Improve reliability (#30)

* Fixed syntax error when callin getErrorMessage

* Add console logs for debug.

* Made the dtrack client responsible for parsing the response

* Updated request JSON parsing

* Updated action versions

* Update copyright year

* Update readme to add note regarding BOM.

* Update readme to add note regarding BOM.

.github/workflows/dev.yml

@@ -7,10 +7,10 @@ jobs:
     name: "Build and Package Extention"
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Use Node.js 18.x
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v3
       with:
         node-version: 18.x
 
@@ -33,7 +33,7 @@ jobs:
       run: tfx extension create --output-path PackageOutput
 
     - name: Upload vsix Artifact
-      uses: actions/upload-artifact@v1
+      uses: actions/upload-artifact@v3
       with:
         name: Extension-Package
         path: PackageOutput
@@ -43,18 +43,18 @@ jobs:
     needs: build_package
     runs-on: ubuntu-latest
     steps: 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Use Node.js 18.x
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v3
         with:
           node-version: 18.x
 
       - name: Install Dependencies 
         run: npm install -g tfx-cli
 
       - name: Download artifact
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v3
         with:
           name: Extension-Package
           path: package

.github/workflows/prod.yml

@@ -9,10 +9,10 @@ jobs:
     name: "Build and Package Extention"
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
     - name: Use Node.js 18.x
-      uses: actions/setup-node@v1
+      uses: actions/setup-node@v3
       with:
         node-version: 18.x
 
@@ -35,7 +35,7 @@ jobs:
       run: tfx extension create --output-path PackageOutput
 
     - name: Upload vsix Artifact
-      uses: actions/upload-artifact@v1
+      uses: actions/upload-artifact@v3
       with:
         name: Extension-Package
         path: PackageOutput
@@ -45,18 +45,18 @@ jobs:
     needs: build_package
     runs-on: ubuntu-latest
     steps: 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Use Node.js 18.x
-        uses: actions/setup-node@v1
+        uses: actions/setup-node@v3
         with:
           node-version: 18.x
 
       - name: Install Dependencies 
         run: npm install -g tfx-cli
 
       - name: Download artifact
-        uses: actions/download-artifact@v1
+        uses: actions/download-artifact@v3
         with:
           name: Extension-Package
           path: package

README.md

@@ -1,6 +1,8 @@
 # Dependency Track for Azure DevOps Pipelines
 Azure DevOps extension for submitting BOM reports to Dependency-Track
 
+> Note: BOM files with Byte-Order-Marks are not supported by this extension. This is an issue with Depenedency Track prior to version 3.8.0. [See this issue for the Dependency Track fix](https://github.com/DependencyTrack/dependency-track/issues/2312) and [this issue for this extension.](https://github.com/gsoft-inc/azure-pipelines-dependency-track/issues/28)
+
 ## Parameters
 ### Base Settings
 | Name    | Id |      Description      |  Required |
@@ -104,7 +106,7 @@ steps:
 Dependency Track for Azure DevOps Pipelines can be installed from the [Visual Studio Marketplace](https://marketplace.visualstudio.com/items?itemName=GSoft.dependency-track-vsts).
 
 ## License
-Copyright © 2021, GSoft inc. This code is licensed under the Apache License, Version 2.0. You may obtain a copy of this license at https://github.com/gsoft-inc/gsoft-license/blob/master/LICENSE.
+Copyright © 2022, GSoft inc. This code is licensed under the Apache License, Version 2.0. You may obtain a copy of this license at https://github.com/gsoft-inc/gsoft-license/blob/master/LICENSE.
 
 Dependency-Track is Copyright (c) Steve Springett. All Rights Reserved.
 https://github.com/DependencyTrack/dependency-track

UploadBOM/src/dtrackClient.js

@@ -8,6 +8,7 @@ class DTrackClient {
 
     this.baseOptions = {
       baseUrl: this.baseUrl,
+      json: true,
       headers: { 'X-API-Key': this.apiKey },
       ...(this.caFile ? { ca: this.caFile } : {}),
     }
@@ -18,15 +19,14 @@ class DTrackClient {
       request('/api/v1/bom', {
         ...this.baseOptions,
         method: 'PUT',
-        json: true,
         body: {
           "project": projId,
           "bom": bom.toString('base64')
         }
       },
         (error, response) => {
           if (!error && response.statusCode == 200) {
-            resolve(response);
+            resolve(response.body.token);
           }
 
