From 2683fe4d1f4f972a3c9bcd606936ed7726438272 Mon Sep 17 00:00:00 2001 From: Charles Coggins Date: Fri, 13 Dec 2024 14:10:18 -0600 Subject: [PATCH] feat: automatically analyze newly created projects (#514) This change forces analysis when a new project is created. This ensures the project is initially populated with results in the Phylum UI, which helps for users configuring Phylum analysis exclusively through the CI integrations. This is doubly true when the set of dependency files do not include a manifest, which is the other trigger for automatically forcing analysis. The desire expressed from users of the integrations is that setting up the integration and running it the first time should cause the project dependencies to be ingested without needing to set the `--force-analysis` flag or wait until a PR with a modified dependency file emerges. They also don't want to have to use the Phylum CLI to populate the project(s) before scanning them with the CI integrations. --- src/phylum/ci/ci_base.py | 2 ++ src/phylum/ci/cli.py | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/phylum/ci/ci_base.py b/src/phylum/ci/ci_base.py index 421ae80..6bf34d3 100644 --- a/src/phylum/ci/ci_base.py +++ b/src/phylum/ci/ci_base.py @@ -757,6 +757,8 @@ def _ensure_project_exists(self) -> None: LOG.info(cleandoc(project_created_msg)) if self._project_file_already_existed: LOG.warning("Overwrote previous `.phylum_project` file found at: %s", self._phylum_project_file) + LOG.warning("Forcing analysis to ensure new project is initially populated ...") + self._force_analysis = True def _created_group(self) -> bool: """Ensure a Phylum group is created and in place, when specified. diff --git a/src/phylum/ci/cli.py b/src/phylum/ci/cli.py index 0688fd2..85f42b8 100644 --- a/src/phylum/ci/cli.py +++ b/src/phylum/ci/cli.py @@ -149,8 +149,8 @@ def get_args(args: Optional[Sequence[str]] = None) -> tuple[argparse.Namespace, "-f", "--force-analysis", action="store_true", - help="""Specify this flag to force analysis, even when no dependency file has changed. This flag is implicitly - set when *any* manifest is included, to maximize the chance that updated dependencies are accounted.""", + help="""Specify this flag to force analysis, even when no dependency file has changed. Implicitly set for newly + created projects or when *any* manifest is included, to account for possible dependency updates.""", ) analysis_group.add_argument( "-k",