Merge pull request #26 from devopsabcs-engineering/feature/2111-fix-scan-all-resilience

fix(workflows): add retry logic and guard SARIF upload in scan-all Fixes AB#2111

Author: emmanuelknafo

.github/workflows/scan-all.yml

@@ -37,24 +37,36 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Run accessibility scan - ${{ matrix.siteName }}
+        id: scan
         run: |
           mkdir -p results
-          HTTP_STATUS=$(curl -s -o results/${{ matrix.siteName }}.sarif -w "%{http_code}" \
-            -X POST "${{ env.SCANNER_BASE_URL }}/api/ci/scan" \
-            -H "Content-Type: application/json" \
-            -d '{"url": "${{ matrix.siteUrl }}", "format": "sarif"}' \
-            --max-time 120)
+          for attempt in 1 2 3; do
+            HTTP_STATUS=$(curl -s -o results/${{ matrix.siteName }}.sarif -w "%{http_code}" \
+              -X POST "${{ env.SCANNER_BASE_URL }}/api/ci/scan" \
+              -H "Content-Type: application/json" \
+              -d '{"url": "${{ matrix.siteUrl }}", "format": "sarif"}' \
+              --max-time 120)
 
-          echo "HTTP status: $HTTP_STATUS"
+            echo "Attempt $attempt - HTTP status: $HTTP_STATUS"
 
-          if [ "$HTTP_STATUS" -ne 200 ]; then
-            echo "::error::Scan failed for ${{ matrix.siteUrl }} (HTTP $HTTP_STATUS)"
-            cat results/${{ matrix.siteName }}.sarif
-            exit 1
-          fi
+            if [ "$HTTP_STATUS" -eq 200 ]; then
+              echo "SARIF file written: results/${{ matrix.siteName }}.sarif"
+              echo "File size: $(wc -c < results/${{ matrix.siteName }}.sarif) bytes"
+              echo "scan_ok=true" >> "$GITHUB_OUTPUT"
+              exit 0
+            fi
 
-          echo "SARIF file written: results/${{ matrix.siteName }}.sarif"
-          echo "File size: $(wc -c < results/${{ matrix.siteName }}.sarif) bytes"
+            echo "::warning::Scan attempt $attempt failed for ${{ matrix.siteUrl }} (HTTP $HTTP_STATUS)"
+            if [ "$attempt" -lt 3 ]; then
+              echo "Retrying in 30s..."
+              sleep 30
+            fi
+          done
+
+          echo "::error::Scan failed for ${{ matrix.siteUrl }} after 3 attempts (HTTP $HTTP_STATUS)"
+          cat results/${{ matrix.siteName }}.sarif
+          echo "scan_ok=false" >> "$GITHUB_OUTPUT"
+          exit 1
 
       - name: Upload SARIF artifact - ${{ matrix.siteName }}
         uses: actions/upload-artifact@v4
@@ -65,7 +77,7 @@ jobs:
 
       - name: Upload SARIF to GitHub Security - ${{ matrix.siteName }}
         uses: github/codeql-action/upload-sarif@v4
-        if: always()
+        if: steps.scan.outputs.scan_ok == 'true'
         with:
           sarif_file: results/${{ matrix.siteName }}.sarif
           category: a11y-${{ matrix.siteName }}