Closed eguzki closed 3 months ago
david-martin
commented
3 months ago @eguzki the details are a little lacking in the logs :( https://github.com/Kuadrant/limitador/actions/runs/10493245985/job/29066736342?pr=369 I wonder if that would give more info if a non push-only key was used? Or if there's a way to provide a handy link to the fossa project page?
eguzki
commented
3 months ago Changing the key no another one with full permissions.
After telling Fossa to ignore the dual license false positive, tests now pass.
eguzki
commented
3 months ago Fossa scanning/testing works as follows: First step is scan phase. That scanning does not happen locally, but at Fossa servers. The report is then available in their site on completion.
If you check the scan step in our workflow, you will see the scan step provides a link: https://app.fossa.com/projects/custom%2b162%2fgit%2bgithub.com%2fKuadrant%2flimitador/refs/branch/fossa-scan/0458484c3719b3141af936912562731164ac24a4
The run step waits for scan completion and then fails if there are issues.
PS: The link above no longer shows issues, because latest scan on the same revision returned no issues.
Failing because we actually have an issue with the licenses. Explained in https://github.com/Kuadrant/limitador/issues/368