFile @@ -113,7 +125,9 @@ let ] "importas" "out" "out" "redirfd" "-w" "1" "$out" - bins.jq "-rj" "-f" ./format-audit-result.jq "--arg" "attr" strAttr + bins.jq "-rj" "-f" ./format-audit-result.jq + "--arg" "attr" strAttr + "--arg" "maintainers" strMaintainers ]; # GHMF in issues splits paragraphs on newlines diff --git a/users/sterni/nixpkgs-crate-holes/format-audit-result.jq b/users/sterni/nixpkgs-crate-holes/format-audit-result.jq index c527bc4da9ec..e3147b8016c1 100644 --- a/users/sterni/nixpkgs-crate-holes/format-audit-result.jq +++ b/users/sterni/nixpkgs-crate-holes/format-audit-result.jq @@ -53,7 +53,9 @@ else ([ "- [ ] " , "`", $attr, "`: " , (.vulnerabilities.count | tostring) - , " vulnerabilities in Cargo.lock\n" + , " vulnerabilities in Cargo.lock" + , if $maintainers != "" then " (cc " + $maintainers + ")" else "" end + , "\n" ] + (.vulnerabilities.list | map(format_vulnerability)) ) | add end |