-
-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
PRs from forks cannot upload reports #3
Comments
Documentation seems to be https://docs.github.com/en/code-security/code-scanning/integrating-with-code-scanning/uploading-a-sarif-file-to-github#uploading-a-code-scanning-analysis-with-github-actions And the possible answer why they can do what I can't is because they seem to use an undocumented API: https://github.com/github/codeql-action/blob/d7ad71d8034d228d5c8076dc7f058905e272a3fd/lib/upload-lib.js#L102-L104 They payload being uploaded is also slightly different: https://github.com/github/codeql-action/blob/75f07e7ab2ee63cba88752d8c696324e4df67466/lib/upload-lib.js#L207-L256 |
Tried it with the GitHub-provided action but it does not compute the Submitted https://support.github.com/ticket/personal/0/1517478 |
It looks like github/codeql-action#944 is basically the same issue, except the |
Filed github/codeql-action#952 |
I get the error too, re-running usually works though.
|
Do repositories already using the workflow from template need to make any changes other than perhaps accepting Dependabot action updates? |
jenkinsci/mercurial-plugin#200 I guess? |
Originally reported in https://groups.google.com/g/jenkinsci-dev/c/OMe_zN8-Tkc/m/xuzonAElAgAJ
It probably happens because it's a PR from a fork and the GITHUB_TOKEN used only has read permission for SecurityEvents.
The text was updated successfully, but these errors were encountered: