Dump SARIF API response

.github/dependabot.yml

@@ -1,29 +1,20 @@
----
 version: 2
 updates:
-- package-ecosystem: npm
-  directory: "/"
-  schedule:
-    interval: weekly
-    day: thursday
-  labels:
-  - Update dependencies
-  ignore:
-  - dependency-name: "*"
-    update-types:
-    - version-update:semver-minor
-    - version-update:semver-patch
-- package-ecosystem: npm
-  directory: "/runner"
-  schedule:
-    interval: weekly
-    day: thursday
-  ignore:
-  - dependency-name: "*"
-    update-types:
-    - version-update:semver-minor
-    - version-update:semver-patch
-- package-ecosystem: github-actions
-  directory: "/"
-  schedule:
-    interval: daily
+  - package-ecosystem: "npm"
+    directory: "/"
+    schedule:
+      interval: "weekly"
+      day: "thursday" # Gives us a working day to merge this before our typical release
+    labels:
+      - "Update dependencies"
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-minor", "version-update:semver-patch"]
+  - package-ecosystem: "npm"
+    directory: "/runner"
+    schedule:
+      interval: "weekly"
+      day: "thursday" # Gives us a working day to merge this before our typical release
+    ignore:
+      - dependency-name: "*"
+        update-types: ["version-update:semver-minor", "version-update:semver-patch"]

.github/workflows/__submit-sarif-failure.yml

@@ -0,0 +1,72 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     pip install ruamel.yaml && python3 sync.py
+# to regenerate this file.
+
+name: PR Check - Submit SARIF after failure
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+    # testing
+    - henrymercer/report-failed-runs-testing
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+jobs:
+  submit-sarif-failure:
+    strategy:
+      matrix:
+        include:
+        - os: ubuntu-latest
+          version: latest
+        - os: ubuntu-latest
+          version: cached
+        - os: ubuntu-latest
+          version: nightly-latest
+    name: Submit SARIF after failure
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/prepare-test
+      with:
+        version: ${{ matrix.version }}
+    - uses: actions/checkout@v3
+    - uses: ./init
+      with:
+        languages: javascript
+    - name: Fail
+    # We want this job to pass if the Action correctly uploads the SARIF file for
+    # the failed run.
+    # Setting this step to continue on error means that it is marked as completing
+    # successfully, so will not fail the job.
+      continue-on-error: true
+      run: exit 1
+    - uses: ./analyze
+    # In a real workflow, this step wouldn't run. Since we used `continue-on-error`
+    # above, we manually disable it with an `if` condition.
+      if: false
+      with:
+        category: /test-codeql-version:${{ matrix.version }}
+    env:
+  # Internal-only environment variable used to indicate that the post-init Action
+  # should expect to upload a SARIF file for the failed run.
+      CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF: true
+  # Make sure the uploading SARIF files feature is enabled.
+      CODEQL_ACTION_UPLOAD_FAILED_SARIF: true
+  # Upload the failed SARIF file as an integration test of the API endpoint.
+      CODEQL_ACTION_TEST_MODE: false
+

CHANGELOG.md

@@ -2,11 +2,7 @@
 
 ## [UNRELEASED]
 
-No user facing changes.
-
-## 2.1.35 - 01 Dec 2022
-
-No user facing changes.
+- Add a step that tries to upload a SARIF file for the workflow run when that workflow run fails. This will help better surface failed code scanning workflow runs. [#1393](https://github.com/github/codeql-action/pull/1393)
 
 ## 2.1.34 - 25 Nov 2022
 

analyze/action.yml

@@ -12,6 +12,7 @@ inputs:
   upload:
     description: Upload the SARIF file to Code Scanning
     required: false
+    # If changing this, make sure to update workflow.ts accordingly.
     default: "true"
   cleanup-level:
     description: "Level of cleanup to perform on CodeQL databases at the end of the analyze step. This should either be 'none' to skip cleanup, or be a valid argument for the --mode flag of the CodeQL CLI command 'codeql database cleanup' as documented at https://codeql.github.com/docs/codeql-cli/manual/database-cleanup"
@@ -44,6 +45,7 @@ inputs:
   checkout_path:
     description: "The path at which the analyzed repository was checked out. Used to relativize any absolute paths in the uploaded SARIF file."
     required: false
+    # If changing this, make sure to update workflow.ts accordingly.
     default: ${{ github.workspace }}
   ref:
     description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable. If provided, the sha input must be provided as well. This input is not available in pull requests from forks."
@@ -61,6 +63,7 @@ inputs:
   wait-for-processing:
     description: If true, the Action will wait for the uploaded SARIF to be processed before completing.
     required: true
+    # If changing this, make sure to update workflow.ts accordingly.
     default: "true"
   token:
     default: ${{ github.token }}

lib/actions-util.js

@@ -173,10 +173,10 @@ async function getAutomationID() {
 exports.getAutomationID = getAutomationID;
 function computeAutomationID(analysis_key, environment) {
     let automationID = `${analysis_key}/`;
-    // the id has to be deterministic so we sort the fields
-    if (environment !== undefined && environment !== "null") {
-        const environmentObject = JSON.parse(environment);
-        for (const entry of Object.entries(environmentObject).sort()) {
+    const matrix = (0, util_1.parseMatrixInput)(environment);
+    if (matrix !== undefined) {
+        // the id has to be deterministic so we sort the fields
+        for (const entry of Object.entries(matrix).sort()) {
             if (typeof entry[1] === "string") {
                 automationID += `${entry[0]}:${entry[1]}/`;
             }

lib/analyze-action-env.test.js

@@ -45,7 +45,6 @@ const util = __importStar(require("./util"));
             .stub(actionsUtil, "createStatusReportBase")
             .resolves({});
         sinon.stub(actionsUtil, "sendStatusReport").resolves(true);
-        sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
         const gitHubVersion = {
             type: util.GitHubVariant.DOTCOM,
         };

lib/analyze-action-env.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAEnE,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-env.test.js","sourceRoot":"","sources":["../src/analyze-action-env.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,8DAA8D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/E,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,uEAAuE;QACvE,0EAA0E;QAC1E,iBAAiB;QACjB,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,IAAI,CAAC;QACrC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action-input.test.js

@@ -61,7 +61,6 @@ const util = __importStar(require("./util"));
         optionalInputStub.withArgs("cleanup-level").returns("none");
         optionalInputStub.withArgs("expect-error").returns("false");
         sinon.stub(util, "getGitHubVersion").resolves(gitHubVersion);
-        sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
         (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
         (0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, {});
         process.env["CODEQL_THREADS"] = "1";

lib/analyze-action-input.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,0BAA0B,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QACnE,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analyze-action-input.test.js","sourceRoot":"","sources":["../src/analyze-action-input.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,mDAAqC;AACrC,4DAA8C;AAC9C,mDAIyB;AACzB,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,4EAA4E;AAC5E,4EAA4E;AAC5E,+EAA+E;AAC/E,+EAA+E;AAC/E,gFAAgF;AAChF,iCAAiC;AAEjC,IAAA,aAAI,EAAC,sDAAsD,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvE,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,iBAAiB,CAAC;QAC1D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,sCAAsC,CAAC;QAC1E,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,wBAAwB,CAAC;QACzD,KAAK;aACF,IAAI,CAAC,WAAW,EAAE,wBAAwB,CAAC;aAC3C,QAAQ,CAAC,EAAkC,CAAC,CAAC;QAChD,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;QAC3D,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;YACT,UAAU,EAAE,EAAE;SACkB,CAAC,CAAC;QACpC,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,OAAO,CAAC,YAAY,CAAC,CAAC;QAC1D,iBAAiB,CAAC,QAAQ,CAAC,iBAAiB,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC/D,MAAM,iBAAiB,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,kBAAkB,CAAC,CAAC;QACtE,iBAAiB,CAAC,QAAQ,CAAC,eAAe,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAC5D,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE,kBAAkB,CAAC,CAAC,QAAQ,CAAC,aAAa,CAAC,CAAC;QAC7D,IAAA,gCAAgB,EAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACjC,IAAA,0CAA0B,EAAC,GAAG,EAAE,EAAE,CAAC,CAAC;QAEpC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,GAAG,CAAC;QACpC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,MAAM,CAAC;QAEnC,4DAA4D;QAC5D,iBAAiB,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACpD,iBAAiB,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QAElD,MAAM,eAAe,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,aAAa,CAAC,CAAC;QAC3D,MAAM,cAAc,GAAG,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,YAAY,CAAC,CAAC;QACzD,MAAM,aAAa,GAAG,OAAO,CAAC,kBAAkB,CAAC,CAAC;QAElD,uEAAuE;QACvE,oEAAoE;QACpE,4EAA4E;QAC5E,wEAAwE;QACxE,MAAM,aAAa,CAAC,UAAU,CAAC;QAE/B,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC/D,CAAC,CAAC,SAAS,CAAC,eAAe,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;QAC7D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,cAAc,CAAC,CAAC;QAC9D,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action.js

@@ -39,6 +39,7 @@ const feature_flags_1 = require("./feature-flags");
 const languages_1 = require("./languages");
 const logging_1 = require("./logging");
 const repository_1 = require("./repository");
+const shared_environment_1 = require("./shared-environment");
 const trap_caching_1 = require("./trap-caching");
 const upload_lib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
@@ -103,8 +104,6 @@ function doesGoExtractionOutputExist(config) {
  * - We detect whether an autobuild step is present by checking the
  * `util.DID_AUTOBUILD_GO_ENV_VAR_NAME` environment variable, which is set
  * when the autobuilder is invoked.
- * - We detect whether the Go database has already been finalized in case it
- * has been manually set in a prior Action step.
  * - We approximate whether manual build steps are present by looking at
  * whether any extraction output already exists for Go.
  */
@@ -116,10 +115,6 @@ async function runAutobuildIfLegacyGoWorkflow(config, logger) {
         logger.debug("Won't run Go autobuild since it has already been run.");
         return;
     }
-    if ((0, analyze_1.dbIsFinalized)(config, languages_1.Language.go, logger)) {
-        logger.debug("Won't run Go autobuild since there is already a finalized database for Go.");
-        return;
-    }
     // This captures whether a user has added manual build steps for Go
     if (doesGoExtractionOutputExist(config)) {
         logger.debug("Won't run Go autobuild since at least one file of Go code has already been extracted.");
@@ -176,8 +171,9 @@ async function run() {
         }
         core.setOutput("db-locations", dbLocations);
         if (runStats && actionsUtil.getRequiredInput("upload") === "true") {
-            uploadResult = await upload_lib.uploadFromActions(outputDir, logger);
+            uploadResult = await upload_lib.uploadFromActions(outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), logger);
             core.setOutput("sarif-id", uploadResult.sarifID);
+            core.exportVariable(shared_environment_1.CODEQL_ACTION_ANALYZE_DID_UPLOAD_SARIF, "true");
         }
         else {
             logger.info("Not uploading results");
@@ -208,6 +204,7 @@ async function run() {
             hasBadExpectErrorInput()) {
             core.setFailed(error.message);
         }
+        console.log(error);
         if (error instanceof analyze_1.CodeQLAnalysisError) {
             const stats = { ...error.queriesStatusReport };
             await sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger);
@@ -237,6 +234,7 @@ async function runWrapper() {
     }
     catch (error) {
         core.setFailed(`analyze action failed: ${error}`);
+        console.log(error);
     }
     await (0, util_1.checkForTimeout)();
 }

lib/codeql.js

@@ -371,6 +371,7 @@ function setCodeQL(partialCodeql) {
         databaseRunQueries: resolveFunction(partialCodeql, "databaseRunQueries"),
         databaseInterpretResults: resolveFunction(partialCodeql, "databaseInterpretResults"),
         databasePrintBaseline: resolveFunction(partialCodeql, "databasePrintBaseline"),
+        diagnosticsExport: resolveFunction(partialCodeql, "diagnosticsExport"),
     };
     return cachedCodeQL;
 }
@@ -666,7 +667,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             if (querySuitePath) {
                 codeqlArgs.push(querySuitePath);
             }
-            await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)(cmd, codeqlArgs, error_matcher_1.errorMatchers);
+            await runTool(cmd, codeqlArgs);
         },
         async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, featureEnablement) {
             const codeqlArgs = [
@@ -695,8 +696,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 codeqlArgs.push(...querySuitePaths);
             }
             // capture stdout, which contains analysis summaries
-            const returnState = await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)(cmd, codeqlArgs, error_matcher_1.errorMatchers);
-            return returnState.stdout;
+            return await runTool(cmd, codeqlArgs);
         },
         async databasePrintBaseline(databasePath) {
             const codeqlArgs = [
@@ -772,6 +772,19 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             ];
             await new toolrunner.ToolRunner(cmd, args).exec();
         },
+        async diagnosticsExport(sarifFile, automationDetailsId) {
+            const args = [
+                "diagnostics",
+                "export",
+                "--format=sarif-latest",
+                `--output=${sarifFile}`,
+                ...getExtraOptionsFromEnv(["diagnostics", "export"]),
+            ];
+            if (automationDetailsId !== undefined) {
+                args.push("--sarif-category", automationDetailsId);
+            }
+            await new toolrunner.ToolRunner(cmd, args).exec();
+        },
     };
     // To ensure that status reports include the CodeQL CLI version wherever
     // possible, we want to call getVersion(), which populates the version value
@@ -847,16 +860,11 @@ async function runTool(cmd, args = []) {
     const exitCode = await new toolrunner.ToolRunner(cmd, args, {
         listeners: {
             stdout: (data) => {
-                output += data.toString("utf8");
+                output += data.toString();
             },
             stderr: (data) => {
-                let readStartIndex = 0;
-                // If the error is too large, then we only take the last 20,000 characters
-                if (data.length - maxErrorSize > 0) {
-                    // Eg: if we have 20,000 the start index should be 2.
-                    readStartIndex = data.length - maxErrorSize + 1;
-                }
-                error += data.toString("utf8", readStartIndex);
+                const toRead = Math.min(maxErrorSize - error.length, data.length);
+                error += data.toString("utf8", 0, toRead);
             },
         },
         ignoreReturnCode: true,

lib/codeql.test.js

@@ -27,7 +27,6 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const toolcache = __importStar(require("@actions/tool-cache"));
-const safeWhich = __importStar(require("@chrisgavin/safe-which"));
 const ava_1 = __importDefault(require("ava"));
 const del_1 = __importDefault(require("del"));
 const yaml = __importStar(require("js-yaml"));
@@ -309,8 +308,6 @@ for (const [isFeatureEnabled, toolsInput, shouldToolcacheBeBypassed,] of TOOLCAC
     const runnerConstructorStub = stubToolRunnerConstructor();
     const codeqlObject = await codeql.getCodeQLForTesting();
     sinon.stub(codeqlObject, "getVersion").resolves("2.7.0");
-    // safeWhich throws because of the test CodeQL object.
-    sinon.stub(safeWhich, "safeWhich").resolves("");
     await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", (0, testing_utils_1.createFeatures)([]));
     t.false(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"), "--sarif-add-query-help should be absent, but it is present");
 });
@@ -318,8 +315,6 @@ for (const [isFeatureEnabled, toolsInput, shouldToolcacheBeBypassed,] of TOOLCAC
     const runnerConstructorStub = stubToolRunnerConstructor();
     const codeqlObject = await codeql.getCodeQLForTesting();
     sinon.stub(codeqlObject, "getVersion").resolves("2.7.1");
-    // safeWhich throws because of the test CodeQL object.
-    sinon.stub(safeWhich, "safeWhich").resolves("");
     await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", (0, testing_utils_1.createFeatures)([]));
     t.true(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"), "--sarif-add-query-help should be present, but it is absent");
 });
@@ -328,8 +323,6 @@ for (const [isFeatureEnabled, toolsInput, shouldToolcacheBeBypassed,] of TOOLCAC
         const runnerConstructorStub = stubToolRunnerConstructor();
         const codeqlObject = await codeql.getCodeQLForTesting();
         sinon.stub(codeqlObject, "getVersion").resolves("2.8.1");
-        // safeWhich throws because of the test CodeQL object.
-        sinon.stub(safeWhich, "safeWhich").resolves("");
         const thisStubConfig = {
             ...stubConfig,
             tempDir,
@@ -578,8 +571,6 @@ const injectedConfigMacro = ava_1.default.macro({
     // The version of CodeQL is checked separately to determine feature enablement, and does not
     // otherwise impact this test, so set it to 0.0.0.
     sinon.stub(codeqlObject, "getVersion").resolves("0.0.0");
-    // safeWhich throws because of the test CodeQL object.
-    sinon.stub(safeWhich, "safeWhich").resolves("");
     await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.FileBaselineInformationEnabled]));
     t.true(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info should be present, but it is absent");
 });
@@ -590,8 +581,6 @@ const injectedConfigMacro = ava_1.default.macro({
     // The version of CodeQL is checked upstream to determine feature enablement, so it does not
     // affect this test.
     sinon.stub(codeqlObject, "getVersion").resolves("0.0.0");
-    // safeWhich throws because of the test CodeQL object.
-    sinon.stub(safeWhich, "safeWhich").resolves("");
     await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", (0, testing_utils_1.createFeatures)([]));
     t.false(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info must be absent, but it is present");
 });

lib/error-matcher.js

@@ -12,10 +12,6 @@ exports.namedMatchersForTesting = {
         message: "No code found during the build. Please see:\n" +
             "https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning#no-code-found-during-the-build",
     },
-    fatalError: {
-        outputRegex: new RegExp("A fatal error occurred"),
-        message: "A fatal error occurred.",
-    },
 };
 // we collapse the matches into an array for use in execErrorCatcher
 exports.errorMatchers = Object.values(exports.namedMatchersForTesting);

lib/error-matcher.js.map

@@ -1 +1 @@
-{"version":3,"file":"error-matcher.js","sourceRoot":"","sources":["../src/error-matcher.ts"],"names":[],"mappings":";;;AAQA,qCAAqC;AACxB,QAAA,uBAAuB,GAAoC;IACtE;;MAEE;IACF,iBAAiB,EAAE;QACjB,QAAQ,EAAE,EAAE;QACZ,WAAW,EAAE,IAAI,MAAM,CAAC,2CAA2C,CAAC;QACpE,OAAO,EACL,+CAA+C;YAC/C,yJAAyJ;KAC5J;IACD,UAAU,EAAE;QACV,WAAW,EAAE,IAAI,MAAM,CAAC,wBAAwB,CAAC;QACjD,OAAO,EAAE,yBAAyB;KACnC;CACF,CAAC;AAEF,oEAAoE;AACvD,QAAA,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,+BAAuB,CAAC,CAAC"}
+{"version":3,"file":"error-matcher.js","sourceRoot":"","sources":["../src/error-matcher.ts"],"names":[],"mappings":";;;AAQA,qCAAqC;AACxB,QAAA,uBAAuB,GAAoC;IACtE;;MAEE;IACF,iBAAiB,EAAE;QACjB,QAAQ,EAAE,EAAE;QACZ,WAAW,EAAE,IAAI,MAAM,CAAC,2CAA2C,CAAC;QACpE,OAAO,EACL,+CAA+C;YAC/C,yJAAyJ;KAC5J;CACF,CAAC;AAEF,oEAAoE;AACvD,QAAA,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,+BAAuB,CAAC,CAAC"}

lib/error-matcher.test.js

@@ -16,9 +16,6 @@ NB We test the regexes for all the matchers against example log output snippets.
   2020-09-07T17:39:53.9251124Z [2020-09-07 17:39:53] [ERROR] Spawned process exited abnormally (code 255; tried to run: [/opt/hostedtoolcache/CodeQL/0.0.0-20200630/x64/codeql/javascript/tools/autobuild.sh])
   `));
 });
-(0, ava_1.default)("fatalError matches against example log output", async (t) => {
-    t.assert(testErrorMatcher("fatalError", "A fatal error occurred: Could not process query metadata for test-query.ql"));
-});
 function testErrorMatcher(matcherName, logSample) {
     if (!(matcherName in error_matcher_1.namedMatchersForTesting)) {
         throw new Error(`Unknown matcher ${matcherName}`);

