-
Notifications
You must be signed in to change notification settings - Fork 75
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
When Frogbot Scan fails for any reason, no comment is added to PR #720
Comments
Hi @pru-qmir, Thank you for using Frogbot! As you can see from the log you shared:
Your project has been detected as using
Can you execute |
Thank you for your comment @pru-qmir |
Can you execute poetry install on your project successfully?
Yes, poetry installs works -
- when lock file is removed from the project
- when force option is used to ignore lock file
I am thinking this will be a common scenario for multiple tech types that uses lock files. Frogbot should allow a force option that would ignore lock files if included in projects to minimize such errors.
Also, since we are using frogbot to scan all PR to provide our development teams this visibility. It will be helpful for development team to see if and why a frogbot scan fail for their PR as a PR comment as well.
…________________________________
From: Assaf Attias ***@***.***>
Sent: Sunday, June 30, 2024 2:29:09 AM
To: jfrog/frogbot ***@***.***>
Cc: Qasim Mir ***@***.***>; Mention ***@***.***>
Subject: Re: [jfrog/frogbot] When Frogbot Scan fails for any reason, no comment is added to PR (Issue #720)
Hi @pru-qmir<https://github.com/pru-qmir>,
Thank you for using Frogbot!
As you can see from the log you shared:
11:29:14 [Error] audit command in '/tmp/jfrog.cli.temp.-1719588552-491394444' failed:
11:29:14 failed while building 'poetry' dependency tree:
11:29:14 "poetry install" command failed: exit status 1 - Creating virtualenv docs-loader-iPgwi-HJ-py3.11 in /opt/jenkins/.cache/pypoetry/virtualenvs
Your project has been detected as using poetry. Is this the correct technology you are using? When fetching the dependencies, we execute poetry install, and this command has failed:
11:29:14 "poetry install" command failed: exit status 1 - Creating virtualenv docs-loader-iPgwi-HJ-py3.11 in /opt/jenkins/.cache/pypoetry/virtualenvs
Can you execute poetry install on your project successfully?
—
Reply to this email directly, view it on GitHub<#720 (comment)>, or unsubscribe<https://github.com/notifications/unsubscribe-auth/AR6G6UONF6JOIZM2XNRY6J3ZJ6QTBAVCNFSM6AAAAABKCFPLL6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCOJYGQ2TCNJSHE>.
You are receiving this because you were mentioned.Message ID: ***@***.***>
|
Hello @pru-qmir As for your request - Frogbot does not currently support opening a PR if it failed at some point since we do not want to open empty PRs just to provide the failure reason (in scan-repository), and does not add a comment to an existing PR for about a failure in order to keep the PR clean as possible. For this you have the execution log. For more detailed log you can add to Frogbot's step in the CI the following env var: JFROG_CLI_LOG_LEVEL=DEBUG. Doing this will give you all the info you can have for this executions |
Describe the bug
When Frogbot Scan fails for any reason, no comment is added to PR.
Current behavior
11:28:55 11:28:55 [Info] Running Frogbot "scan-pull-request" command
11:28:55 11:28:55 [Info] Scanning Pull Request #4 (from source branch: to target branch: )
11:28:55 11:28:55 [Info] -----------------------------------------------------------
11:28:55 11:28:55 [Info] xxxxxxxxxxxxxxxx repository downloaded successfully. Starting with repository extraction...
11:28:55 11:28:55 [Info] Extracted repository successfully
11:28:55 11:28:55 [Info] Scanning source branch...
11:28:55 11:28:55 [Info] Preforming 1 SCA scans:
11:28:55 [
11:28:55 {
11:28:55 "Technology": "poetry",
11:28:55 "WorkingDirectory": "/tmp/jfrog.cli.temp.-1719588535-3386079605",
11:28:55 "Descriptors": [
11:28:55 "/tmp/jfrog.cli.temp.-1719588535-3386079605/pyproject.toml"
11:28:55 ]
11:28:55 }
11:28:55 ]
11:28:55 11:28:55 [Info] Running SCA scan for poetry vulnerable dependencies in /tmp/jfrog.cli.temp.-1719588535-3386079605 directory...
11:28:55 11:28:55 [Info] Calculating Poetry dependencies...
11:29:08 11:29:06 [Info] Scanning 57 poetry dependencies...
11:29:08 11:29:06 [Info] Waiting for scan to complete on JFrog Xray...
11:29:13 11:29:12 [Info] xxxxxxxxxxxxxxxx repository downloaded successfully. Starting with repository extraction...
11:29:13 11:29:12 [Info] Extracted repository successfully
11:29:13 11:29:12 [Info] Scanning target branch...
11:29:13 11:29:12 [Info] Preforming 1 SCA scans:
11:29:13 [
11:29:13 {
11:29:13 "Technology": "poetry",
11:29:13 "WorkingDirectory": "/tmp/jfrog.cli.temp.-1719588552-491394444",
11:29:13 "Descriptors": [
11:29:13 "/tmp/jfrog.cli.temp.-1719588552-491394444/pyproject.toml"
11:29:13 ]
11:29:13 }
11:29:13 ]
11:29:13 11:29:12 [Info] Running SCA scan for poetry vulnerable dependencies in /tmp/jfrog.cli.temp.-1719588552-491394444 directory...
11:29:13 11:29:12 [Info] Calculating Poetry dependencies...
11:29:14 11:29:14 [Error] audit command in '/tmp/jfrog.cli.temp.-1719588552-491394444' failed:
11:29:14 failed while building 'poetry' dependency tree:
11:29:14 "poetry install" command failed: exit status 1 - Creating virtualenv docs-loader-iPgwi-HJ-py3.11 in /opt/jenkins/.cache/pypoetry/virtualenvs
11:29:14 Installing dependencies from lock file
11:29:14
11:29:14 pyproject.toml changed significantly since poetry.lock was last generated. Run
poetry lock [--no-update]
to fix the lock file.11:29:14
11:29:14 [Pipeline] }
11:29:14 [Pipeline] // stage
11:29:14 [Pipeline] stage
11:29:14 [Pipeline] { (Declarative: Post Actions)
11:29:14 [Pipeline] cleanWs
11:29:14 [WS-CLEANUP] Deleting project workspace...
11:29:14 [WS-CLEANUP] Deferred wipeout is used...
11:29:15 [WS-CLEANUP] done
11:29:15 [Pipeline] }
11:29:15 [Pipeline] // stage
11:29:15 [Pipeline] }
11:29:15 [Pipeline] // withEnv
11:29:15 [Pipeline] }
11:29:15 [Pipeline] // withCredentials
11:29:15 [Pipeline] }
11:29:15 [Pipeline] // withEnv
11:29:15 [Pipeline] }
11:29:15 [Pipeline] // node
11:29:15 [Pipeline] End of Pipeline
11:29:15 ERROR: script returned exit code 1
11:29:16 Posting build status of com.atlassian.bitbucket.jenkins.internal.model.BitbucketBuildStatus@86456856 to XXXXXXXXXX for commit id [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] and ref 'refs/heads/master'
11:29:16 Finished: FAILURE
Reproduction steps
(Pull Request Scan) Env:**
Expected behavior
If pull request is created, Jfrogbot SCAN results should be added as a comment to PR whether its Successful and/or Fails
JFrog Frogbot version
Latest
Package manager info
pyproject.toml, poetry.lock
Git provider
Bitbucket Server
JFrog Frogbot configuration yaml file
No response
Operating system type and version
Linux
JFrog Xray version
Latest
The text was updated successfully, but these errors were encountered: