Skip to content

Commit 2e1f4c2

Browse files
Merge pull request #103 from andrewkoltsov/codex/fix-scorecard-permissions
Fix Scorecard workflow permissions
2 parents b5b9f81 + 80991fe commit 2e1f4c2

1 file changed

Lines changed: 13 additions & 2 deletions

File tree

.github/workflows/scorecard.yml

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@ jobs:
1515
name: Scorecard analysis
1616
runs-on: ubuntu-latest
1717
permissions:
18+
contents: read
1819
security-events: write
1920
id-token: write
2021

@@ -31,16 +32,26 @@ jobs:
3132
results_format: sarif
3233
publish_results: true
3334

34-
- name: Upload Scorecard artifact
35+
- name: Check Scorecard SARIF output
36+
id: scorecard-sarif
3537
if: always()
38+
run: |
39+
if [ -f scorecard-results.sarif ]; then
40+
echo "exists=true" >> "$GITHUB_OUTPUT"
41+
else
42+
echo "exists=false" >> "$GITHUB_OUTPUT"
43+
fi
44+
45+
- name: Upload Scorecard artifact
46+
if: always() && steps.scorecard-sarif.outputs.exists == 'true'
3647
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
3748
with:
3849
name: scorecard-results
3950
path: scorecard-results.sarif
4051
retention-days: 5
4152

4253
- name: Upload Scorecard results to code scanning
43-
if: always()
54+
if: always() && steps.scorecard-sarif.outputs.exists == 'true'
4455
uses: github/codeql-action/upload-sarif@7211b7c8077ea37d8641b6271f6a365a22a5fbfa # v4
4556
with:
4657
sarif_file: scorecard-results.sarif

0 commit comments

Comments
 (0)