From 670fcb0174b4c04da1aa7b1ba449945522345190 Mon Sep 17 00:00:00 2001 From: Arjun Rajappa Date: Tue, 19 Aug 2025 01:25:58 +0530 Subject: [PATCH] ci: Fix FOSSA scans by generating Gemfile.lock files before scanning Shell script will loop through all the available Gemfiles in this repository and create Gemfile.lock files without actually installing these gems. Some folders like */examples/* and release/ have been vomited. FOSSA is intelligent enough to read nested directories and generate the report based on lock files. Signed-off-by: Arjun Rajappa --- .github/workflows/fossa.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index dea0626b20..796382d026 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -15,6 +15,33 @@ jobs: steps: - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.2.2 + - name: Install Ruby 3.4 + uses: ruby/setup-ruby@v1.255.0 + with: + ruby-version: 3.4 + - name: Generate Gemfile.lock + run: | + echo "Finding all Gemfiles in the project..." + echo "=======================================" + ORIGINAL_DIR=$(pwd) + + find . -type f -name "Gemfile" -not -path "*/example/*" -not -path "*/releases/*" | sort | while read gemfile; do + gemfile_dir=$(dirname "$gemfile") + + # Change to the Gemfile's directory + echo "Changing to directory: $gemfile_dir" + + cd "$gemfile_dir" || continue + + echo "Current directory: $(pwd)" + echo "Creating lock file for: $gemfile" + + # Generate the gemlock files + bundle lock || echo "Warning: Failed to generate lock file for $gemfile, continuing..." + + cd "$ORIGINAL_DIR" || exit 1 + done + - uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0 with: api-key: ${{secrets.FOSSA_API_KEY}}