improve error handling for policy store sceanrio

varunsh-coder · varunsh-coder · commit b3fc98e4dfca · 2025-09-06T11:26:42.000-07:00
diff --git a/dist/pre/index.js b/dist/pre/index.js
@@ -88140,8 +88140,14 @@ var setup_awaiter = (undefined && undefined.__awaiter) || function (thisArg, _ar
                     lib_core.setFailed('Policy store requires id-token write permission as it uses OIDC to fetch the policy from StepSecurity API. Please add "id-token: write" to your job permissions.');
                 }
                 else {
-                    // Log other errors but don't fail the job
-                    lib_core.error(`Failed to fetch policy: ${err}`);
+                    // Handle different HTTP status codes
+                    if (err.statusCode >= 400 && err.statusCode < 500) {
+                        lib_core.error('Policy not found');
+                    }
+                    else {
+                        lib_core.error(`Unexpected error occurred: ${err}. Falling back to egress policy audit`);
+                        confg.egress_policy = 'audit';
+                    }
                 }
             }
         }
diff --git a/dist/pre/index.js.map b/dist/pre/index.js.map
diff --git a/src/setup.ts b/src/setup.ts
@@ -89,8 +89,13 @@ interface MonitorResponse {
         if (err.message && err.message.includes('Unable to get ACTIONS_ID_TOKEN_REQUEST')) {
           core.setFailed('Policy store requires id-token write permission as it uses OIDC to fetch the policy from StepSecurity API. Please add "id-token: write" to your job permissions.');
         } else {
-          // Log other errors but don't fail the job
-          core.error(`Failed to fetch policy: ${err}`);
+          // Handle different HTTP status codes
+          if (err.statusCode >= 400 && err.statusCode < 500) {
+            core.error('Policy not found');
+          } else {
+            core.error(`Unexpected error occurred: ${err}. Falling back to egress policy audit`);
+            confg.egress_policy = 'audit';
+          }
         }
       }
     }

Original file line number	Diff line number	Diff line change
`@@ -88140,8 +88140,14 @@ var setup_awaiter = (undefined && undefined.__awaiter) \|\| function (thisArg, _ar`
`88140`	`88140`	`lib_core.setFailed('Policy store requires id-token write permission as it uses OIDC to fetch the policy from StepSecurity API. Please add "id-token: write" to your job permissions.');`
`88141`	`88141`	`}`
`88142`	`88142`	`else {`
`88143`		`- // Log other errors but don't fail the job`
`88144`		- lib_core.error(`Failed to fetch policy: ${err}`);
	`88143`	`+ // Handle different HTTP status codes`
	`88144`	`+ if (err.statusCode >= 400 && err.statusCode < 500) {`
	`88145`	`+ lib_core.error('Policy not found');`
	`88146`	`+ }`
	`88147`	`+ else {`
	`88148`	+ lib_core.error(`Unexpected error occurred: ${err}. Falling back to egress policy audit`);
	`88149`	`+ confg.egress_policy = 'audit';`
	`88150`	`+ }`
`88145`	`88151`	`}`
`88146`	`88152`	`}`
`88147`	`88153`	`}`
Original file line number	Diff line number	Diff line change
`@@ -89,8 +89,13 @@ interface MonitorResponse {`
`89`	`89`	`if (err.message && err.message.includes('Unable to get ACTIONS_ID_TOKEN_REQUEST')) {`
`90`	`90`	`core.setFailed('Policy store requires id-token write permission as it uses OIDC to fetch the policy from StepSecurity API. Please add "id-token: write" to your job permissions.');`
`91`	`91`	`} else {`
`92`		`- // Log other errors but don't fail the job`
`93`		- core.error(`Failed to fetch policy: ${err}`);
	`92`	`+ // Handle different HTTP status codes`
	`93`	`+ if (err.statusCode >= 400 && err.statusCode < 500) {`
	`94`	`+ core.error('Policy not found');`
	`95`	`+ } else {`
	`96`	+ core.error(`Unexpected error occurred: ${err}. Falling back to egress policy audit`);
	`97`	`+ confg.egress_policy = 'audit';`
	`98`	`+ }`
`94`	`99`	`}`
`95`	`100`	`}`
`96`	`101`	`}`