v2.15.2: Remove tokens from JSON output.

flowwer-dev · Dec 1, 2024 · 0dde6ed · 0dde6ed
1 parent 5cfbbb7
commit 0dde6ed
Show file tree

Hide file tree

Showing 6 changed files with 38 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,10 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## [2.15.2] - 2024-12-01
+### Fixed
+- Prevents `githubToken` and `personalToken` from be included in the JSON output.
+
 ## [2.15.1] - 2024-07-19
 ### Changes
 - Fix on "Build with" link.

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "pull-request-stats",
-  "version": "2.15.1",
+  "version": "2.15.2",
   "description": "Github action to print relevant stats about Pull Request reviewers",
   "main": "dist/index.js",
   "type": "commonjs",

diff --git a/src/execute.js b/src/execute.js
@@ -11,6 +11,7 @@ const {
   postComment,
   getReviewers,
   buildComment,
+  buildJsonOutput,
   setUpReviewers,
   checkSponsorship,
   alreadyPublished,
@@ -72,12 +73,13 @@ const run = async (params) => {
   core.debug(`Commit content built successfully: ${content}`);
 
   const whParams = { ...params, core, reviewers };
+  const jsonOutput = buildJsonOutput({ ...params, reviewers });
   await postWebhook(whParams);
   await postSlackMessage({ ...whParams, pullRequest });
   await postTeamsMessage({ ...whParams, pullRequest });
   await postSummary({ core, content });
   await core.setOutput('resultsMd', content);
-  await core.setOutput('resultsJson', whParams);
+  await core.setOutput('resultsJson', jsonOutput);
 
   if (pullRequestId) {
     await postComment({

diff --git a/src/interactors/__tests__/buildJsonOutput.test.js b/src/interactors/__tests__/buildJsonOutput.test.js
@@ -0,0 +1,24 @@
+const buildJsonOutput = require('../buildJsonOutput');
+
+describe('Interactors | .alreadyPublished', () => {
+  const params = {
+    githubToken: 'GITHUB_TOKEN',
+    personalToken: 'PERSONAL_TOKEN',
+    reviewers: 'REVIEWERS',
+    foo: 'BAR',
+  };
+
+  it('removes tokens', () => {
+    const results = buildJsonOutput(params);
+    expect(results).not.toHaveProperty('githubToken');
+    expect(results).not.toHaveProperty('personalToken');
+  });
+
+  it('keeps the other properties', () => {
+    const results = buildJsonOutput(params);
+    const { githubToken, personalToken, ...other } = params;
+    expect(results).toEqual(expect.objectContaining({
+      ...other,
+    }));
+  });
+});
diff --git a/src/interactors/buildJsonOutput.js b/src/interactors/buildJsonOutput.js
@@ -0,0 +1,4 @@
+module.exports = (params) => {
+  const { githubToken, personalToken, ...other } = params;
+  return other;
+};
diff --git a/src/interactors/index.js b/src/interactors/index.js
@@ -1,6 +1,7 @@
 const alreadyPublished = require('./alreadyPublished');
 const buildTable = require('./buildTable');
 const buildComment = require('./buildComment');
+const buildJsonOutput = require('./buildJsonOutput');
 const checkSponsorship = require('./checkSponsorship');
 const getPulls = require('./getPulls');
 const getReviewers = require('./getReviewers');
@@ -15,6 +16,7 @@ module.exports = {
   alreadyPublished,
   buildTable,
   buildComment,
+  buildJsonOutput,
   checkSponsorship,
   getPulls,
   getReviewers,