Add --fail-on-violation flag to exit non-zero when violations are detected#392
Open
mbarbero wants to merge 2 commits intoboostsecurityio:mainfrom
Open
Add --fail-on-violation flag to exit non-zero when violations are detected#392mbarbero wants to merge 2 commits intoboostsecurityio:mainfrom
mbarbero wants to merge 2 commits intoboostsecurityio:mainfrom
Conversation
Contributor
|
Thanks for your contribution @mbarbero ! Could you fix the lint please? |
…ected poutine always exited with code 0 after analysis, even when violations were found, making it unsuitable for use as a blocking CI gate. This adds an opt-in --fail-on-violation flag that exits with code 10 when violations are detected. Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Signed-off-by: Mikaël Barbero <mikael.barbero@eclipse-foundation.org>
mbarbero
force-pushed
the
add-fail-on-violation
branch
from
3de2f42 to
d0e5208
Compare
Author
|
linter issues are fixed. |
There was a problem hiding this comment.
Pull request overview
Adds an opt-in CLI flag to make poutine suitable as a blocking CI gate by exiting non-zero when violations are detected.
Changes:
- Introduces
--fail-on-violation(persistent flag) and a dedicated exit code (10) when findings are present. - Updates analyze commands to return a sentinel error when violations are detected and the flag is enabled.
- Updates README and adds initial unit tests around the new flag/error/exit-code behavior.
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 9 comments.
Show a summary per file
| File | Description |
|---|---|
| cmd/root.go | Adds the flag, sentinel error, exit code handling, and adjusts Cobra error handling. |
| cmd/analyzeRepo.go | Detects findings and triggers the sentinel error when --fail-on-violation is enabled. |
| cmd/analyzeOrg.go | Detects findings across org results and triggers the sentinel error when enabled. |
| cmd/analyzeLocal.go | Detects findings for local analysis and triggers the sentinel error when enabled. |
| cmd/analyzeRepoStaleBranches.go | Detects findings for stale-branch analysis and triggers the sentinel error when enabled. |
| cmd/fail_on_violation_test.go | Adds tests for the new error/flag/exit code and basic logic coverage. |
| README.md | Documents the new --fail-on-violation option. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- Add SilenceUsage to prevent Cobra printing usage text on errors
- Extract checkViolations helper to deduplicate violation checks
- Improve error message from empty Msg("") to Msg("command failed")
- Rewrite tests to exercise checkViolations directly
- Fix missing space in README "organization (analyze_org)"
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
poutine always exited with code 0 after analysis, even when violations were found, making it unsuitable for use as a blocking CI gate. This adds an opt-in
--fail-on-violationflag that exits with code 10 when violations are detected.Fixes #391