download artifact, no such file or directory

[GeoDerp]

Greetings, I have been testing out a fork of osv-scanner to add support for matrix's. Most of it works. however I am being stumped on this open /github/workspace/amd64.status': no such file or directory error.

I have two artifact files that get uploaded and downloaded into the OSV action. The files successfully download into the correct directory, however the scanner finds no file.

Error

Logs: https://github.com/GeoDerp/emhass/actions/runs/10026253342/job/27710383510

I can validate that the file is indeed being downloaded to the directory (/home/runner/work/emhass/emhass) that is being mounted to /github/workspace/:

Action snippet:

.
.
.
# previous job creates amd64.status and amd64-requirements.txt in ./OSV/
      - name: Upload package list as digest
        uses: actions/upload-artifact@v4
        with:
          name: ${{ matrix.platform.target_arch }}-packages
          path: ./OSV/*
          if-no-files-found: error
          retention-days: 1
.
.
.
  # Google OSV-Scanner  
  osv-scan:
    needs:
      - build
    strategy:
      matrix:
        platform: [
          {target_arch: amd64},
          # {target_arch: armv7}
          # {target_arch: armhf},
          # {target_arch: aarch64}
        ]
    uses: "GeoDerp/osv-scanner/.github/workflows/osv-scanner-reusable.yml@v1.9.0-beta"
    with:
      download-artifact-directory: "./"
      download-artifact: "${{ matrix.platform.target_arch }}-packages"
      results-file-name: "${{ matrix.platform.target_arch }}.sarif"
      security-category: "${{ matrix.platform.target_arch }}-OSV-Scanner"
      scan-args: |-
        --lockfile='dpkg-status:./${{ matrix.platform.target_arch }}.status'
        --lockfile='requirements.txt:./${{matrix.platform.target_arch }}-requirements.txt'
        --recursive
        --skip-git
        ./
    permissions:
      security-events: write
      contents: write

The download-artifact-directory input will be removed before I make a PR, just for current testing. Full action here: https://github.com/GeoDerp/emhass/blob/OSV-integration/.github/workflows/publish_docker.yaml Used osv-scanner-reusable.yaml: https://github.com/GeoDerp/osv-scanner/blob/main/.github/workflows/osv-scanner-reusable.yml

Quick Note: I have tweaked things like permission variables in the main action. However, that does not seem to help.

[another-rex]

Sorry we missed this issue for so long! I'll look into this next week and will try to figure out why this is happening.