Add better ux around missing env vars

Author: jdalton

src/commands/fix/coana-fix.mts

@@ -5,7 +5,7 @@ import { debugDir, debugFn } from '@socketsecurity/registry/lib/debug'
 import { logger } from '@socketsecurity/registry/lib/logger'
 import { pluralize } from '@socketsecurity/registry/lib/words'
 
-import { getFixEnv } from './env-helpers.mts'
+import { checkCiEnvVars, getCiEnvInstructions, getFixEnv } from './env-helpers.mts'
 import { getSocketFixBranchName, getSocketFixCommitMessage } from './git.mts'
 import { getSocketFixPrs, openSocketFixPr } from './pull-request.mts'
 import { GQL_PR_STATE_OPEN, UNKNOWN_ERROR } from '../../constants.mts'
@@ -100,6 +100,26 @@ export async function coanaFix(
   const shouldOpenPrs = fixEnv.isCi && fixEnv.repoInfo
 
   if (!shouldOpenPrs) {
+    // Inform user about local mode when fixes will be applied.
+    if (!onlyCompute && ghsas.length) {
+      const envCheck = checkCiEnvVars()
+      if (envCheck.present.length) {
+        // Some CI vars are set but not all - show what's missing.
+        if (envCheck.missing.length) {
+          logger.info(
+            'Running in local mode - fixes will be applied directly to your working directory.\n' +
+            `Missing environment variables for PR creation: ${joinAnd(envCheck.missing)}`
+          )
+        }
+      } else {
+        // No CI vars are present - show general local mode message.
+        logger.info(
+          'Running in local mode - fixes will be applied directly to your working directory.\n' +
+          getCiEnvInstructions()
+        )
+      }
+    }
+
     const ids = isAll ? ['all'] : ghsas.slice(0, limit)
     if (!ids.length) {
       spinner?.stop()
@@ -304,11 +324,24 @@ export async function coanaFix(
       }
 
       // Set up git remote.
+      if (!fixEnv.githubToken) {
+        logger.error(
+          'Cannot create pull request: SOCKET_CLI_GITHUB_TOKEN environment variable is not set.\n' +
+          'Set SOCKET_CLI_GITHUB_TOKEN or GITHUB_TOKEN to enable PR creation.'
+        )
+        // eslint-disable-next-line no-await-in-loop
+        await gitResetAndClean(fixEnv.baseBranch, cwd)
+        // eslint-disable-next-line no-await-in-loop
+        await gitCheckoutBranch(fixEnv.baseBranch, cwd)
+        // eslint-disable-next-line no-await-in-loop
+        await gitDeleteBranch(branch, cwd)
+        continue ghsaLoop
+      }
       // eslint-disable-next-line no-await-in-loop
       await setGitRemoteGithubRepoUrl(
         fixEnv.repoInfo.owner,
         fixEnv.repoInfo.repo,
-        fixEnv.githubToken!,
+        fixEnv.githubToken,
         cwd,
       )
 

src/commands/fix/env-helpers.mts

@@ -1,5 +1,6 @@
 import { joinAnd } from '@socketsecurity/registry/lib/arrays'
 import { debugFn, isDebug } from '@socketsecurity/registry/lib/debug'
+import { logger } from '@socketsecurity/registry/lib/logger'
 
 import { getSocketFixPrs } from './pull-request.mts'
 import constants from '../../constants.mts'
@@ -34,30 +35,91 @@ export interface FixEnv {
   repoInfo: RepoInfo | undefined
 }
 
+export interface MissingEnvVars {
+  missing: string[]
+  present: string[]
+}
+
+/**
+ * Get formatted instructions for setting CI environment variables.
+ */
+export function getCiEnvInstructions(): string {
+  return (
+    'To enable automatic pull request creation, run in CI with these environment variables:\n' +
+    '  - CI=1\n' +
+    '  - SOCKET_CLI_GITHUB_TOKEN=<your-github-token>\n' +
+    '  - SOCKET_CLI_GIT_USER_NAME=<git-username>\n' +
+    '  - SOCKET_CLI_GIT_USER_EMAIL=<git-email>'
+  )
+}
+
+/**
+ * Check which required CI environment variables are missing.
+ * Returns lists of missing and present variables.
+ */
+export function checkCiEnvVars(): MissingEnvVars {
+  const { CI, SOCKET_CLI_GIT_USER_EMAIL, SOCKET_CLI_GIT_USER_NAME, SOCKET_CLI_GITHUB_TOKEN } = constants.ENV
+
+  const missing: string[] = []
+  const present: string[] = []
+
+  if (CI) {
+    present.push('CI')
+  } else {
+    missing.push('CI')
+  }
+
+  if (SOCKET_CLI_GIT_USER_EMAIL) {
+    present.push('SOCKET_CLI_GIT_USER_EMAIL')
+  } else {
+    missing.push('SOCKET_CLI_GIT_USER_EMAIL')
+  }
+
+  if (SOCKET_CLI_GIT_USER_NAME) {
+    present.push('SOCKET_CLI_GIT_USER_NAME')
+  } else {
+    missing.push('SOCKET_CLI_GIT_USER_NAME')
+  }
+
+  if (SOCKET_CLI_GITHUB_TOKEN) {
+    present.push('SOCKET_CLI_GITHUB_TOKEN')
+  } else {
+    missing.push('SOCKET_CLI_GITHUB_TOKEN (or GITHUB_TOKEN)')
+  }
+
+  return { missing, present }
+}
+
 export async function getFixEnv(): Promise<FixEnv> {
   const baseBranch = await getBaseBranch()
   const gitEmail = constants.ENV.SOCKET_CLI_GIT_USER_EMAIL
   const gitUser = constants.ENV.SOCKET_CLI_GIT_USER_NAME
   const githubToken = constants.ENV.SOCKET_CLI_GITHUB_TOKEN
   const isCi = !!(constants.ENV.CI && gitEmail && gitUser && githubToken)
 
-  if (
-    // If isCi is false,
-    !isCi &&
-    // but some CI checks are passing,
-    (constants.ENV.CI || gitEmail || gitUser || githubToken) &&
+  const envCheck = checkCiEnvVars()
+
+  // Provide clear feedback about missing environment variables.
+  if (constants.ENV.CI && envCheck.missing.length > 1) {
+    // CI is set but other required vars are missing.
+    const missingExceptCi = envCheck.missing.filter(v => v !== 'CI')
+    if (missingExceptCi.length) {
+      logger.warn(
+        `CI mode detected, but pull request creation is disabled due to missing environment variables:\n` +
+        `  Missing: ${joinAnd(missingExceptCi)}\n` +
+        `  Set these variables to enable automatic pull request creation.`
+      )
+    }
+  } else if (
+    // If not in CI but some CI-related env vars are set.
+    !constants.ENV.CI &&
+    envCheck.present.length &&
     // then log about it when in debug mode.
     isDebug('notice')
   ) {
-    const envVars = [
-      ...(constants.ENV.CI ? [] : ['process.env.CI']),
-      ...(gitEmail ? [] : ['process.env.SOCKET_CLI_GIT_USER_EMAIL']),
-      ...(gitUser ? [] : ['process.env.SOCKET_CLI_GIT_USER_NAME']),
-      ...(githubToken ? [] : ['process.env.GITHUB_TOKEN']),
-    ]
     debugFn(
       'notice',
-      `miss: fixEnv.isCi is false, expected ${joinAnd(envVars)} to be set`,
+      `miss: fixEnv.isCi is false, expected ${joinAnd(envCheck.missing)} to be set`,
     )
   }