Skip to content

Commit ac631dc

Browse files
eranturgemaneranturgeman
authored
Add Metadata field to DependencyGraph* structs (#3653)
1 parent 6dda213 commit ac631dc

File tree

4 files changed

+56
-1
lines changed

4 files changed

+56
-1
lines changed

github/dependency_graph_snapshots.go

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,15 @@ import (
1515
// GitHub API docs: https://docs.github.com/rest/dependency-graph/dependency-submission#create-a-snapshot-of-dependencies-for-a-repository
1616
type DependencyGraphSnapshotResolvedDependency struct {
1717
PackageURL *string `json:"package_url,omitempty"`
18+
// User-defined metadata to store domain-specific information limited to 8 keys with scalar values.
19+
// This metadata overrides auto-detected values from the package URL and GitHub's database.
20+
// Common fields include:
21+
// - "licenses": license information (e.g., "MIT", "Apache-2.0")
22+
// - "name": package name
23+
// - "version": package version
24+
// - "manager": package manager (e.g., "npm", "pip", "maven")
25+
// - "description": package description
26+
Metadata map[string]any `json:"metadata,omitempty"`
1827
// Represents whether the dependency is requested directly by the manifest or is a dependency of another dependency.
1928
// Can have the following values:
2029
// - "direct": indicates that the dependency is requested directly by the manifest.
@@ -59,6 +68,7 @@ type DependencyGraphSnapshotManifestFile struct {
5968
type DependencyGraphSnapshotManifest struct {
6069
Name *string `json:"name,omitempty"`
6170
File *DependencyGraphSnapshotManifestFile `json:"file,omitempty"`
71+
Metadata map[string]any `json:"metadata,omitempty"`
6272
Resolved map[string]*DependencyGraphSnapshotResolvedDependency `json:"resolved,omitempty"`
6373
}
6474

github/dependency_graph_snapshots_test.go

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ func TestDependencyGraphService_CreateSnapshot(t *testing.T) {
2121

2222
mux.HandleFunc("/repos/o/r/dependency-graph/snapshots", func(w http.ResponseWriter, r *http.Request) {
2323
testMethod(t, r, "POST")
24-
testBody(t, r, `{"version":0,"sha":"ce587453ced02b1526dfb4cb910479d431683101","ref":"refs/heads/main","job":{"correlator":"yourworkflowname_youractionname","id":"yourrunid","html_url":"https://example.com"},"detector":{"name":"octo-detector","version":"0.0.1","url":"https://github.com/octo-org/octo-repo"},"scanned":"2022-06-14T20:25:00Z","metadata":{"key1":"value1","key2":"value2"},"manifests":{"package-lock.json":{"name":"package-lock.json","file":{"source_location":"src/package-lock.json"},"resolved":{"@actions/core":{"package_url":"pkg:/npm/%40actions/[email protected]","relationship":"direct","scope":"runtime","dependencies":["@actions/http-client"]},"@actions/http-client":{"package_url":"pkg:/npm/%40actions/[email protected]","relationship":"indirect","scope":"runtime","dependencies":["tunnel"]},"tunnel":{"package_url":"pkg:/npm/[email protected]","relationship":"indirect","scope":"runtime"}}}}}`+"\n")
24+
testBody(t, r, `{"version":0,"sha":"ce587453ced02b1526dfb4cb910479d431683101","ref":"refs/heads/main","job":{"correlator":"yourworkflowname_youractionname","id":"yourrunid","html_url":"https://example.com"},"detector":{"name":"octo-detector","version":"0.0.1","url":"https://github.com/octo-org/octo-repo"},"scanned":"2022-06-14T20:25:00Z","metadata":{"key1":"value1","key2":"value2"},"manifests":{"package-lock.json":{"name":"package-lock.json","file":{"source_location":"src/package-lock.json"},"metadata":{"key1":"value1","key2":"value2"},"resolved":{"@actions/core":{"package_url":"pkg:/npm/%40actions/[email protected]","metadata":{"licenses":"MIT"},"relationship":"direct","scope":"runtime","dependencies":["@actions/http-client"]},"@actions/http-client":{"package_url":"pkg:/npm/%40actions/[email protected]","relationship":"indirect","scope":"runtime","dependencies":["tunnel"]},"tunnel":{"package_url":"pkg:/npm/[email protected]","relationship":"indirect","scope":"runtime"}}}}}`+"\n")
2525
fmt.Fprint(w, `{"id":12345,"created_at":"2022-06-14T20:25:01Z","message":"Dependency results for the repo have been successfully updated.","result":"SUCCESS"}`)
2626
})
2727

@@ -49,11 +49,18 @@ func TestDependencyGraphService_CreateSnapshot(t *testing.T) {
4949
"package-lock.json": {
5050
Name: Ptr("package-lock.json"),
5151
File: &DependencyGraphSnapshotManifestFile{SourceLocation: Ptr("src/package-lock.json")},
52+
Metadata: map[string]any{
53+
"key1": "value1",
54+
"key2": "value2",
55+
},
5256
Resolved: map[string]*DependencyGraphSnapshotResolvedDependency{
5357
"@actions/core": {
5458
PackageURL: Ptr("pkg:/npm/%40actions/[email protected]"),
5559
Relationship: Ptr("direct"),
5660
Scope: Ptr("runtime"),
61+
Metadata: map[string]any{
62+
"licenses": "MIT",
63+
},
5764
Dependencies: []string{"@actions/http-client"},
5865
},
5966
"@actions/http-client": {

github/github-accessors.go

Lines changed: 16 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

github/github-accessors_test.go

Lines changed: 22 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)