From 1cd6a7d0d96e17dfdfc76d6414cbed8e1b6ddd5e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 21 May 2026 20:17:46 +0000 Subject: [PATCH 1/4] Initial plan From 002e505b35d5d1170a24654ec6ee8822b1a97a81 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 21 May 2026 20:19:35 +0000 Subject: [PATCH 2/4] feat: add opt-out for SARIF upload step Agent-Logs-Url: https://github.com/JetBrains/ReSharper-InspectCode/sessions/a21d53c4-a469-4db5-95bf-0e262ec22acb Co-authored-by: derigel23 <175250+derigel23@users.noreply.github.com> --- .github/workflows/action-ci.yml | 9 +++++---- README.md | 4 ++++ action.yml | 5 ++++- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/.github/workflows/action-ci.yml b/.github/workflows/action-ci.yml index 88e1932..6f4c928 100644 --- a/.github/workflows/action-ci.yml +++ b/.github/workflows/action-ci.yml @@ -20,11 +20,12 @@ jobs: uses: ./ with: help: "True" - format: "Text" - output: "inspectcode.txt" + format: "Sarif" + output: "inspectcode.sarif.json" + upload-sarif: "False" - name: Validate action outputs shell: bash run: | - test "${{ steps.inspectcode.outputs.report-file }}" = "inspectcode.txt" - test "${{ steps.inspectcode.outputs.report-format }}" = "Text" + test "${{ steps.inspectcode.outputs.report-file }}" = "inspectcode.sarif.json" + test "${{ steps.inspectcode.outputs.report-format }}" = "Sarif" diff --git a/README.md b/README.md index eb2ac2e..7afa68b 100644 --- a/README.md +++ b/README.md @@ -31,11 +31,14 @@ jobs: uses: JetBrains/ReSharper-InspectCode@v0.13 with: solution: ./YourSolution.sln + upload-sarif: false permissions: security-events: write ``` +When `upload-sarif: false` is used, `security-events: write` permission is not required. + ## Configuration Use [`with`](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepswith) to define any action parameters: @@ -49,6 +52,7 @@ You can use GitHub Workflow editor to get a list of all supported inputs with de |`settings` |Path to the file to use custom settings from (default: Use R#'s solution shared settings if exists) | | |`output` |Write inspections report to specified file |results.sarif.json| |`format` |Write inspections report in specified format [Xml, Html, Text, Sarif] |Sarif | +|`upload-sarif` |Upload SARIF report to GitHub code scanning |True | |`jobs` |Run up to N jobs in parallel. 0 means as many as possible |0 | |`absolute-paths` |Use absolute paths in inspections report |False | |`no-swea` |Force disable solution-wide analysis |False | diff --git a/action.yml b/action.yml index c27b834..b5f99ce 100644 --- a/action.yml +++ b/action.yml @@ -10,6 +10,9 @@ inputs: format: description: Write inspections report in specified format [Xml, Html, Text, Sarif] default: "Sarif" + upload-sarif: + description: Upload SARIF report to GitHub code scanning + default: "True" jobs: description: Run up to N jobs in parallel. 0 means as many as possible default: "0" @@ -168,7 +171,7 @@ runs: "report-file=${{ inputs.output }}" >> $env:GITHUB_OUTPUT "report-format=${{ inputs.format }}" >> $env:GITHUB_OUTPUT - name: Upload SARIF file - if: inputs.format == 'Sarif' + if: inputs.format == 'Sarif' && inputs.upload-sarif == 'True' uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4 with: sarif_file: ${{ inputs.output }} From 96ec1c0eef5ed95e0f8d6c45a5b003410f1aa0d1 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 21 May 2026 20:20:27 +0000 Subject: [PATCH 3/4] chore: make upload-sarif boolean handling more robust Agent-Logs-Url: https://github.com/JetBrains/ReSharper-InspectCode/sessions/a21d53c4-a469-4db5-95bf-0e262ec22acb Co-authored-by: derigel23 <175250+derigel23@users.noreply.github.com> --- .github/workflows/action-ci.yml | 2 +- README.md | 2 +- action.