Skip to content

add socket tier 1 reachability analysis#5950

Open
kanwalpreetd wants to merge 2 commits into
stellar:mainfrom
kanwalpreetd:main
Open

add socket tier 1 reachability analysis#5950
kanwalpreetd wants to merge 2 commits into
stellar:mainfrom
kanwalpreetd:main

Conversation

@kanwalpreetd

Copy link
Copy Markdown
Contributor

Copilot AI review requested due to automatic review settings June 12, 2026 14:30

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 6fdfef5a71

ℹ️ About Codex in GitHub

Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".

Comment on lines +70 to +71
socket scan create --reach \
--org=stellar \

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Add repo and branch metadata to Socket scans

When this scheduled/manual workflow runs, the scan is created with only --org, so Socket will fall back to its defaults (socket-default-repository / socket-default-branch) unless a socket.json provides values; I searched the repo for socket.json/Socket defaults and found none. Socket's CLI docs state that --repo and --branch are what associate a scan with the repository/branch (https://docs.socket.dev/docs/socket-scan#repo--branch-names), so these runs won't update or be discoverable under go-stellar-sdk/master in the dashboard. Pass explicit values such as --repo=go-stellar-sdk --branch="${GITHUB_REF_NAME}" (and initialize the default branch if needed).

Useful? React with 👍 / 👎.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a scheduled GitHub Actions workflow to run Socket’s Tier 1 reachability analysis against this Go module, surfacing Tier 2 fallback cases as a non-failing GitHub Actions warning.

Changes:

  • Introduces a new scheduled + manual (“workflow_dispatch”) workflow to run socket scan create --reach.
  • Installs Go + Node toolchains in CI and runs the Socket CLI with “continue-on-*” reachability flags.
  • Adds log post-processing to emit a ::warning:: annotation when reachability falls back to Tier 2.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/socket-scan.yml Outdated
Comment on lines +50 to +52
- uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
with:
node-version: "20.20.2"
Comment on lines +53 to +54
- name: Enable Corepack (yarn/pnpm per repo packageManager)
run: corepack enable
Comment on lines +56 to +57
- name: Install Socket CLI
run: npm install -g socket
Comment on lines +59 to +62
- name: Run Socket reachability scan
env:
SOCKET_SECURITY_API_TOKEN: ${{ secrets.SOCKET_SECURITY_API_TOKEN }}
run: |
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants