diff --git a/package-lock.json b/package-lock.json index 43c2964..9ef458f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -19,6 +19,7 @@ "@actions/http-client": "2.1.1", "@actions/tool-cache": "2.0.1", "@octokit/rest": "19.0.13", + "@octokit/webhooks-types": "7.3.0", "string-argv": "0.3.2" }, "devDependencies": { @@ -1817,6 +1818,11 @@ "@octokit/openapi-types": "^12.11.0" } }, + "node_modules/@octokit/webhooks-types": { + "version": "7.3.0", + "resolved": "https://registry.npmjs.org/@octokit/webhooks-types/-/webhooks-types-7.3.0.tgz", + "integrity": "sha512-DnZ0JdT6+me5a74H/FxHz6Pu3udTtGj5qfno9GhHWgdJoqo1EvaBWqnXRN2//XarzgfbsgkBO9Kzv7ap99mNuQ==" + }, "node_modules/@opentelemetry/api": { "version": "1.4.1", "resolved": "https://registry.npmjs.org/@opentelemetry/api/-/api-1.4.1.tgz", @@ -9552,6 +9558,11 @@ "@octokit/openapi-types": "^12.11.0" } }, + "@octokit/webhooks-types": { + "version": "7.3.0", + "resolved": "https://registry.npmjs.org/@octokit/webhooks-types/-/webhooks-types-7.3.0.tgz", + "integrity": "sha512-DnZ0JdT6+me5a74H/FxHz6Pu3udTtGj5qfno9GhHWgdJoqo1EvaBWqnXRN2//XarzgfbsgkBO9Kzv7ap99mNuQ==" + }, "@opentelemetry/api": { "version": "1.4.1", "resolved": "https://registry.npmjs.org/@opentelemetry/api/-/api-1.4.1.tgz", diff --git a/package.json b/package.json index e246d70..b13fe85 100644 --- a/package.json +++ b/package.json @@ -39,6 +39,7 @@ "@actions/http-client": "2.1.1", "@actions/tool-cache": "2.0.1", "@octokit/rest": "19.0.13", + "@octokit/webhooks-types": "7.3.0", "string-argv": "0.3.2" }, "devDependencies": { @@ -52,7 +53,7 @@ "eslint-plugin-jest": "27.4.0", "eslint-plugin-prettier": "5.0.0", "jest": "29.7.0", - "js-yaml": "4.1.0", + "js-yaml": "4.1.0", "patch-package": "8.0.0", "prettier": "3.0.3", "ts-jest": "29.1.1", diff --git a/src/dependency-graph.ts b/src/dependency-graph.ts index 0c25ac2..1243d6b 100644 --- a/src/dependency-graph.ts +++ b/src/dependency-graph.ts @@ -4,6 +4,7 @@ import * as github from '@actions/github' import * as glob from '@actions/glob' import * as toolCache from '@actions/tool-cache' import {GitHub} from '@actions/github/lib/utils' +import type {PullRequestEvent} from '@octokit/webhooks-types' import * as path from 'path' import fs from 'fs' @@ -19,12 +20,11 @@ export function setup(option: DependencyGraphOption): void { } core.info('Enabling dependency graph generation') - const jobCorrelator = getJobCorrelator() core.exportVariable('GITHUB_DEPENDENCY_GRAPH_ENABLED', 'true') - core.exportVariable('GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR', jobCorrelator) + core.exportVariable('GITHUB_DEPENDENCY_GRAPH_JOB_CORRELATOR', getJobCorrelator()) core.exportVariable('GITHUB_DEPENDENCY_GRAPH_JOB_ID', github.context.runId) core.exportVariable('GITHUB_DEPENDENCY_GRAPH_REF', github.context.ref) - core.exportVariable('GITHUB_DEPENDENCY_GRAPH_SHA', github.context.sha) + core.exportVariable('GITHUB_DEPENDENCY_GRAPH_SHA', getShaFromContext()) core.exportVariable('GITHUB_DEPENDENCY_GRAPH_WORKSPACE', layout.workspaceDirectory()) core.exportVariable( 'DEPENDENCY_GRAPH_REPORT_DIR', @@ -152,7 +152,26 @@ function getRelativePathFromWorkspace(file: string): string { return path.relative(workspaceDirectory, file) } -export function getJobCorrelator(): string { +function getShaFromContext(): string { + const context = github.context + const pullRequestEvents = [ + 'pull_request', + 'pull_request_comment', + 'pull_request_review', + 'pull_request_review_comment' + // Note that pull_request_target is omitted here. + // That event runs in the context of the base commit of the PR, + // so the snapshot should not be associated with the head commit. + ] + if (pullRequestEvents.includes(context.eventName)) { + const pr = (context.payload as PullRequestEvent).pull_request + return pr.head.sha + } else { + return context.sha + } +} + +function getJobCorrelator(): string { return constructJobCorrelator(github.context.workflow, github.context.job, getJobMatrix()) }