fix: improve Git info extraction and error handling in analyze function #60
Conversation
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
…g and improved logic
fernandosantos-br
temporarily deployed
to
release
GitHub Actions
Inactive
fernandosantos-br
temporarily deployed
to
release
GitHub Actions
Inactive
fernandosantos-br
temporarily deployed
to
release
GitHub Actions
Inactive
There was a problem hiding this comment.
Pull Request Overview
This PR refactors Git information extraction and improves error handling in the analyze function. The main purpose is to improve the robustness of Git operations by switching from subprocess-based Git commands to using the GitPython library and restructuring the CLI architecture with proper separation of concerns.
Key changes include:
- Replacement of subprocess-based Git operations with GitPython library for more reliable Git integration
- Restructuring of the CLI module from a single file to a proper package structure with separate command modules
- Enhancement of error handling in CodeQL installation process with fallback mechanisms
Reviewed Changes
Copilot reviewed 14 out of 15 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| src/codeql_wrapper/infrastructure/language_detector.py | Simplifies parameter types by removing Union[str, Path] and using Path directly |
| src/codeql_wrapper/infrastructure/git_utils.py | Major refactor to use GitPython instead of subprocess calls for Git operations |
| src/codeql_wrapper/infrastructure/codeql_installer.py | Improves error handling with fallback version when GitHub API fails |
| src/codeql_wrapper/entrypoints/cli/install.py | New dedicated install command module with improved user feedback |
| src/codeql_wrapper/entrypoints/cli/cli.py | New main CLI entry point with proper command registration |
| src/codeql_wrapper/entrypoints/cli/analyze.py | New dedicated analyze command module with comprehensive validation |
| src/codeql_wrapper/entrypoints/cli/init.py | Package initialization for CLI entrypoints |
| src/codeql_wrapper/entrypoints/init.py | Package initialization for entrypoints |
| src/codeql_wrapper/domain/use_cases/sarif_upload_use_case.py | Removes GitHub authentication stdin parameter from command |
| src/codeql_wrapper/domain/use_cases/codeql_analysis_use_case.py | Updates Git integration to use new GitUtils class and improves project detection logic |
| src/codeql_wrapper/domain/entities/codeql_analysis.py | Makes git_info a required field and reorders imports |
| src/codeql_wrapper/cli.py | Removes legacy monolithic CLI file |
| src/codeql_wrapper/main.py | Updates import path to new CLI structure |
| pyproject.toml | Updates dependencies and script entry points for new CLI structure |
Comments suppressed due to low confidence (3)
src/codeql_wrapper/infrastructure/git_utils.py:141
- [nitpick] The error message could be more specific about what type of ref is expected and provide examples of valid environment variables.
raise Exception("No ref provided or found in environment variables")
src/codeql_wrapper/infrastructure/git_utils.py:166
- [nitpick] Similar to the previous error message, this could be more descriptive about what constitutes a valid base_ref and list the environment variables that are checked.
raise Exception("No base_ref provided or found in environment variables")
src/codeql_wrapper/infrastructure/codeql_installer.py:160
- [nitpick] The error message could be more helpful by suggesting how to install CodeQL or providing a link to installation instructions.
raise Exception("CodeQL is not installed")
| repository=self.repo.remotes.origin.url.split("/")[-2] | ||
| + "/" | ||
| + self.repo.remotes.origin.url.split("/")[-1].replace(".git", ""), |
There was a problem hiding this comment.
The repository name extraction using string splitting is fragile and could fail with different URL formats. Consider using urllib.parse or a more robust URL parsing method.
| repository=self.repo.remotes.origin.url.split("/")[-2] | |
| + "/" | |
| + self.repo.remotes.origin.url.split("/")[-1].replace(".git", ""), | |
| repository=self._extract_repository_name(self.repo.remotes.origin.url), |
Copilot uses AI. Check for mistakes.
| instalation_message = ( | ||
| f"CodeQL is already installed (version: {current_version})" | ||
| ) | ||
| else: | ||
| instalation_message = f"CodeQL {installed_version} installed successfully!" | ||
|
|
||
| click.echo( | ||
| click.style("SUCCESS:", fg="green", bold=True) + f" {instalation_message}" |
There was a problem hiding this comment.
There is a spelling error: 'instalation_message' should be 'installation_message'.
| instalation_message = ( | |
| f"CodeQL is already installed (version: {current_version})" | |
| ) | |
| else: | |
| instalation_message = f"CodeQL {installed_version} installed successfully!" | |
| click.echo( | |
| click.style("SUCCESS:", fg="green", bold=True) + f" {instalation_message}" | |
| installation_message = ( | |
| f"CodeQL is already installed (version: {current_version})" | |
| ) | |
| else: | |
| installation_message = f"CodeQL {installed_version} installed successfully!" | |
| click.echo( | |
| click.style("SUCCESS:", fg="green", bold=True) + f" {installation_message}" |
Copilot uses AI. Check for mistakes.
| origin.set_url( | ||
| ( | ||
| f"https://x-access-token:{os.getenv('GITHUB_TOKEN')}" | ||
| f"@github.com/{origin.url.split('/')[-2]}/" | ||
| f"{origin.url.split('/')[-1]}" | ||
| ) | ||
| ) |
There was a problem hiding this comment.
Setting Git remote URL with authentication token in the URL could expose the token in Git logs or error messages. Consider using Git credential helpers or other secure authentication methods.
Copilot uses AI. Check for mistakes.
| for config_index, project in enumerate(projects_config): | ||
| project_path = Path(project.get("path", "")) | ||
| project_path = Path( | ||
| request.git_info.working_dir, project.get("path", "") |
There was a problem hiding this comment.
Using request.git_info.working_dir as the base path may cause issues if the working directory differs from the repository path. This could lead to incorrect project paths being constructed.
| request.git_info.working_dir, project.get("path", "") | |
| request.repository_path, project.get("path", "") |
Copilot uses AI. Check for mistakes.
No description provided.