From 4253b62cdb1076f59cf346b54005855e40b220a9 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Thu, 5 Feb 2026 19:33:51 +0530 Subject: [PATCH 1/7] setting git config to install private gems Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/ci-main-pull-request.yml b/.github/workflows/ci-main-pull-request.yml index 3b99931..41be101 100644 --- a/.github/workflows/ci-main-pull-request.yml +++ b/.github/workflows/ci-main-pull-request.yml @@ -784,6 +784,11 @@ jobs: uses: ruby/setup-ruby@v1 with: ruby-version: '3.4' + + - name: Configure git for private repositories + if: ${{ inputs.language == 'ruby' && inputs.build-profile == 'cli' }} + run: git config --global url."https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/".insteadOf "https://github.com/" + - name: 'Ruby build' if: ${{ inputs.language == 'ruby' && inputs.build-profile == 'cli' }} continue-on-error: true From 18376370fc6db95d10030c7c598f7e9f58b1cc2d Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Thu, 5 Feb 2026 20:27:18 +0530 Subject: [PATCH 2/7] updated with github config in sbom.yml also Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request.yml | 4 ++-- .github/workflows/sbom.yml | 4 ++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-main-pull-request.yml b/.github/workflows/ci-main-pull-request.yml index 41be101..b00a375 100644 --- a/.github/workflows/ci-main-pull-request.yml +++ b/.github/workflows/ci-main-pull-request.yml @@ -787,7 +787,7 @@ jobs: - name: Configure git for private repositories if: ${{ inputs.language == 'ruby' && inputs.build-profile == 'cli' }} - run: git config --global url."https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/".insteadOf "https://github.com/" + run: git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/" - name: 'Ruby build' if: ${{ inputs.language == 'ruby' && inputs.build-profile == 'cli' }} @@ -1321,7 +1321,7 @@ jobs: name: 'Generating SBOM' # Create software bill-of-materials (SBOM) using SPDX format if: ${{ inputs.generate-sbom == true }} - uses: chef/common-github-actions/.github/workflows/sbom.yml@main + uses: chef/common-github-actions/.github/workflows/sbom.yml@nikhil/pull-private-gems-github-branch needs: ci-build secrets: inherit with: diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index c5cab7f..41a6823 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -202,6 +202,10 @@ jobs: - name: Checkout source uses: actions/checkout@v6 + - name: Configure git for private Ruby gems + if: ${{ inputs.run-bundle-install == true }} + run: git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/" + - name: Set up Ruby and run bundle install if: ${{ inputs.language == 'ruby' }} # only run for Ruby projects where we need to generate Gemfile.lock at runtime, inputs.run-bundle-install == true uses: ruby/setup-ruby@v1 From ca7798d1057e45fd96ae1e15bf39536cae3dd441 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Thu, 5 Feb 2026 20:45:49 +0530 Subject: [PATCH 3/7] updated the var name Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request.yml | 4 +++- .github/workflows/sbom.yml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-main-pull-request.yml b/.github/workflows/ci-main-pull-request.yml index b00a375..8940fc4 100644 --- a/.github/workflows/ci-main-pull-request.yml +++ b/.github/workflows/ci-main-pull-request.yml @@ -787,7 +787,9 @@ jobs: - name: Configure git for private repositories if: ${{ inputs.language == 'ruby' && inputs.build-profile == 'cli' }} - run: git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/" + run: | + git config --global url."https://x-access-token:${{ secrets.GH_PRIVATE_REPO_TOKEN }}@github.com/".insteadOf "https://github.com/" + echo "Git configured for private repository access" - name: 'Ruby build' if: ${{ inputs.language == 'ruby' && inputs.build-profile == 'cli' }} diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 41a6823..3ce8a88 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -204,7 +204,7 @@ jobs: - name: Configure git for private Ruby gems if: ${{ inputs.run-bundle-install == true }} - run: git config --global url."https://${{ secrets.GH_TOKEN }}@github.com/".insteadOf "https://github.com/" + run: git config --global url."https://x-access-token:${{ secrets.GH_PRIVATE_REPO_TOKEN }}@github.com/".insteadOf "https://github.com/" - name: Set up Ruby and run bundle install if: ${{ inputs.language == 'ruby' }} # only run for Ruby projects where we need to generate Gemfile.lock at runtime, inputs.run-bundle-install == true From 402cba2e72626ae74c729d9a8cbf57b8f3c87896 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Mon, 9 Feb 2026 22:42:38 +0530 Subject: [PATCH 4/7] updated branch to main Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-main-pull-request.yml b/.github/workflows/ci-main-pull-request.yml index 8940fc4..27aeab5 100644 --- a/.github/workflows/ci-main-pull-request.yml +++ b/.github/workflows/ci-main-pull-request.yml @@ -1323,7 +1323,7 @@ jobs: name: 'Generating SBOM' # Create software bill-of-materials (SBOM) using SPDX format if: ${{ inputs.generate-sbom == true }} - uses: chef/common-github-actions/.github/workflows/sbom.yml@nikhil/pull-private-gems-github-branch + uses: chef/common-github-actions/.github/workflows/sbom.yml@main needs: ci-build secrets: inherit with: From 755776480e96fa669484e4346ebe5cbbfaaab23c Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Mon, 16 Feb 2026 15:45:43 +0530 Subject: [PATCH 5/7] Security: Replace git config with bundler config for gem credentials Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request.yml | 6 +++--- .github/workflows/sbom.yml | 15 ++++++++------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci-main-pull-request.yml b/.github/workflows/ci-main-pull-request.yml index 27aeab5..38cd0af 100644 --- a/.github/workflows/ci-main-pull-request.yml +++ b/.github/workflows/ci-main-pull-request.yml @@ -784,12 +784,12 @@ jobs: uses: ruby/setup-ruby@v1 with: ruby-version: '3.4' + bundler-cache: false - - name: Configure git for private repositories + - name: Configure Bundler for private Ruby gems if: ${{ inputs.language == 'ruby' && inputs.build-profile == 'cli' }} run: | - git config --global url."https://x-access-token:${{ secrets.GH_PRIVATE_REPO_TOKEN }}@github.com/".insteadOf "https://github.com/" - echo "Git configured for private repository access" + bundle config set --local github.com "x-access-token:${{ secrets.GH_PRIVATE_REPO_TOKEN }}" - name: 'Ruby build' if: ${{ inputs.language == 'ruby' && inputs.build-profile == 'cli' }} diff --git a/.github/workflows/sbom.yml b/.github/workflows/sbom.yml index 3ce8a88..1b50694 100644 --- a/.github/workflows/sbom.yml +++ b/.github/workflows/sbom.yml @@ -202,16 +202,17 @@ jobs: - name: Checkout source uses: actions/checkout@v6 - - name: Configure git for private Ruby gems - if: ${{ inputs.run-bundle-install == true }} - run: git config --global url."https://x-access-token:${{ secrets.GH_PRIVATE_REPO_TOKEN }}@github.com/".insteadOf "https://github.com/" - - - name: Set up Ruby and run bundle install - if: ${{ inputs.language == 'ruby' }} # only run for Ruby projects where we need to generate Gemfile.lock at runtime, inputs.run-bundle-install == true + - name: Set up Ruby + if: ${{ inputs.language == 'ruby' }} uses: ruby/setup-ruby@v1 with: ruby-version: '3.4' - bundler-cache: true + bundler-cache: false + + - name: Configure Bundler for private Ruby gems + if: ${{ inputs.run-bundle-install == true && inputs.language == 'ruby' }} + run: | + bundle config set --local github.com "x-access-token:${{ secrets.GH_PRIVATE_REPO_TOKEN }}" - name: Configure git for private Go modules if : ${{ inputs.go-private-modules != '' }} From 5dc9717f3fc94c61824738d5b1b334d167ff5088 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Mon, 16 Feb 2026 15:49:54 +0530 Subject: [PATCH 6/7] updated to point to feature branch for testing Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-main-pull-request.yml b/.github/workflows/ci-main-pull-request.yml index 38cd0af..de6aac8 100644 --- a/.github/workflows/ci-main-pull-request.yml +++ b/.github/workflows/ci-main-pull-request.yml @@ -1323,7 +1323,7 @@ jobs: name: 'Generating SBOM' # Create software bill-of-materials (SBOM) using SPDX format if: ${{ inputs.generate-sbom == true }} - uses: chef/common-github-actions/.github/workflows/sbom.yml@main + uses: chef/common-github-actions/.github/workflows/sbom.yml@nikhil/pull-private-gems-github-branch needs: ci-build secrets: inherit with: From 1a9bd357c8423a51c83affe1df8cf48cbb6bce99 Mon Sep 17 00:00:00 2001 From: nikhil2611 Date: Mon, 16 Feb 2026 18:40:15 +0530 Subject: [PATCH 7/7] reverted back to main Signed-off-by: nikhil2611 --- .github/workflows/ci-main-pull-request.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-main-pull-request.yml b/.github/workflows/ci-main-pull-request.yml index de6aac8..38cd0af 100644 --- a/.github/workflows/ci-main-pull-request.yml +++ b/.github/workflows/ci-main-pull-request.yml @@ -1323,7 +1323,7 @@ jobs: name: 'Generating SBOM' # Create software bill-of-materials (SBOM) using SPDX format if: ${{ inputs.generate-sbom == true }} - uses: chef/common-github-actions/.github/workflows/sbom.yml@nikhil/pull-private-gems-github-branch + uses: chef/common-github-actions/.github/workflows/sbom.yml@main needs: ci-build secrets: inherit with: