From 613958c0b3054adc3da0d1de66bd0535545c4a8d Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Fri, 10 Apr 2026 14:48:25 +0530 Subject: [PATCH 1/7] chore: add push trigger to debug RL scanner secrets --- .github/workflows/publish.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 5b0fbe2..ce03008 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,6 +1,9 @@ name: Publish Release on: + push: + branches: + - debug-rl-scanner # TEMPORARY: remove after RL scanner debugging workflow_dispatch: ### TODO: Replace instances of './.github/actions/' with reference to the `dx-sdk-actions` repo is made public and this file is transferred over @@ -12,7 +15,7 @@ permissions: jobs: rl-scanner: - if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/')) + if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/')) runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 @@ -56,7 +59,8 @@ jobs: PRODSEC_PYTHON_TOOLS_REPO: ${{ secrets.PRODSEC_PYTHON_TOOLS_REPO }} publish-pypi: - if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/')) + if: false # TEMPORARY: disabled during RL scanner debugging — original condition below + # if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/')) name: "PyPI" runs-on: ubuntu-latest # needs: rl-scanner From 8296c2ba8b5aeb5836e50759047675c2d2ad6be5 Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Fri, 10 Apr 2026 14:57:20 +0530 Subject: [PATCH 2/7] chore: trigger RL scanner debug run-1 From 5fd65c9ac13e949f6b2c4802bff87de7d2c91a2e Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Fri, 10 Apr 2026 15:07:47 +0530 Subject: [PATCH 3/7] chore: trigger RL scanner debug run-2 From 999d29fcef05d0d636602844a4415e94bfd36532 Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Fri, 10 Apr 2026 15:13:49 +0530 Subject: [PATCH 4/7] fix: use absolute artifact path for RL scanner --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index ce03008..1cd1d45 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -47,7 +47,7 @@ jobs: uses: auth0/devsecops-tooling/.github/actions/rl-scan@main with: artifact-name: "auth0-fastapi-api" - artifact-path: "auth0-fastapi-api.tgz" + artifact-path: "${{ github.workspace }}/auth0-fastapi-api.tgz" version: ${{ steps.get_version.outputs.version }} RLSECURE_LICENSE: ${{ secrets.RLSECURE_LICENSE }} RLSECURE_SITE_KEY: ${{ secrets.RLSECURE_SITE_KEY }} From 2ba6e6bcd1e593a359f7e609bc53fd036e01ff8d Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Fri, 10 Apr 2026 15:21:37 +0530 Subject: [PATCH 5/7] chore: trigger RL scanner debug run-3 From 936b7f5895d7658d014c1586cf07449a03630ff6 Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Fri, 10 Apr 2026 15:28:45 +0530 Subject: [PATCH 6/7] chore: revert debug changes, keep artifact-path fix --- .github/workflows/publish.yml | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 1cd1d45..10d488c 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -1,9 +1,6 @@ name: Publish Release on: - push: - branches: - - debug-rl-scanner # TEMPORARY: remove after RL scanner debugging workflow_dispatch: ### TODO: Replace instances of './.github/actions/' with reference to the `dx-sdk-actions` repo is made public and this file is transferred over @@ -15,7 +12,7 @@ permissions: jobs: rl-scanner: - if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/')) + if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/')) runs-on: ubuntu-latest steps: - uses: actions/checkout@v6 @@ -59,8 +56,7 @@ jobs: PRODSEC_PYTHON_TOOLS_REPO: ${{ secrets.PRODSEC_PYTHON_TOOLS_REPO }} publish-pypi: - if: false # TEMPORARY: disabled during RL scanner debugging — original condition below - # if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/')) + if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/')) name: "PyPI" runs-on: ubuntu-latest # needs: rl-scanner From 5356aaf68b1941a7750036fc3363befd0cb03eed Mon Sep 17 00:00:00 2001 From: Snehil Kishore Date: Fri, 10 Apr 2026 15:41:07 +0530 Subject: [PATCH 7/7] fix: add dependency on rl-scanner for PyPI job --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 10d488c..4aba756 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -59,7 +59,7 @@ jobs: if: github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged && startsWith(github.event.pull_request.head.ref, 'release/')) name: "PyPI" runs-on: ubuntu-latest - # needs: rl-scanner + needs: rl-scanner environment: release steps: