gh-upload-sbom icon indicating copy to clipboard operation
gh-upload-sbom copied to clipboard
verified publisher icon DependencyTrack

Improve output in error cases

Open Falco20019 opened this issue 10 months ago • 2 comments

Right now I occassionally get the following error:

> Run DependencyTrack/gh-upload-sbom@v3
  with:
    serverHostname: xxx.xxx.xxx.xxx
    port: 8443
    apiKey: ***
    projectName: xxx
    projectVersion: develop
    bomFilename: sbom.json
    parent: xxx-xxx-xxx-xxx
    autoCreate: true
    protocol: https
  env:
    NODE_TLS_REJECT_UNAUTHORIZED: 0
Reading BOM: sbom.json...
Uploading to Dependency-Track server xxx.xxx.xxx.xxx...
(node:7862) Warning: Setting the NODE_TLS_REJECT_UNAUTHORIZED environment variable to '0' makes TLS connections and HTTPS requests insecure by disabling certificate verification.
(Use `node --trace-warnings ...` to show where the warning was created)
Error: fetch failed

Sadly the Error: fetch failed is not really helping to find out what's going wrong. Re-running the job usually fixes it. It's not a firewall issue, since we had that before and that showed as a timeout instead of fetching failing.

This is because core.setFailed(error.message); is only logging the message part of error (which isn't useful). Either log the full error or at least include the error.cause.

Falco20019 avatar Feb 26 '25 08:02 Falco20019

Exactly spend 2 days yet still getting the same error fetch failed.

anshulvwits avatar Jul 24 '25 09:07 anshulvwits

I ran into this issue, and the error was that I had the protocol (https://) before the hostname. To be honest, it would be much cleaner to just replace serverHostname, port, and protocol with one variable. For example, apiUrl or serverUrl.

sebdanielsson avatar Oct 27 '25 17:10 sebdanielsson