Parse logs for FOSSA action to determine actual license scan failures

action.yml

@@ -9,7 +9,7 @@ runs:
       shell: bash
       run: echo "This action should only run on getsentry repos" && exit 1
 
-    - name: 'Pick a FOSSA API key'
+    - name: 'Pick a FOSSA API key and install FOSSA cli'
       id: set_key
       shell: bash
       env:
@@ -27,50 +27,60 @@ runs:
         # here in this file and gives us at least basic pass/fail.
         #
         # See also: https://docs.fossa.com/docs/api-reference#api-tokens
-
         FALLBACK="9fc50c40b136c68873ad05aec573cf3e"
         echo "key=${PREFERRED:-$FALLBACK}" >> "$GITHUB_OUTPUT"
+        # Install specific version of fossa-cli to guarantee stability of parsing fossa job outputs
+        curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/v3.7.5/install-latest.sh | bash
 
     - name: 'Checkout Code'
       uses: actions/checkout@v2
 
-    - name: 'Run FOSSA Scan'
+    - name: 'Run `fossa analyze`'
       id: analyze
       continue-on-error: true
-      uses: fossas/fossa-action@5913e730490ebf75ae47b59687b7e590289eed92
-      with:
-        api-key: ${{ steps.set_key.outputs.key }}
-
-    - if: steps.analyze.outcome == 'failure'
-      name: 'Send error to Sentry on FOSSA scan failure'
-      shell: bash
       env:
-        SENTRY_URL: https://self-hosted.getsentry.net/
-        SENTRY_ORG: self-hosted
-        SENTRY_PROJECT: test
-        SENTRY_DSN: https://0bc733fd07014f73a703d97ab5452ae2@self-hosted.getsentry.net/4
+        FOSSA_API_KEY: ${{ steps.set_key.outputs.key }}
+      shell: bash
       run: |
-        curl -sL https://sentry.io/get-cli/ | sh
-        # Environment variables will automatically be sent, so we just want some minimal information
-        sentry-cli send-event -m "FOSSA scan failure in $GITHUB_REPOSITORY" -e url:$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID
+        exec &> >(tee -a "analyze_logs.txt")
+        fossa analyze
 
-      # We only want to run license compliance test if FOSSA scan succeeds. This is to unblock CI
+      # We only want to run license compliance test if `fossa test` succeeds. This is to unblock CI
       # on FOSSA outages.
     - if: steps.analyze.outcome == 'success'
-      name: 'Run FOSSA Test'
+      name: 'Run `fossa test`'
       id: test
-      uses: fossas/fossa-action@5913e730490ebf75ae47b59687b7e590289eed92
-      with:
-        api-key: ${{ steps.set_key.outputs.key }}
-        run-tests: true
+      continue-on-error: true
+      env:
+        FOSSA_API_KEY: ${{ steps.set_key.outputs.key }}
+      shell: bash
+      run: |
+        exec &> >(tee -a "test_logs.txt")
+        # Set timeout to 5 minutes (default of 60 minutes is waaaay too long to block CI)
+        fossa test --timeout 300
 
-    - if: github.repository_owner == 'getsentry' && failure()
-      name: 'Handle errors'
+    - if: steps.analyze.outcome == 'failure' || steps.test.outcome == 'failure'
+      name: 'Send error to Sentry on `fossa-cli` errors'
       shell: bash
+      env:
+        SENTRY_DSN: https://decbca863c554db095624ede8a83310c@o1.ingest.sentry.io/4505031352713216
       run: |
-        echo
-        echo "🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 "
-        echo
-        echo "Eep! It seems that this PR introduces a license violation. Did you add any libraries? Do they use the GPL or some weird license? Am I a confused bot? If you need a hand, cc: @getsentry/open-source in a comment. 🙏"
-        echo
-        echo "🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 "
+        if [[ ${{ steps.analyze.outcome }} == 'failure' ]]; then
+          curl -sL https://sentry.io/get-cli/ | sh
+          # Environment variables will automatically be sent, so we just want some minimal information
+          error_msg=$(cat analyze_logs.txt | grep -zoP '(?<=>>> Relevant errors\n\n    Error\n\n      ).*?(?=\n)' || echo 'unknown error message')
+          sentry-cli send-event -m "FOSSA analyze error: $error_msg" -t repo:$GITHUB_REPOSITORY -e url:$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID --logfile analyze_logs.txt
+          exit 0
+        fi
+        if grep -q "The scan has revealed issues. Number of issues found:" test_logs.txt; then
+          echo
+          echo "🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 "
+          echo
+          echo "Eep! It seems that this PR introduces a license violation. Did you add any libraries? Do they use the GPL or some weird license? Am I a confused bot? If you need a hand, cc: @getsentry/open-source in a comment. 🙏"
+          echo
+          echo "🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 🛑 "
+          exit 1
+        fi
+        curl -sL https://sentry.io/get-cli/ | sh
+        error_msg=$(cat test_logs.txt | grep -zoP '(?<=>>> Relevant errors\n\n    Error\n\n      ).*?(?=\n)' || echo 'unknown error message')
+        sentry-cli send-event -m "FOSSA test error: $error_msg" -t repo:$GITHUB_REPOSITORY -e url:$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID --logfile test_logs.txt