Closed kferrone closed 1 month ago
I'm pretty sure this happens when you haven't set the proper permissions in your workflow. So, first make sure that you have security-events: write
permission (actions: read
is also required for private repos).
Hmmm, maybe? The repo is not private so I don't think I need actions: read
I did actually get this to work. It seems more to do with me using a GithubApp token for the permissions.
I added this permission to the app with Read and Write
.
Code scanning alerts
View and manage code scanning alerts.
Is this not the same permission as security-events: write
??
I simply added this to the job and removed the app token from the codeql action
permissions:
security-events: write
For public repos all you should need is security-events: write
. An app token is not necessary. Since it seems like you've figured out the problem, I'll close this issue.
I would prefer to use the app if possible. This does seem to be related to using a GithubApp.
I am still curious though, are these actually the same permission?
Code scanning alerts
=== security-events
??
Hmmm...I'm not really sure if code scanning supports authentication through a github app. Are you able to explain why you'd prefer an using an app?
I had to create an app for other reasons, I needed to commit in pipeline and have the commit be verified, I had to use an app to accomplish this. From then on I just impulsively started using that apps token to do anything that needed a GITHUB_TOKEN. This way github always says the app did whatever instead of the usual github-actions
user which is what is used by default, ie the injected token.
Either way, this action could at least give a better error than Error: Not Found
. Like, what was not found? You could even just mention clearly in the docs you can't use an app token.
I just setup codeql for python. It seems to most of the work and then at the very end it exits with a
1
and fails. The error seems to just beError: Not Found
and that's it, as far as I know.The repo and job is public, check this workflow run out: https://github.com/duplocloud/duploctl/actions/runs/10359370685/job/28676373592
I reran with debug on, but it spat out about 90k lines. https://github.com/duplocloud/duploctl/actions/runs/10359370685/job/28676611006
Here is the link directly to the failing action in the workflow: https://github.com/duplocloud/duploctl/blob/9d3b76925a99c474d8657b19f04e514f3f2a94b8/.github/workflows/quality.yml#L72
Is it failing to upload something somewhere? Seem kinda like that's the case. Am I missing a permission?