Scan fails with version @v0.1.8
jbatt08 opened this issue · comments
The scanner is failing after starting to use v0.1.8.
Here's the log:
Beginning sfdx-scan-pull-request run...
Validating that this action was invoked from an acceptable context...
Getting difference within the pull request ... [ 'dev-uat', 'feature/CSE-1255-GuardrilesToPreventOverAllotment-PR2' ]
Getting existing comments using GitHub REST API...
(node:1956) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
Performing static code analysis on all of the files in the difference...
node:internal/errors:841
const err = new Error(message);
^
Error: Command failed: npx sfdx scanner:run --pmdconfig ruleset.xml --target force-app/main/default/classes/CSLeadsRESTControllerV2.cls --json
at checkExecSyncError (node:child_process:828:11)
at execSync (node:child_process:899:15)
at /home/runner/work/_actions/mitchspano/sfdx-scan-pull-request/main/dist/index.js:1:[7](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4467577726/jobs/7847218088?pr=5127#step:4:8)[8](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4467577726/jobs/7847218088?pr=5127#step:4:9)66
at Generator.next (<anonymous>)
at /home/runner/work/_actions/mitchspano/sfdx-scan-pull-request/main/dist/index.js:1:7631
at new Promise (<anonymous>)
at o (/home/runner/work/_actions/mitchspano/sfdx-scan-pull-request/main/dist/index.js:1:7378)
at cli (/home/runner/work/_actions/mitchspano/sfdx-scan-pull-request/main/dist/index.js:1:774[9](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4467577726/jobs/7847218088?pr=5127#step:4:10))
at /home/runner/work/_actions/mitchspano/sfdx-scan-pull-request/main/dist/index.js:1:8087 {
status: 1,
signal: null,
output: [
null,
Buffer(2670) [Uint8Array] [
123, [10](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4467577726/jobs/7847218088?pr=5127#step:4:11), 32, 32, 34, [11](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4467577726/jobs/7847218088?pr=5127#step:4:12)5, 116, 97, 116, 117, 115, 34,
58, 32, 49, 44, 10, 32, 32, 34, 110, 97, 109, 101,
34, 58, 32, 34, 34, 44, 10, 32, 32, 34, 109, 101,
115, 115, 97, 103, 101, 34, 58, 32, 34, 85, 110, 101,
[12](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4467577726/jobs/7847218088?pr=5127#step:4:13)0, 112, 101, 99, 116, 101, 100, 32, 97, 1[14](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4467577726/jobs/7847218088?pr=5127#step:4:15), 103, 117,
109, 101, 110, 116, 58, 32, 76, 97, 121, 111, 117, 116,
46, 108, 97, 121, 111, 117, 116, 45, 109, 101, 116, 97,
46, 120, 109, 108, 44, 102, 111, 114, 99, 101, 45, 97,
112, 112, 47, 109,
... 2570 more items
],
Buffer(0) [Uint8Array] []
],
pid: 1989,
stdout: Buffer(2670) [Uint8Array] [
123, 10, 32, 32, 34, 1[15](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4467577726/jobs/7847218088?pr=5127#step:4:16), 1[16](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4467577726/jobs/7847218088?pr=5127#step:4:17), 97, 116, 1[17](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4467577726/jobs/7847218088?pr=5127#step:4:18), 115, 34,
58, 32, 49, 44, 10, 32, 32, 34, 110, 97, 109, 101,
34, 58, 32, 34, 34, 44, 10, 32, 32, 34, 109, 101,
115, 115, 97, 103, 101, 34, 58, 32, 34, 85, 110, 101,
1[20](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4467577726/jobs/7847218088?pr=5127#step:4:21), 112, 101, 99, 116, 101, 100, 32, 97, 114, 103, 117,
109, 101, 110, 116, 58, 32, 76, 97, 1[21](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4467577726/jobs/7847218088?pr=5127#step:4:22), 111, 117, 116,
46, 108, 97, 121, 111, 117, 116, 45, 109, 101, 116, 97,
46, 120, 109, 108, 44, 102, 111, 114, 99, 101, 45, 97,
112, 112, 47, 109,
... [25](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4467577726/jobs/7847218088?pr=5127#step:4:26)70 more items
],
stderr: Buffer(0) [Uint8Array] []
}
Here's our yaml:
name: Static Analysis
on:
pull_request:
types: [opened, reopened, synchronize]
workflow_dispatch:
jobs:
analyze:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Install SFDX CLI and Scanner
run: |
npm install sfdx-cli
node_modules/sfdx-cli/bin/run plugins:install @salesforce/sfdx-scanner
- name: Run SFDX Scanner - Report findings as comments
uses: mitchspano/sfdx-scan-pull-request@main
with:
pmdconfig: ruleset.xml
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
Running this command locally didn't produce any errors:
sfdx scanner:run --pmdconfig ruleset.xml --target force-app/main/default/classes/CSLeadsRESTControllerV2.cls
And after reverting to v0.1.7, the scanner is working.
