René's URL Explorer Experiment

{"@context":"https://schema.org","@type":"DiscussionForumPosting","headline":"`upload-sarif` action seems to always use `GITHUB_WORKSPACE` Git information to compute `commit_oid`","articleBody":"Uploading SARIF files using the `upload-sarif@v1` action can fail with:\r\n\r\n```\r\nProcessing sarif files: [\"scan.sarif\"]\r\nUploading results\r\nError: commit not found\r\nRequestError [HttpError]: commit not found\r\n```\r\n\r\nThe problem here seems to be that the `commit_oid` parameter in the uploaded JSON is from an entirely different repository: the repository that's the \"main\" checkout (the one with empty `path` parameter to `actions/checkout@v2`), even with `checkout_path` specified.\r\n\r\n\u003cdetails\u003e\r\n\u003csummary\u003eFull log output\u003c/summary\u003e\r\n\r\n```\r\n Processing sarif files: [\"jenkins-security-scan.sarif\"]\r\n Uploading results\r\n Error: commit not found\r\n RequestError [HttpError]: commit not found\r\n     at /home/runner/work/_actions/github/codeql-action/v1/node_modules/@octokit/request/dist-node/index.js:66:23\r\n     at processTicksAndRejections (internal/process/task_queues.js:93:5)\r\n     at async Job.doExecute (/home/runner/work/_actions/github/codeql-action/v1/node_modules/bottleneck/light.js:405:18) {\r\n   name: 'HttpError',\r\n   status: 404,\r\n   headers: {\r\n     'access-control-allow-origin': '*',\r\n     'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',\r\n     connection: 'close',\r\n     'content-encoding': 'gzip',\r\n     'content-security-policy': \"default-src 'none'\",\r\n     'content-type': 'application/json; charset=utf-8',\r\n     date: 'Fri, 25 Feb 2022 10:29:15 GMT',\r\n     'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',\r\n     server: 'GitHub.com',\r\n     'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',\r\n     'transfer-encoding': 'chunked',\r\n     vary: 'Accept-Encoding, Accept, X-Requested-With',\r\n     'x-content-type-options': 'nosniff',\r\n     'x-frame-options': 'deny',\r\n     'x-github-media-type': 'github.v3; format=json',\r\n     'x-github-request-id': '0403:3D83:83138D:1507C61:6218AF7B',\r\n     'x-ratelimit-limit': '1000',\r\n     'x-ratelimit-remaining': '995',\r\n     'x-ratelimit-reset': '1645785350',\r\n     'x-ratelimit-resource': 'code_scanning_upload',\r\n     'x-ratelimit-used': '5',\r\n     'x-xss-protection': '0'\r\n   },\r\n   request: {\r\n     method: 'PUT',\r\n     url: 'https://api.github.com/repos/daniel-beck-org/sample-plugin/code-scanning/analysis',\r\n     headers: {\r\n       accept: 'application/vnd.github.v3+json',\r\n       'user-agent': 'CodeQL-Action/1.1.3 octokit-core.js/3.1.2 Node.js/12.13.1 (linux; x64)',\r\n       authorization: 'token [REDACTED]',\r\n       'content-type': 'application/json; charset=utf-8'\r\n     },\r\n     body: '{\"commit_oid\":\"92e0b0945a6334eeeb4c65a78c2be5a7767e3cc9\",\"ref\":\"refs/heads/main\",\"analysis_key\":\".github/workflows/jss.yaml:scan\",\"analysis_name\":\"Jenkins Security Scan\",\"sarif\":\"...\",\"workflow_run_id\":1898119060,\"checkout_uri\":\"file:///home/runner/work/sample-plugin/sample-plugin\",\"environment\":\"null\",\"started_at\":\"2022-02-25T10:29:14.509Z\",\"tool_names\":[\"Jenkins Security Scan\"]}',\r\n     request: { agent: [Agent], hook: [Function: bound bound register] }\r\n   },\r\n   documentation_url: 'https://docs.github.com/rest'\r\n }\r\n```\r\n\r\n\u003c/details\u003e\r\n\r\nIf no repository is checked out at this location (i.e. every `actions/checkout@v2` has a `path`), then the error is the same as in #944 (but at least the upload still happens, at least for a non-PR upload).","author":{"url":"https://github.com/daniel-beck","@type":"Person","name":"daniel-beck"},"datePublished":"2022-02-26T14:46:49.000Z","interactionStatistic":{"@type":"InteractionCounter","interactionType":"https://schema.org/CommentAction","userInteractionCount":7},"url":"https://github.com/952/codeql-action/issues/952"}