From 74c2fcb98dccec415cbaec5d3736f659e0fbe357 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Mon, 15 Dec 2025 23:18:05 +0530 Subject: [PATCH 01/20] added config to run bundle install to generate lock file at runtime Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request-stub.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-main-pull-request-stub.yml b/.github/workflows/ci-main-pull-request-stub.yml index c63d99f3..cb85fc32 100644 --- a/.github/workflows/ci-main-pull-request-stub.yml +++ b/.github/workflows/ci-main-pull-request-stub.yml @@ -7,9 +7,9 @@ name: CI Pull Request on Main Branch on: pull_request: - branches: [ main, release/** ] + branches: [ nikhil/generate-lock-runtime, release/** ] push: - branches: [ main, release/** ] + branches: [ nikhil/generate-lock-runtime, release/** ] workflow_dispatch: @@ -29,7 +29,7 @@ jobs: echo "CI main pull request stub version $STUB_VERSION" call-ci-main-pr-check-pipeline: - uses: chef/common-github-actions/.github/workflows/ci-main-pull-request.yml@main + uses: chef/common-github-actions/.github/workflows/ci-main-pull-request.yml@nikhil/create-lock-file-runtime secrets: inherit permissions: id-token: write @@ -98,7 +98,9 @@ jobs: blackduck-project-group-name: 'Chef-Agents' # typically one of (Chef), Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services, Chef-Non-Product' blackduck-project-name: ${{ github.event.repository.name }} # BlackDuck project name, typically the repository name generate-blackduck-sbom: true # obsolete, use perform-blackduck-sca-scan instead - + + run-bundle-install: true + generate-msft-sbom: false license_scout: false # Run license scout for license compliance (uses .license_scout.yml) From c7bea946dc4b682b1a17e5d4c05f7b0404390538 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Mon, 15 Dec 2025 23:31:32 +0530 Subject: [PATCH 02/20] empty commit to run scans Signed-off-by: nikhil2611 From aecb1af9ad7fed3025e74fa79ac956916c5c7bb0 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Mon, 15 Dec 2025 23:38:10 +0530 Subject: [PATCH 03/20] updated version Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request-stub.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-main-pull-request-stub.yml b/.github/workflows/ci-main-pull-request-stub.yml index cb85fc32..24778313 100644 --- a/.github/workflows/ci-main-pull-request-stub.yml +++ b/.github/workflows/ci-main-pull-request-stub.yml @@ -40,7 +40,7 @@ jobs: # go-private-modules: GOPRIVATE for Go private modules, default is 'github.com/progress-platform-services/* # if version specified, it takes precedence; can be a semver like 1.0.2-xyz or a tag like "latest" - version: '6.1.13' # ${{ github.event.repository.version }} + version: '6.1.14' # ${{ github.event.repository.version }} detect-version-source-type: 'none' # options include "none" (do not detect), "file", "github-tag" or "github-release" detect-version-source-parameter: '' # use for file name language: 'ruby' # Go, Ruby, Rust, JavaScript, TypeScript, Python, Java, C#, PHP, other - used for build and SonarQube language setting @@ -72,7 +72,7 @@ jobs: # perform SonarQube scan, with or wihout unit test coverage data # requires secrets SONAR_TOKEN and SONAR_HOST_URL (progress.sonar.com) - perform-sonarqube-scan: false + perform-sonarqube-scan: true # perform-sonar-build: true # build-profile: 'default' # report-unit-test-coverage: true From e9f6ad96b84b25fbeaccfb406c693107c451e04d Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Tue, 16 Dec 2025 00:01:41 +0530 Subject: [PATCH 04/20] setting build to true Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request-stub.