dependency-review-action retry-on-snapshot-warnings - not working as expected on separate snapshot/review workflows

retry-on-snapshot-warnings - not working as expected on separate snapshot/review workflows

Open felickz opened this issue 1 year ago • 10 comments

Using retry-on-snapshot-warnings for a submission from a different workflow as described in the docs. If the snapshot upload completes during the phase where the review task is waiting for an upload against the head SHA - none of the retries pick it up. If you re-run the review workflow it picks up the newly committed snapshot.

On Push:

Submission Workflow - Submits dependency snapshot (takes 2m 3s to complete)

On PR:

Review Workflow - run 1 - Dependency review with retry and long timeout (Retry timeout exceeded. Proceeding... after 4m 37s)

Submission Workflow

after 2m submits its dependency snapshot for the commit 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f
logs_22.zip

Snapshot submission to "sha": "63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f" + "ref": "refs/heads/feature/FSharp-Data"

2023-12-04T18:10:54.1830002Z ##[notice]Submitting snapshot...
2023-12-04T18:10:54.1858756Z ##[notice]{
    "detector": {
        "name": "Component Detection",
        "version": "0.0.1",
        "url": "https://github.com/advanced-security/component-detection-dependency-submission-action"
    },
    "version": 0,
    "job": {
        "correlator": "dependency-submission",
        "id": "7090712486"
    },
    "sha": "63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f",
    "ref": "refs/heads/feature/FSharp-Data",

... and completes within a second at 2023-12-04T18:10:55.414Z:

2023-12-04T18:10:55.4988607Z ##[notice]Snapshot successfully created at 2023-12-04T18:10:55.414Z

Review Workflow

logs_23.zip

ref: refs/pull/8/merge base ref: master head ref: feature/FSharp-Data

2023-12-04T18:09:23.5277218Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:09:23.5277924Z Retrying in 10 seconds...
2023-12-04T18:09:33.8899944Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:09:33.8900873Z Retrying in 10 seconds...
2023-12-04T18:09:44.4259065Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:09:44.4259945Z Retrying in 10 seconds...
2023-12-04T18:09:54.7741812Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:09:54.7742670Z Retrying in 10 seconds...
2023-12-04T18:10:05.1531584Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:10:05.1533086Z Retrying in 10 seconds...
2023-12-04T18:10:15.4874900Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:10:15.4876137Z Retrying in 10 seconds...
2023-12-04T18:10:25.8345344Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:10:25.8346111Z Retrying in 10 seconds...
2023-12-04T18:10:36.1931593Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:10:36.1932274Z Retrying in 10 seconds...
2023-12-04T18:10:46.5429500Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:10:46.5430353Z Retrying in 10 seconds...

at this point the snapshot has been submitted
- for the next 2m30s looking for snapshot but not finding it

2023-12-04T18:10:56.9246186Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:10:56.9246809Z Retrying in 10 seconds...
2023-12-04T18:11:07.2595829Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:11:07.2596661Z Retrying in 10 seconds...
2023-12-04T18:11:17.6323447Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:11:17.6324235Z Retrying in 10 seconds...
2023-12-04T18:11:27.9848187Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:11:27.9849254Z Retrying in 10 seconds...
2023-12-04T18:11:38.3612135Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:11:38.3612905Z Retrying in 10 seconds...
2023-12-04T18:11:48.7582440Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:11:48.7583606Z Retrying in 10 seconds...
2023-12-04T18:11:59.1062944Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:11:59.1063681Z Retrying in 10 seconds...
2023-12-04T18:12:09.4695845Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:12:09.4696654Z Retrying in 10 seconds...
2023-12-04T18:12:19.8232333Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:12:19.8232973Z Retrying in 10 seconds...
2023-12-04T18:12:30.1726324Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:12:30.1727051Z Retrying in 10 seconds...
2023-12-04T18:12:40.4742149Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:12:40.4744475Z Retrying in 10 seconds...
2023-12-04T18:12:50.7921268Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:12:50.7921899Z Retrying in 10 seconds...
2023-12-04T18:13:01.1266767Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:13:01.1267423Z Retrying in 10 seconds...
2023-12-04T18:13:11.4858149Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:13:11.4858916Z Retrying in 10 seconds...
2023-12-04T18:13:21.8385364Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:13:21.8386034Z Retrying in 10 seconds...
2023-12-04T18:13:32.1692568Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:13:32.1693442Z Retry timeout exceeded. Proceeding...
2023-12-04T18:13:32.6080649Z Dependency review did not detect any denied packages

Review Workflow - run 2

Most interesting is that re-running dependency review task at any point in the future succeeds after 2 tries (doesnt mention a snapshot found but looking at the detections it has found dependencies that only exist in the snapshot manifest):

Review Workflow - run2
- logs_24.zip

ref: refs/pull/8/merge base ref: master head ref: feature/FSharp-Data

2023-12-04T18:30:08.1275306Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:30:08.1276356Z Retrying in 10 seconds...
2023-12-04T18:30:18.3518175Z No snapshots were found for the head SHA 63d50c7154fc8bfb6ce9173f0d0edfe5f31d810f.
2023-12-04T18:30:18.3518906Z Retrying in 10 seconds...
2023-12-04T18:30:30.0878871Z ##[debug]Filtered Changes: [{"change_type":"added","manifest":"Fsharp-WebAPI.fsproj","ecosystem":"nuget","name":"FSharp.Data","version":"6.3.0","package_url":"pkg:nuget/[email protected]","license":null,"source_repository_url":"https://github.com/fsprojects/FSharp.Data","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"/Fsharp-WebAPI.fsproj","ecosystem":"nuget","name":"FSharp.Data","version":"6.3.0","package_url":"pkg:nuget/[email protected]","license":null,"source_repository_url":"https://github.com/fsprojects/FSharp.Data","scope":"runtime","vulnerabilities":[]},{"change_type":"added","manifest":"/Fsharp-

Dec 04 '23 18:12 felickz

dependency-review-action dependency-review-action copied to clipboard

retry-on-snapshot-warnings - not working as expected on separate snapshot/review workflows

Submission Workflow

Review Workflow

Review Workflow - run 2

dependency-review-action
dependency-review-action copied to clipboard