Skip to content

Sigscanner PR scan#27

Merged
timweri merged 5 commits intomainfrom
sigscanner-pr-scan
Apr 3, 2026
Merged

Sigscanner PR scan#27
timweri merged 5 commits intomainfrom
sigscanner-pr-scan

Conversation

@timweri
Copy link
Copy Markdown
Collaborator

@timweri timweri commented Apr 2, 2026

As discussed, Sigscanner now has an endpoint for scanning the whole PR. Also, we are removing the fallback scanner. This simplifies the workflow a lot.

@timweri timweri requested a review from Copilot April 2, 2026 07:18
@timweri timweri requested a review from erikburt April 2, 2026 07:21
Copilot AI reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds support for scanning an entire PR via Sigscanner’s new endpoint and removes the per-commit + fallback scanner logic from the Sigscanner GitHub Actions workflow.

Changes:

  • Replace per-commit verification loop with a single PR-level Sigscanner API call (with retries).
  • Remove the fallback scanner step and associated commit-fetching logic.
  • Tighten workflow permissions to an empty set.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/sigscanner-check.yml
Comment thread .github/workflows/sigscanner-check.yml Outdated
Comment on lines +40 to +42
res_unverified_commits=$(echo "$response" | jq '.unverified_commits')
res_error=$(echo "$response" | jq -r '.error')

Copy link

Copilot AI Apr 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The workflow runner uses bash -e by default; if Sigscanner returns a non-JSON body (e.g., HTML error page/timeouts), the jq commands will exit non-zero and terminate the step immediately, bypassing the retry loop. Consider guarding JSON parsing (e.g., validate with jq -e and handle parse failures) so transient errors actually trigger retries.

Copilot uses AI. Check for mistakes.
Copy link
Copy Markdown

@javuto javuto Apr 3, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not a bad point

Comment thread .github/workflows/sigscanner-check.yml Outdated
@timweri
Update .github/workflows/sigscanner-check.yml
c5518be 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@timweri timweri marked this pull request as ready for review April 2, 2026 14:36
@timweri timweri requested a review from a team as a code owner April 2, 2026 14:36
@timweri timweri changed the title [DO NOT MERGE] Sigscanner PR scan Sigscanner PR scan Apr 2, 2026
@erikburt
Copy link
Copy Markdown
Collaborator

erikburt commented Apr 2, 2026

Nice!!

@timweri timweri requested a review from Copilot April 2, 2026 20:42
Copilot AI reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/sigscanner-check.yml
Comment thread .github/workflows/sigscanner-check.yml
@timweri timweri requested a review from Copilot April 2, 2026 21:34
Copilot AI reviewed Apr 2, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/sigscanner-check.yml
Comment thread .github/workflows/sigscanner-check.yml
javuto
javuto approved these changes Apr 3, 2026
View reviewed changes
Copy link
Copy Markdown

@javuto javuto left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Always a pleasure to review some excellent bash! Maybe handling parsing errors with jq as suggested by Copilot wouldn't be a bad idea, just in case something other than JSON is returned. Ship it!

@timweri timweri merged commit ef1c15d into main Apr 3, 2026
14 of 15 checks passed
@timweri timweri deleted the sigscanner-pr-scan branch April 3, 2026 07:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@javuto javuto javuto approved these changes

@erikburt erikburt erikburt approved these changes

@michelemin michelemin Awaiting requested review from michelemin

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@timweri @erikburt @javuto