Ensure scan phase fails if brakeman segfaults

brakeman segfaulted in a CI job, and it was not noticed because of `continue-on-error: true`. Using `--no-exit-on-warn` and `--no-exit-on-error` allows to remove the `continue-on-error: true` parameter.
opf · Mar 1, 2023 · 98be78b · 98be78b
1 parent e0f67b0
commit 98be78b
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/.github/workflows/brakeman-scan-core.yml b/.github/workflows/brakeman-scan-core.yml
@@ -33,9 +33,13 @@ jobs:
           gem install brakeman
 
       - name: Scan
-        continue-on-error: true
         run: |
-          brakeman -i config/brakeman.ignore -f sarif -o output.sarif.json .
+          brakeman \
+            --ignore-config config/brakeman.ignore \
+            --no-exit-on-warn \
+            --no-exit-on-error \
+            --format sarif \
+            --output output.sarif.json
 
       - name: Upload SARIF
         uses: github/codeql-action/upload-sarif@v2