Scanner breaks when invoked from branch commit/push

Question

Scanner breaks when invoked from branch commit/push

leojok-fluido opened this issue a year ago · comments

Run mitchspano/sfdx-scan-pull-request@v0.1.12
Beginning sfdx-scan-pull-request run...
Validating that this action was invoked from an acceptable context...
Getting difference within the pull request ... { baseRef: undefined, headRef: undefined }
fatal: ambiguous argument 'destination/undefined...origin/undefined': unknown revision or path not in the working tree.

Code index.ts sets pullRequest: context?.payload?.pull_request in line 70,
then line 223 breaks due to pullRequest being null/undefined:
const filePathToChangedLines = await getDiffInPullRequest(
pullRequest?.base?.ref,
pullRequest?.head?.ref,
pullRequest?.base?.repo?.clone_url
);

GHA yml

- name: Run SFDX Scanner
  uses: mitchspano/sfdx-scan-pull-request@v0.1.12
  with:
    pmdconfig: config/pmd-rules.xml
    target: $GITHUB_WORKSPACE/force-app/main/default/classes/*.cls
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Tried different variations of target such as:

force-app/main/default
force-app/main/default/classes
$GITHUB_WORKSPACE/force-app/main/default/classes/*.cls
$GITHUB_WORKSPACE/force-app/main/default/classes

Mitch Spano · Answer 1 · Wed Aug 09 2023 20:47:29 GMT+0800 (China Standard Time)

Thanks for checking out the action. Can you try updating to the latest version (0.1.14) and let me know if the issue persists?

Leo Jokinen · Answer 2 · Thu Aug 10 2023 14:26:55 GMT+0800 (China Standard Time)

@mitchspano : I have now switched to latest release version, getting the same result since code expects to found pullrequest.base/head.ref regardless is the target parameter passed or not when starting from branch commit/push:

Run mitchspano/sfdx-scan-pull-request@v0.1.14
Beginning sfdx-scan-pull-request run...
Validating that this action was invoked from an acceptable context...
Getting difference within the pull request ... { baseRef: undefined, headRef: undefined }
fatal: ambiguous argument 'destination/undefined...origin/undefined': unknown revision or path not in the working tree.

Mitch Spano · Answer 3 · Mon Aug 14 2023 00:28:57 GMT+0800 (China Standard Time)

I was able to track down the source of the issue and will be raising a PR and creating a new version soon.

I tested the fix by making the following class:

global without sharing class MyClass {
    public MyClass() {
    }

    global void foo(){
        String unused = 'I think this class has some issues...';
        for (Integer i=0; i<5; i++) {
            insert new Account(name = 'Acme '+ i);
        }
    }
}

And I executed the action with the following configuration:

- name: Run SFDX Scanner - Report findings as comments
  uses: mitchspano/sfdx-scan-pull-request@fixTargetDefinition
  with:
    severity-threshold: 4
    target: force-app/main/default/classes/*.cls
    strictly-enforced-rules: '[{ "engine": "pmd", "category": "Documentation", "rule": "ApexDoc" }]'
    custom-pmd-rules: '[{ "path": "target/pmd-rules-1.0.0.jar", "language": "apex"}]'
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

I also tested with report mode of comments and that is working as expected:

- name: Run SFDX Scanner - Report findings as comments
  uses: mitchspano/sfdx-scan-pull-request@fixTargetDefinition
  with:
    report-mode: comments
    severity-threshold: 4
    target: force-app/main/default/classes/*.cls
    strictly-enforced-rules: '[{ "engine": "pmd", "category": "Documentation", "rule": "ApexDoc" }]'
    custom-pmd-rules: '[{ "path": "target/pmd-rules-1.0.0.jar", "language": "apex"}]'
  env:
    GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

Leo Jokinen · Answer 4 · Mon Aug 14 2023 15:40:50 GMT+0800 (China Standard Time)

Thanks @mitchspano . Latest version was able to go further in case of commit/push to branch. However now I faced another limitation/feature that PMD found 1899 issues in current codebase and GitHub rejected the API call due to "Invalid request.\n\nNo more than 50 items are allowed; 1899 were supplied."

Error when creating check run: {
  "name": "HttpError",
  "status": 422,
  "response": {
  	"url": "https://api.github.com/repos/xxx/yyy/check-runs",
	"data": {
      "message": "Invalid request.\n\nNo more than 50 items are allowed; 1899 were supplied.",
      "documentation_url": "https://docs.github.com/rest/checks/runs#create-a-check-run"
    }
  }

One enhancement would be to post first 50 PMD issues to check-runs endpoint rather than the GHA step showing "false positive"?

Mitch Spano · Answer 5 · Mon Aug 14 2023 20:21:32 GMT+0800 (China Standard Time)

The potential to exhaust the GitHub REST API limit is a known issue documented in #6.

As a side note - the action was never really intended to scan the entire codebase; it was really meant to scan the contents of a pull request to assist with the code review process. Support for running on a commit with a specified target came later, but only exacerbated the REST API limit issue :/

At this point in time if you are looking to scan the entire codebase, I would recommend just running the sf scanner tool locally:

npm i @salesforce/cli -g
sf plugins:install @salesforce/sfdx-scanner
sf scanner:run --target "force-app/main/default/classes" > scannerFindings.txt

Leo Jokinen · Answer 6 · Mon Aug 14 2023 20:28:50 GMT+0800 (China Standard Time)

Thanks Mitch. I will then gonna use my own GHA plugin from the past, just release new version of it to have PMD 6.55:
https://github.com/marketplace/actions/pmd-salesforce-apex-code-analyzer-action
Benefit of scanning the whole project is to validate both uat and main branches being 100% valid as per PMD rules.

Will keep using your plugin only for pull requests.

Leo Jokinen · Answer 7 · Wed Aug 16 2023 17:20:49 GMT+0800 (China Standard Time)

@mitchspano : I have now upgraded my own GHA plugin into PMD 7.0.0-rc3.
Updated also readme with example to promote your action for pull-request apex validations.

https://github.com/marketplace/actions/pmd-salesforce-apex-code-analyzer-action