Merge pull request #11 from datatheorem/support-polling-timeout

Add POLLING_TIMEOUT configuration option

Author: izokoru

README.md

@@ -60,6 +60,11 @@ When `WARN_ON_SEVERITY` is specified, the action will:
 - `MEDIUM`: Block on medium and high severity vulnerabilities  
 - `LOW`: Block on all severity vulnerabilities (low, medium, high)
 
+### `POLLING_TIMEOUT`
+When `POLLING_TIMEOUT` is specified, the action will stop polling the scan result after the specified time in seconds.
+Defaults to 300 seconds (5 minutes).
+
+
 ### Example with Vulnerability Blocking
 ```yaml
 - name: Upload to Data Theorem with blocking if high or medium vulnerabilities are found
@@ -130,5 +135,6 @@ jobs:
           EXTERNAL_ID: "App_12230045"
           BLOCK_ON_SEVERITY: "HIGH"  # Optional: Block build on high severity vulnerabilities
           WARN_ON_SEVERITY: "MEDIUM"  # Optional: Warn on medium severity vulnerabilities
+          POLLING_TIMEOUT: 300  # Optional: Stop polling the scan result after the specified time 
 
 ```

action.yml

@@ -64,6 +64,10 @@ inputs:
       Valid values: HIGH, MEDIUM, LOW. If not specified, no warnings will be shown.
       This requires a Data Theorem Mobile Results API Key to be set.
     required: false
+  POLLING_TIMEOUT:
+    description: >
+      Stop polling the scan result after the specified time in seconds, default is 5 minutes.
+    required: false
 runs:
   using: 'node20'
   main: 'main.js'

main.js

@@ -105,6 +105,17 @@ function run() {
         const external_id = core.getInput("EXTERNAL_ID");
         const block_on_severity = core.getInput("BLOCK_ON_SEVERITY");
         const warn_on_severity = core.getInput("WARN_ON_SEVERITY");
+        const polling_timeout = core.getInput("POLLING_TIMEOUT");
+        var parsed_polling_timeout;
+        if (polling_timeout) {
+            parsed_polling_timeout = parseInt(polling_timeout, 10);
+            if (isNaN(parsed_polling_timeout)) {
+                throw new Error("POLLING_TIMEOUT must be a number");
+            }
+            if (parsed_polling_timeout <= 0) {
+                throw new Error("POLLING_TIMEOUT must be greater than 0");
+            }
+        }
         // Validate severity levels
         if (block_on_severity &&
             !["HIGH", "MEDIUM", "LOW"].includes(block_on_severity.toUpperCase())) {
@@ -259,8 +270,11 @@ function run() {
         }
         for (const scan of scan_info) {
             const { mobile_app_id, scan_id } = scan;
-            // Poll for scan completion with 30-second intervals
-            const maxWaitTime = 300000; // 5 minutes
+            var maxWaitTime = 300000; // 5 minutes
+            if (parsed_polling_timeout) {
+                maxWaitTime = parsed_polling_timeout * 1000;
+            }
+            // Poll for scan completion with 23-second intervals
             const pollInterval = 23000; // 23 seconds
             const startTime = Date.now();
             console.log(`Waiting for scan ${scan_id} to complete...`);
@@ -277,8 +291,9 @@ function run() {
                         continue;
                     }
                     const status_data = yield status_response.json();
-                    if (status_data.static_scan &&
-                        status_data.static_scan.status === "FAILED") {
+                    const scan_status = status_data.static_scan.status || status_data.status;
+                    if (scan_status &&
+                        ["FAILED", "SCAN_ATTEMPT_ERROR", "CANCELLED"].includes(scan_status)) {
                         console.log(`Scan ${scan_id} failed, skipping vulnerability check`);
                         break;
                     }

main.ts

@@ -125,6 +125,17 @@ async function run() {
   const external_id = core.getInput("EXTERNAL_ID");
   const block_on_severity = core.getInput("BLOCK_ON_SEVERITY");
   const warn_on_severity = core.getInput("WARN_ON_SEVERITY");
+  const polling_timeout = core.getInput("POLLING_TIMEOUT");
+  var parsed_polling_timeout;
+  if (polling_timeout) {
+        parsed_polling_timeout = parseInt(polling_timeout, 10);
+        if (isNaN(parsed_polling_timeout)) {
+            throw new Error("POLLING_TIMEOUT must be a number");
+        }
+        if (parsed_polling_timeout <= 0) {
+            throw new Error("POLLING_TIMEOUT must be greater than 0");
+        }
+    }
 
   // Validate severity levels
   if (
@@ -317,8 +328,12 @@ async function run() {
   for (const scan of scan_info) {
     const { mobile_app_id, scan_id } = scan;
 
-    // Poll for scan completion with 30-second intervals
-    const maxWaitTime = 300000; // 5 minutes
+    var maxWaitTime = 300000; // 5 minutes
+    if (parsed_polling_timeout) {
+        maxWaitTime = parsed_polling_timeout * 1000;
+    }
+
+    // Poll for scan completion with 23-second intervals
     const pollInterval = 23000; // 23 seconds
     const startTime = Date.now();
 
@@ -348,10 +363,10 @@ async function run() {
         }
 
         const status_data = await status_response.json();
-
+        const scan_status = status_data.static_scan.status || status_data.status;
         if (
-          status_data.static_scan &&
-          status_data.static_scan.status === "FAILED"
+          scan_status &&
+          ["FAILED", "SCAN_ATTEMPT_ERROR", "CANCELLED"].includes(scan_status)
         ) {
           console.log(`Scan ${scan_id} failed, skipping vulnerability check`);
           break;