Fix breaking changes after test improves (#768)

.github/workflows/analysis.yml

@@ -11,27 +11,15 @@ jobs:
       - name: Checkout Source
         uses: actions/checkout@v4
 
-      - name: Install Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: 1.22.x
-
-      - name: Go Cache
-        uses: actions/cache@v3
-        with:
-          path: ~/go/pkg/mod
-          key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-go-
+      - name: Setup Go with cache
+        uses: jfrog/.github/actions/install-go-with-cache@main
 
       # Generate mocks
       - name: Generate mocks
         run: go generate ./...
 
-      - name: Static Code Analysis
-        uses: golangci/golangci-lint-action@v3
-        with:
-          args: |
-            --timeout 5m --out-${NO_FUTURE}format colored-line-number --enable errcheck,gosimple,govet,ineffassign,staticcheck,typecheck,unused,gocritic,asasalint,asciicheck,errchkjson,exportloopref,forcetypeassert,makezero,nilerr,unparam,unconvert,wastedassign,usestdlibvars 
+      - name: Run golangci linter
+        uses: jfrog/.github/actions/golangci-lint@main
 
   Go-Sec:
     runs-on: ubuntu-latest
@@ -41,15 +29,15 @@ jobs:
       - name: Checkout Source
         uses: actions/checkout@v4
 
-      - name: Install Go
-        uses: actions/setup-go@v3
-        with:
-          go-version: 1.22.x
+      - name: Setup Go with cache
+        uses: jfrog/.github/actions/install-go-with-cache@main
 
-      - name: Run Gosec Security Scanner
-        uses: securego/gosec@master
-        with:
-          args: -exclude=G204,G301,G302,G304,G306 -exclude-dir=\.*test\.* ./...
+        # Generate mocks
+      - name: Generate mocks
+        run: go generate ./...
+
+      - name: Run Go-Sec scanner
+        uses: jfrog/.github/actions/gosec-scanner@main
 
   ShellCheck:
     name: Shellcheck

.github/workflows/oidc-test.yml

@@ -24,7 +24,7 @@ jobs:
       - name: Install Go
         uses: actions/setup-go@v5
         with:
-          go-version: 1.22.x
+          go-version: 1.22.7
           cache: false
 
       # Generating a unique name for the Integration Configuration that will be created in the following step

azure_test.go

@@ -9,6 +9,7 @@ import (
 )
 
 const (
+	//#nosec G101 -- False positive - no hardcoded credentials.
 	azureIntegrationTokenEnv = "FROGBOT_TESTS_AZURE_TOKEN"
 	azureApiEndpoint         = "https://dev.azure.com/frogbot-test"
 	azureGitCloneUrl         = "https://[email protected]/frogbot-test/integration/_git/integration"

bitbucket_server_test.go

@@ -15,6 +15,7 @@ import (
 )
 
 const (
+	//#nosec G101 -- False positive - no hardcoded credentials.
 	bitbucketServerIntegrationTokenEnv = "FROGBOT_TESTS_BB_SERVER_TOKEN"
 	bitbucketServerApiEndpoint         = "http://localhost:7990/rest"
 	bitbucketServerGitCloneUrl         = "http://localhost:7990/scm/frog/integration.git"

github_test.go

@@ -9,6 +9,7 @@ import (
 )
 
 const (
+	//#nosec G101 -- False positive - no hardcoded credentials.
 	githubIntegrationTokenEnv = "FROGBOT_TESTS_GITHUB_TOKEN"
 	githubGitCloneUrl         = "https://github.com/frogbot-test/integration.git"
 )

gitlab_test.go

@@ -9,6 +9,7 @@ import (
 )
 
 const (
+	//#nosec G101 -- False positive - no hardcoded credentials.
 	gitlabIntegrationTokenEnv = "FROGBOT_TESTS_GITLAB_TOKEN"
 	gitlabGitCloneUrl         = "https://gitlab.com/frogbot-test2/integration.git"
 )

go.mod

@@ -116,7 +116,7 @@ require (
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 )
 
-// replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security dev
+replace github.com/jfrog/jfrog-cli-security => github.com/jfrog/jfrog-cli-security v1.12.4-0.20241103154303-1f6712663f75
 
