Merge remote-tracking branch 'origin/add-email-for-secrets' into add-…

…email-for-secrets
jfrog · Aug 14, 2023 · d2492ac · d2492ac
2 parents f358a14 + 9628185
commit d2492ac
Show file tree

Hide file tree

Showing 4 changed files with 90 additions and 20 deletions.
diff --git a/commands/scanpullrequest/scanpullrequest_test.go b/commands/scanpullrequest/scanpullrequest_test.go
@@ -626,19 +626,19 @@ func createGitLabHandler(t *testing.T, projectName string) http.HandlerFunc {
 			assert.NoError(t, err)
 			return
 		// clean-test-proj should not include any vulnerabilities so assertion is not needed.
-		case r.RequestURI == fmt.Sprintf("/api/v4/projects/jfrog%s/merge_requests/1/notes", "%2Fclean-test-proj") && r.Method == http.MethodPost:
+		case r.RequestURI == fmt.Sprintf("/api/v4/projects/jfrog%s/merge_requests/133/notes", "%2Fclean-test-proj") && r.Method == http.MethodPost:
 			w.WriteHeader(http.StatusOK)
 			_, err := w.Write([]byte("{}"))
 			assert.NoError(t, err)
 			return
-		case r.RequestURI == fmt.Sprintf("/api/v4/projects/jfrog%s/merge_requests/1/notes", "%2Fclean-test-proj") && r.Method == http.MethodGet:
+		case r.RequestURI == fmt.Sprintf("/api/v4/projects/jfrog%s/merge_requests/133/notes", "%2Fclean-test-proj") && r.Method == http.MethodGet:
 			w.WriteHeader(http.StatusOK)
 			comments, err := os.ReadFile(filepath.Join("..", "commits.json"))
 			assert.NoError(t, err)
 			_, err = w.Write(comments)
 			assert.NoError(t, err)
 		// Return 200 when using the REST that creates the comment
-		case r.RequestURI == fmt.Sprintf("/api/v4/projects/jfrog%s/merge_requests/1/notes", "%2F"+projectName) && r.Method == http.MethodPost:
+		case r.RequestURI == fmt.Sprintf("/api/v4/projects/jfrog%s/merge_requests/133/notes", "%2F"+projectName) && r.Method == http.MethodPost:
 			buf := new(bytes.Buffer)
 			_, err := buf.ReadFrom(r.Body)
 			assert.NoError(t, err)
@@ -659,7 +659,7 @@ func createGitLabHandler(t *testing.T, projectName string) http.HandlerFunc {
 			w.WriteHeader(http.StatusOK)
 			_, err = w.Write([]byte("{}"))
 			assert.NoError(t, err)
-		case r.RequestURI == fmt.Sprintf("/api/v4/projects/jfrog%s/merge_requests/1/notes", "%2F"+projectName) && r.Method == http.MethodGet:
+		case r.RequestURI == fmt.Sprintf("/api/v4/projects/jfrog%s/merge_requests/133/notes", "%2F"+projectName) && r.Method == http.MethodGet:
 			w.WriteHeader(http.StatusOK)
 			comments, err := os.ReadFile(filepath.Join("..", "commits.json"))
 			assert.NoError(t, err)

diff --git a/commands/testdata/indirect-projects/go/go.sum b/commands/testdata/indirect-projects/go/go.sum
@@ -0,0 +1,33 @@
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI=
+github.com/gin-gonic/gin v1.7.3/go.mod h1:jD2toBW3GZUr5UMcdrwQA10I7RuaFOl/SGeDjXkfUtY=
+github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
+github.com/go-playground/locales v0.13.0/go.mod h1:taPMhCMXrRLJO55olJkUXHZBHCxTMfnGwq/HNwmWNS8=
+github.com/go-playground/universal-translator v0.17.0/go.mod h1:UkSxE5sNxxRwHyU+Scu5vgOQjsIJAF8j9muTVoKLVtA=
+github.com/go-playground/validator/v10 v10.4.1/go.mod h1:nlOn6nFhuKACm19sB/8EGNn9GlaMV7XkbRSipzJ0Ii4=
+github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/json-iterator/go v1.1.9/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
+github.com/leodido/go-urn v1.2.0/go.mod h1:+8+nEpDfqqsY+g338gtMEUOtuK+4dEMhiQEgxpxOKII=
+github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v0.0.0-20180701023420-4b7aa43c6742/go.mod h1:bx2lNnkwVCuqBIxFjflWJWanXIb3RllmbCylyMrvgv0=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
+github.com/ugorji/go v1.1.7/go.mod h1:kZn38zHttfInRq0xu/PH0az30d+z6vm202qpg1oXVMw=
+github.com/ugorji/go/codec v1.1.7/go.mod h1:Ax+UKWsSmolVDwsd+7N3ZtXu+yMGCf907BLYF3GoBXY=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
diff --git a/commands/utils/params.go b/commands/utils/params.go
@@ -244,14 +244,28 @@ func (g *Git) setDefaultsIfNeeded(gitParamsFromEnv *Git) (err error) {
 		}
 		g.RepoName = gitParamsFromEnv.RepoName
 	}
-	if len(g.Branches) == 0 && len(gitParamsFromEnv.Branches) == 0 {
-		var branch string
-		if branch, err = GetBranchFromDotGit(); err != nil {
-			return
+	if g.EmailAuthor == "" {
+		if g.EmailAuthor = getTrimmedEnv(GitEmailAuthorEnv); g.EmailAuthor == "" {
+			g.EmailAuthor = frogbotAuthorEmail
+		}
+	}
+	// When pull request ID is provided, no need to continue and extract unrelated env params.
+	isPullRequestContext := gitParamsFromEnv.PullRequestDetails.ID != 0
+	if isPullRequestContext {
+		return
+	}
+	// Continue to extract ScanRepository related env params
+	noBranchesProvidedViaConfig := len(g.Branches) == 0
+	noBranchesProvidedViaEnv := len(gitParamsFromEnv.Branches) == 0
+	if noBranchesProvidedViaConfig {
+		g.Branches = gitParamsFromEnv.Branches
+		if noBranchesProvidedViaEnv {
+			var branch string
+			if branch, err = GetBranchFromDotGit(); err != nil {
+				return
+			}
+			g.Branches = []string{branch}
 		}
-		g.Branches = append(g.Branches, branch)
-	} else if len(g.Branches) == 0 {
-		g.Branches = append(g.Branches, gitParamsFromEnv.Branches...)
 	}
 	if g.BranchNameTemplate == "" {
 		branchTemplate := getTrimmedEnv(BranchNameTemplateEnv)
@@ -271,11 +285,6 @@ func (g *Git) setDefaultsIfNeeded(gitParamsFromEnv *Git) (err error) {
 			return
 		}
 	}
-	if g.EmailAuthor == "" {
-		if g.EmailAuthor = getTrimmedEnv(GitEmailAuthorEnv); g.EmailAuthor == "" {
-			g.EmailAuthor = frogbotAuthorEmail
-		}
-	}
 	return
 }
 

