New variable for skipping extra messages (#549)

jfrog · Oct 23, 2023 · ff1ec02 · ff1ec02
1 parent 75b2f6e
commit ff1ec02
Show file tree

Hide file tree

Showing 32 changed files with 133 additions and 8 deletions.
diff --git a/docs/install-azure-pipelines.md b/docs/install-azure-pipelines.md
@@ -94,7 +94,11 @@ jobs:
              #       Uncheck the 'Store Artifacts Locally' option
              # 3. Set the value of the 'JF_RELEASES_REPO' variable with the Repository Key you created.
              # JF_RELEASES_REPO: ""
-
+
+             # [Optional]
+             # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+             # JF_AVOID_EXTRA_MESSAGES: "TRUE"
+
              ###########################################################################
              ##   If your project uses a 'frogbot-config.yml' file, you should define ##
              ##   the following variables inside the file, instead of here.           ##
@@ -267,6 +271,10 @@ jobs:
             # [Mandatory if JF_SMTP_SERVER is set]
             # The password associated with the username required for authentication with the SMTP server.
             # JF_SMTP_PASSWORD: ""
+
+            # [Optional]
+            # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+            # JF_AVOID_EXTRA_MESSAGES: "TRUE"
 
             ###########################################################################
             ##   If your project uses a 'frogbot-config.yml' file, you should define ##

diff --git a/docs/install-gitlab.md b/docs/install-gitlab.md
@@ -82,6 +82,10 @@ frogbot-scan:
     # The password associated with the username required for authentication with the SMTP server.
     # JF_SMTP_PASSWORD: ""
 
+    # [Optional]
+    # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+    # JF_AVOID_EXTRA_MESSAGES: "TRUE"
+
     ###########################################################################
     ##   If your project uses a 'frogbot-config.yml' file, you should define ##
     ##   the following variables inside the file, instead of here.           ##

diff --git a/docs/templates/github-actions/frogbot-scan-pull-request.yml b/docs/templates/github-actions/frogbot-scan-pull-request.yml
@@ -134,3 +134,7 @@ jobs:
           # The full list of licenses can be found in:
           # https://github.com/jfrog/frogbot/blob/master/docs/licenses.md
           # JF_ALLOWED_LICENSES: "MIT, Apache-2.0"
+
+          # [Optional]
+          # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+          # JF_AVOID_EXTRA_MESSAGES: "TRUE"
diff --git a/docs/templates/github-actions/frogbot-scan-repository.yml b/docs/templates/github-actions/frogbot-scan-repository.yml
@@ -122,3 +122,7 @@ jobs:
           # [Optional, Default: eco-system+frogbot@jfrog.com]
           # Set the email of the commit author
           # JF_GIT_EMAIL_AUTHOR: ""
+
+          # [Optional]
+          # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+          # JF_AVOID_EXTRA_MESSAGES: "TRUE"
diff --git a/docs/templates/jenkins/scan-pull-request.jenkinsfile b/docs/templates/jenkins/scan-pull-request.jenkinsfile
@@ -79,6 +79,10 @@ pipeline {
         // The password associated with the username required for authentication with the SMTP server.
         // JF_SMTP_PASSWORD= ""
 
+        // [Optional]
+        // Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+        // JF_AVOID_EXTRA_MESSAGES= "TRUE"
+
         ///////////////////////////////////////////////////////////////////////////
         //   If your project uses a 'frogbot-config.yml' file, you should define //
         //   the following variables inside the file, instead of here.           //

diff --git a/docs/templates/jenkins/scan-repository.jenkinsfile b/docs/templates/jenkins/scan-repository.jenkinsfile
@@ -50,6 +50,10 @@ pipeline {
         // The 'frogbot' executable and other tools it needs will be downloaded through this repository.
         // JF_RELEASES_REPO= ""
 
+        // [Optional]
+        // Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+        // JF_AVOID_EXTRA_MESSAGES= "TRUE"
+
         ///////////////////////////////////////////////////////////////////////////
         //   If your project uses a 'frogbot-config.yml' file, you should define //
         //   the following variables inside the file, instead of here.           //

diff --git a/docs/templates/jfrog-pipelines/pipelines-dotnet.yml b/docs/templates/jfrog-pipelines/pipelines-dotnet.yml
@@ -90,6 +90,10 @@ pipelines:
             # The password associated with the username required for authentication with the SMTP server.
             # JF_SMTP_PASSWORD: ""
 
+            # [Optional]
+            # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+            # JF_AVOID_EXTRA_MESSAGES: "TRUE"
+
             ###########################################################################
             ##   If your project uses a 'frogbot-config.yml' file, you should define ##
             ##   the following variables inside the file, instead of here.           ##

diff --git a/docs/templates/jfrog-pipelines/pipelines-go.yml b/docs/templates/jfrog-pipelines/pipelines-go.yml
@@ -90,6 +90,10 @@ pipelines:
             # The password associated with the username required for authentication with the SMTP server.
             # JF_SMTP_PASSWORD: ""
 
