synopsys-sig / detect-action

Apache License 2.0
28 stars 32 forks source link

Job fails when no `github-token` is given, but is still green. #25

Open JeroenKnoops opened 2 years ago

JeroenKnoops commented 2 years ago

Problem

When you don't provide a github-token, no scan is performed of the projects due to an error: UnhandledPromiseRejectionWarning: Error: Parameter token or opts.auth is required.

However, the job still remains green, giving you the impression the scan was correct.

Proposed solutions

There are two possible solutions:

1. Perform scan without github-token

When no github-token is given, perform the check anyway. The github-token is necessary to report back to the PR in RAPID mode, but that might not be something a project wants.

2. Mark job failed

When something went wrong in the execution, mark job failed.

Example log:

Run synopsys-sig/detect-action@v0.3.2
  with:
    scan-mode: INTELLIGENT
    detect-version: 7.13.2
    blackduck-url: ***
    blackduck-api-token: ***
    fail-on-all-policy-severities: false
    detect-trust-cert: TRUE
  env:
    JAVA_HOME: /__w/_tool/Java_Adopt_jdk/17.0.3
    DETECT_PROJECT_NAME: ***
    DETECT_PROJECT_VERSION_NAME: ***
    DETECT_RISK_REPORT_PDF: true
/bin/docker exec  5d553de311a5fefa99728e2682f33dacce sh -c "cat /etc/*release | grep ^ID"
(node:209) UnhandledPromiseRejectionWarning: Error: Parameter token or opts.auth is required
    at Object.getAuthString (/__w/_actions/synopsys-sig/detect-action/v0.3.2/webpack:/detect-action/node_modules/@actions/github/lib/internal/utils.js:26:1)
    at Object.getOctokitOptions (/__w/_actions/synopsys-sig/detect-action/v0.3.2/webpack:/detect-action/node_modules/@actions/github/lib/utils.js:47:1)
    at getOctokit (/__w/_actions/synopsys-sig/detect-action/v0.3.2/webpack:/detect-action/node_modules/@actions/github/lib/github.js:33:1)
    at /__w/_actions/synopsys-sig/detect-action/v0.3.2/webpack:/detect-action/lib/github/check.js:19:1
    at Generator.next (<anonymous>)
    at /__w/_actions/synopsys-sig/detect-action/v0.3.2/webpack:/detect-action/lib/github/check.js:8:1
    at new Promise (<anonymous>)
    at __webpack_modules__.7.__awaiter (/__w/_actions/synopsys-sig/detect-action/v0.3.2/webpack:/detect-action/lib/github/check.js:4:1)
    at createCheck (/__w/_actions/synopsys-sig/detect-action/v0.3.2/webpack:/detect-action/lib/github/check.js:18
    at /__w/_actions/synopsys-sig/detect-action/v0.3.2/webpack:/detect-action/lib/main.js:32:1
(node:)9) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag `--unhandled-rejections=strict` (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 2)
(node:209) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.
jcroall commented 2 years ago

Thanks @JeroenKnoops, this is nicely documented and we appreciate it! I will file a bug in our internal Jira for this.

raoganeshr commented 2 years ago

Similar issue for me:

Creating Black Duck Policy Check... (node:1169) UnhandledPromiseRejectionWarning: HttpError: You must authenticate via a GitHub App. at /__w/_actions/synopsys-sig/detect-action/v0.3.3/webpack:/detect-action/node_modules/@octokit/request/dist-node/index.js:86:1 at processTicksAndRejections (internal/process/task_queues.js:97:5) (node:1169) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag --unhandled-rejections=strict (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1) (node:1169) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

The action failed but it did not fail the step. This needs to fail the step if any internal error occurs.

jcroall commented 2 years ago

This is a good catch; we have filed this as SIGINT-118 and will make sure this cannot happen in the new synopsys-action.

sannki commented 2 years ago

We are getting the same issue. @jcroall

Creating Black Duck Policy Check... (node:3696107) UnhandledPromiseRejectionWarning: HttpError: You must authenticate via a GitHub App. at /home/tenant/github-action-runner/work/_actions/synopsys-sig/detect-action/v0.3.0/webpack:/detect-action/node_modules/@octokit/request/dist-node/index.js:86:1 at processTicksAndRejections (internal/process/task_queues.js:97:5) (node:3696107) UnhandledPromiseRejectionWarning: Unhandled promise rejection. This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). To terminate the node process on unhandled promise rejection, use the CLI flag --unhandled-rejections=strict (see https://nodejs.org/api/cli.html#cli_unhandled_rejections_mode). (rejection id: 1) (node:3696107) [DEP0018] DeprecationWarning: Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

Actions used: synopsys-sig/detect-action@v0.3.0

Have you found out a fix for this issue? If so let me know the fix for this version or the latest one!