Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
46 commits
Select commit Hold shift + click to select a range
7795f40
feat(action): Create PR for SAST AVIATOR changed files
SangameshV Jun 9, 2026
e416e09
fix: Updating schema version to v2.9.0
SangameshV Jun 9, 2026
2b2f9ef
Updated the create-pr fcli action for both SSC and FoD modules, delet…
SangameshV Jun 10, 2026
c1381ce
Enhanced logging to better catch the failures in logs
SangameshV Jun 12, 2026
8b2b22e
Fix build failures
SangameshV Jun 12, 2026
2f677b1
Added additional loggings and baseBranch creation logic
SangameshV Jun 12, 2026
c2c5b6a
fixing the base branch detection logic
SangameshV Jun 12, 2026
13186fa
more logs
SangameshV Jun 12, 2026
0a28951
fixing head branch with owner
SangameshV Jun 12, 2026
d0a5737
fixing PR head for GitHub
SangameshV Jun 13, 2026
920b474
Extracting the repo owner from git
SangameshV Jun 13, 2026
71f3d50
Added new SpEL Function to get the owner for all supported CI systems
SangameshV Jun 15, 2026
7a2038a
fix broken flow for the code push
SangameshV Jun 15, 2026
0f9a4f4
Improv Git SpEL Functions
SangameshV Jun 15, 2026
b6fc805
set upstream tracking
SangameshV Jun 15, 2026
911b8d0
fix java package import
SangameshV Jun 15, 2026
f57f264
Add more logs to the push SpEL Function
SangameshV Jun 15, 2026
37929da
fix(git): resolve JGit runtime issue by excluding from shadowJar and …
SangameshV Jun 15, 2026
1c41730
Remove including specific version of jgit
SangameshV Jun 15, 2026
99221f8
Added GcConfig enum entries
SangameshV Jun 16, 2026
9c7a5bc
Commit only modified files, no new files should be staged
SangameshV Jun 16, 2026
ba7beb0
Code clean up
SangameshV Jun 17, 2026
ee50a4e
Revamped the PR creation logic
SangameshV Jun 19, 2026
d4dc059
fixed compilation issue due to UTF-8 BOM
SangameshV Jun 19, 2026
27c7ad8
fix compilation issue
SangameshV Jun 19, 2026
5829607
fixed the action as per the schema
SangameshV Jun 19, 2026
cb7ef61
fixed compilation issue
SangameshV Jun 19, 2026
402dd12
fix spaces for action instructions
SangameshV Jun 19, 2026
0556a77
fixed action loading issues
SangameshV Jun 19, 2026
714d80e
apply-remediations command requires either --av or --artifact-id
SangameshV Jun 19, 2026
d5cf7f1
passing --artifact-id option for apply-remediations command
SangameshV Jun 19, 2026
e0752e5
fixed the action command format
SangameshV Jun 20, 2026
3e72312
Fixed generic action run command
SangameshV Jun 20, 2026
e9e059c
Improved the Git SpEL function commit to accept the author name and e…
SangameshV Jun 20, 2026
754d045
Fixed push related issues, added more logs to understand it better
SangameshV Jun 20, 2026
fef4ff8
Improved the PR creation steps in fcli actions
SangameshV Jun 22, 2026
e57f69c
Indentation fix and results status update for both git activities and…
SangameshV Jun 23, 2026
9184e81
Fixing indentation and build issues
SangameshV Jun 23, 2026
8ead46d
Acceessing the result of one fcli action in another and improved logg…
SangameshV Jun 24, 2026
25d8e36
Storing the results in a variable and then accessing it using SpEL fu…
SangameshV Jun 24, 2026
abc23d6
Removed the wrapper actions, CI now directly references the git-push-…
SangameshV Jun 24, 2026
381ecc6
Handling negative scenarios for CREATE_PR step
SangameshV Jun 25, 2026
9e7e907
Branch name creation logic moved to ci.yaml to avoid redundant ineffe…
SangameshV Jun 25, 2026
69c460f
Logging the error scenario, removed success logs
SangameshV Jun 25, 2026
1dc1e3a
Code cleanup
SangameshV Jun 25, 2026
455537f
Code cleanup
SangameshV Jun 25, 2026
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Original file line number Diff line number Diff line change
@@ -0,0 +1,127 @@
# yaml-language-server: $schema=https://fortify.github.io/fcli/schemas/action/fcli-action-schema-dev-2.x.json
author: Fortify
usage:
header: Create a pull request or merge request on GitHub or GitLab
description: |
This action creates a pull request (GitHub) or merge request (GitLab) for an
existing branch. The repository platform is auto-detected from the git remote URL.
Only GitHub and GitLab are supported; for other platforms the branch must be
promoted to a PR/MR manually.

