BUILD-11393: Fix check-sca failures caused by local-ref#258
Conversation
|
SummaryThis PR fixes The local reference approach doesn't work when the action is called from rulesets — the workflow engine can't locate the The change also removes the What reviewers should knowWhat to review: This is a single YAML file change in Key context: The issue occurs because local action references (relative paths like Check for: If there are other workflows in this repo that might have adopted the same local reference pattern, they could have the same issue — worth scanning for similar patterns.
|
![sonar-review-alpha[bot]](https://avatars.githubusercontent.com/in/3025063?s=60&v=4){kind=small}
There was a problem hiding this comment.
LGTM! ✅
Clean, minimal fix. The actions/checkout step is still necessary — check-sca discovers project keys from config files in the calling repo (.sonarlint/connectedMode.json, sonar-project.properties, etc.) via WORKING_DIRECTORY, so the checkout must remain even though the action is now fetched remotely.
bwalsh434
deleted the
bugfix/bwalsh/BUILD-11393-fix-constant-check-sca-failures-from-local-ref
branch
There was a problem hiding this comment.
Pull request overview
This PR updates the SCA required workflow so it can run the check-sca action from this repository when invoked from consuming repositories via rulesets.
Changes:
- Removes sparse checkout of the local
check-scadirectory. - Replaces the local action reference with
SonarSource/ci-github-actions/check-sca@master.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| with: | ||
| sparse-checkout: check-sca | ||
| - uses: ./check-sca | ||
| - uses: SonarSource/ci-github-actions/check-sca@master |
Context
Error: Can't find 'action.yml', 'action.yaml' or 'Dockerfile' under '/home/runner/work/sonarcloud-cleancode/sonarcloud-cleancode/check-sca'. Did you forget to run actions/checkout before running your local action?What Changed?