ci: Fix FOSSA scans by generating Gemfile.lock files before scanning (#1640)

Shell script will loop through all the available Gemfiles in this repository and create Gemfile.lock files without actually installing these gems.
Some folders like */examples/* and release/ have been vomited.
FOSSA is intelligent enough to read nested directories and generate the report based on lock files.

Signed-off-by: Arjun Rajappa <[email protected]>
Co-authored-by: Kayla Reopelle <[email protected]>

Author: arjun-rajappa

.github/workflows/fossa.yml

@@ -15,6 +15,33 @@ jobs:
     steps:
       - uses: actions/checkout@ff7abcd0c3c05ccf6adc123a8cd1fd4fb30fb493 # v4.2.2
 
+      - name: Install Ruby 3.4
+        uses: ruby/[email protected]
+        with:
+          ruby-version: 3.4
+      - name: Generate Gemfile.lock
+        run: |
+          echo "Finding all Gemfiles in the project..."
+          echo "======================================="
+          ORIGINAL_DIR=$(pwd)
+
+          find . -type f -name "Gemfile" -not -path "*/example/*" -not -path "*/releases/*" | sort | while read gemfile; do
+              gemfile_dir=$(dirname "$gemfile")
+              
+              # Change to the Gemfile's directory
+              echo "Changing to directory: $gemfile_dir"
+              
+              cd "$gemfile_dir" || continue
+
+              echo "Current directory: $(pwd)"
+              echo "Creating lock file for: $gemfile"
+              
+              # Generate the gemlock files
+              bundle lock || echo "Warning: Failed to generate lock file for $gemfile, continuing..."
+
+              cd "$ORIGINAL_DIR" || exit 1
+          done
+
       - uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0
         with:
           api-key: ${{secrets.FOSSA_API_KEY}}