lib/error-matcher.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"error-matcher.test.js","sourceRoot":"","sources":["../src/error-matcher.test.ts"],"names":[],"mappings":";;;;;AAAA,8CAAuB;AAEvB,mDAA0D;AAE1D;;EAEE;AAEF,IAAA,aAAI,EAAC,6DAA6D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC9E,CAAC,CAAC,MAAM,CACN,gBAAgB,CACd,mBAAmB,EACnB;;;;;GAKH,CACE,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,+CAA+C,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAChE,CAAC,CAAC,MAAM,CACN,gBAAgB,CACd,YAAY,EACZ,4EAA4E,CAC7E,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,SAAS,gBAAgB,CAAC,WAAmB,EAAE,SAAiB;IAC9D,IAAI,CAAC,CAAC,WAAW,IAAI,uCAAuB,CAAC,EAAE;QAC7C,MAAM,IAAI,KAAK,CAAC,mBAAmB,WAAW,EAAE,CAAC,CAAC;KACnD;IACD,MAAM,KAAK,GAAG,uCAAuB,CAAC,WAAW,CAAC,CAAC,WAAW,CAAC;IAC/D,IAAI,KAAK,KAAK,SAAS,EAAE;QACvB,MAAM,IAAI,KAAK,CAAC,uBAAuB,WAAW,kBAAkB,CAAC,CAAC;KACvE;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AAC/B,CAAC"}
+{"version":3,"file":"error-matcher.test.js","sourceRoot":"","sources":["../src/error-matcher.test.ts"],"names":[],"mappings":";;;;;AAAA,8CAAuB;AAEvB,mDAA0D;AAE1D;;EAEE;AAEF,IAAA,aAAI,EAAC,6DAA6D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC9E,CAAC,CAAC,MAAM,CACN,gBAAgB,CACd,mBAAmB,EACnB;;;;;GAKH,CACE,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,SAAS,gBAAgB,CAAC,WAAmB,EAAE,SAAiB;IAC9D,IAAI,CAAC,CAAC,WAAW,IAAI,uCAAuB,CAAC,EAAE;QAC7C,MAAM,IAAI,KAAK,CAAC,mBAAmB,WAAW,EAAE,CAAC,CAAC;KACnD;IACD,MAAM,KAAK,GAAG,uCAAuB,CAAC,WAAW,CAAC,CAAC,WAAW,CAAC;IAC/D,IAAI,KAAK,KAAK,SAAS,EAAE;QACvB,MAAM,IAAI,KAAK,CAAC,uBAAuB,WAAW,kBAAkB,CAAC,CAAC;KACvE;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AAC/B,CAAC"}

lib/feature-flags.js

@@ -33,6 +33,7 @@ var Feature;
     Feature["FileBaselineInformationEnabled"] = "file_baseline_information_enabled";
     Feature["MlPoweredQueriesEnabled"] = "ml_powered_queries_enabled";
     Feature["TrapCachingEnabled"] = "trap_caching_enabled";
+    Feature["UploadFailedSarifEnabled"] = "upload_failed_sarif_enabled";
 })(Feature = exports.Feature || (exports.Feature = {}));
 exports.featureConfig = {
     [Feature.BypassToolcacheEnabled]: {
@@ -67,6 +68,10 @@ exports.featureConfig = {
         envVar: "CODEQL_TRAP_CACHING",
         minimumVersion: undefined,
     },
+    [Feature.UploadFailedSarifEnabled]: {
+        envVar: "CODEQL_ACTION_UPLOAD_FAILED_SARIF",
+        minimumVersion: "2.11.3",
+    },
 };
 exports.FEATURE_FLAGS_FILE_NAME = "cached-feature-flags.json";
 /**

