Merge pull request #93 from github/jm-date-issue-fix

jmeridth · web-flow · commit 420f9608214c · 2024-04-10T23:35:40.000-05:00
fix: ensure created_after_date is formatted string before date comparison
diff --git a/README.md b/README.md
@@ -68,7 +68,7 @@ This action can be configured to authenticate with GitHub App Installation or Pe
 | `TITLE`               | False    | "Enable Dependabot" | The title of the issue or pull request that will be created if dependabot could be enabled. |
 | `BODY`                | False    | **Pull Request:** "Dependabot could be enabled for this repository. Please enable it by merging this pull request so that we can keep our dependencies up to date and secure." **Issue:** "Please update the repository to include a Dependabot configuration file. This will ensure our dependencies remain updated and secure.Follow the guidelines in [creating Dependabot configuration files](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file) to set it up properly.Here's an example of the code:" | The body of the issue or pull request that will be created if dependabot could be enabled. |
 | `COMMIT_MESSAGE`      | False    | "Create dependabot.yaml" | The commit message for the pull request that will be created if dependabot could be enabled. |
-| `CREATED_AFTER_DATE`          | False    | none       | If a value is set, this action will only consider repositories created on or after this date for dependabot enablement. This is useful if you want to only consider newly created repositories. If I set up this action to run weekly and I only want to scan for repos created in the last week that need dependabot enabled, then I would set `CREATED_AFTER_DATE` to 7 days ago. That way only repositories created after 7 days ago will be considered for dependabot enablement. If not set or set to nothing, all repositories will be scanned and a duplicate issue/pull request may occur. Ex: 2023-12-31 for Dec. 31st 2023 |
+| `CREATED_AFTER_DATE`  | False    | none       | If a value is set, this action will only consider repositories created on or after this date for dependabot enablement. This is useful if you want to only consider newly created repositories. If I set up this action to run weekly and I only want to scan for repos created in the last week that need dependabot enabled, then I would set `CREATED_AFTER_DATE` to 7 days ago. That way only repositories created after 7 days ago will be considered for dependabot enablement. If not set or set to nothing, all repositories will be scanned and a duplicate issue/pull request may occur. Ex: 2023-12-31 for Dec. 31st 2023 |
 | `PROJECT_ID`          | False    | ""     | If set, this will assign the issue or pull request to the project with the given ID. ( The project ID on GitHub can be located by navigating to the respective project and observing the URL's end.) **The `ORGANIZATION` variable is required** |
 | `DRY_RUN`             | False    | false   | If set to true, this action will not create any issues or pull requests. It will only log the repositories that could have dependabot enabled. This is useful for testing. |
 | `GROUP_DEPENDENCIES`             | False    | false   | If set to true, dependabot configuration will group dependencies updates based on [dependency type](https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file#groups) (production or development, where supported) |
diff --git a/env.py b/env.py
@@ -3,6 +3,7 @@
 """
 
 import os
+import re
 from os.path import dirname, join
 
 from dotenv import load_dotenv
@@ -54,7 +55,7 @@ def get_env_vars() -> tuple[
     str,
     str,
     str,
-    str | None,
+    str,
     bool,
     str,
     str | None,
@@ -184,10 +185,12 @@ def get_env_vars() -> tuple[
     else:
         commit_message = "Create dependabot.yaml"
 
-    created_after_date = os.getenv("CREATED_AFTER_DATE")
-    # make sure that created_after_date is a date in the format YYYY-MM-DD
-    if created_after_date and len(created_after_date) != 10:
-        raise ValueError("CREATED_AFTER_DATE environment variable not in YYYY-MM-DD")
+    created_after_date = os.getenv("CREATED_AFTER_DATE", "")
+    is_match = re.match(r"\d{4}-\d{2}-\d{2}", created_after_date)
+    if created_after_date and not is_match:
+        raise ValueError(
+            f"CREATED_AFTER_DATE '{created_after_date}' environment variable not in YYYY-MM-DD"
+        )
 
