Title: upload-sarif: token input doesn't work · Issue #2386 · github/codeql-action · GitHub
Open Graph Title: upload-sarif: token input doesn't work · Issue #2386 · github/codeql-action
X Title: upload-sarif: token input doesn't work · Issue #2386 · github/codeql-action
Description: I have this step in a workflow and it works: - name: "Upload Trivy scan results to GitHub Security tab" uses: github/codeql-action/upload-sarif@v3 with: sarif_file: '${{ env.trivy_output_file }}' category: 'trivy-image-${{ matrix.image }...
Open Graph Description: I have this step in a workflow and it works: - name: "Upload Trivy scan results to GitHub Security tab" uses: github/codeql-action/upload-sarif@v3 with: sarif_file: '${{ env.trivy_output_file }}' c...
X Description: I have this step in a workflow and it works: - name: "Upload Trivy scan results to GitHub Security tab" uses: github/codeql-action/upload-sarif@v3 with: sarif_file: '${{ env.trivy_out...
Opengraph URL: https://github.com/github/codeql-action/issues/2386
X: @github
Domain: github.com
{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"upload-sarif: token input doesn't work","articleBody":"I have this step in a workflow and it works:\r\n\r\n```yaml\r\n - name: \"Upload Trivy scan results to GitHub Security tab\"\r\n uses: github/codeql-action/upload-sarif@v3\r\n with:\r\n sarif_file: '${{ env.trivy_output_file }}'\r\n category: 'trivy-image-${{ matrix.image }}'\r\n```\r\n\r\nbut it doesn't work if add the token argument:\r\n```yaml\r\n - name: \"Upload Trivy scan results to GitHub Security tab\"\r\n uses: github/codeql-action/upload-sarif@v3\r\n with:\r\n token: ${{ secrets.MY_TOKEN }}\r\n sarif_file: '${{ env.trivy_output_file }}'\r\n category: 'trivy-image-${{ matrix.image }}'\r\n```\r\n\r\nThis is the error:\r\n\r\n```bash\r\nUploading results\r\n Processing sarif files: [\"trivy-test-yellow.sarif\"]\r\n Validating trivy-test-yellow.sarif\r\n Combining SARIF files using the CodeQL CLI\r\n Adding fingerprints to SARIF file. For more information, see https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs\r\n Uploading results\r\n Warning: Not Found\r\n Error: Not Found\r\n```\r\n\u003cdetails\u003e\r\n\u003csummary\u003eDebug\u003c/summary\u003e\r\n\r\n```bash\r\nUploading results\r\n Processing sarif files: [\"trivy-test-yellow.sarif\"]\r\n Validating trivy-test-yellow.sarif\r\n Combining SARIF files using the CodeQL CLI\r\n Adding fingerprints to SARIF file. For more information, see https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs\r\n ##[debug]Validating that each SARIF run has a unique category\r\n ##[debug]Serializing SARIF for upload\r\n ##[debug]Compressing serialized SARIF\r\n ##[debug]Raw upload size: 542 bytes\r\n ##[debug]Base64 zipped upload size: 472 bytes\r\n ##[debug]Number of results in upload: 0\r\n Uploading results\r\n Warning: Not Found\r\n Error: Not Found\r\n ##[debug]Sending status report: {\"action_name\":\"upload-sarif\",\"action_oid\":\"unknown\",\"action_ref\":\"v3\",\"action_started_at\":\"2024-07-24T13:50:22.018Z\",\"action_version\":\"3.25.13\",\"analysis_key\":\".github/workflows/build