lib/feature-flags.js.map

@@ -1 +1 @@
-{"version":3,"file":"feature-flags.js","sourceRoot":"","sources":["../src/feature-flags.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,6CAA4C;AAI5C,6CAA+B;AAM/B,IAAY,OAQX;AARD,WAAY,OAAO;IACjB,8DAAmD,CAAA;IACnD,sFAA2E,CAAA;IAC3E,2DAAgD,CAAA;IAChD,2EAAgE,CAAA;IAChE,+EAAoE,CAAA;IACpE,iEAAsD,CAAA;IACtD,sDAA2C,CAAA;AAC7C,CAAC,EARW,OAAO,GAAP,eAAO,KAAP,eAAO,QAQlB;AAEY,QAAA,aAAa,GAGtB;IACF,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE;QAChC,MAAM,EAAE,yBAAyB;QACjC,+EAA+E;QAC/E,iCAAiC;QACjC,cAAc,EAAE,SAAS;KAC1B;IACD,CAAC,OAAO,CAAC,iCAAiC,CAAC,EAAE;QAC3C,MAAM,EAAE,sCAAsC;QAC9C,+EAA+E;QAC/E,iCAAiC;QACjC,cAAc,EAAE,SAAS;KAC1B;IACD,CAAC,OAAO,CAAC,4BAA4B,CAAC,EAAE;QACtC,MAAM,EAAE,gCAAgC;QACxC,cAAc,EAAE,SAAS;KAC1B;IACD,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE;QAC9B,MAAM,EAAE,2BAA2B;QACnC,cAAc,EAAE,QAAQ;KACzB;IACD,CAAC,OAAO,CAAC,8BAA8B,CAAC,EAAE;QACxC,MAAM,EAAE,kCAAkC;QAC1C,cAAc,EAAE,QAAQ;KACzB;IACD,CAAC,OAAO,CAAC,uBAAuB,CAAC,EAAE;QACjC,MAAM,EAAE,2BAA2B;QACnC,cAAc,EAAE,OAAO;KACxB;IACD,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE;QAC5B,MAAM,EAAE,qBAAqB;QAC7B,cAAc,EAAE,SAAS;KAC1B;CACF,CAAC;AAUW,QAAA,uBAAuB,GAAG,2BAA2B,CAAC;AAEnE;;;;GAIG;AACH,MAAa,QAAQ;IAGnB,YACE,aAAiC,EACjC,aAA4B,EAC5B,OAAe,EACf,MAAc;QAEd,IAAI,CAAC,kBAAkB,GAAG,IAAI,kBAAkB,CAC9C,aAAa,EACb,aAAa,EACb,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,+BAAuB,CAAC,EAC3C,MAAM,CACP,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,OAAgB,EAAE,MAAe;QAC9C,IAAI,CAAC,MAAM,IAAI,qBAAa,CAAC,OAAO,CAAC,CAAC,cAAc,EAAE;YACpD,MAAM,IAAI,KAAK,CACb,8DAA8D,OAAO,2CAA2C,CACjH,CAAC;SACH;QAED,oDAAoD;QACpD,IAAI,OAAO,KAAK,OAAO,CAAC,sBAAsB,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE;YACrE,OAAO,KAAK,CAAC;SACd;QAED,MAAM,MAAM,GAAG,CACb,OAAO,CAAC,GAAG,CAAC,qBAAa,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CACjD,CAAC,iBAAiB,EAAE,CAAC;QAEtB,sFAAsF;QACtF,IAAI,MAAM,KAAK,OAAO,EAAE;YACtB,OAAO,KAAK,CAAC;SACd;QAED,yEAAyE;QACzE,MAAM,cAAc,GAAG,qBAAa,CAAC,OAAO,CAAC,CAAC,cAAc,CAAC;QAC7D,IAAI,MAAM,IAAI,cAAc,EAAE;YAC5B,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,EAAE;gBAC5D,OAAO,KAAK,CAAC;aACd;SACF;QAED,8EAA8E;QAC9E,IAAI,MAAM,KAAK,MAAM,EAAE;YACrB,OAAO,IAAI,CAAC;SACb;QACD,gDAAgD;QAChD,OAAO,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACzD,CAAC;CACF;AAjED,4BAiEC;AAED,MAAM,kBAAkB;IAGtB,YACmB,aAAiC,EACjC,aAA4B,EAC5B,gBAAwB,EACxB,MAAc;QAHd,kBAAa,GAAb,aAAa,CAAoB;QACjC,kBAAa,GAAb,aAAa,CAAe;QAC5B,qBAAgB,GAAhB,gBAAgB,CAAQ;QACxB,WAAM,GAAN,MAAM,CAAQ;QAE/B,IAAI;IACN,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAgB;QAC7B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC7C,IAAI,QAAQ,KAAK,SAAS,EAAE;YAC1B,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,qCAAqC,OAAO,4BAA4B,CACzE,CAAC;YACF,OAAO,KAAK,CAAC;SACd;QACD,MAAM,iBAAiB,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,iBAAiB,KAAK,SAAS,EAAE;YACnC,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,YAAY,OAAO,uDAAuD,CAC3E,CAAC;YACF,OAAO,KAAK,CAAC;SACd;QACD,OAAO,CAAC,CAAC,iBAAiB,CAAC;IAC7B,CAAC;IAEO,KAAK,CAAC,cAAc;QAC1B,0CAA0C;QAC1C,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE;YACxC,OAAO,IAAI,CAAC,iBAAiB,CAAC;SAC/B;QAED,wEAAwE;QACxE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC9C,IAAI,SAAS,KAAK,SAAS,EAAE;YAC3B,IAAI,CAAC,iBAAiB,GAAG,SAAS,CAAC;YACnC,OAAO,SAAS,CAAC;SAClB;QAED,wCAAwC;QACxC,IAAI,WAAW,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC/C,IAAI,WAAW,KAAK,SAAS,EAAE;YAC7B,WAAW,GAAG,EAAE,CAAC;SAClB;QAED,+BAA+B;QAC/B,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAC;QAErC,+DAA+D;QAC/D,MAAM,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAExC,OAAO,WAAW,CAAC;IACrB,CAAC;IAEO,KAAK,CAAC,cAAc;QAG1B,IAAI;YACF,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE;gBACxC,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,8BAA8B,IAAI,CAAC,gBAAgB,EAAE,CACtD,CAAC;gBACF,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC,CAAC;aACnE;SACF;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,2CAA2C,IAAI,CAAC,gBAAgB,KAAK,CAAC,mCAAmC,CAC1G,CAAC;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,eAAe,CAC3B,KAAoC;QAEpC,IAAI;YACF,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACvE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;SAChE;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,2CAA2C,IAAI,CAAC,gBAAgB,KAAK,CAAC,GAAG,CAC1E,CAAC;SACH;IACH,CAAC;IAEO,KAAK,CAAC,eAAe;QAC3B,iDAAiD;QACjD,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;YACzD,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,oEAAoE,CACrE,CAAC;YACF,OAAO,EAAE,CAAC;SACX;QACD,IAAI;YACF,MAAM,QAAQ,GAAG,MAAM,IAAA,yBAAY,GAAE,CAAC,OAAO,CAC3C,8DAA8D,EAC9D;gBACE,KAAK,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK;gBAC/B,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI;aAC9B,CACF,CAAC;YACF,OAAO,QAAQ,CAAC,IAAI,CAAC;SACtB;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,GAAG,EAAE;gBAC3C,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,gGAAgG;oBAC9F,oEAAoE;oBACpE,qFAAqF;oBACrF,kFAAkF,CAAC,EAAE,CACxF,CAAC;aACH;iBAAM;gBACL,kFAAkF;gBAClF,8EAA8E;gBAC9E,2FAA2F;gBAC3F,eAAe;gBACf,MAAM,IAAI,KAAK,CACb,sEAAsE,CAAC,EAAE,CAC1E,CAAC;aACH;SACF;IACH,CAAC;CACF"}
+{"version":3,"file":"feature-flags.js","sourceRoot":"","sources":["../src/feature-flags.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,6CAA4C;AAI5C,6CAA+B;AAM/B,IAAY,OASX;AATD,WAAY,OAAO;IACjB,8DAAmD,CAAA;IACnD,sFAA2E,CAAA;IAC3E,2DAAgD,CAAA;IAChD,2EAAgE,CAAA;IAChE,+EAAoE,CAAA;IACpE,iEAAsD,CAAA;IACtD,sDAA2C,CAAA;IAC3C,mEAAwD,CAAA;AAC1D,CAAC,EATW,OAAO,GAAP,eAAO,KAAP,eAAO,QASlB;AAEY,QAAA,aAAa,GAGtB;IACF,CAAC,OAAO,CAAC,sBAAsB,CAAC,EAAE;QAChC,MAAM,EAAE,yBAAyB;QACjC,+EAA+E;QAC/E,iCAAiC;QACjC,cAAc,EAAE,SAAS;KAC1B;IACD,CAAC,OAAO,CAAC,iCAAiC,CAAC,EAAE;QAC3C,MAAM,EAAE,sCAAsC;QAC9C,+EAA+E;QAC/E,iCAAiC;QACjC,cAAc,EAAE,SAAS;KAC1B;IACD,CAAC,OAAO,CAAC,4BAA4B,CAAC,EAAE;QACtC,MAAM,EAAE,gCAAgC;QACxC,cAAc,EAAE,SAAS;KAC1B;IACD,CAAC,OAAO,CAAC,oBAAoB,CAAC,EAAE;QAC9B,MAAM,EAAE,2BAA2B;QACnC,cAAc,EAAE,QAAQ;KACzB;IACD,CAAC,OAAO,CAAC,8BAA8B,CAAC,EAAE;QACxC,MAAM,EAAE,kCAAkC;QAC1C,cAAc,EAAE,QAAQ;KACzB;IACD,CAAC,OAAO,CAAC,uBAAuB,CAAC,EAAE;QACjC,MAAM,EAAE,2BAA2B;QACnC,cAAc,EAAE,OAAO;KACxB;IACD,CAAC,OAAO,CAAC,kBAAkB,CAAC,EAAE;QAC5B,MAAM,EAAE,qBAAqB;QAC7B,cAAc,EAAE,SAAS;KAC1B;IACD,CAAC,OAAO,CAAC,wBAAwB,CAAC,EAAE;QAClC,MAAM,EAAE,mCAAmC;QAC3C,cAAc,EAAE,QAAQ;KACzB;CACF,CAAC;AAUW,QAAA,uBAAuB,GAAG,2BAA2B,CAAC;AAEnE;;;;GAIG;AACH,MAAa,QAAQ;IAGnB,YACE,aAAiC,EACjC,aAA4B,EAC5B,OAAe,EACf,MAAc;QAEd,IAAI,CAAC,kBAAkB,GAAG,IAAI,kBAAkB,CAC9C,aAAa,EACb,aAAa,EACb,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,+BAAuB,CAAC,EAC3C,MAAM,CACP,CAAC;IACJ,CAAC;IAED;;;;;;;;;;;OAWG;IACH,KAAK,CAAC,QAAQ,CAAC,OAAgB,EAAE,MAAe;QAC9C,IAAI,CAAC,MAAM,IAAI,qBAAa,CAAC,OAAO,CAAC,CAAC,cAAc,EAAE;YACpD,MAAM,IAAI,KAAK,CACb,8DAA8D,OAAO,2CAA2C,CACjH,CAAC;SACH;QAED,oDAAoD;QACpD,IAAI,OAAO,KAAK,OAAO,CAAC,sBAAsB,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE;YACrE,OAAO,KAAK,CAAC;SACd;QAED,MAAM,MAAM,GAAG,CACb,OAAO,CAAC,GAAG,CAAC,qBAAa,CAAC,OAAO,CAAC,CAAC,MAAM,CAAC,IAAI,EAAE,CACjD,CAAC,iBAAiB,EAAE,CAAC;QAEtB,sFAAsF;QACtF,IAAI,MAAM,KAAK,OAAO,EAAE;YACtB,OAAO,KAAK,CAAC;SACd;QAED,yEAAyE;QACzE,MAAM,cAAc,GAAG,qBAAa,CAAC,OAAO,CAAC,CAAC,cAAc,CAAC;QAC7D,IAAI,MAAM,IAAI,cAAc,EAAE;YAC5B,IAAI,CAAC,CAAC,MAAM,IAAI,CAAC,kBAAkB,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC,EAAE;gBAC5D,OAAO,KAAK,CAAC;aACd;SACF;QAED,8EAA8E;QAC9E,IAAI,MAAM,KAAK,MAAM,EAAE;YACrB,OAAO,IAAI,CAAC;SACb;QACD,gDAAgD;QAChD,OAAO,MAAM,IAAI,CAAC,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;IACzD,CAAC;CACF;AAjED,4BAiEC;AAED,MAAM,kBAAkB;IAGtB,YACmB,aAAiC,EACjC,aAA4B,EAC5B,gBAAwB,EACxB,MAAc;QAHd,kBAAa,GAAb,aAAa,CAAoB;QACjC,kBAAa,GAAb,aAAa,CAAe;QAC5B,qBAAgB,GAAhB,gBAAgB,CAAQ;QACxB,WAAM,GAAN,MAAM,CAAQ;QAE/B,IAAI;IACN,CAAC;IAED,KAAK,CAAC,QAAQ,CAAC,OAAgB;QAC7B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC7C,IAAI,QAAQ,KAAK,SAAS,EAAE;YAC1B,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,qCAAqC,OAAO,4BAA4B,CACzE,CAAC;YACF,OAAO,KAAK,CAAC;SACd;QACD,MAAM,iBAAiB,GAAG,QAAQ,CAAC,OAAO,CAAC,CAAC;QAC5C,IAAI,iBAAiB,KAAK,SAAS,EAAE;YACnC,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,YAAY,OAAO,uDAAuD,CAC3E,CAAC;YACF,OAAO,KAAK,CAAC;SACd;QACD,OAAO,CAAC,CAAC,iBAAiB,CAAC;IAC7B,CAAC;IAEO,KAAK,CAAC,cAAc;QAC1B,0CAA0C;QAC1C,IAAI,IAAI,CAAC,iBAAiB,KAAK,SAAS,EAAE;YACxC,OAAO,IAAI,CAAC,iBAAiB,CAAC;SAC/B;QAED,wEAAwE;QACxE,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,cAAc,EAAE,CAAC;QAC9C,IAAI,SAAS,KAAK,SAAS,EAAE;YAC3B,IAAI,CAAC,iBAAiB,GAAG,SAAS,CAAC;YACnC,OAAO,SAAS,CAAC;SAClB;QAED,wCAAwC;QACxC,IAAI,WAAW,GAAG,MAAM,IAAI,CAAC,eAAe,EAAE,CAAC;QAC/C,IAAI,WAAW,KAAK,SAAS,EAAE;YAC7B,WAAW,GAAG,EAAE,CAAC;SAClB;QAED,+BAA+B;QAC/B,IAAI,CAAC,iBAAiB,GAAG,WAAW,CAAC;QAErC,+DAA+D;QAC/D,MAAM,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAExC,OAAO,WAAW,CAAC;IACrB,CAAC;IAEO,KAAK,CAAC,cAAc;QAG1B,IAAI;YACF,IAAI,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,gBAAgB,CAAC,EAAE;gBACxC,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,8BAA8B,IAAI,CAAC,gBAAgB,EAAE,CACtD,CAAC;gBACF,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC,CAAC;aACnE;SACF;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,2CAA2C,IAAI,CAAC,gBAAgB,KAAK,CAAC,mCAAmC,CAC1G,CAAC;SACH;QACD,OAAO,SAAS,CAAC;IACnB,CAAC;IAEO,KAAK,CAAC,eAAe,CAC3B,KAAoC;QAEpC,IAAI;YACF,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,4BAA4B,IAAI,CAAC,gBAAgB,EAAE,CAAC,CAAC;YACvE,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,gBAAgB,EAAE,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,CAAC;SAChE;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,2CAA2C,IAAI,CAAC,gBAAgB,KAAK,CAAC,GAAG,CAC1E,CAAC;SACH;IACH,CAAC;IAEO,KAAK,CAAC,eAAe;QAC3B,iDAAiD;QACjD,IAAI,IAAI,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;YACzD,IAAI,CAAC,MAAM,CAAC,KAAK,CACf,oEAAoE,CACrE,CAAC;YACF,OAAO,EAAE,CAAC;SACX;QACD,IAAI;YACF,MAAM,QAAQ,GAAG,MAAM,IAAA,yBAAY,GAAE,CAAC,OAAO,CAC3C,8DAA8D,EAC9D;gBACE,KAAK,EAAE,IAAI,CAAC,aAAa,CAAC,KAAK;gBAC/B,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI;aAC9B,CACF,CAAC;YACF,OAAO,QAAQ,CAAC,IAAI,CAAC;SACtB;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,GAAG,EAAE;gBAC3C,IAAI,CAAC,MAAM,CAAC,OAAO,CACjB,gGAAgG;oBAC9F,oEAAoE;oBACpE,qFAAqF;oBACrF,kFAAkF,CAAC,EAAE,CACxF,CAAC;aACH;iBAAM;gBACL,kFAAkF;gBAClF,8EAA8E;gBAC9E,2FAA2F;gBAC3F,eAAe;gBACf,MAAM,IAAI,KAAK,CACb,sEAAsE,CAAC,EAAE,CAC1E,CAAC;aACH;SACF;IACH,CAAC;CACF"}

lib/init-action-post-helper.js

@@ -22,16 +22,77 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.run = void 0;
 const core = __importStar(require("@actions/core"));
 const actionsUtil = __importStar(require("./actions-util"));
+const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
-const logging_1 = require("./logging");
-async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, printDebugLogs) {
-    const logger = (0, logging_1.getActionsLogger)();
+const feature_flags_1 = require("./feature-flags");
+const shared_environment_1 = require("./shared-environment");
+const uploadLib = __importStar(require("./upload-lib"));
+const util_1 = require("./util");
+const workflow_1 = require("./workflow");
+async function uploadFailedSarif(config, repositoryNwo, featureEnablement, logger) {
+    if (!config.codeQLCmd) {
+        logger.warning("CodeQL command not found. Unable to upload failed SARIF file.");
+        return;
+    }
+    const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
+    if (!(await featureEnablement.getValue(feature_flags_1.Feature.UploadFailedSarifEnabled, codeql))) {
+        logger.debug("Uploading failed SARIF is disabled.");
+        return;
+    }
+    const workflow = await (0, workflow_1.getWorkflow)();
+    const jobName = (0, util_1.getRequiredEnvParam)("GITHUB_JOB");
+    const matrix = (0, util_1.parseMatrixInput)(actionsUtil.getRequiredInput("matrix"));
+    if ((0, workflow_1.getUploadInputOrThrow)(workflow, jobName, matrix) !== "true" ||
+        (0, util_1.isInTestMode)()) {
+        logger.debug("Won't upload a failed SARIF file since SARIF upload is disabled.");
+        return;
+    }
+    const category = (0, workflow_1.getCategoryInputOrThrow)(workflow, jobName, matrix);
+    const checkoutPath = (0, workflow_1.getCheckoutPathInputOrThrow)(workflow, jobName, matrix);
+    const waitForProcessing = (0, workflow_1.getWaitForProcessingInputOrThrow)(workflow, jobName, matrix) === "true";
+    const sarifFile = "../codeql-failed-run.sarif";
+    await codeql.diagnosticsExport(sarifFile, category);
+    core.info(`Uploading failed SARIF file ${sarifFile}`);
+    const uploadResult = await uploadLib.uploadFromActions(sarifFile, checkoutPath, category, logger);
+    if (uploadResult !== undefined && waitForProcessing) {
+        try {
+            await uploadLib.waitForProcessing(repositoryNwo, uploadResult.sarifID, logger);
+        }
+        catch (e) {
+            if (e instanceof Error && e.message.includes("unsuccessful execution")) {
+                logger.info("Submitting a SARIF file for the failed run isn't yet supported, continuing.");
+            }
+            else {
+                throw e;
+            }
+        }
+    }
+}
+async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, printDebugLogs, repositoryNwo, featureEnablement, logger) {
     const config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
     if (config === undefined) {
         logger.warning("Debugging artifacts are unavailable since the 'init' Action failed before it could produce any.");
+        return;
+    }
+    // Environment variable used to integration test uploading a SARIF file for failed runs
+    const expectFailedSarifUpload = process.env["CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF"] === "true";
+    if (process.env[shared_environment_1.CODEQL_ACTION_ANALYZE_DID_UPLOAD_SARIF] !== "true") {
+        try {
+            await uploadFailedSarif(config, repositoryNwo, featureEnablement, logger);
+        }
+        catch (e) {
+            if (expectFailedSarifUpload) {
+                throw new Error("Expected to upload a SARIF file for the failed run, but encountered " +
+                    `the following error: ${e}`);
+            }
+            logger.warning(`Failed to upload a SARIF file for the failed run. Error: ${e}`);
+        }
+    }
+    else if (expectFailedSarifUpload) {
+        throw new Error("Expected to upload a SARIF file for the failed run, but didn't.");
     }
     // Upload appropriate Actions artifacts for debugging
-    if (config === null || config === void 0 ? void 0 : config.debugMode) {
+    if (config.debugMode) {
         core.info("Debug mode is on. Uploading available database bundles and logs as Actions debugging artifacts...");
         await uploadDatabaseBundleDebugArtifact(config, logger);
         await uploadLogsDebugArtifact(config);

lib/init-action-post-helper.js.map

@@ -1 +1 @@
-{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAA2C;AAC3C,uCAA6C;AAEtC,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB;IAExB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,SAAS,EAAE;QACrB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;AACH,CAAC;AAxBD,kBAwBC"}
+{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAA8E;AAC9E,wDAA0C;AAC1C,iCAA6E;AAC7E,yCAMoB;AAEpB,KAAK,UAAU,iBAAiB,CAC9B,MAAc,EACd,aAA4B,EAC5B,iBAAoC,EACpC,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,MAAM,CAAC,OAAO,CACZ,+DAA+D,CAChE,CAAC;QACF,OAAO;KACR;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IACE,CAAC,CAAC,MAAM,iBAAiB,CAAC,QAAQ,CAChC,uBAAO,CAAC,wBAAwB,EAChC,MAAM,CACP,CAAC,EACF;QACA,MAAM,CAAC,KAAK,CAAC,qCAAqC,CAAC,CAAC;QACpD,OAAO;KACR;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,GAAE,CAAC;IACrC,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,IACE,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,MAAM;QAC3D,IAAA,mBAAY,GAAE,EACd;QACA,MAAM,CAAC,KAAK,CACV,kEAAkE,CACnE,CAAC;QACF,OAAO;KACR;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAC5E,MAAM,iBAAiB,GACrB,IAAA,2CAAgC,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,MAAM,CAAC;IAEzE,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAC/C,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEpD,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,IAAI,YAAY,KAAK,SAAS,IAAI,iBAAiB,EAAE;QACnD,IAAI;YACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,YAAY,KAAK,IAAI,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,wBAAwB,CAAC,EAAE;gBACtE,MAAM,CAAC,IAAI,CACT,6EAA6E,CAC9E,CAAC;aACH;iBAAM;gBACL,MAAM,CAAC,CAAC;aACT;SACF;KACF;AACH,CAAC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,iBAAoC,EACpC,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,uFAAuF;IACvF,MAAM,uBAAuB,GAC3B,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM,CAAC;IAErE,IAAI,OAAO,CAAC,GAAG,CAAC,2DAAsC,CAAC,KAAK,MAAM,EAAE;QAClE,IAAI;YACF,MAAM,iBAAiB,CAAC,MAAM,EAAE,aAAa,EAAE,iBAAiB,EAAE,MAAM,CAAC,CAAC;SAC3E;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,uBAAuB,EAAE;gBAC3B,MAAM,IAAI,KAAK,CACb,sEAAsE;oBACpE,wBAAwB,CAAC,EAAE,CAC9B,CAAC;aACH;YACD,MAAM,CAAC,OAAO,CACZ,4DAA4D,CAAC,EAAE,CAChE,CAAC;SACH;KACF;SAAM,IAAI,uBAAuB,EAAE;QAClC,MAAM,IAAI,KAAK,CACb,iEAAiE,CAClE,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;AACH,CAAC;AAlDD,kBAkDC"}

lib/init-action-post-helper.test.js

@@ -26,6 +26,8 @@ const ava_1 = __importDefault(require("ava"));
 const sinon = __importStar(require("sinon"));
 const configUtils = __importStar(require("./config-utils"));
 const initActionPostHelper = __importStar(require("./init-action-post-helper"));
+const logging_1 = require("./logging");
+const repository_1 = require("./repository");
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
 (0, testing_utils_1.setupTests)(ava_1.default);
@@ -44,7 +46,7 @@ const util = __importStar(require("./util"));
         const uploadDatabaseBundleSpy = sinon.spy();
         const uploadLogsSpy = sinon.spy();
         const printDebugLogsSpy = sinon.spy();
-        await initActionPostHelper.run(uploadDatabaseBundleSpy, uploadLogsSpy, printDebugLogsSpy);
+        await initActionPostHelper.run(uploadDatabaseBundleSpy, uploadLogsSpy, printDebugLogsSpy, (0, repository_1.parseRepositoryNwo)("github/codeql-action"), (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
         t.assert(uploadDatabaseBundleSpy.notCalled);
         t.assert(uploadLogsSpy.notCalled);
         t.assert(printDebugLogsSpy.notCalled);
@@ -65,7 +67,7 @@ const util = __importStar(require("./util"));
         const uploadDatabaseBundleSpy = sinon.spy();
         const uploadLogsSpy = sinon.spy();
         const printDebugLogsSpy = sinon.spy();
-        await initActionPostHelper.run(uploadDatabaseBundleSpy, uploadLogsSpy, printDebugLogsSpy);
+        await initActionPostHelper.run(uploadDatabaseBundleSpy, uploadLogsSpy, printDebugLogsSpy, (0, repository_1.parseRepositoryNwo)("github/codeql-action"), (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
         t.assert(uploadDatabaseBundleSpy.called);
         t.assert(uploadLogsSpy.called);
         t.assert(printDebugLogsSpy.called);

lib/init-action-post-helper.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"init-action-post-helper.test.js","sourceRoot":"","sources":["../src/init-action-post-helper.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,gFAAkE;AAClE,mDAA6C;AAC7C,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,uCAAuC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACxD,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,KAAK;YAChB,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,uBAAuB,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAC5C,MAAM,aAAa,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAClC,MAAM,iBAAiB,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEtC,MAAM,oBAAoB,CAAC,GAAG,CAC5B,uBAAuB,EACvB,aAAa,EACb,iBAAiB,CAClB,CAAC;QAEF,CAAC,CAAC,MAAM,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC;QAC5C,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,MAAM,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sCAAsC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvD,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,IAAI;YACf,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,uBAAuB,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAC5C,MAAM,aAAa,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAClC,MAAM,iBAAiB,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEtC,MAAM,oBAAoB,CAAC,GAAG,CAC5B,uBAAuB,EACvB,aAAa,EACb,iBAAiB,CAClB,CAAC;QAEF,CAAC,CAAC,MAAM,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"init-action-post-helper.test.js","sourceRoot":"","sources":["../src/init-action-post-helper.test.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;AAAA,8CAAuB;AACvB,6CAA+B;AAE/B,4DAA8C;AAC9C,gFAAkE;AAClE,uCAA4C;AAC5C,6CAAkD;AAClD,mDAA6D;AAC7D,6CAA+B;AAE/B,IAAA,0BAAU,EAAC,aAAI,CAAC,CAAC;AAEjB,IAAA,aAAI,EAAC,uCAAuC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACxD,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,KAAK;YAChB,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,uBAAuB,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAC5C,MAAM,aAAa,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAClC,MAAM,iBAAiB,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEtC,MAAM,oBAAoB,CAAC,GAAG,CAC5B,uBAAuB,EACvB,aAAa,EACb,iBAAiB,EACjB,IAAA,+BAAkB,EAAC,sBAAsB,CAAC,EAC1C,IAAA,8BAAc,EAAC,EAAE,CAAC,EAClB,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;QAEF,CAAC,CAAC,MAAM,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC;QAC5C,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,MAAM,CAAC,iBAAiB,CAAC,SAAS,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,IAAA,aAAI,EAAC,sCAAsC,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACvD,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QAEpC,MAAM,aAAa,GAAuB;YACxC,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,MAAM;SAChC,CAAC;QACF,KAAK,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC;YAC5C,SAAS,EAAE,IAAI;YACf,aAAa;YACb,SAAS,EAAE,EAAE;YACb,KAAK,EAAE,EAAE;SACuB,CAAC,CAAC;QAEpC,MAAM,uBAAuB,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAC5C,MAAM,aAAa,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAClC,MAAM,iBAAiB,GAAG,KAAK,CAAC,GAAG,EAAE,CAAC;QAEtC,MAAM,oBAAoB,CAAC,GAAG,CAC5B,uBAAuB,EACvB,aAAa,EACb,iBAAiB,EACjB,IAAA,+BAAkB,EAAC,sBAAsB,CAAC,EAC1C,IAAA,8BAAc,EAAC,EAAE,CAAC,EAClB,IAAA,yBAAe,EAAC,IAAI,CAAC,CACtB,CAAC;QAEF,CAAC,CAAC,MAAM,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;QACzC,CAAC,CAAC,MAAM,CAAC,aAAa,CAAC,MAAM,CAAC,CAAC;QAC/B,CAAC,CAAC,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,CAAC;IACrC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/init-action-post.js

