ci(SP-4166): add schema sync CI check

[isasmendiagus]

Summary

• Adds a CI workflow that checks the vendored scanoss-settings-schema.json is in sync with the source of truth in scanoss/schema
• Removes the stale duplicate schema from docs/source/_static/
• Uses the reusable workflow from scanoss/scanoss-devops

Test plan

• Schema sync check passes (schemas are in sync)
• Modifying vendored schema causes the check to fail with a diff

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Implemented automated schema synchronization validation checks on pull requests targeting the main branch.

[coderabbitai]

Warning

Rate limit exceeded

@isasmendiagus has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 23 minutes and 52 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 7814b33f-4010-4afd-b8dd-67701c50b0e6

📥 Commits

Reviewing files that changed from the base of the PR and between 1f911fa and c37abd1.

📒 Files selected for processing (1)

• src/scanoss/data/scanoss-settings-schema.json

📝 Walkthrough

Walkthrough

This PR introduces a GitHub Actions workflow for schema synchronization checks and removes the previously static schema documentation file. The new workflow delegates validation of schema consistency between two specified paths to an external reusable workflow on pull requests to main and manual triggers.

Changes

Cohort / File(s)	Summary
CI Workflow Addition .github/workflows/schema-sync.yml	New GitHub Actions workflow that runs schema synchronization checks on PR and manual dispatch, integrating a reusable workflow from an external repository with configured source and target schema paths.
Schema Documentation Removal docs/source/_static/scanoss-settings-schema.json	Removed static JSON schema document previously containing Scanoss settings validation structure, including definitions for self metadata, settings (skip rules, proxy/http config, file scanning), and BOM rule sets.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Suggested reviewers

• eeisegn

Poem

🐰 A schema sync workflow takes flight,
Checking paths both left and right,
Static docs now fade away,
Automation saves the day! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'ci(SP-4166): add schema sync CI check' clearly and specifically describes the main change: adding a CI workflow for schema synchronization verification.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch feat/SP-4166/schema-sync-ci

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

SCANOSS SCAN Completed 🚀

• Detected components: 2
• Undeclared components: 0
• Declared components: 2
• Detected files: 111
• Detected files undeclared: 0
• Detected files declared: 111
• Licenses detected: 1
• Licenses detected with copyleft: 0
• Policies: ✅ 1 pass (1 total)

View more details on SCANOSS Action Summary

[github-actions]

SCANOSS SCAN Completed 🚀

• Detected components: 2
• Undeclared components: 0
• Declared components: 2
• Detected files: 111
• Detected files undeclared: 0
• Detected files declared: 111
• Licenses detected: 1
• Licenses detected with copyleft: 0
• Policies: ✅ 1 pass (1 total)

View more details on SCANOSS Action Summary

[github-actions]

SCANOSS SCAN Completed 🚀

• Detected components: 2
• Undeclared components: 0
• Declared components: 2
• Detected files: 111
• Detected files undeclared: 0
• Detected files declared: 111
• Licenses detected: 1
• Licenses detected with copyleft: 0
• Policies: ✅ 1 pass (1 total)

View more details on SCANOSS Action Summary

[github-actions]

SCANOSS SCAN Completed 🚀

• Detected components: 2
• Undeclared components: 0
• Declared components: 2
• Detected files: 111
• Detected files undeclared: 0
• Detected files declared: 111
• Licenses detected: 1
• Licenses detected with copyleft: 0
• Policies: ✅ 1 pass (1 total)

View more details on SCANOSS Action Summary

[github-actions]

SCANOSS SCAN Completed 🚀

• Detected components: 2
• Undeclared components: 0
• Declared components: 2
• Detected files: 111
• Detected files undeclared: 0
• Detected files declared: 111
• Licenses detected: 1
• Licenses detected with copyleft: 0
• Policies: ✅ 1 pass (1 total)

View more details on SCANOSS Action Summary

[github-actions]

SCANOSS SCAN Completed 🚀

• Detected components: 2
• Undeclared components: 0
• Declared components: 2
• Detected files: 111
• Detected files undeclared: 0
• Detected files declared: 111
• Licenses detected: 1
• Licenses detected with copyleft: 0
• Policies: ✅ 1 pass (1 total)

View more details on SCANOSS Action Summary

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/schema-sync.yml:
- Line 10: The workflow is referencing a feature branch in the reusable workflow
call ("uses:
scanoss/schema/.github/workflows/schema-sync-check.yml@feat/SP-4166/schema-sync-ci");
update the ref to a stable branch or commit (e.g., replace the feature branch
ref with "main" or a specific commit SHA or release tag) so the reusable
workflow is pinned to an immutable, stable ref; ensure the updated "uses" value
exactly replaces the branch suffix after the '@' (e.g., "@main" or
"@<commit-sha>") in the existing uses entry.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 9bbeb189-5356-49c7-9d94-9dc238f6ffd2

📥 Commits

Reviewing files that changed from the base of the PR and between 7974777 and 1f911fa.

📒 Files selected for processing (2)

• .github/workflows/schema-sync.yml
• docs/source/_static/scanoss-settings-schema.json

💤 Files with no reviewable changes (1)

• docs/source/_static/scanoss-settings-schema.json

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Use a stable ref instead of a feature branch.

The reusable workflow is currently pinned to the feature branch feat/SP-4166/schema-sync-ci. Feature branches can be force-pushed, rebased, or deleted after merge, making this reference unstable for production workflows. According to the commit messages, this was intended to be switched to main.

🔧 Proposed fix to use main branch

-    uses: scanoss/schema/.github/workflows/schema-sync-check.yml@feat/SP-4166/schema-sync-ci
+    uses: scanoss/schema/.github/workflows/schema-sync-check.yml@main

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	uses: scanoss/schema/.github/workflows/schema-sync-check.yml@feat/SP-4166/schema-sync-ci
	uses: scanoss/schema/.github/workflows/schema-sync-check.yml@main

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/schema-sync.yml at line 10, The workflow is referencing a
feature branch in the reusable workflow call ("uses:
scanoss/schema/.github/workflows/schema-sync-check.yml@feat/SP-4166/schema-sync-ci");
update the ref to a stable branch or commit (e.g., replace the feature branch
ref with "main" or a specific commit SHA or release tag) so the reusable
workflow is pinned to an immutable, stable ref; ensure the updated "uses" value
exactly replaces the branch suffix after the '@' (e.g., "@main" or
"@<commit-sha>") in the existing uses entry.