exit non zero if comments written

aquasecurity · Jan 19, 2022 · 98ff02e · 98ff02e
1 parent 35b8172
commit 98ff02e
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -43,6 +43,8 @@ There are a number of optional inputs that can be used in the `with:` block.
 
 **commenter_version** - the version of the commenter to use, defaults to `latest`
 
+**soft_fail_commenter** - set to `true` to to comment silently without breaking the build
+
 ### tfsec_vars
 
 `tfsec` provides an [extensive number of arguments](https://aquasecurity.github.io/tfsec/v0.63.1/getting-started/usage/) which can be passed through as in the example below;

diff --git a/action.yml b/action.yml
@@ -17,13 +17,17 @@ inputs:
     description: The version of tfsec to use, defaults to latest
     default: latest
   tfsec_args:
+    required: false
     description: |
       Space seperated args specified here will be added during tfsec execution.
       (eg. --force-all-dirs --verbose)
   commenter_version:
     required: false
     description: The version of the PR commenter code to run, defaults to latest
     default: latest
+  soft_fail_commenter:
+    required: false
+    description: If set to `true` will silently comment without breaking the build
 outputs:
   tfsec-return-code:
     description: "tfsec command return code"

diff --git a/cmd/commenter/commenter.go b/cmd/commenter/commenter.go
@@ -48,6 +48,7 @@ func main() {
 
 	var errMessages []string
 	workspacePath := fmt.Sprintf("%s/", os.Getenv("GITHUB_WORKSPACE"))
+	var validCommentWritten bool
 	for _, result := range results {
 		result.Range.Filename = strings.ReplaceAll(result.Range.Filename, workspacePath, "")
 		comment := generateErrorMessage(result)
@@ -57,13 +58,15 @@ func main() {
 			switch err.(type) {
 			case commenter.CommentAlreadyWrittenError:
 				fmt.Println("Comment already written so not writing")
+				validCommentWritten = true
 			case commenter.CommentNotValidError:
 				fmt.Printf("Comment not written [%s], not part of the current PR\n", result.Description)
 				continue
 			default:
 				errMessages = append(errMessages, err.Error())
 			}
 		} else {
+			validCommentWritten = true
 			fmt.Printf("Writing comment to %s:%d:%d", result.Range.Filename, result.Range.StartLine, result.Range.EndLine)
 		}
 	}
@@ -73,6 +76,13 @@ func main() {
 		for _, err := range errMessages {
 			fmt.Println(err)
 		}
+		os.Exit(1)
+	}
+	if validCommentWritten || len(errMessages) > 0 {
+		if softFail, ok := os.LookupEnv("INPUT_SOFT_FAIL_COMMENTER"); ok && strings.ToLower(softFail) == "true" {
+			return
+		}
+		os.Exit(1)
 	}
 }