Brakeman: return a zero status code if any warnings are found

Brakeman returns a non-zero status code when there are warnings found or errors during the scan. In 9fc187b, we allowed the GitHub Action to continue on error, so that the warning/error would be uploaded to GitHub code scanning. However the non-zero status code still gets written to the GitHub Action output. This led to confusion in alphagov/asset-manager#1583 as we thought the error meant brakeman did not complete properly, when in fact it did but was only returning that code because a code scanning warning had been found. Therefore updating the brakeman configuration to report a zero status code when a warning or error is found. This means we can remove the previous change, as any completed run will not return a non-zero status code. This will also stop the non-zero code causing confusion in the GitHub Actions output.
alphagov · Jan 2, 2025 · a4e5e9a · a4e5e9a
1 parent a3ce8e1
commit a4e5e9a
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/.github/workflows/brakeman.yml b/.github/workflows/brakeman.yml
@@ -21,9 +21,9 @@ jobs:
           bundler-cache: true
 
       - name: Run Brakeman
-        continue-on-error: true
         run: |
           bundle exec brakeman . --except CheckRenderInline --quiet \
+            --no-exit-on-warn --no-exit-on-error \
             -o brakeman.json -o brakeman.sarif
 
       - name: Upload SARIF to GitHub