While setting up a new project I noticed that the CodeQL workflow imported via .github/workflows/project-analysis.yml failed. It failed hard enough that the entire importing workflow (and all imported flows) failed.
Error:
The workflow is not valid. .github/workflows/project-analysis.yml (Line: 29, Col: 3): Error calling workflow 'atc0005/shared-project-resources/.github/workflows/vulnerability-analysis.yml@master'. The nested job 'CodeQL' is requesting 'actions: read, security-events: write', but is only allowed 'actions: none, security-events: none'.
CodeQL wasn't setup for the repo, but when I tried to enable it the UI refused to allow me to use the Advanced configuration (based on YAML workflow file) without configuring a new one; the imported workflow was not recognized.
I could choose the Default configuration, but this ignored the imported workflow (error above).
I will need to remove the shared CodeQL job entry and add project-specific copies of the workflow to work around the idiosyncrasies of this tool.
Overview
While setting up a new project I noticed that the CodeQL workflow imported via
.github/workflows/project-analysis.yml
failed. It failed hard enough that the entire importing workflow (and all imported flows) failed.Error:
CodeQL wasn't setup for the repo, but when I tried to enable it the UI refused to allow me to use the Advanced configuration (based on YAML workflow file) without configuring a new one; the imported workflow was not recognized.
I could choose the
Default
configuration, but this ignored the imported workflow (error above).I will need to remove the shared
CodeQL
job entry and add project-specific copies of the workflow to work around the idiosyncrasies of this tool.TODO
References