-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Is there a ENV variable to delete the previous comments in Frogbot and have only the current comment ? #646
Comments
Hi @vinodhini-devops, thank you for bringing up this issue By default, Frogbot is expected to remove all of its previous comments during a rerun and add only the current one. Did you observe duplicate comments when running Frogbot multiple times on the same PR? could you provide a log (with DEBUG level) of the second run? This will assist me in investigating the issue, as it should have deleted the old comments. Have you attempted to exclude the JF_AVOID_PREVIOUS_PR_COMMENTS_DELETION altogether, even if it is set to false? Concerning the suggestion of not commenting at all when no issues are found, could you please elaborate on why you'd like this feature added? What is the rationale behind not wanting to see a single comment in such cases? Thank you once again. |
Hi @attiasas , ###########LOGS############
|
Hi @vinodhini-devops, the config mentioned: |
@attiasas you want me to remove the JF_AVOID_PREVIOUS_PR_COMMENTS_DELETION from config and try it ? |
@attiasas i tried excluding the JF_AVOID_PREVIOUS_PR_COMMENTS_DELETION , Only one comment is added. This is not what im expecting, My PR has multiple builds and multiple components, each component gets scanned by frogbot and the comment is updated accordingly finally am able to see only one comment of the last component which got scanned |
logs
|
My expectation is, during the second run of the PR, the existing comments must be deleted and only new ones must be added. @attiasas |
@vinodhini-devops, If the env var was not set, I would expect to see at the
As implemented here: It seems that at the run logs you shared, this is set to |
If you are running concurrent scanning of pull requests, we cannot determine when it will end. For each process of Frogbot, it will first delete the old comments and then comment with the new ones (or it may not delete at all). You can set a custom PullRequestCommentTitle for each run by configuring 'JF_PR_COMMENT_TITLE' to ensure that each comment corresponds to its respective run. If this is not meeting your expectations, please provide more details so that I can better understand and assist you if possible. |
Hello @vinodhini-devops |
Describe the bug
Im using Frogbot for scanning the Pull request,
I have multiple builds running on my PR,
Currently, my pr is full of frogbot comments, Is there a way to delete the exisiting comments and have only the recent comment for the builds from frogbot ?
I tried using JF_AVOID_PREVIOUS_PR_COMMENTS_DELETION , but its clearing all the recent comments and giving only one common comment
And if there are No issues found, can we make frogbot not to comment anything, Not even saying no vulnerablities found ?
Current behavior
Im using Frogbot for scanning the Pull request,
I have multiple builds running on my PR,
Currently, my pr is full of frogbot comments, Is there a way to delete the exisiting comments and have only the recent comment for the builds from frogbot ?
I tried using JF_AVOID_PREVIOUS_PR_COMMENTS_DELETION , but its clearing all the recent comments and giving only one common comment
And if there are No issues found, can we make frogbot not to comment anything, Not even saying no vulnerablities found ?
Reproduction steps
No response
Expected behavior
No response
JFrog Frogbot version
Frogbot version: 2.19.10
Package manager info
No package manager
Git provider
GitHub
JFrog Frogbot configuration yaml file
steps:
included comment
condition: eq(variables['Build.Reason'], 'PullRequest')
displayName: 'Download and Run Frogbot Scan'
env:
JF_WATCHES: $(xray_watch_policyname)
JF_GIT_PULL_REQUEST_ID: $(System.PullRequest.PullRequestId)
JF_GIT_BASE_BRANCH: $(System.PullRequest.TargetBranch)
JF_GIT_PROJECT: $(System.TeamProject)
JF_GIT_API_ENDPOINT: $(System.CollectionUri)
JF_GIT_TOKEN: $(access-token-pat)
JF_VULN_CONTEXTUAL_ANALYSIS: TRUE
JF_URL: $(artifactoryurl)
JF_ACCESS_TOKEN: $(jfrog-identity-token)
JFROG_CLI_LOG_LEVEL: "DEBUG"
JF_GIT_OWNER: "KLA-GPG"
JF_AVOID_PREVIOUS_PR_COMMENTS_DELETION: FALSE
JF_GIT_REPO: "virgo"
JF_RELEASES_REPO: ""
JF_GIT_PROVIDER: "azureRepos"
JF_FAIL: FALSE
JF_INCLUDE_ALL_VULNERABILITIES: FALSE
JF_WORKING_DIR: ${{ parameters.componentName }}/${{ parameters.subcomponentname }}
JF_AVOID_EXTRA_MESSAGES: true # to avoid extra messages in the comment from JFROG
JF_PR_COMMENT_TITLE: ${{ parameters.componentName }}/${{ parameters.subcomponentname }}Report
JF_PATH_EXCLUSIONS : ""
inputs:
script: |
export HOME="/usr/share/maven"
export M2="$HOME/bin"
export MAVEN_OPTS="-Xms256m -Xmx512m"
export PATH="$M2:$PATH"
mvn --version
getFrogbotScriptPath=$(if [ -z "$JF_RELEASES_REPO" ]; then echo "https://releases.jfrog.io"; else echo "${JF_URL}/artifactory/${JF_RELEASES_REPO}"; fi)
curl -fLg "$getFrogbotScriptPath/artifactory/frogbot/v2/[RELEASE]/getFrogbot.sh" | sh
./frogbot spr
#./frogbot scan-and-fix-repos $(Build.SourceBranch)
continueOnError: true
Operating system type and version
ubuntu 18.04
JFrog Xray version
No response
The text was updated successfully, but these errors were encountered: