From 67f9016a68b4dd362c80fb58fbcb443eb008505f Mon Sep 17 00:00:00 2001
From: kalvinparker <106995826+kalvinparker@users.noreply.github.com>
Date: Fri, 5 Dec 2025 05:57:53 +0000
Subject: [PATCH] ci: make SARIF upload best-effort and always upload artifact

---
 .github/workflows/ci.yml | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 4ddb143a..fee4b6de 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -28,12 +28,20 @@ jobs:
           output: trivy-results.sarif
           severity: CRITICAL,HIGH
 
-      - name: Upload SARIF results to GitHub Code Scanning
+      - name: Upload SARIF results to GitHub Code Scanning (best-effort)
         uses: github/code-scanning-action/upload-sarif@v2
+        continue-on-error: true
         with:
           sarif_file: 'trivy-results.sarif'
 
-      - name: Upload Trivy SARIF artifact
+      - name: List SARIF file (debug)
+        if: always()
+        run: |
+          echo "Listing SARIF file:"
+          ls -la trivy-results.sarif || true
+
+      - name: Upload Trivy SARIF artifact (always)
+        if: always()
         uses: actions/upload-artifact@v4
         with:
           name: trivy-sarif