Merge pull request #40 from marcusburghardt/upload_duplicate_name

marcusburghardt · web-flow · commit 2b0fdb774058 · 2025-12-10T10:08:37.000+01:00
fix: duplicated names when uploading artifacts
diff --git a/.github/workflows/reusable_scheduled.yml b/.github/workflows/reusable_scheduled.yml
@@ -33,7 +33,7 @@ jobs:
       scan-args: "${{ inputs.scan-args }}"
       fail-on-vuln: true
       upload-sarif: true
-      results-file-name: osv-scanner-scheduled-results-${{ github.workflow }}-${{ github.job }}.sarif
+      results-file-name: osv-scanner-scheduled-results-${{ github.workflow_sha }}-${{ github.run_number }}.sarif
 
   call_reusable_security:
     name: OpenSSF Scorecards
diff --git a/.github/workflows/reusable_security.yml b/.github/workflows/reusable_security.yml
@@ -33,18 +33,18 @@ jobs:
       - name: "Run analysis"
         uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3
         with:
-          results_file: scorecard-results-${{ github.workflow }}-${{ github.job }}.sarif
+          results_file: scorecard-results-${{ github.workflow_sha }}-${{ github.run_number }}.sarif
           results_format: sarif
           publish_results: true
 
       - name: "Upload artifact"
         uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
         with:
-          name: SARIF file
-          path: scorecard-results-${{ github.workflow }}-${{ github.job }}.sarif
+          name: Scorecard SARIF file
+          path: scorecard-results-${{ github.workflow_sha }}-${{ github.run_number }}.sarif
           retention-days: 5
 
       - name: "Upload to code-scanning"
         uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7
         with:
-          sarif_file: scorecard-results-${{ github.workflow }}-${{ github.job }}.sarif
+          sarif_file: scorecard-results-${{ github.workflow_sha }}-${{ github.run_number }}.sarif
diff --git a/.github/workflows/reusable_vuln_scan.yml b/.github/workflows/reusable_vuln_scan.yml
@@ -33,4 +33,4 @@ jobs:
       scan-args: "${{ inputs.scan-args }}"
       fail-on-vuln: true
       upload-sarif: true
-      results-file-name: osv-scanner-pr-results-${{ github.workflow }}-${{ github.job }}.sarif
+      results-file-name: osv-scanner-pr-results-${{ github.workflow_sha }}-${{ github.run_number }}.sarif
