From 0221bc5c25de803eb6fa8922d0ca158125c7d89c Mon Sep 17 00:00:00 2001 From: Jeremy Dubreil Date: Thu, 27 Nov 2025 10:48:10 +0100 Subject: [PATCH] chore(COD-6066): remove unused autofix PR code --- src/tool.ts | 179 +--------------------------------------------------- 1 file changed, 1 insertion(+), 178 deletions(-) diff --git a/src/tool.ts b/src/tool.ts index ee217348..81935c53 100644 --- a/src/tool.ts +++ b/src/tool.ts @@ -1,183 +1,6 @@ import { endGroup, startGroup } from '@actions/core' -import { context } from '@actions/github' import { existsSync, readFileSync } from 'fs' -import { simpleGit, SimpleGitOptions } from 'simple-git' -import { getPrApi } from './actions' -import { LWJSON } from './lw-json' -import { - callLaceworkCli, - debug, - generateUILink, - getOptionalEnvVariable, - getRequiredEnvVariable, -} from './util' - -export function splitStringAtFirstSlash(inputString: string | undefined): [string, string] { - if (inputString != null) { - const [firstPart, secondPart] = inputString.split('/', 2) - return [firstPart, secondPart] - } - return ['', ''] -} - -export const options: Partial = { - baseDir: process.cwd(), - binary: 'git', - maxConcurrentProcesses: 6, - trimmed: false, -} - -export async function prForFixSuggestion( - jsonFile: string, - fixId: string, - repoOwner: string, - repoName: string, - telem: { - prsCounter: number - prsUpdated: number - errors: any[] - totalAPITime: number - } -) { - let newBranch: string = 'codesec/sca/' - - // git configuration - const git = simpleGit(options) - await git.addConfig('user.name', 'Lacework Code Security', false, 'global') - await git.addConfig('user.email', 'support@lacework.net', false, 'global') - - // get current branch - // trigger: on pr - let currBranch = getOptionalEnvVariable('GITHUB_HEAD_REF', '') - if (currBranch == '') { - // trigger: on push - currBranch = getRequiredEnvVariable('GITHUB_REF_NAME') - } - - newBranch += currBranch + '/' - - var patchReport = 'patchSummary.md' - - // create command to run on branch - var args = ['sca', 'patch', '.', '--sbom', jsonFile, '--fix-id', fixId, '-o', patchReport] - - // call patch command - await callLaceworkCli(...args) - - let patch = readFileSync(patchReport, 'utf-8') - // title is the first line of the patch summary - let titlePR = patch.split('\n')[0].substring(2) - newBranch += titlePR.split('bump ')[1].split(' to')[0].replaceAll(' ', '_').replaceAll(':', '-') - if (newBranch[newBranch.length - 1] == '.') { - newBranch = newBranch.substring(0, newBranch.length - 1) - } - - // create local branch - await git.checkoutLocalBranch(newBranch) - - // parse the modified files from the patch summary - const startKeyword = '## Files that have been modified:' - const endKeyword = '## Explanation: why is this SmartFix recommended?' - - const startIndex = patch.indexOf(startKeyword) - const endIndex = patch.indexOf(endKeyword, startIndex) - const files: string[] = [] - if (startIndex !== -1 && endIndex !== -1) { - const modifiedFilesText = patch.substring(startIndex + startKeyword.length, endIndex) - - const lines = modifiedFilesText.split('\n') - for (const line of lines) { - const cleanedLine = line.trim().substring(3, line.length - 1) - if (cleanedLine) { - files.push(cleanedLine) - } - } - } - // add modified files to branch - for (const file of files) { - if (file != '') { - await git.add(file) - } - } - - // commit and push changes --force to overwrite remote branch - await git.commit('Fix for: ' + newBranch + '.').push('origin', newBranch, ['--force']) - - // open PR - let prFound = false - // retrieve list of PRs - const prList = await getPrApi().list({ - owner: repoOwner, - repo: repoName, - state: 'open', - }) - // look for PR corresponding to this branch - let filtered = prList.data.filter((pr) => pr.head.ref == newBranch) - for (const pr of filtered) { - prFound = true - let pullNr = pr.number - // update with right title and body. - try { - const before = Date.now() - await getPrApi().update({ - owner: repoOwner, - repo: repoName, - pull_number: pullNr, - title: titlePR, - body: patch, - }) - const after = Date.now() - telem.totalAPITime += after - before - telem.prsUpdated++ - telem.prsCounter++ - } catch (e) { - telem.errors.push(e) - } - } - // create PR if not found - if (!prFound) { - try { - await getPrApi().create({ - owner: repoOwner, - repo: repoName, - head: newBranch, - base: currBranch, - title: titlePR, - body: patch, - }) - telem.prsCounter++ - } catch (e) { - telem.errors.push(e) - } - } - - // go back to currBranch - await git.checkout(currBranch) -} - -export async function createPRs(jsonFile: string) { - const before: number = Date.now() - const results: LWJSON = JSON.parse(readFileSync(jsonFile, 'utf-8')) - - // get owner and name of current repository - const [repoOwner, repoName] = splitStringAtFirstSlash(getRequiredEnvVariable('GITHUB_REPOSITORY')) - - if (results.FixSuggestions == undefined) { - return - } - - const telem = { - prsCounter: 0, - prsUpdated: 0, - errors: Array(), - totalAPITime: 0, - } - for (const fix of results.FixSuggestions) { - let fixId: string = fix.Id - await prForFixSuggestion(jsonFile, fixId, repoOwner, repoName, telem) - } - const after = Date.now() -} +import { callLaceworkCli, debug, generateUILink } from './util' export async function compareResults( tool: string,