[go: nahoru, domu]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ridiculous low limit on SARIF “runs” #1488

Open
mirabilos opened this issue Jan 18, 2023 · 3 comments
Open

Ridiculous low limit on SARIF “runs” #1488

mirabilos opened this issue Jan 18, 2023 · 3 comments

Comments

@mirabilos
Copy link

Unfortunately, this is a showstopper for using the Codacy tool, which runs a plethora of scanners, each of which reports individually:

codacy/codacy-analysis-cli-action#95

None of the discussed workarounds are usable: the one from #1381 fails here because the merge command actually splits up runs; it also removes some so it works-ish for now, but it has the same problems as the other workaround I added: using jq to remove runs with empty results from the SARIF file. This cannot be used because then, the old reports that are now fixed never go away.
@aeisenberg
Copy link
Contributor

Thank you for your inquiry. We had a discussion internally and determined that it is safe to bump the limit to 20 runs. This change will be rolling out in the near future. Please keep an eye on CHANGELOG.md.

@mirabilos
Copy link
Author
mirabilos commented Jan 19, 2023 via email

@jwgmeligmeyling
Copy link

Great to see the limit increased, but its still too low. For us the limit of 20 is actually a dealbreaker as well. And my company is not alone. And after some Googling, I found folks that were much more patient than I am even split their pipeline up into an entire matrix of chunks to work around the same limitation: https://github.com/vmware-tanzu/community-edition/actions/runs/2253393437/workflow .

Monorepos are a thing and 20 is just too limited. And it's also just a very unnecessary constraint. It isn't actually considering the number of violations inside the check run or the file size or any meaningful metric that actually affects the “complexity” or “processing time”. It seems a typical case of premature optimization.

So far my support tickets and talks to my solutions engineer/sales rep have not been particularly fruitful. I know this is just the issue tracker for the action and not the backend, but hopefully we can get this constraint lifted one day.

@aliscco aliscco mentioned this issue Apr 28, 2023
Open
phw added a commit to metabrainz/picard that referenced this issue Dec 19, 2023
@phw
CI: Run codacy without SARIF upload
a262565 
Prevents issues with SARIF limit on codeql,
see github/codeql-action#1488
phw added a commit to metabrainz/picard that referenced this issue Dec 19, 2023
@phw
CI: Run codacy without SARIF upload
5fa229f 
Prevents issues with SARIF limit on codeql,
see github/codeql-action#1488
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@aeisenberg @mirabilos @jwgmeligmeyling