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-main-pull-request-stub.yml b/.github/workflows/ci-main-pull-request-stub.yml index 24778313..9bc95dde 100644 --- a/.github/workflows/ci-main-pull-request-stub.yml +++ b/.github/workflows/ci-main-pull-request-stub.yml @@ -65,7 +65,7 @@ jobs: polaris-executable-detect-path: 'path/to/detect' # perform application build and unit testing, will use custom repository properties when implemented for chef-primary-application, chef-build-profile, and chef-build-language - build: false + build: true # ga-build-profile: $chef-ga-build-profile # language: $chef-ga-build-language # this will be removed from stub as autodetected in central GA unit-tests: false From 21635dd4691812360a442ac948021c3a3c404d81 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Tue, 16 Dec 2025 00:09:27 +0530 Subject: [PATCH 05/20] empty commit to run scans Signed-off-by: nikhil2611 From c710f30efed46291a8f8ce805b9628b283b88b2d Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Tue, 16 Dec 2025 00:13:27 +0530 Subject: [PATCH 06/20] empty commit to run scans Signed-off-by: nikhil2611 From 965e5f1005fee95f0f2e4aed5831dca372d560ec Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Tue, 16 Dec 2025 00:24:21 +0530 Subject: [PATCH 07/20] empty commit to run scans Signed-off-by: nikhil2611 From 367271b7c30ecbea77950338cb2dc875c879f588 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Tue, 16 Dec 2025 13:56:39 +0530 Subject: [PATCH 08/20] empty commit to run scans Signed-off-by: nikhil2611 From d4cb9d2480d336ae658c035d27da0fecf6d8d130 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Tue, 16 Dec 2025 14:35:37 +0530 Subject: [PATCH 09/20] empty commit to run scans Signed-off-by: nikhil2611 From f7949c789d25bb17404eae40a83c8467cb9078fb Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Tue, 16 Dec 2025 14:41:39 +0530 Subject: [PATCH 10/20] empty commit to run scans Signed-off-by: nikhil2611 From 4976dd191d34a8ef3ad7112aee38751fd0ac60bd Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Tue, 16 Dec 2025 16:05:47 +0530 Subject: [PATCH 11/20] testing build by setting flag false Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request-stub.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-main-pull-request-stub.yml b/.github/workflows/ci-main-pull-request-stub.yml index 9bc95dde..3c37476e 100644 --- a/.github/workflows/ci-main-pull-request-stub.yml +++ b/.github/workflows/ci-main-pull-request-stub.yml @@ -99,7 +99,7 @@ jobs: blackduck-project-name: ${{ github.event.repository.name }} # BlackDuck project name, typically the repository name generate-blackduck-sbom: true # obsolete, use perform-blackduck-sca-scan instead - run-bundle-install: true + run-bundle-install: false generate-msft-sbom: false license_scout: false # Run license scout for license compliance (uses .license_scout.yml) From 0085a678e7db8e9e19569308f997ab629a26e1e5 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Tue, 16 Dec 2025 16:13:02 +0530 Subject: [PATCH 12/20] testing build by setting flag true Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request-stub.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-main-pull-request-stub.yml b/.github/workflows/ci-main-pull-request-stub.yml index 3c37476e..9bc95dde 100644 --- a/.github/workflows/ci-main-pull-request-stub.yml +++ b/.github/workflows/ci-main-pull-request-stub.yml @@ -99,7 +99,7 @@ jobs: blackduck-project-name: ${{ github.event.repository.name }} # BlackDuck project name, typically the repository name generate-blackduck-sbom: true # obsolete, use perform-blackduck-sca-scan instead - run-bundle-install: false + run-bundle-install: true generate-msft-sbom: false license_scout: false # Run license scout for license compliance (uses .license_scout.yml) From f2548c2c691fbd34435b526bf1d2adc826244f64 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Mon, 19 Jan 2026 17:46:12 +0530 Subject: [PATCH 13/20] updated chef-cli version to v6.1.16 Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request-stub.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-main-pull-request-stub.yml b/.github/workflows/ci-main-pull-request-stub.yml index 9bc95dde..5624305c 100644 --- a/.github/workflows/ci-main-pull-request-stub.yml +++ b/.github/workflows/ci-main-pull-request-stub.yml @@ -40,7 +40,7 @@ jobs: # go-private-modules: GOPRIVATE for Go private modules, default is 'github.com/progress-platform-services/* # if version specified, it takes precedence; can be a semver like 1.0.2-xyz or a tag like "latest" - version: '6.1.14' # ${{ github.event.repository.version }} + version: '6.1.16' # ${{ github.event.repository.version }} detect-version-source-type: 'none' # options include "none" (do not detect), "file", "github-tag" or "github-release" detect-version-source-parameter: '' # use for file name language: 'ruby' # Go, Ruby, Rust, JavaScript, TypeScript, Python, Java, C#, PHP, other - used for build and SonarQube language setting From c93d778ff1424af24c49cfa513be474056b56e13 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Tue, 20 Jan 2026 17:06:01 +0530 Subject: [PATCH 14/20] setting build to false to check scan Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request-stub.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-main-pull-request-stub.yml b/.github/workflows/ci-main-pull-request-stub.yml index 5624305c..d1261f8c 100644 --- a/.github/workflows/ci-main-pull-request-stub.yml +++ b/.github/workflows/ci-main-pull-request-stub.yml @@ -65,7 +65,7 @@ jobs: polaris-executable-detect-path: 'path/to/detect' # perform application build and unit testing, will use custom repository properties when implemented for chef-primary-application, chef-build-profile, and chef-build-language - build: true + build: false # ga-build-profile: $chef-ga-build-profile # language: $chef-ga-build-language # this will be removed from stub as autodetected in central GA unit-tests: false From 98300c564dea149b09dc9c9bf39539349be5d635 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Tue, 20 Jan 2026 17:14:20 +0530 Subject: [PATCH 15/20] revereted build back to false bec sbom scan is not happening Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request-stub.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-main-pull-request-stub.yml b/.github/workflows/ci-main-pull-request-stub.yml index d1261f8c..5624305c 100644 --- a/.github/workflows/ci-main-pull-request-stub.yml +++ b/.github/workflows/ci-main-pull-request-stub.yml @@ -65,7 +65,7 @@ jobs: polaris-executable-detect-path: 'path/to/detect' # perform application build and unit testing, will use custom repository properties when implemented for chef-primary-application, chef-build-profile, and chef-build-language - build: false + build: true # ga-build-profile: $chef-ga-build-profile # language: $chef-ga-build-language # this will be removed from stub as autodetected in central GA unit-tests: false From d2552375fc1a56035b428cf47006b263a77b2ae2 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Thu, 22 Jan 2026 11:58:46 +0530 Subject: [PATCH 16/20] updating the group name to chef-chef-cli as chef-cli group fails to generate NOTICE in sbominator Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request-stub.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-main-pull-request-stub.yml b/.github/workflows/ci-main-pull-request-stub.yml index 5624305c..3b7cab97 100644 --- a/.github/workflows/ci-main-pull-request-stub.yml +++ b/.github/workflows/ci-main-pull-request-stub.yml @@ -96,7 +96,7 @@ jobs: export-github-sbom: true # SPDX JSON artifact on job instance perform-blackduck-sca-scan: true # combined with generate sbom & generate github-sbom, also needs version above blackduck-project-group-name: 'Chef-Agents' # typically one of (Chef), Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services, Chef-Non-Product' - blackduck-project-name: ${{ github.event.repository.name }} # BlackDuck project name, typically the repository name + blackduck-project-name: chef-chef-cli # BlackDuck project name, typically the repository name - using chef-chef-cli as using 'chef-cli' a name in sbominator fails to generate the notice file with invalid group error generate-blackduck-sbom: true # obsolete, use perform-blackduck-sca-scan instead run-bundle-install: true From 