reverted securityAlertsReview

mirooon · Feb 17, 2025 · 63f8cac · 63f8cac
1 parent f054af8
commit 63f8cac
Showing 1 changed file with 27 additions and 25 deletions.
diff --git a/.github/workflows/securityAlertsReview.yml b/.github/workflows/securityAlertsReview.yml
@@ -13,22 +13,6 @@ on:
     types:
       - ready_for_review
   workflow_dispatch:
-    inputs:
-      pr_number:
-        description: 'Pull Request number to review alerts for'
-        required: true
-      unresolved_alerts:
-        description: 'JSON string of unresolved alerts'
-        required: true
-      dismissed_alerts:
-        description: 'JSON string of dismissed alerts'
-        required: true
-      unresolved_count:
-        description: 'Count of unresolved alerts'
-        required: true
-      dismissed_count:
-        description: 'Count of dismissed alerts'
-        required: true
 
 jobs:
   check-security-alerts:
@@ -51,21 +35,39 @@ jobs:
           echo "PR_NUMBER=$PR_NUMBER" >> $GITHUB_ENV
           echo "PR number: $PR_NUMBER"
 
-      - name: Assign Inputs to Environment Variables
+      - name: Fetch Security Alerts for PR
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          echo "Assigning inputs to environment variables..."
-          echo "UNRESOLVED_ALERTS=${{ github.event.inputs.unresolved_alerts }}" >> $GITHUB_ENV
-          echo "DISMISSED_ALERTS=${{ github.event.inputs.dismissed_alerts }}" >> $GITHUB_ENV
-          echo "UNRESOLVED_COUNT=${{ github.event.inputs.unresolved_count }}" >> $GITHUB_ENV
-          echo "DISMISSED_COUNT=${{ github.event.inputs.dismissed_count }}" >> $GITHUB_ENV
+          echo "Fetching security alerts for PR #${PR_NUMBER}..."
+          
+          # Fetch security alerts via GitHub API
+          ALERTS=$(curl -s -H "Authorization: token ${GITHUB_TOKEN}" \
+            "https://api.github.com/repos/${{ github.repository }}/code-scanning/alerts?pr=${PR_NUMBER}")
 
-      - name: Debug Assigned Variables
-        run: |
+          # Log raw API response for debugging
+          echo "Raw API Response:"
+          echo "$ALERTS"
+
+          # Ensure valid JSON parsing; default to empty array if parsing fails
+          UNRESOLVED_ALERTS=$(echo "$ALERTS" | jq -c '[.[] | select(.state == "open") ]' || echo "[]")
+          DISMISSED_ALERTS=$(echo "$ALERTS" | jq -c '[.[] | select(.state == "dismissed" and (.dismissed_comment == null or .dismissed_comment == ""))]' || echo "[]")
+
+          UNRESOLVED_COUNT=$(echo "$UNRESOLVED_ALERTS" | jq -r 'length')
+          DISMISSED_COUNT=$(echo "$DISMISSED_ALERTS" | jq -r 'length')
+
+          # Output for debugging
           echo "UNRESOLVED_ALERTS: $UNRESOLVED_ALERTS"
           echo "DISMISSED_ALERTS: $DISMISSED_ALERTS"
           echo "UNRESOLVED_COUNT: $UNRESOLVED_COUNT"
           echo "DISMISSED_COUNT: $DISMISSED_COUNT"
 
+          # Save them properly in the environment as single-line JSON
+          echo "UNRESOLVED_ALERTS=$UNRESOLVED_ALERTS" >> $GITHUB_ENV
+          echo "DISMISSED_ALERTS=$DISMISSED_ALERTS" >> $GITHUB_ENV
+          echo "UNRESOLVED_COUNT=$UNRESOLVED_COUNT" >> $GITHUB_ENV
+          echo "DISMISSED_COUNT=$DISMISSED_COUNT" >> $GITHUB_ENV
+
 
       - name: Find Existing PR Comment
         id: find_comment
@@ -173,4 +175,4 @@ jobs:
             exit 1  # Fail the workflow
           fi
 
-          echo "✅ No security issues found. The workflow will pass successfully."
+          echo "✅ No security issues found. The workflow will pass successfully."