New ignore file and reworked fossid workflow to reduce false positives#31
Conversation
…d-cicd image to fossid-toolbox
There was a problem hiding this comment.
Pull request overview
This PR updates the FossID pre-merge diff scan setup to reduce false positives by switching to the recommended fossid-toolbox image/CLI and replacing the previous ignore-file approach with a generated ignore list.
Changes:
- Added a generated
ignored_projects_listcontaining Gerrit OSS project IDs and GitHub org wildcards to ignore. - Removed the older
ignore_projects_fossidignore file. - Reworked the FossID GitHub Actions workflow to use
quay.io/fossid/fossid-toolboxand updated CLI flags/file paths accordingly.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
ignored_projects_list |
Introduces the new generated ignore list used to reduce false positives. |
ignore_projects_fossid |
Deletes the previous ignore file in favor of the new list. |
.github/workflows/fossid_integration_stateless_diffscan.yml |
Switches workflow execution to fossid-toolbox/fossid diffscan and updates ignore-projects handling. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
7de58ed6dfb35940bf3521ed00000000 Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
…nclude comments for what we're ignoring
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
…st suggested version by fossid
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
copilot whitespace Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 2 out of 2 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
In this change I used a script to generate a list of ids of open source Gerrit repos to ignore and included the rdkcentral and rdkcmf ignore wildcards.
I also reworked the workflow file according to advice from fossid in that the image we should be using is fossid-toolbox for diffscan, not fossid-cicd. From here I adjusted some of the flags accordingly