github
Sarif file uploading results fail v2
CodeQl upload action is always failing with the following
Error: Path does not exist: results.sarif
Error: Path does not exist: results.sarif
at getSarifFilePaths (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-lib.js:152:15)
at Object.uploadFromActions (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-lib.js:140:30)
at run (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:51:47)
at async runWrapper (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:6[9](https://github.com/*****/*****/runs/6366980777?check_suite_focus=true#step:5:9):9)
Action
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# ESLint is a tool for identifying and reporting on patterns
# found in ECMAScript/JavaScript code.
# More details at https://github.com/eslint/eslint
# and https://eslint.org
name: ESLint
on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
schedule:
- cron: '24 7 * * 1'
jobs:
eslint:
name: Run eslint scanning
runs-on: ubuntu-latest
permissions: write-all
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install ESLint
run: |
npm install [email protected]
npm install @microsoft/[email protected]
- name: Run ESLint
run: npx eslint .
--config .eslintrc.js
--ext .js,.jsx,.ts,.tsx
--format @microsoft/eslint-formatter-sarif
--output-file eslint-results.sarif
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
with:
# Path to SARIF file relative to the root of the repository
sarif_file: results.sarif
It looks like your ESLint command creates a sarif file called eslint-results.sarif but the upload is looking for results.sarif. Perhaps the upload part should be:
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
with:
# Path to SARIF file relative to the root of the repository
sarif_file: eslint-results.sarif
@alexet changed it, but got
Error: codeql/upload-sarif action failed: HttpError: Resource not accessible by integration
RequestError [HttpError]: Resource not accessible by integration
at /home/runner/work/_actions/github/codeql-action/v1/node_modules/@octokit/request/dist-node/index.js:66:23
at processTicksAndRejections (internal/process/task_queues.js:97:5)
at async Job.doExecute (/home/runner/work/_actions/github/codeql-action/v1/node_modules/bottleneck/light.js:405:18) {
status: 403,
headers: {
'access-control-allow-origin': '*',
'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
connection: 'close',
'content-encoding': 'gzip',
'content-security-policy': "default-src 'none'",
'content-type': 'application/json; charset=utf-8',
date: 'Tue, 17 May 2022 09:48:21 GMT',
'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
server: 'GitHub.com',
'strict-transport-security': 'max-age=3[15](https://github.com/*****/*****/runs/6468240677?check_suite_focus=true#step:5:15)36000; includeSubdomains; preload',
'transfer-encoding': 'chunked',
vary: 'Accept-Encoding, Accept, X-Requested-With',
'x-content-type-options': 'nosniff',
'x-frame-options': 'deny',
'x-github-media-type': 'github.v3; format=json',
'x-github-request-id': '0500:7059:2C7BF3:864B12:62836F65',
'x-ratelimit-limit': '15000',
'x-ratelimit-remaining': '14975',
'x-ratelimit-reset': '[16](https://github.com/*****/*****/runs/6468240677?check_suite_focus=true#step:5:16)52782854',
'x-ratelimit-resource': 'core',
'x-ratelimit-used': '25',
'x-xss-protection': '0'
},
request: {
method: 'GET',
url: 'https://api.github.com/repos/*****/*****/actions/runs/2337759378?exclude_pull_requests=true',
headers: {
accept: 'application/vnd.github.v3+json',
'user-agent': 'CodeQL-Action/1.1.10 octokit-core.js/3.1.2 Node.js/12.[22](https://github.com/*****/*****/runs/6468240677?check_suite_focus=true#step:5:22).7 (linux; x64)',
authorization: 'token [REDACTED]'
},
request: { agent: [Agent], hook: [Function: bound bound register] }
},
documentation_url: 'https://docs.github.com/rest/reference/actions#get-a-workflow-run'
}
When you get that error message, it's usually because your permissions block is incorrect.
I see you have permissions: write-all, which should work. However, this is actually a little overly broad. Here is our suggestion (from the README.md in this repo):
permissions:
# required for all workflows
security-events: write
# only required for workflows in private repositories
actions: read
contents: read
I recommend that you check your security permissions block.
What am I missing guys? status 422
Uploading results
Processing sarif files: ["results.sarif"]
Uploading results
Error: Invalid request.
1 item required; only 0 were supplied.
RequestError [HttpError]: Invalid request.
1 item required; only 0 were supplied.
