@@ -78,12 +78,11 @@ jobs:
7878 contents : read
7979 env :
8080 OUT_DIR : ${{ github.workspace }}/.cycode-out
81- # Summary MDs live in runner.temp so they're available to the job-summary
82- # step even when the caller didn't request md as an artifact format.
83- SUMMARY_DIR : ${{ runner.temp }}/cycode-summary
84- SUMMARY_SCRIPT : ${{ runner.temp }}/cycode-summary.py
8581 CYCODE_CLIENT_ID : ${{ secrets.CYCODE_CLIENT_ID }}
8682 CYCODE_CLIENT_SECRET : ${{ secrets.CYCODE_CLIENT_SECRET }}
83+ # NOTE: SUMMARY_DIR + SUMMARY_SCRIPT are derived inside each step from
84+ # the runner-provided $RUNNER_TEMP shell env var. The ${{ runner.* }}
85+ # GH context is not allowed at job-level env, only at step level.
8786 steps :
8887 # ---- Validate inputs at the top so misconfiguration fails loudly --
8988 - name : Validate inputs
@@ -153,6 +152,8 @@ jobs:
153152 shell : bash
154153 run : |
155154 set -euo pipefail
155+ SUMMARY_DIR="$RUNNER_TEMP/cycode-summary"
156+ SUMMARY_SCRIPT="$RUNNER_TEMP/cycode-summary.py"
156157 mkdir -p "$SUMMARY_DIR"
157158 curl -fsSL \
158159 "https://raw.githubusercontent.com/levine-cycode/cycode-github-actions-examples/main/scripts/cycode-summary.py" \
@@ -269,6 +270,8 @@ jobs:
269270 BASE_COMMIT : ${{ steps.resolve.outputs.base }}
270271 run : |
271272 set -e
273+ SUMMARY_DIR="$RUNNER_TEMP/cycode-summary"
274+ SUMMARY_SCRIPT="$RUNNER_TEMP/cycode-summary.py"
272275 mkdir -p "$OUT_DIR" "$SUMMARY_DIR"
273276 want_md=$(echo "$OUTPUT_FORMATS" | jq -r 'index("md") | if . == null then "" else "yes" end')
274277 want_csv=$(echo "$OUTPUT_FORMATS" | jq -r 'index("csv") | if . == null then "" else "yes" end')
@@ -311,6 +314,7 @@ jobs:
311314 BASE_COMMIT : ${{ steps.resolve.outputs.base }}
312315 run : |
313316 set -e
317+ SUMMARY_DIR="$RUNNER_TEMP/cycode-summary"
314318 {
315319 echo "## Cycode scan summary"
316320 echo ""
0 commit comments