@@ -48,30 +48,23 @@ jobs:
4848 gh-code-scanning-compat : true
4949 max-allowed-issues : 2147483647
5050
51- # 3️⃣ Extract only the first SARIF run to avoid duplicates
52- - name : Extract first SARIF run
53- run : |
54- jq '{version: .version, "$schema": ."$schema", runs: [ .runs[0] ]}' results.sarif > filtered.sarif
55-
56- # 4️⃣ Upload just that single-run SARIF
51+ # 3️⃣ Split and upload each SARIF run
5752 - name : Split and upload each SARIF run
5853 run : |
5954 count=$(jq '.runs | length' results.sarif)
6055 for i in $(seq 0 $((count-1))); do
6156 jq --argjson idx $i \
6257 '{version: .version, "$schema": ."$schema", runs: [ .runs[$idx] ]}' \
6358 results.sarif > run_${i}.sarif
64-
65- # gzip and base64 encode
66- gzip -c run_${i}.sarif | base64 -w 0 > run_${i}.sarif.b64
67-
68- # Read encoded content into variable
69- b64_sarif=$(cat run_${i}.sarif.b64)
70-
71- gh api repos/${{ github.repository }}/code-scanning/sarifs \
72- -f commit_sha=${{ github.sha }} \
73- -f ref=${{ github.ref }} \
74- -f sarif="$b64_sarif"
59+
60+ # Build a valid JSON payload and pipe directly into gh api
61+ gzip -c run_${i}.sarif | base64 -w 0 | \
62+ jq -Rs \
63+ --arg commit_sha "${{ github.sha }}" \
64+ --arg ref "${{ github.ref }}" \
65+ '{commit_sha: $commit_sha, ref: $ref, sarif: (. | rtrimstr("\n"))}' | \
66+ gh api repos/${{ github.repository }}/code-scanning/sarifs \
67+ --input -
7568 done
7669env :
7770 GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
![gstraccini[bot]](https://avatars.githubusercontent.com/in/480132?v=4&size=40){kind=avatar}
0 commit comments