at /home/runner/work/_actions/github/codeql-action/v2/node_modules/@octokit/request/dist-node/index.js:66:23
at processTicksAndRejections (node:internal/process/task_queues:96:5)
at async Job.doExecute (/home/runner/work/_actions/github/codeql-action/v2/node_modules/bottleneck/light.js:405:[18](https://github.com/AntonioFalcaoJr/EDA.CleanArch.DDD.CQRS.EventSourcing/actions/runs/3178322226/jobs/5179712521#step:5:19)) {
status: 422,
headers: {
'access-control-allow-origin': '*',
'access-control-expose-headers': 'ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset',
connection: 'close',
'content-length': '123',
'content-security-policy': "default-src 'none'",
'content-type': 'application/json; charset=utf-8',
date: 'Mon, 03 Oct [20](https://github.com/AntonioFalcaoJr/EDA.CleanArch.DDD.CQRS.EventSourcing/actions/runs/3178322226/jobs/5179712521#step:5:21)[22](https://github.com/AntonioFalcaoJr/EDA.CleanArch.DDD.CQRS.EventSourcing/actions/runs/3178322226/jobs/5179712521#step:5:23) [23](https://github.com/AntonioFalcaoJr/EDA.CleanArch.DDD.CQRS.EventSourcing/actions/runs/3178322226/jobs/5179712521#step:5:24):55:08 GMT',
'referrer-policy': 'origin-when-cross-origin, strict-origin-when-cross-origin',
server: 'GitHub.com',
'strict-transport-security': 'max-age=31536000; includeSubdomains; preload',
vary: 'Accept-Encoding, Accept, X-Requested-With',
'x-content-type-options': 'nosniff',
'x-frame-options': 'deny',
'x-github-media-type': 'github.v3; format=json',
'x-github-request-id': '05C7:0DC0:958E6A:9A3278:633B765C',
'x-ratelimit-limit': '1000',
'x-ratelimit-remaining': '997',
'x-ratelimit-reset': '1664844158',
'x-ratelimit-resource': 'code_scanning_upload',
'x-ratelimit-used': '3',
'x-xss-protection': '0'
},
request: {
method: 'PUT',
url: 'https://api.github.com/repos/AntonioFalcaoJr/EDA.CleanArch.DDD.CQRS.EventSourcing/code-scanning/analysis',
headers: {
accept: 'application/vnd.github.v3+json',
'user-agent': 'CodeQL-Action/2.1.26 octokit-core.js/3.1.2 Node.js/16.13.0 (linux; x64)',
authorization: 'token [REDACTED]',
'content-type': 'application/json; charset=utf-8'
},
body: '{"commit_oid":"eb7aa[25](https://github.com/AntonioFalcaoJr/EDA.CleanArch.DDD.CQRS.EventSourcing/actions/runs/3178322226/jobs/5179712521#step:5:26)927e73cef181b5cc85ce699f4604d49cf","ref":"refs/heads/improvment/responsibilities-split","analysis_key":".github/workflows/account.yaml:analyze","analysis_name":"Account","sarif":"H4sIAAAAAAAAA6tWKkstKs7Mz1OyUjLSM9QzUNJRKirNK1ayio6tBQBSlZKzHQAAAA==","workflow_run_id":31783222[26](https://github.com/AntonioFalcaoJr/EDA.CleanArch.DDD.CQRS.EventSourcing/actions/runs/3178322226/jobs/5179712521#step:5:27),"checkout_uri":"file:///home/runner/work/EDA.CleanArch.DDD.CQRS.EventSourcing/EDA.CleanArch.DDD.CQRS.EventSourcing","environment":"null","started_at":"2022-10-03T23:[55](https://github.com/AntonioFalcaoJr/EDA.CleanArch.DDD.CQRS.EventSourcing/actions/runs/3178322226/jobs/5179712521#step:5:56):06.980Z","tool_names":[]}',
request: { agent: [Agent], hook: [Function: bound bound register] }
},
documentation_url: 'https://docs.github.com/rest'
}
The 422 error typically means that the sarif file you are uploading is syntactically correct, but semantically malformed. I would recommend that you add a new step to your workflow that simply runs cat on the results file. Take a look at the contents and feel free to paste them here as a comment. My guess is that codacy is creating a sarif file that is missing some crucial information.
I've got the same issue, I just use the default action created by the template:
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# ESLint is a tool for identifying and reporting on patterns
# found in ECMAScript/JavaScript code.
# More details at https://github.com/eslint/eslint
# and https://eslint.org
name: ESLint
on:
push:
branches: [ "main" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main" ]
schedule:
- cron: '26 23 * * 0'
jobs:
eslint:
name: Run eslint scanning
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install ESLint
run: |
npm install [email protected]
npm install @microsoft/[email protected]
- name: Run ESLint
run: npx eslint .
--config .eslintrc.js
--ext .js,.jsx,.ts,.tsx
--format @microsoft/eslint-formatter-sarif
--output-file eslint-results.sarif
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: eslint-results.sarif
wait-for-processing: true
```
It's hard to tell what is going on here without more information. Can you insert a step like this, between the run and upload steps:
- run: |
cat eslint-results.sarif
And paste or attach the contents of the file? Also, include the complete error message produced by your workflow run.
Same issue after yarn upgrade!
{
"property": "instance.runs[0].results[4].suppressions",
"message": "contains duplicate item",
"schema": {
"description": "A set of suppressions relevant to this result.",
"type": "array",
"minItems": 0,
"uniqueItems": true,
"items": {
"$ref": "#/definitions/suppression"
}
},
"instance": [
{
"kind": "inSource",
"justification": ""
},
{
"kind": "inSource",
"justification": ""
}
],
"name": "uniqueItems",
"stack": "instance.runs[0].results[4].suppressions contains duplicate item"
}
Error: Unable to upload "eslint-results.sarif" as it is not valid SARIF:
It's hard to tell what is going on here without more information. Can you insert a step like this, between the
runanduploadsteps:- run: | cat eslint-results.sarifAnd paste or attach the contents of the file? Also, include the complete error message produced by your workflow run.
