Do not list changes dependencies in summary

hmaurer · elireisman · commit 83c7cc6aa771 · 2024-09-16T11:29:47.000-07:00
diff --git a/__tests__/summary.test.ts b/__tests__/summary.test.ts
@@ -109,42 +109,6 @@ test('prints headline as h1', () => {
   expect(text).toContain('<h1>Dependency Review</h1>')
 })
 
-test('returns minimal summary in case the core.summary is too large for a PR comment', () => {
-  let changes: Changes = [
-    createTestChange({name: 'lodash', version: '1.2.3'}),
-    createTestChange({name: 'colors', version: '2.3.4'}),
-    createTestChange({name: '@foo/bar', version: '*'})
-  ]
-
-  let minSummary: string = summary.addSummaryToSummary(
-    changes,
-    emptyInvalidLicenseChanges,
-    emptyChanges,
-    scorecard,
-    defaultConfig
-  )
-
-  // side effect DR report into core.summary as happens in main.ts
-  summary.addScannedDependencies(changes)
-  const text = core.summary.stringify()
-
-  expect(text).toContain('<h1>Dependency Review</h1>')
-  expect(minSummary).toContain('# Dependency Review')
-
-  expect(text).toContain('❌ 3 vulnerable package(s)')
-  expect(text).not.toContain('* ❌ 3 vulnerable package(s)')
-  expect(text).toContain('lodash')
-  expect(text).toContain('colors')
-  expect(text).toContain('@foo/bar')
-
-  expect(minSummary).toContain('* ❌ 3 vulnerable package(s)')
-  expect(minSummary).not.toContain('lodash')
-  expect(minSummary).not.toContain('colors')
-  expect(minSummary).not.toContain('@foo/bar')
-
-  expect(text.length).toBeGreaterThan(minSummary.length)
-})
-
 test('returns minimal summary formatted for posting as a PR comment', () => {
   const OLD_ENV = process.env
 
@@ -232,14 +196,10 @@ test('groups dependencies with empty manifest paths together', () => {
     emptyScorecard,
     defaultConfig
   )
-  summary.addScannedDependencies(changesWithEmptyManifests)
+  summary.addScannedFiles(changesWithEmptyManifests)
   const text = core.summary.stringify()
-
-  expect(text).toContain('<summary>Unnamed Manifest</summary>')
-  expect(text).toContain('castore')
-  expect(text).toContain('connection')
-  expect(text).toContain('<summary>python/dist-info/METADATA</summary>')
-  expect(text).toContain('pygments')
+  expect(text).toContain('Unnamed Manifest')
+  expect(text).toContain('python/dist-info/METADATA')
 })
 
 test('does not include status section if nothing was found', () => {
diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/scripts/create_summary.ts b/scripts/create_summary.ts
@@ -143,7 +143,7 @@ async function createSummary(
     ...licenseIssues.unlicensed
   ]
 
-  summary.addScannedDependencies(allChanges)
+  summary.addScannedFiles(allChanges)
 
   const text = core.summary.stringify()
   await fs.promises.writeFile(path.resolve(tmpDir, fileName), text, {
diff --git a/src/main.ts b/src/main.ts
@@ -166,7 +166,7 @@ async function run(): Promise<void> {
     }
 
     core.setOutput('dependency-changes', JSON.stringify(changes))
-    summary.addScannedDependencies(changes)
+    summary.addScannedFiles(changes)
     printScannedDependencies(changes)
 
     // include full summary in output; Actions will truncate if oversized
diff --git a/src/summary.ts b/src/summary.ts
@@ -1,7 +1,7 @@
 import * as core from '@actions/core'
-import {ConfigurationOptions, Changes, Change, Scorecard} from './schemas'
 import {SummaryTableRow} from '@actions/core/lib/summary'
 import {InvalidLicenseChanges, InvalidLicenseChangeTypes} from './licenses'
+import {Change, Changes, ConfigurationOptions, Scorecard} from './schemas'
 import {groupDependenciesByManifest, getManifestsSet, renderUrl} from './utils'
 
 const icons = {
@@ -263,21 +263,11 @@ function formatLicense(license: string | null): string {
   return license
 }
 
-export function addScannedDependencies(changes: Changes): void {
-  const dependencies = groupDependenciesByManifest(changes)
-  const manifests = dependencies.keys()
-
-  const summary = core.summary.addHeading('Scanned Manifest Files', 2)
-
-  for (const manifest of manifests) {
-    const deps = dependencies.get(manifest)
-    if (deps) {
-      const dependencyNames = deps.map(
-        dependency => `<li>${dependency.name}@${dependency.version}</li>`
-      )
-      summary.addDetails(manifest, `<ul>${dependencyNames.join('')}</ul>`)
-    }
-  }
+export function addScannedFiles(changes: Changes): void {
+  const manifests = Array.from(
+    groupDependenciesByManifest(changes).keys()
+  ).sort()
+  core.summary.addHeading('Scanned Files', 2).addList(manifests)
 }
 
 function snapshotWarningRecommendation(

Original file line number	Diff line number	Diff line change
`@@ -143,7 +143,7 @@ async function createSummary(`
`143`	`143`	`...licenseIssues.unlicensed`
`144`	`144`	`]`
`145`	`145`
`146`		`- summary.addScannedDependencies(allChanges)`
	`146`	`+ summary.addScannedFiles(allChanges)`
`147`	`147`
`148`	`148`	`const text = core.summary.stringify()`
`149`	`149`	`await fs.promises.writeFile(path.resolve(tmpDir, fileName), text, {`
Original file line number	Diff line number	Diff line change
`@@ -166,7 +166,7 @@ async function run(): Promise<void> {`
`166`	`166`	`}`
`167`	`167`
`168`	`168`	`core.setOutput('dependency-changes', JSON.stringify(changes))`
`169`		`- summary.addScannedDependencies(changes)`
	`169`	`+ summary.addScannedFiles(changes)`
`170`	`170`	`printScannedDependencies(changes)`
`171`	`171`
`172`	`172`	`// include full summary in output; Actions will truncate if oversized`