Build failed with upgrade to v6.0.0 of anchore/scan-action

[vlo-rte]

Since the upgrade of anchore/scan-action to v6.0.0, my task "github/codeql-action/upload-sarif" is failing.
The code for upload-sarif is :

- name: Upload Anchore Scan Report for xxx
      uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
      with:
        sarif_file: results.sarif
        category: consultation

The error I get is :

Error: Path does not exist: results.sarif

Do you have an idea where the problem is please ?

[kzantow]

Hi @vlo-rte -- the action no longer generates files in your working directory by default, instead you should use the action outputs: ${{ steps.<id>.outputs.sarif }} where the <id> needs to match the id you configured to reference the scan-action, e.g.:

      - uses: anchore/scan-action@v6
        id: scan
        ...
      - uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: ${{ steps.scan.outputs.sarif }}

If you would prefer to continue generating a results.sarif in the working directory, you can configure the option using: output-file: results.sarif. In both cases, you should use the step outputs for SARIF uploads.