fix(github): handle 422 search errors in Dependency-Update-Tool#4978
Open
LoveChauhan-18 wants to merge 2 commits intoossf:mainfrom
Open
fix(github): handle 422 search errors in Dependency-Update-Tool#4978LoveChauhan-18 wants to merge 2 commits intoossf:mainfrom
LoveChauhan-18 wants to merge 2 commits intoossf:mainfrom
Conversation
LoveChauhan-18
requested review from
AdamKorcz and
spencerschrock
and removed request for
a team
dosubot
bot
added
the
size:M
…exts Signed-off-by: Love Kumar Chauhan <lovechauhan6564@gmail.com>
The GitHub Search API can return a 422 Validation Failed error for public repositories that are not yet indexed. This was causing an internal error in Scorecard's Dependency-Update-Tool check. This fix catches the 422 error and returns an empty list of commits, allowing the check to proceed without a hard failure. Fixes ossf#4352 Signed-off-by: Love Kumar Chauhan <lovechauhan6564@gmail.com>
LoveChauhan-18
force-pushed
the
fix/issue-4352
branch
from
22f53aa to
3eeea43
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
PR Description
What kind of change does this PR introduce?
Bug fix
What is the current behavior?
The
Dependency-Update-Toolcheck currently returns a "check runtime error" (internal error) if the GitHub Search API returns a422 Validation Failedstatus. This is a known issue for some public repositories that have not yet been indexed by GitHub's search engine, which shouldn't cause the entire Scorecard check to fail.What is the new behavior (if this is a feature change)?**
I've updated the searchCommitsHandler to catch 422 errors (Unprocessable Entity) specifically. Instead of returning an error, it now returns an empty list of commits. This allows the check to finish gracefully (using other indicators like the
dependabot.ymlfile) and prevents a hard failure due to search indexing issues.I also fixed a small typo in the error message where it was referencing
Search.Codeinstead ofSearch.Commits.Which issue(s) this PR fixes
Fixes #4352
Special notes for your reviewer
Verified this with a new unit test TestSearchCommitsHandle422 which mocks the 422 response from GitHub.
Does this PR introduce a user-facing change?
NONE