Add support for suppression criteria #25
Conversation
| ./gradlew properties -q | grep "version:" | ||
| ./gradlew properties -q | grep "version:" | awk '{print $2}' |
There was a problem hiding this comment.
Maybe you need neither and this is a left-over. Looks like the one below is the one that matters.
| # CodeGuru Reviewer CLI Wrapper | ||
| Simple CLI wrapper for CodeGuru reviewer that provides a one-line command to scan a local clone of a repository and | ||
| receive results. This CLI wraps the [AWS CLI](https://aws.amazon.com/cli/) commands to communicated with | ||
| [AWS CodeGuru Reviewer](https://aws.amazon.com/codeguru/). Using CodeGuru Reviewer may generate metering fees |
There was a problem hiding this comment.
[not from this PR] Typo in "communicated" in the line above
README.md
Outdated
|
|
||
| ### Prerequisites | ||
|
|
||
| To run the CLI, we need to have a version of git, Java (e.g., [Amazon Corretto](https://aws.amazon.com/corretto/?filtered-posts.sort-by=item.additionalFields.createdDate&filtered-posts.sort-order=desc)) and the [AWS Command Line interface](https://aws.amazon.com/cli/) installed. Verify that both application are installed on our machine by running: |
README.md
Outdated
|
|
||
| ### Scan an Example | ||
|
|
||
| Now, lets download an example project (requires Maven): |
README.md
Outdated
|
|
||
| You can use this CLI to run CodeGuru from inside your CI/CD pipeline. See [this action](.github/workflows/self-test-and-release.yml#L30-L41) as an example. First, you need credentials for a role with the permissions mentioned above. If you already scanned | ||
| the repository once with the CLI, the S3 bucket has been created, and the you do not need the `s3:CreateBucket*` permission anymore. | ||
| # We can tell the CLI to exclude all recommendations below a certain severity. This can be useful in CICD integration. |
There was a problem hiding this comment.
nit: CI/CD for consistency
| } | ||
| } | ||
|
|
||
| // try load the |
There was a problem hiding this comment.
complete or remove comment
| Log.info("Analysis finished."); | ||
| if (main.failOnRecommendations && !results.isEmpty()) { | ||
| RecommendationPrinter.print(results); | ||
| System.exit(5); |
There was a problem hiding this comment.
Log a message explaining why we are exiting with an error code?
The person who debugs why this is returning errcode 5 may not be the same one who decided to enable the flag.
|
|
||
| public class CodeInsightReport { | ||
|
|
||
| /* |
| sb.append(recommendation.description()); | ||
| sb.append("\n"); | ||
| if (severityToInt(recommendation) < 2) { | ||
| Log.error(sb.toString()); |
There was a problem hiding this comment.
This may look like that CLI wrapper itself hit an error. Aren't INFO messages with Severity: FOOBAR enough? Otherwise you're saying the same thing twice in different ways. I know this may allow loglevel-based filtering, but seems like it could also be a bit confusing.
There was a problem hiding this comment.
Yeah, you're probably right ... I'll log everything at info
| continue; | ||
| } | ||
| if (rec.ruleMetadata() == null || rec.filePath().equals(".")) { | ||
| continue; // Always drop rules without metadata or the stats recomendation |
There was a problem hiding this comment.
Could we add an option to keep the recommendations that don't have any metadata? I think it's great to drop them, but until a better mechanism exists, this will hide the problem under the rug. With such an option we can still enable it in end-to-end regression testing and alert.
There was a problem hiding this comment.
I'd rather fix this by making sure all rules have metadata. If there is no metadata, we don't know what rule it is, so we can't filter it. Usually, these are low severity, so customers who want to block pipelines using the CLI would likely suppress them anyway.
There was a problem hiding this comment.
Oh, and this only happens when you filter. So we can still get these by running without filter. OK, that's good enough.
Adds support for cli-specific suppression mechanisms in
.codeguru-ignore.ymland bumps the version to 0.1.0:By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.