Use artifact scanner in debug artifacts PR checks

2025-12-30 11:10:22 +08:00 · 2025-12-17 10:25:47 +00:00
parent 5459b98ca0
commit f28848a66a
7 changed files with 2828 additions and 2193 deletions
--- a/.github/workflows/debug-artifacts-safe.yml
+++ b/.github/workflows/debug-artifacts-safe.yml
@@ -67,6 +67,14 @@ jobs:
        run: ./build.sh
      - uses: ./../action/analyze
        id: analysis
+      - name: Verify artifact scan ran
+        shell: bash
+        run: |
+          if [[ "$CODEQL_ACTION_ARTIFACT_SCAN_FINISHED" != "true" ]]; then
+            echo "Error: Best effort artifact scan did not run"
+            exit 1
+          fi
+          echo "✓ Best effort artifact scan completed successfully"
  download-and-check-artifacts:
    name: Download and check debug artifacts
    if: github.triggering_actor != 'dependabot[bot]'