From 586d9c53a7e8ea1863fad63ffe0785640e56a28d Mon Sep 17 00:00:00 2001 From: Matt Lord Date: Mon, 5 Feb 2024 16:55:30 -0500 Subject: [PATCH 1/8] Use v3 of fossa-action after adding push only token Signed-off-by: Matt Lord --- .github/workflows/static_checks_etc.yml | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/.github/workflows/static_checks_etc.yml b/.github/workflows/static_checks_etc.yml index 4be7721c119..42c146407bf 100644 --- a/.github/workflows/static_checks_etc.yml +++ b/.github/workflows/static_checks_etc.yml @@ -34,13 +34,8 @@ jobs: uses: actions/checkout@v3 - name: Run FOSSA scan and upload build data - # Fails on pull requests when using the API key secret. - # In order to run it on pull requests we would need to - # generate a push only token and specify that as plain - # text here: - # https://github.com/fossa-contrib/fossa-action#push-only-api-token - if: github.ref == 'refs/heads/main' - uses: fossa-contrib/fossa-action@v2 + if: steps.skip-workflow.outputs.skip-workflow == 'false' + uses: fossa-contrib/fossa-action@v3 with: fossa-api-key: ${{ secrets.FOSSA_API_KEY }} From 234e64a4ac41f3f41bca05ae9d8c5dd55bebda54 Mon Sep 17 00:00:00 2001 From: Matt Lord Date: Mon, 5 Feb 2024 17:00:55 -0500 Subject: [PATCH 2/8] Add push only token to workflow Signed-off-by: Matt Lord --- .github/workflows/static_checks_etc.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/static_checks_etc.yml b/.github/workflows/static_checks_etc.yml index 42c146407bf..37e1ffcd10b 100644 --- a/.github/workflows/static_checks_etc.yml +++ b/.github/workflows/static_checks_etc.yml @@ -37,7 +37,8 @@ jobs: if: steps.skip-workflow.outputs.skip-workflow == 'false' uses: fossa-contrib/fossa-action@v3 with: - fossa-api-key: ${{ secrets.FOSSA_API_KEY }} + # This is a push-only API token: https://github.com/fossa-contrib/fossa-action#push-only-api-token + fossa-api-key: f62c11ef0c249fef239947f01279aa0f - name: Check for changes in Go files if: steps.skip-workflow.outputs.skip-workflow == 'false' From fb636dab8d4827859f2004835331a441a8587459 Mon Sep 17 00:00:00 2001 From: Matt Lord Date: Mon, 5 Feb 2024 17:10:13 -0500 Subject: [PATCH 3/8] Add fossa.yml Signed-off-by: Matt Lord --- .fossa.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 .fossa.yml diff --git a/.fossa.yml b/.fossa.yml new file mode 100644 index 00000000000..a4e3bc51c18 --- /dev/null +++ b/.fossa.yml @@ -0,0 +1,11 @@ +version: 3 + +project: + id: vitess + name: vitess + +# ignore a noisy warning produced by this file, it's a schema not a package.json +targets: + exclude: + - type: maven + path: java From 26980ebbdc7de2b6a1f4160e4ed638286408bc96 Mon Sep 17 00:00:00 2001 From: Matt Lord Date: Mon, 5 Feb 2024 17:25:13 -0500 Subject: [PATCH 4/8] Correct comment Signed-off-by: Matt Lord --- .fossa.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.fossa.yml b/.fossa.yml index a4e3bc51c18..013accd4498 100644 --- a/.fossa.yml +++ b/.fossa.yml @@ -4,7 +4,7 @@ project: id: vitess name: vitess -# ignore a noisy warning produced by this file, it's a schema not a package.json +# Exclude the maven based scanning of our java client until we can get it working again. targets: exclude: - type: maven From 1a91867f6b4d2d702ebc268d140d2699ec6ac3c3 Mon Sep 17 00:00:00 2001 From: Matt Lord Date: Mon, 5 Feb 2024 17:47:45 -0500 Subject: [PATCH 5/8] Revert push only token portion as it's not working The FOSSA endpoint reported an error: You are not permitted to edit this project. Signed-off-by: Matt Lord --- .github/workflows/static_checks_etc.