Thanks for raising this issue @jbatt08. We have experienced a similar issue yesterday and thought it was related to the concatenation of the target path. Your ability to run locally is interesting and makes me reconsider the target path hypothesis.
I will take a look at this issue and let you know what I find. For now, please continue with v0.1.7.
Thanks,
-Mitch
Hey @jbatt08, would you be able to try executing the action using npx
instead of node_modules
?
- name: Install SFDX CLI and Scanner
run: |
npm install sfdx-cli
node_modules/sfdx-cli/bin/run plugins:install @salesforce/sfdx-scanner
=>
- name: Install SFDX CLI and Scanner
run: |
npm install sfdx-cli
npx sfdx plugins:install @salesforce/sfdx-scanner
I believe this could be the cause of this issue. Let me know what you find.
Thanks!
Hey @mitchspano - changing to npx seems to have fixed the first issue, but now I'm seeing a new issue. Here's the log:
Run mitchspano/sfdx-scan-pull-request@main
Beginning sfdx-scan-pull-request run...
Validating that this action was invoked from an acceptable context...
Getting difference within the pull request ... [ 'dev-uat', 'feature/pipeline-inspection' ]
Getting existing comments using GitHub REST API...
(node:1989) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
Performing static code analysis on all of the files in the difference...
Filtering the findings to just the lines which are part of the pull request...
Writing comments using GitHub REST API...
No matching comment found, uploading new comment
Error while uploading comments! RequestError [HttpError]: invalid json response body at https://api.github.com/repos/BlueWaveFinanceGroup/SMP/pulls/5130/comments reason: Unexpected end of JSON input
at /home/runner/work/_actions/mitchspano/sfdx-scan-pull-request/main/dist/index.js:1:219184
at processTicksAndRejections (node:internal/process/task_queues:9[6](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4474329454/jobs/7862681695?pr=5130#step:4:7):5) {
status: 500,
request: {
method: 'POST',
url: 'https://api.github.com/repos/BlueWaveFinanceGroup/SMP/pulls/5130/comments',
headers: {
accept: 'application/vnd.github.v3+json',
'user-agent': 'octokit-action.js/4.0.4 octokit-core.js/4.0.4 Node.js/16.16.0 (linux; x64)',
authorization: 'token [REDACTED]',
'content-type': 'application/json; charset=utf-8'
},
body: '{"commit_id":"52591b82815b0a48bb53[7](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4474329454/jobs/7862681695?pr=5130#step:4:8)eab7740976[8](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4474329454/jobs/7862681695?pr=5130#step:4:9)fc[9](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4474329454/jobs/7862681695?pr=5130#step:4:10)0c7b7","path":"force-app/main/default/classes/APICredentialSelector.cls","start_line":6,"start_side":"RIGHT","side":"RIGHT","line":16,"body":"| Engine | Category | Rule | Severity | Type | Message | File |\\n | --- | --- | --- | --- | --- | --- | --- |\\n| pmd-custom | Documentation | ApexDoc | 3 | Warning | [Missing ApexDoc @description](https://pmd.github.io/pmd-6.54.0/pmd_rules_apex_documentation.html#apexdoc) | [force-app/main/default/classes/APICredentialSelector.cls](../tree/52591b82815b0a48bb537eab77409768fc90c7b7/force-app/main/default/classes/APICredentialSelector.cls) |"}',
request: { agent: [ProxyAgent], hook: [Function: bound bound register] }
}
}
node:internal/process/promises:279
