@@ -1088,6 +1088,46 @@ function policyIssueExists(flaw, duplicateDetectionData) {
10881088 return null ;
10891089}
10901090
1091+ // Helper function to process annotations and determine action (same logic as GitHub)
1092+ function processAnnotationsADO ( annotations ) {
1093+ if ( ! annotations || annotations . length === 0 ) {
1094+ return { action : 'none' , annotations : [ ] } ;
1095+ }
1096+
1097+ // Sort all annotations by created date (most recent first)
1098+ const sortedAnnotations = annotations . sort ( ( a , b ) => new Date ( b . created ) - new Date ( a . created ) ) ;
1099+
1100+ // Find the most recent APPROVED or REJECTED annotation (these take precedence)
1101+ const mostRecentApprovedOrRejected = sortedAnnotations . find ( ann =>
1102+ ann . action === 'APPROVED' || ann . action === 'REJECTED'
1103+ ) ;
1104+
1105+ // If we have an APPROVED or REJECTED annotation, use it to determine the action
1106+ if ( mostRecentApprovedOrRejected ) {
1107+ if ( mostRecentApprovedOrRejected . action === 'APPROVED' ) {
1108+ return {
1109+ action : 'close' ,
1110+ annotations : sortedAnnotations ,
1111+ mostRecent : mostRecentApprovedOrRejected
1112+ } ;
1113+ } else if ( mostRecentApprovedOrRejected . action === 'REJECTED' ) {
1114+ return {
1115+ action : 'reopen' ,
1116+ annotations : sortedAnnotations ,
1117+ mostRecent : mostRecentApprovedOrRejected
1118+ } ;
1119+ }
1120+ }
1121+
1122+ // If no APPROVED or REJECTED annotations, use the most recent annotation for update
1123+ const mostRecent = sortedAnnotations [ 0 ] ;
1124+ return {
1125+ action : 'update' ,
1126+ annotations : sortedAnnotations ,
1127+ mostRecent : mostRecent
1128+ } ;
1129+ }
1130+
10911131// ADO-specific pipeline flaws processing
10921132async function processPipelineFlawsADO ( adoPatchClient , adoOrg , adoProject , adoWorkItemType , flawData , params ) {
10931133 const { source_base_path_1, source_base_path_2, source_base_path_3, commit_hash, waitTime, fail_build, debug, existingWorkItems, processedFlawIds, duplicateDetectionData } = params ;
@@ -1277,9 +1317,12 @@ async function processPolicyFlawsADO(adoPatchClient, adoOrg, adoProject, adoWork
12771317 const workItemState = existingWorkItem . workItemState ;
12781318 const workItemId = existingWorkItem . workItemId ;
12791319
1320+ // Process annotations to determine action (same logic as GitHub)
1321+ const annotationResult = processAnnotationsADO ( annotations ) ;
1322+
12801323 // Check if flaw is mitigated (APPROVED status) - same logic as GitHub
12811324 if ( resolutionStatus === 'APPROVED' ) {
1282- if ( workItemState !== 'Closed' && workItemState !== 'Resolved' ) {
1325+ if ( workItemState !== 'Closed' && workItemState !== 'Resolved' && workItemState !== 'Done' ) {
12831326 console . log ( `Closing work item ${ workItemId } ${ flawId } ) ;
12841327 await closeWorkItem ( adoPatchClient , adoOrg , adoProject , workItemId , 'MITIGATED' , commit_hash , debug ) ;
12851328 closedCount ++ ;
@@ -1289,6 +1332,26 @@ async function processPolicyFlawsADO(adoPatchClient, adoOrg, adoProject, adoWork
12891332 }
12901333 }
12911334
1335+ // Handle annotation-based actions (reopen if rejected)
1336+ if ( annotationResult . action === 'reopen' ) {
1337+ console . log ( `Reopening work item ${ workItemId } ${ flawId } ) ;
1338+
1339+ // Reopen the work item if it's closed
1340+ if ( workItemState === 'Closed' || workItemState === 'Resolved' || workItemState === 'Done' ) {
1341+ await reopenWorkItem ( adoPatchClient , adoOrg , adoProject , workItemId , {
1342+ source_base_path_1,
1343+ source_base_path_2,
1344+ source_base_path_3,
1345+ commit_hash,
1346+ debug
1347+ } ) ;
1348+ reopenedCount ++ ;
1349+
1350+ // Wait between API calls to avoid rate limiting
1351+ await new Promise ( resolve => setTimeout ( resolve , waitTime * 1000 ) ) ;
1352+ }
1353+ }
1354+
12921355 // Update work item with mitigation annotations (if any)
12931356 if ( annotations . length > 0 ) {
12941357 console . log ( `Updating work item ${ workItemId } ${ annotations . length } ) ;
0 commit comments