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/static_checks_etc.yml b/.github/workflows/static_checks_etc.yml index 37e1ffcd10b..4be7721c119 100644 --- a/.github/workflows/static_checks_etc.yml +++ b/.github/workflows/static_checks_etc.yml @@ -34,11 +34,15 @@ jobs: uses: actions/checkout@v3 - name: Run FOSSA scan and upload build data - if: steps.skip-workflow.outputs.skip-workflow == 'false' - uses: fossa-contrib/fossa-action@v3 + # Fails on pull requests when using the API key secret. + # In order to run it on pull requests we would need to + # generate a push only token and specify that as plain + # text here: + # https://github.com/fossa-contrib/fossa-action#push-only-api-token + if: github.ref == 'refs/heads/main' + uses: fossa-contrib/fossa-action@v2 with: - # This is a push-only API token: https://github.com/fossa-contrib/fossa-action#push-only-api-token - fossa-api-key: f62c11ef0c249fef239947f01279aa0f + fossa-api-key: ${{ secrets.FOSSA_API_KEY }} - name: Check for changes in Go files if: steps.skip-workflow.outputs.skip-workflow == 'false' From c5b72d55c7efeb025881efae10bae9227fbd5031 Mon Sep 17 00:00:00 2001 From: Matt Lord Date: Mon, 5 Feb 2024 17:50:16 -0500 Subject: [PATCH 6/8] Revert "Revert push only token portion as it's not working" This reverts commit 1a91867f6b4d2d702ebc268d140d2699ec6ac3c3. Signed-off-by: Matt Lord --- .github/workflows/static_checks_etc.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/.github/workflows/static_checks_etc.yml b/.github/workflows/static_checks_etc.yml index 4be7721c119..37e1ffcd10b 100644 --- a/.github/workflows/static_checks_etc.yml +++ b/.github/workflows/static_checks_etc.yml @@ -34,15 +34,11 @@ jobs: uses: actions/checkout@v3 - name: Run FOSSA scan and upload build data - # Fails on pull requests when using the API key secret. - # In order to run it on pull requests we would need to - # generate a push only token and specify that as plain - # text here: - # https://github.com/fossa-contrib/fossa-action#push-only-api-token - if: github.ref == 'refs/heads/main' - uses: fossa-contrib/fossa-action@v2 + if: steps.skip-workflow.outputs.skip-workflow == 'false' + uses: fossa-contrib/fossa-action@v3 with: - fossa-api-key: ${{ secrets.FOSSA_API_KEY }} + # This is a push-only API token: https://github.com/fossa-contrib/fossa-action#push-only-api-token + fossa-api-key: f62c11ef0c249fef239947f01279aa0f - name: Check for changes in Go files if: steps.skip-workflow.outputs.skip-workflow == 'false' From c8a1a9b07ea88bcbefc60165b30301e6b3ea29e9 Mon Sep 17 00:00:00 2001 From: Matt Lord Date: Mon, 5 Feb 2024 22:25:06 -0500 Subject: [PATCH 7/8] Add github token secret Signed-off-by: Matt Lord --- .github/workflows/static_checks_etc.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/static_checks_etc.yml b/.github/workflows/static_checks_etc.yml index 37e1ffcd10b..4cead5c232c 100644 --- a/.github/workflows/static_checks_etc.yml +++ b/.github/workflows/static_checks_etc.yml @@ -39,6 +39,7 @@ jobs: with: # This is a push-only API token: https://github.com/fossa-contrib/fossa-action#push-only-api-token fossa-api-key: f62c11ef0c249fef239947f01279aa0f + github-token: ${{ github.token }} - name: Check for changes in Go files if: steps.skip-workflow.outputs.skip-workflow == 'false' From 1d1b7fda7ae5855812bb4b999b0da2bd8bcef3f2 Mon Sep 17 00:00:00 2001 From: Matt Lord Date: Sun, 11 Feb 2024 11:05:16 -0500 Subject: [PATCH 8/8] Go back to only running on main with the org secret Signed-off-by: Matt Lord --- .github/workflows/static_checks_etc.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/static_checks_etc.yml b/.github/workflows/static_checks_etc.yml index 97ba668e619..06f86cb9c70 100644 --- a/.github/workflows/static_checks_etc.yml +++ b/.github/workflows/static_checks_etc.yml @@ -34,12 +34,17 @@ jobs: uses: actions/checkout@v3 - name: Run FOSSA scan and upload build data - if: steps.skip-workflow.outputs.skip-workflow == 'false' + # Fails on pull requests when using the API key secret. + # In order to run it on pull requests we would need to + # generate a push only token and specify that as plain + # text here: + # https://github.com/fossa-contrib/fossa-action#push-only-api-token + # BUT, it also requires that the fork have its own + # independent integration setup with fossa.com. + if: github.ref == 'refs/heads/main' uses: fossa-contrib/fossa-action@v3 with: - # This is a push-only API token: https://github.com/fossa-contrib/fossa-action#push-only-api-token - fossa-api-key: f62c11ef0c249fef239947f01279aa0f - github-token: ${{ github.token }} + fossa-api-key: ${{ secrets.FOSSA_API_KEY }} - name: Check for changes in Go files if: steps.skip-workflow.outputs.skip-workflow == 'false'