feat(DATAGO-115000): Generic Support for fossa cli flags. Implemented path and config here. #58
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adds support for `fossa.config` and `fossa.path` via the existing `additional_scan_params` mechanism to enable monorepo per-project scanning. Changes: - Add `--path` flag support via `fossa.path` parameter - Add `--config` flag support via `fossa.config` parameter - Both parameters are optional and backward compatible Usage example: ```yaml additional_scan_params: | fossa.path=sam-mongodb fossa.config=sam-mongodb/.fossa.yml fossa.project=my-plugin ``` This allows scanning specific subdirectories with their own .fossa.yml configuration files, which is essential for monorepo workflows where each plugin needs independent FOSSA project tracking. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Replace individual if-blocks with a loop-based parameter mapping system for easier maintenance and extensibility. Benefits: - Reduces code from ~50 lines to ~35 lines - Adding new parameters now requires only one line - Self-documenting parameter format: ENV_VAR:--flag:type - Maintains backward compatibility Example of adding a new parameter: ```bash "SCA_FOSSA_NEW_PARAM:--new-param:value" ``` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Complete refactor to use declarative JSON configuration for FOSSA CLI
parameters, making the action more maintainable and easier to extend.
**New Files:**
- `fossa-params.json` - Declarative parameter mapping configuration
- `parse-fossa-params.sh` - Reusable, testable parser script
- `test-parse-fossa-params.sh` - Comprehensive test suite (11 tests, all passing)
- `README.md` - Complete documentation with examples
**Key Improvements:**
✅ JSON-based config - Add parameters without touching bash logic
✅ Self-documenting - Each parameter includes description and example
✅ Testable - Standalone parser script with full test coverage
✅ Safer - Uses indirect expansion instead of eval
✅ Compatible - Works on all systems (no process substitution issues)
**Architecture:**
```
User → additional_scan_params → Environment Variables
↓
fossa-params.json (config) + parse-fossa-params.sh (parser)
↓
FOSSA CLI arguments
```
**Adding New Parameters:**
Just add one JSON entry - no code changes needed:
```json
{
"env": "SCA_FOSSA_NEW_PARAM",
"flag": "--new-param",
"type": "value",
"description": "Description here"
}
```
**Test Results:**
```
✅ All 11 tests passed
- Basic flag parameters
- Value parameters
- Multiple parameters
- Empty value handling
- Boolean flag handling
- Real-world monorepo use case
```
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <[email protected]>
- Step-by-step instructions for adding parameters - Test suite execution requirements - Optional test case creation guide - Field-by-field JSON configuration guide 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Complete documentation covering: - Overview and architecture - Input parameters and usage examples - Parameter conversion system - Monorepo and matrix build examples - Error handling and troubleshooting - Extension guide for adding new scanners 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Adds the missing --project flag support to allow overriding the FOSSA project name/ID for better monorepo organization. Changes: - Add SCA_FOSSA_PROJECT → --project mapping to fossa-params.json - Add test case for project parameter (13 tests now, all passing) - Update README to document fossa.project parameter - Update monorepo test to verify project flag is included Usage: ```yaml additional_scan_params: | fossa.project=MyOrg_my-project fossa.path=my-project fossa.config=my-project/.fossa.yml ``` This will generate: ```bash fossa analyze --project MyOrg_my-project --path my-project --config my-project/.fossa.yml ``` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Implements intelligent parameter filtering so 'fossa test' only receives
parameters it supports, while 'fossa analyze' gets all parameters.
**Changes:**
Schema Update (fossa-params.json v2.0.0):
- Add 'commands' field to each parameter: ['analyze'] or ['analyze', 'test']
- Documents which FOSSA commands support each parameter
- Shared parameters: branch, revision, project, config
- Analyze-only: debug, path, unpack_archives, without_default_filters,
force_vendored_dependency_rescans
Parser Enhancement (parse-fossa-params.sh):
- Add optional 'command' parameter to build_fossa_args()
- Filter parameters based on commands array in JSON
- Usage: `build_fossa_args "analyze"` or `build_fossa_args "test"`
Action Update (action.yaml):
- Build separate args for analyze and test commands
- Replaces hardcoded test args logic with parser
Test Coverage (test-parse-fossa-params.sh):
- Add test_command_filtering_analyze() - 3 assertions
- Add test_command_filtering_test() - 6 assertions
- Verify analyze-only params excluded from test command
- **22 tests total, all passing** ✅
**Before:**
```bash
# Test args were hardcoded, only supported --revision
SCA_FOSSA_TEST_ARGS="--revision ${SCA_FOSSA_REVISION}"
```
**After:**
```bash
# Test args built dynamically from same config
build_fossa_args "test" # Gets: --branch, --revision, --project, --config
build_fossa_args "analyze" # Gets: all parameters including --path, --debug
```
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <[email protected]>
- Add Commands column to Available Parameters table - Document which params work with analyze vs test - Update Field Guide with commands array documentation - Explain command filtering behavior 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Change from absolute @main reference to relative ./fossa-scan path. This ensures the sca-scan action uses the fossa-scan action from the same branch/commit instead of always pulling from main. **Problem:** When using @specify_fossa_config_path branch: - sca-scan action loaded from branch ✅ - fossa-scan action loaded from @main ❌ (old version) - Result: New parameters not applied **Solution:** Use relative path './fossa-scan' so both actions load from same source. **Before:** ```yaml uses: SolaceDev/solace-public-workflows/.github/actions/sca/fossa-scan@main ``` **After:** ```yaml uses: ./fossa-scan # Relative path from sca-scan directory ``` This is the standard pattern for composite actions referencing local actions. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
Use @specify_fossa_config_path branch reference to test changes. This will be changed back to @main before merging. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
FOSSA CLI doesn't have a --path flag. Instead, use GitHub Actions
working-directory to change into the target directory before scanning.
