robojerk/codeql-action

Treat status reports as non-critical

Browse source 
Change `sendStatusReport` to `void`
This commit is contained in:
Josh Soref 2024-01-31 12:23:50 -05:00
parent 43a8916cbe
commit 5a6da1d85d
28 changed files with 146 additions and 138 deletions
Download patch file Download diff file Expand all files Collapse all files

25
lib/status-report.js generated
View file

@ -150,8 +150,6 @@ async function createStatusReportBase(actionName, status, actionStartedAt, diskI
return statusReport;
}
exports.createStatusReportBase = createStatusReportBase;
const GENERIC_403_MSG = "The repo on which this action is running is not opted-in to CodeQL code scanning.";
const GENERIC_404_MSG = "Not authorized to use the CodeQL code scanning feature on this repo.";
const OUT_OF_DATE_MSG = "CodeQL Action is out-of-date. Please upgrade to the latest version of codeql-action.";
const INCOMPATIBLE_MSG = "CodeQL Action version is incompatible with the code scanning endpoint. Please update to a compatible version of codeql-action.";
/**
@ -161,7 +159,10 @@ const INCOMPATIBLE_MSG = "CodeQL Action version is incompatible with the code sc
* as failed if the status report failed. This is only expected to be used
* when sending a 'starting' report.
*
* Returns whether sending the status report was successful of not.
* The `/code-scanning/analysis/status` endpoint is internal and it is not critical that it succeeds:
* https://github.com/github/codeql/issues/15462#issuecomment-1919186317
*
* Failures while calling this endpoint are logged as warings.
*/
async function sendStatusReport(statusReport) {
setJobStatusIfUnsuccessful(statusReport.status);
@ -170,7 +171,7 @@ async function sendStatusReport(statusReport) {
// If in test mode we don't want to upload the results
if ((0, util_1.isInTestMode)()) {
core.debug("In test mode. Status reports are not uploaded.");
return true;
return;
}
const nwo = (0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY");
const [owner, repo] = nwo.split("/");
@ -181,7 +182,6 @@ async function sendStatusReport(statusReport) {
repo,
data: statusReportJSON,
});
return true;
}
catch (e) {
console.log(e);
@ -190,18 +190,18 @@ async function sendStatusReport(statusReport) {
case 403:
if ((0, actions_util_1.getWorkflowEventName)() === "push" &&
process.env["GITHUB_ACTOR"] === "dependabot[bot]") {
core.setFailed('Workflows triggered by Dependabot on the "push" event run with read-only access. ' +
core.warning('Workflows triggered by Dependabot on the "push" event run with read-only access. ' +
"Uploading Code Scanning results requires write access. " +
'To use Code Scanning with Dependabot, please ensure you are using the "pull_request" event for this workflow and avoid triggering on the "push" event for Dependabot branches. ' +
"See https://docs.github.com/en/code-security/secure-coding/configuring-code-scanning#scanning-on-push for more information on how to configure these events.");
}
else {
core.setFailed(e.message || GENERIC_403_MSG);
core.warning(e.message);
}
return false;
return;
case 404:
core.setFailed(GENERIC_404_MSG);
return false;
core.warning(e.message);
return;
case 422:
// schema incompatibility when reporting status
// this means that this action version is no longer compatible with the API
@ -212,13 +212,12 @@ async function sendStatusReport(statusReport) {
else {
core.debug(OUT_OF_DATE_MSG);
}
return true;
return;
}
}
// something else has gone wrong and the request/response will be logged by octokit
// it's possible this is a transient error and we should continue scanning
core.error("An unexpected error occurred when sending code scanning status report.");
return true;
core.warning("An unexpected error occurred when sending code scanning status report.");
}
}
exports.sendStatusReport = sendStatusReport;