Vague Not Found Error

[kferrone]

I just setup codeql for python. It seems to most of the work and then at the very end it exits with a 1 and fails. The error seems to just be Error: Not Found and that's it, as far as I know.

The repo and job is public, check this workflow run out: https://github.com/duplocloud/duploctl/actions/runs/10359370685/job/28676373592

I reran with debug on, but it spat out about 90k lines. https://github.com/duplocloud/duploctl/actions/runs/10359370685/job/28676611006

Here is the link directly to the failing action in the workflow: https://github.com/duplocloud/duploctl/blob/9d3b76925a99c474d8657b19f04e514f3f2a94b8/.github/workflows/quality.yml#L72

Is it failing to upload something somewhere? Seem kinda like that's the case. Am I missing a permission?

[aeisenberg]

I'm pretty sure this happens when you haven't set the proper permissions in your workflow. So, first make sure that you have security-events: write permission (actions: read is also required for private repos).

[kferrone]

Hmmm, maybe? The repo is not private so I don't think I need actions: read

I did actually get this to work. It seems more to do with me using a GithubApp token for the permissions.

I added this permission to the app with Read and Write.

Code scanning alerts
View and manage code scanning alerts.

Is this not the same permission as security-events: write??

I simply added this to the job and removed the app token from the codeql action

permissions:
  security-events: write

[aeisenberg]

For public repos all you should need is security-events: write. An app token is not necessary. Since it seems like you've figured out the problem, I'll close this issue.

[kferrone]

I would prefer to use the app if possible. This does seem to be related to using a GithubApp. I am still curious though, are these actually the same permission? Code scanning alerts === security-events ??

[aeisenberg]

Hmmm...I'm not really sure if code scanning supports authentication through a github app. Are you able to explain why you'd prefer an using an app?

[kferrone]

I had to create an app for other reasons, I needed to commit in pipeline and have the commit be verified, I had to use an app to accomplish this. From then on I just impulsively started using that apps token to do anything that needed a GITHUB_TOKEN. This way github always says the app did whatever instead of the usual github-actions user which is what is used by default, ie the injected token.

Either way, this action could at least give a better error than Error: Not Found. Like, what was not found? You could even just mention clearly in the docs you can't use an app token.