From ce97dfe40565e250b82eaaabdd757d5545595a58 Mon Sep 17 00:00:00 2001
From: "Michael B. Gale" <mbg@github.com>
Date: Thu, 26 Feb 2026 19:47:55 +0000
Subject: [PATCH] Sanitise artifact name

---
 lib/init-action-post.js             | 2 +-
 src/init-action-post-helper.test.ts | 4 +++-
 src/init-action-post-helper.ts      | 3 ++-
 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/lib/init-action-post.js b/lib/init-action-post.js
index 76b2c4587..781e8975a 100644
--- a/lib/init-action-post.js
+++ b/lib/init-action-post.js
@@ -169882,7 +169882,7 @@ async function maybeUploadFailedSarifArtifact(config, features, logger) {
   const gitHubVersion = await getGitHubVersion();
   const client = await getArtifactUploaderClient(logger, gitHubVersion.type);
   const suffix = getArtifactSuffix(getOptionalInput("matrix"));
-  const name = `sarif-artifact-${suffix}`;
+  const name = sanitizeArtifactName(`sarif-artifact-${suffix}`);
   await client.uploadArtifact(
     name,
     [import_path3.default.normalize(failedSarif.sarifFile)],
diff --git a/src/init-action-post-helper.test.ts b/src/init-action-post-helper.test.ts
index 22659d047..3f064726e 100644
--- a/src/init-action-post-helper.test.ts
+++ b/src/init-action-post-helper.test.ts
@@ -672,7 +672,9 @@ test("tryUploadSarifIfRunFailed - uploads as artifact for risk assessments", asy
     logger,
   );
 
-  const expectedName = `sarif-artifact-${debugArtifacts.getArtifactSuffix(matrix)}`;
+  const expectedName = debugArtifacts.sanitizeArtifactName(
+    `sarif-artifact-${debugArtifacts.getArtifactSuffix(matrix)}`,
+  );
   t.is(result.upload_failed_run_skipped_because, undefined);
   t.is(result.upload_failed_run_error, undefined);
   t.is(result.sarifID, expectedName);
diff --git a/src/init-action-post-helper.ts b/src/init-action-post-helper.ts
index 538042938..b1789aaba 100644
--- a/src/init-action-post-helper.ts
+++ b/src/init-action-post-helper.ts
@@ -15,6 +15,7 @@ import {
 import {
   getArtifactSuffix,
   getArtifactUploaderClient,
+  sanitizeArtifactName,
 } from "./debug-artifacts";
 import * as dependencyCaching from "./dependency-caching";
 import { EnvVar } from "./environment";
@@ -233,7 +234,7 @@ async function maybeUploadFailedSarifArtifact(
   const client = await getArtifactUploaderClient(logger, gitHubVersion.type);
 
   const suffix = getArtifactSuffix(actionsUtil.getOptionalInput("matrix"));
-  const name = `sarif-artifact-${suffix}`;
+  const name = sanitizeArtifactName(`sarif-artifact-${suffix}`);
   await client.uploadArtifact(
     name,
     [path.normalize(failedSarif.sarifFile)],