From 367f922af75a9b6dd771eb9ee5e06e2fc9d7cda0 Mon Sep 17 00:00:00 2001
From: Badlop <badlop@process-one.net>
Date: Wed, 7 Feb 2024 19:44:26 +0100
Subject: [PATCH] Codacy: Update config, trying to solve problem when uploading
 SARIF file

Copied example confioguration from:
https://github.com/marketplace/actions/codacy-analysis-cli#integration-with-github-code-scanning
---
 .github/workflows/codacy.yml | 27 +--------------------------
 1 file changed, 1 insertion(+), 26 deletions(-)

diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
index 780aef2019e..31aee649d32 100644
--- a/.github/workflows/codacy.yml
+++ b/.github/workflows/codacy.yml
@@ -1,16 +1,3 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-
-# This workflow checks out code, performs a Codacy security scan
-# and integrates the results with the
-# GitHub Advanced Security code scanning feature.  For more information on
-# the Codacy security scan action usage and parameters, see
-# https://github.com/codacy/codacy-analysis-cli-action.
-# For more information on Codacy Analysis CLI in general, see
-# https://github.com/codacy/codacy-analysis-cli.
-
 name: Codacy Security Scan
 
 on:
@@ -22,19 +9,12 @@ on:
   schedule:
     - cron: '45 13 * * 6'
 
-permissions:
-  contents: read
 
 jobs:
   codacy-security-scan:
-    permissions:
-      contents: read # for actions/checkout to fetch code
-      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
     name: Codacy Security Scan
     runs-on: ubuntu-latest
     steps:
-      # Checkout the repository to the GitHub Actions runner
       - name: Checkout code
         uses: actions/checkout@main
 
@@ -84,20 +64,15 @@ jobs:
           rm tools/hook_deps.sh
           rm tools/opt_types.sh
 
-      # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
       - name: Run Codacy Analysis CLI
         uses: codacy/codacy-analysis-cli-action@master
         with:
-          # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
-          # You can also omit the token and run the tools that support default configurations
-          project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
-          verbose: true
           output: results.sarif
           format: sarif
           # Adjust severity of non-security issues
           gh-code-scanning-compat: true
           # Force 0 exit code to allow SARIF file generation
-          # This will handover control about PR rejection to the GitHub side
+          # This will hand over control about PR rejection to the GitHub side
           max-allowed-issues: 2147483647
 
       # Upload the SARIF file generated in the previous step