fix(workflow): repair CodeQL run lookup in advisory poller#260
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
User description
Summary
Why
Recent scheduled Poll NVD CVEs runs create/update the automated advisory PR, then fail because gh run list treats --arg as an unknown gh flag. That leaves advisory updates in PR #257 instead of cleanly completing the workflow.
Validation
Generated description
Below is a concise technical summary of the changes proposed in this PR:
Correct the poll-nvd-cves workflow's CodeQL wait step to pipe
gh run listJSON intojq -r --argfilters so dispatch-time and head SHA checks run without passing jq flags togh. Add regression assertions in the NVD GHSA consolidation tests to ban--jq --argusage and require the expectedjq -r --argfiltering pattern for the CodeQL run lookup.gh run listJSON output throughjq -r --argfilters to maintain the existing dispatch-time and head SHA selection without passing jq flags togh.Modified files (1)
Latest Contributors(2)
--jq --argusage and verify the newjq -r --argfiltering pattern for the CodeQL run lookup.Modified files (1)
Latest Contributors(2)