From 9239868daa54e4f17e6778910c7a49036c49e72e Mon Sep 17 00:00:00 2001
From: sterni <sternenseemann@systemli.org>
Date: Fri, 15 Oct 2021 20:48:57 +0200
Subject: feat(nixpkgs-crate-holes): cc maintainers allowed by a whitelist

Change-Id: Iffbe173a48b466c52669efc70f9b5e5d4a6aff9a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3730
Tested-by: BuildkiteCI
Reviewed-by: Alyssa Ross <hi@alyssa.is>
Reviewed-by: sterni <sternenseemann@systemli.org>
---
 users/sterni/nixpkgs-crate-holes/default.nix           | 18 ++++++++++++++++--
 .../sterni/nixpkgs-crate-holes/format-audit-result.jq  |  4 +++-
 2 files changed, 19 insertions(+), 3 deletions(-)

(limited to 'users/sterni')

diff --git a/users/sterni/nixpkgs-crate-holes/default.nix b/users/sterni/nixpkgs-crate-holes/default.nix
index 9ca72e5463b3..d2557d4bd5c7 100644
--- a/users/sterni/nixpkgs-crate-holes/default.nix
+++ b/users/sterni/nixpkgs-crate-holes/default.nix
@@ -24,6 +24,15 @@ let
     eprintf = depot.tools.eprintf;
   };
 
+  # list of maintainers we may @mention on GitHub
+  maintainerWhitelist = builtins.attrValues {
+    inherit (lib.maintainers)
+      sternenseemann
+      qyliss
+      jk
+    ;
+  };
+
   # buildRustPackage handling
 
   /* Predicate by which we identify rust packages we are interested in,
@@ -98,9 +107,12 @@ let
 
   # Report generation and formatting
 
-  reportFor = { attr, lock, ... }: let
+  reportFor = { attr, lock, maintainers ? [] }: let
     # naïve attribute path to Nix syntax conversion
     strAttr = lib.concatStringsSep "." attr;
+    strMaintainers = lib.concatMapStringsSep " " (m: "@${m.github}") (
+      builtins.filter (x: builtins.elem x maintainerWhitelist) maintainers
+    );
   in
     if lock == null
     then pkgs.emptyFile
@@ -113,7 +125,9 @@ let
       ]
       "importas" "out" "out"
       "redirfd" "-w" "1" "$out"
-      bins.jq "-rj" "-f" ./format-audit-result.jq "--arg" "attr" strAttr
+      bins.jq "-rj" "-f" ./format-audit-result.jq
+      "--arg" "attr" strAttr
+      "--arg" "maintainers" strMaintainers
     ];
 
   # GHMF in issues splits paragraphs on newlines
diff --git a/users/sterni/nixpkgs-crate-holes/format-audit-result.jq b/users/sterni/nixpkgs-crate-holes/format-audit-result.jq
index c527bc4da9ec..e3147b8016c1 100644
--- a/users/sterni/nixpkgs-crate-holes/format-audit-result.jq
+++ b/users/sterni/nixpkgs-crate-holes/format-audit-result.jq
@@ -53,7 +53,9 @@ else
   ([ "- [ ] "
    , "`", $attr, "`: "
    , (.vulnerabilities.count | tostring)
-   , " vulnerabilities in Cargo.lock\n"
+   , " vulnerabilities in Cargo.lock"
+   , if $maintainers != "" then " (cc " + $maintainers + ")" else "" end
+   , "\n"
    ] + (.vulnerabilities.list | map(format_vulnerability))
   ) | add
 end
-- 
cgit 1.4.1