Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error: Input required and not supplied: sarif-id #118

Open
amotl opened this issue Nov 14, 2024 · 2 comments
Open

Error: Input required and not supplied: sarif-id #118

amotl opened this issue Nov 14, 2024 · 2 comments

Comments

@amotl
Copy link

amotl commented Nov 14, 2024

Hi there, thanks a stack for conceiving this recipe. We observed a little problem we originally reported over here. Hereby, we are re-creating it as a dedicated issue, as we believe it makes sense instead of hijacking the other conversation.

We are trying here to introduce inline admonition suppressions (through a PR), and would like to see exactly the behaviour as described by @aibaars at github/codeql#11427 (comment), even if it might not be perfect for some.

Now, when trying to let advanced-security/dismiss-alerts run on any branch by removing the if: github.ref == 'refs/heads/main' constraint, the CI workflow trips.

Error: Input required and not supplied: sarif-id

-- https://github.com/crate/crate-python/actions/runs/11827873067/job/32956862592?pr=676

@aibaars
Copy link
Collaborator

aibaars commented Nov 14, 2024

You were missing the id: analyze property in the analyze step, otherwise the steps.analyze.output references cannot be resolved.

@aibaars
Copy link
Collaborator

aibaars commented Nov 14, 2024

We are trying here to introduce inline admonition suppressions (through a PR), and would like to see exactly the behaviour as described by @aibaars at github/codeql#11427 (comment), even if it might not be perfect for some.

The reason for the if: github.ref == 'refs/heads/main' constraint is that otherwise a pull request with a suppression annotation will dismiss the alert on all branches and pull requests, even if the pull request is not merged. I'd expect subsequent analysis runs on any other branches or pull requests to re-open the alert again, so the behaviour is likely to be really annoying an confusing.

That said, go ahead and try for yourself. If the volume of changes to the repository is low it might actually work out fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants