When Frogbot Scan fails for any reason, no comment is added to PR

pru-qmir commented 2 days ago

Describe the bug

When Frogbot Scan fails for any reason, no comment is added to PR.

Current behavior

11:28:55 11:28:55 [Info] Running Frogbot "scan-pull-request" command 11:28:55 11:28:55 [Info] Scanning Pull Request #4 (from source branch: to target branch: ) 11:28:55 11:28:55 [Info] ----------------------------------------------------------- 11:28:55 11:28:55 [Info] xxxxxxxxxxxxxxxx repository downloaded successfully. Starting with repository extraction... 11:28:55 11:28:55 [Info] Extracted repository successfully 11:28:55 11:28:55 [Info] Scanning source branch... 11:28:55 11:28:55 [Info] Preforming 1 SCA scans: 11:28:55 [ 11:28:55 { 11:28:55 "Technology": "poetry", 11:28:55 "WorkingDirectory": "/tmp/jfrog.cli.temp.-1719588535-3386079605", 11:28:55 "Descriptors": [ 11:28:55 "/tmp/jfrog.cli.temp.-1719588535-3386079605/pyproject.toml" 11:28:55 ] 11:28:55 } 11:28:55 ] 11:28:55 11:28:55 [Info] Running SCA scan for poetry vulnerable dependencies in /tmp/jfrog.cli.temp.-1719588535-3386079605 directory... 11:28:55 11:28:55 [Info] Calculating Poetry dependencies... 11:29:08 11:29:06 [Info] Scanning 57 poetry dependencies... 11:29:08 11:29:06 [Info] Waiting for scan to complete on JFrog Xray... 11:29:13 11:29:12 [Info] xxxxxxxxxxxxxxxx repository downloaded successfully. Starting with repository extraction... 11:29:13 11:29:12 [Info] Extracted repository successfully 11:29:13 11:29:12 [Info] Scanning target branch... 11:29:13 11:29:12 [Info] Preforming 1 SCA scans: 11:29:13 [ 11:29:13 { 11:29:13 "Technology": "poetry", 11:29:13 "WorkingDirectory": "/tmp/jfrog.cli.temp.-1719588552-491394444", 11:29:13 "Descriptors": [ 11:29:13 "/tmp/jfrog.cli.temp.-1719588552-491394444/pyproject.toml" 11:29:13 ] 11:29:13 } 11:29:13 ] 11:29:13 11:29:12 [Info] Running SCA scan for poetry vulnerable dependencies in /tmp/jfrog.cli.temp.-1719588552-491394444 directory... 11:29:13 11:29:12 [Info] Calculating Poetry dependencies... 11:29:14 11:29:14 [Error] audit command in '/tmp/jfrog.cli.temp.-1719588552-491394444' failed: 11:29:14 failed while building 'poetry' dependency tree: 11:29:14 "poetry install" command failed: exit status 1 - Creating virtualenv docs-loader-iPgwi-HJ-py3.11 in /opt/jenkins/.cache/pypoetry/virtualenvs 11:29:14 Installing dependencies from lock file 11:29:14
11:29:14 pyproject.toml changed significantly since poetry.lock was last generated. Run poetry lock [--no-update] to fix the lock file. 11:29:14
11:29:14 [Pipeline] } 11:29:14 [Pipeline] // stage 11:29:14 [Pipeline] stage 11:29:14 [Pipeline] { (Declarative: Post Actions) 11:29:14 [Pipeline] cleanWs 11:29:14 [WS-CLEANUP] Deleting project workspace... 11:29:14 [WS-CLEANUP] Deferred wipeout is used... 11:29:15 [WS-CLEANUP] done 11:29:15 [Pipeline] } 11:29:15 [Pipeline] // stage 11:29:15 [Pipeline] } 11:29:15 [Pipeline] // withEnv 11:29:15 [Pipeline] } 11:29:15 [Pipeline] // withCredentials 11:29:15 [Pipeline] } 11:29:15 [Pipeline] // withEnv 11:29:15 [Pipeline] } 11:29:15 [Pipeline] // node 11:29:15 [Pipeline] End of Pipeline 11:29:15 ERROR: script returned exit code 1 11:29:16 Posting build status of com.atlassian.bitbucket.jenkins.internal.model.BitbucketBuildStatus@86456856 to XXXXXXXXXX for commit id [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] and ref 'refs/heads/master' 11:29:16 Finished: FAILURE

