Skip to content

Fix call from other repos #109

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
sarasvoss wants to merge 8 commits into
base: main
Choose a base branch
from
Open

Fix call from other repos #109

sarasvoss wants to merge 8 commits into from

Conversation

@sarasvoss
Copy link
Contributor

@sarasvoss sarasvoss commented Jan 30, 2026
edited
Loading

PR Summary

Jira: https://opensesame.atlassian.net/browse/CORE-5245

Description of Changes

Repo-qualified internal action references to ensure correct resolution when run_semgrep_scan workflow is called from other repositories. This change allows the workflow to reliably locate and use the intended actions, regardless of the calling repository context.

Versioning

⚠️ Components in this repo are used by multiple repos and teams. Breaking changes to non-versioned components are high-risk. Always apply correct versioning to versioned components to ensure safe, controlled updates.

Does this PR modify a versioned component?

  • No — label this PR with version:untracked
  • Yes
    • Add a version label: version:<component-name>/X.Y.Z
    • Ensure the component’s CHANGELOG.md includes a ## X.Y.Z entry
    • Use version:untracked only if changes do not alter behavior, inputs, or outputs

If version labels are incorrect or missing, automated version validation will fail and block merge.

Dependencies of PR

N/A

Testing

tested internally with this repo's GHA run
tagged commit pre-merge to reference from another repo

@sarasvoss sarasvoss requested a review from a team as a code owner January 30, 2026 20:01
Copilot AI review requested due to automatic review settings January 30, 2026 20:01
Copilot AI reviewed Jan 30, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the repository to support cross-repository usage of internal actions and scripts. The primary change enables the run_semgrep_scan workflow to be called from other repositories by referencing actions via their full GitHub paths instead of relative paths.

Changes:

  • Converted the run-semgrep script into a standalone composite action with its own package.json and action.yml
  • Updated workflow to reference actions using full GitHub repository paths (e.g., OpenSesame/core-github-actions/.github/actions/...)
  • Added workflow_dispatch inputs to run_semgrep_scan workflow for better external invocation support
  • Fixed import paths in test files to use correct internal-utils directory

Reviewed changes

Copilot reviewed 16 out of 21 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
scripts/internal-ci/validate-version-labels/index.integration.test.js Updated import path to use internal-utils directory
scripts/internal-ci/get-version-tags/index.integration.test.js Updated import path to use internal-utils directory
package.json Updated prettier patterns to be more specific with file extensions
.vscode/settings.json Added "nosemgrep" to spell checker dictionary
.github/workflows/run_semgrep_scan.yml Added workflow_dispatch inputs and converted to use full action paths for cross-repo support
.github/workflows/internal_on_push_ci.yml Added workflow_dispatch trigger
.github/workflows/CHANGELOGS/run_semgrep_scan.md Documented version 1.0.1 changes
.github/actions/upsert-pr-comment/README.md Updated usage example to use full repository path
.github/actions/run-semgrep/run-semgrep.js Updated import path to local env-helpers
.github/actions/run-semgrep/package.json Added package.json for action dependencies
.github/actions/run-semgrep/action.yml Created composite action definition
.github/actions/run-semgrep/README.md Added comprehensive documentation for the action
.github/actions/run-semgrep/CHANGELOG.md Created changelog documenting initial release
.github/actions/run-semgrep/.npmrc Added npm configuration for the action
.github/actions/pr-open-check/README.md Updated usage example to use full repository path
.github/actions/TEMPLATE/README_TEMPLATE.md Updated template to use full repository path pattern
Files not reviewed (1)
  • .github/actions/run-semgrep/package-lock.json: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions
Copy link

github-actions bot commented Jan 30, 2026
edited
Loading

✅ Semgrep Security Scan Passed

🎉 No security issues found!

View run
🤖 Powered by Semgrep + reviewdog

Copilot AI review requested due to automatic review settings January 30, 2026 20:25
Copilot AI reviewed Jan 30, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 17 out of 19 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Copilot AI review requested due to automatic review settings January 30, 2026 20:46
@github-actions
Copy link

github-actions bot commented Jan 30, 2026
edited
Loading

Tags

The following tags will be created on main after merge

🏷️ workflows/run_semgrep_scan/1.0.1
🏷️ actions/run-semgrep/1.0.0

Copilot AI reviewed Jan 30, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 17 out of 19 changed files in this pull request and generated 3 comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@sarasvoss sarasvoss force-pushed the fix_call_from_other_repos branch from 677980d to 8014e3e Compare January 30, 2026 20:57
@sarasvoss sarasvoss requested a review from Copilot January 30, 2026 21:06
Copilot AI reviewed Jan 30, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 17 out of 19 changed files in this pull request and generated no new comments.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

version:actions/run-semgrep/1.0.0 version:workflows/run_semgrep_scan/1.0.1

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sarasvoss