search

oxsecurity / megalinter

🦙 MegaLinter analyzes 50 languages, 22 formats, 21 tooling formats, excessive copy-pastes, spelling mistakes and security issues in your repository sources with a GitHub Action, other CI tools or locally.
https://megalinter.io
GNU Affero General Public License v3.0
1.89k stars 227 forks source link

npm-groovy-lint failing with Unexpected error: console.warning is not a function #3039

Closed tylervz closed 11 months ago

tylervz commented 11 months ago

Describe the bug In the GitHub actions workflow, npm-groovy-lint is failing with the message Unexpected error: console.warning is not a function. I first noticed this issue happening on October 20, 2023.

------------------------------------ MegaLinter, by OX Security ------------------------------------
----------------------------------------------------------------------------------------------------
 - Image Creation Date: 2023-08-09T22:49:16Z
 - Image Revision: fda6ac3a38be0e969820709ac16e442464e5a035
 - Image Version: v7.3.0
----------------------------------------------------------------------------------------------------
The MegaLinter documentation can be found at:
 - https://megalinter.io/7.3.0
----------------------------------------------------------------------------------------------------
MegaLinter initialization (expand for details)
MegaLinter now collects the files to analyse (expand for details)
Processing linters on [2] parallel cores…
✅ Linted [REPOSITORY] files with [grype]: Found 1 non blocking error(s) - (14.17s) (expand for details)
✅ Linted [REPOSITORY] files with [trivy] successfully - (9.[41](https://github.com/hypercision/traininghub/actions/runs/6592623702/job/17913789201#step:7:42)s) (expand for details)
✅ Linted [REPOSITORY] files with [trivy-sbom] successfully - (1.76s) (expand for details)
✅ Linted [EDITORCONFIG] files with [editorconfig-checker] successfully - (0.[43](https://github.com/hypercision/traininghub/actions/runs/6592623702/job/17913789201#step:7:44)s) (expand for details)
✅ Linted [REPOSITORY] files with [kics] successfully - (37.92s) (expand for details)
✅ Linted [REPOSITORY] files with [dustilock] successfully - (1.26s) (expand for details)
❌ Linted [GROOVY] files with [npm-groovy-lint]: Found 1 error(s) - (38.08s) (expand for details)
  - Using [npm-groovy-lint v11.1.1] https://megalinter.io/7.3.0/descriptors/groovy_npm_groovy_lint
  - MegaLinter key: [GROOVY_NPM_GROOVY_LINT]
  - Rules config: [/github/workspace/.groovylintrc.json]
  - Number of files analyzed: [50]
  --Error detail:
  Unexpected error: console.warning is not a function
  TypeError: console.warning is not a function
      at collectDisabledBlocks (/node-deps/node_modules/npm-groovy-lint/lib/filter.js:26:25)
      at parseCodeNarcResult (/node-deps/node_modules/npm-groovy-lint/lib/codenarc-factory.js:288:36)
      at async NpmGroovyLint.postProcess (/node-deps/node_modules/npm-groovy-lint/lib/groovy-lint.js:276:31)
      at async NpmGroovyLint.run (/node-deps/node_modules/npm-groovy-lint/lib/groovy-lint.js:68:13)
      at async /node-deps/node_modules/npm-groovy-lint/lib/index.js:12:9

To Reproduce Unfortunately, I can't provide a link to the private repository where the issue is happening and I haven't been able to pinpoint how to reproduce the error. I just wanted to open this issue in case anybody else was experiencing this and could add some additional context. Maybe in the next week or two I'll be able to reproduce the error in a public repository.

Re-running the workflow results in the same error. However, if I cherry pick the changes from the branch where the workflow is failing, and I commit on a new branch a subset of the changes to .groovy files, then sometimes the error does not occur (depending on the subset of changes committed).