triggerUncaughtException(err, true /* fromPromise */);
^
RequestError [HttpError]: invalid json response body at https://api.github.com/repos/BlueWaveFinanceGroup/SMP/pulls/5[13](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4474329454/jobs/7862681695?pr=5130#step:4:14)0/comments reason: Unexpected end of JSON input
at /home/runner/work/_actions/mitchspano/sfdx-scan-pull-request/main/dist/index.js:1:219184
at processTicksAndRejections (node:internal/process/task_queues:96:5) {
status: 500,
request: {
method: 'POST',
url: 'https://api.github.com/repos/BlueWaveFinanceGroup/SMP/pulls/5130/comments',
headers: {
accept: 'application/vnd.github.v3+json',
'user-agent': 'octokit-action.js/4.0.4 octokit-core.js/4.0.4 Node.js/16.16.0 (linux; x64)',
authorization: 'token [REDACTED]',
'content-type': 'application/json; charset=utf-8'
},
body: '{"commit_id":"52591b828[15](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4474329454/jobs/7862681695?pr=5130#step:4:16)b0a48bb537eab77409768fc90c7b7","path":"force-app/main/default/classes/APICredentialSelector.cls","start_line":6,"start_side":"RIGHT","side":"RIGHT","line":[16](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4474329454/jobs/7862681695?pr=5130#step:4:17),"body":"| Engine | Category | Rule | Severity | Type | Message | File |\\n | --- | --- | --- | --- | --- | --- | --- |\\n| pmd-custom | Documentation | ApexDoc | 3 | Warning | [Missing ApexDoc @description](https://pmd.github.io/pmd-6.54.0/pmd_rules_apex_documentation.html#apexdoc) | [force-app/main/default/classes/APICredentialSelector.cls](../tree/52591b82815b0a48bb537eab77409768fc90c7b7/force-app/main/default/classes/APICredentialSelector.cls) |"}',
request: {
agent: ProxyAgent { promisifiedCallback: [Function (anonymous)] },
hook: [Function: bound bound register]
}
}
}
Thanks for your help with this!
Interesting... This looks like it is trying to render the line
attribute as a hyperlink...? and the hyperlink is to the action's run?
"line":[16](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4474329454/jobs/7862681695?pr=5130#step:4:17)
The comments are generated in this function and I am not sure how this is actually getting translated to such.
Does v0.1.7 work on this pull requests?
Yes - v0.1.7 works.
What's odd to me is that the newer version is trying to write a comment for the APICredentialSelector.cls. This file isn't changed in the PR (but it is first alphabetically in our repo).
When I look at the log for v0.1.7, there aren't any comments to write (and there shouldn't be, no classes are changed in this PR):
I made a modification to the APICredentialSelector.cls and ran the scan again using the latest version and the error is different this time:
Beginning sfdx-scan-pull-request run...
Validating that this action was invoked from an acceptable context...
Getting difference within the pull request ... [ 'dev-uat', 'feature/pipeline-inspection' ]
Getting existing comments using GitHub REST API...
(node:1904) [DEP0005] DeprecationWarning: Buffer() is deprecated due to security and usability issues. Please use the Buffer.alloc(), Buffer.allocUnsafe(), or Buffer.from() methods instead.
(Use `node --trace-deprecation ...` to show where the warning was created)
Performing static code analysis on all of the files in the difference...
Filtering the findings to just the lines which are part of the pull request...
Writing comments using GitHub REST API...
