From 409c73ce77deccab6f83f9cfb8932d985cb9fbc6 Mon Sep 17 00:00:00 2001 From: Stephen Barrett Date: Thu, 18 Jun 2026 13:21:27 +0200 Subject: [PATCH 1/3] Update fossid_integration_stateless_diffscan_target_repo.yml --- ...gration_stateless_diffscan_target_repo.yml | 62 +++++++++++++++++-- 1 file changed, 56 insertions(+), 6 deletions(-) diff --git a/.github/workflows/fossid_integration_stateless_diffscan_target_repo.yml b/.github/workflows/fossid_integration_stateless_diffscan_target_repo.yml index 5038b43..df603a5 100644 --- a/.github/workflows/fossid_integration_stateless_diffscan_target_repo.yml +++ b/.github/workflows/fossid_integration_stateless_diffscan_target_repo.yml @@ -1,13 +1,63 @@ name: Fossid Stateless Diff Scan -on: +on: pull_request: - branches: - - develop + types: [opened, synchronize, reopened] + workflow_dispatch: # NEW: manual trigger + inputs: + pr_number: + description: 'PR number to scan (including fork PRs)' + required: true + type: number + +permissions: + contents: read + pull-requests: read + jobs: - call-fossid-workflow: - uses: rdkcentral/build_tools_workflows/.github/workflows/fossid_integration_stateless_diffscan.yml@develop - secrets: + # Automatic scan for internal PRs (same repo, not a fork) + call-fossid-pr: + if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository + uses: rdkcentral/build_tools_workflows/.github/workflows/fossid_integration_stateless_diffscan.yml@1.0.0 + secrets: + FOSSID_CONTAINER_USERNAME: ${{ secrets.FOSSID_CONTAINER_USERNAME }} + FOSSID_CONTAINER_PASSWORD: ${{ secrets.FOSSID_CONTAINER_PASSWORD }} + FOSSID_HOST_USERNAME: ${{ secrets.FOSSID_HOST_USERNAME }} + FOSSID_HOST_TOKEN: ${{ secrets.FOSSID_HOST_TOKEN }} + + # Manual scan for any PR (including fork PRs) — step 1: resolve refs + resolve-pr-refs: + name: Resolve PR Refs + if: github.event_name == 'workflow_dispatch' + runs-on: ubuntu-latest + outputs: + base_ref: ${{ steps.pr.outputs.base_ref }} + head_sha: ${{ steps.pr.outputs.head_sha }} + steps: + - name: Get PR details + id: pr + uses: actions/github-script@v8 + with: + script: | + const prNumber = parseInt(context.payload.inputs.pr_number, 10); + const { data: pr } = await github.rest.pulls.get({ + owner: context.repo.owner, + repo: context.repo.repo, + pull_number: prNumber + }); + core.setOutput('base_ref', pr.base.ref); + core.setOutput('head_sha', pr.head.sha); + + # Manual scan for any PR (including fork PRs) — step 2: run fossid with explicit refs + call-fossid-dispatch: + if: github.event_name == 'workflow_dispatch' + needs: [resolve-pr-refs] + uses: rdkcentral/build_tools_workflows/.github/workflows/fossid_integration_stateless_diffscan.yml@1.0.0 + with: + base_ref: ${{ needs.resolve-pr-refs.outputs.base_ref }} + compare_ref: ${{ needs.resolve-pr-refs.outputs.head_sha }} + pr_number: ${{ github.event.inputs.pr_number }} + secrets: FOSSID_CONTAINER_USERNAME: ${{ secrets.FOSSID_CONTAINER_USERNAME }} FOSSID_CONTAINER_PASSWORD: ${{ secrets.FOSSID_CONTAINER_PASSWORD }} FOSSID_HOST_USERNAME: ${{ secrets.FOSSID_HOST_USERNAME }} From 721b4aeaae3464e3b01fb90cba8a8605ee9d83ea Mon Sep 17 00:00:00 2001 From: Stephen Barrett Date: Thu, 25 Jun 2026 11:24:20 +0100 Subject: [PATCH 2/3] Update fossid_integration_stateless_diffscan_target_repo.yml --- .../fossid_integration_stateless_diffscan_target_repo.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fossid_integration_stateless_diffscan_target_repo.yml b/.github/workflows/fossid_integration_stateless_diffscan_target_repo.yml index df603a5..0bb7c77 100644 --- a/.github/workflows/fossid_integration_stateless_diffscan_target_repo.yml +++ b/.github/workflows/fossid_integration_stateless_diffscan_target_repo.yml @@ -8,7 +8,7 @@ on: pr_number: description: 'PR number to scan (including fork PRs)' required: true - type: number + type: string permissions: contents: read From 6b8d4c5799f61a12bc26cdae23f5e67fc927d864 Mon Sep 17 00:00:00 2001 From: Stephen Barrett Date: Thu, 25 Jun 2026 11:28:27 +0100 Subject: [PATCH 3/3] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .../fossid_integration_stateless_diffscan_target_repo.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/fossid_integration_stateless_diffscan_target_repo.yml b/.github/workflows/fossid_integration_stateless_diffscan_target_repo.yml index 0bb7c77..cc84af3 100644 --- a/.github/workflows/fossid_integration_stateless_diffscan_target_repo.yml +++ b/.github/workflows/fossid_integration_stateless_diffscan_target_repo.yml @@ -20,10 +20,10 @@ jobs: if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository uses: rdkcentral/build_tools_workflows/.github/workflows/fossid_integration_stateless_diffscan.yml@1.0.0 secrets: - FOSSID_CONTAINER_USERNAME: ${{ secrets.FOSSID_CONTAINER_USERNAME }} - FOSSID_CONTAINER_PASSWORD: ${{ secrets.FOSSID_CONTAINER_PASSWORD }} - FOSSID_HOST_USERNAME: ${{ secrets.FOSSID_HOST_USERNAME }} - FOSSID_HOST_TOKEN: ${{ secrets.FOSSID_HOST_TOKEN }} + FOSSID_CONTAINER_USERNAME: ${{ secrets.FOSSID_CONTAINER_USERNAME }} + FOSSID_CONTAINER_PASSWORD: ${{ secrets.FOSSID_CONTAINER_PASSWORD }} + FOSSID_HOST_USERNAME: ${{ secrets.FOSSID_HOST_USERNAME }} + FOSSID_HOST_TOKEN: ${{ secrets.FOSSID_HOST_TOKEN }} # Manual scan for any PR (including fork PRs) — step 1: resolve refs resolve-pr-refs: