From 35454d39b2aec0272d179a012ad48997417c0638 Mon Sep 17 00:00:00 2001
From: "Michael B. Gale" <mbg@github.com>
Date: Thu, 18 Sep 2025 13:50:53 +0100
Subject: [PATCH] Refactor CQ SARIF upload in `upload-sarif` into a function

---
 lib/upload-sarif-action.js | 35 ++++++++++++++--------
 src/upload-sarif-action.ts | 59 +++++++++++++++++++++++++++++---------
 2 files changed, 69 insertions(+), 25 deletions(-)

diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js
index f603d0aa1..f98e2e221 100644
--- a/lib/upload-sarif-action.js
+++ b/lib/upload-sarif-action.js
@@ -93358,6 +93358,23 @@ function filterAlertsByDiffRange(logger, sarif) {
 }
 
 // src/upload-sarif-action.ts
+async function findAndUpload(logger, features, sarifPath, checkoutPath, analysis, category) {
+  const sarifFiles = findSarifFilesInDir(
+    sarifPath,
+    analysis.sarifPredicate
+  );
+  if (sarifFiles.length !== 0) {
+    return await uploadSpecifiedFiles(
+      sarifFiles,
+      checkoutPath,
+      category,
+      features,
+      logger,
+      analysis
+    );
+  }
+  return void 0;
+}
 async function sendSuccessStatusReport(startedAt, uploadStats, logger) {
   const statusReportBase = await createStatusReportBase(
     "upload-sarif" /* UploadSarif */,
@@ -93414,20 +93431,14 @@ async function run() {
     );
     core13.setOutput("sarif-id", uploadResult.sarifID);
     if (fs15.lstatSync(sarifPath).isDirectory()) {
-      const qualitySarifFiles = findSarifFilesInDir(
+      await findAndUpload(
+        logger,
+        features,
         sarifPath,
-        CodeQuality.sarifPredicate
+        checkoutPath,
+        CodeQuality,
+        fixCodeQualityCategory(logger, category)
       );
-      if (qualitySarifFiles.length !== 0) {
-        await uploadSpecifiedFiles(
-          qualitySarifFiles,
-          checkoutPath,
-          fixCodeQualityCategory(logger, category),
-          features,
-          logger,
-          CodeQuality
-        );
-      }
     }
     if (isInTestMode()) {
       core13.debug("In test mode. Waiting for processing is disabled.");
diff --git a/src/upload-sarif-action.ts b/src/upload-sarif-action.ts
index a193e242a..7881232d3 100644
--- a/src/upload-sarif-action.ts
+++ b/src/upload-sarif-action.ts
@@ -32,6 +32,45 @@ interface UploadSarifStatusReport
   extends StatusReportBase,
     upload_lib.UploadStatusReport {}
 
+/**
+ * Searches for SARIF files for the given `analysis` in the given `sarifPath`.
+ * If any are found, then they are uploaded to the appropriate endpoint for the given `analysis`.
+ *
+ * @param logger The logger to use.
+ * @param features Information about FFs.
+ * @param sarifPath The path to a directory containing SARIF files.
+ * @param checkoutPath The checkout path.
+ * @param analysis The configuration of the analysis we should upload SARIF files for.
+ * @param category The SARIF category to use for the upload.
+ * @returns The result of uploading the SARIF file(s) or `undefined` if there are none.
+ */
+async function findAndUpload(
+  logger: Logger,
+  features: Features,
+  sarifPath: string,
+  checkoutPath: string,
+  analysis: analyses.AnalysisConfig,
+  category?: string,
+): Promise<upload_lib.UploadResult | undefined> {
+  const sarifFiles = upload_lib.findSarifFilesInDir(
+    sarifPath,
+    analysis.sarifPredicate,
+  );
+
+  if (sarifFiles.length !== 0) {
+    return await upload_lib.uploadSpecifiedFiles(
+      sarifFiles,
+      checkoutPath,
+      category,
+      features,
+      logger,
+      analysis,
+    );
+  }
+
+  return undefined;
+}
+
 async function sendSuccessStatusReport(
   startedAt: Date,
   uploadStats: upload_lib.UploadStatusReport,
@@ -86,6 +125,7 @@ async function run() {
   }
 
   try {
+    // `sarifPath` can either be a path to a single file, or a path to a directory.
     const sarifPath = actionsUtil.getRequiredInput("sarif_file");
     const checkoutPath = actionsUtil.getRequiredInput("checkout_path");
     const category = actionsUtil.getOptionalInput("category");
@@ -104,21 +144,14 @@ async function run() {
     // Code quality can currently only be enabled on top of security, so we'd currently always expect to
     // have a directory for the results here.
     if (fs.lstatSync(sarifPath).isDirectory()) {
-      const qualitySarifFiles = upload_lib.findSarifFilesInDir(
+      await findAndUpload(
+        logger,
+        features,
         sarifPath,
-        analyses.CodeQuality.sarifPredicate,
+        checkoutPath,
+        analyses.CodeQuality,
+        actionsUtil.fixCodeQualityCategory(logger, category),
       );
-
-      if (qualitySarifFiles.length !== 0) {
-        await upload_lib.uploadSpecifiedFiles(
-          qualitySarifFiles,
-          checkoutPath,
-          actionsUtil.fixCodeQualityCategory(logger, category),
-          features,
-          logger,
-          analyses.CodeQuality,
-        );
-      }
     }
 
     // We don't upload results in test mode, so don't wait for processing