Don't pave over files when resetting the base branch

Author: jdalton

src/commands/fix/git.ts

@@ -0,0 +1,67 @@
+import { logger } from '@socketsecurity/registry/lib/logger'
+import { spawn } from '@socketsecurity/registry/lib/spawn'
+
+import constants from '../../constants'
+
+const { GITHUB_REF_NAME } = constants
+
+export async function branchExists(
+  branch: string,
+  cwd: string | undefined = process.cwd()
+): Promise<boolean> {
+  try {
+    await spawn(
+      'git',
+      ['show-ref', '--verify', '--quiet', `refs/heads/${branch}`],
+      {
+        cwd,
+        stdio: 'ignore'
+      }
+    )
+    return true
+  } catch {}
+  return false
+}
+
+export async function checkoutBaseBranchIfAvailable(
+  baseBranch: string,
+  cwd: string | undefined = process.cwd()
+) {
+  try {
+    await spawn('git', ['checkout', baseBranch], { cwd })
+    await spawn('git', ['reset', '--hard', `origin/${baseBranch}`], { cwd })
+    logger.info(`Checked out and reset to ${baseBranch}`)
+  } catch {
+    logger.warn(`Could not switch to ${baseBranch}. Proceeding with HEAD.`)
+  }
+}
+
+export async function createAndPushBranchIfNeeded(
+  branch: string,
+  commitMsg: string,
+  cwd: string = process.cwd()
+): Promise<boolean> {
+  if (await branchExists(branch, cwd)) {
+    logger.warn(`Branch "${branch}" already exists. Skipping creation.`)
+    return false
+  }
+  await spawn('git', ['checkout', '-b', branch], { cwd })
+  await spawn('git', ['add', 'package.json', 'pnpm-lock.yaml'], { cwd })
+  await spawn('git', ['commit', '-m', commitMsg], { cwd })
+  await spawn('git', ['push', '--set-upstream', 'origin', branch], { cwd })
+  return true
+}
+
+export function getBaseBranch() {
+  // Lazily access constants.ENV[GITHUB_REF_NAME].
+  return (
+    constants.ENV[GITHUB_REF_NAME] ??
+    // GitHub defaults to branch name "main"
+    // https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch
+    'main'
+  )
+}
+
+export function getSocketBranchName(name: string, version: string): string {
+  return `socket-fix-${name}-${version.replace(/\./g, '-')}`
+}

src/commands/fix/npm-fix.ts

@@ -7,11 +7,15 @@ import {
   readPackageJson
 } from '@socketsecurity/registry/lib/packages'
 
+import {
+  checkoutBaseBranchIfAvailable,
+  getBaseBranch,
+  getSocketBranchName
+} from './git'
 import {
   doesPullRequestExistForBranch,
   enableAutoMerge,
   getGitHubRepoInfo,
-  getSocketBranchName,
   openGitHubPullRequest
 } from './open-pr'
 import { NormalizedFixOptions } from './types'
@@ -160,6 +164,13 @@ export async function npmFix(
 
         spinner?.info(`Installing ${fixSpec}`)
 
+        const { owner, repo } = getGitHubRepoInfo()
+        const baseBranch = getBaseBranch()
+        const branch = getSocketBranchName(name, targetVersion)
+
+        // eslint-disable-next-line no-await-in-loop
+        await checkoutBaseBranchIfAvailable(baseBranch, cwd)
+
         let installed = false
         let saved = false
         try {
@@ -200,8 +211,6 @@ export async function npmFix(
           return
         }
 
-        const { owner, repo } = getGitHubRepoInfo()
-        const branch = getSocketBranchName(name, targetVersion)
         if (
           // Lazily access constants.ENV[CI].
           constants.ENV[CI] &&
@@ -214,6 +223,7 @@ export async function npmFix(
             prResponse = await openGitHubPullRequest(
               owner,
               repo,
+              baseBranch,
               branch,
               name,
               targetVersion,

src/commands/fix/open-pr.ts

@@ -10,43 +10,8 @@ import type { OctokitResponse } from '@octokit/types'
 
 type PullsCreateResponseData = components['schemas']['pull-request']
 
