Merge pull request #3251 from github/mbg/user-error/enablement

Turn enablement errors into configuration errors

lib/analyze-action.js

@@ -83621,6 +83621,16 @@ async function deleteActionsCache(id) {
     cache_id: id
   });
 }
+function isEnablementError(msg) {
+  return [
+    /Code Security must be enabled/,
+    /Advanced Security must be enabled/,
+    /Code Scanning is not enabled/
+  ].some((pattern) => pattern.test(msg));
+}
+function getFeatureEnablementError(message) {
+  return `Please verify that the necessary features are enabled: ${message}`;
+}
 function wrapApiConfigurationError(e) {
   const httpError = asHTTPError(e);
   if (httpError !== void 0) {
@@ -83637,6 +83647,11 @@ function wrapApiConfigurationError(e) {
         "Please check that your token is valid and has the required permissions: contents: read, security-events: write"
       );
     }
+    if (httpError.status === 403 && isEnablementError(httpError.message)) {
+      return new ConfigurationError(
+        getFeatureEnablementError(httpError.message)
+      );
+    }
     if (httpError.status === 429) {
       return new ConfigurationError("API rate limit exceeded");
     }

lib/init-action-post.js

@@ -116758,6 +116758,16 @@ async function listActionsCaches(key, ref) {
     }
   );
 }
+function isEnablementError(msg) {
+  return [
+    /Code Security must be enabled/,
+    /Advanced Security must be enabled/,
+    /Code Scanning is not enabled/
+  ].some((pattern) => pattern.test(msg));
+}
+function getFeatureEnablementError(message) {
+  return `Please verify that the necessary features are enabled: ${message}`;
+}
 function wrapApiConfigurationError(e) {
   const httpError = asHTTPError(e);
   if (httpError !== void 0) {
@@ -116774,6 +116784,11 @@ function wrapApiConfigurationError(e) {
         "Please check that your token is valid and has the required permissions: contents: read, security-events: write"
       );
     }
+    if (httpError.status === 403 && isEnablementError(httpError.message)) {
+      return new ConfigurationError(
+        getFeatureEnablementError(httpError.message)
+      );
+    }
     if (httpError.status === 429) {
       return new ConfigurationError("API rate limit exceeded");
     }

lib/init-action.js

@@ -80926,6 +80926,16 @@ async function getRepositoryProperties(repositoryNwo) {
     repo: repositoryNwo.repo
   });
 }
+function isEnablementError(msg) {
+  return [
+    /Code Security must be enabled/,
+    /Advanced Security must be enabled/,
+    /Code Scanning is not enabled/
+  ].some((pattern) => pattern.test(msg));
+}
+function getFeatureEnablementError(message) {
+  return `Please verify that the necessary features are enabled: ${message}`;
+}
 function wrapApiConfigurationError(e) {
   const httpError = asHTTPError(e);
   if (httpError !== void 0) {
@@ -80942,6 +80952,11 @@ function wrapApiConfigurationError(e) {
         "Please check that your token is valid and has the required permissions: contents: read, security-events: write"
       );
     }
+    if (httpError.status === 403 && isEnablementError(httpError.message)) {
+      return new ConfigurationError(
+        getFeatureEnablementError(httpError.message)
+      );
+    }
     if (httpError.status === 429) {
       return new ConfigurationError("API rate limit exceeded");
     }

lib/setup-codeql-action.js

@@ -79275,6 +79275,16 @@ async function getAnalysisKey() {
   core5.exportVariable(analysisKeyEnvVar, analysisKey);
   return analysisKey;
 }
+function isEnablementError(msg) {
+  return [
+    /Code Security must be enabled/,
+    /Advanced Security must be enabled/,
+    /Code Scanning is not enabled/
+  ].some((pattern) => pattern.test(msg));
+}
+function getFeatureEnablementError(message) {
+  return `Please verify that the necessary features are enabled: ${message}`;
+}
 function wrapApiConfigurationError(e) {
   const httpError = asHTTPError(e);
   if (httpError !== void 0) {
@@ -79291,6 +79301,11 @@ function wrapApiConfigurationError(e) {
         "Please check that your token is valid and has the required permissions: contents: read, security-events: write"
       );
     }
+    if (httpError.status === 403 && isEnablementError(httpError.message)) {
+      return new ConfigurationError(
+        getFeatureEnablementError(httpError.message)
+      );
+    }
     if (httpError.status === 429) {
       return new ConfigurationError("API rate limit exceeded");
     }