Here's my .mega-linter.yml file:

---
# Configuration file for MegaLinter
# See all available variables at https://oxsecurity.github.io/megalinter/configuration/ and in linters documentation

# ENABLE: # If you use ENABLE variable, all other languages/formats/tooling-formats will be disabled by default
# ENABLE_LINTERS: # If you use ENABLE_LINTERS variable, all other linters will be disabled by default
DISABLE:
  - COPYPASTE # Disable checks of excessive copy-pastes
  - SPELL # Disable checks of spelling mistakes
DISABLE_LINTERS:
  [
    JAVASCRIPT_STANDARD,
    MARKDOWN_MARKDOWN_LINK_CHECK,
    MARKDOWN_MARKDOWN_TABLE_FORMATTER,
    REPOSITORY_CHECKOV,
    REPOSITORY_DEVSKIM,
    REPOSITORY_SECRETLINT,
    REPOSITORY_TRUFFLEHOG,
    SQL_SQLFLUFF,
    SQL_TSQLLINT,
  ]
# GitLeaks is reporting errors for files in the OpenUI5 library code
DISABLE_ERRORS_LINTERS:
  [REPOSITORY_GITLEAKS, REPOSITORY_GRYPE, REPOSITORY_TRUFFLEHOG]
SHOW_ELAPSED_TIME: false
FILEIO_REPORTER: false
# DISABLE_ERRORS: true # Uncomment if you want MegaLinter to detect errors but not block CI to pass
# Exclude certain files from linting
# yamllint disable-line rule:line-length
FILTER_REGEX_EXCLUDE: "(CHANGELOG.md)|(.*.xcf)|(incorrect_json_files/invalid.json)|(src/main/resources/public/ui5/resources.*)|(gradlew)|(gradlew.bat)|(grailsw)|(grailsw.bat)|(.husky/.*)|(.*assets/javascripts/application.*js)|(.*assets/javascripts/bootstrap.*js)|(.*assets/javascripts/jquery.*js)|(.*assets/javascripts/popper.*js)|(.*assets/javascripts/paged.*js)|(.*stylesheets/normalize.css)|(.*bootstrap.*css)|(.*stylesheets/grails.css)|(.*stylesheets/errors.css)|(.*stylesheets/main.css)|(.*stylesheets/mobile.css)"
GROOVY_NPM_GROOVY_LINT_ARGUMENTS: ["--failon", "error"]
REPOSITORY_TRIVY_DISABLE_ERRORS: true

Here's the GH Actions workflow file:

---
# MegaLinter GitHub Action configuration file
# More info at https://oxsecurity.github.io/megalinter
name: MegaLinter

on: # yamllint disable-line rule:truthy
  # Trigger mega-linter at every push. Action will also be visible from Pull Requests to master
  push:
    branches-ignore: [master, deploy, updateCluster]
  pull_request:
    branches: [master, main]

env: # Comment env block if you do not want to apply fixes
  # Apply linter fixes configuration
  APPLY_FIXES: none # When active, APPLY_FIXES must also be defined as environment variable (in github/workflows/mega-linter.yml or other CI tool)
  APPLY_FIXES_EVENT: pull_request # Decide which event triggers application of fixes in a commit or a PR (pull_request, push, all)
  APPLY_FIXES_MODE: commit # If APPLY_FIXES is used, defines if the fixes are directly committed (commit) or posted in a PR (pull_request)

concurrency:
  group: ${{ github.ref }}-${{ github.workflow }}
  cancel-in-progress: true

jobs:
  build:
    name: MegaLinter
    runs-on: ubuntu-latest
    permissions:
      contents: read
      issues: write
      pull-requests: write
    steps:
      # Git Checkout
      - name: Checkout Code
        uses: actions/checkout@v3
        with:
          token: ${{ secrets.PAT || secrets.GITHUB_TOKEN }}
          fetch-depth: 0 # If you use VALIDATE_ALL_CODEBASE = true, you can remove this line to improve performances

      - name: Setup node
        uses: actions/setup-node@v3
        with:
          node-version: 18
          cache: npm
      # Install the npm dependencies
      - name: Install packages for Node
        run: npm install

