-
Notifications
You must be signed in to change notification settings - Fork 70
-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BUG Scorecard not running on PR due to error on Uploading to Code Scanning #1027
Comments
Thanks for the report. So the issue seems to be that in both runs, the SARIF file is "empty" and only contains: {
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
"version": "2.1.0",
"runs": []
} We need to understand why this is happening. I have not seen this before. Anything special about your repo or token? logs would come in handy, but we don't have support for it yet :/ |
Can you confirm the new release fixes the problem? |
Sure! I've tested with the new 2.1.0 release and it worked fine the run on PR https://github.com/joycebrum/SQLGame/actions/runs/3713531281. Closing this due to Fix |
Describe the bug
When trying to run Scorecard Action on a PR (not sure if also happens when the Scorecard is already incorporated in the main branch) I've got an error when trying to upload to code scanning in the security dashboard due to an empty sarif (also not sure why it is empty)
Here is an example that happened in systemd https://github.com/systemd/systemd/actions/runs/3276042271/jobs/5391618343, where the error is defined as
1 item required; only 0 were supplied.
Another example of the error in this repo of mine, which I've used to test, with the same error https://github.com/joycebrum/SQLGame/actions/runs/3593287859/jobs/6050053152
Reproduction steps
Steps to reproduce the behavior:
Expected behavior
I've expected to the Upload to Code Scanning to be skiped since, in my opinion, it doesn't make sense to update the Security Dashboard with warnings of a code that was not incorporated to the main branch yet (reason why I've suggest the if clause in the yml file"
Additional context
Related to #1019
Discussion started at actions/starter-workflows#1820
The text was updated successfully, but these errors were encountered: