From 7baedbc3b8af7961a84479192b0499be0cd72e7e Mon Sep 17 00:00:00 2001
From: "Michael B. Gale" <mbg@github.com>
Date: Mon, 1 Sep 2025 16:44:31 +0100
Subject: [PATCH] Check if Code Scanning is enabled before uploading Code
 Scanning SARIF

---
 lib/analyze-action.js | 20 +++++++++++---------
 src/analyze-action.ts | 27 +++++++++++++++++----------
 2 files changed, 28 insertions(+), 19 deletions(-)

diff --git a/lib/analyze-action.js b/lib/analyze-action.js
index 482c573b8..c73256b98 100644
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@@ -95978,15 +95978,17 @@ async function run() {
     core14.setOutput("sarif-output", import_path4.default.resolve(outputDir));
     const uploadInput = getOptionalInput("upload");
     if (runStats && getUploadValue(uploadInput) === "always") {
-      uploadResult = await uploadFiles(
-        outputDir,
-        getRequiredInput("checkout_path"),
-        getOptionalInput("category"),
-        features,
-        logger,
-        CodeScanning
-      );
-      core14.setOutput("sarif-id", uploadResult.sarifID);
+      if (isCodeScanningEnabled(config)) {
+        uploadResult = await uploadFiles(
+          outputDir,
+          getRequiredInput("checkout_path"),
+          getOptionalInput("category"),
+          features,
+          logger,
+          CodeScanning
+        );
+        core14.setOutput("sarif-id", uploadResult.sarifID);
+      }
       if (isCodeQualityEnabled(config)) {
         const qualityUploadResult = await uploadFiles(
           outputDir,
diff --git a/src/analyze-action.ts b/src/analyze-action.ts
index c949e3d4d..f93072d72 100644
--- a/src/analyze-action.ts
+++ b/src/analyze-action.ts
@@ -19,7 +19,12 @@ import { getApiDetails, getGitHubVersion } from "./api-client";
 import { runAutobuild } from "./autobuild";
 import { getTotalCacheSize, shouldStoreCache } from "./caching-utils";
 import { getCodeQL } from "./codeql";
-import { Config, getConfig, isCodeQualityEnabled } from "./config-utils";
+import {
+  Config,
+  getConfig,
+  isCodeQualityEnabled,
+  isCodeScanningEnabled,
+} from "./config-utils";
 import { uploadDatabases } from "./database-upload";
 import { uploadDependencyCaches } from "./dependency-caching";
 import { getDiffInformedAnalysisBranches } from "./diff-informed-analysis-utils";
@@ -327,15 +332,17 @@ async function run() {
     core.setOutput("sarif-output", path.resolve(outputDir));
     const uploadInput = actionsUtil.getOptionalInput("upload");
     if (runStats && actionsUtil.getUploadValue(uploadInput) === "always") {
-      uploadResult = await uploadLib.uploadFiles(
-        outputDir,
-        actionsUtil.getRequiredInput("checkout_path"),
-        actionsUtil.getOptionalInput("category"),
-        features,
-        logger,
-        analyses.CodeScanning,
-      );
-      core.setOutput("sarif-id", uploadResult.sarifID);
+      if (isCodeScanningEnabled(config)) {
+        uploadResult = await uploadLib.uploadFiles(
+          outputDir,
+          actionsUtil.getRequiredInput("checkout_path"),
+          actionsUtil.getOptionalInput("category"),
+          features,
+          logger,
+          analyses.CodeScanning,
+        );
+        core.setOutput("sarif-id", uploadResult.sarifID);
+      }
 
       if (isCodeQualityEnabled(config)) {
         const qualityUploadResult = await uploadLib.uploadFiles(