Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

configuration not found warning when using unified gh workflow #7

Closed
shahar-h opened this issue Apr 27, 2024 · 5 comments · Fixed by #20
Closed

configuration not found warning when using unified gh workflow #7

shahar-h opened this issue Apr 27, 2024 · 5 comments · Fixed by #20
Assignees
@another-rex

Comments

@shahar-h
Copy link
Contributor

I'm using the unified osv-scanner gh workflow in my repo:

name: OSV-Scanner

on:
  pull_request:
    branches:
    - "main"
  merge_group:
    branches:
    - "main"
  push:
    branches:
    - "main"
  schedule:
  - cron: '44 15 * * 5'

permissions:
  contents: read

jobs:
  scan-scheduled:
    if: ${{ github.event_name == 'push' || github.event_name == 'schedule' }}
    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78"  # v1.7.1
    permissions:
      contents: read
      # Require writing security events to upload SARIF file to security tab
      security-events: write
  scan-pr:
    if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
    uses: "google/osv-scanner-action/.github/workflows/osv-scanner-reusable-pr.yml@1f1242919d8a60496dd1874b24b62b2370ed4c78"  # v1.7.1
    permissions:
      contents: read
      # Require writing security events to upload SARIF file to security tab
      security-events: write

I get the following warning on PRs:
image

I guess that it's related to the fact that the job name is different between reusable workflows:

Can you assist?
@another-rex
Copy link
Collaborator

I'm having some trouble reproducing this issue, I copied the GH workflow you provided to a new repo, and it seems to work for me. (https://github.com/another-rex/oss-fuzz-gen/blob/main/.github/workflows/osv-scanner.yml)

another-rex/oss-fuzz-gen#1

Can you provide a bit more detail or a link to the repository (if it's public) where you are running into this issue?

One thing to check is maybe your main branch might be called master?

@shahar-h
Copy link
Contributor Author

You also have the same warning in Code scanning results / osv-scanner check:
https://github.com/another-rex/oss-fuzz-gen/pull/1/checks?check_run_id=24407746581

@another-rex
Copy link
Collaborator

Not sure this can be fixed, I believe the issue is with the fact that we skip the scheduled scan on PRs, and only perform the PR code scanning. So Gtihub can't find the sarif file for the scheduled scan. I also might be misinterpreting what that warning means though.

@shahar-h
Copy link
Contributor Author

shahar-h commented May 1, 2024

The warning was disappeared once I renamed job name in osv-scanner-reusable-pr.yml from scan-pr to osv-scan(same as in osv-scanner-reusable.yml):
shahar-h@28046d1

image

@shahar-h
Copy link
Contributor Author

shahar-h commented May 6, 2024

@another-rex any update?

@shahar-h shahar-h mentioned this issue May 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@another-rex another-rex

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix configuration not found warning when using unified gh workflow shahar-h/osv-scanner-action
2 participants
@shahar-h @another-rex