diff --git a/commands/utils/params_test.go b/commands/utils/params_test.go
@@ -33,7 +33,9 @@ func TestExtractParamsFromEnvError(t *testing.T) {
 	assert.EqualError(t, err, "JF_USER and JF_PASSWORD or JF_ACCESS_TOKEN environment variables are missing")
 }
 
-func TestExtractParamsFromEnvPlatform(t *testing.T) {
+// Test extraction of env params in ScanPullRequest command
+// Pull request ID is not default, which mean we don't have branches related variables defined.
+func TestExtractParamsFromEnvPlatformScanPullRequest(t *testing.T) {
 	SetEnvAndAssert(t, map[string]string{
 		JFrogUrlEnv:         "http://127.0.0.1:8081",
 		JFrogUserEnv:        "admin",
@@ -42,12 +44,29 @@ func TestExtractParamsFromEnvPlatform(t *testing.T) {
 		GitRepoOwnerEnv:     "jfrog",
 		GitRepoEnv:          "frogbot",
 		GitTokenEnv:         "123456789",
-		GitBaseBranchEnv:    "dev",
 		GitPullRequestIDEnv: "1",
 	})
 	extractAndAssertParamsFromEnv(t, true, true)
 }
 
+// Test extraction in ScanRepository command
+// Pull request ID is default 0, which mean we will have branches related variables.
+func TestExtractParamsFromEnvPlatformScanRepository(t *testing.T) {
+	SetEnvAndAssert(t, map[string]string{
+		JFrogUrlEnv:              "http://127.0.0.1:8081",
+		JFrogUserEnv:             "admin",
+		JFrogPasswordEnv:         "password",
+		GitProvider:              string(BitbucketServer),
+		GitRepoOwnerEnv:          "jfrog",
+		GitRepoEnv:               "frogbot",
+		GitTokenEnv:              "123456789",
+		CommitMessageTemplateEnv: "my-custom-commit-template",
+		GitBaseBranchEnv:         "dev",
+		GitPullRequestIDEnv:      "0",
+	})
+	extractAndAssertParamsFromEnv(t, true, true)
+}
+
 func TestExtractParamsFromEnvArtifactoryXray(t *testing.T) {
 	SetEnvAndAssert(t, map[string]string{
 		JFrogUrlEnv:            "",
@@ -252,8 +271,15 @@ func extractAndAssertParamsFromEnv(t *testing.T, platformUrl, basicAuth bool) {
 		assert.Equal(t, "jfrog", configParams.RepoOwner)
 		assert.Equal(t, "frogbot", configParams.RepoName)
 		assert.Equal(t, "123456789", configParams.Token)
-		assert.Equal(t, "dev", configParams.Branches[0])
-		assert.Equal(t, int64(1), configParams.PullRequestDetails.ID)
+		// ScanRepository command context
+		if len(configParams.Branches) != 0 {
+			assert.Equal(t, "dev", configParams.Branches[0])
+			assert.Equal(t, int64(0), configParams.PullRequestDetails.ID)
+			assert.Equal(t, "my-custom-commit-template", configParams.Git.CommitMessageTemplate)
+		} else {
+			// ScanPullRequest context
+			assert.Equal(t, int64(1), configParams.PullRequestDetails.ID)
+		}
 	}
 }
 
@@ -311,6 +337,7 @@ func TestGenerateConfigAggregatorFromEnv(t *testing.T) {
 		FailOnSecurityIssuesEnv:      "false",
 		MinSeverityEnv:               "medium",
 		FixableOnlyEnv:               "true",
+		GitPullRequestIDEnv:          "0",
 	})
 	defer func() {
 		assert.NoError(t, SanitizeEnv())
@@ -461,6 +488,7 @@ func TestBuildMergedRepoAggregator(t *testing.T) {
 		CommitMessageTemplateEnv:     "commit-msg",
 		FailOnSecurityIssuesEnv:      "true",
 		jfrogWatchesEnv:              "watch-1,watch-2",
+		GitPullRequestIDEnv:          "0",
 	})
 	testFilePath := filepath.Join("..", "testdata", "config", "frogbot-config-test-params-merge.yml")
 	fileContent, err := os.ReadFile(testFilePath)