Reproduction steps

(Pull Request Scan) Env:**

Jenkins Pipeline
BitBucket Server
Project Technologies: Poetry (with a lock file that differs from toml file)

Expected behavior

If pull request is created, Jfrogbot SCAN results should be added as a comment to PR whether its Successful and/or Fails

If scan is successfull, PR is updated with results as comment -- Working
If the scan fails, PR should be updated stating Frogbot cannot scan with a error message -- Desired Behaviour

JFrog Frogbot version

Latest

Package manager info

pyproject.toml, poetry.lock

Git provider

Bitbucket Server

JFrog Frogbot configuration yaml file

No response

Operating system type and version

Linux

JFrog Xray version

Latest

attiasas commented 1 day ago

Hi @pru-qmir,

Thank you for using Frogbot!

As you can see from the log you shared:

11:29:14 [Error] audit command in '/tmp/jfrog.cli.temp.-1719588552-491394444' failed:
11:29:14 failed while building 'poetry' dependency tree:
11:29:14 "poetry install" command failed: exit status 1 - Creating virtualenv docs-loader-iPgwi-HJ-py3.11 in /opt/jenkins/.cache/pypoetry/virtualenvs

Your project has been detected as using poetry. Is this the correct technology you are using? When fetching the dependencies, we execute poetry install, and this command has failed:

11:29:14 "poetry install" command failed: exit status 1 - Creating virtualenv docs-loader-iPgwi-HJ-py3.11 in /opt/jenkins/.cache/pypoetry/virtualenvs

Can you execute poetry install on your project successfully?

gailazar300 commented 1 day ago

Thank you for your comment @pru-qmir For now, this is Frogbot's expected behavior, I'll pass it along and we'll look into adding it as a comment.

pru-qmir commented 21 hours ago

Can you execute poetry install on your project successfully?

Yes, poetry installs works -

when lock file is removed from the project
when force option is used to ignore lock file

I am thinking this will be a common scenario for multiple tech types that uses lock files. Frogbot should allow a force option that would ignore lock files if included in projects to minimize such errors.

Also, since we are using frogbot to scan all PR to provide our development teams this visibility. It will be helpful for development team to see if and why a frogbot scan fail for their PR as a PR comment as well.

From: Assaf Attias @.> Sent: Sunday, June 30, 2024 2:29:09 AM To: jfrog/frogbot @.> Cc: Qasim Mir @.>; Mention @.> Subject: Re: [jfrog/frogbot] When Frogbot Scan fails for any reason, no comment is added to PR (Issue #720)

Hi @pru-qmirhttps://github.com/pru-qmir,

Thank you for using Frogbot!

As you can see from the log you shared:

11:29:14 [Error] audit command in '/tmp/jfrog.cli.temp.-1719588552-491394444' failed: 11:29:14 failed while building 'poetry' dependency tree: 11:29:14 "poetry install" command failed: exit status 1 - Creating virtualenv docs-loader-iPgwi-HJ-py3.11 in /opt/jenkins/.cache/pypoetry/virtualenvs

Your project has been detected as using poetry. Is this the correct technology you are using? When fetching the dependencies, we execute poetry install, and this command has failed:

11:29:14 "poetry install" command failed: exit status 1 - Creating virtualenv docs-loader-iPgwi-HJ-py3.11 in /opt/jenkins/.cache/pypoetry/virtualenvs

Can you execute poetry install on your project successfully?

— Reply to this email directly, view it on GitHubhttps://github.com/jfrog/frogbot/issues/720#issuecomment-2198451529, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AR6G6UONF6JOIZM2XNRY6J3ZJ6QTBAVCNFSM6AAAAABKCFPLL6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOJYGQ2TCNJSHE. You are receiving this because you were mentioned.Message ID: @.***>

jfrog / frogbot