Skip to content

Comments

chore: updated the RL wrapper installation path#746

Merged
sanchitmehtagit merged 1 commit intomainfrom
rl_scanner
Feb 19, 2026
Merged

chore: updated the RL wrapper installation path#746
sanchitmehtagit merged 1 commit intomainfrom
rl_scanner

Conversation

@pmathew92
Copy link
Contributor

@pmathew92 pmathew92 commented Feb 19, 2026

📋 Changes

GH action pipeline change for RL scanner

@pmathew92 pmathew92 requested a review from a team as a code owner February 19, 2026 07:12
Copilot AI review requested due to automatic review settings February 19, 2026 07:12
Copilot AI reviewed Feb 19, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the GitHub composite action used to run the ReversingLabs (RL) scanner by changing where the rl-wrapper Python package is installed from.

Changes:

  • Switches the pip --index-url path used to install rl-wrapper from the internal Artifactory PyPI endpoint.
  • Removes the rl-wrapper version constraint during installation.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

.github/actions/rl-scanner/action.yml
shell: bash
run: |
pip install rl-wrapper>=1.0.0 --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python-local/simple"
pip install rl-wrapper --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python/simple"
Copy link

Copilot AI Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The RL wrapper install command no longer specifies any version constraint. This makes the action non-reproducible and can introduce unexpected breakages if a new (or old) rl-wrapper release changes behavior. Consider restoring a lower bound (e.g., the previous ">=1.0.0") or pinning to a known-good version/range that matches the scanner expectations.

Suggested change
pip install rl-wrapper --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python/simple"
pip install "rl-wrapper>=1.0.0" --index-url "https://${{ env.PRODSEC_TOOLS_USER }}:${{ env.PRODSEC_TOOLS_TOKEN }}@a0us.jfrog.io/artifactory/api/pypi/python/simple"

Copilot uses AI. Check for mistakes.
Copy link
Contributor Author

@pmathew92 pmathew92 Feb 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is intentional

@sanchitmehtagit sanchitmehtagit merged commit 2502656 into main Feb 19, 2026
17 checks passed
@sanchitmehtagit sanchitmehtagit deleted the rl_scanner branch February 19, 2026 17:23
NandanPrabhu added a commit that referenced this pull request Feb 23, 2026
@NandanPrabhu
Merge branch 'main' into SDK-6071
5797128 
* main: (79 commits)
  build(deps): bump aws-actions/configure-aws-credentials from 5.1.1 to 6.0.0 in /.github/actions/rl-scanner (#744)
  chore:  updated the RL wrapper installation path (#746)
  Release af-v2.0.0-beta.3 (#743)
  Release afpi-v2.0.0-beta.3 (#742)
  Release afpi-v2.0.0-beta.3 (#741)
  build(deps): bump ruby/setup-ruby from 1.286.0 to 1.288.0 in /.github/actions/setup-darwin (#740)
  CredentialsManager user info/ID token contents accessible via flutter SDK (#607)
  CI cleanup
  Avoid running always failing smoke tests for iOS
  make PR runs  with release workflow that triggers flutter analyze
  udpate pubspec
  udpate podspecs
  Release af-v2.0.0-beta.2
  pubspec update for beta release
  Release afpi-v2.0.0-beta.2
  fix flutter analyse errors
  build(deps): bump ruby/setup-ruby from 1.285.0 to 1.286.0 in /.github/actions/setup-darwin (#728)
  build(deps-dev): bump lodash from 4.17.21 to 4.17.23 in /appium-test (#729)
  chore:Fixed errors from flutter analyze (#727)
  feat: Add allowedBrowsers parameter to logout API [SDK-724] (#726)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@NandanPrabhu NandanPrabhu NandanPrabhu approved these changes

@sanchitmehtagit sanchitmehtagit sanchitmehtagit approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pmathew92 @NandanPrabhu @sanchitmehtagit