Thanks to visit codestin.com
Credit goes to github.com

Skip to content

feat: add flag to suppress "no package sources found" error #1943

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
another-rex merged 7 commits into from
Jun 13, 2025
Merged

feat: add flag to suppress "no package sources found" error #1943

another-rex merged 7 commits into from
Jun 13, 2025

Conversation

@G-Rath
Copy link
Collaborator

@G-Rath G-Rath commented Jun 12, 2025

Currently we always consider it an error if the scanner does not find any supported files to scan as we assume in most cases it's expected the scanner will be check something and this avoids thinking that there are no vulnerabilities.

While this is a reasonable assumption for the default behaviour, it's annoying for enterprise types that want to use the GitHub Actions action as a required "always on" action for every repository regardless of what they actually hold - to workaround this currently the action eats the 128 exit code, but that's not ideal as it introduces the risk we're trying to avoid by having the error in the first place.

To give more flexibility, I've introduced a new flag to the scanner so that users can explicitly signal they don't want "no lockfiles being found" to be treated as an error, and in turn letting us deprecate our existing exit code overriding workaround in the GHA action in favor of having this flag passed in

@G-Rath G-Rath requested review from another-rex, cuixq and hogo6002 June 12, 2025 22:56
@G-Rath G-Rath force-pushed the support-having-no-lockfiles branch from 308ad89 to fac7d0f Compare June 12, 2025 23:50
another-rex
another-rex approved these changes Jun 12, 2025
View reviewed changes
Copy link
Collaborator

@another-rex another-rex left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

@G-Rath G-Rath force-pushed the support-having-no-lockfiles branch from e566d08 to 27e8db6 Compare June 13, 2025 01:17
@codecov-commenter
Copy link

codecov-commenter commented Jun 13, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 65.57%. Comparing base (4a063f0) to head (f4067f3).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1943      +/-   ##
==========================================
- Coverage   65.58%   65.57%   -0.02%     
==========================================
  Files         167      167              
  Lines       16060    16071      +11     
==========================================
+ Hits        10533    10538       +5     
- Misses       4861     4868       +7     
+ Partials      666      665       -1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@G-Rath G-Rath force-pushed the support-having-no-lockfiles branch 4 times, most recently from f70035c to ecb8c7e Compare June 13, 2025 03:08
@G-Rath G-Rath force-pushed the support-having-no-lockfiles branch from ecb8c7e to f4067f3 Compare June 13, 2025 03:36
@another-rex another-rex enabled auto-merge (squash) June 13, 2025 03:37
@another-rex another-rex merged commit 5c42c66 into google:main Jun 13, 2025
15 of 16 checks passed
@another-rex another-rex deleted the support-having-no-lockfiles branch June 13, 2025 03:42
@G-Rath
Copy link
Collaborator Author

G-Rath commented Jun 13, 2025

@another-rex this is failing CI - I was still trying to sort the test suite out

@G-Rath G-Rath mentioned this pull request Jun 15, 2025
Closed
@BrewTestBot BrewTestBot mentioned this pull request Jun 16, 2025
Merged
@cuixq cuixq mentioned this pull request Jun 25, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@another-rex another-rex another-rex approved these changes

@cuixq cuixq Awaiting requested review from cuixq

+1 more reviewer

@hogo6002 hogo6002 hogo6002 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@G-Rath @codecov-commenter @hogo6002 @another-rex