feat: improve debug log level and add fail-if-detect-fails (#9)

tvcsantos · Sep 12, 2023 · 98318b8 · 98318b8
1 parent 9292525
commit 98318b8
Show file tree

Hide file tree

Showing 5 changed files with 91 additions and 18 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,6 +5,15 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [1.2.0] - 2023-09-12
+
+### Changed
+
+- Re-add `fail-on-all-policy-severities` input
+- Change log level on debug to another key
+- Auto-enable diagnostic mode when debug mode is enabled
+- Add `fail-if-detect-fails` input to propagate detect error as action failure
+
 ## [1.1.0] - 2023-09-11
 
 ### Added
@@ -36,7 +45,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Improve logging
 - Update dependencies and refactor action
 
-[Unreleased]: https://github.com/mercedesbenzio/detect-action/compare/v1.1.0...main
+[Unreleased]: https://github.com/mercedesbenzio/detect-action/compare/v1.2.0...main
+[1.2.0]: https://github.com/mercedesbenzio/detect-action/compare/v1.1.0...v1.2.0
 [1.1.0]: https://github.com/mercedesbenzio/detect-action/compare/v1.0.0...v1.1.0
 [1.0.0]: https://github.com/mercedesbenzio/detect-action/compare/v0.4.0...v1.0.0
 [0.4.0]: https://github.com/mercedesbenzio/detect-action/releases/tag/v0.4.0
diff --git a/action.yml b/action.yml
@@ -28,15 +28,25 @@ inputs:
         - INTELLIGENT: persists the results and allows all features of Detect.
     required: false
     default: 'RAPID'
+  fail-on-all-policy-severities:
+    description: |-
+      By default, Detect will only fail on policy violations with BLOCKER or CRITICAL severities.
+      This flag will cause the action to fail on all policy severities.
+    required: false
+    default: 'false'
   output-path-override:
     description: 'Override for where to output Detect files, default is $RUNNER_TEMP/blackduck/'
     required: false
   detect-trust-cert:
     description: |-
       When set to true Detect will trust the Black Duck certificate
       even if the certificate is not in the keystore.
+    required: false
     default: 'true'
+  fail-if-detect-fails:
+    description: 'Fail the action if detect exits with an error code'
     required: false
+    default: 'false'
 outputs:
   detect-exit-code:
     description: 'A number indicating Detect exit code'

diff --git a/dist/index.js b/dist/index.js
diff --git a/src/detect/detect-facade.ts b/src/detect/detect-facade.ts
@@ -102,11 +102,17 @@ export class DetectFacade {
       `--detect.scan.output.path=${outputPath}`
     ]
     if (core.isDebug()) {
-      detectArguments.push('--logging.level.detect=DEBUG')
+      detectArguments.push('--logging.level.com.synopsys.integration=DEBUG')
     }
     return detectArguments
   }
 
+  private enableDiagnosticModeIfDebugEnabled(): void {
+    if (core.isDebug()) {
+      process.env[DetectEnvironmentProperties.DETECT_DIAGNOSTIC] = 'true'
+    }
+  }
+
   private isDiagnosticModeEnabled(): boolean {
     const diagnosticMode =
       process.env[
@@ -136,7 +142,7 @@ export class DetectFacade {
   }
 
   private async processRapidScanResult(
-    exitedWithFailurePolicyViolation: boolean,
+    failureConditionsMet: boolean,
     outputPath: string
   ): Promise<boolean> {
     core.info(
@@ -149,7 +155,7 @@ export class DetectFacade {
     const reportResult = await this.blackDuckReportGenerator.generateReport(
       scanJsonPaths[0],
       {
-        failureConditionsMet: exitedWithFailurePolicyViolation,
+        failureConditionsMet,
         maxSize: MAX_REPORT_SIZE
       }
     )
@@ -172,15 +178,15 @@ export class DetectFacade {
 
   private async processDetectResult(
     outputPath: string,
-    exitedWithFailurePolicyViolation: boolean
+    failureConditionsMet: boolean
   ): Promise<boolean> {
     core.info(`${TOOL_NAME} executed successfully.`)
 
