Fix/sp 4207 cancel pending policy checks on workflow failure

[agustingroh]

Summary by CodeRabbit

• Bug Fixes

  • Policy check runs no longer remain stuck in "queued" status when workflows fail before policy execution begins.

• Documentation

  • Added changelog entry for v1.6.1 (2026-03-30) with release link.

• Chores

  • Bumped package version to 1.6.1.
  • Added new scanoss.json configuration and removed sbom.json.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: f7926a00-fc81-4453-976c-a6ba56835f04

📥 Commits

Reviewing files that changed from the base of the PR and between 1b47863 and 4257f05.

⛔ Files ignored due to path filters (1)

• dist/index.js is excluded by !**/dist/**

📒 Files selected for processing (6)

• CHANGELOG.md
• package.json
• sbom.json
• scanoss.json
• src/main.ts
• src/policies/policy-check.ts

💤 Files with no reviewable changes (1)

• sbom.json

✅ Files skipped from review due to trivial changes (3)

• package.json
• CHANGELOG.md
• scanoss.json

🚧 Files skipped from review as they are similar to previous changes (2)

• src/policies/policy-check.ts
• src/main.ts

---

📝 Walkthrough

Walkthrough

Added release v1.6.1 and implemented cancellation of policy checks when the workflow fails before policy execution by introducing PolicyCheck.cancel(...) and invoking it from the main run() error handler.

Changes

Cohort / File(s)	Summary
Release metadata CHANGELOG.md, package.json	Bumped package version to 1.6.1 and added changelog entry and compare link for v1.6.1.
Policy cancellation runtime src/main.ts	Declare and populate policies list early in run(); on error iterate and call policy.cancel(summary), logging per-policy cancellation warnings when they fail.
Policy API src/policies/policy-check.ts	Added cancel(summary: string): Promise<void> to PolicyCheck which sets conclusion to Cancelled and finalizes the check unless already finished or uninitialized.
Build / metadata files sbom.json, scanoss.json	Removed sbom.json content; added new scanoss.json with BOM include entries for two package URLs.

Sequence Diagram(s)

sequenceDiagram
    participant Runner as run()
    participant PolicyMgr as PolicyCheck[]
    participant GH as GitHub CheckRun API

    Runner->>PolicyMgr: getPolicies()
    Runner->>PolicyMgr: create and start checks
    Runner->>PolicyMgr: execute workflow steps
    alt workflow fails before policy execution
      Runner->>PolicyMgr: for each policy -> cancel(summary)
      PolicyMgr->>GH: finish check run with conclusion=Cancelled
      GH-->>PolicyMgr: ack
      Runner->>Runner: core.setFailed(error)
    end

Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Fix/sp 4123 corrupted artifact files #132 — Modifies src/policies/policy-check.ts; related changes to PolicyCheck behavior (artifact upload vs. added cancel flow).

Suggested reviewers

• eeisegn

Poem

🐰 In a hop and a bustle the checks found their end,
When workflows went sideways, no queues left to tend.
A gentle "cancel" whispered, then each one could sleep,
The run closed its eyes, no more promises to keep.
Hooray for clean endings — now peace in the heap! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: canceling pending policy checks when a workflow fails, which is the core issue addressed in the PR.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/SP-4207-cancel-pending-policy-checks-on-workflow-failure

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔍 SCANOSS Code Similarity Detected

📄 2 snippet matches found
📋 63 full file matches found

🔗 View detailed findings on commit 1b47863

65 files contain code similarities

💡 Click the commit link above to see detailed annotations for each match.

[github-actions]

SCANOSS SCAN Completed 🚀

• Detected components: 2
• Undeclared components: 2
• Declared components: 0
• Detected files: 65
• Detected files undeclared: 65
• Detected files declared: 0
• Licenses detected: 1
• Licenses detected with copyleft: 0
• Policies: ❌ 1 fail ✅ 1 pass (2 total)

View more details on SCANOSS Action Summary

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/main.ts`:
- Around line 42-43: The call to policyManager.getPolicies() can throw and must
be moved inside the existing try so errors are caught and reported via
core.setFailed(); initialize a local variable policies: PolicyCheck[] = [] (or
[] if you prefer) before the try, then assign policies =
policyManager.getPolicies() inside the try block, and add the required import
for PolicyCheck from './policies/policy-check' so the type compiles; ensure any
code that uses policies still reads the variable defined outside the try.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 1faf5933-08f5-478d-b0e7-8999147e0a5e

📥 Commits

Reviewing files that changed from the base of the PR and between 0b39db4 and 1b47863.

⛔ Files ignored due to path filters (1)

• dist/index.js is excluded by !**/dist/**

📒 Files selected for processing (4)

• CHANGELOG.md
• package.json
• src/main.ts
• src/policies/policy-check.ts

[github-actions]

🔍 SCANOSS Code Similarity Detected

📄 2 snippet matches found
📋 63 full file matches found

🔗 View detailed findings on commit 5d62c4c

65 files contain code similarities

💡 Click the commit link above to see detailed annotations for each match.

[github-actions]

SCANOSS SCAN Completed 🚀

• Detected components: 2
• Undeclared components: 2
• Declared components: 0
• Detected files: 65
• Detected files undeclared: 65
• Detected files declared: 0
• Licenses detected: 1
• Licenses detected with copyleft: 0
• Policies: ❌ 1 fail ✅ 1 pass (2 total)

View more details on SCANOSS Action Summary

[github-actions]

SCANOSS SCAN Completed 🚀

• Detected components: 2
• Undeclared components: 0
• Declared components: 2
• Detected files: 65
• Detected files undeclared: 0
• Detected files declared: 65
• Licenses detected: 1
• Licenses detected with copyleft: 0
• Policies: ✅ 2 pass (2 total)

View more details on SCANOSS Action Summary