ensure only the upload-sarif action can submit a status report with first_party_analysis=false
This commit is contained in:
nickfyson
parent
a7dc229496
commit
f32f0bf8e4
9 changed files with 77 additions and 23 deletions
8
lib/actions-util.js
generated
8
lib/actions-util.js
generated
|
|
@ -242,9 +242,13 @@ exports.getActionVersion = getActionVersion;
|
|||
*
|
||||
* This is based on whether the init action has been used, which is only used for first party analysis.
|
||||
* When a SARIF file has been generated by other means and submitted using the upload action, this is
|
||||
* considered to be a third party analysis and is treated differently when calculating SLOs.
|
||||
* considered to be a third party analysis and is treated differently when calculating SLOs. To ensure
|
||||
* misconfigured workflows are not treated as third party, only the upload-sarif action can return false.
|
||||
*/
|
||||
function isFirstPartyAnalysis() {
|
||||
function isFirstPartyAnalysis(actionName) {
|
||||
if (actionName !== "upload-sarif") {
|
||||
return true;
|
||||
}
|
||||
return process.env[environment_1.EnvVar.INIT_ACTION_HAS_RUN] === "true";
|
||||
}
|
||||
exports.isFirstPartyAnalysis = isFirstPartyAnalysis;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue