Merge pull request #1324 from github/skip-not-found-sarif-reports

Skip not found code scanning analysis migrations

Author: ArinGhazarian

RELEASENOTES.md

@@ -1 +1,2 @@
 - Update validation error messages for `gh bbs2gh migrate-repo` command when generating an archive is not required.
+- `gh gei migrate-code-scanning-alerts` now skips a not found code scanning analysis and continues with the rest. 

src/Octoshift/Services/CodeScanningAlertService.cs

@@ -59,15 +59,28 @@ protected internal virtual async Task MigrateAnalyses(string sourceOrg, string s
             return;
         }
 
-        var migratedCount = 0;
+        var analysisNumber = 0;
 
         foreach (var analysis in relevantAnalyses)
         {
-            var sarifReport = await _sourceGithubApi.GetSarifReport(sourceOrg, sourceRepo, analysis.Id);
+            analysisNumber++;
+
+            string sarifReport;
+            try
+            {
+                sarifReport = await _sourceGithubApi.GetSarifReport(sourceOrg, sourceRepo, analysis.Id);
+            }
+            catch (HttpRequestException ex) when (ex.StatusCode == HttpStatusCode.NotFound)
+            {
+                _log.LogWarning($"Skipping analysis {analysis.Id} because no analysis was found for it ({analysisNumber} / {relevantAnalyses.Count})...");
+                continue;
+            }
+
             _log.LogVerbose($"Downloaded SARIF report for analysis {analysis.Id}");
+
             try
             {
-                _log.LogInformation($"Uploading SARIF for analysis {analysis.Id} in target repository ({migratedCount + 1} / {relevantAnalyses.Count})...");
+                _log.LogInformation($"Uploading SARIF for analysis {analysis.Id} in target repository ({analysisNumber} / {relevantAnalyses.Count})...");
                 var id = await _targetGithubApi.UploadSarifReport(targetOrg, targetRepo, sarifReport, analysis.CommitSha, analysis.Ref);
                 // Wait for SARIF processing to finish before first querying it
                 await Task.Delay(500);
@@ -95,8 +108,6 @@ protected internal virtual async Task MigrateAnalyses(string sourceOrg, string s
             {
                 throw new OctoshiftCliException($"Received HTTP Status 403 for uploading analysis {analysis.Id}. Please make sure to activate GitHub Advanced Security on the target.", httpException);
             }
-
-            migratedCount++;
         }
 
         _log.LogInformation($"Successfully finished migrating {relevantAnalyses.Count} Code Scanning analyses! ");

src/OctoshiftCLI.Tests/Octoshift/Services/CodeScanningAlertServiceTests.cs

@@ -1,5 +1,7 @@
 using System.Collections.ObjectModel;
 using System.Linq;
+using System.Net;
+using System.Net.Http;
 using System.Threading.Tasks;
 using FluentAssertions;
 using Moq;
@@ -872,6 +874,74 @@ public async Task MigrateAlerts_Dry_Run_Will_Not_Adjust_Any_Alerts_On_Target()
         ), Times.Never);
     }
 
+    [Fact]
+    public async Task MigrateAlerts_Skips_An_Analysis_When_SARIF_Report_Not_Found()
+    {
+        // Arrange
+        var Ref = "refs/heads/main";
+        var analysis1 = new CodeScanningAnalysis
+        {
+            Id = 1,
+            CreatedAt = "2022-03-30T00:00:00Z",
+            CommitSha = "SHA_1",
+            Ref = Ref
+        };
+        var analysis2 = new CodeScanningAnalysis
+        {
+            Id = 2,
+            CreatedAt = "2022-03-31T00:00:00Z",
+            CommitSha = "SHA_2",
+            Ref = Ref
+        };
+
+        const string sarifResponse2 = "SARIF_RESPONSE_2";
+        var processingStatus = new SarifProcessingStatus
+        {
+            Status = SarifProcessingStatus.Complete,
+            Errors = new Collection<string>()
+        };
+
+        _mockSourceGithubApi.Setup(x => x.GetCodeScanningAnalysisForRepository(SOURCE_ORG, SOURCE_REPO, "main")).ReturnsAsync(new[] { analysis1, analysis2 });
+        _mockSourceGithubApi.Setup(x => x.GetSarifReport(SOURCE_ORG, SOURCE_REPO, analysis1.Id))
+            .ThrowsAsync(new HttpRequestException("No analysis found for analysis ID 1", null, HttpStatusCode.NotFound));
+        _mockSourceGithubApi.Setup(x => x.GetSarifReport(SOURCE_ORG, SOURCE_REPO, analysis2.Id)).ReturnsAsync(sarifResponse2);
+        _mockTargetGithubApi.Setup(x => x.UploadSarifReport(TARGET_ORG, TARGET_REPO, It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>())).ReturnsAsync("sarif-id");
+        _mockTargetGithubApi.Setup(x => x.GetSarifProcessingStatus(TARGET_ORG, TARGET_REPO, It.IsAny<string>()))
+            .ReturnsAsync(processingStatus);
+
+        // Act
+        await _alertService.MigrateAnalyses(SOURCE_ORG, SOURCE_REPO, TARGET_ORG, TARGET_REPO, "main", false);
+
+        // Assert
+        _mockTargetGithubApi.Verify(
+            x => x.UploadSarifReport(
+                TARGET_ORG,
+                TARGET_REPO,
+                It.IsAny<string>(),
+                It.IsAny<string>(),
+                It.IsAny<string>()
+            ),
+            Times.Once);
+        _mockTargetGithubApi.Verify(
+            x => x.UploadSarifReport(
+                TARGET_ORG,
+                TARGET_REPO,
+                sarifResponse2,
+                analysis2.CommitSha,
+                Ref
+            ),
+            Times.Once);
+
+        _mockTargetGithubApi.Verify(
+            x => x.GetSarifProcessingStatus(
+                TARGET_ORG,
+                TARGET_REPO,
+                "sarif-id"),
+            Times.Once);
+
+        _mockOctoLogger.Verify(log => log.LogWarning($"Skipping analysis {analysis1.Id} because no analysis was found for it (1 / 2)..."));
+    }
+
     // Avoid having referential equal instances to have real use case tests
     private CodeScanningAlertInstance CopyInstance(CodeScanningAlertInstance codeScanningAlertInstance)
     {