-const {
-  GITHUB_ACTIONS,
-  GITHUB_REF_NAME,
-  GITHUB_REPOSITORY,
-  SOCKET_SECURITY_GITHUB_PAT
-} = constants
-
-async function branchExists(
-  branch: string,
-  cwd: string | undefined = process.cwd()
-): Promise<boolean> {
-  try {
-    await spawn(
-      'git',
-      ['show-ref', '--verify', '--quiet', `refs/heads/${branch}`],
-      {
-        cwd,
-        stdio: 'ignore'
-      }
-    )
-    return true
-  } catch {}
-  return false
-}
-
-async function checkoutBaseBranchIfAvailable(
-  baseBranch: string,
-  cwd: string | undefined = process.cwd()
-) {
-  try {
-    await spawn('git', ['checkout', baseBranch], { cwd })
-    await spawn('git', ['reset', '--hard', `origin/${baseBranch}`], { cwd })
-    logger.info(`Checked out and reset to ${baseBranch}`)
-  } catch {
-    logger.warn(`Could not switch to ${baseBranch}. Proceeding with HEAD.`)
-  }
-}
+const { GITHUB_ACTIONS, GITHUB_REPOSITORY, SOCKET_SECURITY_GITHUB_PAT } =
+  constants
 
 type GitHubRepoInfo = {
   owner: string
@@ -125,13 +90,10 @@ export function getGitHubRepoInfo(): GitHubRepoInfo {
   }
 }
 
-export function getSocketBranchName(name: string, version: string): string {
-  return `socket-fix-${name}-${version.replace(/\./g, '-')}`
-}
-
 export async function openGitHubPullRequest(
   owner: string,
   repo: string,
+  baseBranch: string,
   branch: string,
   name: string,
   version: string,
@@ -144,30 +106,12 @@ export async function openGitHubPullRequest(
     if (!pat) {
       throw new Error('Missing SOCKET_SECURITY_GITHUB_PAT environment variable')
     }
-    const baseBranch =
-      // Lazily access constants.ENV[GITHUB_REF_NAME].
-      constants.ENV[GITHUB_REF_NAME] ??
-      // GitHub defaults to branch name "main"
-      // https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/about-branches#about-the-default-branch
-      'main'
-
     const commitMsg = `chore: upgrade ${name} to ${version}`
     const url = `https://x-access-token:${pat}@github.com/${owner}/${repo}`
 
     await spawn('git', ['remote', 'set-url', 'origin', url], {
       cwd
     })
-
-    if (await branchExists(branch, cwd)) {
-      logger.warn(`Branch "${branch}" already exists. Skipping creation.`)
-    } else {
-      await checkoutBaseBranchIfAvailable(baseBranch, cwd)
-      await spawn('git', ['checkout', '-b', branch], { cwd })
-      await spawn('git', ['add', 'package.json', 'pnpm-lock.yaml'], { cwd })
-      await spawn('git', ['commit', '-m', commitMsg], { cwd })
-      await spawn('git', ['push', '--set-upstream', 'origin', branch], { cwd })
-    }
-
     const octokit = getOctokit()
     return await octokit.pulls.create({
       owner,

src/commands/fix/pnpm-fix.ts

@@ -10,11 +10,15 @@ import {
   readPackageJson
 } from '@socketsecurity/registry/lib/packages'
 
+import {
+  checkoutBaseBranchIfAvailable,
+  getBaseBranch,
+  getSocketBranchName
+} from './git'
 import {
   doesPullRequestExistForBranch,
   enableAutoMerge,
   getGitHubRepoInfo,
-  getSocketBranchName,
   openGitHubPullRequest
 } from './open-pr'
 import { applyRange } from './shared'
@@ -203,6 +207,13 @@ export async function pnpmFix(
 
         spinner?.info(`Installing ${fixSpec}`)
 
+        const { owner, repo } = getGitHubRepoInfo()
+        const baseBranch = getBaseBranch()
+        const branch = getSocketBranchName(name, targetVersion)
+
+        // eslint-disable-next-line no-await-in-loop
+        await checkoutBaseBranchIfAvailable(baseBranch, cwd)
+
         let installed = false
         let saved = false
         try {
@@ -244,8 +255,6 @@ export async function pnpmFix(
           return
         }
 
-        const { owner, repo } = getGitHubRepoInfo()
-        const branch = getSocketBranchName(name, targetVersion)
         if (
           // Lazily access constants.ENV[CI].
           constants.ENV[CI] &&
@@ -258,6 +267,7 @@ export async function pnpmFix(
             prResponse = await openGitHubPullRequest(
               owner,
               repo,
+              baseBranch,
               branch,
               name,
               targetVersion,