Add FOSSA scanning workflow #6366
Conversation
|
@chalin - I think this one's for you. |
| jobs: | ||
| fossa: | ||
| runs-on: ubuntu-latest | ||
| steps: |
There was a problem hiding this comment.
@trask - this should probably be guarded by a condition testing that we're in the OTel org. WDYT? Because I'm getting errors now from my fork, and I assume that others are too: https://github.com/chalin/opentelemetry.io/actions/runs/13508051895
There was a problem hiding this comment.
github forks have actions turned off by default these days, so I suspect this isn't needed across OTel, but if you need it in this repo that's no problem
There was a problem hiding this comment.
I'm getting a bunch of failed FOSSA jobs, one for each of my forked OTel org repos. Here's another: https://github.com/chalin/semantic-conventions/actions/runs/13508298687.
I was asking because I wondered if that workflow content was something we (OTel folks) had control over. If so, can we add the check for the org?
There was a problem hiding this comment.
just curious, why do you run github actions on your semconv fork?
There was a problem hiding this comment.
I don't think that I turned those on. Maybe PR checks are useful? Anyhow, I can certainly turn off the workflow across my OTel repo forks, but I figured that I might not be the only one in this situation. So my reasoning was: why not "fix" the issue at its source?
See open-telemetry/community#2574 for details