Update CodeQL Action v3 → v4 and fix SARIF upload failure#61
Conversation
…F upload Co-authored-by: mariofix <5313331+mariofix@users.noreply.github.com>
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferences |
1 similar comment
Coverage summary from CodacySee diff coverage on Codacy
Coverage variation details
Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: Diff coverage details
Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: See your quality gate settings Change summary preferences |
The Codacy security scan workflow was using the deprecated
codeql-action/upload-sarif@v3and failing withInvalid request. 1 item required; only 0 were suppliedwhenCODACY_PROJECT_TOKENis unavailable (e.g., fork PRs), causing an empty SARIF file with zerorunsto be rejected by the GitHub API.Changes
codeql-action/upload-sarifv3→v4— v3 is deprecated and will stop working December 2026continue-on-error: trueon upload step — prevents hard failure when Codacy produces an empty SARIF due to missing token; upload still runs and succeeds when the token is present💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.