      - name: List locally installed packages
        run: npm list --depth=0

      # MegaLinter
      - name: MegaLinter
        id: ml
        # You can override MegaLinter flavor used to have faster performances
        # More info at https://oxsecurity.github.io/megalinter/flavors/
        uses: oxsecurity/megalinter@v7
        env:
          # All available variables are described in documentation
          # https://oxsecurity.github.io/megalinter/configuration/
          VALIDATE_ALL_CODEBASE: false
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          # ADD YOUR CUSTOM ENV VARIABLES HERE TO OVERRIDE VALUES OF .mega-linter.yml AT THE ROOT OF YOUR REPOSITORY

      # MegaLinter for showing npm-groovy-lint warning and info logs
      - name: MegaLinter Warnings
        id: ml-warning
        uses: oxsecurity/megalinter@v7
        env:
          VALIDATE_ALL_CODEBASE: false
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
          LOG_FILE: mega-linter-warnings.log
          ENABLE_LINTERS: GROOVY_NPM_GROOVY_LINT
          # Flag to have the linter complete with exit code 0 even if errors were detected.
          GROOVY_NPM_GROOVY_LINT_DISABLE_ERRORS: true
          GROOVY_NPM_GROOVY_LINT_ARGUMENTS: "--failon info"

      # Upload MegaLinter artifacts
      - name: Archive production artifacts
        if: ${{ success() }} || ${{ failure() }}
        uses: actions/upload-artifact@v3
        with:
          name: MegaLinter reports
          path: |
            megalinter-reports
            mega-linter.log
            mega-linter-warnings.log

And here's my .groovylintrc.json

Expected behavior npm-groovy-lint should finish running and report any issues it discovered in the source code.

Additional context Our project has the eslint-plugin-qunit package listed under devDependencies in the package.json in our repository to enable additional rules for ESLint. In .eslintrc.yml, we have the following

extends: ["eslint:recommended", "plugin:qunit/recommended"]

In order to have the MegaLinter run ESLint with the "plugin:qunit/recommended" rules applied, I added the "Setup node" and "npm install" steps to our GH Actions workflow. Commenting out these steps does not seem to fix the issue I'm having with npm-groovy-lint.

nvuillam commented 11 months ago

npm-groovy-lint (whose i'm the author and maintainer) is in really bad shape, and I don't code in java/groovy for year so it's hard to find the time to make the fixes

But @stevenh is working on it, I have good hopes for a next nice working again version :)

tylervz commented 11 months ago

I discovered what Groovy code in my repository was causing npm-groovy-lint to behave that way in MegaLinter:

class ExampleService {

    /* groovylint-disable GrailsStatelessService, LineLength */

    /**
     * Here is a comment with some really long lines:
     * Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Augue interdum velit euismod .
     * Cras semper auctor neque vitae tempus quam. Duis ultricies lacus sed turpis. Purus semper eget duis at. Ac auctor augue mauris augue neque gravida in fermentum et.
     */
    /* groovylint-enable LineLength */

    ...
}

Changing it to the following solved the issue for me:

class ExampleService {

    /* groovylint-disable GrailsStatelessService */

    /* groovylint-disable LineLength */

    /**
     * Here is a comment with some really long lines:
     * Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Augue interdum velit euismod .
     * Cras semper auctor neque vitae tempus quam. Duis ultricies lacus sed turpis. Purus semper eget duis at. Ac auctor augue mauris augue neque gravida in fermentum et.
     */
    /* groovylint-enable LineLength */

    ...
}

@nvuillam do you want me to open an issue in npm-groovy-lint for displaying better error messaging when users do not adhere to one of the documented formats for disabling rules in source? Or would npm-groovy-lint normally have displayed a helpful warning/error message in this case if it were not due to npm-groovy-lint being in really bad shape (because it does not support modern Java and Node versions)?

Regardless, I'm going to close this issue since the mystery has been solved.