Skip to content
CI Pull Request on Main Branch

CHEF-31159: Setup common config to block PR merges if trufflehog fail… #14

Sign in to view logs

CHEF-31159: Setup common config to block PR merges if trufflehog fail…

CHEF-31159: Setup common config to block PR merges if trufflehog fail… #14

Triggered via push May 19, 2026 11:03
@nikhil2611nikhil2611
pushed 34c1bab
chef-cli-5
Status Success
Total duration 2m 12s
Artifacts 7

ci-main-pull-request-stub-1.0.8.yml

on: push
Detect custom properties
6s
Detect custom properties
Echo stub version
3s
Echo stub version
call-ci-main-pr-check-pipeline  /  Checkout repository
5s
call-ci-main-pr-check-pipeline / Checkout repository
call-ci-main-pr-check-pipeline  /  Pre-compilation checks
6s
call-ci-main-pr-check-pipeline / Pre-compilation checks
call-ci-main-pr-check-pipeline  /  Build/compilation and unit tests (CI)
57s
call-ci-main-pr-check-pipeline / Build/compilation and unit tests (CI)
call-ci-main-pr-check-pipeline  /  ...  /  Export SBOM from GitHub Dependency Graph API
9s
call-ci-main-pr-check-pipeline / Generating SBOM / Export SBOM from GitHub Dependency Graph API
call-ci-main-pr-check-pipeline  /  ...  /  Blackduck SCA Scan (PURPLE)
1m 46s
call-ci-main-pr-check-pipeline / Generating SBOM / Blackduck SCA Scan (PURPLE)
call-ci-main-pr-check-pipeline  /  ...  /  Generate MSFT SBOM
0s
call-ci-main-pr-check-pipeline / Generating SBOM / Generate MSFT SBOM
call-ci-main-pr-check-pipeline  /  ...  /  license_scout
0s
call-ci-main-pr-check-pipeline / Generating SBOM / license_scout
call-ci-main-pr-check-pipeline  /  ...  /  Build and upload Docker image
call-ci-main-pr-check-pipeline / Build Docker image for security scans / Build and upload Docker image
call-ci-main-pr-check-pipeline  /  ...  /  Complexity and SLOC generation
19s
call-ci-main-pr-check-pipeline / Source code complexity checks / Complexity and SLOC generation
call-ci-main-pr-check-pipeline  /  Language-specific pre-compilation steps and linting
0s
call-ci-main-pr-check-pipeline / Language-specific pre-compilation steps and linting
call-ci-main-pr-check-pipeline  /  Language-agnostic pre-compilation steps
0s
call-ci-main-pr-check-pipeline / Language-agnostic pre-compilation steps
call-ci-main-pr-check-pipeline  /  ...  /  Trufflehog
16s
call-ci-main-pr-check-pipeline / Trufflehog scan / Trufflehog
call-ci-main-pr-check-pipeline  /  Grype scan
1m 28s
call-ci-main-pr-check-pipeline / Grype scan
call-ci-main-pr-check-pipeline  /  ...  /  BlackDuck Polaris SAST scan
1m 6s
call-ci-main-pr-check-pipeline / BlackDuck Polaris SAST scan / BlackDuck Polaris SAST scan
call-ci-main-pr-check-pipeline  /  ...  /  Grype scan (Linux)
call-ci-main-pr-check-pipeline / Grype scan Habitat packages from bldr.habitat.sh / Grype scan (Linux)
call-ci-main-pr-check-pipeline  /  ...  /  Grype scan (MacOS)
call-ci-main-pr-check-pipeline / Grype scan Habitat packages from bldr.habitat.sh / Grype scan (MacOS)
call-ci-main-pr-check-pipeline  /  ...  /  Grype scan (Windows)
call-ci-main-pr-check-pipeline / Grype scan Habitat packages from bldr.habitat.sh / Grype scan (Windows)
call-ci-main-pr-check-pipeline  /  Creating packaged binaries
3s
call-ci-main-pr-check-pipeline / Creating packaged binaries
call-ci-main-pr-check-pipeline  /  Detect SBOM version for application
call-ci-main-pr-check-pipeline / Detect SBOM version for application
Matrix: call-ci-main-pr-check-pipeline / Unit tests
call-ci-main-pr-check-pipeline  /  ...  /  irfan
call-ci-main-pr-check-pipeline / Reporting to quality dashboard / irfan
call-ci-main-pr-check-pipeline  /  ...  /  Grype vulnerability scan
call-ci-main-pr-check-pipeline / Grype Docker image scan / Grype vulnerability scan
call-ci-main-pr-check-pipeline  /  ...  /  Wiz CLI container image scan
call-ci-main-pr-check-pipeline / Wiz CLI security scan / Wiz CLI container image scan
call-ci-main-pr-check-pipeline  /  Creating Habitat packages
3s
call-ci-main-pr-check-pipeline / Creating Habitat packages
call-ci-main-pr-check-pipeline  /  Publishing Habitat packages to Builder
0s
call-ci-main-pr-check-pipeline / Publishing Habitat packages to Builder
call-ci-main-pr-check-pipeline  /  Publishing packages
0s
call-ci-main-pr-check-pipeline / Publishing packages
call-ci-main-pr-check-pipeline  /  Grype scan of Habitat packages
call-ci-main-pr-check-pipeline / Grype scan of Habitat packages
call-ci-main-pr-check-pipeline  /  Grype scan of Habitat packages (Windows)
call-ci-main-pr-check-pipeline / Grype scan of Habitat packages (Windows)
Fit to window
Zoom out
Zoom in

