feat: automatically analyze newly created projects (#514)

This change forces analysis when a new project is created. This ensures the project is initially populated with results in the Phylum UI, which helps for users configuring Phylum analysis exclusively through the CI integrations. This is doubly true when the set of dependency files do not include a manifest, which is the other trigger for automatically forcing analysis. The desire expressed from users of the integrations is that setting up the integration and running it the first time should cause the project dependencies to be ingested without needing to set the `--force-analysis` flag or wait until a PR with a modified dependency file emerges. They also don't want to have to use the Phylum CLI to populate the project(s) before scanning them with the CI integrations.
phylum-dev · Dec 13, 2024 · 2683fe4 · 2683fe4
1 parent 85d69fa
commit 2683fe4
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/src/phylum/ci/ci_base.py b/src/phylum/ci/ci_base.py
@@ -757,6 +757,8 @@ def _ensure_project_exists(self) -> None:
         LOG.info(cleandoc(project_created_msg))
         if self._project_file_already_existed:
             LOG.warning("Overwrote previous `.phylum_project` file found at: %s", self._phylum_project_file)
+        LOG.warning("Forcing analysis to ensure new project is initially populated ...")
+        self._force_analysis = True
 
     def _created_group(self) -> bool:
         """Ensure a Phylum group is created and in place, when specified.

diff --git a/src/phylum/ci/cli.py b/src/phylum/ci/cli.py
@@ -149,8 +149,8 @@ def get_args(args: Optional[Sequence[str]] = None) -> tuple[argparse.Namespace,
         "-f",
         "--force-analysis",
         action="store_true",
-        help="""Specify this flag to force analysis, even when no dependency file has changed. This flag is implicitly
-            set when *any* manifest is included, to maximize the chance that updated dependencies are accounted.""",
+        help="""Specify this flag to force analysis, even when no dependency file has changed. Implicitly set for newly
+            created projects or when *any* manifest is included, to account for possible dependency updates.""",
     )
     analysis_group.add_argument(
         "-k",