robojerk/codeql-action

Only delete SARIF in PR check if not running on a fork (#2084)

Browse source
This commit is contained in:
Angela P Wen 2024-01-16 16:07:58 -08:00 committed by GitHub
parent 4d75a10efa
commit f65ecd09c7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
6 changed files with 26 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

11
src/init-action-post-helper.ts
View file

@ -1,3 +1,5 @@
import * as github from "@actions/github";
import * as actionsUtil from "./actions-util";
import { getApiClient } from "./api-client";
import { getCodeQL } from "./codeql";
@ -183,7 +185,14 @@ export async function run(
}
if (process.env["CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF"] === "true") {
await removeUploadedSarif(uploadFailedSarifResult, logger);
if (!github.context.payload.pull_request?.head.repo.fork) {
await removeUploadedSarif(uploadFailedSarifResult, logger);
} else {
logger.info(
"Skipping deletion of failed SARIF because the workflow was triggered from a fork of " +
"codeql-action and doesn't have the appropriate permissions for deletion.",
);
}
}
// Upload appropriate Actions artifacts for debugging