Typically used after `git-stage-commit-push` to raise a PR/MR for the pushed branch.

This action requires:
- Git repository with a remote pointing to GitHub or GitLab
- A CI token with PR/MR creation permissions (GITHUB_TOKEN/GH_TOKEN or CI_JOB_TOKEN)

Configuration via CLI options or environment variables:
- `--source-dir` / `SOURCE_DIR` -- Local repo directory used to detect the platform (default: '.')
- `--source-branch` / `SOURCE_BRANCH` -- Branch to raise the PR/MR from (required)
- `--base-branch` / `BASE_BRANCH` -- Target branch for the PR/MR (default: auto-detected from remote, fallback "main")
- `--title` / `PR_TITLE` -- PR/MR title
- `--body` / `PR_BODY` -- PR/MR description

config:
output: immediate

cli.options:
sourceDir:
names: --source-dir, -s
description: >-
Local repo directory used to detect the repository platform.
Defaults to current working directory if not specified.
required: false
default: "${#env('SOURCE_DIR')?:'.'}"
sourceBranch:
names: --source-branch
description: >-
Source branch to raise the PR/MR from.
required: true
default: "${#env('SOURCE_BRANCH')?:''}"
baseBranch:
names: --base-branch
description: >-
Target branch for the PR/MR. Auto-detected from the remote HEAD if not specified,
falling back to "main".
required: false
default: "${#env('BASE_BRANCH')?:''}"
title:
names: --title, -t
description: >-
PR/MR title.
required: false
default: "${#env('PR_TITLE')?:'fix: Fortify auto-remediation fixes [Generated by fcli aviator]'}"
body:
names: --body
description: >-
PR/MR description.
required: false
default: "${#env('PR_BODY')?:'This pull request contains changes applied by fcli aviator.'}"

steps:
- if: "${#isBlank(cli.sourceBranch)}"
throw: "Option '--source-branch' is required. Pass the source branch from which the PR/MR is to be created."

# Compute base branch: CLI option/env var -> git remote HEAD -> "main"
- var.set:
baseBranch: "${#ifBlank(cli.baseBranch, #ifBlank(#git.defaultBranch(cli.sourceDir), 'main'))}"

# Detect repository platform from git remote URL
- var.set:
repoPlatform: ${#git.repositoryPlatform(cli.sourceDir)}

# GitHub PR creation
- if: "${repoPlatform=='github'}"
do:
- var.set:
repoOwner: "${#git.ciRepositoryOwner()}"
prHead: "${repoOwner}:${cli.sourceBranch}"
- log.debug: "Creating GitHub PR: head=${prHead}, base=${baseBranch}, title=${cli.title}"
- var.set:
pr: ${#_ci.detect().repo().createPullRequest(cli.title, prHead, baseBranch, cli.body)}
on.fail:
- log.warn:
msg: "Failed to create GitHub Pull Request from '${cli.sourceBranch}' to '${baseBranch}'"
cause: ${lastException}
- log.warn: "Troubleshooting: Verify branch '${cli.sourceBranch}' exists on remote and base branch '${baseBranch}' is valid"
- log.debug: "Failed to create GitHub PR: ${lastException.message}"
- throw:
msg: "Failed to create GitHub Pull Request from '${cli.sourceBranch}' to '${baseBranch}'"
cause: ${lastException}
- if: ${#isNotBlank(pr)} && ${#isNotBlank(pr.html_url)} && ${#isNotBlank(pr.number)}
do:
- log.info: "Created GitHub Pull Request #${pr.number}: ${pr.html_url}"