     let hasPolicyViolations = false
 
     if (this.inputs.scanMode === RAPID_SCAN) {
       hasPolicyViolations = await this.processRapidScanResult(
-        exitedWithFailurePolicyViolation,
+        failureConditionsMet,
         outputPath
       )
     }
@@ -228,6 +234,7 @@ export class DetectFacade {
   }
 
   async run(): Promise<void> {
+    this.enableDiagnosticModeIfDebugEnabled()
     this.setNodeTlsRejectUnauthorized()
 
     const outputPath = this.getOutputPath()
@@ -254,7 +261,8 @@ export class DetectFacade {
     if (isSuccessOrPolicyFailure) {
       const hasPolicyViolations = await this.processDetectResult(
         outputPath,
-        detectExitCode === ExitCode.FAILURE_POLICY_VIOLATION
+        detectExitCode === ExitCode.FAILURE_POLICY_VIOLATION ||
+          this.inputs.failOnAllPolicySeverities
       )
 
       if (hasPolicyViolations) {
@@ -271,7 +279,14 @@ export class DetectFacade {
     const isFailureAndNotRapidScan =
       detectExitCode !== ExitCode.SUCCESS && this.inputs.scanMode !== RAPID_SCAN
 
-    if (!isSuccessOrPolicyFailure || isFailureAndNotRapidScan) {
+    const isFailureAndFailIfDetectFails =
+      detectExitCode !== ExitCode.SUCCESS && this.inputs.failIfDetectFails
+
+    if (
+      isFailureAndFailIfDetectFails ||
+      !isSuccessOrPolicyFailure ||
+      isFailureAndNotRapidScan
+    ) {
       throw new Error(
         `Detect failed with exit code: ${detectExitCode} - ${getExitCodeName(
           detectExitCode

diff --git a/src/input/inputs.ts b/src/input/inputs.ts
@@ -6,8 +6,10 @@ export interface Inputs {
   blackDuckApiToken: string
   detectVersion?: string
   scanMode: string
+  failOnAllPolicySeverities: boolean
   outputPathOverride: string
   detectTrustCertificate: string
+  failIfDetectFails: boolean
 }
 
 export enum Input {
@@ -17,8 +19,10 @@ export enum Input {
   BLACKDUCK_API_TOKEN = 'blackduck-api-token',
   DETECT_VERSION = 'detect-version',
   SCAN_MODE = 'scan-mode',
+  FAIL_ON_ALL_POLICY_SEVERITIES = 'fail-on-all-policy-severities',
   OUTPUT_PATH_OVERRIDE = 'output-path-override',
-  DETECT_TRUST_CERTIFICATE = 'detect-trust-cert'
+  DETECT_TRUST_CERTIFICATE = 'detect-trust-cert',
+  FAIL_IF_DETECT_FAILS = 'fail-if-detect-fails'
 }
 
 export function gatherInputs(): Inputs {
@@ -27,16 +31,20 @@ export function gatherInputs(): Inputs {
   const blackDuckApiToken = getInputBlackDuckApiToken()
   const detectVersion = getInputDetectVersion()
   const scanMode = getInputScanMode()
+  const failOnAllPolicySeverities = getInputFailOnAllPolicySeverities()
   const outputPathOverride = getInputOutputPathOverride()
   const detectTrustCertificate = getInputDetectTrustCertificate()
+  const failIfDetectFails = getInputFailIfDetectFails()
   return {
     token,
     blackDuckUrl,
     blackDuckApiToken,
     detectVersion,
     scanMode,
+    failOnAllPolicySeverities,
     outputPathOverride,
-    detectTrustCertificate
+    detectTrustCertificate,
+    failIfDetectFails
   }
 }
 
@@ -60,10 +68,18 @@ function getInputScanMode(): string {
   return core.getInput(Input.SCAN_MODE).toUpperCase()
 }
 
+function getInputFailOnAllPolicySeverities(): boolean {
+  return core.getBooleanInput(Input.FAIL_ON_ALL_POLICY_SEVERITIES)
+}
+
 function getInputOutputPathOverride(): string {
   return core.getInput(Input.OUTPUT_PATH_OVERRIDE)
 }
 
 function getInputDetectTrustCertificate(): string {
   return core.getInput(Input.DETECT_TRUST_CERTIFICATE)
 }
+
+function getInputFailIfDetectFails(): boolean {
+  return core.getBooleanInput(Input.FAIL_IF_DETECT_FAILS)
+}