From fd47c842af70c515a96da6b2ce24bf7ce2f151e0 Mon Sep 17 00:00:00 2001 From: Eleftheria Stein-Kousathana Date: Thu, 13 Feb 2025 12:03:28 +0100 Subject: [PATCH] Release PR comment alert type - Remove the feature flag - Add docs - Fix bugs Fix #5432 --- docs/docs/how-to/custom-rules.md | 44 ++++++++++++++++++- internal/controlplane/handlers_ruletype.go | 5 --- .../pull_request_comment.go | 6 +-- internal/flags/constants.go | 2 - 4 files changed, 45 insertions(+), 12 deletions(-) diff --git a/docs/docs/how-to/custom-rules.md b/docs/docs/how-to/custom-rules.md index 604006625a..c6002363ad 100644 --- a/docs/docs/how-to/custom-rules.md +++ b/docs/docs/how-to/custom-rules.md @@ -158,8 +158,14 @@ registered for our rule type. ### Alerting -We'll now describe how you may get a notification if your repository doesn't -adhere to the rule. This is as simple as adding the following to the manifest: +We'll now describe how you may get a notification if your entity doesn't +adhere to the rule. + +#### Security Advisory +When a repository is not adhering to the rule, you may want to create a security +advisory in the repository. + +This is as simple as adding the following to the manifest: ```yaml --- @@ -174,6 +180,40 @@ This will create a security advisory in your GitHub repository that you'll be able to browse for information. Minder knows already what information to fill-in to make the alert relevant. +#### Pull Request Comment +When a pull request is not adhering to the rule, you may want to add a comment to +the pull request. + +This is as simple as adding the following to the manifest: + +```yaml +--- +def: + alert: + type: pull_request_comment + pull_request_comment: + review_message: "This is a message from the PR review alert type" +``` + +This will create a comment on your GitHub pull request using the provided review message. + +You can also use the output of the evaluation to create a custom message. For +example, you can use the following: + +```yaml +def: + alert: + type: pull_request_comment + pull_request_comment: + review_message: | + {{- range .EvalResultOutput }} + - {{ .msg }} + {{- end }} +``` + +This will create a comment on your GitHub pull request listing each of the evaluation +failure messages. + ### Remediation Minder has the ability to auto-fix issues that it finds in your supply chain, diff --git a/internal/controlplane/handlers_ruletype.go b/internal/controlplane/handlers_ruletype.go index 42fbf75424..47930ff402 100644 --- a/internal/controlplane/handlers_ruletype.go +++ b/internal/controlplane/handlers_ruletype.go @@ -208,11 +208,6 @@ func checkRuleDefinitionFlags( return util.UserVisibleError(codes.InvalidArgument, "DataSources feature is disabled") } - prCommentAlert := ruleDef.GetAlert().GetPullRequestComment() - if prCommentAlert != nil && !flags.Bool(ctx, featureFlags, flags.PRCommentAlert) { - return util.UserVisibleError(codes.InvalidArgument, "Pull request comment alert type is disabled") - } - usesGitPR := ruleDef.GetIngest().GetType() == git.GitRuleDataIngestType && ruleDef.GetInEntity() == minderv1.PullRequestEntity.String() if usesGitPR && !flags.Bool(ctx, featureFlags, flags.GitPRDiffs) { diff --git a/internal/engine/actions/alert/pull_request_comment/pull_request_comment.go b/internal/engine/actions/alert/pull_request_comment/pull_request_comment.go index 3bb9d23c66..185f002739 100644 --- a/internal/engine/actions/alert/pull_request_comment/pull_request_comment.go +++ b/internal/engine/actions/alert/pull_request_comment/pull_request_comment.go @@ -170,7 +170,7 @@ func (alert *Alert) run(ctx context.Context, params *paramsPR, cmd interfaces.Ac return newMeta, nil // Dismiss the review case interfaces.ActionCmdOff: - if params.Metadata == nil { + if params.Metadata == nil || params.Metadata.ReviewID == "" { // We cannot do anything without the PR review ID, so we assume that turning the alert off is a success return nil, fmt.Errorf("no PR comment ID provided: %w", enginerr.ErrActionTurnedOff) } @@ -215,11 +215,11 @@ func (alert *Alert) runDry(ctx context.Context, params *paramsPR, cmd interfaces params.Number, params.Owner, params.Repo, *body) return nil, nil case interfaces.ActionCmdOff: - if params.Metadata == nil { + if params.Metadata == nil || params.Metadata.ReviewID == "" { // We cannot do anything without the PR review ID, so we assume that turning the alert off is a success return nil, fmt.Errorf("no PR comment ID provided: %w", enginerr.ErrActionTurnedOff) } - logger.Info().Msgf("dry run: dismiss PR comment %s on PR PR %d in repo %s/%s", params.Metadata.ReviewID, + logger.Info().Msgf("dry run: dismiss PR comment %s on PR %d in repo %s/%s", params.Metadata.ReviewID, params.Number, params.Owner, params.Repo) case interfaces.ActionCmdDoNothing: // Return the previous alert status. diff --git a/internal/flags/constants.go b/internal/flags/constants.go index 7e1dde2b3e..cf83aad2db 100644 --- a/internal/flags/constants.go +++ b/internal/flags/constants.go @@ -19,8 +19,6 @@ const ( AlternateMessageDriver Experiment = "alternate_message_driver" // DataSources enables data sources management. DataSources Experiment = "data_sources" - // PRCommentAlert enables the pull request comment alert engine. - PRCommentAlert Experiment = "pr_comment_alert" // GitPRDiffs enables the git ingester for pull requests. GitPRDiffs Experiment = "git_pr_diffs" // TarGzFunctions enables functions to produce tar.gz data in the rego