rdkcentral · sbarre01 · Jun 25, 2026 · Jun 25, 2026 · Jun 25, 2026 · Jun 25, 2026
@@ -0,0 +1,2 @@
+FOSSID workflow test PR marker
+Created: 2026-06-25T13:12:51Z
@@ -2,6 +2,22 @@
 
 on:
   workflow_call:
+    inputs:
+      base_ref:                          # NEW: optional explicit base ref
+        description: 'Base ref for diff (e.g. develop). Empty = auto-detect.'
+        required: false
+        type: string
+        default: ''
+      compare_ref:                       # NEW: optional explicit compare ref
+        description: 'Compare ref/SHA for diff. Empty = auto-detect.'
+        required: false
+        type: string
+        default: ''
+      pr_number:                         # NEW: PR number (for fetching fork commits)
+        description: 'PR number (used to fetch fork head ref). Empty = not needed.'
+        required: false
+        type: string
+        default: ''
     secrets:
       FOSSID_CONTAINER_USERNAME:
         required: true
@@ -24,8 +40,21 @@
     steps:
       - name: Checkout Code
         uses: actions/checkout@v5
+        with:
+          fetch-depth: 0                             # Full clone to ensure base ref is available
+
+      # NEW STEP: container runs as different user than checkout — mark safe
+      - name: Mark workspace safe
+        run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+      # NEW STEP: fetch the fork PR's head commits (not in origin by default)
+      - name: Fetch PR head ref
+        if: inputs.pr_number != ''
+        env:
+          PR_NUMBER: ${{ inputs.pr_number }}
+        run: git fetch origin pull/$PR_NUMBER/head
 
       - name: Checkout ignore projects file
         uses: actions/checkout@v5
        with:
          repository: rdkcentral/build_tools_workflows
@@ -33,16 +62,24 @@
             ignore_projects_fossid
           ref: develop
           path: tools
-
+        
       - name: Run fossid-toolbox
         env:
           FOSSID_HOST_USERNAME: ${{ secrets.FOSSID_HOST_USERNAME }}
           FOSSID_HOST_TOKEN: ${{ secrets.FOSSID_HOST_TOKEN }}
+          BASE_REF: ${{ inputs.base_ref }}
+          COMPARE_REF: ${{ inputs.compare_ref }}
         run: |
+          # NEW: build explicit ref args when provided, otherwise let fossid auto-detect
+          REF_ARGS=""
+          if [ -n "$BASE_REF" ] && [ -n "$COMPARE_REF" ]; then
+            REF_ARGS="--base-ref origin/$BASE_REF --compare-ref $COMPARE_REF"
+          fi
           fossid \
             diffscan \
             --fossid-host $FOSSID_HOST_USERNAME \
             --fossid-token $FOSSID_HOST_TOKEN \
             --format github \
             --fail \
-            --ignore-projects tools/ignore_projects_fossid
+            --ignore-projects tools/ignore_projects_fossid \
+            $REF_ARGS
@@ -1,13 +1,63 @@
 name: Fossid Stateless Diff Scan
 
-on: 
+on:
   pull_request:
-    branches:
-      - develop
+    types: [opened, synchronize, reopened]
+  workflow_dispatch:                          # NEW: manual trigger
+    inputs:
+      pr_number:
+        description: 'PR number to scan (including fork PRs)'
+        required: true
+        type: string
+
+permissions:
+  contents: read
+  pull-requests: read
+
 jobs:
-  call-fossid-workflow:
-    uses: rdkcentral/build_tools_workflows/.github/workflows/fossid_integration_stateless_diffscan.yml@develop
-    secrets: 
+  # Automatic scan for internal PRs (same repo, not a fork)
+  call-fossid-pr:
+    if: github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository
+    uses: rdkcentral/build_tools_workflows/.github/workflows/fossid_integration_stateless_diffscan.yml@feature/fossid-wflow-dispatch
+    secrets:
+      FOSSID_CONTAINER_USERNAME: ${{ secrets.FOSSID_CONTAINER_USERNAME }}
+      FOSSID_CONTAINER_PASSWORD: ${{ secrets.FOSSID_CONTAINER_PASSWORD }}
+      FOSSID_HOST_USERNAME: ${{ secrets.FOSSID_HOST_USERNAME }}
+      FOSSID_HOST_TOKEN: ${{ secrets.FOSSID_HOST_TOKEN }}
+
+  # Manual scan for any PR (including fork PRs) — step 1: resolve refs
+  resolve-pr-refs:
+    name: Resolve PR Refs
+    if: github.event_name == 'workflow_dispatch'
+    runs-on: ubuntu-latest
+    outputs:
+      base_ref: ${{ steps.pr.outputs.base_ref }}
+      head_sha: ${{ steps.pr.outputs.head_sha }}
+    steps:
+      - name: Get PR details
+        id: pr
+        uses: actions/github-script@v8
+        with:
+          script: |
+            const prNumber = parseInt(context.payload.inputs.pr_number, 10);
+            const { data: pr } = await github.rest.pulls.get({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              pull_number: prNumber
+            });
+            core.setOutput('base_ref', pr.base.ref);
+            core.setOutput('head_sha', pr.head.sha);
+
+  # Manual scan for any PR (including fork PRs) — step 2: run fossid with explicit refs
+  call-fossid-dispatch:
+    if: github.event_name == 'workflow_dispatch'
+    needs: [resolve-pr-refs]
+    uses: rdkcentral/build_tools_workflows/.github/workflows/fossid_integration_stateless_diffscan.yml@feature/fossid-wflow-dispatch
+    with:
+      base_ref: ${{ needs.resolve-pr-refs.outputs.base_ref }}
+      compare_ref: ${{ needs.resolve-pr-refs.outputs.head_sha }}
+      pr_number: ${{ github.event.inputs.pr_number }}
+    secrets:
         FOSSID_CONTAINER_USERNAME: ${{ secrets.FOSSID_CONTAINER_USERNAME }}
         FOSSID_CONTAINER_PASSWORD: ${{ secrets.FOSSID_CONTAINER_PASSWORD }}
         FOSSID_HOST_USERNAME: ${{ secrets.FOSSID_HOST_USERNAME }}
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,2 @@
		FOSSID workflow test PR marker
		Created: 2026-06-25T13:12:51Z