Consolidate pr helpers

Author: jdalton

src/commands/fix/coana-fix.mts

@@ -4,13 +4,9 @@ import { joinAnd } from '@socketsecurity/registry/lib/arrays'
 import { debugDir, debugFn } from '@socketsecurity/registry/lib/debug'
 import { logger } from '@socketsecurity/registry/lib/logger'
 
-import { getFixEnv } from './fix-env-helpers.mts'
-import {
-  enablePrAutoMerge,
-  fetchGhsaDetails,
-  openCoanaPr,
-  setGitRemoteGithubRepoUrl,
-} from './pull-request.mts'
+import { getFixEnv } from './env-helpers.mts'
+import { getSocketFixBranchName, getSocketFixCommitMessage } from './git.mts'
+import { openSocketFixPr } from './pull-request.mts'
 import { handleApiCall } from '../../utils/api.mts'
 import { cmdFlagValueToArray } from '../../utils/cmd.mts'
 import { spawnCoana } from '../../utils/coana.mts'
@@ -24,6 +20,11 @@ import {
   gitResetAndClean,
   gitUnstagedModifiedFiles,
 } from '../../utils/git.mts'
+import {
+  enablePrAutoMerge,
+  fetchGhsaDetails,
+  setGitRemoteGithubRepoUrl,
+} from '../../utils/github.mts'
 import { getPackageFilesForScan } from '../../utils/path-resolve.mts'
 import { setupSdk } from '../../utils/sdk.mts'
 import { fetchSupportedScanFileNames } from '../scan/fetch-supported-scan-file-names.mts'
@@ -166,8 +167,8 @@ export async function coanaFix(
 
   // Process each GHSA ID individually, similar to npm-fix/pnpm-fix.
   ghsaLoop: for (let i = 0, { length } = ids; i < length; i += 1) {
-    const id = ids[i]!
-    debugFn('notice', `check: ${id}`)
+    const ghsaId = ids[i]!
+    debugFn('notice', `check: ${ghsaId}`)
 
     // Apply fix for single GHSA ID.
     // eslint-disable-next-line no-await-in-loop
@@ -178,7 +179,7 @@ export async function coanaFix(
         '--manifests-tar-hash',
         tarHash,
         '--apply-fixes-to',
-        id,
+        ghsaId,
         ...(fixConfig.rangeStyle
           ? ['--range-style', fixConfig.rangeStyle]
           : []),
@@ -190,7 +191,7 @@ export async function coanaFix(
 
     if (!fixCResult.ok) {
       logger.error(
-        `Update failed for ${id}: ${fixCResult.message || 'Unknown error'}`,
+        `Update failed for ${ghsaId}: ${fixCResult.message || 'Unknown error'}`,
       )
       continue ghsaLoop
     }
@@ -205,13 +206,13 @@ export async function coanaFix(
       : []
 
     if (!modifiedFiles.length) {
-      debugFn('notice', `skip: no changes for ${id}`)
+      debugFn('notice', `skip: no changes for ${ghsaId}`)
       continue ghsaLoop
     }
 
     overallFixed = true
 
-    const branch = `socket/fix/${id}`
+    const branch = getSocketFixBranchName(ghsaId)
 
     try {
       // Check if branch already exists.
@@ -221,11 +222,13 @@ export async function coanaFix(
         continue ghsaLoop
       }
 
-      debugFn('notice', `pr: creating for ${id}`)
+      debugFn('notice', `pr: creating for ${ghsaId}`)
 
-      const details = ghsaDetails.get(id)
-      const summary = details?.summary
-      debugFn('notice', `ghsa: ${id} details ${details ? 'found' : 'missing'}`)
+      const details = ghsaDetails.get(ghsaId)
+      debugFn(
+        'notice',
+        `ghsa: ${ghsaId} details ${details ? 'found' : 'missing'}`,
+      )
 
       const pushed =
         // eslint-disable-next-line no-await-in-loop
@@ -234,7 +237,7 @@ export async function coanaFix(
         (await gitCheckoutBranch(branch, cwd)) &&
         // eslint-disable-next-line no-await-in-loop
         (await gitCommit(
-          `fix: ${id}${summary ? ` - ${summary}` : ''}`,
+          getSocketFixCommitMessage(ghsaId, details),
           modifiedFiles,
           {
             cwd,
@@ -246,7 +249,7 @@ export async function coanaFix(
         (await gitPushBranch(branch, cwd))
 
       if (!pushed) {
-        logger.warn(`Push failed for ${id}, skipping PR creation.`)
+        logger.warn(`Push failed for ${ghsaId}, skipping PR creation.`)
         // eslint-disable-next-line no-await-in-loop
         await gitResetAndClean(fixEnv.baseBranch, cwd)
         // eslint-disable-next-line no-await-in-loop
@@ -266,12 +269,12 @@ export async function coanaFix(
       )
 
