From e29923b873e4aa80088334a203d8edaa101ee17b Mon Sep 17 00:00:00 2001
From: Yolanda Robla <info@ysoft.biz>
Date: Thu, 9 May 2024 09:44:18 +0200
Subject: [PATCH] fix problems with rebase

---
 pkg/trustyapi/trustyapi.go | 52 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)

diff --git a/pkg/trustyapi/trustyapi.go b/pkg/trustyapi/trustyapi.go
index 66bac21..1dfb3af 100644
--- a/pkg/trustyapi/trustyapi.go
+++ b/pkg/trustyapi/trustyapi.go
@@ -16,15 +16,19 @@
 package trustyapi
 
 import (
+	"context"
 	"encoding/json"
 	"fmt"
 	"io"
 	"log"
+	"os"
 	"time"
 
 	"net/http"
 	"net/url"
 	"strings"
+
+	"github.com/google/go-github/v60/github"
 )
 
 type DependencyDetails struct {
@@ -299,3 +303,51 @@ func fetchPackageData(requestURL, dep, ecosystem string, resultChan chan<- Packa
 		}
 	}()
 }
+
+// BuildReport analyzes the dependencies of a PR and generates a report based on their Trusty scores.
+// It takes the following parameters:
+// - ctx: The context.Context for the function.
+// - ghClient: A pointer to a github.Client for interacting with the GitHub API.
+// - owner: The owner of the repository.
+// - repo: The name of the repository.
+// - prNumber: The number of the pull request.
+// - dependencies: A slice of strings representing the dependencies to be analyzed.
+// - ecosystem: The ecosystem of the dependencies (e.g., "npm", "pip", "maven").
+// - scoreThreshold: The threshold for Trusty scores below which a warning will be generated.
+//
+// The function generates a report and posts it as a comment on the pull request.
+func BuildReport(ctx context.Context,
+	ghClient *github.Client,
+	owner,
+	repo string,
+	prNumber int,
+	dependencies []string,
+	ecosystem string,
+	globalThreshold float64,
+	repoActivityThreshold float64,
+	authorActivityThreshold float64,
+	provenanceThreshold float64,
+	typosquattingThreshold float64,
+	failOnMalicious bool,
+	failOnDeprecated bool,
+	failOnArchived bool) {
+
+	reportContent, failAction := GenerateReportContent(dependencies, ecosystem, globalThreshold, repoActivityThreshold, authorActivityThreshold, provenanceThreshold, typosquattingThreshold,
+		failOnMalicious, failOnDeprecated, failOnArchived)
+
+	if strings.TrimSpace(reportContent) != "## 🐻 Trusty Dependency Analysis Action Report \n\n" {
+		_, _, err := ghClient.Issues.CreateComment(ctx, owner, repo, prNumber, &github.IssueComment{Body: &reportContent})
+		if err != nil {
+			log.Printf("error posting comment to PR: %v\n", err)
+		} else {
+			log.Printf("posted comment to PR: %s/%s#%d\n", owner, repo, prNumber)
+		}
+	} else {
+		log.Println("No report content to post, skipping comment.")
+	}
+
+	if failAction {
+		log.Println("Failing the GitHub Action due to dependencies not meeting the required criteria.")
+		os.Exit(1)
+	}
+}