No matching comment found, uploading new comment
Error while uploading comments! RequestError [HttpError]: Validation Failed: {"resource":"PullRequestReviewComment","code":"custom","field":"pull_request_review_thread.start_line","message":"pull_request_review_thread.start_line must be part of the same hunk as the line."}
at /home/runner/work/_actions/mitchspano/sfdx-scan-pull-request/main/dist/index.js:1:218911
at processTicksAndRejections (node:internal/process/task_queues:96:5) {
status: 422,
response: {
url: 'https://api.github.com/repos/BlueWaveFinanceGroup/SMP/pulls/5130/comments',
status: 422,
headers: {
'access-control-allow-origin': '*',
'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
connection: 'close',
'content-length': '349',
'content-security-policy': "default-src 'none'",
'content-type': 'application/json; charset=utf-8',
date: 'Tue, 21 Mar 2023 14:04:40 GMT',
'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
server: 'GitHub.com',
'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
vary: 'Accept-Encoding, Accept, X-Requested-With',
'x-content-type-options': 'nosniff',
'x-frame-options': 'deny',
'x-github-api-version-selected': '2022-11-28',
'x-github-media-type': 'github.v3; format=json',
'x-github-request-id': '0BC0:4[7](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4479889976/jobs/7874448585?pr=5130#step:4:8)[8](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4479889976/jobs/7874448585?pr=5130#step:4:9)0:446B588:8D03B8D:641[9](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4479889976/jobs/7874448585?pr=5130#step:4:10)B978',
'x-ratelimit-limit': '[10](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4479889976/jobs/7874448585?pr=5130#step:4:11)00',
'x-ratelimit-remaining': '997',
'x-ratelimit-reset': '1679410872',
'x-ratelimit-resource': 'core',
'x-ratelimit-used': '3',
'x-xss-protection': '0'
},
data: {
message: 'Validation Failed',
errors: [Array],
documentation_url: 'https://docs.github.com/rest/reference/pulls#create-a-review-comment-for-a-pull-request'
}
},
request: {
method: 'POST',
url: 'https://api.github.com/repos/BlueWaveFinanceGroup/SMP/pulls/5130/comments',
headers: {
accept: 'application/vnd.github.v3+json',
'user-agent': 'octokit-action.js/4.0.4 octokit-core.js/4.0.4 Node.js/16.16.0 (linux; x64)',
authorization: 'token [REDACTED]',
'content-type': 'application/json; charset=utf-8'
},
body: '{"commit_id":"7989e6c4761bfdc2e462b838d69f69cf399fcaef","path":"force-app/main/default/classes/APICredentialSelector.cls","start_line":6,"start_side":"RIGHT","side":"RIGHT","line":18,"body":"| Engine | Category | Rule | Severity | Type | Message | File |\\n | --- | --- | --- | --- | --- | --- | --- |\\n| pmd-custom | Documentation | ApexDoc | 3 | Warning | [Missing ApexDoc @description](https://pmd.github.io/pmd-6.54.0/pmd_rules_apex_documentation.html#apexdoc) | [force-app/main/default/classes/APICredentialSelector.cls](../tree/7989e6c4761bfdc2e462b838d69f69cf399fcaef/force-app/main/default/classes/APICredentialSelector.cls) |"}',
request: { agent: [ProxyAgent], hook: [Function: bound bound register] }
}
}
node:internal/process/promises:279
triggerUncaughtException(err, true /* fromPromise */);
^
RequestError [HttpError]: Validation Failed: {"resource":"PullRequestReviewComment","code":"custom","field":"pull_request_review_thread.start_line","message":"pull_request_review_thread.start_line must be part of the same hunk as the line."}
at /home/runner/work/_actions/mitchspano/sfdx-scan-pull-request/main/dist/index.js:1:2189[11](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4479889976/jobs/7874448585?pr=5130#step:4:12)
at processTicksAndRejections (node:internal/process/task_queues:96:5) {
status: 422,
response: {
url: 'https://api.github.com/repos/BlueWaveFinanceGroup/SMP/pulls/5[13](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4479889976/jobs/7874448585?pr=5130#step:4:14)0/comments',
status: 422,
headers: {
'access-control-allow-origin': '*',
'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
connection: 'close',
'content-length': '349',
'content-security-policy': "default-src 'none'",
'content-type': 'application/json; charset=utf-8',
date: 'Tue, 21 Mar 2023 [14](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4479889976/jobs/7874448585?pr=5130#step:4:15):04:40 GMT',
'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
server: 'GitHub.com',
'strict-transport-security': 'max-age=3[15](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4479889976/jobs/7874448585?pr=5130#step:4:16)36000; includeSubdomains; preload',
vary: 'Accept-Encoding, Accept, X-Requested-With',
'x-content-type-options': 'nosniff',
'x-frame-options': 'deny',
'x-github-api-version-selected': '2022-11-28',
'x-github-media-type': 'github.v3; format=json',
'x-github-request-id': '0BC0:4780:446B588:8D03B8D:6419B978',
'x-ratelimit-limit': '1000',
'x-ratelimit-remaining': '997',
'x-ratelimit-reset': '[16](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4479889976/jobs/7874448585?pr=5130#step:4:17)79410872',
'x-ratelimit-resource': 'core',
'x-ratelimit-used': '3',
'x-xss-protection': '0'
},
data: {
message: 'Validation Failed',
errors: [
{
resource: 'PullRequestReviewComment',
code: 'custom',
field: 'pull_request_review_thread.start_line',
message: 'pull_request_review_thread.start_line must be part of the same hunk as the line.'
