Warn on dependency-graph-submit failure

A common issue when submitting a dependency graph is that the required
'contents: write' permission is not set.
We now catch any dependency submission failure and inform the user to check
that the required permissions are available.
This commit is contained in:
daz 2023-09-30 08:37:51 -06:00
parent f92e7c3428
commit c3bdce8205
No known key found for this signature in database

View file

@ -4,6 +4,7 @@ import * as github from '@actions/github'
import * as glob from '@actions/glob' import * as glob from '@actions/glob'
import * as toolCache from '@actions/tool-cache' import * as toolCache from '@actions/tool-cache'
import {GitHub} from '@actions/github/lib/utils' import {GitHub} from '@actions/github/lib/utils'
import {RequestError} from '@octokit/request-error'
import type {PullRequestEvent} from '@octokit/webhooks-types' import type {PullRequestEvent} from '@octokit/webhooks-types'
import * as path from 'path' import * as path from 'path'
@ -70,9 +71,26 @@ async function downloadAndSubmitDependencyGraphs(): Promise<void> {
} }
async function submitDependencyGraphs(dependencyGraphFiles: string[]): Promise<void> { async function submitDependencyGraphs(dependencyGraphFiles: string[]): Promise<void> {
const octokit = getOctokit()
for (const jsonFile of dependencyGraphFiles) { for (const jsonFile of dependencyGraphFiles) {
try {
await submitDependencyGraphFile(jsonFile)
} catch (error) {
if (error instanceof RequestError) {
const relativeJsonFile = getRelativePathFromWorkspace(jsonFile)
core.warning(
`Failed to submit dependency graph ${relativeJsonFile}.\n` +
"Please ensure that the 'contents: write' permission is available for the workflow job.\n" +
"Note that this permission is never available for a 'pull_request' trigger from a repository fork."
)
} else {
throw error
}
}
}
}
async function submitDependencyGraphFile(jsonFile: string): Promise<void> {
const octokit = getOctokit()
const jsonContent = fs.readFileSync(jsonFile, 'utf8') const jsonContent = fs.readFileSync(jsonFile, 'utf8')
const jsonObject = JSON.parse(jsonContent) const jsonObject = JSON.parse(jsonContent)
@ -83,7 +101,6 @@ async function submitDependencyGraphs(dependencyGraphFiles: string[]): Promise<v
const relativeJsonFile = getRelativePathFromWorkspace(jsonFile) const relativeJsonFile = getRelativePathFromWorkspace(jsonFile)
core.notice(`Submitted ${relativeJsonFile}: ${response.data.message}`) core.notice(`Submitted ${relativeJsonFile}: ${response.data.message}`)
} }
}
async function retrieveDependencyGraphs(workspaceDirectory: string): Promise<string[]> { async function retrieveDependencyGraphs(workspaceDirectory: string): Promise<string[]> {
if (github.context.payload.workflow_run) { if (github.context.payload.workflow_run) {