Inline checks for producing a better error message for Dependabot PRs

2023-05-31 17:42:39 +01:00 · 2023-05-31 17:42:39 +01:00 · 019a40b91a
commit 019a40b91a
parent ae005db7f8
3 changed files with 7 additions and 21 deletions
--- a/lib/actions-util.js
+++ b/lib/actions-util.js
@ -395,7 +395,8 @@ async function sendStatusReport(statusReport) {
        if ((0, util_1.isHTTPError)(e)) {
            switch (e.status) {
                case 403:
-                    if (workflowIsTriggeredByPushEvent() && isDependabotActor()) {
+                    if (getWorkflowEventName() === "push" &&
+                        process.env["GITHUB_ACTOR"] === "dependabot[bot]") {
                        core.setFailed('Workflows triggered by Dependabot on the "push" event run with read-only access. ' +
                            "Uploading Code Scanning results requires write access. " +
                            'To use Code Scanning with Dependabot, please ensure you are using the "pull_request" event for this workflow and avoid triggering on the "push" event for Dependabot branches. ' +
@ -437,14 +438,6 @@ function getWorkflowEventName() {
    return (0, util_1.getRequiredEnvParam)("GITHUB_EVENT_NAME");
 }
 exports.getWorkflowEventName = getWorkflowEventName;
-// Was the workflow run triggered by a `push` event, for example as opposed to a `pull_request` event.
-function workflowIsTriggeredByPushEvent() {
-    return getWorkflowEventName() === "push";
-}
-// Is dependabot the actor that triggered the current workflow run.
-function isDependabotActor() {
-    return process.env["GITHUB_ACTOR"] === "dependabot[bot]";
-}
 // Is the current action executing a local copy (i.e. we're running a workflow on the codeql-action repo itself)
 // as opposed to running a remote action (i.e. when another repo references us)
 function isRunningLocalAction() {
--- a/lib/actions-util.js.map
+++ b/lib/actions-util.js.map
--- a/src/actions-util.ts
+++ b/src/actions-util.ts
@ -540,7 +540,10 @@ export async function sendStatusReport<S extends StatusReportBase>(
    if (isHTTPError(e)) {
      switch (e.status) {
        case 403:
-          if (workflowIsTriggeredByPushEvent() && isDependabotActor()) {
+          if (
+            getWorkflowEventName() === "push" &&
+            process.env["GITHUB_ACTOR"] === "dependabot[bot]"
+          ) {
            core.setFailed(
              'Workflows triggered by Dependabot on the "push" event run with read-only access. ' +
                "Uploading Code Scanning results requires write access. " +
@ -585,16 +588,6 @@ export function getWorkflowEventName() {
  return getRequiredEnvParam("GITHUB_EVENT_NAME");
 }

-// Was the workflow run triggered by a `push` event, for example as opposed to a `pull_request` event.
-function workflowIsTriggeredByPushEvent() {
-  return getWorkflowEventName() === "push";
-}
-
-// Is dependabot the actor that triggered the current workflow run.
-function isDependabotActor() {
-  return process.env["GITHUB_ACTOR"] === "dependabot[bot]";
-}
-
 // Is the current action executing a local copy (i.e. we're running a workflow on the codeql-action repo itself)
 // as opposed to running a remote action (i.e. when another repo references us)
 export function isRunningLocalAction(): boolean {