Fix/sp 4207 cancel pending policy checks on workflow failure

CHANGELOG.md

@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [1.6.1] - 2026-03-30
+### Fixed
+- Fixed policy check runs remaining in "queued" status when the workflow fails before policy execution
+
 ## [1.6.0] - 2026-03-05
 ### Changed
 - Replaced `vercel/ncc` by `esbuild` to support ESM modules
@@ -190,3 +194,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 [1.4.0]: https://github.com/scanoss/gha-code-scan/compare/v1.3.1...v1.4.0
 [1.5.0]: https://github.com/scanoss/gha-code-scan/compare/v1.4.0...v1.5.0
 [1.6.0]: https://github.com/scanoss/gha-code-scan/compare/v1.5.0...v1.6.0
+[1.6.1]: https://github.com/scanoss/gha-code-scan/compare/v1.6.0...v1.6.1

package.json

@@ -1,7 +1,7 @@
 {
   "name": "scanoss-code-scan-action",
   "description": "SCANOSS Code Scan Action",
-  "version": "1.6.0",
+  "version": "1.6.1",
   "author": "SCANOSS",
   "private": true,
   "homepage": "https://github.com/scanoss/code-scan-action/",

scanoss.json

@@ -0,0 +1,12 @@
+{
+  "bom": {
+    "include": [
+      {
+        "purl": "pkg:github/scanoss/gha-code-scan"
+      },
+      {
+        "purl": "pkg:github/plinioh/setup-binary-action"
+      }
+    ]
+  }
+}

src/main.ts

@@ -28,6 +28,7 @@ import * as inputs from './app.input';
 import * as outputs from './app.output';
 import { scanService, uploadResults } from './services/scan.service';
 import { policyManager } from './policies/policy.manager';
+import { PolicyCheck } from './policies/policy-check';
 import { DepTrackPolicyCheck } from './policies/dep-track-policy-check';
 import { dependencyTrackService } from './services/dependency-track.service';
 import { dependencyTrackStatusService } from './services/dependency-track-status.service';
@@ -39,6 +40,7 @@ import { createSnippetAnnotations } from './utils/snippet-annotations.utils';
  * @returns {Promise<void>} Resolves when the action is complete.
  */
 export async function run(): Promise<void> {
+  let policies: PolicyCheck[] = [];
   try {
     // Mask sensitive inputs to prevent accidental leakage in logs
     if (inputs.API_KEY) core.setSecret(inputs.API_KEY);
@@ -49,9 +51,7 @@ export async function run(): Promise<void> {
     // create policies
     core.debug(`Creating policies`);
     const firstRunId = await getFirstRunId();
-
-    //Read declared policies on input parameter 'policies' and create an instance for each one.
-    const policies = policyManager.getPolicies();
+    policies = policyManager.getPolicies();
     for (const policy of policies) {
       await policy.start(firstRunId);
     }
@@ -99,6 +99,14 @@ export async function run(): Promise<void> {
     core.setOutput(outputs.RESULT_FILEPATH, inputs.OUTPUT_FILEPATH);
     core.setOutput(outputs.STDOUT_SCAN_COMMAND, stdout);
   } catch (error) {
+    // Cancel any pending policy check runs so they don't remain in "queued" status
+    for (const policy of policies) {
+      try {
+        await policy.cancel(error instanceof Error ? error.message : 'Workflow failed');
+      } catch (e) {
+        core.warning(`Failed to cancel policy check "${policy.name}": ${e instanceof Error ? e.message : e}`);
+      }
+    }
     // fail the workflow run if an error occurs
     if (error instanceof Error) core.setFailed(error.message);
   }

src/policies/policy-check.ts

@@ -161,6 +161,16 @@ export abstract class PolicyCheck {
     this._status = STATUS.RUNNING;
   }
 
+  /**
+   * Cancels the policy check when the workflow fails before policy execution.
+   * Only acts on check runs that were started but not yet finished.
+   */
+  async cancel(summary: string): Promise<void> {
+    if (this._status === STATUS.FINISHED || this._status === STATUS.UNINITIALIZED) return;
+    this._conclusion = CONCLUSION.Cancelled;
+    await this.finish(summary);
+  }
+
   /**
    * Marks the policy check as successful.
    */