Skip to content

Use local upload-sarif Action in PR checks job#3953

Open
henrymercer wants to merge 1 commit into
mainfrom
henrymercer/local-action
Open

Use local upload-sarif Action in PR checks job#3953
henrymercer wants to merge 1 commit into
mainfrom
henrymercer/local-action

Conversation

@henrymercer
Copy link
Copy Markdown
Contributor

@henrymercer henrymercer commented Jun 4, 2026

Use the local upload-sarif Action in PR checks job instead of referencing v4. This reference otherwise interferes with repository rules about pinned Actions.

Risk assessment

For internal use only. Please select the risk level of this change:

  • Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

Environments:

  • Testing/None - This change does not impact any CodeQL workflows in production.

How did/will you validate this change?

  • End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

  • Development/testing only - This change cannot cause any failures in production.

How will you know if something goes wrong after this change is released?

CI

Are there any special considerations for merging or releasing this change?

  • No special considerations - This change can be merged at any time.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding a changelog entry for this change.
  • Confirm the readme and docs have been updated if necessary.

@henrymercer henrymercer requested a review from a team as a code owner June 4, 2026 16:28
Copilot AI review requested due to automatic review settings June 4, 2026 16:28
@github-actions github-actions Bot added the size/XS Should be very easy to review label Jun 4, 2026
Copilot AI reviewed Jun 4, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the PR checks workflow to use the repository’s local upload-sarif Action rather than referencing github/codeql-action/upload-sarif@v4, aligning with repository rules that require pinned Actions and avoiding an unpinned major tag reference.

Changes:

  • Switch the Upload sarif step in the PR checks workflow to uses: ./upload-sarif.
Show a summary per file
File Description
.github/workflows/pr-checks.yml Uses the local upload-sarif Action for uploading ESLint SARIF results instead of @v4.

Copilot's findings

  • Files reviewed: 1/1 changed files
  • Comments generated: 0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

size/XS Should be very easy to review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@henrymercer