feat: Add Dependabot Alerts PR API

GeekMasher · Aug 15, 2024 · 076145d · 076145d
1 parent d4e5795
commit 076145d
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/src/ghastoolkit/octokit/dependabot.py b/src/ghastoolkit/octokit/dependabot.py
@@ -116,6 +116,34 @@ def getAlerts(
             docs="https://docs.github.com/en/rest/dependabot/alerts",
         )
 
+    def getAlertsInPR(self) -> list[DependencyAlert]:
+        """Get All Dependabot alerts from REST API in Pull Request."""
+        logger.debug("Dependabot Alerts from Pull Request using DependencyGraph API")
+
+        from ghastoolkit import DependencyGraph
+
+        depgraph = DependencyGraph(repository=self.repository)
+
+        pr_info = self.repository.getPullRequestInfo()
+        pr_base = pr_info.get("base", {}).get("ref", "")
+        pr_head = pr_info.get("head", {}).get("ref", "")
+
+        if pr_base == "" or pr_head == "":
+            raise GHASToolkitError(
+                "Failed to get base and head branch of pull request",
+                permissions=[
+                    '"Contents" repository permissions (read)',
+                    '"Pull requests" permissions (read)',
+                ],
+                docs="https://docs.github.com/en/rest/reference/repos#get-a-repository",
+            )
+
+        dependencies = depgraph.getDependenciesInPR(pr_base, pr_head)
+        alerts = []
+        for dep in dependencies:
+            alerts.extend(dep.alerts)
+        return alerts
+
     def getAlertsGraphQL(self) -> list[DependencyAlert]:
         """Get All Dependabot alerts from GraphQL API using the `GetDependencyAlerts` query."""
         results = []