chore(COD-4237): removing unused option --autofix (#213)

action.yaml

@@ -23,10 +23,6 @@ inputs:
     description: 'Show vulnerabilities found in transitive dependencies'
     required: false
     default: false
-  autofix:
-    description: 'Set to true to enable automated pull-requests for fix suggestions'
-    required: false
-    default: false
 outputs:
   old-completed:
     description: 'If running a target called old, whether the analysis for this was completed'
@@ -119,4 +115,3 @@ runs:
         token: '${{ inputs.token || github.token }}'
         footer: '${{ inputs.footer }}'
         eval-indirect-dependencies: '${{ inputs.eval-indirect-dependencies }}'
-        autofix: '${{ inputs.autofix }}'

src/index.ts

@@ -7,9 +7,8 @@ import {
   uploadArtifact,
 } from './actions'
 import { downloadKeys, trustedKeys } from './keys'
-import { compareResults, createPRs, printResults } from './tool'
+import { compareResults, printResults } from './tool'
 import {
-  autofix,
   callCommand,
   callLaceworkCli,
   debug,
@@ -66,18 +65,12 @@ async function runAnalysis() {
   if (debug()) {
     args.push('--debug')
   }
-  if (autofix()) {
-    args.push('--fix-suggestions')
-  }
   await callLaceworkCli(...args)
   // make a copy of the sarif file
   args = [scaSarifReport, scaReport]
   await callCommand('cp', ...args)
 
   await printResults('sca', scaReport)
-  if (autofix()) {
-    await createPRs(scaLWJSONReport)
-  }
   toUpload.push(scaReport)
 
   const uploadStart = Date.now()

src/tool.ts

@@ -1,18 +1,11 @@
-import { info, startGroup, endGroup, error } from '@actions/core'
+import { endGroup, info, startGroup } from '@actions/core'
 import { context } from '@actions/github'
 import { existsSync, readFileSync } from 'fs'
-import {
-  callCommand,
-  callLaceworkCli,
-  debug,
-  getOptionalEnvVariable,
-  getRequiredEnvVariable,
-  telemetryCollector,
-} from './util'
 import { Log } from 'sarif'
-import { LWJSON } from './lw-json'
-import { getPrApi } from './actions'
 import { simpleGit, SimpleGitOptions } from 'simple-git'
+import { getPrApi } from './actions'
+import { LWJSON } from './lw-json'
+import { callLaceworkCli, debug, getOptionalEnvVariable, getRequiredEnvVariable } from './util'
 
 export async function printResults(tool: string, sarifFile: string) {
   startGroup(`Results for ${tool}`)
@@ -198,11 +191,6 @@ export async function createPRs(jsonFile: string) {
     await prForFixSuggestion(jsonFile, fixId, repoOwner, repoName, telem)
   }
   const after = Date.now()
-  telemetryCollector.addField('autofix.totalPRs', telem.prsCounter.toString())
-  telemetryCollector.addField('autofix.updatedPRs', telem.prsUpdated.toString())
-  telemetryCollector.addField('autofix.timeAPI', telem.totalAPITime.toString())
-  telemetryCollector.addField('autofix.APIerrors', telem.errors.map(String).join(', '))
-  telemetryCollector.addField('autofix.totalTime', (after - before).toString())
 }
 
 export async function compareResults(

src/util.ts

@@ -1,5 +1,4 @@
-import { getInput, isDebug } from '@actions/core'
-import { error, info } from '@actions/core'
+import { error, getInput, info, isDebug } from '@actions/core'
 import { spawn } from 'child_process'
 import { TelemetryCollector } from './telemetry'
 
@@ -23,12 +22,6 @@ export function getActionRef(): string {
   return getOptionalEnvVariable('LACEWORK_ACTION_REF', 'unknown')
 }
 
-export function autofix() {
-  // autofix does fix all vulnerabilities, regardless of whether they are newly introduced or no
-  // for this reason, we skip if we are scanning the old branch
-  return getBooleanInput('autofix') && getInput('target') != 'old'
-}
-
 export function getRunUrl(): string {
   let result = getRequiredEnvVariable('GITHUB_SERVER_URL')
   result += '/'