bugfix: broken release pipeline#831
Conversation
![hyperspace-insights[bot]](https://avatars.githubusercontent.com/u/2531208?s=60&v=4){kind=small}
There was a problem hiding this comment.
The PR is in good shape overall, but it introduces a breaking change: the new version input in scan-with-blackduck/action.yml is declared required: true, yet the existing main.yml workflow that calls this action in RAPID scan mode does not supply it — this will cause the CI-MAIN pipeline to fail after merge. The version input should either be made optional with a sensible default, or main.yml must be updated to pass a value (e.g. the commit SHA or branch name).
PR Bot Information
Version: 1.20.51
- Agent Instructions:
- File Content Strategy: Full file content
- LLM:
anthropic--claude-4.6-sonnet - Event Trigger:
pull_request.opened - Correlation ID:
73c79ced-02c3-45cb-8c6b-57b8f39aa2a1
| version: | ||
| description: The project version to report to Black Duck (e.g. release tag). | ||
| required: true |
There was a problem hiding this comment.
Bug: The new version input is marked required: true, but the main.yml workflow's blackduck job calls this action without supplying version. This will cause the CI-MAIN workflow to fail after this PR merges.
The main.yml scan runs in RAPID mode (pre-merge/nightly) where no release tag exists, so a sensible fallback would be to either make version optional with a default (e.g. the branch name or commit SHA), or derive it inside the action when the input is absent.
Consider making version optional and providing a default, for example the git commit SHA, or add a fallback step inside the action:
version:
description: The project version to report to Black Duck (e.g. release tag).
required: false
default: ''And then derive it inside the action when it is empty (e.g. via git rev-parse --short HEAD).
Please provide feedback on the review comment by checking the appropriate box:
- 🌟 Awesome comment, a human might have missed that.
- ✅ Helpful comment
- 🤷 Neutral
- ❌ This comment is not helpful
1 participant
Fix Broken Release Pipeline
🐛 Bug Fix: Resolved issues in the release pipeline related to BlackDuck scanning and the build process.
Changes
.github/actions/build/action.yml: Added a step to install@sap/cds-dk@9.9.1globally via npm before the Maven build step..github/actions/scan-with-blackduck/action.yml:versioninput parameter to accept the project version externally (e.g., a release tag), replacing the previously inlineGet Revisionstep that derived the version from Maven.Get Revisionstep that usedmvn help:evaluateto extract the revision.--detect.project.version.nameto use${{ inputs.version }}instead of the now-removed step output.--detect.project.group.name=CDSJAVA-OPEN-SOURCEto the BlackDuck detect arguments..github/workflows/release.yml: Passes${{ github.event.release.tag_name }}as theversioninput to thescan-with-blackduckaction, ensuring the release tag is used as the BlackDuck project version.PR Bot Information
Version:
1.20.51anthropic--claude-4.6-sonnetpull_request.opened73c79ced-02c3-45cb-8c6b-57b8f39aa2a1