Only delete SARIF in PR check if not running on a fork (#2084)

2024-01-16 16:07:58 -08:00 · 2024-01-16 16:07:58 -08:00 · f65ecd09c7
commit f65ecd09c7
parent 4d75a10efa
6 changed files with 26 additions and 12 deletions
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@ -50,7 +50,6 @@ const status_report_1 = require("./status-report");
 const trap_caching_1 = require("./trap-caching");
 const uploadLib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
-const util_1 = require("./util");
 async function sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger) {
    const status = (0, status_report_1.getActionsStatus)(error, stats?.analyze_failure_language);
    const statusReportBase = await (0, status_report_1.createStatusReportBase)("finish", status, startedAt, await util.checkDiskUsage(), error?.message, error?.stack);
@ -228,7 +227,7 @@ async function run() {
        core.exportVariable(environment_1.EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY, "true");
    }
    catch (unwrappedError) {
-        const error = (0, util_1.wrapError)(unwrappedError);
+        const error = util.wrapError(unwrappedError);
        if (actionsUtil.getOptionalInput("expect-error") !== "true" ||
            hasBadExpectErrorInput()) {
            core.setFailed(error.message);
@ -261,9 +260,9 @@ async function runWrapper() {
        await exports.runPromise;
    }
    catch (error) {
-        core.setFailed(`analyze action failed: ${(0, util_1.wrapError)(error).message}`);
+        core.setFailed(`analyze action failed: ${util.wrapError(error).message}`);
    }
-    await (0, util_1.checkForTimeout)();
+    await util.checkForTimeout();
 }
 void runWrapper();
 //# sourceMappingURL=analyze-action.js.map
--- a/lib/analyze-action.js.map
+++ b/lib/analyze-action.js.map
--- a/lib/init-action-post-helper.js
+++ b/lib/init-action-post-helper.js
@ -24,6 +24,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.run = exports.tryUploadSarifIfRunFailed = void 0;
+const github = __importStar(require("@actions/github"));
 const actionsUtil = __importStar(require("./actions-util"));
 const api_client_1 = require("./api-client");
 const codeql_1 = require("./codeql");
@ -115,7 +116,13 @@ async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, p
            `but the result was instead ${error}.`);
    }
    if (process.env["CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF"] === "true") {
-        await removeUploadedSarif(uploadFailedSarifResult, logger);
+        if (!github.context.payload.pull_request?.head.repo.fork) {
+            await removeUploadedSarif(uploadFailedSarifResult, logger);
+        }
+        else {
+            logger.info("Skipping deletion of failed SARIF because the workflow was triggered from a fork of " +
+                "codeql-action and doesn't have the appropriate permissions for deletion.");
+        }
    }
    // Upload appropriate Actions artifacts for debugging
    if (config.debugMode) {
--- a/lib/init-action-post-helper.js.map
+++ b/lib/init-action-post-helper.js.map