new.yml:build\",\"commit_oid\":\"f26f5724a7c97d43f52ce8d4c9c0ed09b5eeba51\",\"first_party_analysis\":false,\"job_name\":\"build\",\"job_run_uuid\":\"\",\"ref\":\"refs/heads/main\",\"runner_os\":\"Linux\",\"started_at\":\"2024-07-24T13:50:22.018Z\",\"status\":\"failure\",\"steady_state_default_setup\":false,\"testing_environment\":\"\",\"workflow_name\":\"builed new\",\"workflow_run_attempt\":1,\"workflow_run_id\":100[77](https://github.com/my..repo.../actions/runs/10077937806/job/27861647308#step:9:78)937806,\"actions_event_name\":\"workflow_dispatch\",\"runner_available_disk_space_bytes\":21029244928,\"runner_total_disk_space_bytes\":7[78](https://github.com/my..repo.../actions/runs/10077937806/job/27861647308#step:9:79)51254784,\"cause\":\"Not Found\",\"exception\":\"HttpError: Not Found\\n at /home/runner/work/_actions/github/codeql-action/v3/node_modules/@octokit/request/dist-node/index.js:86:21\\n at process.processTicksAndRejections (node:internal/process/task_queues:95:5)\\n at async requestWithGraphqlErrorHandling (/home/runner/work/_actions/github/codeql-action/v3/node_modules/@octokit/plugin-retry/dist-node/index.js:71:20)\\n at async Job.doExecute (/home/runner/work/_actions/github/codeql-action/v3/node_modules/bottleneck/light.js:405:18)\",\"completed_at\":\"2024-07-24T13:50:22.[81](https://github.com/my..repo.../actions/runs/10077937806/job/27861647308#step:9:82)3Z\",\"matrix_vars\":\"{\\n \\\"dockerfile\\\": \\\"Dockerfile-ok\\\",\\n \\\"image\\\": \\\"test/yellow\\\"\\n}\",\"runner_arch\":\"X64\",\"runner_image_version\":\"20240721.1.0\"}\r\n ##[debug]Node Action run completed with exit code 1\r\n ##[debug]CODEQL_ACTION_FEATURE_MULTI_LANGUAGE='false'\r\n ##[debug]CODEQL_ACTION_FEATURE_SANDWICH='false'\r\n ##[debug]CODEQL_ACTION_FEATURE_SARIF_COMBINE='true'\r\n ##[debug]CODEQL_ACTION_FEATURE_WILL_UPLOAD='true'\r\n ##[debug]CODEQL_ACTION_VERSION='3.25.13'\r\n ##[debug]CODEQL_ACTION_ANALYSIS_KEY='.github/workflows/build new.yml:build'\r\n ##[debug]CODEQL_WORKFLOW_STARTED_AT='2024-07-24T13:50:22.018Z'\r\n ##[debug]CODEQL_UPLOAD_SARIF_TRIVY_IMAGE_TEST_YELLOW__TRIVY='CODEQL_UPLOAD_SARIF_TRIVY_IMAGE_TEST_YELLOW__TRIVY'\r\n ##[debug]CODEQL_ACTION_JOB_STATUS='JOB_STATUS_FAILURE'\r\n ##[debug]Finishing: Upload Trivy scan results to GitHub Security tab\r\n```\r\n\r\n\u003c/details\u003e\r\n\r\nThe secret is properly configured. If I change the secret value, I got \"Bad credentials\". I created this step to check the token and it works:\r\n\r\n```yaml\r\n - name: testing secrets\r\n env: \r\n MY_TOKEN: ${{ secrets.MY_TOKEN }}\r\n run: |\r\n REPOSITORY=\".../...\"\r\n\r\n # Variables\r\n BASE_URL=\"https://api.github.com/repos/$REPOSITORY/code-scanning\"\r\n\r\n HEADERS=(\r\n -H \"Accept: application/vnd.github+json\"\r\n -H \"Authorization: Bearer $MY_TOKEN\"\r\n -H \"X-GitHub-Api-Version: 2022-11-28\"\r\n )\r\n\r\n curl -Ls \\\r\n -X GET \\\r\n \"${HEADERS[@]}\" \\\r\n \"$BASE_URL/analyses?per_page=1\"\r\n```\r\n","author":{"url":"https://github.com/jesus-linares","@type":"Person","name":"jesus-linares"},"datePublished":"2024-07-24T13:37:18.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":9},"url":"https://github.com/2386/codeql-action/issues/2386"}
| route-pattern | /_view_fragments/issues/show/:user_id/:repository/:id/issue_layout(.:format) |
| route-controller | voltron_issues_fragments |
| route-action | issue_layout |
| fetch-nonce | v2:75cf6501-2af5-db0a-64d8-553d3fe34caa |
| current-catalog-service-hash | 81bb79d38c15960b92d99bca9288a9108c7a47b18f2423d0f6438c5b7bcd2114 |
| request-id | 9D46:3AF9A7:54EF976:774B450:6A4FA496 |
| html-safe-nonce | 0af06811e209e9ad34d0c0f1fb70fc0cae69c9cb82b00bf522df6eeb963f75f5 |
| visitor-payload | eyJyZWZlcnJlciI6IiIsInJlcXVlc3RfaWQiOiI5RDQ2OjNBRjlBNzo1NEVGOTc2Ojc3NEI0NTA6NkE0RkE0OTYiLCJ2aXNpdG9yX2lkIjoiMzkxOTYzNDYzMjY4MTY5NDM1OCIsInJlZ2lvbl9lZGdlIjoiaWFkIiwicmVnaW9uX3JlbmRlciI6ImlhZCJ9 |
| visitor-hmac | e27e1047838f5041e6d9795e753d564cf3ac9b3d0356c1b77bc690d17d89c40a |
| hovercard-subject-tag | issue:2427618959 |
| github-keyboard-shortcuts | repository,issues,copilot |
| google-site-verification | Apib7-x98H0j5cPqHWwSMm6dNU4GmODRoqxLiDzdx9I |
| octolytics-url | https://collector.github.com/github/collect |
| analytics-location | / |
| fb:app_id | 1401488693436528 |
| apple-itunes-app | app-id=1477376905, app-argument=https://github.com/_view_fragments/issues/show/github/codeql-action/2386/issue_layout |
| twitter:image | https://opengraph.githubassets.com/756d4f7ffbd5bf298a098c2d65bb641eb04e0245351cc2c8c72be5dae719a3ac/github/codeql-action/issues/2386 |
| twitter:card | summary_large_image |
| og:image | https://opengraph.githubassets.com/756d4f7ffbd5bf298a098c2d65bb641eb04e0245351cc2c8c72be5dae719a3ac/github/codeql-action/issues/2386 |
| og:image:alt | I have this step in a workflow and it works: - name: "Upload Trivy scan results to GitHub Security tab" uses: github/codeql-action/upload-sarif@v3 with: sarif_file: '${{ env.trivy_output_file }}' c... |
| og:image:width | 1200 |
| og:image:height | 600 |
| og:site_name | GitHub |
| og:type | object |
| og:author:username | jesus-linares |
| hostname | github.com |
| expected-hostname | github.com |
| None | b92d11c0aa4a77d54ef4af1078b6a15fb5a70a215b30c4ecf28889d5a8e656d9 |
| turbo-cache-control | no-preview |
| go-import | github.com/github/codeql-action git https://github.com/github/codeql-action.git |
| octolytics-dimension-user_id | 9919 |
| octolytics-dimension-user_login | github |
| octolytics-dimension-repository_id | 259445878 |
| octolytics-dimension-repository_nwo | github/codeql-action |
| octolytics-dimension-repository_public | true |
| octolytics-dimension-repository_is_fork | false |
| octolytics-dimension-repository_network_root_id | 259445878 |
| octolytics-dimension-repository_network_root_nwo | github/codeql-action |
| turbo-body-classes | logged-out env-production page-responsive |
| disable-turbo | false |
| browser-stats-url | https://api.github.com/_private/browser/stats |
| browser-errors-url | https://api.github.com/_private/browser/errors |
| release | 4b249b445842943ed31549e027f57a8ade9881ed |
| ui-target | full |
| theme-color | #1e2327 |
| color-scheme | light dark |
Links:
Viewport: width=device-width