spin icon indicating copy to clipboard operation
spin copied to clipboard
verified publisher icon fermyon

ci(fossa): use custom fossa config

Open vdice opened this issue 7 months ago • 0 comments

A follow-up to https://github.com/spinframework/spin/pull/3138 which added a FOSSA check to CI.

The check is running successfully but it does encounter errors attempting to check some template apps under templates/ which would be nice to avoid. We'd like to exclude scanning these template apps via a .fossa.yml configuration file, eg:

version: 3

paths:
  exclude:
    - ./templates/**

However, in our tests, we encountered error(s) seemingly from some interaction with the fossa GH action (and/or fossa CLI) and the config. Example from this run:

/opt/hostedtoolcache/fossa/3.10.8/linux_amd64/fossa analyze 
Error:  An issue occurred

  *** Relevant Errors ***

      Error: Invalid project permission
      You do not have permission to edit projects for your Organization.
      Documentation: https://docs.fossa.com/docs/role-based-access-control
      Support: If you believe this to be a defect, please report a bug to FOSSA support at https://support.fossa.com/
      Help: Contact your FOSSA organization admin to grant you proper permissions

We've contacted support but have yet to hear back as of writing.

vdice avatar May 21 '25 20:05 vdice