semverbot returns 'ok' even if git operation fails

[bvaughan-nexient]

semverbot returns exit code '0' even if the underlying git operation fails.

Steps to reproduce: 1 - use "read only" git identity to check out code 2 - run typical semverbot flow sbot release version sbot push version

Expected result: sbot will return an error code to parent shell

Actual result: sbot returns code '0'

Discussion: I am using semverbot in CI/CD pipeline (Azure DevOps Pipelines). While working to configure the pipelines, several of my repos did not have the expected permissions to allow the pipeline runner identity to be able to push tags back to the repo. The pipelines did not fail when the sbot push version command failed to actually push the tag back to the repo. Investigating this, I found that the sbot command was returning an exit code of '0' even when the git operation failed.

[shiouen]

hi @bvaughan-nexient thanks for sharing your findings, I'll have a look when I can, keep you posted.

[shiouen]

@bvaughan-nexient not sure if this is still relevant for you, but I just released a big feature towards logging, see https://github.com/restechnica/semverbot/releases/tag/v1.3.1. Verbosity has greatly improved and the git errors are now properly logged as well.

Could you post the logs of your pipeline after adding a --debug flag to all sbot calls?

[bvaughan-nexient]

I created a work-around where I would capture the stdout and stderr and do a simple grep for "error" in the output and make my workflow decisions based on that.

When I run with --debug, I see this:

16:23:26 DBG loading default config...
16:23:26 DBG loading config... path=.semverbot.toml
16:23:26 DBG configuring git...
16:23:26 DBG user.email=
16:23:26 DBG user.name=
16:23:26 DBG starting run... command=v1.push-version
16:23:26 DBG options default=0.0.0 prefix=
16:23:26 INF getting version...
16:23:26 INF 0.0.1
16:23:26 INF pushing version...
16:23:26 ERR error="command [git push origin 0.0.1] exited with exit status 128, output: \nremote: 001f# service=git-receive-pack\nremote: 0000000000aaTF401027: You need the Git '\''GenericContribute'\'' permission to perform this action. Details: identity '\''Build\\4dcbb1d7-46cb-45e3-9d4e-2a26e486433a'\'', scope '\''repository'\''.\nremote: TF401027: You need the Git '\''GenericContribute'\'' permission to perform this action. Details: identity '\''Build\\4dcbb1d7-46cb-45e3-9d4e-2a26e486433a'\'', scope '\''repository'\''.\nfatal: unable to access '\''[https://XXXXXXX.visualstudio.com/ZZZZZZZ/_git/bv-pipeline-testing/'\''](https://XXXXXXX.visualstudio.com/ZZZZZZZ/_git/bv-pipeline-testing/'/''): The requested URL returned error: 403\n"'

[ToneVDB]

It seems like you dont have credentials that have enough permissions. @shiouen is this maybe worth a test case?

[shiouen]

@bvaughan-nexient I'll try to replicate it and see where it goes wrong in the code - right now I am unsure why it still returns exit code 0, as the only path out of an error should result in exit code 1.

Glad you have been to work around the issue, but it should really return a non-zero exit code with your example.

On a side note, can I assume you hid user.email and user.name or did you configure them to be blank?

@ToneVDB what kind of test case do you have in mind?

[ToneVDB]

@shiouen can we in a test set credentials that have not enough permissions, but then test that the exit code should be non-zero/ non-success to cover this case?

[bvaughan-nexient]

On a side note, can I assume you hid user.email and user.name or did you configure them to be blank?

Yes -- I just hid those. They are configured.