diff --git a/src/dependabot_alerts/cli.py b/src/dependabot_alerts/cli.py index 8df9165..9d62ca2 100644 --- a/src/dependabot_alerts/cli.py +++ b/src/dependabot_alerts/cli.py @@ -31,7 +31,7 @@ def cli(argv=None): ) for alert in alerts: print( - f"- <{alert.repo_html_url}/security/dependabot/|{alert.repo_full_name}>, `{alert.ghsa_id}` ({len(alert.duplicates) + 1}) alerts): `{alert.package}` {alert.summary}" + f"- <{alert.html_url}|{alert.repo_full_name} {alert.ghsa_id}>, ({len(alert.duplicates) + 1} alerts): `{alert.package}` {alert.summary}" ) print( "\nMessage generated by the `alerts.yml` workflow " @@ -39,5 +39,5 @@ def cli(argv=None): elif alerts: for alert in alerts: print( - f"{alert.repo_full_name}, {alert.ghsa_id} ({len(alert.duplicates) + 1} alerts): {alert.package} {alert.summary}" + f"{alert.repo_full_name}, {alert.ghsa_id} ({len(alert.duplicates) + 1} alerts): {alert.package} {alert.summary} {alert.html_url}" ) diff --git a/src/dependabot_alerts/core.py b/src/dependabot_alerts/core.py index 241af00..13a886d 100644 --- a/src/dependabot_alerts/core.py +++ b/src/dependabot_alerts/core.py @@ -8,8 +8,8 @@ @dataclass(frozen=True) class Alert: repo_full_name: str | None - repo_html_url: str | None = field(compare=False, repr=False) ghsa_id: str | None + html_url: str | None = field(compare=False) package: str | None = field(compare=False) manifest_path: str | None = field(compare=False) summary: str | None = field(compare=False) @@ -19,8 +19,8 @@ class Alert: def make(cls, alert_dict): return cls( repo_full_name=alert_dict["repository"]["full_name"], - repo_html_url=alert_dict["repository"]["html_url"], ghsa_id=alert_dict["security_advisory"]["ghsa_id"], + html_url=alert_dict["html_url"], package=alert_dict["dependency"]["package"]["name"], manifest_path=alert_dict["dependency"]["manifest_path"], summary=alert_dict["security_advisory"]["summary"], diff --git a/tests/conftest.py b/tests/conftest.py index 275b903..a5700a1 100644 --- a/tests/conftest.py +++ b/tests/conftest.py @@ -15,10 +15,10 @@ class Meta: organization = factory.Sequence(lambda n: f"organization-{n}") repo = factory.Sequence(lambda n: f"repo-{n}") repo_full_name = factory.LazyAttribute(lambda o: f"{o.organization}/{o.repo}") - repo_html_url = factory.LazyAttribute( - lambda o: f"https://github.com/hypothesis/{o.organization}/{o.repo}" - ) ghsa_id = factory.Sequence(lambda n: f"GHSA-{n}") + html_url = factory.LazyAttributeSequence( + lambda o, n: f"https://github.com/{o.organization}/{o.repo}/security/dependabot/{n}" + ) package = factory.Sequence(lambda n: f"package-{n}") manifest_path = factory.Sequence(lambda n: f"manifest_path-{n}") summary = factory.Sequence(lambda n: f"summary-{n}") @@ -37,7 +37,6 @@ def post(obj, *_args, **_kwargs): # pylint:disable=no-self-argument """Transform the generated dict into the format returned by the GitHub API.""" # pylint:disable=no-member repo_full_name = obj.pop("repo_full_name") - repo_html_url = obj.pop("repo_html_url") ghsa_id = obj.pop("ghsa_id") package = obj.pop("package") manifest_path = obj.pop("manifest_path") @@ -45,7 +44,7 @@ def post(obj, *_args, **_kwargs): # pylint:disable=no-self-argument del obj["duplicates"] # Serialise a dict in the format returned by the GitHub API. - obj["repository"] = {"full_name": repo_full_name, "html_url": repo_html_url} + obj["repository"] = {"full_name": repo_full_name} obj["dependency"] = { "package": { "name": package, diff --git a/tests/unit/dependabot_alerts/cli_test.py b/tests/unit/dependabot_alerts/cli_test.py index 9e295fb..c7213b4 100644 --- a/tests/unit/dependabot_alerts/cli_test.py +++ b/tests/unit/dependabot_alerts/cli_test.py @@ -14,7 +14,7 @@ def test_it(GitHub, github, subprocess, capsys): assert captured.out == "\n".join( [ *[ - f"{alert.repo_full_name}, {alert.ghsa_id} ({len(alert.duplicates) + 1} alerts): {alert.package} {alert.summary}" + f"{alert.repo_full_name}, {alert.ghsa_id} ({len(alert.duplicates) + 1} alerts): {alert.package} {alert.summary} {alert.html_url}" for alert in github.alerts.return_value ], "",