@samth I have a fix for this problem. Can submit a PR. The question is, has it ever worked? I don’t see any annotation on GitHub (https://github.com/racket/racket/security)
Also, I’m confused. The content of the SARIF files is in this format:
"artifacts": [
{
"length": 206345,
"location": {
"uri": "file:///__w/racket/racket/racket/src/zuo/zuo.c"
},
"mimeType": "text/plain",
"roles": [
"resultFile"
]
}
Does GitHub understand paths that start with __w
?
Another question: in the workflow, 3m and CS are built by building CGC first, and then use --enable-racket=/usr/bin/racket
. Is it actually worth it compared to building the variants directly right away?
It does work you just can’t see the results because it’s “security”
I think it saves a bit of time
Ah, right.
I think the file path I mentioned above is an issue. In my local repo, this is what I see
Looks like file:///__w/racket/racket/
should be stripped away
which is weird because it used to work last year