Codeql perform issues

[Tsingis]

Getting today when performing analysis

Run github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13
While resolving threads, found a cgroup CPUs file with 4 CPUs in /sys/fs/cgroup/cpuset.cpus.effective.
Generating diff range extension pack
Extracting javascript
Finalizing javascript
Running queries for javascript
CodeQL scanned 45 out of 45 TypeScript files, 14 out of 14 GitHub Actions files and 3 out of 3 JavaScript files in this invocation. Check the status page for overall coverage information: https://github.com/Tsingis/cars-data/security/code-scanning/tools/CodeQL/status/
Analysis produced the following diagnostic information:
Skipped improved incremental analysis because it failed previously with similar hardware resources (1 result)

Analysis produced the following diagnostic information:
Skipped improved incremental analysis because it failed previously with similar hardware resources (1 result)

Post-processing sarif files: ["/home/runner/work/cars-data/results/javascript.quality.sarif"]
Adding fingerprints to SARIF file. See https://docs.github.com/en/code-security/reference/code-scanning/sarif-support-for-code-scanning#data-for-preventing-duplicated-alerts for more information.
Uploading code quality results
  Uploading results
  Warning: Not Found - https://docs.github.com/rest
  Error: Please check that your token is valid and has the required permissions: contents: read, security-events: write

while having

name: codeql
on:
  push:
    branches:
      - main
  pull_request:
    branches:
      - main
  schedule:
    - cron: "0 21 * * 0"
  workflow_dispatch:
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
jobs:
  analyze:
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      security-events: write
    strategy:
      fail-fast: false
      matrix:
        language: ["javascript-typescript", "python", "actions"]
    steps:
      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Initialize CodeQL
        uses: github/codeql-action/init@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
        with:
          languages: ${{ matrix.language }}
          analysis-kinds: code-scanning,code-quality
      - name: Perform CodeQL Analysis
        uses: github/codeql-action/analyze@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1

[mbg]

Hi @Tsingis, code-quality is not a supported input for analysis-kinds in advanced workflows. You have to use https://docs.github.com/en/code-security/concepts/about-code-quality

[Tsingis]

Hi @Tsingis, code-quality is not a supported input for analysis-kinds in advanced workflows. You have to use https://docs.github.com/en/code-security/concepts/about-code-quality

Okay, why this worked before then? I've had this intentional misconfiguration for quite while.

[mbg]

As per the description of the analysis-kinds input:

This input is intended for internal-use only at this time and the behaviour is subject to changes.

And the changelog entry when it was introduced:

Do not use this in production as it is subject to change at any time.

While it may have worked for you until now, it was never supported. While we didn't explicitly prevent it from being used in advanced workflows before, it looks like there may have been a change which does not account for this unsupported use case.

[Tsingis]

Thanks for quick reply!