You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- Add new `auth whoami` command to display authenticated user info
- Add new `issues browse` command for opening issues in browser
- Add GetViewer API method to fetch authenticated user details
- Refactor output messages to use pterm.Print* instead of pterm.Info
for consistency across auth, config, issues, and repo commands
- Update dependencies (pterm, testify, bubbletea, lipgloss)
- Add `runs list` command to display analysis runs for a repository
- Add `runs issues` command to show issues for a specific run
- Add GetAnalysisRuns and GetRunIssues API methods to client
- Add GraphQL schema and queries for runs and run issues
- Refactor whoami command to use boxed output format
- Remove issues browse command
- Add runs domain types and query helpers
Add support for filtering issues by analyzer, category, severity, code, and path.
Filters can be specified multiple times to match any of the provided values.
New flags:
- --analyzer: filter by analyzer shortcode
- --category: filter by issue category
- --severity: filter by severity level
- --code: filter by issue code
- --path: filter by file path (supports partial matching)
Also refactor runs command to accept commit-oid argument and wire up
issue flags via AddRunIssueFlags for better flag reusability.
- Replace Makefile with justfile, add VERSION file for version tracking
- Replace goreleaser release pipeline with build-and-deploy workflow
- Add install script template
- Move version/ package to buildinfo/
- Swap DataDog/zstd (cgo) for klauspost/compress/zstd (pure Go)
- Replace deprecated io/ioutil usage with os and io
- Bump Go version to 1.25 in CI
- Update SARIF schema URL to official OASIS source
- Add TCP readiness check for mock server in tests
- Update README with auth docs and current command list
- Drop config generate/validate commands and supporting packages
- Drop issues list command and related services
- Remove configvalidator, configdata, and issues service packages
- Update root command registrations and dependencies
- Clean up justfile test targets
- Add top-level issues, metrics, and vulnerabilities commands with SDK queries
- Add transparent token refresh in GraphQL client (removes need for auth refresh)
- Remove version, auth refresh, and auth whoami commands
- Add UserError type to skip user-correctable errors from Sentry
- Improve Sentry setup with panic recovery, release tagging
- Add YAML output format and source filter for run issues
- Auto-open browser on login instead of waiting for user input
- Update GraphQL schema to use issues instead of occurrences
- Use --version flag instead of version subcommand
- Clean up error messages and stale code
- Rename `repo` to `repository` and `runs` to `analysis`
- Rename `--run` flag to `--commit` across issues, metrics, and vulnerabilities
- Update default hostname from deepsource.io to deepsource.com
- Add `human` output format as new default, keep `table` as explicit option
- Add `--output-file`, `--verbose`, `--analyzer` filter, and `--limit` flags
- Remove legacy YAML config support and debug logging infrastructure
- Add `GetEnabledAnalyzers` API endpoint and repository analyzers command
- Fix report service using Errorf instead of Printf for info messages
- Rename telemetry → sentry across adapters, interfaces, and container
- Introduce cmddeps.Deps struct for injectable config, client, and stdout
- Add NewCmd*WithDeps constructors to all commands for testability
- Add --output json flag to analysis command
- Add golden-file-based tests for analysis, issues, metrics, vulnerabilities,
repo status, repo analyzers, and auth status commands
- Add NewWithGraphQLClient and NewTestService test helpers
- Always show auth URL in login flow regardless of browser open result
- Update justfile with new test paths
- Change table headers from ALL CAPS to Title Case across all commands
- Normalize status labels to Title Case in analysis output
- Rename default output format from "table" to "pretty", keeping "table" as alias
- Add "pretty" to shell completion candidates
- Introduce buildinfo app identity vars (AppName, ConfigDirName, KeychainSvc, KeychainKey) with prod defaults
- Override identity at startup when buildMode=dev via ldflags, giving dev builds their own binary name, config dir, and keychain entries
- Update build-and-deploy workflow to pass buildMode and use dynamic binary names per environment
- Replace hardcoded "deepsource" strings with buildinfo vars in config, keychain, and root command
- Remove shell completion generation (gen-completions.sh deleted, references stripped from workflows and Homebrew formula)
- Add just install step to CI workflow
- Rename deploy -> deploy-prod in justfile, add build alias
- Update report golden file with info-level progress lines
- Fix case mismatches in OIDC tests (failed -> Failed, can not -> cannot, provider -> Provider)
- GitHub Actions blocks job outputs that match secret values
- Move bucket resolution from resolve-env outputs to deploy step
- Reference secrets directly in deploy job based on environment
- Point dev base_url to cli.deepsource.one subdomain instead of deepsource.one/cli
- Drop cli/ key prefix for dev R2 uploads since the subdomain serves the bucket root
- Fix manifest path in install script (/manifest.json, not /build/manifest.json)
The reason will be displayed to describe this comment to others. Learn more.
`os.Exit` skips deferred function execution
The call to os.Exit(exitCode) stops all goroutines and the main program immediately without running deferred functions. This means defer statements for resource cleanup or finalization won't execute, possibly leading to resource leaks or inconsistent state.
Refactor to avoid direct os.Exit calls in functions with defer. Use return statements combined with a deferred os.Exit at a higher level to ensure defer calls run before program termination.
The reason will be displayed to describe this comment to others. Learn more.
