From bf9137bbc92ec2dda279ae37ba9842d433dd944d Mon Sep 17 00:00:00 2001 From: Bertrand THOMAS Date: Sat, 7 Feb 2026 15:47:51 +0100 Subject: [PATCH 01/10] Add FOSSA report in .NET quality --- .github/workflows/reusable-dotnet-quality.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-dotnet-quality.yml b/.github/workflows/reusable-dotnet-quality.yml index 4f97cf9..936fd6d 100644 --- a/.github/workflows/reusable-dotnet-quality.yml +++ b/.github/workflows/reusable-dotnet-quality.yml @@ -130,10 +130,14 @@ jobs: sonar-token: ${{ secrets.sonar-token }} - name: Check license compliance with FOSSA if: ${{ inputs.fossa-enabled }} - uses: fossas/fossa-action@v1 + uses: fossas/fossa-action@v1.8.0 + id: fossa with: api-key: "${{ secrets.fossa-api-key }}" - run-tests: false + run-tests: ${{ github.event_name == 'pull_request' }} + test-diff-revision: ${{ github.event.pull_request.base.sha }} + generate-report: html + - run: echo '${{ steps.fossa.outputs.report }}' > report/fossa.html - name: Generate SBOM with Syft uses: anchore/sbom-action@v0 # with: @@ -150,6 +154,7 @@ jobs: ./test/*/TestResults/*/coverage.cobertura.xml ./**/SonarQube.xml ./**/Summary.txt + ./**/fossa.html env: # https://docs.github.com/en/actions/reference/workflows-and-actions/contexts GITHUB_TOKEN: ${{ github.token }} From 3374fc963174dff529c09abd362ef65ed33be00f Mon Sep 17 00:00:00 2001 From: Bertrand THOMAS Date: Wed, 11 Feb 2026 18:04:01 +0100 Subject: [PATCH 02/10] Build .NET in debug mode --- actions/dotnet/build-test-sonar/action.yml | 2 +- actions/dotnet/build-test/action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/dotnet/build-test-sonar/action.yml b/actions/dotnet/build-test-sonar/action.yml index 89f873e..5826723 100644 --- a/actions/dotnet/build-test-sonar/action.yml +++ b/actions/dotnet/build-test-sonar/action.yml @@ -66,7 +66,7 @@ runs: /d:sonar.coverageReportPaths="${{ inputs.report-folder }}/SonarQube.xml" shell: bash - name: Build .NET solution - run: dotnet build --no-restore + run: dotnet build --no-restore --configuration Debug shell: bash - name: Run tests run: | diff --git a/actions/dotnet/build-test/action.yml b/actions/dotnet/build-test/action.yml index c1afcdc..cc2e2a6 100644 --- a/actions/dotnet/build-test/action.yml +++ b/actions/dotnet/build-test/action.yml @@ -11,7 +11,7 @@ runs: using: "composite" steps: - name: Build .NET code - run: dotnet build --no-restore + run: dotnet build --no-restore --configuration Debug shell: bash - name: Run .NET tests run: | From 4fcb48da3ba629c57a84482f6546e67379133be7 Mon Sep 17 00:00:00 2001 From: Bertrand THOMAS Date: Fri, 13 Feb 2026 17:58:14 +0100 Subject: [PATCH 03/10] Set neuvector scan image tag as latest is failing --- .github/workflows/reusable-container-scan.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/reusable-container-scan.yml b/.github/workflows/reusable-container-scan.yml index 541de61..86d47d8 100644 --- a/.github/workflows/reusable-container-scan.yml +++ b/.github/workflows/reusable-container-scan.yml @@ -76,6 +76,7 @@ jobs: image-tag: ${{ inputs.image-tag }} min-high-cves-to-fail: '${{ inputs.max-high-cves }}' min-medium-cves-to-fail: '${{ inputs.max-medium-cves }}' + nv-scanner-image: neuvector/scanner:5 - name: Scan container image with Trivy if: ${{ inputs.trivy-enabled }} uses: aquasecurity/trivy-action@master From b1bc8baf36a879bae68a13d696441979ab494dab Mon Sep 17 00:00:00 2001 From: Bertrand THOMAS Date: Sat, 14 Feb 2026 14:44:36 +0100 Subject: [PATCH 04/10] Fix invalid type for neuvector scan flag --- .github/workflows/reusable-container-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-container-scan.yml b/.github/workflows/reusable-container-scan.yml index 86d47d8..c30a69e 100644 --- a/.github/workflows/reusable-container-scan.yml +++ b/.github/workflows/reusable-container-scan.yml @@ -36,7 +36,7 @@ on: default: 0 neuvector-enabled: description: "Use NeuVector to scan the image?" - type: string + type: boolean required: false default: false operating-system: From d1b53178bfaf710793ced0081ccb64e6b580877f Mon Sep 17 00:00:00 2001 From: Bertrand THOMAS Date: Sat, 14 Feb 2026 14:44:47 +0100 Subject: [PATCH 05/10] Comment neuvector image --- .github/workflows/reusable-container-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-container-scan.yml b/.github/workflows/reusable-container-scan.yml index c30a69e..4c122cc 100644 --- a/.github/workflows/reusable-container-scan.yml +++ b/.github/workflows/reusable-container-scan.yml @@ -76,7 +76,7 @@ jobs: image-tag: ${{ inputs.image-tag }} min-high-cves-to-fail: '${{ inputs.max-high-cves }}' min-medium-cves-to-fail: '${{ inputs.max-medium-cves }}' - nv-scanner-image: neuvector/scanner:5 + # nv-scanner-image: neuvector/scanner:5 - name: Scan container image with Trivy if: ${{ inputs.trivy-enabled }} uses: aquasecurity/trivy-action@master From cebd8a7f5a26cb67ff819e05def6fbf1228cc1b5 Mon Sep 17 00:00:00 2001 From: Bertrand THOMAS Date: Sun, 22 Feb 2026 22:00:31 +0100 Subject: [PATCH 06/10] Fix nv scanner image --- .github/workflows/reusable-container-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-container-scan.yml b/.github/workflows/reusable-container-scan.yml index 4c122cc..c30a69e 100644 --- a/.github/workflows/reusable-container-scan.yml +++ b/.github/workflows/reusable-container-scan.yml @@ -76,7 +76,7 @@ jobs: image-tag: ${{ inputs.image-tag }} min-high-cves-to-fail: '${{ inputs.max-high-cves }}' min-medium-cves-to-fail: '${{ inputs.max-medium-cves }}' - # nv-scanner-image: neuvector/scanner:5 + nv-scanner-image: neuvector/scanner:5 - name: Scan container image with Trivy if: ${{ inputs.trivy-enabled }} uses: aquasecurity/trivy-action@master From 66670f3b171ebc6226dbe450ae0eaf187da6b355 Mon Sep 17 00:00:00 2001 From: Bertrand THOMAS Date: Sun, 22 Feb 2026 22:06:13 +0100 Subject: [PATCH 07/10] disable neuvector scan its container doesn't build --- .github/workflows/reusable-container-scan.yml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/workflows/reusable-container-scan.yml b/.github/workflows/reusable-container-scan.yml index c30a69e..c2c0726 100644 --- a/.github/workflows/reusable-container-scan.yml +++ b/.github/workflows/reusable-container-scan.yml @@ -68,15 +68,16 @@ jobs: - name: Build container image run: docker build . --file ${{ inputs.image-definition }} --tag ${{ env.IMAGE_REF }} shell: bash - - name: Scan container image with NeuVector - if: ${{ inputs.neuvector-enabled }} - uses: neuvector/scan-action@main - with: - image-repository: ${{ inputs.image-path }}/${{ inputs.image-name }} - image-tag: ${{ inputs.image-tag }} - min-high-cves-to-fail: '${{ inputs.max-high-cves }}' - min-medium-cves-to-fail: '${{ inputs.max-medium-cves }}' - nv-scanner-image: neuvector/scanner:5 + # deactivated 2026-02-22: "Build container for action use... process "/bin/sh -c zypper in -y jq docker && zypper clean" did not complete successfully: exit code: 8" + # - name: Scan container image with NeuVector + # if: ${{ inputs.neuvector-enabled }} + # uses: neuvector/scan-action@main + # with: + # image-repository: ${{ inputs.image-path }}/${{ inputs.image-name }} + # image-tag: ${{ inputs.image-tag }} + # min-high-cves-to-fail: '${{ inputs.max-high-cves }}' + # min-medium-cves-to-fail: '${{ inputs.max-medium-cves }}' + # nv-scanner-image: neuvector/scanner:5 - name: Scan container image with Trivy if: ${{ inputs.trivy-enabled }} uses: aquasecurity/trivy-action@master From 4fe005b11b103fb3abbadb7f427b5804d0cd2045 Mon Sep 17 00:00:00 2001 From: Bertrand THOMAS Date: Sun, 22 Feb 2026 22:16:50 +0100 Subject: [PATCH 08/10] Add FOSSA test boolean input --- .github/workflows/reusable-dotnet-quality.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/reusable-dotnet-quality.yml b/.github/workflows/reusable-dotnet-quality.yml index 936fd6d..1cd2367 100644 --- a/.github/workflows/reusable-dotnet-quality.yml +++ b/.github/workflows/reusable-dotnet-quality.yml @@ -22,6 +22,11 @@ on: type: boolean required: false default: false + fossa-test: + description: Run FOSSA test on PR + type: boolean + required: false + default: false job-name: description: Job name type: string @@ -134,10 +139,11 @@ jobs: id: fossa with: api-key: "${{ secrets.fossa-api-key }}" - run-tests: ${{ github.event_name == 'pull_request' }} - test-diff-revision: ${{ github.event.pull_request.base.sha }} + run-tests: ${{ inputs.fossa-test && github.event_name == 'pull_request' }} + test-diff-revision: ${{ github.event.pull_request.base.ref }} generate-report: html - run: echo '${{ steps.fossa.outputs.report }}' > report/fossa.html + if: ${{ inputs.fossa-enabled }} - name: Generate SBOM with Syft uses: anchore/sbom-action@v0 # with: @@ -152,6 +158,7 @@ jobs: path: | ./**/*test-result.xml ./test/*/TestResults/*/coverage.cobertura.xml + ./**/failure_*.png* ./**/SonarQube.xml ./**/Summary.txt ./**/fossa.html From 2d166ea326e9dc643794041b1fead4e3c83876dc Mon Sep 17 00:00:00 2001 From: Bertrand THOMAS Date: Sun, 22 Feb 2026 22:21:15 +0100 Subject: [PATCH 09/10] Add a name to test report action --- .github/workflows/reusable-dotnet-quality.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/reusable-dotnet-quality.yml b/.github/workflows/reusable-dotnet-quality.yml index 1cd2367..2242da1 100644 --- a/.github/workflows/reusable-dotnet-quality.yml +++ b/.github/workflows/reusable-dotnet-quality.yml @@ -142,7 +142,8 @@ jobs: run-tests: ${{ inputs.fossa-test && github.event_name == 'pull_request' }} test-diff-revision: ${{ github.event.pull_request.base.ref }} generate-report: html - - run: echo '${{ steps.fossa.outputs.report }}' > report/fossa.html + - name: Create FOSSA report file + run: echo '${{ steps.fossa.outputs.report }}' > report/fossa.html if: ${{ inputs.fossa-enabled }} - name: Generate SBOM with Syft uses: anchore/sbom-action@v0 From c20111531ffd802bddb71da4474ca1acae79dbb2 Mon Sep 17 00:00:00 2001 From: Bertrand THOMAS Date: Sun, 22 Feb 2026 22:34:27 +0100 Subject: [PATCH 10/10] Rollback to sha --- .github/workflows/reusable-dotnet-quality.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/reusable-dotnet-quality.yml b/.github/workflows/reusable-dotnet-quality.yml index 2242da1..00ff5f1 100644 --- a/.github/workflows/reusable-dotnet-quality.yml +++ b/.github/workflows/reusable-dotnet-quality.yml @@ -140,7 +140,7 @@ jobs: with: api-key: "${{ secrets.fossa-api-key }}" run-tests: ${{ inputs.fossa-test && github.event_name == 'pull_request' }} - test-diff-revision: ${{ github.event.pull_request.base.ref }} + test-diff-revision: ${{ github.event.pull_request.base.sha }} generate-report: html - name: Create FOSSA report file run: echo '${{ steps.fossa.outputs.report }}' > report/fossa.html