Initial commit

.env.example

@@ -0,0 +1,9 @@
+# The ID of your GitHub App
+APP_ID=
+WEBHOOK_SECRET=development
+
+# Use `trace` to get verbose logging or `info` to show less
+LOG_LEVEL=debug
+
+# Go to https://smee.io/new set this to the URL that you are redirected to.
+WEBHOOK_PROXY_URL=

.gitignore

@@ -0,0 +1,8 @@
+node_modules
+npm-debug.log
+*.pem
+.env
+package-lock.json
+coverage
+lib
+/yarn-error.log

.travis.yml

@@ -0,0 +1,6 @@
+sudo: false
+language: node_js
+node_js:
+  - "8.3"
+notifications:
+  disabled: true

.vscode/launch.json

@@ -0,0 +1,16 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "type": "node",
+            "request": "attach",
+            "name": "Attach to Process",
+            "restart": true,
+            "protocol": "inspector",
+            "port": 9229
+        }
+    ]
+}

.vscode/settings.json

@@ -0,0 +1,3 @@
+{
+    "typescript.tsdk": "node_modules/typescript/lib"
+}

CODE_OF_CONDUCT.md

@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+education, socio-economic status, nationality, personal appearance, race,
+religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at pombeirp@users.noreply.github.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+

CONTRIBUTING.md

@@ -0,0 +1,41 @@
+## Contributing
+
+[fork]: /fork
+[pr]: /compare
+[style]: https://standardjs.com/
+[code-of-conduct]: CODE_OF_CONDUCT.md
+
+Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great.
+
+Please note that this project is released with a [Contributor Code of Conduct][code-of-conduct]. By participating in this project you agree to abide by its terms.
+
+## Issues and PRs
+
+If you have suggestions for how this project could be improved, or want to report a bug, open an issue! We'd love all and any contributions. If you have questions, too, we'd love to hear them.
+
+We'd also love PRs. If you're thinking of a large PR, we advise opening up an issue first to talk about it, though! Look at the links below if you're not sure how to open a PR.
+
+## Submitting a pull request
+
+1. [Fork][fork] and clone the repository.
+1. Configure and install the dependencies: `yarn install`.
+1. Make sure the tests pass on your machine: `yarn test`, note: these tests also apply the linter, so there's no need to lint separately.
+1. Create a new branch: `git checkout -b my-branch-name`.
+1. Make your change, add tests, and make sure the tests still pass.
+1. Push to your fork and [submit a pull request][pr].
+1. Pat your self on the back and wait for your pull request to be reviewed and merged.
+
+Here are a few things you can do that will increase the likelihood of your pull request being accepted:
+
+- Follow the [style guide][style] which is using standard. Any linting errors should be shown when running `yarn test`.
+- Write and update tests.
+- Keep your changes as focused as possible. If there are multiple changes you would like to make that are not dependent upon each other, consider submitting them as separate pull requests.
+- Write a [good commit message](http://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html).
+
+Work in Progress pull requests are also welcome to get feedback early on, or if there is something blocked you.
+
+## Resources
+
+- [How to Contribute to Open Source](https://opensource.guide/how-to-contribute/)
+- [Using Pull Requests](https://help.github.com/articles/about-pull-requests/)
+- [GitHub Help](https://help.github.com)

LICENSE

@@ -0,0 +1,15 @@
+ISC License
+
+Copyright (c) 2019, Pedro Pombeiro <pombeirp@users.noreply.github.com> (https://github.com/status-im/deps-lock-snitch-bot)
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

README.md

@@ -0,0 +1,26 @@
+# deps-lock-snitch-bot
+
+> A GitHub App built with [Probot](https://github.com/probot/probot) that pings collaborators every time there are changes to a dependency lock file (package-lock.json, yarn.lock, etc)
+
+## Setup
+
+```sh
+# Install dependencies
+yarn install
+
+# Run typescript
+yarn build
+
+# Run the bot
+yarn start
+```
+
+## Contributing
+
+If you have suggestions for how deps-lock-snitch-bot could be improved, or want to report a bug, open an issue! We'd love all and any contributions.
+
+For more, check out the [Contributing Guide](CONTRIBUTING.md).
+
+## License
+
+[ISC](LICENSE) © 2019 Pedro Pombeiro <pombeirp@users.noreply.github.com> (https://github.com/status-im/deps-lock-snitch-bot)