High cyclomatic complexity reduces code maintainability
The function ResolveAutoBranch has a cyclomatic complexity above recommended thresholds, indicating many independent execution paths. This complexity increases the chance of bugs and makes the function difficult to maintain or test.
Refactor ResolveAutoBranch by splitting into smaller functions or simplifying control flow. This reduces complexity and improves code clarity and testability.
The reason will be displayed to describe this comment to others. Learn more.
Error from `deepsource.New` is silently ignored during token verification
The error returned by deepsource.New is not handled. If client instantiation fails due to a misconfiguration or network issue, the token verification process is silently aborted, and the application continues assuming the token is valid. This can mask underlying problems and lead to confusing errors later.
Consider treating a client creation failure as a token verification failure by setting opts.TokenExpired = true. This would force a re-login, allowing the user to correct the configuration.
Using os.Exit directly in a function with deferred calls prevents execution of those deferred calls, leading to unclosed resources or incomplete cleanup steps. This abrupt termination skips all deferred functions concluding the program instantly.
Replace direct calls to os.Exit with structured returns and a top-level deferred os.Exit or handle cleanup explicitly before exiting to ensure all deferred functions run.
The reason will be displayed to describe this comment to others. Learn more.
Function `ResolveAutoBranch` has excessive decision points
The ResolveAutoBranch function has high cyclomatic complexity, indicating numerous decision points and independent paths. This complexity increases the risk of bugs and makes the function harder to understand and maintain.
Break down ResolveAutoBranch into smaller, simpler functions or refactor complex control flow to reduce complexity and improve code clarity and testability.
The reason will be displayed to describe this comment to others. Learn more.
The error `runErr` from `ResolveLatestRunForBranch` is ignored
In the pull request resolution path, if ResolveLatestRunForBranch returns an error, it is effectively ignored. The function proceeds to return a nil error with a result where CommitOid is not set, which can lead to unexpected behavior in the calling commands that might assume CommitOid is always present if a PR is found.
The error runErr should be checked immediately after the call to ResolveLatestRunForBranch and propagated to the caller to ensure robust error handling.
- Use dynamic base URL for legacy install script instead of hardcoded deepsource.io/cli
- Remove prod/dev prefix branching in R2 upload, always use empty prefix
- Extract mainRun() with named return so defer handles panic exit code without calling os.Exit in deferred func
- Split ResolveAutoBranch into resolveWithPR/resolveWithoutPR helpers
- Handle os.Setenv/os.Unsetenv errors in report test setup
- Add unit tests for detectProvider, extractRepoName, extractOwner, extractADSOwner
- Add GitLab, Bitbucket, and unsupported provider cases for GetRemoteMap
- Add tests for testutil helpers (LoadGoldenFile, MockQueryFunc, CreateTestConfigManager)
- Prefix "branch " to scope labels in issues, metrics, reportcard, and
vulnerabilities commands so output reads "branch main" instead of "main"
- Switch deploy tags from annotated (-a) to signed (-s) in justfile
- Add detailed usage, flags, and examples to the root cobra command using heredoc
- Replace manual CODE_PATH env save/restore with t.Setenv in report tests
- Add report service tests: no-compression, server error, HTTP error, cert skip, sentry capture
- Add edge case tests for ADS/SSH owner extraction in remotes_test
…letions
- Replace server-side limit params with cursor-based auto-pagination for
issues and vulnerabilities queries (new deepsource/pagination package)
- --limit flag is now a client-side display cap (0 = fetch all)
- Remove repo analyzers subcommand, fold analyzer listing into repo status
- Add --install-completions flag to root command (bash, zsh, fish)
- Update root help text and add test coverage for pagination
- Rename --hostname to --host in login, keep --hostname as deprecated alias
- Rename --deepsource-host-endpoint to --host in report, keep old flag as deprecated
- Resolve host from config when --host flag is not explicitly set
- Replace --install-completions global flag with `completion` subcommand
- Simplify README to focus on what the CLI does
- Auto-run shell completion setup in install script
- Cluster issues by title/severity/code and show occurrence count with
compact file:line locations instead of repeating full blocks
- Bump MaxResults from 500 to 1000 and warn when results are capped
- Fix version flag init order in root command (InitDefaultVersionFlag
before Lookup, add nil guard)
- Add unit tests for grouping, line range formatting, and location
collapsing, plus integration test for the cap warning
- Add tests for config manager (Load, Write, Delete, TokenRefresh)
- Add tests for GraphQLError, TruncateQuery, and MockClient
- Add tests for pagination, style, and errors packages
- Replace unused function params with _ across test files
- Use value receivers on captureSentry stub methods
- Collapse repeated append calls in root.go buildExampleText
- Tighten file permissions in completion install (750/600)
The reason will be displayed to describe this comment to others. Learn more.
Parameter `result` is defined but unused
The function assigned to mock.QueryFunc defines a parameter result which is never used anywhere within the function body. This unused parameter can imply unfinished implementation or redundant code, making it harder to understand or maintain.
Rename the unused parameter to _ or remove it entirely if it's not needed to clarify the code intent and avoid unnecessary warnings.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
![deepsource-io[bot]](https://avatars.githubusercontent.com/in/16372?s=60&v=4){kind=small}
No description provided.