From aaf30fdfe1823dc9d9c84d8436154ed324598cdd Mon Sep 17 00:00:00 2001 From: sandhi Date: Thu, 18 Sep 2025 13:12:30 +0530 Subject: [PATCH 01/11] Pipeline fixes Signed-off-by: sandhi --- .github/workflows/ci-main-pull-request.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/.github/workflows/ci-main-pull-request.yml b/.github/workflows/ci-main-pull-request.yml index f3c03a7..b9d054e 100644 --- a/.github/workflows/ci-main-pull-request.yml +++ b/.github/workflows/ci-main-pull-request.yml @@ -463,6 +463,11 @@ jobs: with: go-version: '1.24' check-latest: true + - name: Configure git for private Go modules + if: env.GA_BUILD_LANGUAGE == 'go' + env: + GOPRIVATE: ${{ inputs.go-private-modules }} + run: git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/" - name: Go linting and security checks if: env.GA_BUILD_LANGUAGE == 'go' run: | @@ -558,6 +563,21 @@ jobs: needs: checkout runs-on: ubuntu-latest steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Set up Go + if: env.GA_BUILD_LANGUAGE == 'go' + uses: actions/setup-go@v5 + with: + go-version: '1.24' + check-latest: true + - name: Configure git for private Go modules + if: env.GA_BUILD_LANGUAGE == 'go' + env: + GOPRIVATE: ${{ inputs.go-private-modules }} + run: git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/" - name: BUILD run: echo 'BUILD STEP' # runs-on: ubuntu-latest From 25762ce2772c5032f3aaf99a5c022ebe46260d10 Mon Sep 17 00:00:00 2001 From: sandhi Date: Fri, 19 Sep 2025 12:25:32 +0530 Subject: [PATCH 02/11] Pipeline fixes Signed-off-by: sandhi --- .github/workflows/sbom.yml | 29 +++++++++++++++++++---------- 1 file changed, 19 insertions(+), 10 deletions(-) diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 1eef02c..277add2 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -190,6 +190,17 @@ jobs: - name: Checkout source uses: actions/checkout@v4 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version: 'stable' + check-latest: true + + - name: Configure git for private Go modules + env: + GOPRIVATE: ${{ inputs.go-private-modules }} + run: git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/" + - name: BlackDuck SCA scan id: black-duck-sca-scan run: | @@ -225,11 +236,10 @@ jobs: go-version: 'stable' # go-version: 1.24.2 # check-latest: true - # - name: Configure git for private modules - # env: - # GOPRIVATE: github.com/progress-platform-services/* - # use ${{ inputs.go-private-modules }} - # run: git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/" + - name: Configure git for private modules + env: + GOPRIVATE: ${{ inputs.go-private-modules }} + run: git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/" - name: create folder run: mkdir -p ./bin @@ -269,11 +279,10 @@ jobs: # go-version: 1.24.2 # check-latest: true - # - name: Configure git for private modules - # env: - # GOPRIVATE: github.com/progress-platform-services/* - # use ${{ inputs.go-private-modules }} - # run: git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/" + - name: Configure git for private modules + env: + GOPRIVATE: ${{ inputs.go-private-modules }} + run: git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/" - name: set up license_scout uses: ruby/setup-ruby@v1 From 188fc090057d424e6e4b998ca5fe7421427299ae Mon Sep 17 00:00:00 2001 From: sandhi Date: Fri, 19 Sep 2025 12:35:27 +0530 Subject: [PATCH 03/11] Pipeline fixes Signed-off-by: sandhi --- .github/workflows/sbom.yml | 31 ++++++++++++++++++++++++++++++- 1 file changed, 30 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 277add2..7106657 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -199,7 +199,36 @@ jobs: - name: Configure git for private Go modules env: GOPRIVATE: ${{ inputs.go-private-modules }} - run: git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/" + run: | + git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/" + # Also set up Git credentials for this session + git config --global credential.helper store + echo "https://${{ secrets.GH_TOKEN }}@github.com" > ~/.git-credentials + # Set additional Go environment variables + echo "GOPRIVATE=${{ inputs.go-private-modules }}" >> $GITHUB_ENV + echo "GOPROXY=direct" >> $GITHUB_ENV + echo "GOSUMDB=off" >> $GITHUB_ENV + + - name: Download Go dependencies with authentication + run: | + if [ -f "go.mod" ]; then + echo "Current Go environment:" + echo "GOPRIVATE: $GOPRIVATE" + echo "GOPROXY: $GOPROXY" + echo "GOSUMDB: $GOSUMDB" + echo "Downloading Go dependencies..." + # First, try to download dependencies normally + go mod download -x + # Also try to verify and tidy modules + go mod verify || true + go mod tidy || true + echo "Go dependency download completed" + # List downloaded modules for debugging + go list -m all || true + else + echo "No go.mod file found, skipping Go dependency download" + fi + continue-on-error: true - name: BlackDuck SCA scan id: black-duck-sca-scan From 4ddb783f8c052dd30c2504efadf971829628424d Mon Sep 17 00:00:00 2001 From: sandhi Date: Fri, 19 Sep 2025 13:32:33 +0530 Subject: [PATCH 04/11] Pipeline fixes Signed-off-by: sandhi --- .github/workflows/ci-main-pull-request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-main-pull-request.yml b/.github/workflows/ci-main-pull-request.yml index b9d054e..1cdb94d 100644 --- a/.github/workflows/ci-main-pull-request.yml +++ b/.github/workflows/ci-main-pull-request.yml @@ -943,7 +943,7 @@ jobs: generate-sbom: name: 'Generating SBOM' if: ${{ inputs.generate-sbom == true }} - uses: chef/common-github-actions/.github/workflows/sbom.yml@main + uses: chef/common-github-actions/.github/workflows/sbom.yml@sandhi/fix-pipeline needs: ci-build secrets: inherit with: From 58329b3cab20073f9f39aef585b54b5b231c6c97 Mon Sep 17 00:00:00 2001 From: sandhi Date: Fri, 19 Sep 2025 13:44:59 +0530 Subject: [PATCH 05/11] Pipeline fixes Signed-off-by: sandhi --- .github/workflows/sbom.yml | 37 +++++++++---------------------------- 1 file changed, 9 insertions(+), 28 deletions(-) diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 7106657..f8740f0 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -199,34 +199,15 @@ jobs: - name: Configure git for private Go modules env: GOPRIVATE: ${{ inputs.go-private-modules }} - run: | - git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/" - # Also set up Git credentials for this session - git config --global credential.helper store - echo "https://${{ secrets.GH_TOKEN }}@github.com" > ~/.git-credentials - # Set additional Go environment variables - echo "GOPRIVATE=${{ inputs.go-private-modules }}" >> $GITHUB_ENV - echo "GOPROXY=direct" >> $GITHUB_ENV - echo "GOSUMDB=off" >> $GITHUB_ENV + run: git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/" - - name: Download Go dependencies with authentication + - name: Download Go dependencies + env: + GOPRIVATE: ${{ inputs.go-private-modules }} run: | if [ -f "go.mod" ]; then - echo "Current Go environment:" - echo "GOPRIVATE: $GOPRIVATE" - echo "GOPROXY: $GOPROXY" - echo "GOSUMDB: $GOSUMDB" echo "Downloading Go dependencies..." - # First, try to download dependencies normally - go mod download -x - # Also try to verify and tidy modules - go mod verify || true - go mod tidy || true - echo "Go dependency download completed" - # List downloaded modules for debugging - go list -m all || true - else - echo "No go.mod file found, skipping Go dependency download" + go mod download fi continue-on-error: true @@ -238,7 +219,9 @@ jobs: - name: BlackDuck SBOM scan uses: blackduck-inc/black-duck-security-scan@v2.1.1 + continue-on-error: true # Allow pipeline to continue even with policy violations env: + GOPRIVATE: ${{ inputs.go-private-modules }} DETECT_PROJECT_GROUP_NAME: ${{ inputs.blackduck-project-group-name}} #'Chef-Agents' # , Chef, Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services DETECT_PROJECT_NAME: ${{ inputs.blackduck-project-name }} DETECT_PROJECT_VERSION_NAME: ${{ inputs.version }} # @@ -263,8 +246,7 @@ jobs: uses: actions/setup-go@v5 with: go-version: 'stable' -# go-version: 1.24.2 -# check-latest: true + check-latest: true - name: Configure git for private modules env: GOPRIVATE: ${{ inputs.go-private-modules }} @@ -305,8 +287,7 @@ jobs: uses: actions/setup-go@v5 with: go-version: 'stable' -# go-version: 1.24.2 -# check-latest: true + check-latest: true - name: Configure git for private modules env: From cfcac91db5405302e56687e83f6527266ade2a9e Mon Sep 17 00:00:00 2001 From: sandhi Date: Fri, 19 Sep 2025 13:46:36 +0530 Subject: [PATCH 06/11] Pipeline fixes Signed-off-by: sandhi --- .github/workflows/sbom.