+            # [Optional]
+            # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+            # JF_AVOID_EXTRA_MESSAGES: "TRUE"
+
             ###########################################################################
             ##   If your project uses a 'frogbot-config.yml' file, you should define ##
             ##   the following variables inside the file, instead of here.           ##

diff --git a/docs/templates/jfrog-pipelines/pipelines-gradle.yml b/docs/templates/jfrog-pipelines/pipelines-gradle.yml
@@ -90,6 +90,10 @@ pipelines:
             # The password associated with the username required for authentication with the SMTP server.
             # JF_SMTP_PASSWORD: ""
 
+            # [Optional]
+            # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+            # JF_AVOID_EXTRA_MESSAGES: "TRUE"
+
             ###########################################################################
             ##   If your project uses a 'frogbot-config.yml' file, you should define ##
             ##   the following variables inside the file, instead of here.           ##

diff --git a/docs/templates/jfrog-pipelines/pipelines-maven.yml b/docs/templates/jfrog-pipelines/pipelines-maven.yml
@@ -90,6 +90,10 @@ pipelines:
             # The password associated with the username required for authentication with the SMTP server.
             # JF_SMTP_PASSWORD: ""
 
+            # [Optional]
+            # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+            # JF_AVOID_EXTRA_MESSAGES: "TRUE"
+
             ###########################################################################
             ##   If your project uses a 'frogbot-config.yml' file, you should define ##
             ##   the following variables inside the file, instead of here.           ##

diff --git a/docs/templates/jfrog-pipelines/pipelines-npm.yml b/docs/templates/jfrog-pipelines/pipelines-npm.yml
@@ -90,6 +90,10 @@ pipelines:
             # The password associated with the username required for authentication with the SMTP server.
             # JF_SMTP_PASSWORD: ""
 
+            # [Optional]
+            # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+            # JF_AVOID_EXTRA_MESSAGES: "TRUE"
+
             ###########################################################################
             ##   If your project uses a 'frogbot-config.yml' file, you should define ##
             ##   the following variables inside the file, instead of here.           ##

diff --git a/docs/templates/jfrog-pipelines/pipelines-pip.yml b/docs/templates/jfrog-pipelines/pipelines-pip.yml
@@ -97,6 +97,10 @@ pipelines:
             # The password associated with the username required for authentication with the SMTP server.
             # JF_SMTP_PASSWORD: ""
 
+            # [Optional]
+            # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+            # JF_AVOID_EXTRA_MESSAGES: "TRUE"
+
             ###########################################################################
             ##   If your project uses a 'frogbot-config.yml' file, you should define ##
             ##   the following variables inside the file, instead of here.           ##

diff --git a/docs/templates/jfrog-pipelines/pipelines-pipenv.yml b/docs/templates/jfrog-pipelines/pipelines-pipenv.yml
@@ -90,6 +90,10 @@ pipelines:
             # The password associated with the username required for authentication with the SMTP server.
             # JF_SMTP_PASSWORD: ""
 
+            # [Optional]
+            # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+            # JF_AVOID_EXTRA_MESSAGES: "TRUE"
+
             ###########################################################################
             ##   If your project uses a 'frogbot-config.yml' file, you should define ##
             ##   the following variables inside the file, instead of here.           ##

diff --git a/docs/templates/jfrog-pipelines/pipelines-poetry.yml b/docs/templates/jfrog-pipelines/pipelines-poetry.yml
@@ -90,6 +90,10 @@ pipelines:
             # The password associated with the username required for authentication with the SMTP server.
             # JF_SMTP_PASSWORD: ""
 
+            # [Optional]
+            # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+            # JF_AVOID_EXTRA_MESSAGES: "TRUE"
+
             ###########################################################################
             ##   If your project uses a 'frogbot-config.yml' file, you should define ##
             ##   the following variables inside the file, instead of here.           ##

diff --git a/docs/templates/jfrog-pipelines/pipelines-yarn2.yml b/docs/templates/jfrog-pipelines/pipelines-yarn2.yml
@@ -97,6 +97,10 @@ pipelines:
             # The password associated with the username required for authentication with the SMTP server.
             # JF_SMTP_PASSWORD: ""
 
+            # [Optional]
+            # Avoid adding extra info to pull request comments. that isn't related to the scan findings.
+            # JF_AVOID_EXTRA_MESSAGES: "TRUE"
+
             ###########################################################################
             ##   If your project uses a 'frogbot-config.yml' file, you should define ##
             ##   the following variables inside the file, instead of here.           ##

diff --git a/testdata/messages/summarycomment/structure/fix_mr_not_entitled.md b/testdata/messages/summarycomment/structure/fix_mr_not_entitled.md
@@ -8,6 +8,8 @@
 ```
 some content
 ```
+<details>
+<summary>Note</summary>
 
