From 6784ef5caa01a56576e031db99cb32088b921b61 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 29 Dec 2025 04:15:00 +0000 Subject: [PATCH 1/3] Initial plan From 617f13e096f5ca699a05265e75cf9d4671f25870 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 29 Dec 2025 04:21:46 +0000 Subject: [PATCH 2/3] Add Docker image pre-pulling for zizmor and poutine static analysis tools Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com> --- .github/workflows/static-analysis-report.lock.yml | 2 ++ .github/workflows/static-analysis-report.md | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index 7c767e5cb0f..4d8d1d8970a 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -122,6 +122,8 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} name: Start MCP server run: "set -e\n./gh-aw mcp-server --cmd ./gh-aw --port 8765 &\nMCP_PID=$!\n\n# Wait a moment for server to start\nsleep 2\n\n# Check if server is still running\nif ! kill -0 $MCP_PID 2>/dev/null; then\n echo \"MCP server failed to start\"\n exit 1\nfi\n\necho \"MCP server started successfully with PID $MCP_PID\"\n" + - name: Pull static analysis Docker images + run: "set -e\necho \"Pulling Docker images for static analysis tools...\"\n\n# Pull zizmor Docker image\necho \"Pulling zizmor image...\"\ndocker pull ghcr.io/zizmorcore/zizmor:latest\n\n# Pull poutine Docker image\necho \"Pulling poutine image...\"\ndocker pull ghcr.io/boostsecurityio/poutine:latest\n\necho \"All static analysis Docker images pulled successfully\"" # Cache memory file share configuration from frontmatter processed below - name: Create cache-memory directory diff --git a/.github/workflows/static-analysis-report.md b/.github/workflows/static-analysis-report.md index b10af8f50ed..533a526cc09 100644 --- a/.github/workflows/static-analysis-report.md +++ b/.github/workflows/static-analysis-report.md @@ -26,6 +26,21 @@ strict: true imports: - shared/mcp/gh-aw.md - shared/reporting.md +steps: + - name: Pull static analysis Docker images + run: | + set -e + echo "Pulling Docker images for static analysis tools..." + + # Pull zizmor Docker image + echo "Pulling zizmor image..." + docker pull ghcr.io/zizmorcore/zizmor:latest + + # Pull poutine Docker image + echo "Pulling poutine image..." + docker pull ghcr.io/boostsecurityio/poutine:latest + + echo "All static analysis Docker images pulled successfully" --- # Static Analysis Report From 787a2c026247cb189b835963dd2712118e9e245a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 29 Dec 2025 04:30:15 +0000 Subject: [PATCH 3/3] Add Docker image pre-pulling and verification for static analysis tools Co-authored-by: mnkiefer <8320933+mnkiefer@users.noreply.github.com> --- .github/workflows/static-analysis-report.lock.yml | 4 +++- .github/workflows/static-analysis-report.md | 14 ++++++++++++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/static-analysis-report.lock.yml b/.github/workflows/static-analysis-report.lock.yml index 4d8d1d8970a..c7b0add88b6 100644 --- a/.github/workflows/static-analysis-report.lock.yml +++ b/.github/workflows/static-analysis-report.lock.yml @@ -123,7 +123,9 @@ jobs: name: Start MCP server run: "set -e\n./gh-aw mcp-server --cmd ./gh-aw --port 8765 &\nMCP_PID=$!\n\n# Wait a moment for server to start\nsleep 2\n\n# Check if server is still running\nif ! kill -0 $MCP_PID 2>/dev/null; then\n echo \"MCP server failed to start\"\n exit 1\nfi\n\necho \"MCP server started successfully with PID $MCP_PID\"\n" - name: Pull static analysis Docker images - run: "set -e\necho \"Pulling Docker images for static analysis tools...\"\n\n# Pull zizmor Docker image\necho \"Pulling zizmor image...\"\ndocker pull ghcr.io/zizmorcore/zizmor:latest\n\n# Pull poutine Docker image\necho \"Pulling poutine image...\"\ndocker pull ghcr.io/boostsecurityio/poutine:latest\n\necho \"All static analysis Docker images pulled successfully\"" + run: "set -e\necho \"Pulling Docker images for static analysis tools...\"\n\n# Pull zizmor Docker image\necho \"Pulling zizmor image...\"\ndocker pull ghcr.io/zizmorcore/zizmor:latest\n\n# Pull poutine Docker image\necho \"Pulling poutine image...\"\ndocker pull ghcr.io/boostsecurityio/poutine:latest\n\necho \"All static analysis Docker images pulled successfully\"\n" + - name: Verify static analysis tools + run: "set -e\necho \"Verifying static analysis tools are available...\"\n\n# Verify zizmor\necho \"Testing zizmor...\"\ndocker run --rm ghcr.io/zizmorcore/zizmor:latest --version || echo \"Warning: zizmor version check failed\"\n\n# Verify poutine\necho \"Testing poutine...\"\ndocker run --rm ghcr.io/boostsecurityio/poutine:latest --version || echo \"Warning: poutine version check failed\"\n\necho \"Static analysis tools verification complete\"" # Cache memory file share configuration from frontmatter processed below - name: Create cache-memory directory diff --git a/.github/workflows/static-analysis-report.md b/.github/workflows/static-analysis-report.md index 533a526cc09..6de07fc1a1d 100644 --- a/.github/workflows/static-analysis-report.md +++ b/.github/workflows/static-analysis-report.md @@ -41,6 +41,20 @@ steps: docker pull ghcr.io/boostsecurityio/poutine:latest echo "All static analysis Docker images pulled successfully" + - name: Verify static analysis tools + run: | + set -e + echo "Verifying static analysis tools are available..." + + # Verify zizmor + echo "Testing zizmor..." + docker run --rm ghcr.io/zizmorcore/zizmor:latest --version || echo "Warning: zizmor version check failed" + + # Verify poutine + echo "Testing poutine..." + docker run --rm ghcr.io/boostsecurityio/poutine:latest --version || echo "Warning: poutine version check failed" + + echo "Static analysis tools verification complete" --- # Static Analysis Report