clomonitor: expose license scanning for CLOMonitor#5370
Conversation
Point licenseScanning.url at the FOSSA GitHub Actions workflow on master so CLOMonitor can detect existing license scans (issue 5366). Signed-off-by: Himanshu <144804569+kubeboiii@users.noreply.github.com>
volcano-sh-bot
added
the
kind/documentation
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
volcano-sh-bot
added
the
size/XS
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds CLOMonitor metadata configuration so the project can surface license-scanning information via CLOMonitor.
Changes:
- Introduces
.clomonitor.ymlwithlicenseScanningmetadata. - Links to the repository’s GitHub Actions FOSSA workflow as the license scanning source.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| # FOSSA analysis runs on PRs and master via .github/workflows/fossa.yml | ||
| url: https://github.com/volcano-sh/volcano/actions/workflows/fossa.yml?query=branch%3Amaster |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a .clomonitor.yml metadata file to configure license scanning. However, the review feedback correctly points out that the licenseScanning key is not supported by the CLOMonitor metadata schema and suggests valid alternatives, such as adding a FOSSA badge to the README or utilizing a .fossa.yml configuration file.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
|
|
||
| licenseScanning: | ||
| # FOSSA analysis runs on PRs and master via .github/workflows/fossa.yml | ||
| url: https://github.com/volcano-sh/volcano/actions/workflows/fossa.yml?query=branch%3Amaster |
There was a problem hiding this comment.
I think we should add the fossa badge in the README instead, not linked it to the github workflow action page, followed clomonitor requirement: https://clomonitor.io/docs/topics/checks/#license-scanning
|
/hold After we pass the fossa we can move forward it, I don't want to show failing fossa badge in the page currently |
volcano-sh-bot
added
the
do-not-merge/hold
What type of PR is this?
/kind documentation
What this PR does / why we need it:
This PR is part of the work for #5366 (improve CLOMonitor score). It addresses license scanning detection on the issue.
Volcano already runs FOSSA in
.github/workflows/fossa.yml. CLOMonitor does not infer CI workflows automatically. This adds root.clomonitor.ymlwithlicenseScanning.urlpointing at that workflow onmaster, per CLOMonitor metadata.No workflow, Go, or runtime changes.
Does not overlap with #5367 (Security Insights + SBOM) or #5369 (contributing guide and workflow permissions).
Which issue(s) this PR fixes:
Part of #5366
Special notes for your reviewer:
.clomonitor.ymlYAML parse;make verifypassed locally (macOS).license_scanningon clomonitor.io may take up to about an hour to refresh. If the check still fails, we can add a FOSSA README badge when a project URL is available.Does this PR introduce a user-facing change?