feat: Add comment required support

ghasreview/app.py

@@ -132,6 +132,21 @@ def onCodeScanningAlertClose():
         f"Processing Alert :: {alert.owner}/{alert.repository} => {alert.id} ({alert.ref})"
     )
 
+    # Check if comment in alert
+    if current_app.config.get("GHAS_COMMENT_REQUIRED") and not alert.hasDismissedComment():
+        logger.debug(f"Comment required, reopeneing alert: {alert.id}")
+
+        open_alert = alert.client.reOpenCodeScanningAlert(
+            alert.owner, alert.repository, alert.id,
+        )
+        if open_alert.status_code != 200:
+            logger.error(f"Unable to re-open alert :: {alert.id}")
+            logger.error("This might be a permissions issue, please check the documentation for more details")
+            return {"message": "Unable to re-open alert"}
+        return {
+            "message": "Comment required, re-opening alert"
+        }
+
     # Check tool and severity
     tool = current_app.config.get("GHAS_TOOL")
     if tool and alert.tool != tool:

ghasreview/models/codescanning.py

@@ -38,6 +38,10 @@ def ref(self) -> str:
             "ref"
         ) or self.payload.get("ref", "")
 
+
+    def hasDismissedComment(self) -> bool:
+        return self.payload.get("dismissed_comment") is not None
+
     @property
     def tool(self) -> str:
         return self.payload.get("alert", {}).get("tool", {}).get("name", "")

ghasreview/setup.py

@@ -25,6 +25,9 @@ def parse_arguments():
     parser_github.add_argument(
         "--ghas-tool-name", default=os.environ.get("GITHUB_TOOL_NAME") or "CodeQL"
     )
+    parser_github.add_argument(
+        "--ghas-comment-required", default=bool(os.environ.get("GITHUB_GHAS_COMMENT_REQUIRED", 0))
+    )
 
     parser_github = parser.add_argument_group("GitHub")
     parser_github.add_argument(
@@ -59,6 +62,7 @@ def setup_logging(arguments):
     logging.info(f"GitHub Key Path :: {arguments.github_app_key_path}")
     logging.debug(f"GitHub App Secret :: {arguments.github_app_secret}")
     logging.debug(f"GHAS Tool Name :: {arguments.ghas_tool_name}")
+    logging.debug(f"GHAS Comment Required :: {arguments.ghas_comment_required}")
 
 
 def validate_arguments(arguments):
@@ -95,6 +99,7 @@ def setup_app():
         # Team name
         "GHAS_TEAM": arguments.ghas_team_name,
         "GHAS_BOARD_NAME": "GHAS Reviewers Audit Board",
+        "GHAS_COMMENT_REQUIRED": arguments.ghas_comment_required,
         # Tool and severities to check
         "GHAS_TOOL": arguments.ghas_tool_name,
         "GHAS_SEVERITIES": ["critical", "high", "error", "errors"],