BUG Scorecard not running on PR due to error on Uploading to Code Scanning #1027
Comments
|
Thanks for the report. So the issue seems to be that in both runs, the SARIF file is "empty" and only contains: {
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
"version": "2.1.0",
"runs": []
}We need to understand why this is happening. I have not seen this before. Anything special about your repo or token? logs would come in handy, but we don't have support for it yet :/ |
|
Can you confirm the new release fixes the problem? |
|
Sure! I've tested with the new 2.1.0 release and it worked fine the run on PR https://github.com/joycebrum/SQLGame/actions/runs/3713531281. Closing this due to Fix |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
When trying to run Scorecard Action on a PR (not sure if also happens when the Scorecard is already incorporated in the main branch) I've got an error when trying to upload to code scanning in the security dashboard due to an empty sarif (also not sure why it is empty)
Here is an example that happened in systemd https://github.com/systemd/systemd/actions/runs/3276042271/jobs/5391618343, where the error is defined as
1 item required; only 0 were supplied.Another example of the error in this repo of mine, which I've used to test, with the same error https://github.com/joycebrum/SQLGame/actions/runs/3593287859/jobs/6050053152
Reproduction steps
Steps to reproduce the behavior:
Expected behavior
I've expected to the Upload to Code Scanning to be skiped since, in my opinion, it doesn't make sense to update the Security Dashboard with warnings of a code that was not incorporated to the main branch yet (reason why I've suggest the if clause in the yml file"
Additional context
Related to #1019
Discussion started at actions/starter-workflows#1820
The text was updated successfully, but these errors were encountered: