-
Notifications
You must be signed in to change notification settings - Fork 338
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Minor cleanup #2580
Minor cleanup #2580
Conversation
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
This allows runners that don't have the cache to run these workflows.
permissions: | ||
contents: read | ||
security-events: write |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this necessary? CODEQL_ACTION_TEST_MODE
should prevent the sarif from being uploaded.
Maybe this is all that is necessary (in order to check out the repo):
permissions:
contents: read
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Expected Queries Tests
This run of the CodeQL Action does not have permission to access Code Scanning API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the Action has the 'security-events: write' permission. Details: Resource not accessible by integration
https://github.com/check-spelling-sandbox/github-codeql-action/actions/runs/11648653925
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is probably something about running in a fork. It's not a problem to leave it in.
@@ -16,7 +16,9 @@ steps: | |||
const fs = require('fs'); | |||
const path = require('path'); | |||
const codeqlPath = path.join(process.env['RUNNER_TOOL_CACHE'], 'CodeQL'); | |||
fs.rmdirSync(codeqlPath, { recursive: true }); | |||
if (codeqlPath !== undefined) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you explain why you need this? Is this because you are using a self-hosted runner somewhere?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm using nektos/act which uses a custom image
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've also historically used self-hosted runners.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's fine.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution.
@@ -16,7 +16,9 @@ steps: | |||
const fs = require('fs'); | |||
const path = require('path'); | |||
const codeqlPath = path.join(process.env['RUNNER_TOOL_CACHE'], 'CodeQL'); | |||
fs.rmdirSync(codeqlPath, { recursive: true }); | |||
if (codeqlPath !== undefined) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's fine.
permissions: | ||
contents: read | ||
security-events: write |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is probably something about running in a fork. It's not a problem to leave it in.
Merge / deployment checklist