@@ -26,11 +26,21 @@ var __importStar = (this && this.__importStar) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const actionsUtil = __importStar(require("./actions-util"));
+const api_client_1 = require("./api-client");
 const debugArtifacts = __importStar(require("./debug-artifacts"));
+const feature_flags_1 = require("./feature-flags");
 const initActionPostHelper = __importStar(require("./init-action-post-helper"));
+const logging_1 = require("./logging");
+const repository_1 = require("./repository");
+const util_1 = require("./util");
 async function runWrapper() {
     try {
-        await initActionPostHelper.run(debugArtifacts.uploadDatabaseBundleDebugArtifact, debugArtifacts.uploadLogsDebugArtifact, actionsUtil.printDebugLogs);
+        const logger = (0, logging_1.getActionsLogger)();
+        const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
+        (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
+        const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
+        const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
+        await initActionPostHelper.run(debugArtifacts.uploadDatabaseBundleDebugArtifact, debugArtifacts.uploadLogsDebugArtifact, actionsUtil.printDebugLogs, repositoryNwo, features, logger);
     }
     catch (error) {
         core.setFailed(`init post-action step failed: ${error}`);

lib/init-action-post.js.map

@@ -1 +1 @@
-{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,4DAA8C;AAC9C,kEAAoD;AACpD,gFAAkE;AAElE,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,oBAAoB,CAAC,GAAG,CAC5B,cAAc,CAAC,iCAAiC,EAChD,cAAc,CAAC,uBAAuB,EACtC,WAAW,CAAC,cAAc,CAC3B,CAAC;KACH;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,iCAAiC,KAAK,EAAE,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"init-action-post.js","sourceRoot":"","sources":["../src/init-action-post.ts"],"names":[],"mappings":";AAAA;;;;GAIG;;;;;;;;;;;;;;;;;;;;;AAEH,oDAAsC;AAEtC,4DAA8C;AAC9C,6CAAgD;AAChD,kEAAoD;AACpD,mDAA2C;AAC3C,gFAAkE;AAClE,uCAA6C;AAC7C,6CAAkD;AAClD,iCAAwE;AAExE,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;QAClC,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QAEjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,WAAW,CAAC,qBAAqB,EAAE,EACnC,MAAM,CACP,CAAC;QAEF,MAAM,oBAAoB,CAAC,GAAG,CAC5B,cAAc,CAAC,iCAAiC,EAChD,cAAc,CAAC,uBAAuB,EACtC,WAAW,CAAC,cAAc,EAC1B,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;KACH;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,iCAAiC,KAAK,EAAE,CAAC,CAAC;QACzD,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/shared-environment.js

@@ -1,14 +1,22 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CODEQL_ACTION_TEST_MODE = exports.CODEQL_ACTION_TESTING_ENVIRONMENT = exports.CODEQL_WORKFLOW_STARTED_AT = exports.ODASA_TRACER_CONFIGURATION = void 0;
-exports.ODASA_TRACER_CONFIGURATION = "ODASA_TRACER_CONFIGURATION";
-// The time at which the first action (normally init) started executing.
-// If a workflow invokes a different action without first invoking the init
-// action (i.e. the upload action is being used by a third-party integrator)
-// then this variable will be assigned the start time of the action invoked
-// rather that the init action.
-exports.CODEQL_WORKFLOW_STARTED_AT = "CODEQL_WORKFLOW_STARTED_AT";
+exports.ODASA_TRACER_CONFIGURATION = exports.CODEQL_WORKFLOW_STARTED_AT = exports.CODEQL_ACTION_TEST_MODE = exports.CODEQL_ACTION_TESTING_ENVIRONMENT = exports.CODEQL_ACTION_ANALYZE_DID_UPLOAD_SARIF = void 0;
+/**
+ * This environment variable is set to true when the `analyze` Action
+ * successfully uploads a SARIF file. It does NOT indicate whether the
+ * SARIF file was processed successfully.
+ */
+exports.CODEQL_ACTION_ANALYZE_DID_UPLOAD_SARIF = "CODEQL_ACTION_ANALYZE_DID_UPLOAD_SARIF";
 exports.CODEQL_ACTION_TESTING_ENVIRONMENT = "CODEQL_ACTION_TESTING_ENVIRONMENT";
 /** Used to disable uploading SARIF results or status reports to the GitHub API */
 exports.CODEQL_ACTION_TEST_MODE = "CODEQL_ACTION_TEST_MODE";
+/**
+ * The time at which the first action (normally init) started executing.
+ * If a workflow invokes a different action without first invoking the init
+ * action (i.e. the upload action is being used by a third-party integrator)
+ * then this variable will be assigned the start time of the action invoked
+ * rather that the init action.
+ */
+exports.CODEQL_WORKFLOW_STARTED_AT = "CODEQL_WORKFLOW_STARTED_AT";
+exports.ODASA_TRACER_CONFIGURATION = "ODASA_TRACER_CONFIGURATION";
 //# sourceMappingURL=shared-environment.js.map

lib/shared-environment.js.map

@@ -1 +1 @@
-{"version":3,"file":"shared-environment.js","sourceRoot":"","sources":["../src/shared-environment.ts"],"names":[],"mappings":";;;AAAa,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AACvE,wEAAwE;AACxE,2EAA2E;AAC3E,4EAA4E;AAC5E,2EAA2E;AAC3E,+BAA+B;AAClB,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAE1D,QAAA,iCAAiC,GAC5C,mCAAmC,CAAC;AAEtC,kFAAkF;AACrE,QAAA,uBAAuB,GAAG,yBAAyB,CAAC"}
+{"version":3,"file":"shared-environment.js","sourceRoot":"","sources":["../src/shared-environment.ts"],"names":[],"mappings":";;;AAAA;;;;GAIG;AACU,QAAA,sCAAsC,GACjD,wCAAwC,CAAC;AAE9B,QAAA,iCAAiC,GAC5C,mCAAmC,CAAC;AAEtC,kFAAkF;AACrE,QAAA,uBAAuB,GAAG,yBAAyB,CAAC;AAEjE;;;;;;GAMG;AACU,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAE1D,QAAA,0BAA0B,GAAG,4BAA4B,CAAC"}

lib/toolrunner-error-catcher.js

@@ -31,7 +31,7 @@ const safeWhich = __importStar(require("@chrisgavin/safe-which"));
  * @param     args               optional arguments for tool. Escaping is handled by the lib.
  * @param     matchers           defines specific codes and/or regexes that should lead to return of a custom error
  * @param     options            optional exec options.  See ExecOptions
- * @returns   ReturnState        exit code and stdout output, if applicable
+ * @returns   Promise<number>    exit code
  */
 async function toolrunnerErrorCatcher(commandLine, args, matchers, options) {
     var _a, _b;
@@ -54,36 +54,40 @@ async function toolrunnerErrorCatcher(commandLine, args, matchers, options) {
         },
     };
     // we capture the original return code or error so that if no match is found we can duplicate the behavior
-    let exitCode;
+    let returnState;
     try {
-        exitCode = await new toolrunner.ToolRunner(await safeWhich.safeWhich(commandLine), args, {
+        returnState = await new toolrunner.ToolRunner(await safeWhich.safeWhich(commandLine), args, {
             ...options,
             listeners,
             ignoreReturnCode: true, // so we can check for specific codes using the matchers
         }).exec();
-        // if there is a zero return code then we do not apply the matchers
-        if (exitCode === 0)
-            return { exitCode, stdout };
-        if (matchers) {
-            for (const matcher of matchers) {
-                if (matcher.exitCode === exitCode ||
-                    ((_a = matcher.outputRegex) === null || _a === void 0 ? void 0 : _a.test(stderr)) ||
-                    ((_b = matcher.outputRegex) === null || _b === void 0 ? void 0 : _b.test(stdout))) {
-                    throw new Error(matcher.message);
-                }
-            }
-        }
-        // only if we were instructed to ignore the return code do we ever return it non-zero
-        if (options === null || options === void 0 ? void 0 : options.ignoreReturnCode) {
-            return { exitCode, stdout };
-        }
-        else {
-            throw new Error(`The process '${commandLine}' failed with exit code ${exitCode}`);
-        }
     }
     catch (e) {
-        const error = e instanceof Error ? e : new Error(String(e));
-        throw error;
+        returnState = e instanceof Error ? e : new Error(String(e));
+    }
+    // if there is a zero return code then we do not apply the matchers
+    if (returnState === 0)
+        return returnState;
+    if (matchers) {
+        for (const matcher of matchers) {
+            if (matcher.exitCode === returnState ||
+                ((_a = matcher.outputRegex) === null || _a === void 0 ? void 0 : _a.test(stderr)) ||
+                ((_b = matcher.outputRegex) === null || _b === void 0 ? void 0 : _b.test(stdout))) {
+                throw new Error(matcher.message);
+            }
+        }
+    }
+    if (typeof returnState === "number") {
+        // only if we were instructed to ignore the return code do we ever return it non-zero
+        if (options === null || options === void 0 ? void 0 : options.ignoreReturnCode) {
+            return returnState;
+        }
+        else {
+            throw new Error(`The process '${commandLine}' failed with exit code ${returnState}`);
+        }
+    }
+    else {
+        throw returnState;
     }
 }
 exports.toolrunnerErrorCatcher = toolrunnerErrorCatcher;

lib/toolrunner-error-catcher.js.map

@@ -1 +1 @@
-{"version":3,"file":"toolrunner-error-catcher.js","sourceRoot":"","sources":["../src/toolrunner-error-catcher.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AACA,yEAA2D;AAC3D,kEAAoD;AASpD;;;;;;;;;;GAUG;AACI,KAAK,UAAU,sBAAsB,CAC1C,WAAmB,EACnB,IAAe,EACf,QAAyB,EACzB,OAAwB;;IAExB,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,MAAM,SAAS,GAAG;QAChB,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;QACH,CAAC;QACD,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;QACH,CAAC;KACF,CAAC;IAEF,0GAA0G;IAC1G,IAAI,QAAgB,CAAC;IACrB,IAAI;QACF,QAAQ,GAAG,MAAM,IAAI,UAAU,CAAC,UAAU,CACxC,MAAM,SAAS,CAAC,SAAS,CAAC,WAAW,CAAC,EACtC,IAAI,EACJ;YACE,GAAG,OAAO;YACV,SAAS;YACT,gBAAgB,EAAE,IAAI,EAAE,wDAAwD;SACjF,CACF,CAAC,IAAI,EAAE,CAAC;QAET,mEAAmE;QACnE,IAAI,QAAQ,KAAK,CAAC;YAAE,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;QAEhD,IAAI,QAAQ,EAAE;YACZ,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;gBAC9B,IACE,OAAO,CAAC,QAAQ,KAAK,QAAQ;qBAC7B,MAAA,OAAO,CAAC,WAAW,0CAAE,IAAI,CAAC,MAAM,CAAC,CAAA;qBACjC,MAAA,OAAO,CAAC,WAAW,0CAAE,IAAI,CAAC,MAAM,CAAC,CAAA,EACjC;oBACA,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;iBAClC;aACF;SACF;QAED,qFAAqF;QACrF,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gBAAgB,EAAE;YAC7B,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,CAAC;SAC7B;aAAM;YACL,MAAM,IAAI,KAAK,CACb,gBAAgB,WAAW,2BAA2B,QAAQ,EAAE,CACjE,CAAC;SACH;KACF;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,KAAK,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;QAC5D,MAAM,KAAK,CAAC;KACb;AACH,CAAC;AAhED,wDAgEC"}
+{"version":3,"file":"toolrunner-error-catcher.js","sourceRoot":"","sources":["../src/toolrunner-error-catcher.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AACA,yEAA2D;AAC3D,kEAAoD;AAIpD;;;;;;;;;;GAUG;AACI,KAAK,UAAU,sBAAsB,CAC1C,WAAmB,EACnB,IAAe,EACf,QAAyB,EACzB,OAAwB;;IAExB,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,MAAM,SAAS,GAAG;QAChB,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;QACH,CAAC;QACD,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,CAAA,MAAA,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,SAAS,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;QACH,CAAC;KACF,CAAC;IAEF,0GAA0G;IAC1G,IAAI,WAA2B,CAAC;IAChC,IAAI;QACF,WAAW,GAAG,MAAM,IAAI,UAAU,CAAC,UAAU,CAC3C,MAAM,SAAS,CAAC,SAAS,CAAC,WAAW,CAAC,EACtC,IAAI,EACJ;YACE,GAAG,OAAO;YACV,SAAS;YACT,gBAAgB,EAAE,IAAI,EAAE,wDAAwD;SACjF,CACF,CAAC,IAAI,EAAE,CAAC;KACV;IAAC,OAAO,CAAC,EAAE;QACV,WAAW,GAAG,CAAC,YAAY,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;KAC7D;IAED,mEAAmE;IACnE,IAAI,WAAW,KAAK,CAAC;QAAE,OAAO,WAAW,CAAC;IAE1C,IAAI,QAAQ,EAAE;QACZ,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;YAC9B,IACE,OAAO,CAAC,QAAQ,KAAK,WAAW;iBAChC,MAAA,OAAO,CAAC,WAAW,0CAAE,IAAI,CAAC,MAAM,CAAC,CAAA;iBACjC,MAAA,OAAO,CAAC,WAAW,0CAAE,IAAI,CAAC,MAAM,CAAC,CAAA,EACjC;gBACA,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;aAClC;SACF;KACF;IAED,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE;QACnC,qFAAqF;QACrF,IAAI,OAAO,aAAP,OAAO,uBAAP,OAAO,CAAE,gBAAgB,EAAE;YAC7B,OAAO,WAAW,CAAC;SACpB;aAAM;YACL,MAAM,IAAI,KAAK,CACb,gBAAgB,WAAW,2BAA2B,WAAW,EAAE,CACpE,CAAC;SACH;KACF;SAAM;QACL,MAAM,WAAW,CAAC;KACnB;AACH,CAAC;AAnED,wDAmEC"}

lib/toolrunner-error-catcher.test.js

@@ -33,8 +33,7 @@ const toolrunner_error_catcher_1 = require("./toolrunner-error-catcher");
         { exitCode: 123, outputRegex: new RegExp("foo bar"), message: "error!!!" },
     ];
     t.deepEqual(await exec.exec("node", testArgs), 0);
-    const returnState = await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)("node", testArgs, matchers);
-    t.deepEqual(returnState.exitCode, 0);
+    t.deepEqual(await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)("node", testArgs, matchers), 0);
 });
 (0, ava_1.default)("regex matchers are applied to stdout for non-zero exit code", async (t) => {
     const testArgs = buildDummyArgs("foo bar\\nblort qux", "", "", 1);
@@ -117,10 +116,9 @@ const toolrunner_error_catcher_1 = require("./toolrunner-error-catcher");
 (0, ava_1.default)("execErrorCatcher respects the ignoreReturnValue option", async (t) => {
     const testArgs = buildDummyArgs("standard output", "error output", "", 199);
     await t.throwsAsync((0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)("node", testArgs, [], { ignoreReturnCode: false }), { instanceOf: Error });
-    const returnState = await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)("node", testArgs, [], {
+    t.deepEqual(await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)("node", testArgs, [], {
         ignoreReturnCode: true,
-    });
-    t.deepEqual(returnState.exitCode, 199);
+    }), 199);
 });
 (0, ava_1.default)("execErrorCatcher preserves behavior of provided listeners", async (t) => {
     const stdoutExpected = "standard output";
@@ -136,10 +134,9 @@ const toolrunner_error_catcher_1 = require("./toolrunner-error-catcher");
         },
     };
     const testArgs = buildDummyArgs(stdoutExpected, stderrExpected, "", 0);
-    const returnState = await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)("node", testArgs, [], {
+    t.deepEqual(await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)("node", testArgs, [], {
         listeners,
-    });
-    t.deepEqual(returnState.exitCode, 0);
+    }), 0);
     t.deepEqual(stdoutActual, `${stdoutExpected}\n`);
     t.deepEqual(stderrActual, `${stderrExpected}\n`);
 });

lib/upload-lib.js

@@ -128,9 +128,8 @@ function findSarifFilesInDir(sarifPath) {
 exports.findSarifFilesInDir = findSarifFilesInDir;
 // Uploads a single sarif file or a directory of sarif files
 // depending on what the path happens to refer to.
-// Returns true iff the upload occurred and succeeded
-async function uploadFromActions(sarifPath, logger) {
-    return await uploadFiles(getSarifFilePaths(sarifPath), (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), await actionsUtil.getCommitOid(actionsUtil.getRequiredInput("checkout_path")), await actionsUtil.getRef(), await actionsUtil.getAnalysisKey(), actionsUtil.getOptionalInput("category"), util.getRequiredEnvParam("GITHUB_WORKFLOW"), workflow.getWorkflowRunID(), actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getRequiredInput("matrix"), logger);
+async function uploadFromActions(sarifPath, checkoutPath, category, logger) {
+    return await uploadFiles(getSarifFilePaths(sarifPath), (0, repository_1.parseRepositoryNwo)(util.getRequiredEnvParam("GITHUB_REPOSITORY")), await actionsUtil.getCommitOid(checkoutPath), await actionsUtil.getRef(), await actionsUtil.getAnalysisKey(), category, util.getRequiredEnvParam("GITHUB_WORKFLOW"), workflow.getWorkflowRunID(), checkoutPath, actionsUtil.getRequiredInput("matrix"), logger);
 }
 exports.uploadFromActions = uploadFromActions;
 function getSarifFilePaths(sarifPath) {
@@ -273,43 +272,48 @@ const STATUS_CHECK_TIMEOUT_MILLISECONDS = 2 * 60 * 1000;
 // Waits until either the analysis is successfully processed, a processing error is reported, or STATUS_CHECK_TIMEOUT_MILLISECONDS elapses.
 async function waitForProcessing(repositoryNwo, sarifID, logger) {
     logger.startGroup("Waiting for processing to finish");
-    const client = api.getApiClient();
-    const statusCheckingStarted = Date.now();
-    // eslint-disable-next-line no-constant-condition
-    while (true) {
-        if (Date.now() >
-            statusCheckingStarted + STATUS_CHECK_TIMEOUT_MILLISECONDS) {
-            // If the analysis hasn't finished processing in the allotted time, we continue anyway rather than failing.
-            // It's possible the analysis will eventually finish processing, but it's not worth spending more Actions time waiting.
-            logger.warning("Timed out waiting for analysis to finish processing. Continuing.");
-            break;
+    try {
+        const client = api.getApiClient();
+        const statusCheckingStarted = Date.now();
+        // eslint-disable-next-line no-constant-condition
+        while (true) {
+            if (Date.now() >
+                statusCheckingStarted + STATUS_CHECK_TIMEOUT_MILLISECONDS) {
+                // If the analysis hasn't finished processing in the allotted time, we continue anyway rather than failing.
+                // It's possible the analysis will eventually finish processing, but it's not worth spending more Actions time waiting.
+                logger.warning("Timed out waiting for analysis to finish processing. Continuing.");
+                break;
+            }
+            let response = undefined;
+            try {
+                response = await client.request("GET /repos/:owner/:repo/code-scanning/sarifs/:sarif_id", {
+                    owner: repositoryNwo.owner,
+                    repo: repositoryNwo.repo,
+                    sarif_id: sarifID,
+                });
+            }
+            catch (e) {
+                logger.warning(`An error occurred checking the status of the delivery. ${e} It should still be processed in the background, but errors that occur during processing may not be reported.`);
+                break;
+            }
+            const status = response.data.processing_status;
+            logger.info(`Analysis upload status is ${status}.`);
+            if (status === "complete") {
+                break;
+            }
+            else if (status === "pending") {
+                logger.debug("Analysis processing is still pending...");
+            }
+            else if (status === "failed") {
+                logger.info(JSON.stringify(response.data));
+                throw new Error(`Code Scanning could not process the submitted SARIF file:\n${response.data.errors}`);
+            }
+            await util.delay(STATUS_CHECK_FREQUENCY_MILLISECONDS);
         }
-        let response = undefined;
-        try {
-            response = await client.request("GET /repos/:owner/:repo/code-scanning/sarifs/:sarif_id", {
-                owner: repositoryNwo.owner,
-                repo: repositoryNwo.repo,
-                sarif_id: sarifID,
-            });
-        }
-        catch (e) {
-            logger.warning(`An error occurred checking the status of the delivery. ${e} It should still be processed in the background, but errors that occur during processing may not be reported.`);
-            break;
-        }
-        const status = response.data.processing_status;
-        logger.info(`Analysis upload status is ${status}.`);
-        if (status === "complete") {
-            break;
-        }
-        else if (status === "pending") {
-            logger.debug("Analysis processing is still pending...");
-        }
-        else if (status === "failed") {
-            throw new Error(`Code Scanning could not process the submitted SARIF file:\n${response.data.errors}`);
-        }
-        await util.delay(STATUS_CHECK_FREQUENCY_MILLISECONDS);
     }
-    logger.endGroup();
+    finally {
+        logger.endGroup();
+    }
 }
 exports.waitForProcessing = waitForProcessing;
 function validateUniqueCategory(sarif) {

