Add new sarif-ids output to upload-sarif action

Unlike `sarif-id` which is for the single Code Scanning SARIF id, `sarif-ids` contains stringified JSON object with details of all SARIF ids.

src/upload-sarif-action.ts

@@ -145,6 +145,7 @@ async function run() {
       throw new ConfigurationError(`Path does not exist: ${sarifPath}.`);
     }
 
+    const sarifIds: Array<{ analysis: string; id: string }> = [];
     const uploadResult = await findAndUpload(
       logger,
       features,
@@ -156,12 +157,16 @@ async function run() {
     );
     if (uploadResult !== undefined) {
       core.setOutput("sarif-id", uploadResult.sarifID);
+      sarifIds.push({
+        analysis: analyses.AnalysisKind.CodeScanning,
+        id: uploadResult.sarifID,
+      });
     }
 
     // If there are `.quality.sarif` files in `sarifPath`, then upload those to the code quality service.
     // Code quality can currently only be enabled on top of security, so we'd currently always expect to
     // have a directory for the results here.
-    await findAndUpload(
+    const qualityUploadResult = await findAndUpload(
       logger,
       features,
       sarifPath,
@@ -170,6 +175,13 @@ async function run() {
       analyses.CodeQuality,
       actionsUtil.fixCodeQualityCategory(logger, category),
     );
+    if (qualityUploadResult !== undefined) {
+      sarifIds.push({
+        analysis: analyses.AnalysisKind.CodeQuality,
+        id: qualityUploadResult.sarifID,
+      });
+    }
+    core.setOutput("sarif-ids", JSON.stringify(sarifIds));
 
     // We don't upload results in test mode, so don't wait for processing
     if (isInTestMode()) {