}
],
documentation_url: 'https://docs.github.com/rest/reference/pulls#create-a-review-comment-for-a-pull-request'
}
},
request: {
method: 'POST',
url: 'https://api.github.com/repos/BlueWaveFinanceGroup/SMP/pulls/5130/comments',
headers: {
accept: 'application/vnd.github.v3+json',
'user-agent': 'octokit-action.js/4.0.4 octokit-core.js/4.0.4 Node.js/16.16.0 (linux; x64)',
authorization: 'token [REDACTED]',
'content-type': 'application/json; charset=utf-8'
},
body: '{"commit_id":"7989e6c4761bfdc2e462b838d69f69cf399fcaef","path":"force-app/main/default/classes/APICredentialSelector.cls","start_line":6,"start_side":"RIGHT","side":"RIGHT","line":[18](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4479889976/jobs/7874448585?pr=5130#step:4:19),"body":"| Engine | Category | Rule | Severity | Type | Message | File |\\n | --- | --- | --- | --- | --- | --- | --- |\\n| pmd-custom | Documentation | ApexDoc | 3 | Warning | [Missing ApexDoc @description](https://pmd.github.io/pmd-6.54.0/pmd_rules_apex_documentation.html#apexdoc) | [force-app/main/default/classes/APICredentialSelector.cls](../tree/7989e6c4761bfdc2e462b8[38](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4479889976/jobs/7874448585?pr=5130#step:4:39)d69f69cf[39](https://github.com/BlueWaveFinanceGroup/SMP/actions/runs/4479889976/jobs/7874448585?pr=5130#step:4:40)9fcaef/force-app/main/default/classes/APICredentialSelector.cls) |"}',
request: {
agent: ProxyAgent { promisifiedCallback: [Function (anonymous)] },
hook: [Function: bound bound register]
}
}
}
There is a lot of confusing stuff going on in these examples you have provided:
- Files outside of the scope of the pull request
- Incorrectly formatted line numbers
- Improper relationship between start and end lines
This one is really making me scratch my head - I don't know how these issues are possible to arise with the state of the action. Is it possible for you to share a screenshot of the pull request and the terminal output of the git diff
between the commit of the dev-uat
branch and the feature/pipeline-inspection
branch?
Sure. If it helps, the workflow we use is to create a feature branch out of main. We open PR's to merge the feature branch into dev-uat which is when the scanner runs.
Just to be safe, I made a new PR with only one file changed. Here's a screenshot of the changed files:
Here's a git diff between the sfdx-scan-test and dev-uat branch. Note that there are other files showing up because there are commits in dev-uat that aren't in the sfdx-scan-test branch. I didn't include all of these files in the screen shot - none of them are Apex classes.
I ran the scan again, this time receiving a different error. It looks like main has been updated with a new version which explains the different error. Here's the complete log:
logs_1343.zip
I also tried using v0.1.8 and encountered the same error as last time. Hope this helps - let me know if I can share anything else. Also, this isn't that urgent for us - we're doing fine using v0.1.7.
Hey there @jbatt08, I have resolved a lot of the scope issues with the previous 0.1.8 (which was deleted) and re-released a new v0.1.8 with improved logging, error handling, and scope identification. Let me know if you are able to use this new version.
Hey @mitchspano - I was able to try the new v0.1.8 and I think the issue is that the latest version of the action uses a two-dot git diff and it previously used three-dot diff (and some quirks in our git workflow).
If I create a feature branch from main, change a file and open a PR into a uat branch, the only difference I see in GitHub is that one file (plus the action change), because GitHub uses a three dot comparison:
.
If I run the three dot comparison, I see the same files:
But if I run a two dot comparison, I see more files:
The action uses the two dot comparison and files fails trying to write a comment to one of the files that shows up as changed in the two dot git diff:
If I create a feature branch out of our uat branch, change the same file and open a PR, I still see the same file change:
Hey @mitchspano - #43 fixed the issue. Thanks for your help with this, and for building and maintaining this action!