Merge pull request #986 from actions/brrygrdn/rc-4.7.4

Batch some contributions for release

__tests__/main.test.ts

@@ -0,0 +1,153 @@
+import {
+  afterEach,
+  beforeEach,
+  describe,
+  expect,
+  jest,
+  test
+} from '@jest/globals'
+import * as fs from 'fs'
+import * as core from '@actions/core'
+import {DefaultArtifactClient} from '@actions/artifact'
+import type {SpyInstance} from 'jest-mock'
+import {handleLargeSummary} from '../src/main'
+
+jest.mock('ansi-styles', () => ({
+  __esModule: true,
+  default: {
+    color: {
+      red: {open: '', close: ''},
+      yellow: {open: '', close: ''},
+      grey: {open: '', close: ''},
+      green: {open: '', close: ''}
+    },
+    bold: {open: '', close: ''}
+  }
+}))
+jest.mock('../src/dependency-graph', () => ({}))
+jest.mock('@actions/core', () => {
+  const summary = {
+    addRaw: jest.fn().mockReturnThis(),
+    addHeading: jest.fn().mockReturnThis(),
+    addTable: jest.fn().mockReturnThis(),
+    addSeparator: jest.fn().mockReturnThis(),
+    addImage: jest.fn().mockReturnThis(),
+    addList: jest.fn().mockReturnThis(),
+    addBreak: jest.fn().mockReturnThis(),
+    addLink: jest.fn().mockReturnThis(),
+    addDetails: jest.fn().mockReturnThis(),
+    addSection: jest.fn().mockReturnThis(),
+    addCodeBlock: jest.fn().mockReturnThis(),
+    addFields: jest.fn().mockReturnThis(),
+    addEol: jest.fn().mockReturnThis(),
+    write: jest.fn(async () => undefined),
+    emptyBuffer: jest.fn(),
+    stringify: jest.fn(() => '')
+  }
+  return {
+    __esModule: true,
+    getInput: jest.fn((name: string) =>
+      name === 'repo-token' ? 'gh_test_token' : ''
+    ),
+    setOutput: jest.fn(),
+    setFailed: jest.fn(),
+    warning: jest.fn(),
+    info: jest.fn(),
+    debug: jest.fn(),
+    startGroup: jest.fn(),
+    endGroup: jest.fn(),
+    group: jest.fn(async (_name: string, fn: () => Promise<unknown>) => fn()),
+    summary
+  }
+})
+jest.mock('@actions/artifact', () => ({
+  DefaultArtifactClient: jest.fn()
+}))
+
+const ORIGINAL_ENV = {...process.env}
+
+type ArtifactClientInstance = {
+  uploadArtifact: jest.Mock
+}
+
+const DefaultArtifactClientMock = DefaultArtifactClient as unknown as jest.Mock
+
+const createArtifactClient = (): ArtifactClientInstance => ({
+  uploadArtifact: jest.fn(async () => undefined)
+})
+
+describe('handleLargeSummary', () => {
+  let writeFileSpy: SpyInstance<typeof fs.promises.writeFile>
+
+  beforeEach(() => {
+    process.env = {...ORIGINAL_ENV}
+    writeFileSpy = jest
+      .spyOn(fs.promises, 'writeFile')
+      .mockImplementation(async () => undefined)
+    DefaultArtifactClientMock.mockClear()
+    DefaultArtifactClientMock.mockImplementation(() => createArtifactClient())
+  })
+
+  afterEach(() => {
+    writeFileSpy.mockRestore()
+    jest.clearAllMocks()
+    process.env = {...ORIGINAL_ENV}
+  })
+
+  test('returns original summary when under size threshold', async () => {
+    const summaryContent = 'short summary'
+
+    const result = await handleLargeSummary(summaryContent)
+
+    expect(result).toBe(summaryContent)
+    expect(writeFileSpy).not.toHaveBeenCalled()
+    expect(DefaultArtifactClientMock).not.toHaveBeenCalled()
+  })
+
+  test('uploads artifact and returns minimal summary when summary is too large', async () => {
+    process.env.GITHUB_SERVER_URL = 'https://github.com'
+    process.env.GITHUB_REPOSITORY = 'owner/repo'
+    process.env.GITHUB_RUN_ID = '12345'
+
+    const largeSummary = 'a'.repeat(1024 * 1024 + 1)
+
+    const result = await handleLargeSummary(largeSummary)
+
+    expect(writeFileSpy).toHaveBeenCalledTimes(1)
+    expect(writeFileSpy).toHaveBeenCalledWith('summary.md', largeSummary)
+    expect(DefaultArtifactClientMock).toHaveBeenCalledTimes(1)
+
+    const artifactInstance = DefaultArtifactClientMock.mock.results[0]
+      ?.value as ArtifactClientInstance
+
+    expect(artifactInstance.uploadArtifact).toHaveBeenCalledWith(
+      'dependency-review-summary',
+      ['summary.md'],
+      '.',
+      {retentionDays: 1}
+    )
+
+    expect(result).toContain('# Dependency Review Summary')
+    expect(result).toContain('dependency-review-summary')
+    expect(result).toContain('actions/runs/12345')
+  })
+
+  test('returns original summary and logs a warning when artifact handling fails', async () => {
+    const warningMock = core.warning as jest.Mock
+    warningMock.mockClear()
+    const largeSummary = 'b'.repeat(1024 * 1024 + 1)
+
+    DefaultArtifactClientMock.mockImplementation(() => ({
+      uploadArtifact: jest.fn(async () => {
+        throw new Error('upload failed')
+      })
+    }))
+
+    const result = await handleLargeSummary(largeSummary)
+
+    expect(result).toBe(largeSummary)
+    expect(warningMock).toHaveBeenCalledWith(
+      expect.stringContaining('Failed to handle large summary')
+    )
+  })
+})

