Update action to also run outside dfetch repo and pins deps#816
Merged
Update action to also run outside dfetch repo and pins deps#816
Conversation
![korbit-ai[bot]](https://avatars.githubusercontent.com/in/322216?s=60&v=4){kind=small}
There was a problem hiding this comment.
Review by Korbit AI
Korbit automatically attempts to detect when you fix issues in new commits.
| Category | Issue | Status |
|---|---|---|
 |
Invalid local action reference in workflow example ▹ view | ✅ Fix detected |
Files scanned
| File Path | Reviewed |
|---|---|
| dfetch/reporting/check/sarif_reporter.py | ✅ |
Explore our documentation to understand the languages and file types we support and the files we ignore.
Check out our docs on how you can make Korbit work best for you and your team.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description by Korbit AI
What change is being made?
Enable the action to run dfetch checks outside the dfetch repository by installing dfetch from GitHub when not in the dfetch repo, pin dependencies and update SARIF upload flow to use a DFETCH action, including permissions adjustments.
Why are these changes being made?
To allow running dfetch checks from any repo (not just within dfetch), ensure stable dependency pins, and integrate SARIF reporting via the dfetch action with appropriate permissions.