From 6bdf5d3d00fd477b954432761e4dcd9d3cf02b72 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Mon, 6 Oct 2025 13:56:19 +0100 Subject: [PATCH] Run `upload-sarif` check for all `analysis-kinds` values --- .github/workflows/__upload-sarif.yml | 21 +++++++++++++++++---- pr-checks/checks/upload-sarif.yml | 15 +++++++++++---- 2 files changed, 28 insertions(+), 8 deletions(-) diff --git a/.github/workflows/__upload-sarif.yml b/.github/workflows/__upload-sarif.yml index ed92f095e..fd98b8d64 100644 --- a/.github/workflows/__upload-sarif.yml +++ b/.github/workflows/__upload-sarif.yml @@ -48,6 +48,13 @@ jobs: include: - os: ubuntu-latest version: default + analysis-kinds: code-scanning + - os: ubuntu-latest + version: default + analysis-kinds: code-quality + - os: ubuntu-latest + version: default + analysis-kinds: code-scanning,code-quality name: Test different uses of `upload-sarif` if: github.triggering_actor != 'dependabot[bot]' permissions: @@ -74,7 +81,7 @@ jobs: with: tools: ${{ steps.prepare-test.outputs.tools-url }} languages: csharp,java,javascript,python - analysis-kinds: code-quality + analysis-kinds: ${{ matrix.analysis-kinds }} - name: Build code run: ./build.sh # Generate some SARIF we can upload with the upload-sarif step @@ -83,13 +90,19 @@ jobs: ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2 upload: never - - uses: ./../action/upload-sarif + + - name: | + Upload all SARIF files for `analysis-kinds: ${{ matrix.analysis-kinds }}` + uses: ./../action/upload-sarif id: upload-sarif with: ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2 - - name: Check output from `upload-sarif` step - if: '!(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)' + - name: Check output from `upload-sarif` step for `code-scanning` + if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning) + run: exit 1 + - name: Check output from `upload-sarif` step for `code-quality` + if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality) run: exit 1 env: CODEQL_ACTION_TEST_MODE: true diff --git a/pr-checks/checks/upload-sarif.yml b/pr-checks/checks/upload-sarif.yml index 7f68e5507..f40cb6794 100644 --- a/pr-checks/checks/upload-sarif.yml +++ b/pr-checks/checks/upload-sarif.yml @@ -1,13 +1,14 @@ name: "Test different uses of `upload-sarif`" description: "Checks that uploading SARIFs to the code quality endpoint works" versions: ["default"] +analysisKinds: ["code-scanning", "code-quality", "code-scanning,code-quality"] installGo: true steps: - uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} languages: csharp,java,javascript,python - analysis-kinds: code-quality + analysis-kinds: ${{ matrix.analysis-kinds }} - name: Build code run: ./build.sh # Generate some SARIF we can upload with the upload-sarif step @@ -16,11 +17,17 @@ steps: ref: 'refs/heads/main' sha: '5e235361806c361d4d3f8859e3c897658025a9a2' upload: never - - uses: ./../action/upload-sarif + + - name: | + Upload all SARIF files for `analysis-kinds: ${{ matrix.analysis-kinds }}` + uses: ./../action/upload-sarif id: upload-sarif with: ref: 'refs/heads/main' sha: '5e235361806c361d4d3f8859e3c897658025a9a2' - - name: "Check output from `upload-sarif` step" - if: '!(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)' + - name: "Check output from `upload-sarif` step for `code-scanning`" + if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning)" + run: exit 1 + - name: "Check output from `upload-sarif` step for `code-quality`" + if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)" run: exit 1