Skip to content

Commit 7a474f8

Browse files
committed
Upload detekt's SARIF reports one by one
Uploading merged reports for the same build and tool is not supported on Github anymore See https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload/
1 parent 7c9417a commit 7a474f8

File tree

1 file changed

+35
-2
lines changed

1 file changed

+35
-2
lines changed

.github/workflows/lint.yml

Lines changed: 35 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,9 @@ jobs:
4444
env:
4545
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
4646

47+
outputs:
48+
categories: ${{ steps.report-list.outputs.categories }}
49+
4750
steps:
4851
- uses: actions/checkout@v4
4952

@@ -63,8 +66,38 @@ jobs:
6366
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
6467
run: ./gradlew detekt
6568

69+
- name: Save reports as artifacts
70+
uses: actions/upload-artifact@v4
71+
if: ${{ always() }}
72+
with:
73+
name: sarif-reports
74+
path: 'build/reports/detekt/sarif/*.sarif'
75+
76+
- name: Compute report list
77+
id: report-list
78+
if: ${{ always() }}
79+
working-directory: build/reports/detekt/sarif
80+
run: |
81+
values=$(ls --width 0 --format commas | sed 's/cosmotech-/"/g' | sed 's/-detekt.sarif/"/g')
82+
echo "categories=[$values]" >> "$GITHUB_OUTPUT"
83+
84+
detekt-upload-sarif:
85+
runs-on: ubuntu-latest
86+
needs: detekt
87+
strategy:
88+
fail-fast: false
89+
matrix:
90+
category: ${{ fromJSON(needs.detekt.outputs.categories) }}
91+
92+
steps:
93+
- name: Retrieve reports
94+
uses: actions/download-artifact@v4
95+
with:
96+
name: sarif-reports
97+
path: sarif
98+
6699
- name: Upload SARIF reports to GitHub Security tab
67100
uses: github/codeql-action/upload-sarif@v3
68-
if: ${{ always() }}
69101
with:
70-
sarif_file: 'build/reports/detekt/sarif/'
102+
sarif_file: 'sarif/cosmotech-${{ matrix.category }}-detekt.sarif'
103+
category: ${{ matrix.category }}

0 commit comments

Comments
 (0)