feat: Add ASTRO farmework preset option #110
feat: Add ASTRO farmework preset option #110Reetika-Chavan wants to merge 4 commits intodevelopmentfrom
Conversation
Use main branch for github action instead of prod-qa-pipeline
🔒 Security Scan Results
⏱️ SLA Breach Summary
❌ BUILD FAILED - Security checks failed Please review and fix the security vulnerabilities before merging. |
There was a problem hiding this comment.
Pull request overview
Adds an Astro framework preset to the CLI configuration and adjusts GitHub workflows related to SCA scanning and release automation.
Changes:
- Add
ASTROto framework presets, output directory defaults, and server-command supported frameworks. - Update SCA scan workflow to continue on Snyk failure and add a follow-up
contentstack/sca-policystep. - Change release workflow’s post-publish checkout ref from
prod-qa-pipelinetomain.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
src/config/index.ts |
Adds Astro preset to framework selection and default output directory mapping. |
.github/workflows/sca-scan.yml |
Modifies SCA scan behavior (non-blocking Snyk step) and adds a policy enforcement step. |
.github/workflows/release.yml |
Alters which ref is checked out before committing release metadata. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
You can also share your feedback on Copilot code review. Take the survey.
| if: ${{ steps.release-plugin.conclusion == 'success' }} | ||
| with: | ||
| ref: 'prod-qa-pipeline' | ||
| ref: 'main' |
There was a problem hiding this comment.
Checking out ref: 'main' here makes the later commit step depend on whatever main points to at execution time (it may advance after the workflow was triggered). To keep the release metadata commit consistent with the published version, consider checking out the triggering ref/SHA (e.g., ${{ github.sha }} / ${{ github.ref }}) unless you explicitly want to write to the latest main.
| ref: 'main' | |
| ref: ${{ github.sha }} |
| with: | ||
| args: --all-projects --fail-on=all | ||
| json: true | ||
| continue-on-error: true |
There was a problem hiding this comment.
continue-on-error: true makes the Snyk scan step non-blocking even though --fail-on=all is set. If the intent is to gate PRs via the subsequent contentstack/sca-policy step, ensure that action reliably fails the job on policy violations; otherwise vulnerabilities may slip through without failing the workflow.
| continue-on-error: true | |
| continue-on-error: false |
| args: --all-projects --fail-on=all | ||
| json: true | ||
| continue-on-error: true | ||
| - uses: contentstack/sca-policy@main |
There was a problem hiding this comment.
The workflow uses contentstack/sca-policy@main. For supply-chain security and reproducibility, pin this action to a tagged release or (preferably) a full commit SHA instead of a moving branch ref.
| - uses: contentstack/sca-policy@main | |
| - uses: contentstack/sca-policy@v1 |
feat: Add ASTRO farmework preset option