Generate temporary Gemfile.lock for FOSSA CI scan #1505

kaylareopelle · 2025-04-25T23:21:17Z

FOSSA scans expect a Gemfile.lock to do their work. Gems, as a best practice, do not check in a Gemfile.lock.

The New Relic Ruby agent gets around this by bundling the gem in a step prior to the scan:
https://github.com/newrelic/newrelic-ruby-agent/actions/runs/14669694175/workflow

Something similar may work for this repo, though we'll need to adjust so that all the nested gems get bundled.

Until then, FOSSA scans will fail.

Example: https://github.com/open-telemetry/opentelemetry-ruby-contrib/actions/runs/14674537659

github-actions · 2025-05-26T02:11:09Z

👋 This issue has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the keep label to hold stale off permanently, or do nothing. If you do nothing this issue will be closed eventually by the stale bot.

kaylareopelle · 2025-05-27T17:51:41Z

Scans are silently failing. When you open the action, you'll see the failures, but the scan itself will pass.

github-actions bot added the stale Marks an issue/PR stale label May 26, 2025

kaylareopelle removed the stale Marks an issue/PR stale label May 27, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Generate temporary Gemfile.lock for FOSSA CI scan #1505

Generate temporary Gemfile.lock for FOSSA CI scan #1505

kaylareopelle commented Apr 25, 2025

github-actions bot commented May 26, 2025

Uh oh!

kaylareopelle commented May 27, 2025

Uh oh!

Generate temporary Gemfile.lock for FOSSA CI scan #1505

Generate temporary Gemfile.lock for FOSSA CI scan #1505

Comments

kaylareopelle commented Apr 25, 2025

github-actions bot commented May 26, 2025

Uh oh!

kaylareopelle commented May 27, 2025

Uh oh!