Skip to content

[DO NOT MERGE] - Added config to scan sub directories for Gemfile.lock #3466

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
nikhil2611 wants to merge 6 commits into
base: main
Choose a base branch
from
Open

[DO NOT MERGE] - Added config to scan sub directories for Gemfile.lock #3466

Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
8443a17
added config to detect gemfile.lock in sub directories
nikhil2611 Dec 4, 2025
120cc3d
added config to detect gemfile.lock in sub directories
nikhil2611 Dec 4, 2025
56674c1
Merge branch 'main' of github.com:chef/chef-workstation into nikhil/C…
nikhil2611 Dec 4, 2025
9394fa7
added config to scan sub directories for Gemfile.lock
nikhil2611 Dec 4, 2025
d0ad0c1
updated version
nikhil2611 Dec 4, 2025
70740f7
Configure Black Duck to scan only components/gems directory
nikhil2611 Dec 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 6 additions & 5 deletions .github/workflows/ci-main-pull-request-stub.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,9 +7,9 @@ name: CI Pull Request on Main Branch

on:
pull_request:
branches: [ main, develop, release/** ]
branches: [ nikhil/CHEF-28158-NOTICE-generation, develop, release/** ]
Copy link

Copilot AI Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The branch name 'nikhil/CHEF-28158-NOTICE-generation' doesn't match the PR's purpose of scanning subdirectories for Gemfile.lock files. The Jira ID references 'NOTICE-generation', but this PR is about configuring BlackDuck to scan subdirectories. Consider using a branch name that reflects the actual changes, such as 'nikhil/CHEF-XXXXX-blackduck-subdirectory-scan'.

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Branch reference 'nikhil/CHEF-28158-NOTICE-generation' appears to be a personal development branch. This should be reverted to 'main' before merging to ensure the workflow triggers on the correct branches.

Copilot uses AI. Check for mistakes.
push:
branches: [ main, develop, release/** ]
branches: [ nikhil/CHEF-28158-NOTICE-generation, develop, release/** ]
Copy link

Copilot AI Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Branch reference 'nikhil/CHEF-28158-NOTICE-generation' appears to be a personal development branch. This should be reverted to 'main' before merging to ensure the workflow triggers on the correct branches.

Copilot uses AI. Check for mistakes.

workflow_dispatch:

Expand All @@ -29,7 +29,7 @@ jobs:
echo "CI main pull request stub version $STUB_VERSION"

call-ci-main-pr-check-pipeline:
uses: chef/common-github-actions/.github/workflows/ci-main-pull-request.yml@main
uses: chef/common-github-actions/.github/workflows/ci-main-pull-request.yml@nikhil/detect-lockfile-in-subfolders-chef-workstation
Copy link

Copilot AI Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hardcoding a personal development branch reference in the workflow creates a temporary dependency that must be reverted before merging. This should be changed back to '@main' before the PR is merged to avoid breaking the workflow for other developers. Since this is marked '[DO NOT MERGE]', ensure this is addressed when creating the final version.

Suggested change
uses: chef/common-github-actions/.github/workflows/ci-main-pull-request.yml@nikhil/detect-lockfile-in-subfolders-chef-workstation
uses: chef/common-github-actions/.github/workflows/ci-main-pull-request.yml@main

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow reference uses a personal feature branch 'nikhil/detect-lockfile-in-subfolders-chef-workstation'. This should be changed to a stable reference (e.g., '@main' or a version tag) before merging.

Suggested change
uses: chef/common-github-actions/.github/workflows/ci-main-pull-request.yml@nikhil/detect-lockfile-in-subfolders-chef-workstation
uses: chef/common-github-actions/.github/workflows/ci-main-pull-request.yml@main

Copilot uses AI. Check for mistakes.
secrets: inherit
permissions:
id-token: write
Expand All @@ -40,7 +40,7 @@ jobs:
# go-private-modules: GOPRIVATE for Go private modules, default is 'github.com/progress-platform-services/*

# if version specified, it takes precedence; can be a semver like 1.0.2-xyz or a tag like "latest"
version: '25.8.1091' # ${{ github.event.repository.version }}
version: '25.12.1100' # ${{ github.event.repository.version }}
detect-version-source-type: 'none' # options include "none" (do not detect), "file", "github-tag" or "github-release"
detect-version-source-parameter: '' # use for file name
language: 'ruby' # Go, Ruby, Rust, JavaScript, TypeScript, Python, Java, C#, PHP, other - used for build and SonarQube language setting
Expand Down Expand Up @@ -99,7 +99,8 @@ jobs:
perform-blackduck-sca-scan: true # combined with generate sbom & generate github-sbom, also needs version above
blackduck-project-group-name: 'Chef-Agents' # typically one of (Chef), Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services, Chef-Non-Product'
blackduck-project-name: ${{ github.event.repository.name }} # BlackDuck project name, typically the repository name
generate-blackduck-sbom: false # obsolete, use perform-blackduck-sca-scan instead
blackduck-detect-source-paths: 'components/gems' # Scan only the components/gems directory for Gemfile.lock
generate-blackduck-sbom: true # obsolete, use perform-blackduck-sca-scan instead
Copy link

Copilot AI Dec 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The comment indicates this parameter is obsolete and 'perform-blackduck-sca-scan' should be used instead. Setting this to 'true' while it's marked obsolete creates confusion. Either remove this parameter or clarify why it's being enabled despite being obsolete.

Suggested change
generate-blackduck-sbom: true # obsolete, use perform-blackduck-sca-scan instead

Copilot uses AI. Check for mistakes.

generate-msft-sbom: false
license_scout: false # Run license scout for license compliance (uses .license_scout.yml)
Expand Down
Loading