Merge pull request #252 from GeekMasher/depbot-pr-update

Dependabot PR Update
GeekMasher · Aug 15, 2024 · beecb41 · beecb41
2 parents d4e5795 + e4e2e03
commit beecb41
Show file tree

Hide file tree

Showing 2 changed files with 36 additions and 1 deletion.
diff --git a/examples/dependabot.py b/examples/dependabot.py
@@ -4,6 +4,7 @@
 
 GitHub.init(
     os.environ.get("GITHUB_REPOSITORY", "GeekMasher/ghastoolkit"),
+    reference=os.environ.get("GITHUB_REF", "refs/heads/main"),
 )
 
 dependabot = Dependabot()
@@ -12,7 +13,13 @@
     print("Dependabot is not enabled")
     exit(1)
 
-alerts = dependabot.getAlerts()
+if GitHub.repository.isInPullRequest():
+    print("Dependabot Alerts from Pull Request")
+    alerts = dependabot.getAlertsInPR()
+else:
+    print("Dependabot Alerts from Repository")
+    alerts = dependabot.getAlerts()
+
 print(f"Total Alerts :: {len(alerts)}")
 
 for alert in alerts:

diff --git a/src/ghastoolkit/octokit/dependabot.py b/src/ghastoolkit/octokit/dependabot.py
@@ -116,6 +116,34 @@ def getAlerts(
             docs="https://docs.github.com/en/rest/dependabot/alerts",
         )
 
+    def getAlertsInPR(self) -> list[DependencyAlert]:
+        """Get All Dependabot alerts from REST API in Pull Request."""
+        logger.debug("Dependabot Alerts from Pull Request using DependencyGraph API")
+
+        from ghastoolkit import DependencyGraph
+
+        depgraph = DependencyGraph(repository=self.repository)
+
+        pr_info = self.repository.getPullRequestInfo()
+        pr_base = pr_info.get("base", {}).get("ref", "")
+        pr_head = pr_info.get("head", {}).get("ref", "")
+
+        if pr_base == "" or pr_head == "":
+            raise GHASToolkitError(
+                "Failed to get base and head branch of pull request",
+                permissions=[
+                    '"Contents" repository permissions (read)',
+                    '"Pull requests" permissions (read)',
+                ],
+                docs="https://docs.github.com/en/rest/reference/repos#get-a-repository",
+            )
+
+        dependencies = depgraph.getDependenciesInPR(pr_base, pr_head)
+        alerts = []
+        for dep in dependencies:
+            alerts.extend(dep.alerts)
+        return alerts
+
     def getAlertsGraphQL(self) -> list[DependencyAlert]:
         """Get All Dependabot alerts from GraphQL API using the `GetDependencyAlerts` query."""
         results = []