We need to use the upload-sarif action to upload the report to be able to support PRs from forks.
upload-sarif requires that the plugin be checked out directly into the workspace (without path argument), which didn't work in the existing structure. So restructure the workflow to make that work.
Use this opportunity to simplify the workflow:
Inline scan.sh and simplify it, now that it's not possible to invoke output a GH action.
As a result, this repo will only store the workflow now, no actions anymore. I plan to look into providing a standalone shell script for use in other contexts later.
Resolves #3.
upload-sarif
action to upload the report to be able to support PRs from forks.upload-sarif
requires that the plugin be checked out directly into the workspace (withoutpath
argument), which didn't work in the existing structure. So restructure the workflow to make that work.scan.sh
and simplify it, now that it's not possible to invoke output a GH action.fetch-codeql
to https://github.com/jenkins-infra/fetch-codeql-actionAs a result, this repo will only store the workflow now, no actions anymore. I plan to look into providing a standalone shell script for use in other contexts later.