- if: ${#isBlank(pr)} || ${#isBlank(pr.html_url)}
do:
- log.warn: "PR creation returned empty or invalid response: ${pr}"
- throw: "GitHub PR creation did not return expected response. Check logs for details."
# GitLab MR creation
- if: "${repoPlatform=='gitlab'}"
do:
- log.debug: "Creating GitLab Merge Request: source=${cli.sourceBranch}, target=${baseBranch}, title=${cli.title}"
- var.set:
mr: ${#_ci.detect().project().createMergeRequest(cli.title, cli.sourceBranch, baseBranch, cli.body)}
on.fail:
- log.warn:
msg: "Failed to create GitLab Merge Request from '${cli.sourceBranch}' to '${baseBranch}'"
cause: ${lastException}
- log.warn: "Troubleshooting: Verify branch '${cli.sourceBranch}' exists on remote and base branch '${baseBranch}' is valid"
- throw:
msg: "Failed to create GitLab Merge Request from '${cli.sourceBranch}' to '${baseBranch}'"
cause: ${lastException}
- if: ${#isNotBlank(mr)} && ${#isNotBlank(mr.web_url)} && ${#isNotBlank(mr.iid)}
do:
- log.info: "Created GitLab Merge Request !${mr.iid}: ${mr.web_url}"

- if: ${#isBlank(mr)} || ${#isBlank(mr.web_url)}
do:
- log.warn: "Merge Request creation returned empty or invalid response: ${mr}"
- throw: "GitLab MR creation did not return expected response. Check logs for details."

# Unsupported repository platform
- if: "${repoPlatform!='github' && repoPlatform!='gitlab'}"
do:
- log.warn: "PR/MR creation is not supported for repository platform '${repoPlatform}'. Branch '${cli.sourceBranch}' has been pushed; please create a PR/MR manually."
- throw: "PR/MR creation is not supported for repository platform '${repoPlatform}'"
- log.info: "create-pr completed: PR/MR created for branch '${cli.sourceBranch}' targeting '${baseBranch}'"
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
# yaml-language-server: $schema=https://fortify.github.io/fcli/schemas/action/fcli-action-schema-dev-2.x.json
author: Fortify
usage:
header: Stage, commit and push local changes to a new branch
description: |
This action detects local file changes, creates a new branch, stages and commits
the changes, then pushes the branch to the remote repository. Credentials are
auto-detected from the CI environment (GitHub Actions, GitLab CI, Azure DevOps,
Bitbucket Pipelines).

This action requires:
- Git repository access (local clone with a configured remote)
- A CI token with push permissions (GITHUB_TOKEN, GH_TOKEN, CI_JOB_TOKEN,
SYSTEM_ACCESSTOKEN, or BITBUCKET_TOKEN)

Configuration via CLI options or environment variables:
- `--source-dir` / `SOURCE_DIR` -- Directory where changes are detected (default: '.')
- `--branch-name` / `BRANCH_NAME` -- Full branch name to use.
- `--commit-message` / `COMMIT_MESSAGE` -- Commit message
- `--author-name` / `GIT_AUTHOR_NAME` -- Commit author name (default: "fcli-aviator[bot]")
- `--author-email` / `GIT_AUTHOR_EMAIL` -- Commit author email

