Skip to content

Fix Synopsys workflow: remove spacing inconsistencies, replace placeholders, add error handling#10

Open
Copilot wants to merge 2 commits intoLukeLarge-patch-1from
copilot/sub-pr-5-another-one
Open

Fix Synopsys workflow: remove spacing inconsistencies, replace placeholders, add error handling#10
Copilot wants to merge 2 commits intoLukeLarge-patch-1from
copilot/sub-pr-5-another-one

Conversation

Copy link

Copilot AI commented Dec 9, 2025
edited
Loading

Addresses review feedback on the Synopsys Intelligent Security Scan workflow configuration.

Changes

  • Secret reference spacing: Standardized spacing in GitHub secret references (removed spaces before closing braces)
  • Placeholder replacement:
    • {{PROJECT_NAME}}${{ github.event.repository.name }}
    • {{PROJECT_VERSION}}${{ github.ref_name }}
  • YAML multi-line syntax: Applied proper >- operator for additionalWorkflowArgs
  • Error handling: Added set -e to Polaris step for fail-fast on wget/unzip failures

Requires

Supports

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

Copilot AI mentioned this pull request Dec 9, 2025
Open
@LukeLarge
Fix workflow issues: spacing, placeholders, and error handling
294e044 
Co-authored-by: LukeLarge <162439255+LukeLarge@users.noreply.github.com>
Copilot AI changed the title [WIP] Add Synopsys Intelligent Security Scan workflow Fix Synopsys workflow: remove spacing inconsistencies, replace placeholders, add error handling Dec 9, 2025
LukeLarge
Lawrence Lucas Large (LukeLarge) reviewed Mar 1, 2026
View reviewed changes
Copy link
Collaborator

@LukeLarge Lawrence Lucas Large (LukeLarge) left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix Synopsys workflow: remove spacing inconsistencies, replace placeholders, add error handling
#10

@LukeLarge Lawrence Lucas Large (LukeLarge) marked this pull request as ready for review March 1, 2026 22:20
Copilot AI review requested due to automatic review settings March 1, 2026 22:20
Copilot AI reviewed Mar 1, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the Synopsys Intelligent Security Scan GitHub Actions workflow to standardize expression formatting, replace templated placeholders with GitHub context values, and improve step robustness.

Changes:

  • Standardized GitHub Actions expression formatting in secret references.
  • Replaced {{PROJECT_NAME}} / {{PROJECT_VERSION}} placeholders with github.* context values.
  • Converted additionalWorkflowArgs to folded YAML (>-) and added fail-fast behavior in the Polaris CLI step.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/synopsys-io.yml
export POLARIS_SERVER_URL=${{ secrets.POLARIS_SERVER_URL}}
export POLARIS_ACCESS_TOKEN=${{ secrets.POLARIS_ACCESS_TOKEN}}
wget -q ${{ secrets.POLARIS_SERVER_URL}}/api/tools/polaris_cli-linux64.zip
set -e
Copy link

Copilot AI Mar 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

set -e is likely redundant in GitHub Actions run: steps on Linux runners (the default bash invocation is typically already -e and -o pipefail). Consider removing this to avoid implying behavior changes that may already be present, or add a brief comment explaining why it’s needed here (e.g., if shell: is overridden elsewhere).

Suggested change
set -e

Copilot uses AI. Check for mistakes.
.github/workflows/synopsys-io.yml
Comment on lines +47 to +49
export POLARIS_SERVER_URL=${{secrets.POLARIS_SERVER_URL}}
export POLARIS_ACCESS_TOKEN=${{secrets.POLARIS_ACCESS_TOKEN}}
wget -q ${{secrets.POLARIS_SERVER_URL}}/api/tools/polaris_cli-linux64.zip
Copy link

Copilot AI Mar 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These unquoted expansions can break the shell script if the secret values contain characters significant to the shell (spaces, &, ?, etc.). Quote the assigned values and the URL used by wget (or use the exported POLARIS_SERVER_URL variable) to ensure the command behaves correctly for all valid secret contents.

