Skip to content

Commit d6cad1f

Browse files
aegilopsaegilops
committed
Merge branch 'dependency-review' of https://github.com/advanced-security/github-sbom-toolkit into dependency-review
2 parents 8d93e53 + 6babca9 commit d6cad1f

File tree

1 file changed

+4
-7
lines changed

1 file changed

+4
-7
lines changed

src/sbomCollector.ts

Lines changed: 4 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -325,7 +325,7 @@ export class SbomCollector {
325325
console.error(chalk.red(`Force submission failed for ${fullName} branch ${b.name}: ${(subErr as Error).message}`));
326326
}
327327
}
328-
const diff = await this.fetchDependencyReviewDiff(org, repo.name, base, b.name, 1);
328+
const diff = await this.fetchDependencyReviewDiff(org, repo.name, base, b.name, latestCommit, 1);
329329
branchDiffs.set(b.name, diff);
330330
}
331331
if (branchDiffs.size) sbom.branchDiffs = branchDiffs;
@@ -499,10 +499,7 @@ export class SbomCollector {
499499
return branches;
500500
}
501501

502-
private async fetchDependencyReviewDiff(org: string, repo: string, base: string, head: string, retries: number): Promise<BranchDependencyDiff> {
503-
if (retries <= 0) {
504-
return { latestCommitDate: undefined, base, head, retrievedAt: new Date().toISOString(), changes: [], error: "Maximum retries exceeded" };
505-
}
502+
private async fetchDependencyReviewDiff(org: string, repo: string, base: string, head: string, latestCommit?: { sha?: string; commitDate?: string, retries: number }): Promise<BranchDependencyDiff> {
506503
if (!this.octokit) throw new Error("No Octokit instance");
507504
try {
508505
const basehead = `${base}...${head}`;
@@ -525,7 +522,7 @@ export class SbomCollector {
525522
};
526523
changes.push(change);
527524
}
528-
return { latestCommitDate: new Date().toISOString(), base, head, retrievedAt: new Date().toISOString(), changes };
525+
return { latestCommitDate: latestCommit?.commitDate || new Date().toISOString(), base, head, retrievedAt: new Date().toISOString(), changes };
529526
} catch (e) {
530527
const status = (e as { status?: number })?.status;
531528
let reason = e instanceof Error ? e.message : String(e);
@@ -539,7 +536,7 @@ export class SbomCollector {
539536
if (ok) {
540537
console.log(chalk.blue(`Snapshot submission attempted; waiting 3 seconds before retrying dependency review diff for ${org}/${repo} ${base}...${head}...`));
541538
await new Promise(r => setTimeout(r, 3000));
542-
return await this.fetchDependencyReviewDiff(org, repo, base, head, retries--);
539+
return await this.fetchDependencyReviewDiff(org, repo, base, head, latestCommit, retries--);
543540
}
544541
} catch (subErr) {
545542
console.error(chalk.red(`Snapshot submission failed for ${org}/${repo} branch ${head}: ${(subErr as Error).message}`));

0 commit comments

Comments
 (0)