From d378195403bf7cd9c9b55e4713ede0962aa58b83 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 18 Sep 2025 14:46:05 +0100 Subject: [PATCH] Add new `sarif-ids` output to `upload-sarif` action Unlike `sarif-id` which is for the single Code Scanning SARIF id, `sarif-ids` contains stringified JSON object with details of all SARIF ids. --- lib/upload-sarif-action.js | 14 +++++++++++++- src/upload-sarif-action.ts | 14 +++++++++++++- upload-sarif/action.yml | 7 ++++++- 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 5f86c6396..b482d9d3d 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -93401,6 +93401,7 @@ async function run() { if (pathStats === void 0) { throw new ConfigurationError(`Path does not exist: ${sarifPath}.`); } + const sarifIds = []; const uploadResult = await findAndUpload( logger, features, @@ -93412,8 +93413,12 @@ async function run() { ); if (uploadResult !== void 0) { core13.setOutput("sarif-id", uploadResult.sarifID); + sarifIds.push({ + analysis: "code-scanning" /* CodeScanning */, + id: uploadResult.sarifID + }); } - await findAndUpload( + const qualityUploadResult = await findAndUpload( logger, features, sarifPath, @@ -93422,6 +93427,13 @@ async function run() { CodeQuality, fixCodeQualityCategory(logger, category) ); + if (qualityUploadResult !== void 0) { + sarifIds.push({ + analysis: "code-quality" /* CodeQuality */, + id: qualityUploadResult.sarifID + }); + } + core13.setOutput("sarif-ids", JSON.stringify(sarifIds)); if (isInTestMode()) { core13.debug("In test mode. Waiting for processing is disabled."); } else if (getRequiredInput("wait-for-processing") === "true") { diff --git a/src/upload-sarif-action.ts b/src/upload-sarif-action.ts index 29f998e81..4f527b0b6 100644 --- a/src/upload-sarif-action.ts +++ b/src/upload-sarif-action.ts @@ -145,6 +145,7 @@ async function run() { throw new ConfigurationError(`Path does not exist: ${sarifPath}.`); } + const sarifIds: Array<{ analysis: string; id: string }> = []; const uploadResult = await findAndUpload( logger, features, @@ -156,12 +157,16 @@ async function run() { ); if (uploadResult !== undefined) { core.setOutput("sarif-id", uploadResult.sarifID); + sarifIds.push({ + analysis: analyses.AnalysisKind.CodeScanning, + id: uploadResult.sarifID, + }); } // If there are `.quality.sarif` files in `sarifPath`, then upload those to the code quality service. // Code quality can currently only be enabled on top of security, so we'd currently always expect to // have a directory for the results here. - await findAndUpload( + const qualityUploadResult = await findAndUpload( logger, features, sarifPath, @@ -170,6 +175,13 @@ async function run() { analyses.CodeQuality, actionsUtil.fixCodeQualityCategory(logger, category), ); + if (qualityUploadResult !== undefined) { + sarifIds.push({ + analysis: analyses.AnalysisKind.CodeQuality, + id: qualityUploadResult.sarifID, + }); + } + core.setOutput("sarif-ids", JSON.stringify(sarifIds)); // We don't upload results in test mode, so don't wait for processing if (isInTestMode()) { diff --git a/upload-sarif/action.yml b/upload-sarif/action.yml index 15ff9eeff..cd61886c6 100644 --- a/upload-sarif/action.yml +++ b/upload-sarif/action.yml @@ -34,7 +34,12 @@ inputs: default: "true" outputs: sarif-id: - description: The ID of the uploaded SARIF file. + description: The ID of the uploaded Code Scanning SARIF file, if any. + sarif-ids: + description: | + A stringified JSON object containing the SARIF ID for each kind of analysis. For example: + + { "code-scanning": "some-id", "code-quality": "some-other-id" } runs: using: node20 main: '../lib/upload-sarif-action.js'