fix(fortifyExecuteScan): User assignment based on PR ownership (#3472)

* Debug PR user details * Check association * Change to login * Fix PR creator assignment * Improve docs * Fix test
2025-01-30 05:59:39 +02:00 · 2022-01-27 10:45:45 +01:00 · 2022-01-27 10:45:45 +01:00 · 01c6f1a66c
commit 01c6f1a66c
parent 6e139aee96
4 changed files with 11 additions and 9 deletions
--- a/cmd/fortifyExecuteScan.go
+++ b/cmd/fortifyExecuteScan.go
@ -164,6 +164,8 @@ func runFortifyScan(config fortifyExecuteScanOptions, sys fortify.System, utils
 			if len(prAuthor) > 0 && !piperutils.ContainsString(config.Assignees, prAuthor) {
 				log.Entry().Debugf("Determined PR Author '%v' for result assignment", prAuthor)
 				config.Assignees = append(config.Assignees, prAuthor)
+			} else {
+				log.Entry().Debugf("Unable to determine PR Author, using assignees: %v", config.Assignees)
 			}
 			pullRequestProjectName := fmt.Sprintf("PR-%v", prID)
 			err = sys.MergeProjectVersionStateOfPRIntoMaster(config.FprDownloadEndpoint, config.FprUploadEndpoint, project.ID, projectVersion.ID, pullRequestProjectName)
@ -964,19 +966,19 @@ func determinePullRequestMerge(config fortifyExecuteScanOptions) (string, string

 func determinePullRequestMergeGithub(ctx context.Context, config fortifyExecuteScanOptions, pullRequestServiceInstance pullRequestService) (string, string, error) {
 	number := "0"
-	email := ""
+	author := ""
 	options := github.PullRequestListOptions{State: "closed", Sort: "updated", Direction: "desc"}
 	prList, _, err := pullRequestServiceInstance.ListPullRequestsWithCommit(ctx, config.Owner, config.Repository, config.CommitID, &options)
 	if err == nil && prList != nil && len(prList) > 0 {
 		number = fmt.Sprintf("%v", prList[0].GetNumber())
-		if prList[0].User != nil && prList[0].User.Email != nil {
-			email = *(prList[0].User.Email)
+		if prList[0].GetUser() != nil {
+			author = prList[0].GetUser().GetLogin()
 		}
-		return number, email, nil
+		return number, author, nil
 	} else {
 		log.Entry().Infof("Unable to resolve PR via commit ID: %v", config.CommitID)
 	}
-	return number, email, err
+	return number, author, err
 }

 func appendToOptions(config *fortifyExecuteScanOptions, options []string, t map[string]string) []string {
--- a/cmd/fortifyExecuteScan_generated.go
+++ b/cmd/fortifyExecuteScan_generated.go
@ -248,7 +248,7 @@ Besides triggering a scan the step verifies the results after they have been upl

 func addFortifyExecuteScanFlags(cmd *cobra.Command, stepConfig *fortifyExecuteScanOptions) {
 	cmd.Flags().StringSliceVar(&stepConfig.AdditionalScanParameters, "additionalScanParameters", []string{}, "List of additional scan parameters to be used for Fortify sourceanalyzer command execution.")
-	cmd.Flags().StringSliceVar(&stepConfig.Assignees, "assignees", []string{``}, "Defines the assignees for the Github Issue created/updated with the results of the scan.")
+	cmd.Flags().StringSliceVar(&stepConfig.Assignees, "assignees", []string{``}, "Defines the assignees for the Github Issue created/updated with the results of the scan as a list of login names.")
 	cmd.Flags().StringVar(&stepConfig.AuthToken, "authToken", os.Getenv("PIPER_authToken"), "The FortifyToken to use for authentication")
 	cmd.Flags().StringSliceVar(&stepConfig.BuildDescriptorExcludeList, "buildDescriptorExcludeList", []string{`unit-tests/pom.xml`, `integration-tests/pom.xml`}, "List of build descriptors and therefore modules to exclude from the scan and assessment activities.")
 	cmd.Flags().StringVar(&stepConfig.CustomScanVersion, "customScanVersion", os.Getenv("PIPER_customScanVersion"), "Custom version of the Fortify project used as source.")
--- a/cmd/fortifyExecuteScan_test.go
+++ b/cmd/fortifyExecuteScan_test.go
@ -28,7 +28,7 @@ import (
 	"github.com/piper-validation/fortify-client-go/models"
 )

-const author string = "john.doe@dummy.com"
+const author string = "johnDoe178"

 type fortifyTestUtilsBundle struct {
 	*execRunnerMock
@ -281,7 +281,7 @@ type pullRequestServiceMock struct{}

 func (prService pullRequestServiceMock) ListPullRequestsWithCommit(ctx context.Context, owner, repo, sha string, opts *github.PullRequestListOptions) ([]*github.PullRequest, *github.Response, error) {
 	authorString := author
-	user := github.User{Email: &authorString}
+	user := github.User{Login: &authorString}
 	if owner == "A" {
 		result := 17
 		return []*github.PullRequest{{Number: &result, User: &user}}, &github.Response{}, nil
--- a/resources/metadata/fortifyExecuteScan.yaml
+++ b/resources/metadata/fortifyExecuteScan.yaml
@ -45,7 +45,7 @@ spec:
          - STAGES
          - STEPS
      - name: assignees
-        description: Defines the assignees for the Github Issue created/updated with the results of the scan.
+        description: Defines the assignees for the Github Issue created/updated with the results of the scan as a list of login names.
        scope:
          - PARAMETERS
          - STAGES