chore: Må legge til permission på alle workflows som skal bruke valideringen for å kunne laste opp sarif filen

torhakon · torhakon · commit 9ff62d6266fd · 2025-04-01T15:21:06.000+02:00
diff --git a/.github/workflows/buildAndPublish.yml b/.github/workflows/buildAndPublish.yml
@@ -22,6 +22,7 @@ jobs:
     uses: navikt/sf-platform/.github/workflows/ciStaticCodeValidation.yml@main
     permissions:
       contents: read
+      security-events: write
 
   detectPackageChanges:
     name: Detect Package Changes
diff --git a/.github/workflows/ciStaticCodeValidation.yml b/.github/workflows/ciStaticCodeValidation.yml
@@ -101,6 +101,7 @@ jobs:
 
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@7e3036b9cd87fc26dd06747b7aa4b96c27aaef3a
+        if: ${{ !cancelled() && steps.paths.outcome == 'success' && github.ref_name == 'main'  }}
         with:
           sarif_file: code-analyzer-report.sarif
           category: salesforce-code-analyzer
diff --git a/.github/workflows/on_push_main.yml b/.github/workflows/on_push_main.yml
@@ -13,6 +13,7 @@ jobs:
     permissions:
       contents: write
       packages: write
+      security-events: write
     secrets:
       SF_DEVHUB_URL: ${{ secrets.SF_DEVHUB_URL }}
   create_release:
diff --git a/.github/workflows/quickbuildOnPush.yml b/.github/workflows/quickbuildOnPush.yml
@@ -11,6 +11,7 @@ jobs:
     uses: navikt/sf-platform/.github/workflows/ciStaticCodeValidation.yml@main
     permissions:
       contents: read
+      security-events: write
 
   checkChanges:
     name: Check changes
diff --git a/.github/workflows/validatePackageChangesOnPr.yml b/.github/workflows/validatePackageChangesOnPr.yml
@@ -14,6 +14,7 @@ jobs:
     uses: navikt/sf-platform/.github/workflows/ciStaticCodeValidation.yml@main
     permissions:
       contents: read
+      security-events: write
 
   checkChanges:
     name: Check changes
