The commenter fails with the error "invalid character '/' looking for beginning of value"

[suomit-pki]

Hi,

I'm running the latest @main version of the action. When I run it, it fails and in the logs it says:

Starting the github commenter... The commenter failed with the following error: invalid character '/' looking for beginning of value

Looking at the cmd/commenter/commenter.go code and the error message, it seems to come from the JSON-library, so maybe parsing the event.json file or the results.json file fails?

[owenrumney]

Hey @suomit-pki - sorry for the delay in getting to this. Is it still an issue? I think I've seen this when bad output landsin in the results.json so might be worth running again from @main

again, apologies for the delay

[jgrumboe]

I do get the same error with @main version

[abagayev]

The same for me, main and previous versions are not working

[jgrumboe]

I tried 0.1.10 yesterday on a new PR in our private repo and it was working fine again.

[abagayev]

@jgrumboe can you please share your workflow?

[jgrumboe]

Sure.

name: tfsec-pr-commenter
on:
  pull_request:
jobs:
  tfsec:
    name: tfsec PR commenter
    runs-on: ubuntu-latest

    steps:
      - name: Clone repo
        uses: actions/checkout@v2

      - name: tfsec
        uses: aquasecurity/[email protected]
        with:
          github_token: ${{ secrets.GITHUB_ACCESS_TOKEN }}

[abagayev]

Thanks for sharing!

So I've investigated my problem and problem was in tfsec code validating. With invalid code style tfsec breaks:

$ tfsec 
tags.tf:50,31-36: Missing attribute separator; Expected a newline or comma to mark the beginning of the next attribute.

And breaks not on JSON format. That's why commenting isn't working.

[jgrumboe]

Good point! I had only successful code and not tested a tfsec hit ... need to do that.

[erzz]

<deleted>

I am a moron who forgot to add the checkout step first 😂