From 0b8efe60c31c30e712caeb5d368c908595139b0c Mon Sep 17 00:00:00 2001 From: Nathanael Yusuf Tjahjanadi Date: Fri, 5 Jun 2026 04:45:11 +0000 Subject: [PATCH 1/2] fix(docker-base): skip curl include symlink when target already exists The curl header symlink step copied from the official php image fails in dunglas/frankenphp:1-builder-php8.5 because /usr/local/include/curl already exists there, aborting the php-recompile stage under set -e: ln: failed to create symbolic link '/usr/local/include/curl': File exists Guard on the target path as well, so the ln is skipped when the builder image already provides the include directory. --- docker-base/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-base/Dockerfile b/docker-base/Dockerfile index f3a965b..d7a3e51 100644 --- a/docker-base/Dockerfile +++ b/docker-base/Dockerfile @@ -65,7 +65,7 @@ RUN set -eux; \ cd /usr/src/php; \ gnuArch="$(dpkg-architecture --query DEB_BUILD_GNU_TYPE)"; \ debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \ - if [ ! -d /usr/include/curl ]; then \ + if [ ! -d /usr/include/curl ] && [ ! -e /usr/local/include/curl ]; then \ ln -sT "/usr/include/$debMultiarch/curl" /usr/local/include/curl; \ fi; \ export \ From da99121383ac061c1f858b8a79f2ddd3147f8e30 Mon Sep 17 00:00:00 2001 From: Nathanael Yusuf Tjahjanadi Date: Fri, 5 Jun 2026 04:58:00 +0000 Subject: [PATCH 2/2] ci(codacy): assign unique SARIF run categories before upload MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The CodeQL upload-sarif action now rejects SARIF files that contain multiple runs sharing the same category (derived from automationDetails.id), blocking the required "Codacy Security Scan" check with: The CodeQL Action does not support uploading multiple SARIF runs with the same category. Please update your workflow to upload a single run per category. Insert a jq post-processing step between the Codacy analysis and the upload to stamp each run with a unique automationDetails.id ("codacy-run-0", "codacy-run-1", …). The expression is a no-op on single-run SARIF files. Ref: https://github.blog/changelog/2025-07-21-code-scanning-will-stop-combining-multiple-sarif-runs-uploaded-in-the-same-sarif-file/ --- .github/workflows/codacy.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index eb267a3..058698c 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -41,6 +41,14 @@ jobs: max-allowed-issues: 2147483647 + - name: Assign unique categories to SARIF runs + # upload-sarif rejects files containing multiple runs with the same + # category (derived from automationDetails.id). Set a distinct id on + # every run so CodeQL accepts the upload. + # See: https://github.blog/changelog/2025-07-21-code-scanning-will-stop-combining-multiple-sarif-runs-uploaded-in-the-same-sarif-file/ + run: | + jq '.runs |= (to_entries | map(.value.automationDetails.id = "codacy-run-\(.key)" | .value))' results.sarif > results.fixed.sarif && mv results.fixed.sarif results.sarif + - name: Upload SARIF results file uses: github/codeql-action/upload-sarif@v4 with: