From 2de76b6faa8d19e7e5625b329dd551fcb7c07cd8 Mon Sep 17 00:00:00 2001
From: "Michael B. Gale" <mbg@github.com>
Date: Wed, 11 Feb 2026 22:41:32 +0000
Subject: [PATCH] Update PR check for `csra`

---
 ...ality-queries.yml => __analysis-kinds.yml} | 42 +++++++++++--------
 ...quality-queries.yml => analysis-kinds.yml} | 34 ++++++++-------
 2 files changed, 43 insertions(+), 33 deletions(-)
 rename .github/workflows/{__quality-queries.yml => __analysis-kinds.yml} (84%)
 rename pr-checks/checks/{quality-queries.yml => analysis-kinds.yml} (75%)

diff --git a/.github/workflows/__quality-queries.yml b/.github/workflows/__analysis-kinds.yml
similarity index 84%
rename from .github/workflows/__quality-queries.yml
rename to .github/workflows/__analysis-kinds.yml
index fdbe0e812..a4f21d510 100644
--- a/.github/workflows/__quality-queries.yml
+++ b/.github/workflows/__analysis-kinds.yml
@@ -3,7 +3,7 @@
 #     pr-checks/sync.sh
 # to regenerate this file.
 
-name: PR Check - Quality queries input
+name: PR Check - Analysis kinds
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
   GO111MODULE: auto
@@ -29,9 +29,9 @@ defaults:
     shell: bash
 concurrency:
   cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
-  group: quality-queries-${{github.ref}}
+  group: analysis-kinds-${{github.ref}}
 jobs:
-  quality-queries:
+  analysis-kinds:
     strategy:
       fail-fast: false
       matrix:
@@ -45,6 +45,9 @@ jobs:
           - os: ubuntu-latest
             version: linked
             analysis-kinds: code-scanning,code-quality
+          - os: ubuntu-latest
+            version: linked
+            analysis-kinds: csra
           - os: ubuntu-latest
             version: nightly-latest
             analysis-kinds: code-scanning
@@ -54,7 +57,10 @@ jobs:
           - os: ubuntu-latest
             version: nightly-latest
             analysis-kinds: code-scanning,code-quality
-    name: Quality queries input
+          - os: ubuntu-latest
+            version: nightly-latest
+            analysis-kinds: csra
+    name: Analysis kinds
     if: github.triggering_actor != 'dependabot[bot]'
     permissions:
       contents: read
@@ -81,30 +87,24 @@ jobs:
           output: ${{ runner.temp }}/results
           upload-database: false
           post-processed-sarif-path: ${{ runner.temp }}/post-processed
-      - name: Upload security SARIF
-        if: contains(matrix.analysis-kinds, 'code-scanning')
+
+      - name: Upload SARIF files
         uses: actions/upload-artifact@v6
         with:
           name: |
-            quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json
-          path: ${{ runner.temp }}/results/javascript.sarif
-          retention-days: 7
-      - name: Upload quality SARIF
-        if: contains(matrix.analysis-kinds, 'code-quality')
-        uses: actions/upload-artifact@v6
-        with:
-          name: |
-            quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.quality.sarif.json
-          path: ${{ runner.temp }}/results/javascript.quality.sarif
+            analysis-kinds-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}
+          path: ${{ runner.temp }}/results/*.sarif
           retention-days: 7
+
       - name: Upload post-processed SARIF
         uses: actions/upload-artifact@v6
         with:
           name: |
-            post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json
+            post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}
           path: ${{ runner.temp }}/post-processed
           retention-days: 7
           if-no-files-found: error
+
       - name: Check quality query does not appear in security SARIF
         if: contains(matrix.analysis-kinds, 'code-scanning')
         uses: actions/github-script@v8
@@ -121,6 +121,14 @@ jobs:
           EXPECT_PRESENT: 'true'
         with:
           script: ${{ env.CHECK_SCRIPT }}
+      - name: Check quality query does not appear in CSRA SARIF
+        if: contains(matrix.analysis-kinds, 'csra')
+        uses: actions/github-script@v8
+        env:
+          SARIF_PATH: ${{ runner.temp }}/results/javascript.csra.sarif
+          EXPECT_PRESENT: 'false'
+        with:
+          script: ${{ env.CHECK_SCRIPT }}
     env:
       CHECK_SCRIPT: |
         const fs = require('fs');
diff --git a/pr-checks/checks/quality-queries.yml b/pr-checks/checks/analysis-kinds.yml
similarity index 75%
rename from pr-checks/checks/quality-queries.yml
rename to pr-checks/checks/analysis-kinds.yml
index 353abbb77..86344eeb2 100644
--- a/pr-checks/checks/quality-queries.yml
+++ b/pr-checks/checks/analysis-kinds.yml
@@ -1,7 +1,7 @@
-name: "Quality queries input"
-description: "Tests that queries specified in the quality-queries input are used."
+name: "Analysis kinds"
+description: "Tests basic functionality for different `analysis-kinds` inputs."
 versions: ["linked", "nightly-latest"]
-analysisKinds: ["code-scanning", "code-quality", "code-scanning,code-quality"]
+analysisKinds: ["code-scanning", "code-quality", "code-scanning,code-quality", "csra"]
 env:
   CHECK_SCRIPT: |
     const fs = require('fs');
@@ -37,30 +37,24 @@ steps:
       output: "${{ runner.temp }}/results"
       upload-database: false
       post-processed-sarif-path: "${{ runner.temp }}/post-processed"
-  - name: Upload security SARIF
-    if: contains(matrix.analysis-kinds, 'code-scanning')
+
+  - name: Upload SARIF files
     uses: actions/upload-artifact@v6
     with:
       name: |
-        quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json
-      path: "${{ runner.temp }}/results/javascript.sarif"
-      retention-days: 7
-  - name: Upload quality SARIF
-    if: contains(matrix.analysis-kinds, 'code-quality')
-    uses: actions/upload-artifact@v6
-    with:
-      name: |
-        quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.quality.sarif.json
-      path: "${{ runner.temp }}/results/javascript.quality.sarif"
+        analysis-kinds-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}
+      path: "${{ runner.temp }}/results/*.sarif"
       retention-days: 7
+
   - name: Upload post-processed SARIF
     uses: actions/upload-artifact@v6
     with:
       name: |
-        post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json
+        post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}
       path: "${{ runner.temp }}/post-processed"
       retention-days: 7
       if-no-files-found: error
+
   - name: Check quality query does not appear in security SARIF
     if: contains(matrix.analysis-kinds, 'code-scanning')
     uses: actions/github-script@v8
@@ -77,3 +71,11 @@ steps:
       EXPECT_PRESENT: "true"
     with:
       script: ${{ env.CHECK_SCRIPT }}
+  - name: Check quality query does not appear in CSRA SARIF
+    if: contains(matrix.analysis-kinds, 'csra')
+    uses: actions/github-script@v8
+    env:
+      SARIF_PATH: "${{ runner.temp }}/results/javascript.csra.sarif"
+      EXPECT_PRESENT: "false"
+    with:
+      script: ${{ env.CHECK_SCRIPT }}