From a0cf89fbeb18992d21332f5b55764ed2c7874ce5 Mon Sep 17 00:00:00 2001
From: Roman Novoselov <rnovoselov93@gmail.com>
Date: Thu, 5 Dec 2024 16:38:19 +0300
Subject: [PATCH] feat: Allow to ignore specific dependencies

---
 .github/workflows/ci.yml |  1 +
 action.yml               |  2 ++
 src/fetch-alerts.ts      | 36 +++++++++++++++++++++++++++---------
 src/main.ts              |  7 ++++++-
 4 files changed, 36 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 37bc97e..8c74292 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -34,6 +34,7 @@ jobs:
           # slack_webhook: ${{ secrets.SLACK_WEBHOOK }}
           # severity: low,medium
           # ecosystem: npm,rubygems
+          # ignore_dependencies: lodash,devise
           # count: 20
           # pager_duty_integration_key: ${{ secrets.PAGER_DUTY_INTEGRATION_KEY }}
           # zenduty_api_key: ${{ secrets.ZENDUTY_API_KEY }}
diff --git a/action.yml b/action.yml
index 6af172f..e18bcf2 100644
--- a/action.yml
+++ b/action.yml
@@ -43,6 +43,8 @@ inputs:
     description: 'Comma separated list of severities. E.g. low,medium,high,critical (NO SPACES BETWEEN COMMA AND SEVERITY)'
   ecosystem:
     description: 'A comma-separated list of ecosystems. If specified, only alerts for these ecosystems will be returned.'
+  ignore_dependencies:
+    description: 'A comma-separated list of dependencies to ignore. If specified, these dependencies will not be alerted.'
 branding:
   icon: 'alert-octagon'
   color: 'red'
diff --git a/src/fetch-alerts.ts b/src/fetch-alerts.ts
index 86b399b..c6594cf 100644
--- a/src/fetch-alerts.ts
+++ b/src/fetch-alerts.ts
@@ -13,6 +13,7 @@ export const fetchRepositoryAlerts = async (
   repositoryOwner: string,
   severity: string,
   ecosystem: string,
+  ignoreDependencies: string[],
   count: number,
 ): Promise<Alert[] | []> => {
   const octokit = new Octokit({
@@ -29,9 +30,14 @@ export const fetchRepositoryAlerts = async (
     ecosystem: ecosystem.length > 0 ? ecosystem : undefined,
     per_page: count,
   })
-  const alerts: Alert[] = response.data.map((dependabotAlert) =>
-    toRepositoryAlert(dependabotAlert, repositoryName, repositoryOwner),
-  )
+  const alerts: Alert[] = response
+                            .data
+                            .filter((dependabotAlert) =>
+                              !ignoreDependencies.includes(dependabotAlert.security_vulnerability.package.name)
+                            )
+                            .map((dependabotAlert) =>
+                              toRepositoryAlert(dependabotAlert, repositoryName, repositoryOwner),
+                            )
   return alerts
 }
 
@@ -40,6 +46,7 @@ export const fetchOrgAlerts = async (
   org: string,
   severity: string,
   ecosystem: string,
+  ignoreDependencies: string[],
   count: number,
 ): Promise<Alert[] | []> => {
   const octokit = new Octokit({
@@ -55,9 +62,14 @@ export const fetchOrgAlerts = async (
     ecosystem: ecosystem.length > 0 ? ecosystem : undefined,
     per_page: count,
   })
-  const alerts: Alert[] = response.data.map((dependabotOrgAlert) =>
-    toOrgAlert(dependabotOrgAlert),
-  )
+  const alerts: Alert[] = response
+                            .data
+                            .filter((dependabotOrgAlert) =>
+                              !ignoreDependencies.includes(dependabotOrgAlert.security_vulnerability.package.name)
+                            )
+                            .map((dependabotOrgAlert) =>
+                              toOrgAlert(dependabotOrgAlert),
+                            )
   return alerts
 }
 
@@ -66,6 +78,7 @@ export const fetchEnterpriseAlerts = async (
   enterprise: string,
   severity: string,
   ecosystem: string,
+  ignoreDependencies: string[],
   count: number,
 ): Promise<Alert[] | []> => {
   const octokit = new Octokit({
@@ -81,8 +94,13 @@ export const fetchEnterpriseAlerts = async (
     ecosystem: ecosystem.length > 0 ? ecosystem : undefined,
     per_page: count,
   })
-  const alerts: Alert[] = response.data.map((dependabotEnterpriseAlert) =>
-    toEnterpriseAlert(dependabotEnterpriseAlert),
-  )
+  const alerts: Alert[] = response
+                            .data
+                            .filter((dependabotEnterpriseAlert) =>
+                              !ignoreDependencies.includes(dependabotEnterpriseAlert.security_vulnerability.package.name)
+                            )
+                            .map((dependabotEnterpriseAlert) =>
+                              toEnterpriseAlert(dependabotEnterpriseAlert),
+                            )
   return alerts
 }
diff --git a/src/main.ts b/src/main.ts
index f5143cd..8b263bf 100644
--- a/src/main.ts
+++ b/src/main.ts
@@ -39,16 +39,20 @@ async function run(): Promise<void> {
     const count = parseInt(getInput('count'))
     const severity = getInput('severity')
     const ecosystem = getInput('ecosystem')
+    const ignoreDependencies = (
+      getInput('ignore_dependencies') || ''
+    ).split(',').map((str: string) => str.trim())
 
     let alerts: Alert[] = []
     if (org) {
-      alerts = await fetchOrgAlerts(token, org, severity, ecosystem, count)
+      alerts = await fetchOrgAlerts(token, org, severity, ecosystem, ignoreDependencies, count)
     } else if (enterprise) {
       alerts = await fetchEnterpriseAlerts(
         token,
         org,
         severity,
         ecosystem,
+        ignoreDependencies,
         count,
       )
     } else {
@@ -59,6 +63,7 @@ async function run(): Promise<void> {
         owner,
         severity,
         ecosystem,
+        ignoreDependencies,
         count,
       )
     }