Warn on dependency-graph-submit failure
A common issue when submitting a dependency graph is that the required 'contents: write' permission is not set. We now catch any dependency submission failure and inform the user to check that the required permissions are available.
This commit is contained in:
		
							parent
							
								
									f92e7c3428
								
							
						
					
					
						commit
						c3bdce8205
					
				| @ -4,6 +4,7 @@ import * as github from '@actions/github' | |||||||
| import * as glob from '@actions/glob' | import * as glob from '@actions/glob' | ||||||
| import * as toolCache from '@actions/tool-cache' | import * as toolCache from '@actions/tool-cache' | ||||||
| import {GitHub} from '@actions/github/lib/utils' | import {GitHub} from '@actions/github/lib/utils' | ||||||
|  | import {RequestError} from '@octokit/request-error' | ||||||
| import type {PullRequestEvent} from '@octokit/webhooks-types' | import type {PullRequestEvent} from '@octokit/webhooks-types' | ||||||
| 
 | 
 | ||||||
| import * as path from 'path' | import * as path from 'path' | ||||||
| @ -70,21 +71,37 @@ async function downloadAndSubmitDependencyGraphs(): Promise<void> { | |||||||
| } | } | ||||||
| 
 | 
 | ||||||
| async function submitDependencyGraphs(dependencyGraphFiles: string[]): Promise<void> { | async function submitDependencyGraphs(dependencyGraphFiles: string[]): Promise<void> { | ||||||
|     const octokit = getOctokit() |  | ||||||
| 
 |  | ||||||
|     for (const jsonFile of dependencyGraphFiles) { |     for (const jsonFile of dependencyGraphFiles) { | ||||||
|         const jsonContent = fs.readFileSync(jsonFile, 'utf8') |         try { | ||||||
| 
 |             await submitDependencyGraphFile(jsonFile) | ||||||
|         const jsonObject = JSON.parse(jsonContent) |         } catch (error) { | ||||||
|         jsonObject.owner = github.context.repo.owner |             if (error instanceof RequestError) { | ||||||
|         jsonObject.repo = github.context.repo.repo |                 const relativeJsonFile = getRelativePathFromWorkspace(jsonFile) | ||||||
|         const response = await octokit.request('POST /repos/{owner}/{repo}/dependency-graph/snapshots', jsonObject) |                 core.warning( | ||||||
| 
 |                     `Failed to submit dependency graph ${relativeJsonFile}.\n` + | ||||||
|         const relativeJsonFile = getRelativePathFromWorkspace(jsonFile) |                         "Please ensure that the 'contents: write' permission is available for the workflow job.\n" + | ||||||
|         core.notice(`Submitted ${relativeJsonFile}: ${response.data.message}`) |                         "Note that this permission is never available for a 'pull_request' trigger from a repository fork." | ||||||
|  |                 ) | ||||||
|  |             } else { | ||||||
|  |                 throw error | ||||||
|  |             } | ||||||
|  |         } | ||||||
|     } |     } | ||||||
| } | } | ||||||
| 
 | 
 | ||||||
|  | async function submitDependencyGraphFile(jsonFile: string): Promise<void> { | ||||||
|  |     const octokit = getOctokit() | ||||||
|  |     const jsonContent = fs.readFileSync(jsonFile, 'utf8') | ||||||
|  | 
 | ||||||
|  |     const jsonObject = JSON.parse(jsonContent) | ||||||
|  |     jsonObject.owner = github.context.repo.owner | ||||||
|  |     jsonObject.repo = github.context.repo.repo | ||||||
|  |     const response = await octokit.request('POST /repos/{owner}/{repo}/dependency-graph/snapshots', jsonObject) | ||||||
|  | 
 | ||||||
|  |     const relativeJsonFile = getRelativePathFromWorkspace(jsonFile) | ||||||
|  |     core.notice(`Submitted ${relativeJsonFile}: ${response.data.message}`) | ||||||
|  | } | ||||||
|  | 
 | ||||||
| async function retrieveDependencyGraphs(workspaceDirectory: string): Promise<string[]> { | async function retrieveDependencyGraphs(workspaceDirectory: string): Promise<string[]> { | ||||||
|     if (github.context.payload.workflow_run) { |     if (github.context.payload.workflow_run) { | ||||||
|         return await retrieveDependencyGraphsForWorkflowRun(github.context.payload.workflow_run.id, workspaceDirectory) |         return await retrieveDependencyGraphsForWorkflowRun(github.context.payload.workflow_run.id, workspaceDirectory) | ||||||
|  | |||||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user