 ---
 <div align='center'>
@@ -16,6 +18,7 @@ some content
 
 </div>
 
+</details>
 
 ---
 <div align='center'>

diff --git a/testdata/messages/summarycomment/structure/fix_pr_not_entitled.md b/testdata/messages/summarycomment/structure/fix_pr_not_entitled.md
@@ -8,6 +8,8 @@
 ```
 some content
 ```
+<details>
+<summary>Note</summary>
 
 ---
 <div align='center'>
@@ -16,6 +18,7 @@ some content
 
 </div>
 
+</details>
 
 ---
 <div align='center'>

diff --git a/testdata/messages/summarycomment/structure/fix_simplified_not_entitled.md b/testdata/messages/summarycomment/structure/fix_simplified_not_entitled.md
@@ -4,6 +4,8 @@
 some content
 ```
 
+Note:
+
 ---
 **Frogbot** also supports **Contextual Analysis, Secret Detection, IaC and SAST Vulnerabilities Scanning**. This features are included as part of the [JFrog Advanced Security](https://jfrog.com/advanced-security) package, which isn't enabled on your system.
 

diff --git a/...ata/messages/summarycomment/structure/summary_comment_mr_issues_not_entitled.md b/...ata/messages/summarycomment/structure/summary_comment_mr_issues_not_entitled.md
@@ -8,6 +8,8 @@
 ```
 some content
 ```
+<details>
+<summary>Note</summary>
 
 ---
 <div align='center'>
@@ -16,6 +18,7 @@ some content
 
 </div>
 
+</details>
 
 ---
 <div align='center'>

diff --git a/.../messages/summarycomment/structure/summary_comment_mr_no_issues_not_entitled.md b/.../messages/summarycomment/structure/summary_comment_mr_no_issues_not_entitled.md
@@ -4,6 +4,8 @@
 
 </div>
 
+<details>
+<summary>Note</summary>
 
 ---
 <div align='center'>
@@ -12,6 +14,7 @@
 
 </div>
 
+</details>
 
 ---
 <div align='center'>

diff --git a/...ata/messages/summarycomment/structure/summary_comment_pr_issues_not_entitled.md b/...ata/messages/summarycomment/structure/summary_comment_pr_issues_not_entitled.md
@@ -8,6 +8,8 @@
 ```
 some content
 ```
+<details>
+<summary>Note</summary>
 
 ---
 <div align='center'>
@@ -16,6 +18,7 @@ some content
 
 </div>
 
+</details>
 
 ---
 <div align='center'>

diff --git a/.../messages/summarycomment/structure/summary_comment_pr_no_issues_not_entitled.md b/.../messages/summarycomment/structure/summary_comment_pr_no_issues_not_entitled.md
@@ -4,6 +4,8 @@
 
 </div>
 
+<details>
+<summary>Note</summary>
 
 ---
 <div align='center'>
@@ -12,6 +14,7 @@
 
 </div>
 
+</details>
 
 ---
 <div align='center'>

diff --git a/...ages/summarycomment/structure/summary_comment_simplified_issues_not_entitled.md b/...ages/summarycomment/structure/summary_comment_simplified_issues_not_entitled.md
@@ -4,6 +4,8 @@
 some content
 ```
 
+Note:
+
 ---
 **Frogbot** also supports **Contextual Analysis, Secret Detection, IaC and SAST Vulnerabilities Scanning**. This features are included as part of the [JFrog Advanced Security](https://jfrog.com/advanced-security) package, which isn't enabled on your system.
 

diff --git a/...s/summarycomment/structure/summary_comment_simplified_no_issues_not_entitled.md b/...s/summarycomment/structure/summary_comment_simplified_no_issues_not_entitled.md
@@ -1,5 +1,7 @@
 **👍 Frogbot scanned this pull request and found that it did not add vulnerable dependencies.**
 
+Note:
+
 ---
 **Frogbot** also supports **Contextual Analysis, Secret Detection, IaC and SAST Vulnerabilities Scanning**. This features are included as part of the [JFrog Advanced Security](https://jfrog.com/advanced-security) package, which isn't enabled on your system.
 

diff --git a/utils/consts.go b/utils/consts.go
@@ -79,6 +79,9 @@ const (
 	FixVersionPlaceHolder = "{FIX_VERSION}"
 	BranchHashPlaceHolder = "{BRANCH_NAME_HASH}"
 