__tests__/summary.test.ts

@@ -464,7 +464,9 @@ test('addLicensesToSummary() - includes list of configured allowed licenses', ()
   summary.addLicensesToSummary(licenseIssues, config)
 
   const text = core.summary.stringify()
-  expect(text).toContain('<strong>Allowed Licenses</strong>: MIT, Apache-2.0')
+  expect(text).toContain(
+    '<details><summary><strong>Allowed Licenses</strong>:</summary> MIT, Apache-2.0</details>'
+  )
 })
 
 test('addLicensesToSummary() - includes configured denied license', () => {
@@ -476,11 +478,33 @@ test('addLicensesToSummary() - includes configured denied license', () => {
 
   const config: ConfigurationOptions = {
     ...defaultConfig,
-    deny_licenses: ['MIT']
+    deny_licenses: ['MIT', 'Apache-2.0']
   }
 
   summary.addLicensesToSummary(licenseIssues, config)
 
   const text = core.summary.stringify()
-  expect(text).toContain('<strong>Denied Licenses</strong>: MIT')
+  expect(text).toContain(
+    '<details><summary><strong>Denied Licenses</strong>:</summary> MIT, Apache-2.0</details>'
+  )
+})
+
+test('addLicensesToSummary() - includes allowed dependency licences', () => {
+  const licenseIssues = {
+    forbidden: [createTestChange()],
+    unresolved: [],
+    unlicensed: []
+  }
+
+  const config: ConfigurationOptions = {
+    ...defaultConfig,
+    allow_dependencies_licenses: ['MIT', 'Apache-2.0']
+  }
+
+  summary.addLicensesToSummary(licenseIssues, config)
+
+  const text = core.summary.stringify()
+  expect(text).toContain(
+    '<details><summary><strong>Excluded from license check</strong>:</summary> MIT, Apache-2.0</details>'
+  )
 })

package.json

@@ -25,6 +25,7 @@
   "author": "GitHub",
   "license": "MIT",
   "dependencies": {
+    "@actions/artifact": "^2.3.2",
     "@actions/core": "^1.11.1",
     "@actions/github": "^6.0.1",
     "@octokit/plugin-retry": "^6.1.0",

src/main.ts

@@ -24,6 +24,8 @@ import {getRefs} from './git-refs'
 import {groupDependenciesByManifest} from './utils'
 import {commentPr, MAX_COMMENT_LENGTH} from './comment-pr'
 import {getDeniedChanges} from './deny'
+import * as artifact from '@actions/artifact'
+import * as fs from 'fs'
 
 async function delay(ms: number): Promise<void> {
   return new Promise(resolve => setTimeout(resolve, ms))
@@ -61,6 +63,41 @@ async function getComparison(
   return comparison
 }
 
+export async function handleLargeSummary(
+  summaryContent: string
+): Promise<string> {
+  const MAX_SUMMARY_SIZE = 1024 * 1024 // 1024k in bytes
+  if (Buffer.byteLength(summaryContent, 'utf8') <= MAX_SUMMARY_SIZE) {
+    return summaryContent
+  }
+
+  const artifactClient = new artifact.DefaultArtifactClient()
+  const artifactName = 'dependency-review-summary'
+  const files = ['summary.md']
+
+  try {
+    // Write the summary to a file
+    await fs.promises.writeFile('summary.md', summaryContent)
+
+    // Upload the artifact
+    await artifactClient.uploadArtifact(artifactName, files, '.', {
+      retentionDays: 1
+    })
+
+    // Return a minimal summary with a link to the artifact
+    return `# Dependency Review Summary
+
+The full dependency review summary is too large to display here. Please download the artifact named "${artifactName}" to view the complete report.
+
+[View full job summary](${process.env.GITHUB_SERVER_URL}/${process.env.GITHUB_REPOSITORY}/actions/runs/${process.env.GITHUB_RUN_ID})`
+  } catch (error) {
+    core.warning(
+      `Failed to handle large summary: ${error instanceof Error ? error.message : 'Unknown error'}`
+    )
+    return summaryContent
+  }
+}
+
 async function run(): Promise<void> {
   try {
     const config = await readConfig()
@@ -179,6 +216,9 @@ async function run(): Promise<void> {
     let rendered = core.summary.stringify()
     core.setOutput('comment-content', rendered)
 
+    // Handle large summaries by uploading as artifact
+    rendered = await handleLargeSummary(rendered)
+
     // if the summary is oversized, replace with minimal version
     if (rendered.length >= MAX_COMMENT_LENGTH) {
       core.debug(

src/summary.ts

@@ -206,19 +206,17 @@ export function addLicensesToSummary(
 
   if (config.allow_licenses && config.allow_licenses.length > 0) {
     core.summary.addQuote(
-      `<strong>Allowed Licenses</strong>: ${config.allow_licenses.join(', ')}`
+      `<details><summary><strong>Allowed Licenses</strong>:</summary> ${config.allow_licenses.join(', ')}</details>`
     )
   }
   if (config.deny_licenses && config.deny_licenses.length > 0) {
     core.summary.addQuote(
-      `<strong>Denied Licenses</strong>: ${config.deny_licenses.join(', ')}`
+      `<details><summary><strong>Denied Licenses</strong>:</summary> ${config.deny_licenses.join(', ')}</details>`
     )
   }
   if (config.allow_dependencies_licenses) {
     core.summary.addQuote(
-      `<strong>Excluded from license check</strong>: ${config.allow_dependencies_licenses.join(
-        ', '
-      )}`
+      `<details><summary><strong>Excluded from license check</strong>:</summary> ${config.allow_dependencies_licenses.join(', ')}</details>`
     )
   }