Conversation
… from other repos
…orkflow cross-repo
There was a problem hiding this comment.
Pull request overview
This PR updates the repository to support cross-repository usage of internal actions and scripts. The primary change enables the run_semgrep_scan workflow to be called from other repositories by referencing actions via their full GitHub paths instead of relative paths.
Changes:
- Converted the run-semgrep script into a standalone composite action with its own package.json and action.yml
- Updated workflow to reference actions using full GitHub repository paths (e.g.,
OpenSesame/core-github-actions/.github/actions/...) - Added workflow_dispatch inputs to run_semgrep_scan workflow for better external invocation support
- Fixed import paths in test files to use correct internal-utils directory
Reviewed changes
Copilot reviewed 16 out of 21 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| scripts/internal-ci/validate-version-labels/index.integration.test.js | Updated import path to use internal-utils directory |
| scripts/internal-ci/get-version-tags/index.integration.test.js | Updated import path to use internal-utils directory |
| package.json | Updated prettier patterns to be more specific with file extensions |
| .vscode/settings.json | Added "nosemgrep" to spell checker dictionary |
| .github/workflows/run_semgrep_scan.yml | Added workflow_dispatch inputs and converted to use full action paths for cross-repo support |
| .github/workflows/internal_on_push_ci.yml | Added workflow_dispatch trigger |
| .github/workflows/CHANGELOGS/run_semgrep_scan.md | Documented version 1.0.1 changes |
| .github/actions/upsert-pr-comment/README.md | Updated usage example to use full repository path |
| .github/actions/run-semgrep/run-semgrep.js | Updated import path to local env-helpers |
| .github/actions/run-semgrep/package.json | Added package.json for action dependencies |
| .github/actions/run-semgrep/action.yml | Created composite action definition |
| .github/actions/run-semgrep/README.md | Added comprehensive documentation for the action |
| .github/actions/run-semgrep/CHANGELOG.md | Created changelog documenting initial release |
| .github/actions/run-semgrep/.npmrc | Added npm configuration for the action |
| .github/actions/pr-open-check/README.md | Updated usage example to use full repository path |
| .github/actions/TEMPLATE/README_TEMPLATE.md | Updated template to use full repository path pattern |
Files not reviewed (1)
- .github/actions/run-semgrep/package-lock.json: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
✅ Semgrep Security Scan Passed🎉 No security issues found! View run |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 17 out of 19 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
TagsThe following tags will be created on main after merge 🏷️ |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 17 out of 19 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
sarasvoss
force-pushed
the
fix_call_from_other_repos
branch
from
677980d to
8014e3e
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 17 out of 19 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
1 participant
PR Summary
Jira: https://opensesame.atlassian.net/browse/CORE-5245
Description of Changes
Repo-qualified internal action references to ensure correct resolution when
run_semgrep_scanworkflow is called from other repositories. This change allows the workflow to reliably locate and use the intended actions, regardless of the calling repository context.Versioning
Does this PR modify a versioned component?
version:untrackedversion:<component-name>/X.Y.ZCHANGELOG.mdincludes a## X.Y.Zentryversion:untrackedonly if changes do not alter behavior, inputs, or outputsIf version labels are incorrect or missing, automated version validation will fail and block merge.
Dependencies of PR
N/A
Testing
tested internally with this repo's GHA run
tagged commit pre-merge to reference from another repo