Add tag-commit-as-release flag (#273)

internal/cmd/root/root_test.go

@@ -35,7 +35,7 @@ func TestNewRootCmd(t *testing.T) {
 		}
 	}
 	assert.Truef(t, match, "failed to assert that flag was present: "+AccessTokenFlag)
-	assert.Len(t, viperKeys, 21)
+	assert.Len(t, viperKeys, 22)
 }
 
 func TestPreRun(t *testing.T) {

internal/cmd/scan/scan.go

@@ -3,7 +3,9 @@ package scan
 import (
 	"errors"
 	"fmt"
+	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 
 	"github.com/debricked/cli/internal/file"
@@ -35,6 +37,7 @@ var verbose bool
 var versionHint bool
 var sbom string
 var sbomOutput string
+var tagCommitAsRelease bool
 
 const (
 	BranchFlag                      = "branch"
@@ -59,6 +62,8 @@ const (
 	VersionHintFlag                 = "version-hint"
 	SBOMFlag                        = "sbom"
 	SBOMOutputFlag                  = "sbom-output"
+	TagCommitAsReleaseFlag          = "tag-commit-as-release"
+	TagCommitAsReleaseEnv           = "TAG_COMMIT_AS_RELEASE"
 )
 
 var scanCmdError error
@@ -159,6 +164,12 @@ Supported formats are: 'CycloneDX', 'SPDX'
 Leaving the field empty results in no SBOM generation.`,
 	)
 	cmd.Flags().StringVar(&sbomOutput, SBOMOutputFlag, "", `Set output path of downloaded SBOM report (if sbom is toggled)`)
+	cmd.Flags().BoolVar(
+		&tagCommitAsRelease,
+		TagCommitAsReleaseFlag,
+		false,
+		"Set to true to tag commit as a release. This will store the scan data indefinitely. Enterprise is required for this flag. Please visit https://debricked.com/pricing/ for more info. Can be overridden by "+TagCommitAsReleaseEnv+" environment variable.",
+	)
 
 	viper.MustBindEnv(RepositoryFlag)
 	viper.MustBindEnv(CommitFlag)
@@ -170,6 +181,7 @@ Leaving the field empty results in no SBOM generation.`,
 	viper.MustBindEnv(NpmPreferredFlag)
 	viper.MustBindEnv(SBOMFlag)
 	viper.MustBindEnv(SBOMOutputFlag)
+	viper.MustBindEnv(TagCommitAsReleaseFlag)
 
 	return cmd
 }
@@ -180,6 +192,20 @@ func RunE(s *scan.IScanner) func(_ *cobra.Command, args []string) error {
 		if len(args) > 0 {
 			path = args[0]
 		}
+
+		tagCommitAsRelease := false
+		tagCommitAsReleaseEnv := os.Getenv(TagCommitAsReleaseEnv)
+		if tagCommitAsReleaseEnv != "" {
+			var err error
+			tagCommitAsRelease, err = strconv.ParseBool(tagCommitAsReleaseEnv)
+
+			if err != nil {
+				return errors.Join(errors.New("failed to convert "+TagCommitAsReleaseEnv+" to boolean"), err)
+			}
+		} else {
+			tagCommitAsRelease = viper.GetBool(TagCommitAsReleaseFlag)
+		}
+
 		options := scan.DebrickedOptions{
 			Path:                        path,
 			Resolve:                     !viper.GetBool(NoResolveFlag),
@@ -203,6 +229,7 @@ func RunE(s *scan.IScanner) func(_ *cobra.Command, args []string) error {
 			CallGraphUploadTimeout:      viper.GetInt(CallGraphUploadTimeoutFlag),
 			CallGraphGenerateTimeout:    viper.GetInt(CallGraphGenerateTimeoutFlag),
 			MinFingerprintContentLength: viper.GetInt(MinFingerprintContentLengthFlag),
+			TagCommitAsRelease:          tagCommitAsRelease,
 		}
 		if s != nil {
 			scanCmdError = (*s).Scan(options)

internal/cmd/scan/scan_test.go

@@ -40,6 +40,7 @@ func TestNewScanCmd(t *testing.T) {
 		CommitAuthorFlag,
 		RepositoryUrlFlag,
 		IntegrationFlag,
+		TagCommitAsReleaseFlag,
 	}
 	viperKeys := viper.AllKeys()
 	for _, flagKey := range flagKeys {

