Implement scan timeout and soft fail configuration

[fabiano-amaral]

Description

This PR introduces timeout management for the Prisma Cloud Scan action. It adds two new optional inputs:

• timeout: Specifies the maximum execution time for the scan in seconds.
• on_timeout: Determines the action behavior when a timeout occurs. Accepts fail (default) or success.
  The implementation uses Promise.race to enforce the time limit on the twistcli execution. If on_timeout is set to success, the action will log a warning and exit gracefully without generating result files, ensuring the pipeline continues even if the scan takes too long.

##Motivation and Context

In some CI/CD environments, scan operations might hang or take unexpectedly long, causing pipelines to stall. This change allows users to:

1. Enforce a hard time limit to prevent stuck builds.
2. Choose between a strict failure (blocking the pipeline) or a soft failure (warning only) when that limit is reached.
   How Has This Been Tested?

• Updated the codebase and successfully ran npm run build to generate the distribution file.
• Verified that the new inputs are correctly defined in action.yml.
• Verified that the logic correctly races the scan process against the defined timeout duration.

Screenshots (if appropriate)

N/A

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist

• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes if appropriate.
• All new and existing tests passed.

[fabiano-amaral]

Hey @sgordon46 , Could you review this pull request? I couldn’t find a clear contribution guide in the repository, but if there’s any adjustment that needs to be made, just let me know and I’ll take care of it here.

[sgordon46]

Thanks for the contribution — the feature idea is useful, but there are a few issues to address before this can be merged:

Required changes

1. Replace process.exit(0) with a proper return

Calling process.exit(0) abruptly kills the Node process without allowing @actions/core to clean up, set outputs, or run post steps. Use a simple return instead:

if (onTimeout === 'success') {
  core.warning('Scan timed out. Finishing with success, but no results will be generated.');
  return; // instead of process.exit(0)
}

2. Kill the child process on timeout

Promise.race stops waiting but the underlying twistcli subprocess keeps running in the background until the runner kills it. You need to explicitly terminate it on timeout. Consider using @actions/exec's listeners or spawning the process with child_process so you have a handle to call .kill() on timeout.

3. Use a more robust timeout error signal

Comparing err.message === 'Scan timed out' is fragile — any other error with that message would be mishandled. Use a dedicated flag or a custom error class:

class TimeoutError extends Error {}

const timeoutPromise = new Promise((_, reject) => {
  setTimeout(() => reject(new TimeoutError('Scan timed out')), parseInt(timeout, 10) * 1000);
});

// then check:
if (err instanceof TimeoutError) { ... }

4. Minor: add radix to parseInt

parseInt(timeout, 10)

Please also re-run npm run build after making changes to regenerate dist/index.js.

[fabiano-amaral]

@sgordon46, thank you for your attention. I’ve applied the changes you recommended, could you please review them when you have a moment? Thanks again.

[fabiano-amaral]

Hey @sgordon46 👋

Friendly bump on this PR! It's been open for a while now. Could you take another look when you get a chance? I've addressed the previous feedback and this is ready for re-review.

Thanks in advance! 🙏