Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upload code scanning results to correct ref when releasing #3006

Merged
merged 1 commit into from
Jun 17, 2024
Merged

Upload code scanning results to correct ref when releasing #3006

merged 1 commit into from
Jun 17, 2024

Conversation

alcaeus
Copy link
Member

@alcaeus alcaeus commented Jun 17, 2024

Same issue as with mongodb/mongo-php-library#1346.

When running the static analysis workflow from the release workflow, the github.ref and github.sha point to the release branch instead of the release tag. We have to account for this when uploading the sarif. Using inputs.ref works, but the sarif-upload action also expects a sha input when ref is given. To account for this, we get the ref for HEAD on workflow_dispatch events so the code scanning results are correctly attached to the release tag.

@alcaeus alcaeus requested a review from GromNaN June 17, 2024 07:48
@alcaeus alcaeus requested a review from a team as a code owner June 17, 2024 07:49
@alcaeus alcaeus enabled auto-merge (squash) June 17, 2024 07:49
GromNaN
GromNaN reviewed Jun 17, 2024
View reviewed changes
.github/workflows/static-analysis.yml
@@ -58,12 +63,21 @@ jobs:

- name: Run PHPStan
run: ./vendor/bin/phpstan analyse --no-interaction --no-progress --ansi --error-format=sarif > phpstan.sarif
continue-on-error: true
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If there's an error, the file won't be generated and subsequent steps will crash, isn't it?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It depends. IIRC, if PHPStan detects errors it will exit with a non-zero exit code but still write the file. Default behaviour in GHA would be to stop the job, but we want to at least continue to the next step to upload a SARIF file if it exists. If PHPStan crashed and didn't produce a file, I'm fine with the upload-sarif step failing as well.

@alcaeus
Copy link
Member Author

alcaeus commented Jun 17, 2024

Note: fixed a wrong filename due to copy/paste. The PHPStan workflow should now pass again.

@alcaeus alcaeus merged commit 4940d80 into mongodb:4.4 Jun 17, 2024
26 checks passed
@mongodb-php-bot mongodb-php-bot mentioned this pull request Jun 17, 2024
Merged
@alcaeus alcaeus deleted the fix-sarif-release-upload branch June 17, 2024 08:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GromNaN GromNaN GromNaN approved these changes

Assignees
No one assigned
Labels
github
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@alcaeus @GromNaN