8beb7f376502134841ed45fcc7dd45207f13c5f9 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Thu, 22 Jan 2026 12:33:32 +0530 Subject: [PATCH 17/20] updated version and also group names Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request-stub.yml | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci-main-pull-request-stub.yml b/.github/workflows/ci-main-pull-request-stub.yml index 3b7cab97..ca7a068f 100644 --- a/.github/workflows/ci-main-pull-request-stub.yml +++ b/.github/workflows/ci-main-pull-request-stub.yml @@ -40,7 +40,7 @@ jobs: # go-private-modules: GOPRIVATE for Go private modules, default is 'github.com/progress-platform-services/* # if version specified, it takes precedence; can be a semver like 1.0.2-xyz or a tag like "latest" - version: '6.1.16' # ${{ github.event.repository.version }} + version: '6.1.17' # ${{ github.event.repository.version }} detect-version-source-type: 'none' # options include "none" (do not detect), "file", "github-tag" or "github-release" detect-version-source-parameter: '' # use for file name language: 'ruby' # Go, Ruby, Rust, JavaScript, TypeScript, Python, Java, C#, PHP, other - used for build and SonarQube language setting @@ -60,9 +60,9 @@ jobs: # requires these secrets: POLARIS_SERVER_URL, POLARIS_ACCESS_TOKEN perform-blackduck-polaris: true polaris-application-name: "Chef-Agents" # one of these: Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services, Chef-Other, Chef-Non-Product - polaris-project-name: ${{ github.event.repository.name }} - polaris-blackduck-executable: 'path/to/blackduck/binary' - polaris-executable-detect-path: 'path/to/detect' + polaris-project-name: 'chef-chef-cli' + # polaris-blackduck-executable: 'path/to/blackduck/binary' + # polaris-executable-detect-path: 'path/to/detect' # perform application build and unit testing, will use custom repository properties when implemented for chef-primary-application, chef-build-profile, and chef-build-language build: true @@ -79,8 +79,7 @@ jobs: # report to central developer dashboard report-to-atlassian-dashboard: false - quality-product-name: 'Chef-Agents' # product name for quality reporting, like Chef360, Courier, Inspec - # quality-product-name: ${{ github.event.repository.name }} # like 'Chef-360' - the product name for quality reporting, like Chef360, Courier, Inspec + quality-product-name: 'chef-chef-cli' # product name for quality reporting, like Chef360, Courier, Inspec # quality-sonar-app-name: 'YourSonarAppName' # quality-testing-type: 'Integration' like Unit, Integration, e2e, api, Performance, Security # quality-service-name: 'YourServiceOrRepoName' From c115ebc68f4913ac13d1120e2ebacd38866bf3a8 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Thu, 22 Jan 2026 12:48:39 +0530 Subject: [PATCH 18/20] updated back to chef-cli Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request-stub.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-main-pull-request-stub.yml b/.github/workflows/ci-main-pull-request-stub.yml index ca7a068f..58a3a985 100644 --- a/.github/workflows/ci-main-pull-request-stub.yml +++ b/.github/workflows/ci-main-pull-request-stub.yml @@ -60,7 +60,7 @@ jobs: # requires these secrets: POLARIS_SERVER_URL, POLARIS_ACCESS_TOKEN perform-blackduck-polaris: true polaris-application-name: "Chef-Agents" # one of these: Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services, Chef-Other, Chef-Non-Product - polaris-project-name: 'chef-chef-cli' + polaris-project-name: 'chef-cli' # polaris-blackduck-executable: 'path/to/blackduck/binary' # polaris-executable-detect-path: 'path/to/detect' @@ -79,7 +79,7 @@ jobs: # report to central developer dashboard report-to-atlassian-dashboard: false - quality-product-name: 'chef-chef-cli' # product name for quality reporting, like Chef360, Courier, Inspec + quality-product-name: 'chef-cli' # product name for quality reporting, like Chef360, Courier, Inspec # quality-sonar-app-name: 'YourSonarAppName' # quality-testing-type: 'Integration' like Unit, Integration, e2e, api, Performance, Security # quality-service-name: 'YourServiceOrRepoName' From ddf3a26b694d11c83b4b82089f06e888753f4ecf Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Thu, 22 Jan 2026 15:12:40 +0530 Subject: [PATCH 19/20] updated back to chef-cli Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request-stub.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-main-pull-request-stub.yml b/.github/workflows/ci-main-pull-request-stub.yml index 58a3a985..fbedfcf2 100644 --- a/.github/workflows/ci-main-pull-request-stub.yml +++ b/.github/workflows/ci-main-pull-request-stub.yml @@ -95,7 +95,7 @@ jobs: export-github-sbom: true # SPDX JSON artifact on job instance perform-blackduck-sca-scan: true # combined with generate sbom & generate github-sbom, also needs version above blackduck-project-group-name: 'Chef-Agents' # typically one of (Chef), Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services, Chef-Non-Product' - blackduck-project-name: chef-chef-cli # BlackDuck project name, typically the repository name - using chef-chef-cli as using 'chef-cli' a name in sbominator fails to generate the notice file with invalid group error + blackduck-project-name: chef-cli # BlackDuck project name, typically the repository name - using chef-chef-cli as using 'chef-cli' a name in sbominator fails to generate the notice file with invalid group error generate-blackduck-sbom: true # obsolete, use perform-blackduck-sca-scan instead run-bundle-install: true From 4e20dea9ca6e4a897f7aac4b2f701bde99038fde Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Fri, 23 Jan 2026 14:57:44 +0530 Subject: [PATCH 20/20] update product name Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request-stub.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci-main-pull-request-stub.yml b/.github/workflows/ci-main-pull-request-stub.yml index fbedfcf2..da7ad0f9 100644 --- a/.github/workflows/ci-main-pull-request-stub.yml +++ b/.github/workflows/ci-main-pull-request-stub.yml @@ -60,7 +60,7 @@ jobs: # requires these secrets: POLARIS_SERVER_URL, POLARIS_ACCESS_TOKEN perform-blackduck-polaris: true polaris-application-name: "Chef-Agents" # one of these: Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services, Chef-Other, Chef-Non-Product - polaris-project-name: 'chef-cli' + polaris-project-name: ${{ github.event.repository.name }} # polaris-blackduck-executable: 'path/to/blackduck/binary' # polaris-executable-detect-path: 'path/to/detect' @@ -79,7 +79,7 @@ jobs: # report to central developer dashboard report-to-atlassian-dashboard: false - quality-product-name: 'chef-cli' # product name for quality reporting, like Chef360, Courier, Inspec + quality-product-name: ${{ github.event.repository.name }} # product name for quality reporting, like Chef360, Courier, Inspec # quality-sonar-app-name: 'YourSonarAppName' # quality-testing-type: 'Integration' like Unit, Integration, e2e, api, Performance, Security # quality-service-name: 'YourServiceOrRepoName' @@ -95,7 +95,7 @@ jobs: export-github-sbom: true # SPDX JSON artifact on job instance perform-blackduck-sca-scan: true # combined with generate sbom & generate github-sbom, also needs version above blackduck-project-group-name: 'Chef-Agents' # typically one of (Chef), Chef-Agents, Chef-Automate, Chef-Chef360, Chef-Habitat, Chef-Infrastructure-Server, Chef-Shared-Services, Chef-Non-Product' - blackduck-project-name: chef-cli # BlackDuck project name, typically the repository name - using chef-chef-cli as using 'chef-cli' a name in sbominator fails to generate the notice file with invalid group error + blackduck-project-name: ${{ github.event.repository.name }} # BlackDuck project name, typically the repository name - using chef-chef-cli as using 'chef-cli' a name in sbominator fails to generate the notice file with invalid group error generate-blackduck-sbom: true # obsolete, use perform-blackduck-sca-scan instead run-bundle-install: true