feat(COMMENTER): Remove old Aqua messages before writing new ones (#181)

* feat(COMMENTER): Remove old Aqua messages before writing new ones * feat(REGIONS): print error for each failure, but dont fail the commenter
aquasecurity · Aug 17, 2022 · 98a67ad · 98a67ad
1 parent f4caa31
commit 98a67ad
Showing 1 changed file with 23 additions and 9 deletions.
diff --git a/pkg/buildClient/comments.go b/pkg/buildClient/comments.go
@@ -8,6 +8,8 @@ import (
 	"strconv"
 	"strings"
 
+	"github.com/aquasecurity/trivy-plugin-aqua/pkg/log"
+
 	"github.com/aquasecurity/go-git-pr-commenter/pkg/commenter"
 	"github.com/aquasecurity/go-git-pr-commenter/pkg/commenter/azure"
 	"github.com/aquasecurity/go-git-pr-commenter/pkg/commenter/bitbucket"
@@ -17,6 +19,8 @@ import (
 	"github.com/aquasecurity/trivy-plugin-aqua/pkg/proto/buildsecurity"
 )
 
+const aquaMsg = "[This comment was created by Aqua Pipeline]"
+
 // prComments send results PR comments
 func prComments(buildSystem string, result []*buildsecurity.Result, avdUrlMap ResultIdToUrlMap) error {
 	var c = commenter.Repository(nil)
@@ -59,6 +63,10 @@ func prComments(buildSystem string, result []*buildsecurity.Result, avdUrlMap Re
 	default:
 		return nil
 	}
+	err := c.RemovePreviousAquaComments(aquaMsg)
+	if err != nil {
+		log.Logger.Infof("failed removing old comments with error: %s", err)
+	}
 
 	for _, r := range result {
 		if r.SuppressionID == "" {
@@ -68,20 +76,20 @@ func prComments(buildSystem string, result []*buildsecurity.Result, avdUrlMap Re
 				buildsecurity.Result_TYPE_HCL, buildsecurity.Result_TYPE_YAML:
 				err := c.WriteMultiLineComment(r.Filename, returnMisconfMsg(r, avdUrlMap), int(r.StartLine), int(r.EndLine))
 				if err != nil {
-					return fmt.Errorf("failed write misconfiguration comment: %w", err)
+					log.Logger.Infof("failed write misconfiguration comment: %w", err)
 				}
 			case buildsecurity.Result_TYPE_VULNERABILITIES:
 				if !strings.Contains(r.Filename, "node_modules") {
 					err := c.WriteMultiLineComment(r.Filename, returnVulnfMsg(r, avdUrlMap), commenter.FIRST_AVAILABLE_LINE, commenter.FIRST_AVAILABLE_LINE)
 					if err != nil {
-						return fmt.Errorf("failed write vulnerability comment: %w", err)
+						log.Logger.Infof("failed write vulnerability comment: %w", err)
 					}
 				}
 
 			case buildsecurity.Result_TYPE_SECRETS:
 				err := c.WriteMultiLineComment(r.Filename, returnSecretMsg(r), int(r.StartLine), int(r.EndLine))
 				if err != nil {
-					return fmt.Errorf("failed write secret findings comment: %w", err)
+					log.Logger.Infof("failed write secret findings comment: %w", err)
 				}
 			}
 		}
@@ -94,23 +102,27 @@ func returnSecretMsg(r *buildsecurity.Result) string {
 		"  \n**Category:** %s "+
 		"  \n**Description:** %s "+
 		"  \n**Severity:** %s "+
-		"  \n**Match:** %s",
+		"  \n**Match:** %s"+
+		"  \n%s",
 		r.Resource,
 		r.Title,
 		strings.ReplaceAll(r.Severity.String(), "SEVERITY_", ""),
-		r.Message)
+		r.Message,
+		aquaMsg)
 }
 
 func returnMisconfMsg(r *buildsecurity.Result, avdUrlMap ResultIdToUrlMap) string {
 	commentWithoutAvdUrl := fmt.Sprintf("### :warning: Aqua detected misconfiguration in your code"+
 		"  \n**Misconfiguration ID:** %s "+
 		"  \n**Check Name:** %s "+
 		"  \n**Severity:** %s "+
-		"  \n**Message:** %s",
+		"  \n**Message:** %s"+
+		"  \n%s",
 		r.AVDID,
 		r.Title,
 		strings.ReplaceAll(r.Severity.String(), "SEVERITY_", ""),
-		r.Message)
+		r.Message,
+		aquaMsg)
 
 	if avdUrl := avdUrlMap[GenerateResultId(r)]; avdUrl != "" {
 		return commentWithoutAvdUrl +
@@ -127,12 +139,14 @@ func returnVulnfMsg(r *buildsecurity.Result, avdUrlMap ResultIdToUrlMap) string
 		"  \n**Check Name:** %s "+
 		"  \n**Severity:** %s "+
 		"  \n**Fixed Version:** %s "+
-		"  \n**Description:** %s",
+		"  \n**Description:** %s"+
+		"  \n%s",
 		r.AVDID,
 		r.Title,
 		strings.ReplaceAll(r.Severity.String(), "SEVERITY_", ""),
 		r.FixedVersion,
-		r.Message)
+		r.Message,
+		aquaMsg)
 
 	if avdUrl := avdUrlMap[GenerateResultId(r)]; avdUrl != "" {
 		return commentWithoutAvdUrl +