feat(policies): return exit status 1 when policy breaches have been d…

…etected (#169) * feat: return exit status 1 when policy breaches have been detected * fix: defer exit so tests are not failing
Bearer · Nov 28, 2022 · 01d7aa3 · 01d7aa3
1 parent 8ee6c95
commit 01d7aa3
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 13 deletions.
diff --git a/pkg/commands/artifact/run.go b/pkg/commands/artifact/run.go
@@ -40,7 +40,7 @@ type Runner interface {
 	// ScanRepository scans repository
 	ScanRepository(ctx context.Context, opts flag.Options) (types.Report, error)
 	// Report a writes a report
-	Report(scanSettings settings.Config, report types.Report) error
+	Report(scanSettings settings.Config, report types.Report) (bool, error)
 	// Close closes runner
 	Close(ctx context.Context) error
 }
@@ -130,45 +130,50 @@ func Run(ctx context.Context, opts flag.Options, targetKind TargetKind) (err err
 		}
 	}
 
-	if err = r.Report(scanSettings, report); err != nil {
+	reportPassed, err := r.Report(scanSettings, report)
+	if err != nil {
 		return xerrors.Errorf("report error: %w", err)
 	}
 
+	if !reportPassed {
+		defer os.Exit(1)
+	}
+
 	return nil
 }
 
-func (r *runner) Report(config settings.Config, report types.Report) error {
+func (r *runner) Report(config settings.Config, report types.Report) (bool, error) {
 	// if output is defined we want to write only to file
 	logger := outputhandler.StdOutLogger()
 	if config.Report.Output != "" {
 		reportFile, err := os.Create(config.Report.Output)
 		if err != nil {
-			return fmt.Errorf("error creating output file %w", err)
+			return false, fmt.Errorf("error creating output file %w", err)
 		}
 		logger = outputhandler.PlainLogger(reportFile)
 	}
 
 	if config.Report.Report == flag.ReportPolicies && config.Report.Format == "" {
 		// for policy report, default report format is NOT JSON
-		err := reportoutput.ReportPolicies(report, logger, config)
+		reportPassed, err := reportoutput.ReportPolicies(report, logger, config)
 		if err != nil {
-			return fmt.Errorf("error generating report %w", err)
+			return false, fmt.Errorf("error generating report %w", err)
 		}
-		return nil
+		return reportPassed, nil
 	}
 
 	switch config.Report.Format {
 	case "", flag.FormatJSON:
 		// default report format for is JSON
 		err := reportoutput.ReportJSON(report, logger, config)
 		if err != nil {
-			return fmt.Errorf("error generating report %w", err)
+			return false, fmt.Errorf("error generating report %w", err)
 		}
 	case flag.FormatYAML:
 		err := reportoutput.ReportYAML(report, logger, config)
 		if err != nil {
-			return fmt.Errorf("error generating report %w", err)
+			return false, fmt.Errorf("error generating report %w", err)
 		}
 	}
-	return nil
+	return true, nil
 }
diff --git a/pkg/report/output/output.go b/pkg/report/output/output.go
@@ -20,18 +20,18 @@ import (
 
 var ErrUndefinedFormat = errors.New("undefined output format")
 
-func ReportPolicies(report types.Report, output *zerolog.Event, config settings.Config) error {
+func ReportPolicies(report types.Report, output *zerolog.Event, config settings.Config) (bool, error) {
 	policyResults, err := getPolicyReportOutput(report, config)
 	if err != nil {
-		return err
+		return false, err
 	}
 
 	outputToFile := config.Report.Output != ""
 	reportStr := policies.BuildReportString(policyResults, config.Policies, outputToFile)
 
 	output.Msg(reportStr.String())
 
-	return nil
+	return len(policyResults) == 0, nil
 }
 
 func ReportJSON(report types.Report, output *zerolog.Event, config settings.Config) error {