internal/scan/scanner.go

@@ -68,6 +68,7 @@ type DebrickedOptions struct {
 	CallGraphUploadTimeout      int
 	CallGraphGenerateTimeout    int
 	MinFingerprintContentLength int
+	TagCommitAsRelease          bool
 }
 
 func NewDebrickedScanner(
@@ -269,6 +270,7 @@ func (dScanner *DebrickedScanner) scan(options DebrickedOptions, gitMetaObject g
 		CallGraphUploadTimeout: options.CallGraphUploadTimeout,
 		VersionHint:            options.VersionHint,
 		DebrickedConfig:        dScanner.getDebrickedConfig(options.Path, options.Exclusions, options.Inclusions),
+		TagCommitAsRelease:     options.TagCommitAsRelease,
 	}
 	result, err := (*dScanner.uploader).Upload(uploaderOptions)
 	if err != nil {

internal/upload/batch.go

@@ -33,29 +33,32 @@ var (
 const callgraphName = "debricked-call-graph"
 
 type uploadBatch struct {
-	client           *client.IDebClient
-	fileGroups       file.Groups
-	gitMetaObject    *git.MetaObject
-	integrationName  string
-	ciUploadId       int
-	callGraphTimeout int
-	versionHint      bool
-	debrickedConfig  *DebrickedConfig // JSON Config
+	client             *client.IDebClient
+	fileGroups         file.Groups
+	gitMetaObject      *git.MetaObject
+	integrationName    string
+	ciUploadId         int
+	callGraphTimeout   int
+	versionHint        bool
+	debrickedConfig    *DebrickedConfig // JSON Config
+	tagCommitAsRelease bool
 }
 
 func newUploadBatch(
 	client *client.IDebClient, fileGroups file.Groups, gitMetaObject *git.MetaObject,
 	integrationName string, callGraphTimeout int, versionHint bool, debrickedConfig *DebrickedConfig,
+	tagCommitAsRelease bool,
 ) *uploadBatch {
 	return &uploadBatch{
-		client:           client,
-		fileGroups:       fileGroups,
-		gitMetaObject:    gitMetaObject,
-		integrationName:  integrationName,
-		ciUploadId:       0,
-		callGraphTimeout: callGraphTimeout,
-		versionHint:      versionHint,
-		debrickedConfig:  debrickedConfig,
+		client:             client,
+		fileGroups:         fileGroups,
+		gitMetaObject:      gitMetaObject,
+		integrationName:    integrationName,
+		ciUploadId:         0,
+		callGraphTimeout:   callGraphTimeout,
+		versionHint:        versionHint,
+		debrickedConfig:    debrickedConfig,
+		tagCommitAsRelease: tagCommitAsRelease,
 	}
 }
 
@@ -183,6 +186,7 @@ func (uploadBatch *uploadBatch) initAnalysis() error {
 		VersionHint:          uploadBatch.versionHint,
 		DebrickedConfig:      uploadBatch.debrickedConfig,
 		DebrickedIntegration: "cli",
+		TagCommitAsRelease:   uploadBatch.tagCommitAsRelease,
 	})
 
 	if err != nil {
@@ -327,6 +331,7 @@ type uploadFinish struct {
 	DebrickedIntegration string           `json:"debrickedIntegration"`
 	VersionHint          bool             `json:"versionHint"`
 	DebrickedConfig      *DebrickedConfig `json:"debrickedConfig"`
+	TagCommitAsRelease   bool             `json:"isRelease"`
 }
 
 func getRelativeFilePath(filePath string) string {

internal/upload/batch_test.go

@@ -38,7 +38,7 @@ func TestUploadWithBadFiles(t *testing.T) {
 	clientMock.AddMockResponse(mockRes)
 	clientMock.AddMockResponse(mockRes)
 	c = clientMock
-	batch := newUploadBatch(&c, groups, metaObj, "CLI", 10*60, true, &DebrickedConfig{})
+	batch := newUploadBatch(&c, groups, metaObj, "CLI", 10*60, true, &DebrickedConfig{}, false)
 	var buf bytes.Buffer
 	log.SetOutput(&buf)
 	err = batch.upload()
@@ -50,7 +50,7 @@ func TestUploadWithBadFiles(t *testing.T) {
 }
 
