Error when pip-audit fails without creating /tmp/pip-audit-output.txt

[Khayet]

Hi,

I encountered the following error while using this action in one of my workflows:

Traceback (most recent call last):

File "/home/runner/work/_actions/pypa/gh-action-pip-audit/v1.0.5/action.py", line 138, in <module>

with open("/tmp/pip-audit-output.txt", "r") as io:

FileNotFoundError: [Errno 2] No such file or directory: '/tmp/pip-audit-output.txt'

Error: Process completed with exit code 1.

Looking at the code, we make the assumption that /tmp/pip-audit-output.txt exists whenever status.returncode != 0. Whenever pip-audit fails without creating a file, we get the above error which hides the original error returned by pip-audit (if it did return an error). https://github.com/pypa/gh-action-pip-audit/blob/main/action.py#L138

I have no insight into the pip-audit source, so I don't know what kinds of errors can occur. Maybe we should log stderr in case the subprocess fails?

Best regards

[woodruffw]

Thanks for the report!

Yeah, this is a known defect -- we need to be a little more cautious about our error expectations.

Are you able to share the requirements.txt or other input that produced the error? That would help us perform any underlying debugging necessary.

[Khayet]

No, unfortunately the requirements.txt is part of company code which I'm not allowed to share publicly. The error itself was transient, the workflow succeeded on a re-run.

[woodruffw]

No problem! Thanks again for reporting.

[jonas-lundqvist]

I just stumbled onto this issue: https://github.com/jonas-lundqvist/Electron-Cash/actions/runs/4151387785/jobs/7181672561

Turns out it was a copy/paste issue with duplicate requirements. Nevermind.

[tnytown]

Seems like we already log the raw pip-audit invocation output to the summary. We just need to not crash before that happens :)

[woodruffw]

We've cut a fix for this with 1.0.6. Thanks again for reporting!