config:
output: immediate

# NOTE: When updating any options, commit-and-create-pr action may also need to be updated
cli.options:
sourceDir:
names: --source-dir, -s
description: >-
Directory where changes are detected.
Defaults to current working directory if not specified.
required: false
default: "${#env('SOURCE_DIR')?:'.'}"
branchName:
names: --branch-name
description: >-
Full branch name to use.
required: true
default: "${#env('BRANCH_NAME')?:''}"
commitMessage:
names: --commit-message, -m
description: >-
Git commit message.
required: false
default: "${#env('COMMIT_MESSAGE')?:'fix: apply automated fixes [generated by fcli aviator]'}"
authorName:
names: --author-name
description: >-
Git author name for the commit.
required: false
default: "${#env('GIT_AUTHOR_NAME')?:'fcli-aviator[bot]'}"
authorEmail:
names: --author-email
description: >-
Git author email for the commit.
required: false
default: "${#env('GIT_AUTHOR_EMAIL')?:'fcli-aviator@opentext.com'}"

steps:
- log.debug: "Action configuration: sourceDir=${cli.sourceDir}, branchName=${cli.branchName}, author=${cli.authorName} <${cli.authorEmail}>"

# Validate git repository
- var.set:
gitRepoInfo: ${#git.localRepo(cli.sourceDir)}
- if: ${#isBlank(gitRepoInfo)}
throw: "Source directory '${cli.sourceDir}' is not a git repository."
- if: "${#isBlank(gitRepoInfo.repository.remoteUrl)}"
throw: "Git repository has no remote URL configured. A remote is required for push."
- log.info: "Git repository: remote=${gitRepoInfo.repository.remoteUrl}, branch=${gitRepoInfo.branch.short?:'detached HEAD'}"

# Check for changes
- var.set:
hasChanges: ${#git.hasChanges(cli.sourceDir)}
- if: ${!hasChanges}
do:
- log.info: "No changes detected in ${cli.sourceDir}, skipping commit and push."
- exit: 0
- log.info: "Changes detected in ${cli.sourceDir}, proceeding."

# Create and checkout branch
- var.set:
branchName: "${#git.checkoutNewBranch(cli.sourceDir, cli.branchName)}"
on.fail:
- log.warn:
msg: "Failed to create/checkout branch"
cause: ${lastException}
- throw: ${lastException}
- log.info: "Created branch: ${branchName}"

# Stage all changes
- var.set:
staged: ${#git.addAll(cli.sourceDir)}
on.fail:
- log.warn:
msg: "Failed to stage changes in ${cli.sourceDir}"
cause: ${lastException}
- throw: ${lastException}
- log.debug: "All changes staged successfully"

# Commit
- var.set:
commitSha: "${#git.commit(cli.sourceDir, cli.commitMessage, cli.authorName, cli.authorEmail)}"
on.fail:
- log.warn:
msg: "Failed to commit staged changes"
cause: ${lastException}
- throw: ${lastException}
- log.info: "Committed changes: ${commitSha}"
- log.debug: "Remote URL: ${gitRepoInfo.repository.remoteUrl}"

# Push
- var.set:
pushedRef: ${#git.push(cli.sourceDir, branchName)}
on.fail:
- var.set:
remoteUrl: "${gitRepoInfo.repository.remoteUrl?:'unknown'}"
exceptionMsg: "${lastException.message}"
- log.warn:
msg: "Failed to push branch '${branchName}' to remote '${remoteUrl}': ${exceptionMsg}"
cause: ${lastException}
- if: "${exceptionMsg.contains('No credentials available')}"
log.warn: "DIAGNOSIS: Push failed due to missing credentials. Set one of: GITHUB_TOKEN/GH_TOKEN, CI_JOB_TOKEN, SYSTEM_ACCESSTOKEN, or BITBUCKET_TOKEN"
- throw:
msg: "Failed to push branch '${branchName}' to remote"
cause: ${lastException}
- log.info: "Pushed branch to remote: ${pushedRef}"
- log.info: "git-push-changes completed: branch=${branchName}, commit=${commitSha}"
Loading
Loading