     group_dependencies_bool = get_bool_env_var("GROUP_DEPENDENCIES")
     enable_security_updates_bool = get_bool_env_var(
diff --git a/test_env.py b/test_env.py
@@ -40,7 +40,7 @@ def setUp(self):
             "TYPE": "issue",
             "TITLE": "Dependabot Alert custom title",
             "BODY": "Dependabot custom body",
-            "CREATED_AFTER_DATE": "2023-01-01",
+            "CREATED_AFTER_DATE": "2020-01-01",
             "COMMIT_MESSAGE": "Create dependabot configuration",
             "PROJECT_ID": "123",
             "GROUP_DEPENDENCIES": "false",
@@ -60,7 +60,7 @@ def test_get_env_vars_with_org(self):
             "issue",
             "Dependabot Alert custom title",
             "Dependabot custom body",
-            "2023-01-01",
+            "2020-01-01",
             False,
             "Create dependabot configuration",
             "123",
@@ -140,7 +140,7 @@ def test_get_env_vars_optional_values(self):
             "Dependabot could be enabled for this repository. \
 Please enable it by merging this pull request so that \
 we can keep our dependencies up to date and secure.",
-            None,
+            "",
             False,
             "Create dependabot.yaml",
             None,
@@ -192,7 +192,7 @@ def test_get_env_vars_auth_with_github_app_installation(self):
             "Dependabot could be enabled for this repository. Please enable it by merging "
             "this pull request so that we can keep our dependencies up to date and "
             "secure.",
-            None,
+            "",
             False,
             "Create dependabot.yaml",
             None,
@@ -252,7 +252,7 @@ def test_get_env_vars_with_repos_no_dry_run(self):
             "Dependabot could be enabled for this repository. \
 Please enable it by merging this pull request so that \
 we can keep our dependencies up to date and secure.",
-            None,
+            "",
             False,
             "Create dependabot.yaml",
             None,
@@ -290,7 +290,7 @@ def test_get_env_vars_with_repos_disabled_security_updates(self):
             "Dependabot could be enabled for this repository. \
 Please enable it by merging this pull request so that \
 we can keep our dependencies up to date and secure.",
-            None,
+            "",
             False,
             "Create dependabot.yaml",
             None,
@@ -329,7 +329,7 @@ def test_get_env_vars_with_repos_filter_visibility_multiple_values(self):
             "Dependabot could be enabled for this repository. \
 Please enable it by merging this pull request so that \
 we can keep our dependencies up to date and secure.",
-            None,
+            "",
             False,
             "Create dependabot.yaml",
             None,
@@ -368,7 +368,7 @@ def test_get_env_vars_with_repos_filter_visibility_single_value(self):
             "Dependabot could be enabled for this repository. \
 Please enable it by merging this pull request so that \
 we can keep our dependencies up to date and secure.",
-            None,
+            "",
             False,
             "Create dependabot.yaml",
             None,
@@ -437,7 +437,7 @@ def test_get_env_vars_with_repos_filter_visibility_no_duplicates(self):
             "Dependabot could be enabled for this repository. \
 Please enable it by merging this pull request so that \
 we can keep our dependencies up to date and secure.",
-            None,
+            "",
             False,
             "Create dependabot.yaml",
             None,
@@ -477,7 +477,7 @@ def test_get_env_vars_with_repos_exempt_ecosystems(self):
             "Dependabot could be enabled for this repository. \
 Please enable it by merging this pull request so that \
 we can keep our dependencies up to date and secure.",
-            None,
+            "",
             False,
             "Create dependabot.yaml",
             None,
@@ -516,7 +516,7 @@ def test_get_env_vars_with_no_batch_size(self):
             "Dependabot could be enabled for this repository. \
 Please enable it by merging this pull request so that \
 we can keep our dependencies up to date and secure.",
-            None,
+            "",
             False,
             "Create dependabot.yaml",
             None,
@@ -556,7 +556,7 @@ def test_get_env_vars_with_batch_size(self):
             "Dependabot could be enabled for this repository. \
 Please enable it by merging this pull request so that \
 we can keep our dependencies up to date and secure.",
-            None,
+            "",
             False,
             "Create dependabot.yaml",
             None,
@@ -581,7 +581,7 @@ def test_get_env_vars_with_batch_size(self):
         clear=True,
     )
     def test_get_env_vars_with_invalid_batch_size_int(self):
-        """Test that filter_visibility is set correctly when there are duplicate values"""
+        """Test that invalid batch size with negative 1 throws exception"""
         with self.assertRaises(ValueError):
             get_env_vars()
 
@@ -597,10 +597,29 @@ def test_get_env_vars_with_invalid_batch_size_int(self):
         clear=True,
     )
     def test_get_env_vars_with_invalid_batch_size_str(self):
-        """Test that filter_visibility is set correctly when there are duplicate values"""
+        """Test that invalid batch size of string throws exception"""
         with self.assertRaises(ValueError):
             get_env_vars()
 
+    @patch.dict(
+        os.environ,
+        {
+            "ORGANIZATION": "my_organization",
+            "GH_TOKEN": "my_token",
+            "CREATED_AFTER_DATE": "20200101",
+        },
+        clear=True,
+    )
+    def test_get_env_vars_with_badly_formatted_created_after_date(self):
+        """Test that"""
+        with self.assertRaises(ValueError) as context_manager:
+            get_env_vars()
+        the_exception = context_manager.exception
+        self.assertEqual(
+            str(the_exception),
+            "CREATED_AFTER_DATE '20200101' environment variable not in YYYY-MM-DD",
+        )
+
 
 if __name__ == "__main__":
     unittest.main()
diff --git a/test_evergreen.py b/test_evergreen.py
@@ -584,7 +584,7 @@ class TestIsRepoCreateDateBeforeCreatedAfterDate(unittest.TestCase):
     """Test the is_repo_create_date_before_created_after_date function in evergreen.py"""
 
     def test_is_repo_create_date_before_created_after_date(self):
-        """Test the repo.created_at date is before created_after_date."""
+        """Test the repo.created_at date is before created_after_date and has timezone."""
         repo_created_at = "2020-01-01T05:00:00Z"
         created_after_date = "2021-01-01"
 
@@ -593,7 +593,7 @@ def test_is_repo_create_date_before_created_after_date(self):
         self.assertTrue(result)
 
     def test_is_repo_create_date_is_after_created_after_date(self):
-        """Test the repo.created_at date is after created_after_date."""
+        """Test the repo.created_at date is after created_after_date and has timezone."""
         repo_created_at = "2022-01-01T05:00:00Z"
         created_after_date = "2021-01-01"
 
@@ -602,7 +602,7 @@ def test_is_repo_create_date_is_after_created_after_date(self):
         self.assertFalse(result)
 
     def test_is_repo_created_date_has_no_time_zone(self):
-        """Test the repo.created_at date is after created_after_date."""
+        """Test the repo.created_at date is before created_after_date with no timezone."""
         repo_created_at = "2020-01-01"
         created_after_date = "2021-01-01"
 
@@ -619,6 +619,25 @@ def test_is_created_after_date_is_empty_string(self):
 
         self.assertFalse(result)
 
+    def test_is_repo_created_date_is_before_created_after_date_without_timezene_again(
+        self,
+    ):
+        """Test the repo.created_at date is before created_after_date without timezone again."""
+        repo_created_at = "2018-01-01"
+        created_after_date = "2020-01-01"
+
+        result = is_repo_created_date_before(repo_created_at, created_after_date)
+
+        self.assertTrue(result)
+
+    def test_is_repo_created_date_and_created_after_date_is_not_a_date(self):
+        """Test the repo.created_at date and the created_after_date argument is not a date."""
+        repo_created_at = "2018-01-01"
+        created_after_date = "Not a date"
+
+        with self.assertRaises(ValueError):
+            is_repo_created_date_before(repo_created_at, created_after_date)
+
 
 if __name__ == "__main__":
     unittest.main()
