Skip to content

Commit dfbffa4

Browse files
andy-maierandy-maier
committed
Show error in Actions summary for safety issues in normal/scheduled runs
Details: * Safety issues that are detected in normal and scheduled Actions runs now cause an error to be shown in the Actions summary. They still (intentionally) do not cause the Actions run to fail. Note that safety issues detected during an Actions release run, or during local use, do cause the make command and Actions run to fail. * In addition, the safety command is now always run for both development and install before checking for failure. Signed-off-by: Andreas Maier <maiera@de.ibm.com>
1 parent 2174666 commit dfbffa4

2 files changed

Lines changed: 7 additions & 2 deletions

File tree

Makefile

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -467,8 +467,7 @@ pylint: $(done_dir)/pylint_$(pymn)_$(PACKAGE_LEVEL).done
467467

468468
.PHONY: safety
469469
safety: Makefile $(done_dir)/develop_$(pymn)_$(PACKAGE_LEVEL).done $(safety_develop_policy_file) $(safety_install_policy_file) minimum-constraints-develop.txt minimum-constraints-install.txt
470-
bash -c "safety check --policy-file $(safety_develop_policy_file) -r minimum-constraints-develop.txt --full-report || test '$(RUN_TYPE)' == 'normal' || test '$(RUN_TYPE)' == 'scheduled' || exit 1"
471-
bash -c "safety check --policy-file $(safety_install_policy_file) -r minimum-constraints-install.txt --full-report || test '$(RUN_TYPE)' == 'normal' || exit 1"
470+
bash -c 'safety check --policy-file $(safety_develop_policy_file) -r minimum-constraints-develop.txt --full-report; rc_dev=$$?; safety check --policy-file $(safety_install_policy_file) -r minimum-constraints-install.txt --full-report; rc_ins=$$?; where=""; if [[ $${rc_dev} -ne 0 ]]; then where="development"; fi; if [[ $${rc_ins} -ne 0 ]]; then where="$${where:+$$where,}install"; fi; if [[ -n $${where} ]]; then if [[ "$(RUN_TYPE)" == "release" || "$(RUN_TYPE)" == "local" ]]; then echo "Safety issues found in $${where}"; exit 1; else echo "::error::Safety issues found in $${where} - They need to be fixed before the next release"; fi; fi'
472471
@echo "Makefile: $@ done."
473472

474473
.PHONY: bandit

changes/noissue.33.feature.rst

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
Dev: Safety issues that are detected in normal and scheduled Actions runs
2+
now cause an error to be shown in the Actions summary. They still
3+
(intentionally) do not cause the Actions run to fail. Note that safety issues
4+
detected during an Actions release run, or during local use, do cause the
5+
make command and Actions run to fail. In addition, the safety command is now
6+
always run for both development and install before checking for failure.

0 commit comments

Comments
 (0)