docs(sca-setup): add sca-setup-deps README, uv support, and workflow …#77
Draft
johnvincentcorpuz wants to merge 3 commits intomainfrom
Draft
docs(sca-setup): add sca-setup-deps README, uv support, and workflow …#77johnvincentcorpuz wants to merge 3 commits intomainfrom
johnvincentcorpuz wants to merge 3 commits intomainfrom
Conversation
…doc updates - Add sca-setup-deps/README.md documenting the composite setup action with full input reference, language examples, and vault secret mappings - Add setup-uv support to sca-setup-deps/action.yml using astral-sh/setup-uv with optional uv_version input (defaults to latest) - Update sca-scan-and-guard.md with Dependency Setup section, per-language examples, and updated inputs table including all setup-deps inputs - Remove hardcoded defaults from build/install command inputs in sca-scan-and-guard.yaml; defaults live in sca-setup-deps/action.yml - Fix cross-reference links in workflow docs to point to sca-setup-deps/README.md - Add sca-setup-deps reference to container-scan-and-guard.md related docs Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
|
|
||
| # Build/Install Commands | ||
| maven_build_command: | ||
| description: "Maven build command" |
Contributor
Author
There was a problem hiding this comment.
We don't want to be running these by default, when we have the mvn setup, along with the others below.
![gitstream-cm[bot]](https://avatars.githubusercontent.com/in/230441?s=60&v=4){kind=small}
There was a problem hiding this comment.
✨ PR Review
LGTM
Generated by LinearB AI and added by gitStream.
AI-generated content may contain inaccuracies. Please verify before using.
💡 Tip: You can customize your AI Review using Guidelines Learn how
|
Please mark whether you used Copilot to assist coding in this PR
|
…erage - Remove build/install command inputs (maven_build_command, npm_install_command, python_install_command, dotnet_restore_command) from sca-setup-deps and sca-scan-and-guard; users run commands via custom_setup_script instead - Remove corresponding run steps (Maven Build, NPM Install, Python Install, .NET Restore) from sca-setup-deps/action.yml - Add missing inputs to sca-scan-and-guard.yaml: java_distribution, npm_registry_url, uv_version, nuget_source_url - Add NPM_AUTH_TOKEN and NUGET_AUTH_TOKEN secrets with github.token fallback - Update custom_setup_script description with inline command examples - Remove sca-setup/design.md (superseded by sca-setup-deps/README.md) - Update README and workflow docs to reflect simplified interface Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…actions entry required Previously the custom script step was gated on 'custom-script' being present in setup_actions, causing silent no-op when only custom_setup_script was set. Now the step condition checks inputs.custom_setup_script != '' directly. Update README to remove 'custom-script' from all setup_actions examples and clarify that custom_setup_script runs automatically when non-empty. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…doc updates
What is the purpose of this change?
How is this accomplished?
Anything reviews should focus on/be aware of?
✨ PR Description
What is the purpose of this change?
Add comprehensive documentation and uv package manager support for the
sca-setup-depscomposite action to improve multi-language build environment configuration before FOSSA scanning.How is this accomplished?
sca-setup-deps/README.md) covering usage, supported actions, inputs, examples for Java/Maven, Node/NPM, Python, .NET, and custom scriptssetup-uvaction support with configurable version input and integration with astral-sh/setup-uv@v7.1.4sca-scan-and-guard.mdwith new "Dependency Setup Inputs" section and language-specific setup examplessca-setup-deps/README.mdin both SCA and container scan documentationsca-scan-and-guard.yamlto show default values in descriptions and set defaults to empty stringsaction.ymlto reflect uv addition (4. uv, 5. .NET, 6. Custom Script)sca-setup/design.mdexplaining architecture decisions, problem statement, JSON-driven approach, and implementation checklistAnything reviews should focus on/be aware of?
maven_build_command,npm_install_command,python_install_command, anddotnet_restore_commandinputs now default to empty strings ('') instead of their previous explicit defaults. Verify this doesn't break existing workflows that rely on implicit defaults.1e862dfacbd1d6d858c55d9b792c756523627244) for v7.1.4. Confirm this is the intended version and update mechanism.Generated by LinearB AI and added by gitStream.
AI-generated content may contain inaccuracies. Please verify before using.
💡 Tip: You can customize your AI Description using Guidelines Learn how