lib/upload-lib.js

@@ -82146,6 +82146,16 @@ function computeAutomationID(analysis_key, environment) {
   }
   return automationID;
 }
+function isEnablementError(msg) {
+  return [
+    /Code Security must be enabled/,
+    /Advanced Security must be enabled/,
+    /Code Scanning is not enabled/
+  ].some((pattern) => pattern.test(msg));
+}
+function getFeatureEnablementError(message) {
+  return `Please verify that the necessary features are enabled: ${message}`;
+}
 function wrapApiConfigurationError(e) {
   const httpError = asHTTPError(e);
   if (httpError !== void 0) {
@@ -82162,6 +82172,11 @@ function wrapApiConfigurationError(e) {
         "Please check that your token is valid and has the required permissions: contents: read, security-events: write"
       );
     }
+    if (httpError.status === 403 && isEnablementError(httpError.message)) {
+      return new ConfigurationError(
+        getFeatureEnablementError(httpError.message)
+      );
+    }
     if (httpError.status === 429) {
       return new ConfigurationError("API rate limit exceeded");
     }

lib/upload-sarif-action.js

@@ -82191,6 +82191,16 @@ function computeAutomationID(analysis_key, environment) {
   }
   return automationID;
 }
+function isEnablementError(msg) {
+  return [
+    /Code Security must be enabled/,
+    /Advanced Security must be enabled/,
+    /Code Scanning is not enabled/
+  ].some((pattern) => pattern.test(msg));
+}
+function getFeatureEnablementError(message) {
+  return `Please verify that the necessary features are enabled: ${message}`;
+}
 function wrapApiConfigurationError(e) {
   const httpError = asHTTPError(e);
   if (httpError !== void 0) {
@@ -82207,6 +82217,11 @@ function wrapApiConfigurationError(e) {
         "Please check that your token is valid and has the required permissions: contents: read, security-events: write"
       );
     }
+    if (httpError.status === 403 && isEnablementError(httpError.message)) {
+      return new ConfigurationError(
+        getFeatureEnablementError(httpError.message)
+      );
+    }
     if (httpError.status === 429) {
       return new ConfigurationError("API rate limit exceeded");
     }

src/api-client.test.ts

@@ -169,4 +169,39 @@ test("wrapApiConfigurationError correctly wraps specific configuration errors",
     res,
     new util.ConfigurationError("Resource not accessible by integration"),
   );
+
+  // Enablement errors.
+  const codeSecurityNotEnabledError = new util.HTTPError(
+    "Code Security must be enabled for this repository to use code scanning",
+    403,
+  );
+  res = api.wrapApiConfigurationError(codeSecurityNotEnabledError);
+  t.deepEqual(
+    res,
+    new util.ConfigurationError(
+      api.getFeatureEnablementError(codeSecurityNotEnabledError.message),
+    ),
+  );
+  const advancedSecurityNotEnabledError = new util.HTTPError(
+    "Advanced Security must be enabled for this repository to use code scanning",
+    403,
+  );
+  res = api.wrapApiConfigurationError(advancedSecurityNotEnabledError);
+  t.deepEqual(
+    res,
+    new util.ConfigurationError(
+      api.getFeatureEnablementError(advancedSecurityNotEnabledError.message),
+    ),
+  );
+  const codeScanningNotEnabledError = new util.HTTPError(
+    "Code Scanning is not enabled for this repository. Please enable code scanning in the repository settings.",
+    403,
+  );
+  res = api.wrapApiConfigurationError(codeScanningNotEnabledError);
+  t.deepEqual(
+    res,
+    new util.ConfigurationError(
+      api.getFeatureEnablementError(codeScanningNotEnabledError.message),
+    ),
+  );
 });

src/api-client.ts

@@ -283,6 +283,20 @@ export async function getRepositoryProperties(repositoryNwo: RepositoryNwo) {
   });
 }
 
+function isEnablementError(msg: string) {
+  return [
+    /Code Security must be enabled/,
+    /Advanced Security must be enabled/,
+    /Code Scanning is not enabled/,
+  ].some((pattern) => pattern.test(msg));
+}
+
+// TODO: Move to `error-messages.ts` after refactoring import order to avoid cycle
+// since `error-messages.ts` currently depends on this file.
+export function getFeatureEnablementError(message: string): string {
+  return `Please verify that the necessary features are enabled: ${message}`;
+}
+
 export function wrapApiConfigurationError(e: unknown) {
   const httpError = asHTTPError(e);
   if (httpError !== undefined) {
@@ -304,6 +318,11 @@ export function wrapApiConfigurationError(e: unknown) {
         "Please check that your token is valid and has the required permissions: contents: read, security-events: write",
       );
     }
+    if (httpError.status === 403 && isEnablementError(httpError.message)) {
+      return new ConfigurationError(
+        getFeatureEnablementError(httpError.message),
+      );
+    }
     if (httpError.status === 429) {
       return new ConfigurationError("API rate limit exceeded");
     }