Return exit code 2 on invalid or not found subject (#106)

mnsboev · web-flow · commit 2ceb596ef030 · 2025-07-21T15:27:38.000+03:00
diff --git a/evidence/create/create_custom.go b/evidence/create/create_custom.go
@@ -11,14 +11,16 @@ import (
 	"github.com/jfrog/jfrog-cli-artifactory/evidence"
 	"github.com/jfrog/jfrog-cli-artifactory/evidence/sigstore"
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
+	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	"github.com/jfrog/jfrog-client-go/utils/errorutils"
 )
 
 type createEvidenceCustom struct {
 	createEvidenceBase
-	subjectRepoPath    string
-	subjectSha256      string
-	sigstoreBundlePath string
+	subjectRepoPath       string
+	subjectSha256         string
+	sigstoreBundlePath    string
+	autoSubjectResolution bool
 }
 
 func NewCreateEvidenceCustom(serverDetails *config.ServerDetails, predicateFilePath, predicateType, markdownFilePath, key, keyId, subjectRepoPath,
@@ -63,13 +65,13 @@ func (c *createEvidenceCustom) Run() error {
 		return err
 	}
 
-	err = validateSubject(c.subjectRepoPath)
+	err = c.validateSubject()
 	if err != nil {
 		return err
 	}
 	err = c.uploadEvidence(evidencePayload, c.subjectRepoPath)
 	if err != nil {
-		err = handleSubjectNotFound(err, c.subjectRepoPath)
+		err = c.handleSubjectNotFound(err)
 		return err
 	}
 
@@ -83,6 +85,7 @@ func (c *createEvidenceCustom) processSigstoreBundle() ([]byte, error) {
 	}
 
 	if c.subjectRepoPath == "" {
+		c.autoSubjectResolution = true
 		extractedSubject, err := c.extractSubjectFromBundle(sigstoreBundle)
 		if err != nil {
 			return nil, err
@@ -100,7 +103,7 @@ func (c *createEvidenceCustom) extractSubjectFromBundle(bundle *bundle.Bundle) (
 	}
 
 	if subject == "" {
-		return "", errorutils.CheckErrorf("Subject is not found in the sigstore bundle. Please ensure the bundle contains a valid subject.")
+		return "", c.newSubjectError("Subject is not found in the sigstore bundle. Please ensure the bundle contains a valid subject.")
 	} else {
 		clientLog.Info("Subject " + subject + " is resolved from sigstore bundle.")
 	}
@@ -117,19 +120,32 @@ func (c *createEvidenceCustom) createDSSEEnvelope() ([]byte, error) {
 	return envelope, nil
 }
 
-func validateSubject(subject string) error {
+func (c *createEvidenceCustom) validateSubject() error {
 	// Pattern: must have at least one slash with non-empty sections
-	if matched, _ := regexp.MatchString(`^[^/]+(/[^/]+)+$`, subject); !matched {
-		return errorutils.CheckErrorf("Subject '%s' is invalid. Subject must be in format: <repo>/<path>/<name> or <repo>/<name>", subject)
+	if matched, _ := regexp.MatchString(`^[^/]+(/[^/]+)+$`, c.subjectRepoPath); !matched {
+		return c.newSubjectError("Subject '" + c.subjectRepoPath + "' is invalid. Subject must be in format: <repo>/<path>/<name> or <repo>/<name>")
 	}
 	return nil
 }
 
-func handleSubjectNotFound(err error, subject string) error {
+func (c *createEvidenceCustom) handleSubjectNotFound(err error) error {
 	errStr := err.Error()
 	if strings.Contains(errStr, "404 Not Found") {
 		clientLog.Debug("Server response error:", err.Error())
-		return errorutils.CheckErrorf("Subject '%s' is not found. Please ensure the subject exists.", subject)
+		return c.newSubjectError("Subject '" + c.subjectRepoPath + "' is not found. Please ensure the subject exists.")
 	}
 	return err
 }
+
+// newSubjectError creates an error with ExitCodeFailNoOp (2) for subject-related failures
+// When auto subject resolution is enabled, this allows pipeline calls with gh attestation
+// sigstore bundle generation to skip command execution without breaking a pipeline
+func (c *createEvidenceCustom) newSubjectError(message string) error {
+	if c.autoSubjectResolution {
+		return coreutils.CliError{
+			ExitCode: coreutils.ExitCodeFailNoOp,
+			ErrorMsg: message,
+		}
+	}
+	return errorutils.CheckErrorf(message)
+}
diff --git a/evidence/create/create_custom_test.go b/evidence/create/create_custom_test.go
@@ -8,6 +8,7 @@ import (
 	"testing"
 
 	"github.com/jfrog/jfrog-cli-core/v2/utils/config"
+	"github.com/jfrog/jfrog-cli-core/v2/utils/coreutils"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -212,3 +213,72 @@ func TestCreateEvidenceCustom_SigstoreBundleWithSubjectPath(t *testing.T) {
 	assert.Equal(t, bundlePath, custom.sigstoreBundlePath)
 	assert.Equal(t, "provided-repo/provided-artifact", custom.subjectRepoPath)
 }
+
+func TestCreateEvidenceCustom_NewSubjectError_AutoSubjectResolution(t *testing.T) {
+	serverDetails := &config.ServerDetails{
+		Url:         "https://test.jfrog.io",
+		User:        "test-user",
+		AccessToken: "test-token",
+	}
+
+	cmd := NewCreateEvidenceCustom(
+		serverDetails,
+		"predicate.json",
+		"https://example.com/predicate/v1",
+		"markdown.md",
+		"key.pem",
+		"key-alias",
+		"",
+		"abcd1234",
+		"/path/to/sigstore-bundle.json",
+		"test-provider",
+	)
+
+	custom, ok := cmd.(*createEvidenceCustom)
+	assert.True(t, ok, "cmd should be of type *createEvidenceCustom")
+
+	custom.autoSubjectResolution = true
+
+	testMessage := "Test error message"
+	err := custom.newSubjectError(testMessage)
+
+	assert.Error(t, err)
+	cliErr, ok := err.(coreutils.CliError)
+	assert.True(t, ok, "error should be of type CliError when autoSubjectResolution is enabled")
+	assert.Equal(t, coreutils.ExitCodeFailNoOp, cliErr.ExitCode, "should return exit code 2 (ExitCodeFailNoOp)")
+	assert.Equal(t, testMessage, cliErr.ErrorMsg, "error message should match")
+}
+
+func TestCreateEvidenceCustom_NewSubjectError_RegularExecution(t *testing.T) {
+	serverDetails := &config.ServerDetails{
+		Url:         "https://test.jfrog.io",
+		User:        "test-user",
+		AccessToken: "test-token",
+	}
+
+	cmd := NewCreateEvidenceCustom(
+		serverDetails,
+		"predicate.json",
+		"https://example.com/predicate/v1",
+		"markdown.md",
+		"key.pem",
+		"key-alias",
+		"test-repo/test-artifact",
+		"abcd1234",
+		"",
+		"test-provider",
+	)
+
+	custom, ok := cmd.(*createEvidenceCustom)
+	assert.True(t, ok, "cmd should be of type *createEvidenceCustom")
+
+	custom.autoSubjectResolution = false
+
+	testMessage := "Test error message"
+	err := custom.newSubjectError(testMessage)
+
+	assert.Error(t, err)
+	_, ok = err.(coreutils.CliError)
+	assert.False(t, ok, "error should not be of type CliError when autoSubjectResolution is disabled")
+	assert.Contains(t, err.Error(), testMessage, "error message should contain the test message")
+}
