socket-cli/packages/cli/src/commands/ci/handle-ci.mts at f912ffff3f77525e8cfa1eb4741dba8b9eb75e33 · SocketDev/socket-cli · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import { debug, debugDir } from '@socketsecurity/lib/debug'
import { getDefaultLogger } from '@socketsecurity/lib/logger'

import { getDefaultOrgSlug } from './fetch-default-org-slug.mts'
import { REPORT_LEVEL_ERROR } from '../../constants/reporting.mts'
import {
  detectDefaultBranch,
  getRepoName,
  gitBranch,
} from '../../utils/git/operations.mjs'
import { serializeResultJson } from '../../utils/output/result-json.mjs'
import { handleCreateNewScan } from '../scan/handle-create-new-scan.mts'

export async function handleCi(autoManifest: boolean): Promise<void> {
  debug('Starting CI scan')
  debugDir({ autoManifest })

  const orgSlugCResult = await getDefaultOrgSlug()
  if (!orgSlugCResult.ok) {
    debug('Failed to get default org slug')
    debugDir({ orgSlugCResult })
    process.exitCode = orgSlugCResult.code ?? 1
    // Always assume json mode.
    getDefaultLogger().log(serializeResultJson(orgSlugCResult))
    return
  }

  const orgSlug = orgSlugCResult.data
  const cwd = process.cwd()
  const branchName = (await gitBranch(cwd)) || (await detectDefaultBranch(cwd))
  const repoName = await getRepoName(cwd)

  debug(`CI scan for ${orgSlug}/${repoName} on branch ${branchName}`)
  debugDir({ orgSlug, cwd, branchName, repoName })

  await handleCreateNewScan({
    autoManifest,
    branchName,
    commitMessage: '',
    commitHash: '',
    committers: '',
    cwd,
    defaultBranch: false,
    interactive: false,
    orgSlug,
    outputKind: 'json',
    // When 'pendingHead' is true, it requires 'branchName' set and 'tmp' false.
    pendingHead: true,
    pullRequest: 0,
    reach: {
      reachAnalysisTimeout: 0,
      reachAnalysisMemoryLimit: 0,
      reachDisableAnalytics: false,
      reachEcosystems: [],
      reachExcludePaths: [],
      reachMinSeverity: '',
      reachSkipCache: false,
      reachUseUnreachableFromPrecomputation: false,
      runReachabilityAnalysis: false,
    },
    repoName,
    readOnly: false,
    report: true,
    reportLevel: REPORT_LEVEL_ERROR,
    targets: ['.'],
    // Don't set 'tmp' when 'pendingHead' is true.
    tmp: false,
  })
}