From 3bd2356a96ca07bc614ee421173e2b1a14e42e9e Mon Sep 17 00:00:00 2001
From: Franco Hielpos <48300215+fhielpos@users.noreply.github.com>
Date: Tue, 28 Nov 2023 18:32:02 +0100
Subject: [PATCH] Add nancy-fixer (#52)

---
 .../zz_generated.fix_vulnerabilities.yaml     | 26 +++++++++++++++----
 1 file changed, 21 insertions(+), 5 deletions(-)

diff --git a/.github/workflows/zz_generated.fix_vulnerabilities.yaml b/.github/workflows/zz_generated.fix_vulnerabilities.yaml
index 4d55788..164234d 100644
--- a/.github/workflows/zz_generated.fix_vulnerabilities.yaml
+++ b/.github/workflows/zz_generated.fix_vulnerabilities.yaml
@@ -23,9 +23,13 @@ jobs:
     name: Gather facts
     runs-on: ubuntu-22.04
     outputs:
-      repo_name: ${{ steps.gather_facts.outputs.repo_name }}
       branch: ${{ steps.gather_facts.outputs.branch }}
+      skip : ${{ steps.gather_facts.outputs.skip }}
     steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          ref: ${{ inputs.branch || github.event.ref }}
       - name: Gather facts
         id: gather_facts
         run: |
@@ -33,15 +37,23 @@ jobs:
           echo "branch=${head}" >> $GITHUB_OUTPUT
 
           head="${head#refs/heads/}" # Strip "refs/heads/" prefix.
-          repo_name="$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')"
-          echo "repo_name=\"$repo_name\" base=\"$base\" head=\"$head\" version=\"$version\""
-          echo "repo_name=${repo_name}" >> $GITHUB_OUTPUT
           echo "head=${head}" >> $GITHUB_OUTPUT
+
+          # Skip if there are no go mod files
+          if [[ ! -e go.mod ]] && [[ ! -e go.sum ]]; then
+            skip=true
+            echo "There are no go mod files in the repo, skipping"
+          else
+            skip=false
+          fi
+          echo "skip=${skip}" >> $GITHUB_OUTPUT
+          echo head=\"$head\" skip=\"$skip\""
   run_nancy_fixer:
     name: Fix vulnerabilities with nancy-fixer
     runs-on: ubuntu-22.04
     needs:
       - gather_facts
+    if: ${{ needs.gather_facts.outputs.skip != 'true' }}
     steps:
       - name: Generate a token
         id: generate_token
@@ -64,7 +76,11 @@ jobs:
       - name: Commit new files
         run: |
           git add -A
-          git commit -m "Apply fixes for vulnerabilities"
+          if git diff-index --quiet HEAD; then
+            echo "No changes found"
+          else
+            git commit -m "Remediate Nancy findings"
+          fi
       - name: Push changes
         env:
           remote_repo: "https://${{ github.actor }}:${{ steps.generate_token.outputs.token }}@github.com/${{ github.repository }}.git"