Merge pull request #1529 from lindluni/lindluni/code-scanning-exclusion

fix: exclude errored code scanning analyses from migration

Author: jfine

RELEASENOTES.md

@@ -0,0 +1 @@
+* **Bug Fix:** `migrate-code-scanning-alerts` now excludes code scanning analyses that had processing errors on initial uploads, preventing the CLI from failing to continue when it encounters a failed SARIF retrieval because no SARIF exists. Skipped analyses are logged with their ID and error message.

src/Octoshift/Models/CodeScanningAnalysis.cs

@@ -6,5 +6,6 @@ public class CodeScanningAnalysis
         public string CommitSha { get; set; }
         public string CreatedAt { get; set; }
         public int Id { get; set; }
+        public string Error { get; set; }
     }
 }

src/Octoshift/Services/CodeScanningAlertService.cs

@@ -65,6 +65,13 @@ protected internal virtual async Task MigrateAnalyses(string sourceOrg, string s
         {
             analysisNumber++;
 
+            if (!string.IsNullOrEmpty(analysis.Error))
+            {
+                _log.LogWarning($"Skipping analysis with Id {analysis.Id} which failed to process in the source repository: {analysis.Error}");
+                _log.LogWarning("    This error is non-fatal and will not affect your migrated code-scanning alerts.");
+                continue;
+            }
+
             string sarifReport;
             try
             {

src/Octoshift/Services/GithubApi.cs

@@ -1237,6 +1237,7 @@ private static CodeScanningAnalysis BuildCodeScanningAnalysis(JToken codescan) =
             CommitSha = (string)codescan["commit_sha"],
             Ref = (string)codescan["ref"],
             CreatedAt = (string)codescan["created_at"],
+            Error = (string)codescan["error"],
         };
 
     private static CodeScanningAlert BuildCodeScanningAlert(JToken scanningAlert) =>

src/OctoshiftCLI.Tests/Octoshift/Services/CodeScanningAlertServiceTests.cs

@@ -315,6 +315,44 @@ public async Task MigrateAnalyses_Dry_Run_Does_Not_Upload_Sarif()
             Times.Never);
     }
 
+    [Fact]
+    public async Task MigrateAnalyses_Skips_Analyses_With_Error_And_Logs_Warning()
+    {
+        var validAnalysis = new CodeScanningAnalysis
+        {
+            Id = 111,
+            CreatedAt = "2022-03-30T00:00:00Z",
+            CommitSha = "valid_sha",
+            Ref = "refs/heads/main"
+        };
+        var errorAnalysis = new CodeScanningAnalysis
+        {
+            Id = 222,
+            CreatedAt = "2022-03-29T00:00:00Z",
+            CommitSha = "error_sha",
+            Ref = "refs/heads/main",
+            Error = "something went wrong"
+        };
+        var processingStatus = new SarifProcessingStatus
+        {
+            Status = SarifProcessingStatus.Complete,
+            Errors = Enumerable.Empty<string>()
+        };
+
+        _mockSourceGithubApi.Setup(x => x.GetCodeScanningAnalysisForRepository(SOURCE_ORG, SOURCE_REPO, "main")).ReturnsAsync(new[] { errorAnalysis, validAnalysis });
+        _mockTargetGithubApi.Setup(x => x.GetCodeScanningAnalysisForRepository(TARGET_ORG, TARGET_REPO, "main")).ReturnsAsync(Enumerable.Empty<CodeScanningAnalysis>());
+        _mockSourceGithubApi.Setup(x => x.GetSarifReport(SOURCE_ORG, SOURCE_REPO, validAnalysis.Id)).ReturnsAsync("SARIF");
+        _mockTargetGithubApi.Setup(x => x.UploadSarifReport(TARGET_ORG, TARGET_REPO, "SARIF", validAnalysis.CommitSha, validAnalysis.Ref)).ReturnsAsync("sarif-id");
+        _mockTargetGithubApi.Setup(x => x.GetSarifProcessingStatus(TARGET_ORG, TARGET_REPO, "sarif-id")).ReturnsAsync(processingStatus);
+
+        await _alertService.MigrateAnalyses(SOURCE_ORG, SOURCE_REPO, TARGET_ORG, TARGET_REPO, "main", false);
+
+        _mockOctoLogger.Verify(log => log.LogWarning($"Skipping analysis with Id {errorAnalysis.Id} which failed to process in the source repository: something went wrong"));
+        _mockOctoLogger.Verify(log => log.LogWarning("    This error is non-fatal and will not affect your migrated code-scanning alerts."));
+        _mockSourceGithubApi.Verify(x => x.GetSarifReport(SOURCE_ORG, SOURCE_REPO, errorAnalysis.Id), Times.Never);
+        _mockTargetGithubApi.Verify(x => x.UploadSarifReport(TARGET_ORG, TARGET_REPO, "SARIF", validAnalysis.CommitSha, validAnalysis.Ref), Times.Once);
+    }
+
     [Fact]
     public async Task MigrateAlerts_Matches_Dismissed_Alert_By_Last_Instance_And_Updates_Target()
     {

src/OctoshiftCLI.Tests/Octoshift/Services/GithubApiTests.cs

@@ -3068,6 +3068,49 @@ public async Task GetCodeScanningAnalysisForRepository_Returns_Analyses()
         scanResults.ElementAt(2).CreatedAt.Should().Be((string)expectedData["created_at"]);
     }
 
+    [Fact]
+    public async Task GetCodeScanningAnalysisForRepository_Includes_Analyses_With_Error()
+    {
+        // Arrange
+        const string url = $"https://api.github.com/repos/{GITHUB_ORG}/{GITHUB_REPO}/code-scanning/analyses?per_page=100&sort=created&direction=asc";
+
+        var validAnalysis = $@"
+                {{
+                    ""ref"": ""refs/heads/main"",
+                    ""commit_sha"": ""25cb837876685f98756d0c934ffe6cd09da570f8"",
+                    ""created_at"": ""2022-08-08T19:00:18Z"",
+                    ""id"": 38200197,
+                    ""error"": """"
+                }}
+            ";
+
+        var errorAnalysis = $@"
+                {{
+                    ""ref"": ""refs/heads/main"",
+                    ""commit_sha"": ""67f8626e1f3ca40e9678e1dcfc4f840009ffc260"",
+                    ""created_at"": ""2022-08-06T19:40:39Z"",
+                    ""id"": 38026365,
+                    ""error"": ""something went wrong""
+                }}
+            ";
+
+        var analyses = new List<JToken> { JToken.Parse(validAnalysis), JToken.Parse(errorAnalysis) };
+
+        _githubClientMock
+            .Setup(m => m.GetAllAsync(url, null))
+            .Returns(analyses.ToAsyncEnumerable());
+
+        // Act
+        var scanResults = await _githubApi.GetCodeScanningAnalysisForRepository(GITHUB_ORG, GITHUB_REPO);
+
+        // Assert
+        scanResults.Count().Should().Be(2);
+        scanResults.First().Id.Should().Be(38200197);
+        scanResults.First().Error.Should().BeEmpty();
+        scanResults.Last().Id.Should().Be(38026365);
+        scanResults.Last().Error.Should().Be("something went wrong");
+    }
+
     [Fact]
     public async Task GetCodeScanningAnalysisForRepository_Passes_Filtered_Branch_As_QueryString()
     {