Skip to content

Clarify SBOM action version comment status #448

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Copilot wants to merge 1 commit into from
Closed

Clarify SBOM action version comment status #448

Copilot wants to merge 1 commit into from

Conversation

Copy link
Contributor

Copilot AI commented Dec 23, 2025
edited
Loading

Summary

Responding to feedback on PR #437 regarding version comments for GitHub Actions. The requested change (adding # v0.17.2 version comment to the SBOM action) is already present in the codebase.

Checklist - required for history rewrite PRs

  • I have created a local backup branch: backup/history-YYYYMMDD-HHMMSS and verified it contains all refs.
  • I have pushed the backup branch to the remote origin and it is visible to reviewers.
  • I have run a dry-run locally: scripts/history-rewrite/preview_removals.sh --paths 'backend/codeql-db,codeql-db,codeql-db-js,codeql-db-go' --strip-size 50 and attached the output or paste it below.
  • I have verified the data/backups tarball is present and tests showing rewrite will not remove unrelated artifacts.
  • I have created a tag backup (see data/backups/) and verified tags are pushed to the remote or included in the tarball.
  • I have coordinated with repo maintainers for a rewrite window and notified other active forks/tokens that may be affected.
  • I have run the CI dry-run job and ensured it completes without blocked findings.
  • This PR only contains the history-rewrite helpers; no destructive rewrite is included in this PR.
  • I will not run the destructive --force step without explicit approval from maintainers and a scheduled maintenance window.

Note for maintainers: validate_after_rewrite.sh will check that the backups and backup_branch are present and will fail if they are not. Provide --backup-branch "backup/history-YYYYMMDD-HHMMSS" when running the scripts or set the BACKUP_BRANCH environment variable so automated validation can find the backup branch.

Attachments

No changes required. Current state at .github/workflows/docker-build.yml:238:

uses: anchore/sbom-action@61119d458adab75f756bc0b9e4bde25725f86a7a # v0.17.2

Version comment was added in commit 2dfe7ee when SBOM generation was introduced. All SHA-pinned actions in the workflow already include version comments.

Approach

N/A - No history rewrite needed. This PR clarifies that the requested version comment annotation is already implemented.

Notes for maintainers

  • The workflow .github/workflows/dry-run-history-rewrite.yml will run automatically on PR updates.
  • Please follow the checklist and only approve after offline confirmation.

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI mentioned this pull request Dec 23, 2025
Draft
13 tasks
Copilot AI changed the title [WIP] WIP Addressing feedback on additional security enhancements Clarify SBOM action version comment status Dec 23, 2025
Copilot AI requested a review from Wikid82 December 23, 2025 06:30
@Wikid82 Wikid82 closed this Dec 23, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Wikid82 Wikid82 Awaiting requested review from Wikid82

Assignees

@Wikid82 Wikid82

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Wikid82