+	// General flags
+	AvoidExtraMessages = "JF_AVOID_EXTRA_MESSAGES"
+
 	// Default naming templates
 	BranchNameTemplate                       = "frogbot-" + PackagePlaceHolder + "-" + BranchHashPlaceHolder
 	AggregatedBranchNameTemplate             = "frogbot-update-" + BranchHashPlaceHolder + "-dependencies"

diff --git a/utils/outputwriter/outputcontent.go b/utils/outputwriter/outputcontent.go
@@ -77,10 +77,10 @@ func fixCVETitleSrc(vcsProvider vcsutils.VcsProvider) ImageSource {
 }
 
 func untitledForJasMsg(writer OutputWriter) string {
-	if writer.IsEntitledForJas() {
+	if writer.AvoidExtraMessages() || writer.IsEntitledForJas() {
 		return ""
 	}
-	return fmt.Sprintf("%s\n%s", SectionDivider(), writer.MarkInCenter(jasFeaturesMsgWhenNotEnabled))
+	return writer.MarkAsCollapsible("Note", fmt.Sprintf("%s\n%s", SectionDivider(), writer.MarkInCenter(jasFeaturesMsgWhenNotEnabled)))
 }
 
 func footer(writer OutputWriter) string {

diff --git a/utils/outputwriter/outputcontent_test.go b/utils/outputwriter/outputcontent_test.go
@@ -853,3 +853,10 @@ func TestSastReviewContent(t *testing.T) {
 		}
 	}
 }
+
+func TestMarkAsCollapsible(t *testing.T) {
+	so := &StandardOutput{}
+	assert.Equal(t, "<details>\n<summary>title</summary>\ndescription\n</details>", so.MarkAsCollapsible("title", "description"))
+	smo := &SimplifiedOutput{}
+	assert.Equal(t, "\ntitle:\ndescription", smo.MarkAsCollapsible("title", "description"))
+}
diff --git a/utils/outputwriter/outputwriter.go b/utils/outputwriter/outputwriter.go
@@ -91,22 +91,26 @@ type OutputWriter interface {
 	SetJasOutputFlags(entitled, showCaColumn bool)
 	IsShowingCaColumn() bool
 	IsEntitledForJas() bool
+	SetAvoidExtraMessages(avoidExtraMessages bool)
+	AvoidExtraMessages() bool
 	// VCS info
 	VcsProvider() vcsutils.VcsProvider
 	SetVcsProvider(provider vcsutils.VcsProvider)
 	// Markdown interface
 	FormattedSeverity(severity, applicability string) string
 	Separator() string
+	MarkAsCollapsible(title, content string) string
 	MarkInCenter(content string) string
 	MarkAsDetails(summary string, subTitleDepth int, content string) string
 	MarkAsTitle(title string, subTitleDepth int) string
 	Image(source ImageSource) string
 }
 
 type MarkdownOutput struct {
-	showCaColumn   bool
-	entitledForJas bool
-	vcsProvider    vcsutils.VcsProvider
+	avoidExtraMessages bool
+	showCaColumn       bool
+	entitledForJas     bool
+	vcsProvider        vcsutils.VcsProvider
 }
 
 func (mo *MarkdownOutput) SetVcsProvider(provider vcsutils.VcsProvider) {
@@ -117,6 +121,14 @@ func (mo *MarkdownOutput) VcsProvider() vcsutils.VcsProvider {
 	return mo.vcsProvider
 }
 
+func (mo *MarkdownOutput) SetAvoidExtraMessages(avoidExtraMessages bool) {
+	mo.avoidExtraMessages = avoidExtraMessages
+}
+
+func (mo *MarkdownOutput) AvoidExtraMessages() bool {
+	return mo.avoidExtraMessages
+}
+
 func (mo *MarkdownOutput) SetJasOutputFlags(entitled, showCaColumn bool) {
 	mo.entitledForJas = entitled
 	mo.showCaColumn = showCaColumn

diff --git a/utils/outputwriter/simplifiedoutput.go b/utils/outputwriter/simplifiedoutput.go
@@ -29,6 +29,10 @@ func (smo *SimplifiedOutput) MarkInCenter(content string) string {
 	return content
 }
 
+func (smo *SimplifiedOutput) MarkAsCollapsible(title, content string) string {
+	return fmt.Sprintf("\n%s:\n%s", title, content)
+}
+
 func (smo *SimplifiedOutput) MarkAsDetails(summary string, subTitleDepth int, content string) string {
 	return fmt.Sprintf("%s\n%s", smo.MarkAsTitle(summary, subTitleDepth), content)
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -4,6 +4,8 @@ @@
     some content
     ```
+    Note:
     ---
     **Frogbot** also supports **Contextual Analysis, Secret Detection, IaC and SAST Vulnerabilities Scanning**. This features are included as part of the [JFrog Advanced Security](https://jfrog.com/advanced-security) package, which isn't enabled on your system.
@@ Expand Down @@