feat: improve error message when repo fetch fails (#475)

woodruffw · Jan 19, 2025 · 5baaaf2 · 5baaaf2
1 parent 3c1309c
commit 5baaaf2
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 3 deletions.
diff --git a/docs/release-notes.md b/docs/release-notes.md
@@ -16,6 +16,10 @@ Nothing to see here (yet!)
 * The [excessive-permissions] audit is now more precise about both
   reusable workflows and reusable workflow calls (#473)
 
+### Improvements 🌱
+
+* Fetch failures when running `zizmor org/repo` are now more informative (#475)
+
 ## v1.2.1
 
 This is a small corrective release for some SARIF behavior that

diff --git a/src/github_api.rs b/src/github_api.rs
@@ -12,6 +12,7 @@ use github_actions_models::common::RepositoryUses;
 use http_cache_reqwest::{
     CACacheManager, Cache, CacheMode, CacheOptions, HttpCache, HttpCacheOptions,
 };
+use owo_colors::OwoColorize;
 use reqwest::{
     header::{HeaderMap, ACCEPT, AUTHORIZATION, USER_AGENT},
     StatusCode,
@@ -399,7 +400,16 @@ impl Client {
         // TODO: Could probably make this slightly faster by
         // streaming asynchronously into the decompression,
         // probably with the async-compression crate.
-        let contents = self.http.get(url).send().await?.bytes().await?;
+        let resp = self.http.get(&url).send().await?;
+
+        if !resp.status().is_success() {
+            return Err(anyhow!(
+                "failed to fetch {url}: {status}",
+                status = resp.status().red()
+            ));
+        }
+
+        let contents = resp.bytes().await?;
         let tar = GzDecoder::new(contents.deref());
 
         let mut archive = Archive::new(tar);

diff --git a/src/main.rs b/src/main.rs
@@ -258,7 +258,16 @@ fn collect_from_repo_slug(
             registry.register_input(workflow.into())?;
         }
     } else {
-        let inputs = client.fetch_audit_inputs(&slug)?;
+        let inputs = client.fetch_audit_inputs(&slug).with_context(|| {
+            tip(
+                format!(
+                    "couldn't collect inputs from https://github.com/{owner}/{repo}",
+                    owner = slug.owner,
+                    repo = slug.repo
+                ),
+                "confirm the repository exists and that you have access to it",
+            )
+        })?;
 
         tracing::info!(
             "collected {len} inputs from {owner}/{repo}",
@@ -267,7 +276,7 @@ fn collect_from_repo_slug(
             repo = slug.repo
         );
 
-        for input in client.fetch_audit_inputs(&slug)? {
+        for input in inputs {
             registry.register_input(input)?;
         }
     }