Skip to content

Fix/code scanning workflow dispatch #160

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Fix/code scanning workflow dispatch #160

wants to merge 3 commits into from

Conversation

Flipmonster
Copy link

@Flipmonster Flipmonster commented Mar 7, 2025
edited
Loading

This PR improves how code scanning analyses are retrieved when triggered by workflow_dispatch events, particularly in the context of pull requests.

Changes include enhanced PR reference handling, better debug logging, and improved property access on CodeAlert objects. The changes ensure that both head and merge refs are tried in the correct order, providing better support for workflow_dispatch events in pull request contexts.

This occurs because during workflow_dispatch events, the reference handling wasn't properly considering the PR context, leading to failed analysis retrieval.

  1. Enhanced PR reference handling to properly try both head and merge refs:
# Before: Only tried repository reference
analysis = self.getAnalyses(reference=self.repository.reference)

# After: Explicitly try PR-specific references
merge_ref = f'refs/pull/{self.repository.getPullRequestNumber()}/merge'
head_ref = f'refs/pull/{self.repository.getPullRequestNumber()}/head'


# Try head ref first (more accurate for workflow_dispatch)
analysis = self.getAnalyses(reference=head_ref)
if len(analysis) == 0:
    analysis = self.getAnalyses(reference=merge_ref)
  1. Added proper PR head branch detection from PR info:
# Added PR head branch detection
pr_info = self.repository.getPullRequestInfo()
if pr_info and "head" in pr_info:
    self.branch = pr_info["head"].get("ref")
  1. Added better debug logging:
logger.debug(f'Getting Analyses for ref: {ref}')
logger.debug(f'Repository reference: {self.repository.reference}')
logger.debug(f'Repository branch: {self.repository.branch}')
logger.debug(f'Is in PR: {self.repository.isInPullRequest()}')
  1. Fixed property access on CodeAlert objects:
    • Standardized property access patterns
    • Fixed inconsistencies between dict-style and property access
    • Added proper type handling for CodeAlert properties

overview

This fix ensures that code scanning analyses are properly retrieved during workflow_dispatch events in pull requests, which is particularly important for:

  • Manual re-runs of code scanning checks
  • Custom workflow triggers
  • Integration with other CI/CD processes

The changes maintain backward compatibility while improving the robustness of the code scanning analysis retrieval process.

Testing

The changes have been tested with:

  • Regular pull request checks
  • workflow_dispatch events in pull requests
  • Different reference formats (head and merge)
  • Various PR states and configurations

Documentation

For more information about the code scanning API endpoints being used, see:
https://docs.github.com/en/enterprise-cloud@latest/rest/code-scanning#list-code-scanning-analyses-for-a-repository

Reopening here as well since there are some other changes - After playing around with a few different setups.

@Flipmonster
fix: Improve code scanning analysis for workflow_dispatch events
de4a3b0 
- Enhanced PR reference handling to better support workflow_dispatch events

- Added better debug logging for reference handling

- Modified getAlertsInPR to try head ref before merge ref

- Fixed property access on CodeAlert objects

- Added PR head branch detection from PR info

This change improves how code scanning analyses are retrieved when triggered by workflow_dispatch events, particularly in the context of pull requests. It adds more robust reference handling and better debugging capabilities.
@Flipmonster
add some more error handling
92c62af
@Copilot Copilot AI review requested due to automatic review settings March 7, 2025 16:28
@Flipmonster Flipmonster requested a review from GeekMasher as a code owner March 7, 2025 16:28
Copilot
Copilot AI reviewed Mar 7, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR Overview

This PR improves the retrieval logic for code scanning analyses when triggered by workflow_dispatch events in pull request contexts. Key changes include enhanced PR reference handling by trying multiple refs, improved debug logging, and standardized property access on CodeAlert objects.

Reviewed Changes

File Description
ghascompliance/checks.py Updated logic for retrieving code scanning alerts with multiple refs and improved error/debug logging

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

Comments suppressed due to low confidence (1)

ghascompliance/checks.py:105

  • The refs_to_try list starts with the merge ref, but the PR description indicates that the head ref should be tried first. Consider reordering the list so that the head ref is attempted before the merge ref.
f"refs/pull/{GitHub.repository.getPullRequestNumber()}/merge",

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@GeekMasher GeekMasher Awaiting requested review from GeekMasher

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Flipmonster