       // eslint-disable-next-line no-await-in-loop
-      const prResponse = await openCoanaPr(
+      const prResponse = await openSocketFixPr(
         fixEnv.repoInfo.owner,
         fixEnv.repoInfo.repo,
         branch,
         // Single GHSA ID.
-        [id],
+        [ghsaId],
         {
           baseBranch: fixEnv.baseBranch,
           cwd,
@@ -282,7 +285,7 @@ export async function coanaFix(
       if (prResponse) {
         const { data } = prResponse
         const prRef = `PR #${data.number}`
-        logger.success(`Opened ${prRef} for ${id}.`)
+        logger.success(`Opened ${prRef} for ${ghsaId}.`)
 
         if (autoMerge) {
           logger.indent()
@@ -309,7 +312,7 @@ export async function coanaFix(
       await gitCheckoutBranch(fixEnv.baseBranch, cwd)
     } catch (e) {
       logger.warn(
-        `Unexpected condition: Push failed for ${id}, skipping PR creation.`,
+        `Unexpected condition: Push failed for ${ghsaId}, skipping PR creation.`,
       )
       debugDir('inspect', { error: e })
       // eslint-disable-next-line no-await-in-loop

src/commands/fix/fix-env-helpers.mts src/commands/fix/env-helpers.mtssrc/commands/fix/fix-env-helpers.mts renamed to src/commands/fix/env-helpers.mts

@@ -0,0 +1,98 @@
+import { joinAnd } from '@socketsecurity/registry/lib/arrays'
+
+import constants from '../../constants.mts'
+
+import type { GhsaDetails } from '../../utils/github.mts'
+
+const GITHUB_ADVISORIES_URL = 'https://github.com/advisories'
+
+export type SocketFixBranchParser = (
+  branch: string,
+) => SocketFixBranchParseResult | null
+
+export type SocketFixBranchParseResult = {
+  ghsaId: string
+}
+
+export function createSocketFixBranchParser(
+  ghsaId?: string | undefined,
+): SocketFixBranchParser {
+  const pattern = getSocketFixBranchPattern(ghsaId)
+  return function parse(branch: string): SocketFixBranchParseResult | null {
+    const match = pattern.exec(branch) as [string, string] | null
+    if (!match) {
+      return null
+    }
+    const { 1: ghsaId } = match
+    return { ghsaId } as SocketFixBranchParseResult
+  }
+}
+
+export const genericSocketFixBranchParser = createSocketFixBranchParser()
+
+export function getSocketFixBranchName(ghsaId: string): string {
+  return `socket/fix/${ghsaId}`
+}
+
+export function getSocketFixBranchPattern(ghsaId?: string | undefined): RegExp {
+  return new RegExp(`^socket/fix/(${ghsaId ?? '.+'})$`)
+}
+
+export function getSocketFixCommitMessage(
+  ghsaId: string,
+  details?: GhsaDetails | undefined,
+): string {
+  const summary = details?.summary
+  return `fix: ${ghsaId}${summary ? ` - ${summary}` : ''}`
+}
+
+export function getSocketFixPullRequestBody(
+  ghsaIds: string[],
+  ghsaDetails?: Map<string, GhsaDetails>,
+): string {
+  const vulnCount = ghsaIds.length
+  if (vulnCount === 1) {
+    const ghsaId = ghsaIds[0]!
+    const details = ghsaDetails?.get(ghsaId)
+    const body = `[Socket](${constants.SOCKET_WEBSITE_URL}) fix for [${ghsaId}](${GITHUB_ADVISORIES_URL}/${ghsaId}).`
+    if (!details) {
+      return body
+    }
+    const packages = details.vulnerabilities.nodes.map(
+      v => `${v.package.name} (${v.package.ecosystem})`,
+    )
+    return [
+      body,
+      '',
+      '',
+      `**Vulnerability Summary:** ${details.summary}`,
+      '',
+      `**Severity:** ${details.severity}`,
+      '',
+      `**Affected Packages:** ${joinAnd(packages)}`,
+    ].join('\n')
+  }
+  return [
+    `[Socket](${constants.SOCKET_WEBSITE_URL}) fixes for ${vulnCount} GHSAs.`,
+    '',
+    '**Fixed Vulnerabilities:**',
+    ...ghsaIds.map(id => {
+      const details = ghsaDetails?.get(id)
+      const item = `- [${id}](${GITHUB_ADVISORIES_URL}/${id})`
+      if (details) {
+        const packages = details.vulnerabilities.nodes.map(
+          v => `${v.package.name}`,
+        )
+        return `${item} - ${details.summary} (${joinAnd(packages)})`
+      }
+      return item
+    }),
+  ].join('\n')
+}
+
+export function getSocketFixPullRequestTitle(ghsaIds: string[]): string {
+  const vulnCount = ghsaIds.length
+  return vulnCount === 1
+    ? `Fix for ${ghsaIds[0]}`
+    : `Fixes for ${vulnCount} GHSAs`
+}