Quick investigation for issue: ossf/scorecard#1580
Areas that I need investigate
- Why does CodeQL Run scan an unrelated PR that isn't associated with the head commit that triggered it?
- Does running CodeQL within PR events correct the Slug value?
- Do we have the same issue with Sonar?
- Commit Ref
- Respective CodeQL Run
- Inspect Check Runs for commit
gh api \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
--jq '[.check_runs[] | {name: .name, slug: .app.slug}]' \
/repos/aws-powertools/powertools-lambda-python/commits/1d53b840777ee1dddc70ea1f9e9de95c67f37d93/check-runs- Commit Ref
- Respective CodeQL run
- Inspect Check Runs for commit
gh api \
-H "Accept: application/vnd.github+json" \
-H "X-GitHub-Api-Version: 2022-11-28" \
--jq '[.check_runs[] | {name: .name, slug: .app.slug}]' \
/repos/aws-powertools/powertools-lambda-python/commits/ec9c45148a4228ddfb4717259246881c35d7261e/check-runs- Expected slug:
github-code-scanning - Actual slug:
github-actions
CodeQL run slug shows as github-actions which would fail this logic and not count the commit - valid values
{
"id": 14848337843,
"name": "Analyze",
"node_id": "CR_kwDODTo4k88AAAADdQensw",
"head_sha": "ec9c45148a4228ddfb4717259246881c35d7261e",
"external_id": "b9afb22f-0837-5d02-bc24-6c30aee08bcf",
"url": "https://api.github.com/repos/aws-powertools/powertools-lambda-python/check-runs/14848337843",
"html_url": "https://github.com/aws-powertools/powertools-lambda-python/actions/runs/5482980956/jobs/9988864866",
"details_url": "https://github.com/aws-powertools/powertools-lambda-python/actions/runs/5482980956/jobs/9988864866",
"status": "completed",
"conclusion": "success",
"started_at": "2023-07-07T05:09:37Z",
"completed_at": "2023-07-07T05:43:05Z",
"output": {
"title": null,
"summary": null,
"text": null,
"annotations_count": 0,
"annotations_url": "https://api.github.com/repos/aws-powertools/powertools-lambda-python/check-runs/14848337843/annotations"
},
"check_suite": {
"id": 14124947525
},
"app": {
"id": 15368,
"slug": "github-actions",
"node_id": "MDM6QXBwMTUzNjg=",
"owner": {
"login": "github",
"id": 9919,
"node_id": "MDEyOk9yZ2FuaXphdGlvbjk5MTk=",
"avatar_url": "https://avatars.githubusercontent.com/u/9919?v=4",
"gravatar_id": "",
"url": "https://api.github.com/users/github",
"html_url": "https://github.com/github",
"followers_url": "https://api.github.com/users/github/followers",
"following_url": "https://api.github.com/users/github/following{/other_user}",
"gists_url": "https://api.github.com/users/github/gists{/gist_id}",
"starred_url": "https://api.github.com/users/github/starred{/owner}{/repo}",
"subscriptions_url": "https://api.github.com/users/github/subscriptions",
"organizations_url": "https://api.github.com/users/github/orgs",
"repos_url": "https://api.github.com/users/github/repos",
"events_url": "https://api.github.com/users/github/events{/privacy}",
"received_events_url": "https://api.github.com/users/github/received_events",
"type": "Organization",
"site_admin": false
},
"name": "GitHub Actions",
"description": "Automate your workflow from idea to production",
"external_url": "https://help.github.com/en/actions",
"html_url": "https://github.com/apps/github-actions",
"created_at": "2018-07-30T09:30:17Z",
"updated_at": "2019-12-10T19:04:12Z",
"permissions": {
"actions": "write",
"administration": "read",
"checks": "write",
"contents": "write",
"deployments": "write",
"discussions": "write",
"issues": "write",
"merge_queues": "write",
"metadata": "read",
"packages": "write",
"pages": "write",
"pull_requests": "write",
"repository_hooks": "write",
"repository_projects": "write",
"security_events": "write",
"statuses": "write",
"vulnerability_alerts": "read"
},
"events": [
"branch_protection_rule",
"check_run",
"check_suite",
"create",
"delete",
"deployment",
"deployment_status",
"discussion",
"discussion_comment",
"fork",
"gollum",
"issues",
"issue_comment",
"label",
"merge_group",
"milestone",
"page_build",
"project",
"project_card",
"project_column",
"public",
"pull_request",
"pull_request_review",
"pull_request_review_comment",
"push",
"registry_package",
"release",
"repository",
"repository_dispatch",
"status",
"watch",
"workflow_dispatch",
"workflow_run"
]
},
"pull_requests": [
{
"url": "https://api.github.com/repos/Pandinosaurus/aws-lambda-powertools-python/pulls/1",
"id": 1323586820,
"number": 1,
"head": {
"ref": "develop",
"sha": "50949b2d0af3933e88fb6f8623926edab7a39ee1",
"repo": {
"id": 221919379,
"url": "https://api.github.com/repos/aws-powertools/powertools-lambda-python",
"name": "powertools-lambda-python"
}
},
"base": {
"ref": "develop",
"sha": "0c16011a1c0486d3a9fcff16c283e465b0f3ffcd",
"repo": {
"id": 630920868,
"url": "https://api.github.com/repos/Pandinosaurus/aws-lambda-powertools-python",
"name": "aws-lambda-powertools-python"
}
}
},
{
"url": "https://api.github.com/repos/pecigonzalo/aws-lambda-powertools-python/pulls/29",
"id": 995612880,
"number": 29,
"head": {
"ref": "develop",
"sha": "50949b2d0af3933e88fb6f8623926edab7a39ee1",
"repo": {
"id": 221919379,
"url": "https://api.github.com/repos/aws-powertools/powertools-lambda-python",
"name": "powertools-lambda-python"
}
},
"base": {
"ref": "develop",
"sha": "6e37fcefdf239ea15d955c42d29209dcfb25eac7",
"repo": {
"id": 410796572,
"url": "https://api.github.com/repos/pecigonzalo/aws-lambda-powertools-python",
"name": "aws-lambda-powertools-python"
}
}
}
]
}