bug: DevSkim - Fixes fatal error and override path #3673
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
TommyE123
requested review from
nvuillam,
echoix,
bdovaz and
Kurt-von-Laven
as code owners
|
I've also raised a bug with Microsoft here microsoft/DevSkim#620 to see if they are aware of the issue or how to address it. |
|
I'll have time to review your recent PRs starting late tomorrow. I'm attending a code sprint for another project, so I have way more to review than I can do. |
Perfect, we've often had users having issues with this linter. |
echoix
approved these changes
Jun 19, 2024
|
Thanks again for your PR, getting it merged as soon as possible! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
DevSkim Fatal errors and config override fix
Fixes #3611 and #2849
Context:
DevSkim on scanning was throwing various issues:
fatal: this operation must be run in a work treegit config --global --add safe.directory /github/workspace fatal: detected dubious ownership in repository at '/github/workspace' To add an exception for this directory, call:It appears the
--skip-git-ignored-filesis causing this issue. On doing a bit of searching on github it appears no one is using it apart from a few references in other megalinter configs.I’ve tested it with a simple github workflow outside of megalinter and also running the commands locally and the error remains when using this option. So I strongly suspect unless im missing something that its an issue with the DevSkim code.
The second issue is simply that Devskim was using the default
-cto specify the config path so as far as I can tell, It would’nt have worked without overriding the config arguement.Changes:
• Added
cli_config_arg_name: "--options-json"to devskim descriptor.• Removed
--skip-git-ignored-filesfrom devskim descriptor.Testing:
AZURE – no .devskim.json present so uses default megalinter config.
GITHUB – .devskim.json in default folder with no megalinter devskim specific fixes
GITLAB – .devskim.json in config folder
megalinter config entry
Output:
Additional Notes:
• Please note I’ve not tried to cleanup the Sarif report in this PR which is currently outputting terribly!
If there are any issues or concerns, please let me know, and I will address them promptly.
Thank you for reviewing this PR. Looking forward to your feedback.
Tom