fixes missing error handling, only building postgresql on tags

timbastin · timbastin · commit 0bd366fece48 · 2026-05-06T13:30:01.000+02:00
diff --git a/.github/workflows/devguard-scanner.yaml b/.github/workflows/devguard-scanner.yaml
@@ -121,7 +121,7 @@ jobs:
       devguard-token: ${{ secrets.DEVGUARD_TOKEN }}
 
   postgresql-pipeline:
-    if: github.event_name == 'workflow_dispatch' || startsWith(github.ref, 'refs/tags/') || github.ref == 'refs/heads/main'
+    if: github.event_name == 'workflow_dispatch' || startsWith(github.ref, 'refs/tags/')'
     uses: l3montree-dev/devguard-action/.github/workflows/full-nix.yml@nix
     permissions:
       contents: read
diff --git a/vulndb/vulndb_service.go b/vulndb/vulndb_service.go
@@ -541,13 +541,10 @@ func (s *VulnDBService) applyFromWorkingDir(ctx context.Context, tx pgx.Tx, work
 	if err != nil {
 		return fmt.Errorf("could not calculate integrity information: %w", err)
 	}
-	valid, err := validateIntegrityInformation(workingDir, integrityGroundTruth, localIntegrity)
+	err = validateIntegrityInformation(workingDir, integrityGroundTruth, localIntegrity)
 	if err != nil {
 		return fmt.Errorf("could not validate integrity: %w", err)
 	}
-	if !valid {
-		return nil
-	}
 	return nil
 }
 
@@ -787,25 +784,31 @@ type integrityInformation struct {
 	ImportTimestamp time.Time                   `json:"import_timestamp"`
 }
 
-func validateIntegrityInformation(workingDir string, groundTruth integrityInformation, localIntegrityInformation []tableIntegrityInformation) (bool, error) {
+func validateIntegrityInformation(workingDir string, groundTruth integrityInformation, localIntegrityInformation []tableIntegrityInformation) error {
+	didErr := false
 	for _, tableIntegrity := range localIntegrityInformation {
 		found := false
 		for _, tableGroundTruth := range groundTruth.TableIntegrity {
 			if tableGroundTruth.TableName == tableIntegrity.TableName {
 				if !tableIntegrity.isEqual(tableGroundTruth) {
 					slog.Error("invalid checksum when importing", "table", tableIntegrity.TableName, "expectedCount", tableGroundTruth.TotalCount, "actualCount", tableIntegrity.TotalCount, "expectedChecksum", fmt.Sprintf("%x", tableGroundTruth.Checksum), "actualChecksum", fmt.Sprintf("%x", tableIntegrity.Checksum))
-					return false, nil
+
+					didErr = true
 				} else {
 					found = true
 					break
 				}
 			}
 		}
 		if !found {
-			return false, fmt.Errorf("could not find integrity information for table %s", tableIntegrity.TableName)
+			return fmt.Errorf("could not find integrity information for table %s", tableIntegrity.TableName)
 		}
 	}
-	return true, nil
+	if didErr {
+		return fmt.Errorf("integrity validation failed for one or more tables when importing from %s", workingDir)
+	}
+
+	return nil
 }
 
 func calculateTotalIntegrityInformation(ctx context.Context, tx pgx.Tx) ([]tableIntegrityInformation, error) {
@@ -879,6 +882,7 @@ func calculateTotalIntegrityInformation(ctx context.Context, tx pgx.Tx) ([]table
 		UNION ALL SELECT table_name, row_count, checksum FROM malicious_affected_components_integrity
 	`
 
+	slog.Info("start calculating integrity information")
 	start := time.Now()
 	rows, err := tx.Query(ctx, query)
 	if err != nil {
@@ -897,7 +901,10 @@ func calculateTotalIntegrityInformation(ctx context.Context, tx pgx.Tx) ([]table
 	if err := rows.Err(); err != nil {
 		return nil, fmt.Errorf("could not read integrity rows: %w", err)
 	}
-	slog.Info("calculated integrity information", "tables", len(results), "time", time.Since(start))
+	slog.Info("finished calculating integrity information", "took", time.Since(start).Round(time.Millisecond))
+	for _, r := range results {
+		slog.Info("integrity", "table", r.TableName, "rows", r.TotalCount, "checksum", fmt.Sprintf("%x", r.Checksum))
+	}
 