 func TestInitAnalysisWithoutAnyFiles(t *testing.T) {
-	batch := newUploadBatch(nil, file.Groups{}, nil, "CLI", 10*60, true, &DebrickedConfig{})
+	batch := newUploadBatch(nil, file.Groups{}, nil, "CLI", 10*60, true, &DebrickedConfig{}, false)
 	err := batch.initAnalysis()
 
 	assert.ErrorContains(t, err, "failed to find dependency files")
@@ -73,7 +73,7 @@ func TestWaitWithPollingTerminatedError(t *testing.T) {
 	}
 	clientMock.AddMockResponse(mockRes)
 	c = clientMock
-	batch := newUploadBatch(&c, groups, metaObj, "CLI", 10*60, true, &DebrickedConfig{})
+	batch := newUploadBatch(&c, groups, metaObj, "CLI", 10*60, true, &DebrickedConfig{}, false)
 
 	uploadResult, err := batch.wait()
 
@@ -98,7 +98,7 @@ func TestInitUploadBadFile(t *testing.T) {
 	clientMock.AddMockResponse(mockRes)
 
 	var c client.IDebClient = clientMock
-	batch := newUploadBatch(&c, groups, metaObj, "CLI", 10*60, true, &DebrickedConfig{})
+	batch := newUploadBatch(&c, groups, metaObj, "CLI", 10*60, true, &DebrickedConfig{}, false)
 
 	files, err := batch.initUpload()
 
@@ -120,7 +120,7 @@ func TestInitUploadFingerprintsFree(t *testing.T) {
 	clientMock := testdata.NewDebClientMock()
 	clientMock.SetEnterpriseCustomer(false)
 	var c client.IDebClient = clientMock
-	batch := newUploadBatch(&c, groups, metaObj, "CLI", 10*60, true, &DebrickedConfig{})
+	batch := newUploadBatch(&c, groups, metaObj, "CLI", 10*60, true, &DebrickedConfig{}, false)
 
 	files, err := batch.initUpload()
 
@@ -145,7 +145,7 @@ func TestInitUpload(t *testing.T) {
 	clientMock.AddMockResponse(mockRes)
 
 	var c client.IDebClient = clientMock
-	batch := newUploadBatch(&c, groups, metaObj, "CLI", 10*60, true, &DebrickedConfig{})
+	batch := newUploadBatch(&c, groups, metaObj, "CLI", 10*60, true, &DebrickedConfig{}, true)
 
 	files, err := batch.initUpload()
 

internal/upload/uploader.go

@@ -17,6 +17,7 @@ type DebrickedOptions struct {
 	CallGraphUploadTimeout int
 	VersionHint            bool
 	DebrickedConfig        *DebrickedConfig
+	TagCommitAsRelease     bool
 }
 
 type IUploader interface {
@@ -45,6 +46,7 @@ func (uploader *Uploader) Upload(o IOptions) (*UploadResult, error) {
 		dOptions.CallGraphUploadTimeout,
 		dOptions.VersionHint,
 		dOptions.DebrickedConfig,
+		dOptions.TagCommitAsRelease,
 	)
 
 	err := batch.upload()

internal/upload/uploader_test.go

@@ -40,7 +40,7 @@ func TestUpload(t *testing.T) {
 	g := file.NewGroup("testdata/yarn/package.json", nil, []string{"testdata/yarn/yarn.lock"})
 	groups := file.Groups{}
 	groups.Add(*g)
-	uploaderOptions := DebrickedOptions{FileGroups: groups, GitMetaObject: *metaObject, IntegrationsName: "CLI", CallGraphUploadTimeout: 10 * 60}
+	uploaderOptions := DebrickedOptions{FileGroups: groups, GitMetaObject: *metaObject, IntegrationsName: "CLI", CallGraphUploadTimeout: 10 * 60, TagCommitAsRelease: true}
 	result, err := uploader.Upload(uploaderOptions)
 
 	assert.NoError(t, err)