We need to use the upload-sarif action to upload the report to be able to support PRs from forks.
upload-sarif requires that the plugin be checked out directly into the workspace (without path argument), which didn't work in the existing structure. So restructure the workflow to make that work.
Use this opportunity to simplify the workflow:
Inline scan.sh and simplify it, now that it's not possible to invoke output a GH action.
As a result, this repo will only store the workflow now, no actions anymore. I plan to look into providing a standalone shell script for use in other contexts later.
Resolves #3.
upload-sarifaction to upload the report to be able to support PRs from forks.upload-sarifrequires that the plugin be checked out directly into the workspace (withoutpathargument), which didn't work in the existing structure. So restructure the workflow to make that work.scan.shand simplify it, now that it's not possible to invoke output a GH action.fetch-codeqlto https://github.com/jenkins-infra/fetch-codeql-actionAs a result, this repo will only store the workflow now, no actions anymore. I plan to look into providing a standalone shell script for use in other contexts later.