Suggested change
export POLARIS_SERVER_URL=${{secrets.POLARIS_SERVER_URL}}
export POLARIS_ACCESS_TOKEN=${{secrets.POLARIS_ACCESS_TOKEN}}
wget -q ${{secrets.POLARIS_SERVER_URL}}/api/tools/polaris_cli-linux64.zip
export POLARIS_SERVER_URL="${{secrets.POLARIS_SERVER_URL}}"
export POLARIS_ACCESS_TOKEN="${{secrets.POLARIS_ACCESS_TOKEN}}"
wget -q "${POLARIS_SERVER_URL}/api/tools/polaris_cli-linux64.zip"

Copilot uses AI. Check for mistakes.
.github/workflows/synopsys-io.yml
uses: blackducksoftware/github-action@9ea442b34409737f64743781e9adc71fd8e17d38
with:
args: '--blackduck.url="${{ secrets.BLACKDUCK_URL}}" --blackduck.api.token="${{ secrets.BLACKDUCK_TOKEN}}" --detect.tools="SIGNATURE_SCAN,DETECTOR"'
args: '--blackduck.url="${{secrets.BLACKDUCK_URL}}" --blackduck.api.token="${{secrets.BLACKDUCK_TOKEN}}" --detect.tools="SIGNATURE_SCAN,DETECTOR"'
Copy link

Copilot AI Mar 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Expression formatting is inconsistent (some use ${{secrets.X}}, others ${{ github.* }} with spaces). Consider standardizing to a single style across the workflow (commonly ${{ secrets.X }} / ${{ github.X }}) to reduce churn and make future diffs easier to review.

Copilot uses AI. Check for mistakes.
.github/workflows/synopsys-io.yml
Comment on lines 65 to +71
ioServerUrl: ${{secrets.IO_SERVER_URL}}
ioServerToken: ${{secrets.IO_SERVER_TOKEN}}
workflowServerUrl: ${{secrets.WORKFLOW_SERVER_URL}}
additionalWorkflowArgs: --IS_SAST_ENABLED=${{steps.prescription.outputs.sastScan}} --IS_SCA_ENABLED=${{steps.prescription.outputs.scaScan}}
--polaris.project.name={{PROJECT_NAME}} --polaris.url=${{secrets.POLARIS_SERVER_URL}} --polaris.token=${{secrets.POLARIS_ACCESS_TOKEN}}
--blackduck.project.name={{PROJECT_NAME}}:{{PROJECT_VERSION}} --blackduck.url=${{secrets.BLACKDUCK_URL}} --blackduck.api.token=${{secrets.BLACKDUCK_TOKEN}}
additionalWorkflowArgs: >-
--IS_SAST_ENABLED=${{steps.prescription.outputs.sastScan}} --IS_SCA_ENABLED=${{steps.prescription.outputs.scaScan}}
--polaris.project.name=${{ github.event.repository.name }} --polaris.url=${{secrets.POLARIS_SERVER_URL}} --polaris.token=${{secrets.POLARIS_ACCESS_TOKEN}}
--blackduck.project.name=${{ github.event.repository.name }}:${{ github.ref_name }} --blackduck.url=${{secrets.BLACKDUCK_URL}} --blackduck.api.token=${{secrets.BLACKDUCK_TOKEN}}
Copy link

Copilot AI Mar 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Expression formatting is inconsistent (some use ${{secrets.X}}, others ${{ github.* }} with spaces). Consider standardizing to a single style across the workflow (commonly ${{ secrets.X }} / ${{ github.X }}) to reduce churn and make future diffs easier to review.

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LukeLarge Lawrence Lucas Large (LukeLarge) LukeLarge left review comments

Copilot code review Copilot Copilot left review comments

Assignees

@LukeLarge Lawrence Lucas Large (LukeLarge)

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@LukeLarge