mindersec · eleftherias · Feb 13, 2025 · Feb 13, 2025
@@ -158,8 +158,14 @@ registered for our rule type.
 
 ### Alerting
 
-We'll now describe how you may get a notification if your repository doesn't
-adhere to the rule. This is as simple as adding the following to the manifest:
+We'll now describe how you may get a notification if your entity doesn't
+adhere to the rule. 
+
+#### Security Advisory
+When a repository is not adhering to the rule, you may want to create a security
+advisory in the repository.
+
+This is as simple as adding the following to the manifest:
 
 ```yaml
 ---
@@ -174,6 +180,40 @@ This will create a security advisory in your GitHub repository that you'll be
 able to browse for information. Minder knows already what information to fill-in
 to make the alert relevant.
 
+#### Pull Request Comment
+When a pull request is not adhering to the rule, you may want to add a comment to
+the pull request.
+
+This is as simple as adding the following to the manifest:
+
+```yaml
+---
+def:
+  alert:
+    type: pull_request_comment
+    pull_request_comment:
+      review_message: "This is a message from the PR review alert type"
+```
+
+This will create a comment on your GitHub pull request using the provided review message.
+
+You can also use the output of the evaluation to create a custom message. For
+example, you can use the following:
+
+```yaml
+def:
+  alert:
+    type: pull_request_comment
+    pull_request_comment:
+      review_message: |
+        {{- range .EvalResultOutput }}  
+        - {{ .msg }}
+        {{- end }}
+```
+
+This will create a comment on your GitHub pull request listing each of the evaluation 
+failure messages.
+
 ### Remediation
 
 Minder has the ability to auto-fix issues that it finds in your supply chain,

@@ -208,11 +208,6 @@ func checkRuleDefinitionFlags(
 		return util.UserVisibleError(codes.InvalidArgument, "DataSources feature is disabled")
 	}
 
-	prCommentAlert := ruleDef.GetAlert().GetPullRequestComment()
-	if prCommentAlert != nil && !flags.Bool(ctx, featureFlags, flags.PRCommentAlert) {
-		return util.UserVisibleError(codes.InvalidArgument, "Pull request comment alert type is disabled")
-	}
-
 	usesGitPR := ruleDef.GetIngest().GetType() == git.GitRuleDataIngestType &&
 		ruleDef.GetInEntity() == minderv1.PullRequestEntity.String()
 	if usesGitPR && !flags.Bool(ctx, featureFlags, flags.GitPRDiffs) {

@@ -170,7 +170,7 @@ func (alert *Alert) run(ctx context.Context, params *paramsPR, cmd interfaces.Ac
 		return newMeta, nil
 	// Dismiss the review
 	case interfaces.ActionCmdOff:
-		if params.Metadata == nil {
+		if params.Metadata == nil || params.Metadata.ReviewID == "" {
 			// We cannot do anything without the PR review ID, so we assume that turning the alert off is a success
 			return nil, fmt.Errorf("no PR comment ID provided: %w", enginerr.ErrActionTurnedOff)
 		}
@@ -215,11 +215,11 @@ func (alert *Alert) runDry(ctx context.Context, params *paramsPR, cmd interfaces
 			params.Number, params.Owner, params.Repo, *body)
 		return nil, nil
 	case interfaces.ActionCmdOff:
-		if params.Metadata == nil {
+		if params.Metadata == nil || params.Metadata.ReviewID == "" {
 			// We cannot do anything without the PR review ID, so we assume that turning the alert off is a success
 			return nil, fmt.Errorf("no PR comment ID provided: %w", enginerr.ErrActionTurnedOff)
 		}
-		logger.Info().Msgf("dry run: dismiss PR comment %s on PR PR %d in repo %s/%s", params.Metadata.ReviewID,
+		logger.Info().Msgf("dry run: dismiss PR comment %s on PR %d in repo %s/%s", params.Metadata.ReviewID,
 			params.Number, params.Owner, params.Repo)
 	case interfaces.ActionCmdDoNothing:
 		// Return the previous alert status.

@@ -19,8 +19,6 @@ const (
 	AlternateMessageDriver Experiment = "alternate_message_driver"
 	// DataSources enables data sources management.
 	DataSources Experiment = "data_sources"
-	// PRCommentAlert enables the pull request comment alert engine.
-	PRCommentAlert Experiment = "pr_comment_alert"
 	// GitPRDiffs enables the git ingester for pull requests.
 	GitPRDiffs Experiment = "git_pr_diffs"
 	// TarGzFunctions enables functions to produce tar.gz data in the rego