app.yml

@@ -0,0 +1,139 @@
+# This is a GitHub App Manifest. These settings will be used by default when
+# initially configuring your GitHub App.
+#
+# NOTE: changing this file will not update your GitHub App settings.
+# You must visit github.com/settings/apps/your-app-name to edit them.
+#
+# Read more about configuring your GitHub App:
+# https://probot.github.io/docs/development/#configuring-a-github-app
+#
+# Read more about GitHub App Manifests:
+# https://developer.github.com/apps/building-github-apps/creating-github-apps-from-a-manifest/
+
+# The list of events the GitHub App subscribes to.
+# Uncomment the event names below to enable them.
+default_events:
+# - check_run
+# - check_suite
+# - commit_comment
+# - create
+# - delete
+# - deployment
+# - deployment_status
+# - fork
+# - gollum
+# - issue_comment
+# - issues
+# - label
+# - milestone
+# - member
+# - membership
+# - org_block
+# - organization
+# - page_build
+# - project
+# - project_card
+# - project_column
+# - public
+- pull_request
+# - pull_request_review
+# - pull_request_review_comment
+# - push
+# - release
+# - repository
+# - repository_import
+# - status
+# - team
+# - team_add
+# - watch
+
+# The set of permissions needed by the GitHub App. The format of the object uses
+# the permission name for the key (for example, issues) and the access type for
+# the value (for example, write).
+# Valid values are `read`, `write`, and `none`
+default_permissions:
+  # Repository creation, deletion, settings, teams, and collaborators.
+  # https://developer.github.com/v3/apps/permissions/#permission-on-administration
+  # administration: read
+
+  # Checks on code.
+  # https://developer.github.com/v3/apps/permissions/#permission-on-checks
+  # checks: read
+
+  # Repository contents, commits, branches, downloads, releases, and merges.
+  # https://developer.github.com/v3/apps/permissions/#permission-on-contents
+  # contents: read
+
+  # Deployments and deployment statuses.
+  # https://developer.github.com/v3/apps/permissions/#permission-on-deployments
+  # deployments: read
+
+  # Issues and related comments, assignees, labels, and milestones.
+  # https://developer.github.com/v3/apps/permissions/#permission-on-issues
+  # issues: read
+
+  # Search repositories, list collaborators, and access repository metadata.
+  # https://developer.github.com/v3/apps/permissions/#metadata-permissions
+  metadata: read
+
+  # Retrieve Pages statuses, configuration, and builds, as well as create new builds.
+  # https://developer.github.com/v3/apps/permissions/#permission-on-pages
+  # pages: read
+
+  # Pull requests and related comments, assignees, labels, milestones, and merges.
+  # https://developer.github.com/v3/apps/permissions/#permission-on-pull-requests
+  pull_requests: write
+
+  # Manage the post-receive hooks for a repository.
+  # https://developer.github.com/v3/apps/permissions/#permission-on-repository-hooks
+  # repository_hooks: read
+
+  # Manage repository projects, columns, and cards.
+  # https://developer.github.com/v3/apps/permissions/#permission-on-repository-projects
+  # repository_projects: read
+
+  # Retrieve security vulnerability alerts.
+  # https://developer.github.com/v4/object/repositoryvulnerabilityalert/
+  # vulnerability_alerts: read
+
+  # Commit statuses.
+  # https://developer.github.com/v3/apps/permissions/#permission-on-statuses
+  # statuses: read
+
+  # Organization members and teams.
+  # https://developer.github.com/v3/apps/permissions/#permission-on-members
+  # members: read
+
+  # View and manage users blocked by the organization.
+  # https://developer.github.com/v3/apps/permissions/#permission-on-organization-user-blocking
+  # organization_user_blocking: read
+
+  # Manage organization projects, columns, and cards.
+  # https://developer.github.com/v3/apps/permissions/#permission-on-organization-projects
+  # organization_projects: read
+
+  # Manage team discussions and related comments.
+  # https://developer.github.com/v3/apps/permissions/#permission-on-team-discussions
+  # team_discussions: read
+
+  # Manage the post-receive hooks for an organization.
+  # https://developer.github.com/v3/apps/permissions/#permission-on-organization-hooks
+  # organization_hooks: read
+
+  # Get notified of, and update, content references.
+  # https://developer.github.com/v3/apps/permissions/
+  # organization_administration: read
+
+
+# The name of the GitHub App. Defaults to the name specified in package.json
+# name: My Probot App
+
+# The homepage of your GitHub App.
+# url: https://example.com/
+
+# A description of the GitHub App.
+# description: A description of my awesome app
+
+# Set to true when your GitHub App is available to the public or false when it is only accessible to the owner of the app.
+# Default: true
+# public: false

jest.config.js

@@ -0,0 +1,8 @@
+module.exports = {
+  roots: ['<rootDir>/src/', '<rootDir>/test/'],
+  transform: {
+    '^.+\\.tsx?$': 'ts-jest'
+  },
+  testRegex: '(/__tests__/.*|\\.(test|spec))\\.[tj]sx?$',
+  moduleFileExtensions: ['ts', 'tsx', 'js', 'jsx', 'json', 'node']
+}