 // replace github.com/jfrog/jfrog-cli-core/v2 => github.com/jfrog/jfrog-cli-core/v2 dev
 

go.sum

@@ -134,8 +134,8 @@ github.com/jfrog/jfrog-apps-config v1.0.1 h1:mtv6k7g8A8BVhlHGlSveapqf4mJfonwvXYL
 github.com/jfrog/jfrog-apps-config v1.0.1/go.mod h1:8AIIr1oY9JuH5dylz2S6f8Ym2MaadPLR6noCBO4C22w=
 github.com/jfrog/jfrog-cli-core/v2 v2.56.4 h1:LqByz2FmVTDQm/u2xGeTL6O8Hs9JadaTj3QMpel9ZwY=
 github.com/jfrog/jfrog-cli-core/v2 v2.56.4/go.mod h1:AwQ9WuOA64g3torX9K5kP0xFAAbchfRInhZwbufoW+Q=
-github.com/jfrog/jfrog-cli-security v1.12.3 h1:VgD1Y/a64jypqKVUTYQzZLnxufUE9OFI6mbbPO0HiXU=
-github.com/jfrog/jfrog-cli-security v1.12.3/go.mod h1:BJLwfVZAxsi2iQQ60UYR0os2c23owPwhaRbQUfD8/h4=
+github.com/jfrog/jfrog-cli-security v1.12.4-0.20241103154303-1f6712663f75 h1:8Xjom2U0Y3b9/iz6mHaX5tev+vo+NtVwX3BrKAKoiNQ=
+github.com/jfrog/jfrog-cli-security v1.12.4-0.20241103154303-1f6712663f75/go.mod h1:BJLwfVZAxsi2iQQ60UYR0os2c23owPwhaRbQUfD8/h4=
 github.com/jfrog/jfrog-client-go v1.47.3 h1:99/JSSgU0rvnM2zWYos2n+Gz1IYLCUoIorE4Xco+Dew=
 github.com/jfrog/jfrog-client-go v1.47.3/go.mod h1:NepfaidmK/xiKsVC+0Ur9sANOqL6io8Y7pSaCau7J6o=
 github.com/jordan-wright/email v4.0.1-0.20210109023952-943e75fe5223+incompatible h1:jdpOPRN1zP63Td1hDQbZW73xKmzDvZHzVdNYxhnTMDA=

scanpullrequest/scanpullrequest.go

@@ -178,8 +178,8 @@ func auditPullRequestInProject(repoConfig *utils.Repository, scanDetails *utils.
 	var sourceResults *results.SecurityCommandResults
 	workingDirs := utils.GetFullPathWorkingDirs(scanDetails.Project.WorkingDirs, sourceBranchWd)
 	log.Info("Scanning source branch...")
-	sourceResults, err = scanDetails.RunInstallAndAudit(workingDirs...)
-	if err != nil {
+	sourceResults = scanDetails.RunInstallAndAudit(workingDirs...)
+	if err = sourceResults.GetErrors(); err != nil {
 		return
 	}
 
@@ -219,8 +219,8 @@ func auditTargetBranch(repoConfig *utils.Repository, scanDetails *utils.ScanDeta
 	var targetResults *results.SecurityCommandResults
 	workingDirs := utils.GetFullPathWorkingDirs(scanDetails.Project.WorkingDirs, targetBranchWd)
 	log.Info("Scanning target branch...")
-	targetResults, err = scanDetails.RunInstallAndAudit(workingDirs...)
-	if err != nil {
+	targetResults = scanDetails.RunInstallAndAudit(workingDirs...)
+	if err = targetResults.GetErrors(); err != nil {
 		return
 	}
 

scanrepository/scanrepository.go

@@ -213,8 +213,8 @@ func (cfp *ScanRepositoryCmd) scanAndFixProject(repository *utils.Repository) er
 // Audit the dependencies of the current commit.
 func (cfp *ScanRepositoryCmd) scan(currentWorkingDir string) (*results.SecurityCommandResults, error) {
 	// Audit commit code
-	auditResults, err := cfp.scanDetails.RunInstallAndAudit(currentWorkingDir)
-	if err != nil {
+	auditResults := cfp.scanDetails.RunInstallAndAudit(currentWorkingDir)
+	if err := auditResults.GetErrors(); err != nil {
 		return nil, err
 	}
 	log.Info("Xray scan completed")

utils/scandetails.go

@@ -2,7 +2,6 @@ package utils
 
 import (
 	"context"
-	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -177,7 +176,7 @@ func createXrayScanParams(watches []string, project string, includeLicenses bool
 	return
 }
 
-func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *results.SecurityCommandResults, err error) {
+func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *results.SecurityCommandResults) {
 	auditBasicParams := (&utils.AuditBasicParams{}).
 		SetPipRequirementsFile(sc.PipRequirementsFile).
 		SetUseWrapper(*sc.UseWrapper).
@@ -201,12 +200,7 @@ func (sc *ScanDetails) RunInstallAndAudit(workDirs ...string) (auditResults *res
 		SetCommonGraphScanParams(sc.CreateCommonGraphScanParams()).
 		SetConfigProfile(sc.configProfile)
 
-	auditResults, err = audit.RunAudit(auditParams)
-
-	if auditResults != nil {
-		err = errors.Join(err, auditResults.GetErrors())
-	}
-	return
+	return audit.RunAudit(auditParams)
 }
 
 func (sc *ScanDetails) SetXscGitInfoContext(scannedBranch, gitProject string, client vcsclient.VcsClient) *ScanDetails {