Merge pull request #1813 from sergiodj/bump-ignore-bot-comments

sergiodj · web-flow · commit 98365eda446a · 2025-12-09T19:15:30.000-05:00
bump.go: Ignore bot-generated CVE/GHSA comments
diff --git a/pkg/cli/bump.go b/pkg/cli/bump.go
@@ -118,9 +118,13 @@ func bumpEpoch(ctx context.Context, opts bumpOptions, path string) error {
 	old := fmt.Sprintf(epochPattern, cfg.Package.Epoch)
 	for scanner.Scan() {
 		line := scanner.Text()
-		nocomment, _, _ := strings.Cut(line, "#")
+		nocomment, comment, _ := strings.Cut(line, "#")
 		if strings.TrimSpace(nocomment) == old {
 			found = true
+			comment = strings.TrimSpace(comment)
+			if strings.HasPrefix(comment, "CVE-") || strings.HasPrefix(comment, "GHSA-") {
+				line = strings.TrimRight(nocomment, " ")
+			}
 			newFile = append(
 				newFile, strings.ReplaceAll(line, old, fmt.Sprintf(epochPattern, cfg.Package.Epoch+1)),
 			)
diff --git a/pkg/cli/bump_test.go b/pkg/cli/bump_test.go
@@ -3,41 +3,56 @@ package cli
 import (
 	"os"
 	"path/filepath"
+	"strings"
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
 )
 
-func TestBumpWithComment(t *testing.T) {
-	before := []byte(`
+func testPkgDefinition(epoch string) []byte {
+	pkgTemplate := `
 package:
   name: awesome-tool
   version: 0.61.0
-  epoch: 1 # a comment!
-`)
-
-	want := []byte(`
-package:
-  name: awesome-tool
-  version: 0.61.0
-  epoch: 2 # a comment!
-`)
-
-	name := filepath.Join(t.TempDir(), "awesome-tool.yaml")
-
-	if err := os.WriteFile(name, before, 0o644); err != nil {
-		t.Fatal(err)
-	}
-
-	if err := bumpEpoch(t.Context(), bumpOptions{}, name); err != nil {
-		t.Fatal(err)
-	}
+  epoch: EPOCH_HERE
+`
+	return []byte(strings.ReplaceAll(pkgTemplate, "EPOCH_HERE", epoch))
+}
 
-	got, err := os.ReadFile(name)
-	if err != nil {
-		t.Fatal(err)
-	}
-	if diff := cmp.Diff(got, want); diff != "" {
-		t.Errorf("bumpEpoch() mismatch (-want +got):\n%s", diff)
+func TestBumpWithComment(t *testing.T) {
+	for i, td := range []struct {
+		before []byte
+		want   []byte
+	}{
+		{
+			testPkgDefinition("1 # a comment!"),
+			testPkgDefinition("2 # a comment!"),
+		},
+		{
+			testPkgDefinition("1 # CVE-111-222"),
+			testPkgDefinition("2"),
+		},
+		{
+			testPkgDefinition("1 # GHSA-a1b2-c1c2"),
+			testPkgDefinition("2"),
+		},
+	} {
+		name := filepath.Join(t.TempDir(), "awesome-tool.yaml")
+
+		if err := os.WriteFile(name, td.before, 0o644); err != nil {
+			t.Fatal(err)
+		}
+
+		if err := bumpEpoch(t.Context(), bumpOptions{}, name); err != nil {
+			t.Fatal(err)
+		}
+
+		got, err := os.ReadFile(name)
+		if err != nil {
+			t.Fatal(err)
+		}
+		if diff := cmp.Diff(got, td.want); diff != "" {
+			t.Errorf("%d - bumpEpoch() mismatch (-want +got):\n%s", i, diff)
+		}
 	}
 }
