Josh Soref

icon company @GarnerCorp icon location Toronto icon location Wondering how I'm finding spelling errors / want to prevent new ones? https://check-spelling.dev

Results 1027 comments of Josh Soref

GITHUB_OUTPUT scope for custom actions seems not same as GH actions

Fwiw, here's a simple workflow run: https://github.com/check-spelling-sandbox/nektos-issue-action-outputs-1/actions/runs/8560809761/job/23460628099 ### `Run echo "$outputs"` #### GitHub ```json { "empty-action-output": "" } ``` #### Act ```json { "empty-action-output": "", "output3": "from-composite-step2" } ```

Scheduled build always running even if no change in filter path

I'd argue the best behavior would be since the last time the same workflow ran for the same event. So, if .github/workflows/test.yml ran for `on: schedule` 3 days ago and...

set-output deprecation warning

This was fixed in v2.11.1: https://github.com/dorny/paths-filter/blob/1441771bbfdd59dcd748680ee64ebd8faab1a242/CHANGELOG.md?plain=1#L7-L8

are there checksums (for releases) ?

The standard unix model is one signature per file, since it enables `wget $url{,.sig}`.

Improve broken security-events handling for private repositories without Advanced Security

Note: It'd be _vaguely_ useful if the runner didn't actually give out a token for `security-events` if it wasn't allowed to because there wasn't a license -- that'd at least...

codeql/upload-sarif@v2 or @main can't integrate on actions

You're almost certainly facing #2125. The extra point of https://github.com/github/codeql-action/issues/2125#issuecomment-1934888782 is beyond the scope of this repository, but if I were you and had the energy, I'd talk to support...

codeql/upload-sarif@v3 action failed: Resource not accessible by integration - missing `actions: read`

Oh. I bet I know what the problem is [check-spelling](https://github.com/check-spelling/check-spelling) has code for it: ![image](https://github.com/github/codeql-action/assets/2119212/5ea9c4cd-f3df-4796-a266-0c9120881006) [Check Spelling: .github/workflows/spelling.yml#L106](https://github.com/check-spelling-sandbox/private-sarif-0/commit/40db5c24a55cd78ca0a056289cabde78197390f7#annotation_17866294169) Unsupported configuration: use_sarif needs GitHub Advanced Security to be enabled - see...

codeql/upload-sarif@v3 action failed: Resource not accessible by integration - missing `actions: read`

Interesting... I don't suppose you could set up an empty repository (private, with advanced security) with https://github.com/check-spelling/spell-check-this/blob/main/.github/workflows/spelling.yml and see what it says?

codeql/upload-sarif@v3 action failed: Resource not accessible by integration - missing `actions: read`

The main difference between v2 and v3 is just the runtime (runs.using: node16 vs runs.using: node20) -- it isn't an API break in the normal sense. _I was wrong, the...

codeql/upload-sarif@v3 action failed: Resource not accessible by integration - missing `actions: read`

So, _some_ of the code paths are nice and will spit out a thing like: https://github.com/check-spelling-sandbox/codeql/actions/runs/7820458921/job/21335230410#step:19:29 > 'x-github-request-id': 'ED03:704C:2C73BEB:598E6DD:65C3E18D', The request id is (_in theory_) really helpful for doing things....