Skip to content

docs(sca-setup): add sca-setup-deps README, uv support, and workflow …#77

Draft
johnvincentcorpuz wants to merge 1 commit intomainfrom
sca_setup_guard_doc_updates
Draft

docs(sca-setup): add sca-setup-deps README, uv support, and workflow …#77
johnvincentcorpuz wants to merge 1 commit intomainfrom
sca_setup_guard_doc_updates

Conversation

@johnvincentcorpuz
Copy link
Contributor

@johnvincentcorpuz johnvincentcorpuz commented Mar 2, 2026
edited by gitstream-cm bot
Loading

…doc updates

  • Add sca-setup-deps/README.md documenting the composite setup action with full input reference, language examples, and vault secret mappings
  • Add setup-uv support to sca-setup-deps/action.yml using astral-sh/setup-uv with optional uv_version input (defaults to latest)
  • Update sca-scan-and-guard.md with Dependency Setup section, per-language examples, and updated inputs table including all setup-deps inputs
  • Remove hardcoded defaults from build/install command inputs in sca-scan-and-guard.yaml; defaults live in sca-setup-deps/action.yml
  • Fix cross-reference links in workflow docs to point to sca-setup-deps/README.md
  • Add sca-setup-deps reference to container-scan-and-guard.md related docs

What is the purpose of this change?

...

How is this accomplished?

...

Anything reviews should focus on/be aware of?

...

✨ PR Description

What is the purpose of this change?

Add comprehensive documentation and uv package manager support for the sca-setup-deps composite action to improve multi-language build environment configuration before FOSSA scanning.

How is this accomplished?

  • New README: Created complete documentation (sca-setup-deps/README.md) covering usage, supported actions, inputs, examples for Java/Maven, Node/NPM, Python, .NET, and custom scripts
  • uv Integration: Added setup-uv action support with configurable version input and integration with astral-sh/setup-uv@v7.1.4
  • Workflow Documentation Updates:
    • Enhanced sca-scan-and-guard.md with new "Dependency Setup Inputs" section and language-specific setup examples
    • Added cross-references to sca-setup-deps/README.md in both SCA and container scan documentation
  • Input Description Improvements: Changed build command inputs in sca-scan-and-guard.yaml to show default values in descriptions and set defaults to empty strings
  • Step Numbering: Updated numbered comments in action.yml to reflect uv addition (4. uv, 5. .NET, 6. Custom Script)
  • Design Documentation: Added sca-setup/design.md explaining architecture decisions, problem statement, JSON-driven approach, and implementation checklist

Anything reviews should focus on/be aware of?

  • Breaking Change in Defaults: The maven_build_command, npm_install_command, python_install_command, and dotnet_restore_command inputs now default to empty strings ('') instead of their previous explicit defaults. Verify this doesn't break existing workflows that rely on implicit defaults.
  • uv Version Pinning: The uv setup uses a pinned commit hash (1e862dfacbd1d6d858c55d9b792c756523627244) for v7.1.4. Confirm this is the intended version and update mechanism.
  • Documentation Accuracy: Validate that all documented default values match actual behavior, especially since workflow input defaults now differ from descriptions (descriptions show original defaults, but inputs default to empty strings).

Generated by LinearB AI and added by gitStream.
AI-generated content may contain inaccuracies. Please verify before using.
💡 Tip: You can customize your AI Description using Guidelines Learn how

@johnvincentcorpuz @claude
docs(sca-setup): add sca-setup-deps README, uv support, and workflow …
abfbd78 
…doc updates

- Add sca-setup-deps/README.md documenting the composite setup action
  with full input reference, language examples, and vault secret mappings
- Add setup-uv support to sca-setup-deps/action.yml using astral-sh/setup-uv
  with optional uv_version input (defaults to latest)
- Update sca-scan-and-guard.md with Dependency Setup section, per-language
  examples, and updated inputs table including all setup-deps inputs
- Remove hardcoded defaults from build/install command inputs in
  sca-scan-and-guard.yaml; defaults live in sca-setup-deps/action.yml
- Fix cross-reference links in workflow docs to point to sca-setup-deps/README.md
- Add sca-setup-deps reference to container-scan-and-guard.md related docs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
johnvincentcorpuz
johnvincentcorpuz commented Mar 2, 2026
View reviewed changes
.github/workflows/sca-scan-and-guard.yaml

# Build/Install Commands
maven_build_command:
description: "Maven build command"
Copy link
Contributor Author

@johnvincentcorpuz johnvincentcorpuz Mar 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't want to be running these by default, when we have the mvn setup, along with the others below.

gitstream-cm[bot]
gitstream-cm bot reviewed Mar 2, 2026
View reviewed changes
Copy link

@gitstream-cm gitstream-cm bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✨ PR Review

LGTM

Generated by LinearB AI and added by gitStream.
AI-generated content may contain inaccuracies. Please verify before using.
💡 Tip: You can customize your AI Review using Guidelines Learn how

@gitstream-cm
Copy link

gitstream-cm bot commented Mar 2, 2026

Please mark whether you used Copilot to assist coding in this PR

  • Copilot Assisted

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gitstream-cm gitstream-cm[bot] gitstream-cm[bot] left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@johnvincentcorpuz