From 83826d3add491c90df4bf34df0b2761dbdca4128 Mon Sep 17 00:00:00 2001 From: Max Date: Wed, 25 Mar 2026 15:40:14 +0100 Subject: [PATCH 1/3] fix: Fixed failing dependency graph uploads --- .github/workflows/code-scan.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/.github/workflows/code-scan.yml b/.github/workflows/code-scan.yml index c5b4a30..8f538a9 100644 --- a/.github/workflows/code-scan.yml +++ b/.github/workflows/code-scan.yml @@ -136,11 +136,13 @@ jobs: - name: "Download existing cached results from previous job (pr)" if: ${{ env.GHA_SECURITY_CODE_SCAN_SKIP_JOB_AND_CONTINUE_SCAN == 'False' }} - uses: actions/download-artifact@v7 + uses: actions/download-artifact@v8 with: run-id: ${{ env.GHA_SECURITY_CODE_SCAN_WORKFLOW_RUN_ID }} github-token: ${{ secrets.GITHUB_TOKEN }} path: "/home/runner/work/${{ github.event.repository.name }}/results" + pattern: dependency-graph_* + merge-multiple: true - name: "Upload scan results" if: ${{ env.GHA_SECURITY_CODE_SCAN_SKIP_JOB_AND_CONTINUE_SCAN == 'False' }} @@ -164,8 +166,8 @@ jobs: if [ -d "$file" ] ; then continue fi - jq ".sha = \"$GITHUB_SHA\" | .ref = \"$GITHUB_REF\"" < "$file" | - gh api "/repos/$GITHUB_REPOSITORY/dependency-graph/snapshots" --method POST --input - + echo "Uploading dependency graph $file" + jq ".sha = \"$GITHUB_SHA\" | .ref = \"$GITHUB_REF\"" < "$file" | gh api "/repos/$GITHUB_REPOSITORY/dependency-graph/snapshots" --method POST --input - || true done get-repository-metadata: From d9f4830ca95e9f9285f9280acf3e18d8a74a4ec3 Mon Sep 17 00:00:00 2001 From: Max Date: Wed, 25 Mar 2026 15:41:32 +0100 Subject: [PATCH 2/3] chore: Update download and update actions --- .github/workflows/code-scan.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/code-scan.yml b/.github/workflows/code-scan.yml index 8f538a9..653d4fe 100644 --- a/.github/workflows/code-scan.yml +++ b/.github/workflows/code-scan.yml @@ -392,7 +392,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: "Upload Semgrep report as artifact" - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: semgrep-${{ matrix.language }}-sarif path: semgrep.sarif @@ -484,7 +484,7 @@ jobs: echo -e "# ❗️ CodeQL analysis failed on HTML file(s) \n CodeQL will fail if no javascript can be extracted from HTML file(s). \n \n Ignore scanning HTML files by adding 'html' to workflow input ignore_language \n See [CodeQL supported languages and frameworks](https://codeql.github.com/docs/codeql-overview/supported-languages-and-frameworks/#id9) for more information from CodeQL." >> "$GITHUB_STEP_SUMMARY" - name: "Upload CodeQL report as artifact" - uses: actions/upload-artifact@v6 + uses: actions/upload-artifact@v7 with: name: codeql-${{ matrix.language }}-sarif path: "/home/runner/work/${{ github.event.repository.name }}/results" From d89280ea500f522b8a28a9624c7a6df03b277b5e Mon Sep 17 00:00:00 2001 From: Max Date: Wed, 25 Mar 2026 15:44:58 +0100 Subject: [PATCH 3/3] chore: Update debug output --- .github/workflows/code-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-scan.yml b/.github/workflows/code-scan.yml index 653d4fe..9f62421 100644 --- a/.github/workflows/code-scan.yml +++ b/.github/workflows/code-scan.yml @@ -166,7 +166,7 @@ jobs: if [ -d "$file" ] ; then continue fi - echo "Uploading dependency graph $file" + echo "Uploading cached dependency graph $file" jq ".sha = \"$GITHUB_SHA\" | .ref = \"$GITHUB_REF\"" < "$file" | gh api "/repos/$GITHUB_REPOSITORY/dependency-graph/snapshots" --method POST --input - || true done