Enable code scanning for infrastructure repositories

[AlexanderLanin]

Enable basic code scanning for infrastructure repositories while disabling it for forks.

Typical infrastructure repositories contain actions and python code. Just cicd-actions is known to also contain JS/TS code.

Note: infrastructure is going first. If that works out, we'll roll it out to the others as well.

[AlexanderLanin]

oh crap. github rejects configuring non existent languages with One or more languages you selected are not present in the repository. Looks like we need to generate jsonnet from data in https://eclipse-score.github.io/.github/#tech-stack

[eclipse-otterdog]

Thank you for raising a pull request to update the configuration of your GitHub organization.
You can manually add reviewers to this PR to eventually enable auto-merging.

The following conditions need to be fulfilled for auto-merging to be available:

• valid configuration
• approved by a project lead
• does not require any secrets
• does not update settings only accessible via the GitHub Web UI
• does not remove any resource

Otterdog commands and options

You can trigger otterdog actions by commenting on this PR:

• /otterdog team-info checks the team / org membership for the PR author
• /otterdog validate validates the configuration change
• /otterdog validate info validates the configuration change, printing also validation infos
• /otterdog check-sync checks if the base ref is in sync with live settings
• /otterdog merge merges and applies the changes if the PR is eligible for auto-merging (only accessible for the author)
• /otterdog done notifies the self-service bot that a required manual apply operation has been performed (only accessible for members of the admin team)
• /otterdog apply re-apply a previously failed attempt (only accessible for members of the admin team)

[eclipse-otterdog]

The author (AlexanderLanin) of this PR is associated with this organization in the role of MEMBER.

Additionally, AlexanderLanin is a member of the following teams:

• automotive-score-committers

• automotive-score-security

• cft-orchestration

• cft-feo

• infrastructure-maintainers

• codeowner-reference_integration

[eclipse-otterdog]

Note

The current configuration is out-of-sync with the live settings:

Diff to live settings

Project automotive.score[github_id=eclipse-score]
  there have been 36 validation infos, enable verbose output to display them.

-  remove org_secret[name="DEVELOCITY_API_TOKEN"] {
-    name                  = "DEVELOCITY_API_TOKEN"
-    selected_repositories = []
-    visibility            = "public"
-  }

-  remove environment[name="copilot", repository=logging] {
-    deployment_branch_policy = "all"
-    name                     = "copilot"
-    reviewers                = []
-    wait_timer               = 0
-  }

-  remove environment[name="copilot", repository=inc_someip_gateway] {
-    deployment_branch_policy = "all"
-    name                     = "copilot"
-    reviewers                = []
-    wait_timer               = 0
-  }
  
  Plan: 0 to add, 0 to change, 3 to delete.

[eclipse-otterdog]

Please find below the validation of the requested configuration changes:

Diff for 3038888

Project automotive.score[github_id=eclipse-score]
  there have been 36 validation infos, enable verbose output to display them.

  
!   repository[name="apt-install"] {
!     code_scanning_default_languages     = [
+      "actions"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="bazel-tools-cc"] {
!     code_scanning_default_languages     = [
+      "actions"
+      "c-cpp"
+      "python"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="bazel_cpp_toolchains"] {
!     code_scanning_default_languages     = [
+      "actions"
+      "python"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="bazel_platforms"] {
!     code_scanning_default_languages     = [
+      "actions"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="bazel_registry"] {
!     code_scanning_default_languages     = [
+      "actions"
+      "python"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="bazel_registry_ui"] {
!     dependabot_security_updates_enabled = true -> false
!   }

  
!   repository[name="cicd-actions"] {
!     code_scanning_default_languages     = [
+      "actions"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="cicd-workflows"] {
!     code_scanning_default_languages     = [
+      "actions"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="dash-license-scan"] {
!     code_scanning_default_languages     = [
+      "actions"
+      "python"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="devcontainer"] {
!     code_scanning_default_languages     = [
+      "actions"
+      "python"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="docs-as-code"] {
!     code_scanning_default_languages     = [
+      "actions"
+      "python"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="ferrocene_toolchain_builder"] {
!     code_scanning_default_languages     = [
+      "actions"
+      "python"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="infrastructure"] {
!     code_scanning_default_languages     = [
+      "actions"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="itf"] {
!     code_scanning_default_languages     = [
+      "actions"
+      "python"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="module_template"] {
!     code_scanning_default_languages     = [
+      "actions"
+      "c-cpp"
+      "python"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="more-disk-space"] {
!     code_scanning_default_languages     = [
+      "actions"
+      "javascript-typescript"
+      "python"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="os_images"] {
!     code_scanning_default_languages     = [
+      "actions"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="qnx_unit_tests"] {
!     code_scanning_default_languages     = [
+      "actions"
+      "c-cpp"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="reference_integration"] {
!     code_scanning_default_languages     = [
+      "actions"
+      "python"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="rules_imagefs"] {
!     code_scanning_default_languages     = [
+      "actions"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="rules_rust"] {
!     dependabot_security_updates_enabled = true -> false
!   }

  
!   repository[name="sbom-tool"] {
!     code_scanning_default_languages     = [
+      "actions"
+      "python"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="score_cpp_policies"] {
!     code_scanning_default_languages     = [
+      "actions"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="score_rust_policies"] {
!     code_scanning_default_languages     = [
+      "actions"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="testing_tools"] {
!     code_scanning_default_languages     = [
+      "actions"
+      "c-cpp"
+      "python"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="toolchains_gcc"] {
!     code_scanning_default_languages     = [
+      "actions"
+      "c-cpp"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="toolchains_gcc_packages"] {
!     code_scanning_default_languages     = [
+      "actions"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="toolchains_qnx"] {
!     code_scanning_default_languages     = [
+      "actions"
+      "python"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="toolchains_rust"] {
!     code_scanning_default_languages     = [
+      "actions"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="tooling"] {
!     code_scanning_default_languages     = [
+      "actions"
+      "python"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }

  
!   repository[name="tools"] {
!     code_scanning_default_languages     = [
+      "actions"
!     ]
!     code_scanning_default_setup_enabled = false -> true
!   }
  
  Plan: 0 to add, 60 to change, 0 to delete.

[AlexanderLanin]

/otterdog merge

[eclipse-otterdog]

Warning

This pull request cannot be auto-merged via /otterdog merge

• pull request cannot be automatically merged (contains secrets, requires web UI changes, includes deletions or touches non-configuration files)

[AlexanderLanin]

@eclipse-score/eclipsefdn-releng can you merge this? Was it wrong to include the script in this repo?