**Changes:**
Action (action.yaml):
- Add working-directory to Fossa - Scan step
- Add working-directory to Fossa Test step
- Uses ${{ env.SCA_FOSSA_PATH || '.' }} to default to current dir
- Log which directory is being scanned
Schema (fossa-params.json):
- Remove SCA_FOSSA_PATH → --path mapping (invalid flag)
- Add note about fossa.path being a special parameter
- fossa.path now controls working-directory, not CLI flag
Tests (test-parse-fossa-params.sh):
- Remove all --path CLI flag assertions
- Tests reduced from 22 to 18 (removed 4 --path checks)
- All 18 tests passing ✅
Documentation (README.md):
- Update fossa.path description to "N/A (working directory)"
- Add "Special Parameters" section explaining fossa.path behavior
- Clarify it's not a CLI flag but a directory change
**Before:**
```bash
fossa analyze --path sam-bedrock-agent # ❌ Invalid flag
```
**After:**
```bash
cd sam-bedrock-agent # via working-directory
fossa analyze # ✅ Scans from correct directory
```
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude <[email protected]>
The --branch flag is only supported by 'fossa analyze', not 'fossa test'. Also clarify that fossa.path automatically finds .fossa.yml in that directory. **Changes:** Schema (fossa-params.json): - Change SCA_FOSSA_BRANCH commands from ["analyze", "test"] to ["analyze"] - Add notes explaining fossa.path/fossa.config relationship - Clarify you only need fossa.config if config is elsewhere Tests (test-parse-fossa-params.sh): - Remove assertion that test should include --branch - Add assertion that test should NOT include --branch (analyze-only) - 18 tests, all passing ✅ Documentation (README.md): - Update fossa.branch commands column to "analyze" only - Add note to fossa.config: "(optional if using fossa.path)" - Add detailed explanation in Special Parameters section - Example: fossa.path=sam-bedrock-agent automatically uses sam-bedrock-agent/.fossa.yml **Key Insight:** If you specify `fossa.path=sam-bedrock-agent`, you don't need to also specify `fossa.config=sam-bedrock-agent/.fossa.yml` because FOSSA automatically looks for .fossa.yml in the working directory. **Before:** ```bash fossa test --branch PR # ❌ Invalid - branch not supported by test ``` **After:** ```bash fossa test --revision abc123 --project MyProject # ✅ Valid ``` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <[email protected]>
johnvincentcorpuz
changed the title
johnvincentcorpuz
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Adds support for
fossa.configandfossa.pathparameters via a new JSON-based configuration system, enabling monorepo per-project scanning with custom FOSSA configurations.Key Features
✨ New Parameters
fossa.path- Specify base directory to scan (for monorepos)fossa.config- Specify custom.fossa.ymlpath🏗️ Architecture Improvements
fossa-params.json) - Declarative parameter definitionsparse-fossa-params.sh) - Standalone, reusable logictest-parse-fossa-params.sh) - 11 tests, all passingsca-scanandfossa-scanChanges
New Files
fossa-params.json- Parameter configuration with descriptions and examplesparse-fossa-params.sh- Reusable parameter parsertest-parse-fossa-params.sh- Test suitefossa-scan/README.md- FOSSA action documentationsca-scan/README.md- SCA scan action documentationModified Files
action.yaml- Uses new parser scriptProblem Solved
When scanning monorepo plugins, FOSSA CLI previously picked up the root
.fossa.ymlinstead of plugin-specific.fossa.ymlfiles:Usage Example
Benefits
For Users
For Maintainers
flagvsvalueparameter typesAdding New Parameters
Now it's trivial! Just add one JSON entry:
{ "env": "SCA_FOSSA_NEW_PARAM", "flag": "--new-param", "type": "value", "description": "What this parameter does", "example": "fossa.new_param=value" }Run tests and you're done:
cd .github/actions/sca/fossa-scan ./test-parse-fossa-params.shTest Results
Test Plan
.fossa.ymlfilesfossa.configspecifiedfossa.pathspecifiedRelated
🤖 Generated with Claude Code