nodemon.json

@@ -0,0 +1,6 @@
+{
+    "ignore": ["**/*.test.ts", "**/*.spec.ts", ".git", "node_modules"],
+    "watch": ["src"],
+    "exec": "yarn _start-dev",
+    "ext": "ts"
+}

package.json

@@ -0,0 +1,59 @@
+{
+  "author": "Pedro Pombeiro <pombeirp@users.noreply.github.com> (https://github.com/status-im/deps-lock-snitch-bot)",
+  "bugs": "https://github.com/status-im/deps-lock-snitch-bot/issues",
+  "dependencies": {
+    "@types/humanize-plus": "^1.8.0",
+    "@types/nock": "^9.3.0",
+    "humanize-plus": "^1.8.2",
+    "nock": "^10.0.0",
+    "probot": "^7.2.0"
+  },
+  "description": "pings collaborators every time there are changes to a dependency lock file (package-lock.json, yarn.lock, etc)",
+  "devDependencies": {
+    "@types/jest": "^23.1.5",
+    "@types/node": "^10.12.18",
+    "eslint-plugin-typescript": "^0.12.0",
+    "jest": "^23.4.0",
+    "nodemon": "^1.18.9",
+    "smee-client": "^1.0.2",
+    "ts-jest": "^23.0.0",
+    "tslint": "^5.12.1",
+    "typescript": "3.2.1",
+    "typescript-eslint-parser": "^18.0.0",
+    "typescript-tslint-plugin": "^0.2.1"
+  },
+  "engines": {
+    "node": ">= 10.3.0",
+    "yarn": "1.13.x"
+  },
+  "homepage": "https://github.com/status-im/deps-lock-snitch-bot",
+  "jest": {
+    "testEnvironment": "node"
+  },
+  "keywords": [
+    "probot",
+    "github",
+    "probot-app"
+  ],
+  "license": "ISC",
+  "name": "deps-lock-snitch-bot",
+  "nodemonConfig": {
+    "exec": "yarn start",
+    "watch": [
+      ".env",
+      "./lib"
+    ]
+  },
+  "repository": "https://github.com/status-im/deps-lock-snitch-bot.git",
+  "scripts": {
+    "_start-dev": "./scripts/predebug.sh; yarn build && node --inspect ./node_modules/probot/bin/probot-run.js ./lib/index.js",
+    "build": "tsc -p tsconfig.json",
+    "dev": "./node_modules/nodemon/bin/nodemon.js",
+    "lint": "tslint -c tslint.json --fix 'src/**/*.ts' --fix 'test/**/*.ts'",
+    "postinstall": "yarn build",
+    "start": "probot run ./lib/index.js",
+    "test": "jest && tsc -p tsconfig.json",
+    "test:watch": "jest --watch --notify --notifyMode=change --coverage"
+  },
+  "version": "1.0.0"
+}

scripts/predebug.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+APP_PORT=3000
+APP_PID="$(lsof -i :${APP_PORT} | awk 'NR!=1 {print $2}' | sort -u | tr '\r\n' ' ')"
+if [ ! -z "$APP_PID" ]; then
+  kill $APP_PID
+fi

src/index.ts

@@ -0,0 +1,60 @@
+import Octokit from '@octokit/rest'
+import Humanize from 'humanize-plus'
+import { Application, Context } from 'probot' // eslint-disable-line no-unused-vars
+
+interface Config {
+  recipients: string[]
+}
+
+export = (app: Application) => {
+  app.on(['pull_request.opened', 'pull_request.edited'], (context: Context) => {
+    return handlePullRequest(context)
+  })
+  // For more information on building apps:
+  // https://probot.github.io/docs/
+
+  // To get your app running against GitHub, see:
+  // https://probot.github.io/docs/development/
+}
+
+async function handlePullRequest(context: Context) {
+  const { github, payload } = context
+  const { pull_request } = payload
+
+  const lockFiles: string[] = []
+  await github.paginate(
+    github.pullRequests.listFiles(context.issue({ per_page: 100 })),
+      (res) => {
+        const typedResData: Octokit.PullRequestsListFilesResponse = res.data
+        for (const file of typedResData) {
+          const parts = file.filename.split('/')
+
+          switch (parts[parts.length - 1]) {
+            case 'package-lock.json':
+            case 'yarn.lock':
+            case 'Gopkg.lock':
+              lockFiles.push(file.filename)
+              break
+          }
+        }
+      },
+  )
+
+  if (lockFiles.length !== 0) {
+    const configFilename = 'package-lock-snitch.config.json'
+    const config: Config = await context.config(configFilename, { recipients: [] } as Config)
+    const filesChanged = Humanize.oxford(lockFiles.map((f) => `\`${f}\``), 5)
+    if (config.recipients.length !== 0) {
+      const pingTargets = Humanize.oxford(config.recipients.map((u) => `@${u}`))
+      const issueComment = context.issue({ body: `${filesChanged} changed. Pinging ${pingTargets}` })
+
+      context.log.info(`Creating comment on ${pull_request.html_url} pinging ${pingTargets}`)
+      await context.github.issues.createComment(issueComment)
+    } else {
+      context.log.debug(
+        `No recipients configured in ${payload.repository.html_url}/.github/${configFilename}, ignoring`)
+    }
+  } else {
+    context.log.debug(`No lock files changed in ${pull_request.html_url}`)
+  }
+}

