diff --git a/pyproject.toml b/pyproject.toml index ca44a1b8d..95a3bce84 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -212,6 +212,7 @@ ignore_missing_imports = true fail-under = 10.0 suggestion-mode = true # Remove this setting when pylint v4 is released. load-plugins = [ + "pylint.extensions.check_elif", "pylint.extensions.for_any_all", "pylint.extensions.overlapping_exceptions", "pylint.extensions.set_membership", diff --git a/src/macaron/repo_finder/commit_finder.py b/src/macaron/repo_finder/commit_finder.py index 230bec9ee..7851b481b 100644 --- a/src/macaron/repo_finder/commit_finder.py +++ b/src/macaron/repo_finder/commit_finder.py @@ -776,12 +776,11 @@ def _compute_tag_version_similarity( # A half value is used here as otherwise it can lead to the same score as a tag_suffix that is # equal to the last part. score = score - 0.5 + elif tag_suffix not in release_set: + # The suffix does not match, and is not similar. + score = score + 1 else: - if tag_suffix not in release_set: - # The suffix does not match, and is not similar. - score = score + 1 - else: - score = score + 0.2 + score = score + 0.2 else: # If no suffix pattern can be created the suffix cannot be matched to the last version part. score = score + 1 diff --git a/src/macaron/slsa_analyzer/ci_service/github_actions/analyzer.py b/src/macaron/slsa_analyzer/ci_service/github_actions/analyzer.py index 6a659cdf3..9ad9e5172 100644 --- a/src/macaron/slsa_analyzer/ci_service/github_actions/analyzer.py +++ b/src/macaron/slsa_analyzer/ci_service/github_actions/analyzer.py @@ -311,37 +311,37 @@ def build_call_graph_from_node(node: GitHubWorkflowNode, repo_path: str) -> None ) external_node.model = create_third_party_action_model(external_node) job_node.add_callee(external_node) - else: - # Check the shell type configuration. We currently can support `bash`` and `sh`. - # By default `bash`` is used on non-Windows runners, which we support. - # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#defaultsrunshell - # TODO: support Powershell for Windows runners, which is the default shell in GitHub Actions. - # Right now, the script with the default shell is passed to the parser, which will fail - # if the runner is Windows and Powershell is used. But there is no easy way to avoid passing - # the script because that means we need to accurately determine the runner's OS. - if step.get("run") and ("shell" not in step or step["shell"] in {"bash", "sh"}): - try: - name = "UNKNOWN" - node_id = None - if "id" in step: - node_id = step["id"] - if "name" in step: - name = step["name"] - - callee = create_bash_node( - name=name, - node_id=node_id, - node_type=BashScriptType.INLINE, - source_path=node.source_path, - ci_step_ast=step, - repo_path=repo_path, - caller=job_node, - recursion_depth=0, - ) - except CallGraphError as error: - logger.debug(error) - continue - job_node.add_callee(callee) + + # Check the shell type configuration. We currently can support `bash`` and `sh`. + # By default `bash`` is used on non-Windows runners, which we support. + # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#defaultsrunshell + # TODO: support Powershell for Windows runners, which is the default shell in GitHub Actions. + # Right now, the script with the default shell is passed to the parser, which will fail + # if the runner is Windows and Powershell is used. But there is no easy way to avoid passing + # the script because that means we need to accurately determine the runner's OS. + elif step.get("run") and ("shell" not in step or step["shell"] in {"bash", "sh"}): + try: + name = "UNKNOWN" + node_id = None + if "id" in step: + node_id = step["id"] + if "name" in step: + name = step["name"] + + callee = create_bash_node( + name=name, + node_id=node_id, + node_type=BashScriptType.INLINE, + source_path=node.source_path, + ci_step_ast=step, + repo_path=repo_path, + caller=job_node, + recursion_depth=0, + ) + except CallGraphError as error: + logger.debug(error) + continue + job_node.add_callee(callee) elif is_reusable_workflow_call_job(job): workflow_call_job_with_id = Identified[ReusableWorkflowCallJob](job_name, job) diff --git a/tests/integration/run.py b/tests/integration/run.py index ef0eda8f2..4ad35d04b 100644 --- a/tests/integration/run.py +++ b/tests/integration/run.py @@ -166,13 +166,12 @@ def run_command(self, cwd: str, macaron_cmd: str) -> int: " ".join(args), ) return 1 - else: - if res.returncode != 0: - logger.error( - "Command '%s' unexpectedly exited with non-zero code.", - " ".join(args), - ) - return 1 + elif res.returncode != 0: + logger.error( + "Command '%s' unexpectedly exited with non-zero code.", + " ".join(args), + ) + return 1 time_taken = (end_time - start_time) / 1e9 logger.info(