microsoft/sarif-vscode-extension

Improve handling of multiple github remotes for a repository

Opened this issue · 0 comments

jsoref commented

#458 added the ability to scan some github repository for sarif state. Unfortunately I can't figure out what it's doing when there are multiple github remotes for a repository (which is my default work-mode -- I typically have 3: origin, submit, scratch).

Current behavior

  1. Open a git repository with a number of github remotes:
    image
  2. Clicking Connect yields:
    image
  3. Using SARIF: Show Panel
    image

Expected behavior

  • When there are multiple eligible remotes and the user hasn't expressed a strong opinion, instead of just offering a button to "surprise me", there should be a way to show the user which repositories are available and let them select the one they want to use (a drop down would be a reasonable choice, although a link to a configuration pane would as well)
  • When a tool fails to find results it should report where it looked -- in this case, that means telling the user which repository it checked
  • When a tool fails to find results in a remote and there are other available remotes that could have results, it should offer to the user to let the user pick from one of them
  • If the tool can look at the history and see where remotes are relative to HEAD, if it has no other heuristics, it should favor remotes with the closest branch behind the current HEAD.
    • checking out a different branch should rerun this logic and suggest a new appropriate remote if applicable
  • Open SARIF log should be renamed to Load SARIF file and a debug button called View SARIF extension log should be added to let users see what the extension did when it tried to retrieve (a sarif file from github) or process a sarif file.
  • To some extent, it might be nice if gh repo set-default worked for setting the default source for sarif output
  • It should be sufficient to check out a commit/branch that happens to point to a commit for which there's a valid result in order to get it (this absolutely does not happen reliably)

Notes

I've tried playing with git remote rename, git remote rm and friends, and that hasn't really lead to any particularly obvious improvements.

I've tried gh repo set-default and that too doesn't seem to help.

With a lot of black magic, checking out a branch whose name matches a name in github (but whose state is very stale), then resetting to where I was before I did the checkout, I can sometimes get sarif to properly load in state, but it's really incredibly frustrating and shouldn't be necessary.