Skip to content

fix: skip Black Duck CI when credentials not configured #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
EthanThePhoenix38 merged 3 commits into from
Feb 4, 2026
Merged

fix: skip Black Duck CI when credentials not configured #56

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
cb02566
Initial plan
Copilot Feb 4, 2026
ef7726f
fix: add conditional to Black Duck workflow to skip when credentials …
Copilot Feb 4, 2026
0f95f8e
chore: remove Black Duck workflow (deleted in main)
Copilot Feb 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions .github/workflows/black-duck-security-scan-ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ jobs:
- name: Checkout source
uses: actions/checkout@v4
- name: Black Duck SCA scan
# Only run if at least one scanning tool is configured
if: vars.BLACKDUCKSCA_URL != '' || vars.COVERITY_URL != '' || vars.POLARIS_SERVER_URL != '' || vars.SRM_URL != ''
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This repo’s workflows consistently wrap if expressions using the ${{ ... }} syntax (e.g. .github/workflows/dependabot-secure-flow.yaml:37). For consistency and to avoid YAML treating the value as a plain string in some contexts, wrap this step condition in ${{ }} as well.

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR title indicates a tldts-core dependency update, but the changes in this PR are only to the Black Duck security scan workflow. Please either include the dependency bump changes, or update the PR title to match the actual scope.

Copilot uses AI. Check for mistakes.
Copy link

Copilot AI Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The new guard only checks that a URL variable is set, but the reported failure is “missing credentials”. As written, the step will still run (and likely fail) when a URL is configured but the required secret(s) are not. Consider gating per tool on both its URL var and required secrets (e.g., BlackDuck URL + token, Coverity URL + user + passphrase, etc.), or otherwise skipping when credentials are absent.

Suggested change
# Only run if at least one scanning tool is configured
if: vars.BLACKDUCKSCA_URL != '' || vars.COVERITY_URL != '' || vars.POLARIS_SERVER_URL != '' || vars.SRM_URL != ''
# Only run if at least one scanning tool is configured with both URL and required credentials
if: >
(vars.BLACKDUCKSCA_URL != '' && secrets.BLACKDUCKSCA_TOKEN != '') ||
(vars.COVERITY_URL != '' && secrets.COVERITY_USER != '' && secrets.COVERITY_PASSPHRASE != '') ||
(vars.POLARIS_SERVER_URL != '' && secrets.POLARIS_ACCESS_TOKEN != '') ||
(vars.SRM_URL != '' && secrets.SRM_API_KEY != '')

Copilot uses AI. Check for mistakes.
uses: blackduck-inc/black-duck-security-scan@805cbd09e806b01907bbea0f990723c2bb85abe9
Copy link

@chatgpt-codex-connector chatgpt-codex-connector bot Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Guard scan on credentials, not just URL vars

The new step condition only checks URL vars (line 35), but the action also requires tokens/passwords from secrets.*. If a URL is configured but the corresponding secret is missing (the exact failure you’re trying to avoid), the step still runs and fails. This means the change doesn’t actually skip when credentials aren’t configured. Consider including the required secrets in the condition (per tool) so missing credentials truly bypass the scan.

Useful? React with 👍 / 👎.

Copy link
Member

@EthanThePhoenix38 EthanThePhoenix38 Feb 4, 2026
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@claude Enleve BlackDUCK de tous mes scan, je n'ai pas les credentials.

with:
### ---------- BLACKDUCK SCA SCANNING: REQUIRED FIELDS ----------
Expand Down
Loading