github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-05-11 16:20:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Only delete SARIF in PR check if not running on a fork

Browse Source 
The `Submit SARIF after failure` PR Check was failing when opened on a fork because of a permissions problem when deleting the uploaded SARIF. This change should fix this by only deleting the SARIF when the owner of the current repository is `github`.
This commit is contained in:
Angela P Wen
2024-01-12 15:02:11 -08:00
parent 96531062ba
commit 7a76543b0d
3 changed files with 16 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/init-action-post-helper.js
Generated
+6 -1
View File
@@ -24,6 +24,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.run = exports.tryUploadSarifIfRunFailed = void 0;
const core = __importStar(require("@actions/core"));
const actionsUtil = __importStar(require("./actions-util"));
const api_client_1 = require("./api-client");
const codeql_1 = require("./codeql");
@@ -114,7 +115,11 @@ async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, p
throw new Error("Expected to upload a failed SARIF file for this CodeQL code scanning run, " +
`but the result was instead ${error}.`);
}
if (process.env["CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF"] === "true") {
core.info(`GITHUB_ACTOR is ${process.env["GITHUB_ACTOR"]}`);
// We do not delete uploaded SARIFs if we're on a fork, as we're missing the
// appropriate permissions.
if (process.env["CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF"] === "true" &&
repositoryNwo.owner !== "github") {
await removeUploadedSarif(uploadFailedSarifResult, logger);
}
// Upload appropriate Actions artifacts for debugging
lib/init-action-post-helper.js.map
+1 -1
View File
File diff suppressed because one or more lines are too long
src/init-action-post-helper.ts
+9 -1
View File
@@ -1,3 +1,5 @@
import * as core from "@actions/core";
import * as actionsUtil from "./actions-util";
import { getApiClient } from "./api-client";
import { getCodeQL } from "./codeql";
@@ -182,7 +184,13 @@ export async function run(
);
}
if (process.env["CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF"] === "true") {
core.info(`GITHUB_ACTOR is ${process.env["GITHUB_ACTOR"]}`);
// We do not delete uploaded SARIFs if we're on a fork, as we're missing the
// appropriate permissions.
if (
process.env["CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF"] === "true" &&
repositoryNwo.owner !== "github"
) {
await removeUploadedSarif(uploadFailedSarifResult, logger);
}