From fc1b8ef429d5ff88d69265b16fa0bfa0ccd9b59c Mon Sep 17 00:00:00 2001 From: william brady Date: Mon, 12 Jan 2026 02:42:13 -0500 Subject: [PATCH 1/2] fix: set permissions on report directory for artifact upload Docker container runs as root, creating reports owned by root. GitHub runner user needs read access for artifact upload step. Add chmod to make reports readable after generation. --- entrypoint.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/entrypoint.sh b/entrypoint.sh index 5c20d76..59d07af 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -375,6 +375,13 @@ echo "Total Findings: $TOTAL" echo "Exit Code: $EXIT_CODE" echo "" +# Fix permissions on report directory so GitHub runner can read the files +# Docker container runs as root, but runner user needs access for artifact upload +if [[ -d "$REPORT_DIR" ]]; then + chmod -R 755 "$REPORT_DIR" 2>/dev/null || true + chmod 644 "$REPORT_DIR"/* 2>/dev/null || true +fi + # If we used fallback report directory, try to copy reports to workspace if [[ "${FALLBACK_REPORT_DIR:-}" == "true" ]]; then WORKSPACE_REPORT_DIR="${GITHUB_WORKSPACE}/.sdlc-code-scanner-reports" From 3051ffbcda120db47ea038024493fc243abe8ec0 Mon Sep 17 00:00:00 2001 From: william brady Date: Mon, 12 Jan 2026 02:50:34 -0500 Subject: [PATCH 2/2] fix: use find to set permissions correctly on dirs and files --- entrypoint.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/entrypoint.sh b/entrypoint.sh index 59d07af..c026053 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -378,8 +378,8 @@ echo "" # Fix permissions on report directory so GitHub runner can read the files # Docker container runs as root, but runner user needs access for artifact upload if [[ -d "$REPORT_DIR" ]]; then - chmod -R 755 "$REPORT_DIR" 2>/dev/null || true - chmod 644 "$REPORT_DIR"/* 2>/dev/null || true + find "$REPORT_DIR" -type d -exec chmod 755 {} + 2>/dev/null || true + find "$REPORT_DIR" -type f -exec chmod 644 {} + 2>/dev/null || true fi # If we used fallback report directory, try to copy reports to workspace