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/action-ci.yml b/.github/workflows/action-ci.yml index 6f4c928..672bccd 100644 --- a/.github/workflows/action-ci.yml +++ b/.github/workflows/action-ci.yml @@ -22,7 +22,7 @@ jobs: help: "True" format: "Sarif" output: "inspectcode.sarif.json" - upload-sarif: "False" + upload-sarif: "false" - name: Validate action outputs shell: bash diff --git a/README.md b/README.md index 7afa68b..a843c22 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,7 @@ You can use GitHub Workflow editor to get a list of all supported inputs with de |`settings` |Path to the file to use custom settings from (default: Use R#'s solution shared settings if exists) | | |`output` |Write inspections report to specified file |results.sarif.json| |`format` |Write inspections report in specified format [Xml, Html, Text, Sarif] |Sarif | -|`upload-sarif` |Upload SARIF report to GitHub code scanning |True | +|`upload-sarif` |Upload SARIF report to GitHub code scanning |true | |`jobs` |Run up to N jobs in parallel. 0 means as many as possible |0 | |`absolute-paths` |Use absolute paths in inspections report |False | |`no-swea` |Force disable solution-wide analysis |False | diff --git a/action.yml b/action.yml index b5f99ce..0d045cc 100644 --- a/action.yml +++ b/action.yml @@ -12,7 +12,7 @@ inputs: default: "Sarif" upload-sarif: description: Upload SARIF report to GitHub code scanning - default: "True" + default: "true" jobs: description: Run up to N jobs in parallel. 0 means as many as possible default: "0" @@ -171,7 +171,7 @@ runs: "report-file=${{ inputs.output }}" >> $env:GITHUB_OUTPUT "report-format=${{ inputs.format }}" >> $env:GITHUB_OUTPUT - name: Upload SARIF file - if: inputs.format == 'Sarif' && inputs.upload-sarif == 'True' + if: inputs.format == 'Sarif' && (inputs.upload-sarif == 'true' || inputs.upload-sarif == 'True') uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4 with: sarif_file: ${{ inputs.output }} From 19aa1d67dd864c0e9a1ea6365e469ed22bf5ef35 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 21 May 2026 20:21:06 +0000 Subject: [PATCH 4/4] docs: clarify upload-sarif true false values Agent-Logs-Url: https://github.com/JetBrains/ReSharper-InspectCode/sessions/a21d53c4-a469-4db5-95bf-0e262ec22acb Co-authored-by: derigel23 <175250+derigel23@users.noreply.github.com> --- README.md | 2 +- action.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index a843c22..18aff8a 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,7 @@ You can use GitHub Workflow editor to get a list of all supported inputs with de |`settings` |Path to the file to use custom settings from (default: Use R#'s solution shared settings if exists) | | |`output` |Write inspections report to specified file |results.sarif.json| |`format` |Write inspections report in specified format [Xml, Html, Text, Sarif] |Sarif | -|`upload-sarif` |Upload SARIF report to GitHub code scanning |true | +|`upload-sarif` |Upload SARIF report to GitHub code scanning (`true`/`false`) |true | |`jobs` |Run up to N jobs in parallel. 0 means as many as possible |0 | |`absolute-paths` |Use absolute paths in inspections report |False | |`no-swea` |Force disable solution-wide analysis |False | diff --git a/action.yml b/action.yml index 0d045cc..7302f44 100644 --- a/action.yml +++ b/action.yml @@ -171,7 +171,7 @@ runs: "report-file=${{ inputs.output }}" >> $env:GITHUB_OUTPUT "report-format=${{ inputs.format }}" >> $env:GITHUB_OUTPUT - name: Upload SARIF file - if: inputs.format == 'Sarif' && (inputs.upload-sarif == 'true' || inputs.upload-sarif == 'True') + if: inputs.format == 'Sarif' && inputs.upload-sarif == 'true' uses: github/codeql-action/upload-sarif@95e58e9a2cdfd71adc6e0353d5c52f41a045d225 # v4 with: sarif_file: ${{ inputs.output }}