test/fixtures/issues.opened.json

@@ -0,0 +1,15 @@
+{
+  "action": "opened",
+  "issue": {
+    "number": 1,
+    "user": {
+      "login": "hiimbex"
+    }
+  },
+  "repository": {
+    "name": "testing-things",
+    "owner": {
+      "login": "hiimbex"
+    }
+  }
+}

test/index.test.ts

@@ -0,0 +1,52 @@
+// You can import your modules
+// import index from '../src/index'
+
+import nock from 'nock'
+import { Probot } from 'probot'
+// Requiring our app implementation
+import myProbotApp from '../src'
+// Requiring our fixtures
+import payload from './fixtures/issues.opened.json'
+const issueCreatedBody = { body: 'Thanks for opening this issue!' }
+
+nock.disableNetConnect()
+
+describe('My Probot app', () => {
+  let probot: any
+
+  beforeEach(() => {
+    probot = new Probot({ id: 123, cert: 'test' })
+    // Load our app into probot
+    const app = probot.load(myProbotApp)
+
+    // just return a test token
+    app.app = () => 'test'
+  })
+
+  test('creates a comment when an issue is opened', async (done) => {
+    // Test that we correctly return a test token
+    nock('https://api.github.com')
+      .post('/app/installations/2/access_tokens')
+      .reply(200, { token: 'test' })
+
+    // Test that a comment is posted
+    nock('https://api.github.com')
+      .post('/repos/hiimbex/testing-things/issues/1/comments', (body: any) => {
+        done(expect(body).toMatchObject(issueCreatedBody))
+        return true
+      })
+      .reply(200)
+
+    // Receive a webhook event
+    await probot.receive({ name: 'issues', payload })
+  })
+})
+
+// For more information about testing with Jest see:
+// https://facebook.github.io/jest/
+
+// For more information about using TypeScript in your tests, Jest recommends:
+// https://github.com/kulshekhar/ts-jest
+
+// For more information about testing with Nock see:
+// https://github.com/nock/nock

tsconfig.json

@@ -0,0 +1,32 @@
+{
+  "compilerOptions": {
+    "allowJs": false,
+    "lib": ["es2015", "es2017", "es2018"],
+    "module": "commonjs",
+    "moduleResolution": "node",
+    "target": "es5",
+    "noImplicitReturns": true,
+    "noFallthroughCasesInSwitch": true,
+    "noUnusedLocals": false,
+    "strictNullChecks": true /* Enable strict null checks. */,
+    "pretty": true,
+    "strict": true,
+    "sourceMap": true,
+    "outDir": "./lib",
+    "skipLibCheck": true,
+    "noImplicitAny": true,
+    "esModuleInterop": true,
+    "declaration": true,
+    "resolveJsonModule": true,
+    "downlevelIteration": true,
+    "plugins": [
+      {
+        "name": "typescript-tslint-plugin"
+      }
+    ]
+  },
+  "include": [
+    "src/**/*"
+  ],
+  "compileOnSave": false
+}

tslint.json

@@ -0,0 +1,34 @@
+{
+    "defaultSeverity": "error",
+    "extends": [
+        "tslint:recommended"
+    ],
+    "jsRules": {},
+    "rules": {
+        "interface-name": false,
+        "no-console": false,
+        "quotemark": [
+            true,
+            "single"
+        ],
+        "prefer-const": true,
+        "semicolon": [
+            true,
+            "never"
+        ],
+        "eofline": true,
+        "no-return-await": true
+    },
+    "compilerOptions": {
+        "plugins": [
+            {
+                "name": "typescript-tslint-plugin",
+                "alwaysShowRuleFailuresAsWarnings": false,
+                "ignoreDefinitionFiles": true,
+                "configFile": "./tslint.json",
+                "suppressWhileTypeErrorsPresent": false,
+                "mockTypeScriptVersion": false
+            }
+        ]
+    }
+}