Skip to content

Add error handling to Synopsys workflow wget and unzip commands#8

Open
Copilot wants to merge 2 commits intoLukeLarge-patch-1from
copilot/sub-pr-5
Open

Add error handling to Synopsys workflow wget and unzip commands#8
Copilot wants to merge 2 commits intoLukeLarge-patch-1from
copilot/sub-pr-5

Conversation

Copy link

Copilot AI commented Dec 9, 2025
edited
Loading

Requires

Supports

Description

Addresses missing error handling in the Synopsys Intelligent Security Scan workflow. Without proper error handling, wget or unzip failures (network issues, invalid URLs, corrupted archives) would allow the workflow to continue, causing unclear downstream failures.

Changes

  • Added set -e and set -o pipefail to the Static Analysis with Polaris step shell script
  • Workflow now fails fast with clear error context when download or extraction fails
- name: Static Analysis with Polaris
  run: |
      set -e
      set -o pipefail
      export POLARIS_SERVER_URL=${{ secrets.POLARIS_SERVER_URL}}
      export POLARIS_ACCESS_TOKEN=${{ secrets.POLARIS_ACCESS_TOKEN}}
      wget -q ${{ secrets.POLARIS_SERVER_URL}}/api/tools/polaris_cli-linux64.zip
      unzip -j polaris_cli-linux64.zip -d /tmp
      /tmp/polaris analyze -w

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

Copilot AI mentioned this pull request Dec 9, 2025
Open
@LukeLarge
Add error handling to wget and unzip commands
bbaad05 
Co-authored-by: LukeLarge <162439255+LukeLarge@users.noreply.github.com>
Copilot AI changed the title [WIP] Update Synopsys Intelligent Security Scan workflow PR Add error handling to Synopsys workflow wget and unzip commands Dec 9, 2025
LukeLarge
Lawrence Lucas Large (LukeLarge) reviewed Mar 1, 2026
View reviewed changes
Copy link
Collaborator

@LukeLarge Lawrence Lucas Large (LukeLarge) left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Add error handling to Synopsys workflow wget and unzip commands
#8

@LukeLarge Lawrence Lucas Large (LukeLarge) marked this pull request as ready for review March 1, 2026 22:35
Copilot AI review requested due to automatic review settings March 1, 2026 22:35
Copilot AI reviewed Mar 1, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Improves the Synopsys Intelligent Security Scan GitHub Actions workflow by making the Polaris download/extract step fail fast when a command errors, reducing confusing downstream failures.

Changes:

  • Added set -e to stop the step on first command failure.
  • Added set -o pipefail to propagate failures through pipelines (when present).

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/workflows/synopsys-io.yml
set -o pipefail
export POLARIS_SERVER_URL=${{ secrets.POLARIS_SERVER_URL}}
export POLARIS_ACCESS_TOKEN=${{ secrets.POLARIS_ACCESS_TOKEN}}
wget -q ${{ secrets.POLARIS_SERVER_URL}}/api/tools/polaris_cli-linux64.zip
Copy link

Copilot AI Mar 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The secret-expanded values should be quoted to avoid word-splitting/globbing if the URL/token contain special characters. Also, since POLARIS_SERVER_URL is exported, prefer using it for the wget URL to avoid duplicating the secret expression (and keep the command consistent with the exported env var).

Suggested change
wget -q ${{ secrets.POLARIS_SERVER_URL}}/api/tools/polaris_cli-linux64.zip
wget -q "${POLARIS_SERVER_URL}/api/tools/polaris_cli-linux64.zip"

Copilot uses AI. Check for mistakes.
.github/workflows/synopsys-io.yml
@@ -43,6 +43,8 @@ jobs:
- name: Static Analysis with Polaris
if: ${{steps.prescription.outputs.sastScan == 'true' }}
Copy link

Copilot AI Mar 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

set -o pipefail is shell-dependent (works in bash, not in plain sh). To ensure consistent behavior across runners/config, explicitly set the step shell to bash (e.g., add shell: bash to this step).

Suggested change
if: ${{steps.prescription.outputs.sastScan == 'true' }}
if: ${{steps.prescription.outputs.sastScan == 'true' }}
shell: bash

Copilot uses AI. Check for mistakes.
.github/workflows/synopsys-io.yml
set -o pipefail
export POLARIS_SERVER_URL=${{ secrets.POLARIS_SERVER_URL}}
export POLARIS_ACCESS_TOKEN=${{ secrets.POLARIS_ACCESS_TOKEN}}
wget -q ${{ secrets.POLARIS_SERVER_URL}}/api/tools/polaris_cli-linux64.zip
Copy link

Copilot AI Mar 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using wget -q can suppress useful diagnostics in logs, which works against the stated goal of providing clearer error context when downloads fail. Consider using a less-silent mode (e.g., -nv) or removing -q so failures are easier to diagnose from workflow output.

Suggested change
wget -q ${{ secrets.POLARIS_SERVER_URL}}/api/tools/polaris_cli-linux64.zip
wget -nv ${{ secrets.POLARIS_SERVER_URL}}/api/tools/polaris_cli-linux64.zip

Copilot uses AI. Check for mistakes.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@LukeLarge Lawrence Lucas Large (LukeLarge) LukeLarge left review comments

Copilot code review Copilot Copilot left review comments

Assignees

@LukeLarge Lawrence Lucas Large (LukeLarge)

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@LukeLarge