search

oxsecurity / megalinter

🦙 MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues in your repository sources with a GitHub Action, other CI tools or locally.
https://megalinter.io
GNU Affero General Public License v3.0
1.89k stars 232 forks source link

Gitlab comment reporter broken #1213

Closed schorlton closed 2 years ago

schorlton commented 2 years ago

Hi @nvuillam,

Bumped our version to beta to fix https://github.com/megalinter/megalinter/issues/1207 Now hitting a Gitlab reporter error on the public Gitlab runners, which I suspect is related to this: https://github.com/megalinter/megalinter/commit/b1d22143d8b3c1ab128dcc7ecbd1bbe963cb060a

Traceback (most recent call last):
  File "/usr/local/lib/python3.9/site-packages/python_gitlab-3.1.0-py3.9.egg/gitlab/exceptions.py", line 311, in wrapped_f
    return f(*args, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/python_gitlab-3.1.0-py3.9.egg/gitlab/mixins.py", line 111, in get
    server_data = self.gitlab.http_get(path, **kwargs)
  File "/usr/local/lib/python3.9/site-packages/python_gitlab-3.1.0-py3.9.egg/gitlab/client.py", line 761, in http_get
    result = self.http_request(
  File "/usr/local/lib/python3.9/site-packages/python_gitlab-3.1.0-py3.9.egg/gitlab/client.py", line 727, in http_request
    raise gitlab.exceptions.GitlabHttpError(
gitlab.exceptions.GitlabHttpError: 404: 404 Project Not Found
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
  File "/usr/local/lib/python3.9/runpy.py", line 197, in _run_module_as_main
    return _run_code(code, main_globals, None,
  File "/usr/local/lib/python3.9/runpy.py", line 87, in _run_code
    exec(code, run_globals)
  File "/megalinter/run.py", line 15, in <module>
    linter.run()
  File "/megalinter/MegaLinter.py", line 171, in run
    reporter.produce_report()
  File "/megalinter/reporters/GitlabCommentReporter.py", line 56, in produce_report
    project = gl.projects.get(gitlab_project_id)
  File "/usr/local/lib/python3.9/site-packages/python_gitlab-3.1.0-py3.9.egg/gitlab/v4/objects/projects.py", line 813, in get
    return cast(Project, super().get(id=id, lazy=lazy, **kwargs))
  File "/usr/local/lib/python3.9/site-packages/python_gitlab-3.1.0-py3.9.egg/gitlab/exceptions.py", line 313, in wrapped_f
    raise error(e.error_message, e.response_code, e.response_body) from e
gitlab.exceptions.GitlabGetError: 404: 404 Project Not Found

Don't know if this is a known bug in the beta so figured I'd just report before release. Running: megalinter/megalinter@sha256:2f80b2d2911f281dbdc4a48ed76ab4c1fa21782190cc980853eb2b705819b7ad

Thanks for as always for your help!

nvuillam commented 2 years ago

What if you add LOG_LEVEL: DEBUG in your .mega-linter.yml file ?

Gitlab project Id is found using CI env var CI_PROJECT_ID, is it set ?

schorlton commented 2 years ago

I haven't changed any of the Gitlab default variables and am using the standard Gitlab template as per the docs. If I enable debugging, I see that my CI_PROJECT_ID is a large int. I have no idea if this is secure so I've simulated what it looks like in the log:

CI_PROJECT_ID=12345678

nvuillam commented 2 years ago

I'm on it :)

nvuillam commented 2 years ago

config-gitlab-access-token (2)

nvuillam commented 2 years ago

@schorlton meanwhile you can already follow these instructions to avoid the issue :) ( I assume you are on a private or self-hosted repo ^^ )

nvuillam commented 2 years ago

@schorlton should be ok wuth beta now :) ( if you add additional config)

schorlton commented 2 years ago

Thanks @nvuillam ! I see it's also now been released in 5.7.0 :partying_face: Just a question - is there any way to set this up without using my personal API token on a group project? I could create another account, but even then - giving it API access seems like a lot of permissions and I wonder if Gitlab has an intrinsic mechanism for things like this? (You've probably investigated)

nvuillam commented 2 years ago

@schorlton it is currently being released, so available in some dozens of minutes :)

Contrary to Github acctions, Gitlab CI architecture makes the current job token almost useless... so to post a comment on the MR, it requires a defined AccessToken

As it is defined in your team repository, it means that only members of your team can theoritically access it. If you select only "api" scope, it restricts what they could do with such token, but if it's more reassuring for you, you can create another Gitlab account :)

nvuillam commented 2 years ago

@schorlton maybe you can try with a project access token ? :) At least it would restrict the access to the current project ^^

https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html

schorlton commented 2 years ago

Cool, thanks!