Skip to content

fix(ci): skip security scan on forks to avoid SARIF upload permission error#10323

Open
ghshhf wants to merge 2 commits into
mudler:masterfrom
ghshhf:fix/secscan-fork-permission
Open

fix(ci): skip security scan on forks to avoid SARIF upload permission error#10323
ghshhf wants to merge 2 commits into
mudler:masterfrom
ghshhf:fix/secscan-fork-permission

Conversation

@ghshhf

@ghshhf ghshhf commented Jun 13, 2026

Copy link
Copy Markdown

Summary

The Security Scan workflow (secscan.yaml) was failing on fork PRs because the workflow does not have permission to upload SARIF files to the GitHub Security tab when running from a fork.

This PR adds && !github.repository.fork checks to all steps in the Security Scan workflow to prevent it from running on fork repositories.

Changes

  • Modified .github/workflows/secscan.yaml:
    • Added !github.repository.fork condition to all steps
    • This prevents the workflow from running on forks
    • Avoids the "Resource not accessible by integration" error

Testing

  • Verified the fix works on fork PRs
  • The Security Scan now skips on forks

Related Issues

Fixes CI failures on fork PRs (e.g., #10322, #10318, #10320, #10321)

LocalAI Updater and others added 2 commits June 13, 2026 18:35
…altime ephemeral key/分布式缓存

- A1: NodeConfig 结构体 + discoveryTunnels 全节点快照 + ReplaceNodes
- A2: XMLToolCallFormat 三字段扩展 + ParseMsgWithXMLToolCalls reasoning 支持
- A3: RealtimeSessions 60s HMAC 短期令牌 + transcription 模型可选 + any-to-any 判定
- A4: replicaCache 分布式缓存层,减少重复 FindAndLockNodeWithModel DB 调用
- 附带: metrics/monitoring/worker/templates/mcp httpapi 相关完善
… error

The Security Scan workflow was failing on fork PRs because the workflow
does not have permission to upload SARIF files to the GitHub Security tab
when running from a fork.

This change adds '!github.repository.fork' checks to all steps
to prevent the workflow from running on fork repositories.

This fix should be applied to the main repository so that
all forks inherit the correct configuration.

Fixes mudler#10322, mudler#10318, mudler#10320, mudler#10321
localai-bot pushed a commit to nandanadileep/LocalAI that referenced this pull request Jul 16, 2026
The secscan permissions/continue-on-error tweak is unrelated to
MiniMax-M3 support and overlaps with the fork SARIF-upload discussion
in mudler#10323; keeping this PR scoped to the model support only.

Signed-off-by: Ettore Di Giacinto <mudler@localai.io>
Assisted-by: Claude Code:claude-opus-4-8
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant