From 13bfb49ebca04de47b876c58fe77dd5bbd886aba Mon Sep 17 00:00:00 2001
From: Simon Resch <simon.resch@code-intelligence.de>
Date: Mon, 9 Mar 2026 12:40:04 +0100
Subject: [PATCH] feat: upload findings directory instead of summary

---
 run-fuzzing/action.yml                 | 6 +-----
 upload-code-scanning-report/action.yml | 5 +++--
 2 files changed, 4 insertions(+), 7 deletions(-)

diff --git a/run-fuzzing/action.yml b/run-fuzzing/action.yml
index 0a5aaee..055c403 100644
--- a/run-fuzzing/action.yml
+++ b/run-fuzzing/action.yml
@@ -13,10 +13,6 @@ runs:
       run: cifuzz run -v --interactive=false --max-fuzzing-duration ${{ inputs.duration }}
       shell: bash
 
-    - name: Generate findings report
-      run: cifuzz findings > findings.txt
-      shell: bash
-
     - name: Check for findings
       id: findings_check
       continue-on-error: true
@@ -38,7 +34,7 @@ runs:
       run: |
         if [ "${{ steps.findings_check.outcome }}" = "failure" ]; then
           echo "Fuzzing found issues:"
-          cat findings.txt
+          cifuzz findings
         else
           echo "Fuzzing run failed (possible build error)"
         fi
diff --git a/upload-code-scanning-report/action.yml b/upload-code-scanning-report/action.yml
index f51c6e3..c933e1a 100644
--- a/upload-code-scanning-report/action.yml
+++ b/upload-code-scanning-report/action.yml
@@ -8,7 +8,7 @@ runs:
       shell: bash
 
     - name: Upload findings to GitHub code scanning
-      uses: github/codeql-action/upload-sarif@v3
+      uses: github/codeql-action/upload-sarif@v4
       with:
         sarif_file: results.sarif
 
@@ -30,4 +30,5 @@ runs:
       uses: actions/upload-artifact@v4
       with:
         name: cifuzz-findings
-        path: findings.txt
+        path: .cifuzz-findings
+        include-hidden-files: true