Fixes the issue where socket ci would exit with code 0 even when blocking alerts were found. (#986)

This is the expected behaviour based on our docs: https://docs.socket.dev/docs/socket-ci#non-zero-exit-code

Co-authored-by: Graydon Hope <[email protected]>

Author: graydonhope

src/commands/scan/output-scan-report.mts

@@ -87,6 +87,11 @@ export async function outputScanReport(
     return
   }
 
+  if (!scanReport.data.healthy) {
+    // When report contains healthy: false, process should exit with non-zero code.
+    process.exitCode = 1
+  }
+
   // I don't think we emit the default error message with banner for an unhealthy report, do we?
   // if (!scanReport.data.healthy) {
   //   logger.fail(failMsgWithBadge(scanReport.message, scanReport.cause))

src/commands/scan/output-scan-report.test.mts

@@ -1,10 +1,22 @@
-import { describe, expect, it } from 'vitest'
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
 
-import { toJsonReport, toMarkdownReport } from './output-scan-report.mts'
+import {
+  outputScanReport,
+  toJsonReport,
+  toMarkdownReport,
+} from './output-scan-report.mts'
 import { SOCKET_WEBSITE_URL } from '../../constants.mjs'
 
 import type { ScanReport } from './generate-report.mts'
 
+const { mockGenerateReport } = vi.hoisted(() => ({
+  mockGenerateReport: vi.fn(),
+}))
+
+vi.mock('./generate-report.mts', () => ({
+  generateReport: mockGenerateReport,
+}))
+
 describe('output-scan-report', () => {
   describe('toJsonReport', () => {
     it('should be able to generate a healthy json report', () => {
@@ -135,6 +147,71 @@ describe('output-scan-report', () => {
       `)
     })
   })
+
+  describe('outputScanReport exit code behavior', () => {
+    const originalExitCode = process.exitCode
+
+    beforeEach(() => {
+      process.exitCode = undefined
+      vi.clearAllMocks()
+    })
+
+    afterEach(() => {
+      process.exitCode = originalExitCode
+    })
+
+    it('sets exit code to 1 when report is unhealthy', async () => {
+      mockGenerateReport.mockReturnValue({
+        ok: true,
+        data: getUnhealthyReport(),
+      })
+
+      await outputScanReport(
+        {
+          ok: true,
+          data: { scan: [], securityPolicy: {} },
+        } as any,
+        {
+          orgSlug: 'test-org',
+          scanId: 'test-scan',
+          includeLicensePolicy: false,
+          outputKind: 'json',
+          filepath: '-',
+          fold: 'none',
+          reportLevel: 'error',
+          short: false,
+        },
+      )
+
+      expect(process.exitCode).toBe(1)
+    })
+
+    it('does not set exit code when report is healthy', async () => {
+      mockGenerateReport.mockReturnValue({
+        ok: true,
+        data: getHealthyReport(),
+      })
+
+      await outputScanReport(
+        {
+          ok: true,
+          data: { scan: [], securityPolicy: {} },
+        } as any,
+        {
+          orgSlug: 'test-org',
+          scanId: 'test-scan',
+          includeLicensePolicy: false,
+          outputKind: 'json',
+          filepath: '-',
+          fold: 'none',
+          reportLevel: 'error',
+          short: false,
+        },
+      )
+
+      expect(process.exitCode).toBeUndefined()
+    })
+  })
 })
 
 function getHealthyReport(): ScanReport {