Support CVE hovercards in GitHub

Remove URLs from the pull request Markdown content for CVEs in GitHub.com so that CVE IDs render a hovercard. The link format is unchanged for GitHub Enterprise Server as I don't believe that's supported as the appliance would need internet connectivity. Resolves #443.
martincostello · May 3, 2023 · c2b0eab · c2b0eab
1 parent 3f32773
commit c2b0eab
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 8 deletions.
diff --git a/dist/index.js b/dist/index.js
diff --git a/dist/index.js.map b/dist/index.js.map
diff --git a/src/DotNetSdkUpdater.ts b/src/DotNetSdkUpdater.ts
@@ -94,7 +94,7 @@ export class DotNetSdkUpdater {
     return messageLines.join('\n');
   }
 
-  public static generatePullRequestBody(update: SdkVersions, options: UpdateOptions): string {
+  public static generatePullRequestBody(update: SdkVersions, options: UpdateOptions, isGitHubEnterprise: boolean): string {
     let body = `Updates the .NET SDK to version \`${update.latest.sdkVersion}\`, `;
 
     if (update.latest.runtimeVersion === update.current.runtimeVersion) {
@@ -106,7 +106,7 @@ export class DotNetSdkUpdater {
     if (update.security && update.securityIssues.length > 0) {
       body += `\n\nThis release includes fixes for the following security issue(s):`;
       for (const issue of update.securityIssues) {
-        body += `\n  * [${issue.id}](${issue.url})`;
+        body += `\n- ${isGitHubEnterprise ? `[${issue.id}](${issue.url})` : issue.id}`;
       }
     }
 
@@ -218,7 +218,8 @@ export class DotNetSdkUpdater {
 
   private async createPullRequest(base: string, update: SdkVersions): Promise<PullRequest> {
     const title = `Update .NET SDK to ${update.latest.sdkVersion}`;
-    const body = DotNetSdkUpdater.generatePullRequestBody(update, this.options);
+    const isGitHubEnterprise = this.options.serverUrl !== 'https://github.com';
+    const body = DotNetSdkUpdater.generatePullRequestBody(update, this.options, isGitHubEnterprise);
 
     const options = {
       baseUrl: this.options.apiUrl,

diff --git a/tests/DotNetSdkUpdater.test.ts b/tests/DotNetSdkUpdater.test.ts
@@ -183,7 +183,10 @@ describe('DotNetSdkUpdater tests', () => {
     expect(actual).toContain(`update-type: version-update:semver-${expected}`);
   });
 
-  test('Sorts the CVEs in the pull request description', () => {
+  test.each([
+    [false, '\n- CVE-2022-41089\n- CVE-2023-21808'],
+    [true, '\n- [CVE-2022-41089](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41089)\n- [CVE-2023-21808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21808)']
+  ])('Sorts the CVEs in the pull request description', (isGitHubEnterprise, expected) => {
     const channel = JSON.parse(fs.readFileSync(path.join(process.cwd(), 'tests', 'releases-7.0.json'), {encoding: 'utf8'}));
     const versions = updater.DotNetSdkUpdater.getLatestRelease('7.0.100', channel);
     const options: UpdateOptions = {
@@ -198,8 +201,8 @@ describe('DotNetSdkUpdater tests', () => {
       userEmail: '',
       userName: '',
     };
-    const actual = updater.DotNetSdkUpdater.generatePullRequestBody(versions, options);
-    expect(actual).toContain('\n  * [CVE-2022-41089](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41089)\n  * [CVE-2023-21808](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21808)');
+    const actual = updater.DotNetSdkUpdater.generatePullRequestBody(versions, options, isGitHubEnterprise);
+    expect(actual).toContain(expected);
   });
 
   test.each([