From 20eeb63ed31a379f682e495e2bd345d5f7e15677 Mon Sep 17 00:00:00 2001 From: Assaf Attias <49212512+attiasas@users.noreply.github.com> Date: Sun, 29 Dec 2024 14:01:04 +0200 Subject: [PATCH 1/2] Add option to control the Pnpm dependencies tree depth (#807) --- utils/consts.go | 1 + utils/params.go | 5 +++++ utils/scandetails.go | 1 + 3 files changed, 7 insertions(+) diff --git a/utils/consts.go b/utils/consts.go index ce7eb6d0a..171bbd8c6 100644 --- a/utils/consts.go +++ b/utils/consts.go @@ -53,6 +53,7 @@ const ( // Repository environment variables - Ignored if the frogbot-config.yml file is used InstallCommandEnv = "JF_INSTALL_DEPS_CMD" + MaxPnpmTreeDepthEnv = "JF_PNPM_MAX_TREE_DEPTH" RequirementsFileEnv = "JF_REQUIREMENTS_FILE" WorkingDirectoryEnv = "JF_WORKING_DIR" PathExclusionsEnv = "JF_PATH_EXCLUSIONS" diff --git a/utils/params.go b/utils/params.go index cd37388db..8a009b02e 100644 --- a/utils/params.go +++ b/utils/params.go @@ -89,6 +89,7 @@ type Project struct { WorkingDirs []string `yaml:"workingDirs,omitempty"` PathExclusions []string `yaml:"pathExclusions,omitempty"` UseWrapper *bool `yaml:"useWrapper,omitempty"` + MaxPnpmTreeDepth string `yaml:"maxPnpmTreeDepth,omitempty"` DepsRepo string `yaml:"repository,omitempty"` InstallCommandName string InstallCommandArgs []string @@ -131,6 +132,10 @@ func (p *Project) setDefaultsIfNeeded() error { if p.DepsRepo == "" { p.DepsRepo = getTrimmedEnv(DepsRepoEnv) } + if p.MaxPnpmTreeDepth == "" { + p.MaxPnpmTreeDepth = getTrimmedEnv(MaxPnpmTreeDepthEnv) + } + return nil } diff --git a/utils/scandetails.go b/utils/scandetails.go index c71570fae..1de80e0ba 100644 --- a/utils/scandetails.go +++ b/utils/scandetails.go @@ -180,6 +180,7 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *res SetXscVersion(sc.XscVersion). SetPipRequirementsFile(sc.PipRequirementsFile). SetUseWrapper(*sc.UseWrapper). + SetMaxTreeDepth(sc.MaxPnpmTreeDepth). SetDepsRepo(sc.DepsRepo). SetIgnoreConfigFile(true). SetServerDetails(sc.ServerDetails). From b70fc3151ee94e6a95595d26b414bb7775cd4dd5 Mon Sep 17 00:00:00 2001 From: Eyal Kapon Date: Sun, 29 Dec 2024 15:56:53 +0200 Subject: [PATCH 2/2] Skip comment generation on PR success if needed (#809) --- scanpullrequest/scanallpullrequests_test.go | 11 +++++++---- utils/comment.go | 10 ++++++---- utils/consts.go | 1 + utils/params.go | 6 ++++++ utils/params_test.go | 1 + 5 files changed, 21 insertions(+), 8 deletions(-) diff --git a/scanpullrequest/scanallpullrequests_test.go b/scanpullrequest/scanallpullrequests_test.go index e50b990da..8d240172f 100644 --- a/scanpullrequest/scanallpullrequests_test.go +++ b/scanpullrequest/scanallpullrequests_test.go @@ -113,7 +113,8 @@ func TestScanAllPullRequestsMultiRepo(t *testing.T) { firstRepoParams := utils.Params{ JFrogPlatform: utils.JFrogPlatform{XrayVersion: xrayVersion, XscVersion: xscVersion}, Scan: utils.Scan{ - FailOnSecurityIssues: &failOnSecurityIssues, + AddPrCommentOnSuccess: true, + FailOnSecurityIssues: &failOnSecurityIssues, Projects: []utils.Project{{ InstallCommandName: "npm", InstallCommandArgs: []string{"i"}, @@ -127,8 +128,9 @@ func TestScanAllPullRequestsMultiRepo(t *testing.T) { Git: gitParams.Git, JFrogPlatform: utils.JFrogPlatform{XrayVersion: xrayVersion, XscVersion: xscVersion}, Scan: utils.Scan{ - FailOnSecurityIssues: &failOnSecurityIssues, - Projects: []utils.Project{{WorkingDirs: []string{utils.RootDir}, UseWrapper: &utils.TrueVal}}}, + AddPrCommentOnSuccess: true, + FailOnSecurityIssues: &failOnSecurityIssues, + Projects: []utils.Project{{WorkingDirs: []string{utils.RootDir}, UseWrapper: &utils.TrueVal}}}, } configAggregator := utils.RepoAggregator{ @@ -176,7 +178,8 @@ func TestScanAllPullRequests(t *testing.T) { params := utils.Params{ JFrogPlatform: utils.JFrogPlatform{XrayVersion: xrayVersion, XscVersion: xscVersion}, Scan: utils.Scan{ - FailOnSecurityIssues: &falseVal, + AddPrCommentOnSuccess: true, + FailOnSecurityIssues: &falseVal, Projects: []utils.Project{{ InstallCommandName: "npm", InstallCommandArgs: []string{"i"}, diff --git a/utils/comment.go b/utils/comment.go index 1eff87646..f353a17bd 100644 --- a/utils/comment.go +++ b/utils/comment.go @@ -45,10 +45,12 @@ func HandlePullRequestCommentsAfterScan(issues *IssuesCollection, repo *Reposito } // Add summary (SCA, license) scan comment - for _, comment := range generatePullRequestSummaryComment(issues, repo.OutputWriter) { - if err = client.AddPullRequestComment(context.Background(), repo.RepoOwner, repo.RepoName, comment, pullRequestID); err != nil { - err = errors.New("couldn't add pull request comment: " + err.Error()) - return + if issues.IssuesExists() || repo.AddPrCommentOnSuccess { + for _, comment := range generatePullRequestSummaryComment(issues, repo.OutputWriter) { + if err = client.AddPullRequestComment(context.Background(), repo.RepoOwner, repo.RepoName, comment, pullRequestID); err != nil { + err = errors.New("couldn't add pull request comment: " + err.Error()) + return + } } } diff --git a/utils/consts.go b/utils/consts.go index 171bbd8c6..f51e44b77 100644 --- a/utils/consts.go +++ b/utils/consts.go @@ -61,6 +61,7 @@ const ( jfrogProjectEnv = "JF_PROJECT" IncludeAllVulnerabilitiesEnv = "JF_INCLUDE_ALL_VULNERABILITIES" AvoidPreviousPrCommentsDeletionEnv = "JF_AVOID_PREVIOUS_PR_COMMENTS_DELETION" + AddPrCommentOnSuccessEnv = "JF_PR_ADD_SUCCESS_COMMENT" FailOnSecurityIssuesEnv = "JF_FAIL" UseWrapperEnv = "JF_USE_WRAPPER" DepsRepoEnv = "JF_DEPS_REPO" diff --git a/utils/params.go b/utils/params.go index 8a009b02e..ad71a894f 100644 --- a/utils/params.go +++ b/utils/params.go @@ -162,6 +162,7 @@ type Scan struct { AvoidPreviousPrCommentsDeletion bool `yaml:"avoidPreviousPrCommentsDeletion,omitempty"` MinSeverity string `yaml:"minSeverity,omitempty"` DisableJas bool `yaml:"disableJas,omitempty"` + AddPrCommentOnSuccess bool `yaml:"addPrCommentOnSuccess,omitempty"` AllowedLicenses []string `yaml:"allowedLicenses,omitempty"` Projects []Project `yaml:"projects,omitempty"` EmailDetails `yaml:",inline"` @@ -227,6 +228,11 @@ func (s *Scan) setDefaultsIfNeeded() (err error) { return } } + if !s.AddPrCommentOnSuccess { + if s.AddPrCommentOnSuccess, err = getBoolEnv(AddPrCommentOnSuccessEnv, true); err != nil { + return + } + } if !s.DetectionOnly { if s.DetectionOnly, err = getBoolEnv(DetectionOnlyEnv, false); err != nil { return diff --git a/utils/params_test.go b/utils/params_test.go index e409e09ab..6f56585e2 100644 --- a/utils/params_test.go +++ b/utils/params_test.go @@ -401,6 +401,7 @@ func validateBuildRepoAggregator(t *testing.T, repo *Repository, gitParams *Git, assert.Equal(t, "Medium", repo.MinSeverity) assert.Equal(t, true, repo.FixableOnly) assert.Equal(t, true, repo.DisableJas) + assert.Equal(t, true, repo.AddPrCommentOnSuccess) assert.Equal(t, true, repo.DetectionOnly) assert.ElementsMatch(t, []string{"MIT", "Apache-2.0"}, repo.AllowedLicenses) assert.Equal(t, gitParams.RepoOwner, repo.RepoOwner)