ci: fix FOSSA and link check failures on PRs#39
Merged
Conversation
Skip FOSSA license scan for Dependabot PRs since they only change action versions, not Go dependencies. The FOSSA_API_KEY secret is not available to Dependabot, causing all Dependabot PRs to fail. Exclude medium.com from lychee link checker. Medium returns 403 to automated crawlers, causing spurious link check failures. Signed-off-by: Sebastien Tardif <sebtardif@ncf.ca>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
Two CI issues are causing failures across multiple open PRs:
FOSSA License Scan fails on all Dependabot PRs (chore(deps): bump dependabot/fetch-metadata from 2.5.0 to 3.1.0 #34, chore(deps): bump actions/dependency-review-action from 4.9.0 to 5.0.0 #35, chore(deps): bump actions/stale from 9.1.0 to 10.3.0 #36, chore(deps): bump amannn/action-semantic-pull-request from 5.5.3 to 6.1.1 #37) because the
FOSSA_API_KEYsecret is not available to Dependabot. Since Dependabot PRs only change action versions (not Go dependencies), FOSSA scanning is unnecessary.Link Check fails on PRs ci: add backport automation, SLSA provenance, and benchstat gating #33 and chore: update logo to fill avatar space better #38 because a Medium article URL returns 403. Medium blocks automated crawlers, so this is a false positive.
Changes
.github/workflows/fossa.yaml: Skip both FOSSA jobs whengithub.actor == 'dependabot[bot]'.lychee.toml: Addmedium.comto the exclusion listImpact
Fixes CI failures on 6 open PRs (#33, #34, #35, #36, #37, #38).