bit of tidying up of the code

action.yml

@@ -11,8 +11,6 @@ inputs:
       Directory to run the action on, from the repo root.
       Default is . ( root of the repository)
     default: '.'
-  sarif_file:
-    description: The path to write the sarif report, defaults to tfsec.sarif
 outputs:
   tfsec-return-code:
     description: 'tfsec command return code'

cmd/commenter/commenter.go

@@ -8,7 +8,11 @@ import (
 func main() {
 	fmt.Println("Starting the github commenter...")
 
-	gc := newConnector()
+	gc, err := newConnector()
+	if err != nil {
+		fail(err)
+	}
+
 	files, err := gc.getPrFiles()
 	if err != nil {
 		fail(err)

cmd/commenter/connector.go

@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"encoding/json"
+	"errors"
 	"fmt"
 	"github.com/google/go-github/v32/github"
 	"golang.org/x/oauth2"
@@ -21,7 +22,13 @@ type githubConnector struct {
 	commitId string
 }
 
-func newConnector() *githubConnector {
+func newConnector() (*githubConnector, error) {
+
+	token := os.Getenv("INPUT_GITHUB_TOKEN")
+	if len(token) == 0 {
+		return nil, errors.New("the INPUT_GITHUB_TOKEN has not been set")
+	}
+
 	ctx := context.Background()
 	ts := oauth2.StaticTokenSource(
 		&oauth2.Token{AccessToken: os.Getenv("INPUT_GITHUB_TOKEN")},
@@ -38,7 +45,7 @@ func newConnector() *githubConnector {
 	owner := split[0]
 	repo := split[1]
 	commitId := os.Getenv("GITHUB_SHA")
-	prNo, err := getPrNumber()
+	prNo, err := extractPullRequestNumber()
 	if err != nil {
 		panic("unable to get the PR number, can't continue")
 	}
@@ -50,7 +57,7 @@ func newConnector() *githubConnector {
 		repo:     repo,
 		prNumber: prNo,
 		commitId: commitId,
-	}
+	}, nil
 }
 
 func (gc *githubConnector) getPrFiles() ([]*github.CommitFile, error) {
@@ -87,42 +94,38 @@ func (gc *githubConnector) commentOnPrResult(result *commentBlock, existingComme
 
 For more information, see https://tfsec.dev/docs/%s/%s/`, result.code, result.description, strings.ToLower(result.provider), result.code)
 
-	// check the commment isn't already there
 	for _, existingComment := range existingComments {
 		if errorMessage == existingComment {
+			// don't create the comment, its already there for this block
 			return
 		}
 	}
 
-	comment := createComment(result, errorMessage)
+	comment := buildComment(result, errorMessage)
 	fmt.Printf("%+v\n", comment)
 	_, _, err := gc.client.PullRequests.CreateComment(gc.ctx, gc.owner, gc.repo, gc.prNumber, comment)
 	if err != nil {
 		fmt.Println("Error occurred %s", err.Error())
 	}
 }
 
-func createComment(result *commentBlock, errorMessage string) *github.PullRequestComment {
-	if result.startLine == result.endLine {
-		return &github.PullRequestComment{
-			Line:     &result.startLine,
-			Path:     &result.fileName,
-			CommitID: &result.sha,
-			Body:     &errorMessage,
-			Position: &result.position,
-		}
+func buildComment(result *commentBlock, errorMessage string) *github.PullRequestComment {
+	comment := &github.PullRequestComment{
+		Line:     &result.startLine,
+		Path:     &result.fileName,
+		CommitID: &result.sha,
+		Body:     &errorMessage,
+		Position: &result.position,
 	}
-	return &github.PullRequestComment{
-		StartLine: &result.startLine,
-		Line:      &result.endLine,
-		Path:      &result.fileName,
-		CommitID:  &result.sha,
-		Body:      &errorMessage,
-		Position:  &result.position,
+
+	if result.startLine != result.endLine {
+		comment.StartLine = &result.startLine
+		comment.Line = &result.endLine
 	}
+	return comment
 }
 
-func getPrNumber() (int, error) {
+func extractPullRequestNumber() (int, error) {
 	file, err := ioutil.ReadFile("/github/workflow/event.json")
 	if err != nil {
 		return -1, err

cmd/commenter/resultsProcessor.go

@@ -12,8 +12,8 @@ import (
 	"strings"
 )
 
-var patchRegex, _ = regexp.Compile("^@@.*\\+(\\d+),(\\d+).+?@@")
-var commitRefRegex, _ = regexp.Compile(".+ref=(.+)")
+var patchRegex *regexp.Regexp
+var commitRefRegex *regexp.Regexp
 
 type commitFileInfo struct {
 	fileName  string
@@ -50,6 +50,20 @@ type result struct {
 	Severity        string      `json:"severity"`
 }
 
+func init() {
+	regex, err := regexp.Compile("^@@.*\\+(\\d+),(\\d+).+?@@")
+	if err != nil {
+		fail(err)
+	}
+	patchRegex = regex
+
+	regex, err = regexp.Compile(".+ref=(.+)")
+	if err != nil {
+		fail(err)
+	}
+	commitRefRegex = regex
+}
+
 func loadResultsFile() ([]*result, error) {
 	results := struct{ Results []*result }{}
 

entrypoint.sh

@@ -6,10 +6,8 @@ if [ -n "${GITHUB_WORKSPACE}" ]; then
   cd "${GITHUB_WORKSPACE}" || exit
 fi
 
-
-
 if ! tfsec --format=json "${INPUT_WORKING_DIRECTORY}" > results.json
 then
-  echo "tfsec errors occurred, running commenter "
+  echo "tfsec errors occurred, running commenter..."
   /commenter
 fi