add socket tier 1 reachability analysis#53
Conversation
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 4b57a67b22
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| # annotation that GitHub Actions renders as a yellow run-level | ||
| # warning without failing the job. | ||
| set +e | ||
| socket scan create --reach \ |
There was a problem hiding this comment.
Associate scans with the real repo and branch
When this scheduled workflow runs without an existing socket.json/socket.yml (checked the repo and none is present), this command does not pass --repo, --branch, or --default-branch, so Socket records the scan under its documented defaults (socket-default-repository / socket-default-branch) instead of js-stellar-xdr-json on the real default branch. In that configuration the run will not update the intended repository/default-branch alerts page and can be mixed with other repos using the same defaults; pass explicit repo/branch metadata for the GitHub run.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Pull request overview
Adds a scheduled GitHub Actions workflow to run Socket’s reachability scan for this repository, aiming to surface Tier 1 reachability results (and emit a warning when the scan falls back to Tier 2 reachability).
Changes:
- Introduces a new weekly + manual (
workflow_dispatch) “Socket reachability scan” workflow. - Installs Rust toolchain + Node, installs the Socket CLI, runs
socket scan create --reach, and emits a GitHub Actions::warning::if Tier 2 fallback is detected in logs.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -0,0 +1,82 @@ | |||
| # Socket reachability scan for js-stellar-xdr-json. | |||
| # For general Socket reachability documentation, see https://docs.socket.dev/docs/full-application-reachability | |||
| # Rust-only project. | |||
| env: | ||
| # Force JS-based GitHub actions (actions/checkout, actions/setup-*, etc.) to | ||
| # use Node 24 instead of the soon-to-be-deprecated Node 20. Safe to remove | ||
| # after 2026-06-16 (when Node 24 becomes the default and this becomes a no-op). | ||
| FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true |
| - name: Install Socket CLI | ||
| run: npm install -g socket |
More info: https://stellarorg.atlassian.net/wiki/spaces/SCRT/pages/5689311233/Socket+Tier+1+Reachability+Analysis