simon-engledew
commented
1 month ago 👋 I think we would need a bit more information to be able to give helpful advice, but here are some thoughts:
Are you using reusable workflows to achieve this?
What is the error that you are seeing? Is it a permissions issue?
The action uses a private endpoint to upload the data, but there is a public SARIF upload API that you can call yourself that might offer you a bit more flexibility. I don't think there is any explicit reason your setup wont work.
auwimosendsafely
Context: I have multiple repositories that run the same workflows, and rather than update them all individually I have a central (private) repository that host the workflows and the rest of the repositories simply trigger the workflows in the central repository.
Problem: It appears that github/codeql-action/analyze@v2 is not equipped to handle this pattern. Using actions/checkout on the external repo I am able to do the actual analysis, but the uploading of results always fails
I would appreciate any advice on how I can get this to work, if possible