Annotations

1 error and 6 warnings
call-ci-main-pr-check-pipeline / Build/compilation and unit tests (CI)
Process completed with exit code 1.
Detect custom properties
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/checkout@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
call-ci-main-pr-check-pipeline / Generating SBOM / Export SBOM from GitHub Dependency Graph API
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
call-ci-main-pr-check-pipeline / Source code complexity checks / Complexity and SLOC generation
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
call-ci-main-pr-check-pipeline / BlackDuck Polaris SAST scan / BlackDuck Polaris SAST scan
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: blackduck-inc/black-duck-security-scan@v2. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
call-ci-main-pr-check-pipeline / Grype scan
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@v4. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/
call-ci-main-pr-check-pipeline / Generating SBOM / Blackduck SCA Scan (PURPLE)
Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: actions/upload-artifact@v4, blackduck-inc/black-duck-security-scan@v2.1.1. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Node.js 20 will be removed from the runner on September 16th, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/

Artifacts

Produced during runtime
Name Size Digest
chef-chef-cli-20260519110333-GitHub-sbom.json
2.31 KB
sha256:48e414e10fb1a0a55188f075646d92dd4f7152a9bd3c06ea09c46ed7c0e88ca3
chef-chef-cli-chef-cli-5-20260519110345-scc-complexity.html
8 KB
sha256:7dfd0257abe51b30ead0b4492c53b38f606af498ca6dae7aebdffda22c8225ec
chef-chef-cli-chef-cli-5-20260519110345-scc-complexity.json
9.87 KB
sha256:b714f62cd69f51b2f7ce76a50c3f8be86b01d3bd4d1907dc7a260b87d3eb2e38
chef-chef-cli-chef-cli-5-20260519110345-scc-complexity.txt
738 Bytes
sha256:d46ffa2dd7c7caa79c0f439a1673475dbbf43c5ad94d3e0ef21f2f31c75f354e
chef-chef-cli-chef-cli-5-5.6.24-20260519110333-GitHub-sbom.csv
1.4 KB
sha256:bb9dd2bae7929ab436f87701c099db449bd155a61090eebcd40e87a0edb299b8
chef-cli-Gemfile-lock.txt
3.8 KB
sha256:7d623b3856f4ae2f36e4a22bac3889942e21bb3ac220fcf45a8a67e5ac564114
grype-scan-chef-cli-20260519-110453
3.62 KB
sha256:2ef90eec64cc48763763fa83ae8b24dee454f03ba762598f66c12c5137cda4f3