I did and got the error message:
cat: eslint-results.sarif: No such file or directory
Error: Process completed with exit code 1.```
hmmm...not sure why the sarif is not able to be found. Can you try running the npx eslint command from your workflow locally and attaching the sarif that gets produced? There is something in that file that code scanning is not able to process.
Hey guys, I got the same issue using the default eslint action, but I got a similar error:
Error: Path does not exist: eslint-results.sarif
Error: Path does not exist: eslint-results.sarif
at getSarifFilePaths (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-lib.js:137:15)
at Object.uploadFromActions (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-lib.js:132:30)
at run (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:46:47)
at async runWrapper (/home/runner/work/_actions/github/codeql-action/v2/lib/upload-sarif-action.js:68:[9](https://github.com/Letgamer/homepage-letnet.cc/actions/runs/3670652566/jobs/6205336441#step:5:10))
This is the eslint.yml:
jobs:
eslint:
name: Run eslint scanning
runs-on: ubuntu-latest
permissions:
contents: read
security-events: write
actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install ESLint
run: |
npm install [email protected]
npm install @microsoft/[email protected]
- name: Run ESLint
run: npx eslint .
--config .eslintrc.js
--ext .js,.jsx,.ts,.tsx
--format @microsoft/eslint-formatter-sarif
--output-file eslint-results.sarif
continue-on-error: true
- name: Upload analysis results to GitHub
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: eslint-results.sarif
wait-for-processing: true
@Letgamer, please make sure that the sarif file is actually being generated. See my comment above on how you can do that. https://github.com/github/codeql-action/issues/1061#issuecomment-1268507384. If the file is not being generated, then that is probably something with @microsoft/eslint-formatter-sarif.
Same as @Letgamer. This below error log happened for a NodeJS project. Sad, but intriguing:
> Run cat eslint-results.sarif
cat: eslint-results.sarif: No such file or directory
I ended up running the required command on Linus terminal. I discovered the following facts:
- File
.eslintrcMUST be CommonJS i.e..cjs. It means, its content is the classicalmodule.exports = {key: "value"}; - For a javascript project, the package
@microsoft/eslint-formatter-sarifis required. It means, run the commandnpm i --save-dev @microsoft/eslint-formatter-sarif.
hi,
I want to add my error message, as I am not sure to open an extra issue for it.
Processing sarif files: ["results.sarif"]
Error: Unexpected token g in JSON at position 0
SyntaxError: Unexpected token g in JSON at position 0
at JSON.parse (<anonymous>)
at validateSarifFileSchema (/home/runner/work/_actions/github/codeql-action/959cbb7472c4d4ad70cdfe6f4976053fe48ab394/lib/upload-lib.js:176:24)
at uploadFiles (/home/runner/work/_actions/github/codeql-action/959cbb7472c4d4ad70cdfe6f4976053fe48ab394/lib/upload-lib.js:238:9)
at Object.uploadFromActions (/home/runner/work/_actions/github/codeql-action/959cbb7472c4d4ad70cdfe6f4976053fe48ab394/lib/upload-lib.js:[13](https://github.com/SchwarzIT/node-red-chart/actions/runs/3742007683/jobs/6352371438#step:6:14)2:18)
at async run (/home/runner/work/_actions/github/codeql-action/959cbb7472c4d4ad70cdfe6f4976053fe48ab394/lib/upload-sarif-action.js:46:30)
at async runWrapper (/home/runner/work/_actions/github/codeql-action/959cbb7472c4d4ad70cdfe6f4976053fe48ab394/lib/upload-sarif-action.js:68:9)
The string Unexpected token g in JSON at position 0 appears twice on the error log. It means, there is some weird token at file results.sarif. I suggest you to generate it locally and see the file content.
A wild error log appears:
Error: Unable to upload "eslint-results.sarif" as it is not valid SARIF:
- instance.runs[0].tool.driver.rules[10].helpUri does not conform to the "uri" format
Source: https://github.com/quivero/prego/actions/runs/3772750507/jobs/6413851058
You can see that the sarif file is invalid.
"helpUri": "Please see details in message",
There is not much we can do about this since it is a problem with @microsoft/eslint-formatter-sarif.
I gave up of this action and opted to use pre-commit actions. They are great!
I am going to close this issue since there are a number of different root causes and none seem to be directly with codeql-action.
If you are seeing something similar in the future, please open a new issue.
🖖 I managed to use pre-commit hooks and their ci bot. They are much better than this action...
Sure. I can offer you my pre-commit setup on repository in:
- Javascript:
/trouchet/sappio; - Python
/trouchet/appyand/quivero/eule
Take a look on respective yaml files. After pushing this file to (main|master) branch, do not forget to register the repository on CI engine: https://pre-commit.ci/