Merge pull request #167 from nodejs/add-cve-id-to-commitoutput

RafaelGSS · web-flow · commit f8391430af1c · 2024-11-28T11:58:56.000-03:00
feat: add CVE-ID to commit-output
diff --git a/.github/workflows/test-and-release.yml b/.github/workflows/test-and-release.yml
@@ -45,6 +45,8 @@ jobs:
           npm run test:ci
   release:
     name: Release
+    permissions:
+      contents: write
     needs: test
     runs-on: ubuntu-latest
     if: github.event_name == 'push' && github.ref == 'refs/heads/main'
diff --git a/commit-to-output.js b/commit-to-output.js
@@ -39,6 +39,11 @@ export const formatType = {
 
 function toStringPlaintext (data) {
   let s = ''
+
+  if (data.cveId) {
+    s += `(${data.cveId})`
+  }
+
   s += (data.semver || []).length ? `(${data.semver.join(', ').toUpperCase()}) ` : ''
 
   if (data.revert) {
@@ -76,6 +81,7 @@ function toStringMarkdown (data) {
   let s = ''
   s += `* \\[[\`${data.sha.substr(0, 10)}\`](${data.shaUrl})] - `
   s += (data.semver || []).length ? `**(${data.semver.join(', ').toUpperCase()})** ` : ''
+  s += data.cveId ? `**(${data.cveId})** ` : ''
   s += data.revert ? '***Revert*** "' : ''
   s += data.group ? `**${cleanMarkdown(data.group)}**: ` : ''
   s += cleanMarkdown(data.summary)
@@ -92,7 +98,7 @@ function toStringMarkdown (data) {
 }
 
 function toStringMessageOnly (data) {
-  return `  * ${data.summary.trim()}`
+  return `  * ${data.cveId ? '(' + data.cveId + ') ' : ''}${data.summary.trim()}`
 }
 
 export function commitToOutput (commit, format, ghId, commitUrl) {
@@ -110,6 +116,7 @@ export function commitToOutput (commit, format, ghId, commitUrl) {
   data.author = (commit.author && commit.author.name) || ''
   data.pr = prUrlMatch && ((prUrlMatch[1] !== `${ghId.user}/${ghId.repo}` ? prUrlMatch[1] : '') + urlHash)
   data.prUrl = prUrlMatch && commit.prUrl
+  data.cveId = commit.cveId
 
   if (format === formatType.SIMPLE) {
     return toStringSimple(data)
diff --git a/package.json b/package.json
@@ -28,7 +28,7 @@
     "@octokit/graphql": "^7.0.1",
     "async": "^3.2.4",
     "chalk": "^5.3.0",
-    "commit-stream": "^2.1.0",
+    "commit-stream": "^2.2.0",
     "debug": "^4.3.4",
     "ghauth": "^6.0.0",
     "ghissues": "^1.1.4",
diff --git a/test.js b/test.js
@@ -142,3 +142,12 @@ test('test find-matching-prs', (t) => {
 `)
   t.end()
 })
+
+test('test group, CVE-ID', (t) => {
+  const out = exec('--md --start-ref=43d428b3d2 --end-ref=43d428b3d2 --group --filter-release')
+  t.equal(
+    out,
+    `* \\[[\`43d428b3d2\`](https://github.com/nodejs/changelog-maker/commit/43d428b3d2)] - **(CVE-2024-22020)** **feat**: add cveId support to commmit output (RafaelGSS) [nodejs/node#55819](https://github.com/nodejs/node/pull/55819)
+`)
+  t.end()
+})