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index f8740f0..54e20ed 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -219,7 +219,6 @@ jobs: - name: BlackDuck SBOM scan uses: blackduck-inc/black-duck-security-scan@v2.1.1 - continue-on-error: true # Allow pipeline to continue even with policy violations env: GOPRIVATE: ${{ inputs.go-private-modules }} DETECT_PROJECT_GROUP_NAME: ${{ inputs.blackduck-project-group-name}} #'Chef-Agents' # , Chef, Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services @@ -246,7 +245,8 @@ jobs: uses: actions/setup-go@v5 with: go-version: 'stable' - check-latest: true +# go-version: 1.24.2 +# check-latest: true - name: Configure git for private modules env: GOPRIVATE: ${{ inputs.go-private-modules }} @@ -287,7 +287,8 @@ jobs: uses: actions/setup-go@v5 with: go-version: 'stable' - check-latest: true +# go-version: 1.24.2 +# check-latest: true - name: Configure git for private modules env: From 15941dcd79c9c4be8007c1d3b8ceb56d50b63838 Mon Sep 17 00:00:00 2001 From: sandhi Date: Fri, 19 Sep 2025 13:50:01 +0530 Subject: [PATCH 07/11] Pipeline fixes Signed-off-by: sandhi --- .github/workflows/sbom.yml | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 54e20ed..588d2e5 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -190,27 +190,11 @@ jobs: - name: Checkout source uses: actions/checkout@v4 - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version: 'stable' - check-latest: true - - name: Configure git for private Go modules env: GOPRIVATE: ${{ inputs.go-private-modules }} run: git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/" - - name: Download Go dependencies - env: - GOPRIVATE: ${{ inputs.go-private-modules }} - run: | - if [ -f "go.mod" ]; then - echo "Downloading Go dependencies..." - go mod download - fi - continue-on-error: true - - name: BlackDuck SCA scan id: black-duck-sca-scan run: | From d86d50a6b758564d80f7e048af4108e13600dd72 Mon Sep 17 00:00:00 2001 From: sandhi Date: Fri, 19 Sep 2025 13:52:07 +0530 Subject: [PATCH 08/11] Pipeline fixes Signed-off-by: sandhi --- .github/workflows/ci-main-pull-request.yml | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/.github/workflows/ci-main-pull-request.yml b/.github/workflows/ci-main-pull-request.yml index 1cdb94d..76a6f00 100644 --- a/.github/workflows/ci-main-pull-request.yml +++ b/.github/workflows/ci-main-pull-request.yml @@ -563,21 +563,6 @@ jobs: needs: checkout runs-on: ubuntu-latest steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - name: Set up Go - if: env.GA_BUILD_LANGUAGE == 'go' - uses: actions/setup-go@v5 - with: - go-version: '1.24' - check-latest: true - - name: Configure git for private Go modules - if: env.GA_BUILD_LANGUAGE == 'go' - env: - GOPRIVATE: ${{ inputs.go-private-modules }} - run: git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/" - name: BUILD run: echo 'BUILD STEP' # runs-on: ubuntu-latest From 4439e2d607d02625e20836dbfca156c6ac637ebe Mon Sep 17 00:00:00 2001 From: sandhi Date: Fri, 19 Sep 2025 15:09:48 +0530 Subject: [PATCH 09/11] Pipeline fixes Signed-off-by: sandhi --- .github/workflows/sbom.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 588d2e5..3ba50d1 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -203,6 +203,7 @@ jobs: - name: BlackDuck SBOM scan uses: blackduck-inc/black-duck-security-scan@v2.1.1 + continue-on-error: true # Allow pipeline to continue even with policy violations env: GOPRIVATE: ${{ inputs.go-private-modules }} DETECT_PROJECT_GROUP_NAME: ${{ inputs.blackduck-project-group-name}} #'Chef-Agents' # , Chef, Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services From 60a435fb7b5f22561b6768eccafd2c5f2aa8260e Mon Sep 17 00:00:00 2001 From: sandhi agarwal <33195661+sandhi18@users.noreply.github.com> Date: Tue, 28 Oct 2025 11:28:45 +0530 Subject: [PATCH 10/11] Update ci-main-pull-request.yml --- .github/workflows/ci-main-pull-request.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-main-pull-request.yml b/.github/workflows/ci-main-pull-request.yml index 76a6f00..5ef6645 100644 --- a/.github/workflows/ci-main-pull-request.yml +++ b/.github/workflows/ci-main-pull-request.yml @@ -928,7 +928,7 @@ jobs: generate-sbom: name: 'Generating SBOM' if: ${{ inputs.generate-sbom == true }} - uses: chef/common-github-actions/.github/workflows/sbom.yml@sandhi/fix-pipeline + uses: chef/common-github-actions/.github/workflows/sbom.yml@main needs: ci-build secrets: inherit with: @@ -966,4 +966,4 @@ jobs: go-private-modules: ${{ inputs.go-private-modules }} udf1: ${{ inputs.udf1 }} udf2: ${{ inputs.udf2 }} - udf3: ${{ inputs.udf3 }} \ No newline at end of file + udf3: ${{ inputs.udf3 }} From 87d5c9840bc8ad5ed742e961da5228f4900406f9 Mon Sep 17 00:00:00 2001 From: sandhi Date: Thu, 30 Oct 2025 10:49:20 +0530 Subject: [PATCH 11/11] Fix dco Signed-off-by: sandhi --- .github/workflows/ci-main-pull-request.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci-main-pull-request.yml b/.github/workflows/ci-main-pull-request.yml index 5ef6645..2736c91 100644 --- a/.github/workflows/ci-main-pull-request.yml +++ b/.github/workflows/ci-main-pull-request.yml @@ -967,3 +967,4 @@ jobs: udf1: ${{ inputs.udf1 }} udf2: ${{ inputs.udf2 }} udf3: ${{ inputs.udf3 }} +