 	return results, nil
 }

Original file line number	Diff line number	Diff line change
`@@ -541,13 +541,10 @@ func (s *VulnDBService) applyFromWorkingDir(ctx context.Context, tx pgx.Tx, work`
`541`	`541`	`if err != nil {`
`542`	`542`	`return fmt.Errorf("could not calculate integrity information: %w", err)`
`543`	`543`	`}`
`544`		`- valid, err := validateIntegrityInformation(workingDir, integrityGroundTruth, localIntegrity)`
	`544`	`+ err = validateIntegrityInformation(workingDir, integrityGroundTruth, localIntegrity)`
`545`	`545`	`if err != nil {`
`546`	`546`	`return fmt.Errorf("could not validate integrity: %w", err)`
`547`	`547`	`}`
`548`		`- if !valid {`
`549`		`- return nil`
`550`		`- }`
`551`	`548`	`return nil`
`552`	`549`	`}`
`553`	`550`
`@@ -787,25 +784,31 @@ type integrityInformation struct {`
`787`	`784`	ImportTimestamp time.Time `json:"import_timestamp"`
`788`	`785`	`}`
`789`	`786`
`790`		`-func validateIntegrityInformation(workingDir string, groundTruth integrityInformation, localIntegrityInformation []tableIntegrityInformation) (bool, error) {`
	`787`	`+func validateIntegrityInformation(workingDir string, groundTruth integrityInformation, localIntegrityInformation []tableIntegrityInformation) error {`
	`788`	`+ didErr := false`
`791`	`789`	`for _, tableIntegrity := range localIntegrityInformation {`
`792`	`790`	`found := false`
`793`	`791`	`for _, tableGroundTruth := range groundTruth.TableIntegrity {`
`794`	`792`	`if tableGroundTruth.TableName == tableIntegrity.TableName {`
`795`	`793`	`if !tableIntegrity.isEqual(tableGroundTruth) {`
`796`	`794`	`slog.Error("invalid checksum when importing", "table", tableIntegrity.TableName, "expectedCount", tableGroundTruth.TotalCount, "actualCount", tableIntegrity.TotalCount, "expectedChecksum", fmt.Sprintf("%x", tableGroundTruth.Checksum), "actualChecksum", fmt.Sprintf("%x", tableIntegrity.Checksum))`
`797`		`- return false, nil`
	`795`	`+`
	`796`	`+ didErr = true`
`798`	`797`	`} else {`
`799`	`798`	`found = true`
`800`	`799`	`break`
`801`	`800`	`}`
`802`	`801`	`}`
`803`	`802`	`}`
`804`	`803`	`if !found {`
`805`		`- return false, fmt.Errorf("could not find integrity information for table %s", tableIntegrity.TableName)`
	`804`	`+ return fmt.Errorf("could not find integrity information for table %s", tableIntegrity.TableName)`
`806`	`805`	`}`
`807`	`806`	`}`
`808`		`- return true, nil`
	`807`	`+ if didErr {`
	`808`	`+ return fmt.Errorf("integrity validation failed for one or more tables when importing from %s", workingDir)`
	`809`	`+ }`
	`810`	`+`
	`811`	`+ return nil`
`809`	`812`	`}`
`810`	`813`
`811`	`814`	`func calculateTotalIntegrityInformation(ctx context.Context, tx pgx.Tx) ([]tableIntegrityInformation, error) {`
`@@ -879,6 +882,7 @@ func calculateTotalIntegrityInformation(ctx context.Context, tx pgx.Tx) ([]table`
`879`	`882`	`UNION ALL SELECT table_name, row_count, checksum FROM malicious_affected_components_integrity`
`880`	`883`	`
`881`	`884`
	`885`	`+ slog.Info("start calculating integrity information")`
`882`	`886`	`start := time.Now()`
`883`	`887`	`rows, err := tx.Query(ctx, query)`
`884`	`888`	`if err != nil {`
`@@ -897,7 +901,10 @@ func calculateTotalIntegrityInformation(ctx context.Context, tx pgx.Tx) ([]table`
`897`	`901`	`if err := rows.Err(); err != nil {`
`898`	`902`	`return nil, fmt.Errorf("could not read integrity rows: %w", err)`
`899`	`903`	`}`
`900`		`- slog.Info("calculated integrity information", "tables", len(results), "time", time.Since(start))`
	`904`	`+ slog.Info("finished calculating integrity information", "took", time.Since(start).Round(time.Millisecond))`
	`905`	`+ for _, r := range results {`
	`906`	`+ slog.Info("integrity", "table", r.TableName, "rows", r.TotalCount, "checksum", fmt.Sprintf("%x", r.Checksum))`
	`907`	`+ }`
`901`	`908`
`902`	`909`	`return results, nil`
`903`	`910`	`}`