           reject({ error, response });
@@ -42,7 +42,7 @@ class DTrackClient {
       },
         (error, response) => {
           if (!error && response.statusCode == 200) {
-            resolve(JSON.parse(response.body).processing);
+            resolve(response.body.processing);
           }
 
           reject({ error, response });
@@ -58,7 +58,31 @@ class DTrackClient {
       },
       (error, response) => {
         if (!error && response.statusCode == 200) {
-          resolve(response);
+          resolve(response.body);
+        }
+
+        reject({ error, response });
+      });
+    });
+  }
+
+  getLastMetricCalculationDate(projId) {
+    return new Promise((resolve, reject) => {
+      request(`/api/v1/metrics/project/${projId}/current`, {
+        ...this.baseOptions,
+        method: 'GET',
+      },
+      (error, response) => {
+        if (!error && response.statusCode == 200) {
+
+          let lastOccurrence = new Date(0);
+
+          // Dependency Track might return an empty response body if metrics have never been calculated before.
+          if(response.body) {
+            lastOccurrence = new Date(response.body.lastOccurrence);
+          } 
+
+          resolve(lastOccurrence);
         }
 
         reject({ error, response });
@@ -74,7 +98,7 @@ class DTrackClient {
       },
       (error, response) => {
         if (!error && response.statusCode == 200) {
-          resolve(response);
+          resolve(response.body);
         }
 
         reject({ error, response });

UploadBOM/src/dtrackManager.js

@@ -7,17 +7,17 @@ class DTrackManager {
   }
 
   async getProjectInfo() {
-    const res = await this.dtrackClient.getProjectInfo(this.projectId);
-    return JSON.parse(res.body);
+    const info = await this.dtrackClient.getProjectInfo(this.projectId);
+    return info;
   }
 
   async uploadBomAsync(bom) {
     try {
-      const res = await this.dtrackClient.uploadBomAsync(this.projectId, bom);
-      return res.body.token;
+      const token = await this.dtrackClient.uploadBomAsync(this.projectId, bom);
+      return token;
     }
     catch (err) {
-      throw new Error(localize('BOMUploadFailed', getErrorMessage(err)));
+      throw new Error(localize('BOMUploadFailed', this.getErrorMessage(err)));
     }
   }
 
@@ -30,7 +30,7 @@ class DTrackManager {
         processing = await this.dtrackClient.pullProcessingStatusAsync(token);
       }
       catch (err) {
-        throw new Error(localize('PollingFailed', getErrorMessage(err)));
+        throw new Error(localize('PollingFailed', this.getErrorMessage(err)));
       }
     }
   }
@@ -43,23 +43,25 @@ class DTrackManager {
     do {
       await this.sleepAsync(2000);
       console.log(localize('Polling'));
-      metrics = await this.getProjectMetricsAsync();
-      lastOccurrence = new Date(metrics.lastOccurrence);
+      try {
+        lastOccurrence = await this.dtrackClient.getLastMetricCalculationDate(this.projectId);
+      }
+      catch (err) {
+        throw new Error(localize('PollingFailed', this.getErrorMessage(err)));
+      }
     } while (lastOccurrence < lastBomImport)
 
     console.log(localize('LastBOMImport', lastBomImport));
     console.log(localize('LastMetricUpdate', lastOccurrence));
-
-    return metrics;
   }
 
   async getProjectMetricsAsync() {
     try {
-      const res = await this.dtrackClient.getProjectMetricsAsync(this.projectId);
-      return JSON.parse(res.body);
+      const metrics = await this.dtrackClient.getProjectMetricsAsync(this.projectId);
+      return metrics;
     }
     catch (err) {
-      throw new Error(localize('PollingFailed', getErrorMessage(err)));
+      throw new Error(localize('PollingFailed', this.getErrorMessage(err)));
     }
   }
 

UploadBOM/src/task.js

@@ -27,7 +27,8 @@ async function validateThresholdsAsync(token, thresholdAction, thresholdExpert,
     await dtrackManager.waitBomProcessing(token);
 
     console.log(localize('RetrievingMetrics'));
-    const metrics = await dtrackManager.waitMetricsRefresh();
+    await dtrackManager.waitMetricsRefresh();
+    const metrics = await dtrackManager.getProjectMetricsAsync();
 
     console.log(localize('VulnCount', metrics.critical, metrics.high, metrics.medium, metrics.low, metrics.unassigned, metrics.suppressed));
     console.log(localize('PolicyViolationCount', metrics.policyViolationsFail,metrics.policyViolationsWarn,metrics.policyViolationsInfo,metrics.policyViolationsTotal));