Skip to content

Fix Sort Contributors CI failure and exclude Copilot accounts from generated contributor lists#2502

Merged
commjoen merged 9 commits intomasterfrom
copilot/fix-breaking-action-run
Apr 21, 2026
Merged

Fix Sort Contributors CI failure and exclude Copilot accounts from generated contributor lists#2502
commjoen merged 9 commits intomasterfrom
copilot/fix-breaking-action-run

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 21, 2026
edited
Loading

The Sort Contributors Go Checks workflow was failing because the security target could invoke gosec in a way that breaks when it is installed on-demand. This PR also updates contributor filtering to exclude Copilot-related automation accounts from generated output.

  • CI workflow stability (scripts/sort_contibutors/Makefile)

    • Reworked security target control flow to run gosec exactly once:
      • use system gosec if present
      • otherwise install to .tools and execute from that location
    • Removes the failure mode where a second gosec invocation was attempted after the conditional install path.

  • Contributor filtering (scripts/sort_contibutors/main.go)

    • Added copilot and copilot-swe-agent to excludedContributors so they are not emitted in generated contributor artifacts.

  • Focused regression coverage (scripts/sort_contibutors/main_test.go)

    • Added test coverage for parseContributorList filtering behavior to ensure bot/Copilot-style accounts are excluded while valid contributors remain.

  • Repository hygiene (.gitignore)

    • Ignored local script artifacts under:
      • scripts/sort_contibutors/.tools/
      • scripts/sort_contibutors/bin/
security:
	@if command -v gosec >/dev/null 2>&1; then \
		gosec ./...; \
	else \
		GOBIN=$$(pwd)/.tools $(GO) install github.com/securego/gosec/v2/cmd/gosec@latest || exit 1; \
		PATH=$$(pwd)/.tools:$$PATH gosec ./...; \
	fi

Copilot AI linked an issue Apr 21, 2026 that may be closed by this pull request
https://github.com/OWASP/wrongsecrets/actions/runs/24652093381/job/72076897495 is breaking #2501
Closed
Copilot AI and others added 8 commits April 21, 2026 04:35
@commjoen
fix sort contributors security step and exclude copilot users
c8a2675 
Agent-Logs-Url: https://github.com/OWASP/wrongsecrets/sessions/99b51c27-4ded-412c-af69-abf9790dd209

Co-authored-by: commjoen <1457214+commjoen@users.noreply.github.com>
@commjoen
chore: remove generated artifacts from sort contributors changes
e5cb600 
Agent-Logs-Url: https://github.com/OWASP/wrongsecrets/sessions/99b51c27-4ded-412c-af69-abf9790dd209

Co-authored-by: commjoen <1457214+commjoen@users.noreply.github.com>
@commjoen
style: keep excluded contributor entries grouped with similar names
876b3f3 
Agent-Logs-Url: https://github.com/OWASP/wrongsecrets/sessions/99b51c27-4ded-412c-af69-abf9790dd209

Co-authored-by: commjoen <1457214+commjoen@users.noreply.github.com>
@commjoen
chore: revert unintended module file changes
5a64624 
Agent-Logs-Url: https://github.com/OWASP/wrongsecrets/sessions/99b51c27-4ded-412c-af69-abf9790dd209

Co-authored-by: commjoen <1457214+commjoen@users.noreply.github.com>
@commjoen
fix sort contributors gosec flow and copilot exclusions
09ed98a 
Agent-Logs-Url: https://github.com/OWASP/wrongsecrets/sessions/99b51c27-4ded-412c-af69-abf9790dd209

Co-authored-by: commjoen <1457214+commjoen@users.noreply.github.com>
@commjoen
test: clarify copilot exclusion test name
16c6d20 
Agent-Logs-Url: https://github.com/OWASP/wrongsecrets/sessions/99b51c27-4ded-412c-af69-abf9790dd209

Co-authored-by: commjoen <1457214+commjoen@users.noreply.github.com>
@commjoen
style: group copilot exclusions at end of list
0865497 
Agent-Logs-Url: https://github.com/OWASP/wrongsecrets/sessions/99b51c27-4ded-412c-af69-abf9790dd209

Co-authored-by: commjoen <1457214+commjoen@users.noreply.github.com>
@commjoen
test: rename automated account exclusion test
ad08d31 
Agent-Logs-Url: https://github.com/OWASP/wrongsecrets/sessions/99b51c27-4ded-412c-af69-abf9790dd209

Co-authored-by: commjoen <1457214+commjoen@users.noreply.github.com>
Copilot AI changed the title [WIP] Fix breaking action run and exclude Copilot from contributors Fix Sort Contributors CI failure and exclude Copilot accounts from generated contributor lists Apr 21, 2026
Copilot AI requested a review from commjoen April 21, 2026 04:44
@commjoen commjoen marked this pull request as ready for review April 21, 2026 04:49
@commjoen commjoen requested a review from bendehaan as a code owner April 21, 2026 04:49
@commjoen commjoen merged commit 2b816c4 into master Apr 21, 2026
17 checks passed
@commjoen commjoen deleted the copilot/fix-breaking-action-run branch April 21, 2026 04:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@commjoen commjoen Awaiting requested review from commjoen commjoen is a code owner

@bendehaan bendehaan Awaiting requested review from bendehaan bendehaan is a code owner

Assignees

@commjoen commjoen

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

https://github.com/OWASP/wrongsecrets/actions/runs/24652093381/job/72076897495 is breaking

2 participants

@commjoen