lib/upload-sarif-action.js

@@ -43,7 +43,7 @@ async function run() {
         return;
     }
     try {
-        const uploadResult = await upload_lib.uploadFromActions(actionsUtil.getRequiredInput("sarif_file"), (0, logging_1.getActionsLogger)());
+        const uploadResult = await upload_lib.uploadFromActions(actionsUtil.getRequiredInput("sarif_file"), actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), (0, logging_1.getActionsLogger)());
         core.setOutput("sarif-id", uploadResult.sarifID);
         // We don't upload results in test mode, so don't wait for processing
         if ((0, util_1.isInTestMode)()) {

lib/upload-sarif-action.js.map

@@ -1 +1 @@
-{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,uCAA6C;AAC7C,6CAAkD;AAClD,yDAA2C;AAC3C,iCAKgB;AAEhB,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAMvC,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C;IAE1C,MAAM,gBAAgB,GAAG,MAAM,WAAW,CAAC,sBAAsB,CAC/D,cAAc,EACd,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAA,4BAAqB,EAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACnC,MAAM,IAAA,yBAAkB,EAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACtC,IACE,CAAC,CAAC,MAAM,WAAW,CAAC,gBAAgB,CAClC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,UAAU,EACV,SAAS,CACV,CACF,CAAC,EACF;QACA,OAAO;KACR;IAED,IAAI;QACF,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,IAAA,0BAAgB,GAAE,CACnB,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAEjD,qEAAqE;QACrE,IAAI,IAAA,mBAAY,GAAE,EAAE;YAClB,IAAI,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;SACjE;aAAM,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE;YACzE,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,IAAA,0BAAgB,GAAE,CACnB,CAAC;SACH;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;KACrE;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,KAAK,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,WAAW,CAAC,gBAAgB,CAChC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,WAAW,CAAC,gBAAgB,CAAC,KAAK,CAAC,EACnC,SAAS,EACT,OAAO,EACP,KAAK,CACN,CACF,CAAC;QACF,OAAO;KACR;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,sCAAsC,KAAK,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,uCAA6C;AAC7C,6CAAkD;AAClD,yDAA2C;AAC3C,iCAKgB;AAEhB,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAMvC,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C;IAE1C,MAAM,gBAAgB,GAAG,MAAM,WAAW,CAAC,sBAAsB,CAC/D,cAAc,EACd,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAA,4BAAqB,EAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACnC,MAAM,IAAA,yBAAkB,EAAC,GAAG,CAAC,OAAO,CAAC,CAAC;IACtC,IACE,CAAC,CAAC,MAAM,WAAW,CAAC,gBAAgB,CAClC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,UAAU,EACV,SAAS,CACV,CACF,CAAC,EACF;QACA,OAAO;KACR;IAED,IAAI;QACF,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,EAC7C,WAAW,CAAC,gBAAgB,CAAC,UAAU,CAAC,EACxC,IAAA,0BAAgB,GAAE,CACnB,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QAEjD,qEAAqE;QACrE,IAAI,IAAA,mBAAY,GAAE,EAAE;YAClB,IAAI,CAAC,KAAK,CAAC,mDAAmD,CAAC,CAAC;SACjE;aAAM,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE;YACzE,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,IAAA,0BAAgB,GAAE,CACnB,CAAC;SACH;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;KACrE;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,KAAK,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,WAAW,CAAC,gBAAgB,CAChC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,WAAW,CAAC,gBAAgB,CAAC,KAAK,CAAC,EACnC,SAAS,EACT,OAAO,EACP,KAAK,CACN,CACF,CAAC;QACF,OAAO;KACR;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,sCAAsC,KAAK,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

lib/util.js

@@ -22,7 +22,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.shouldBypassToolcache = exports.isHostedRunner = exports.checkForTimeout = exports.withTimeout = exports.tryGetFolderBytes = exports.listFolder = exports.doesDirectoryExist = exports.logCodeScanningConfigInCli = exports.useCodeScanningConfigInCli = exports.isInTestMode = exports.checkActionVersion = exports.getMlPoweredJsQueriesStatus = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.enrichEnvironment = exports.initializeEnvironment = exports.EnvVar = exports.assertNever = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DID_AUTOBUILD_GO_ENV_VAR_NAME = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
+exports.parseMatrixInput = exports.shouldBypassToolcache = exports.isHostedRunner = exports.checkForTimeout = exports.withTimeout = exports.tryGetFolderBytes = exports.listFolder = exports.doesDirectoryExist = exports.logCodeScanningConfigInCli = exports.useCodeScanningConfigInCli = exports.isInTestMode = exports.checkActionVersion = exports.getMlPoweredJsQueriesStatus = exports.getMlPoweredJsQueriesPack = exports.ML_POWERED_JS_QUERIES_PACK_NAME = exports.isGoodVersion = exports.delay = exports.bundleDb = exports.codeQlVersionAbove = exports.getCachedCodeQlVersion = exports.cacheCodeQlVersion = exports.isHTTPError = exports.UserError = exports.HTTPError = exports.getRequiredEnvParam = exports.enrichEnvironment = exports.initializeEnvironment = exports.EnvVar = exports.assertNever = exports.apiVersionInRange = exports.DisallowedAPIVersionReason = exports.checkGitHubVersionInRange = exports.getGitHubVersion = exports.GitHubVariant = exports.parseGitHubUrl = exports.getCodeQLDatabasePath = exports.getThreadsFlag = exports.getThreadsFlagValue = exports.getAddSnippetsFlag = exports.getMemoryFlag = exports.getMemoryFlagValue = exports.withTmpDir = exports.getToolNames = exports.getExtraOptionsEnvParam = exports.DID_AUTOBUILD_GO_ENV_VAR_NAME = exports.DEFAULT_DEBUG_DATABASE_NAME = exports.DEFAULT_DEBUG_ARTIFACT_NAME = exports.GITHUB_DOTCOM_URL = void 0;
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
@@ -750,4 +750,11 @@ async function shouldBypassToolcache(featuresEnablement, codeqlUrl, languagesInp
     return bypass;
 }
 exports.shouldBypassToolcache = shouldBypassToolcache;
+function parseMatrixInput(matrixInput) {
+    if (matrixInput === undefined || matrixInput === "null") {
+        return undefined;
+    }
+    return JSON.parse(matrixInput);
+}
+exports.parseMatrixInput = parseMatrixInput;
 //# sourceMappingURL=util.js.map

lib/workflow.js

@@ -19,7 +19,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getCategoryInputOrThrow = exports.getWorkflowRunID = exports.getWorkflowPath = exports.getWorkflow = exports.formatWorkflowCause = exports.formatWorkflowErrors = exports.validateWorkflow = exports.getWorkflowErrors = exports.WorkflowErrors = exports.patternIsSuperset = void 0;
+exports.getCheckoutPathInputOrThrow = exports.getWaitForProcessingInputOrThrow = exports.getUploadInputOrThrow = exports.getCategoryInputOrThrow = exports.getStepsCallingAction = exports.getWorkflowRunID = exports.getWorkflowPath = exports.getWorkflow = exports.formatWorkflowCause = exports.formatWorkflowErrors = exports.validateWorkflow = exports.getWorkflowErrors = exports.WorkflowErrors = exports.patternIsSuperset = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const core = __importStar(require("@actions/core"));
@@ -253,12 +253,11 @@ function getStepsCallingAction(job, actionName) {
     }
     return steps.filter((step) => { var _a; return (_a = step.uses) === null || _a === void 0 ? void 0 : _a.includes(actionName); });
 }
+exports.getStepsCallingAction = getStepsCallingAction;
 /**
  * Makes a best effort attempt to retrieve the value of a particular input with which
  * an Action in the workflow would be invoked.
  *
- * Typically you'll want to wrap this function in a try/catch block and handle the error.
- *
  * @returns the value of the input, or undefined if no such input is passed to the Action
  * @throws an error if the value of the input could not be determined, or we could not
  * determine that no such input is passed to the Action.
@@ -281,11 +280,14 @@ function getInputOrThrow(workflow, jobName, actionName, inputName, matrixVars) {
         throw new Error(`Could not get ${inputName} input to ${actionName} since there were multiple steps calling ` +
             `${actionName} with different values for ${inputName}.`);
     }
-    // Make a basic attempt to substitute matrix variables
-    // First normalize by removing whitespace
-    let input = inputs[0].replace(/\${{\s+/, "${{").replace(/\s+}}/, "}}");
-    for (const [key, value] of Object.entries(matrixVars)) {
-        input = input.replace(`\${{matrix.${key}}}`, value);
+    let input = inputs[0];
+    if (matrixVars !== undefined) {
+        // Make a basic attempt to substitute matrix variables
+        // First normalize by removing whitespace
+        input = input.replace(/\${{\s+/, "${{").replace(/\s+}}/, "}}");
+        for (const [key, value] of Object.entries(matrixVars)) {
+            input = input.replace(`\${{matrix.${key}}}`, value);
+        }
     }
     if (input.includes("${{")) {
         throw new Error(`Could not get ${inputName} input to ${actionName} since it contained an unrecognized dynamic value.`);
@@ -296,8 +298,6 @@ function getInputOrThrow(workflow, jobName, actionName, inputName, matrixVars) {
  * Makes a best effort attempt to retrieve the category input for the particular job,
  * given a set of matrix variables.
  *
- * Typically you'll want to wrap this function in a try/catch block and handle the error.
- *
  * @returns the category input, or undefined if the category input is not defined
  * @throws an error if the category input could not be determined
  */
@@ -305,4 +305,40 @@ function getCategoryInputOrThrow(workflow, jobName, matrixVars) {
     return getInputOrThrow(workflow, jobName, "github/codeql-action/analyze", "category", matrixVars);
 }
 exports.getCategoryInputOrThrow = getCategoryInputOrThrow;
+/**
+ * Makes a best effort attempt to retrieve the upload input for the particular job,
+ * given a set of matrix variables.
+ *
+ * @returns the upload input
+ * @throws an error if the upload input could not be determined
+ */
+function getUploadInputOrThrow(workflow, jobName, matrixVars) {
+    return (getInputOrThrow(workflow, jobName, "github/codeql-action/analyze", "upload", matrixVars) || "true" // if unspecified, upload defaults to true
+    );
+}
+exports.getUploadInputOrThrow = getUploadInputOrThrow;
+/**
+ * Makes a best effort attempt to retrieve the wait-for-processing input for the
+ * particular job, given a set of matrix variables.
+ *
+ * @returns the wait-for-processing input
+ * @throws an error if the wait-for-processing input could not be determined
+ */
+function getWaitForProcessingInputOrThrow(workflow, jobName, matrixVars) {
+    return (getInputOrThrow(workflow, jobName, "github/codeql-action/analyze", "wait-for-processing", matrixVars) || "true" // if unspecified, wait-for-processing defaults to true
+    );
+}
+exports.getWaitForProcessingInputOrThrow = getWaitForProcessingInputOrThrow;
+/**
+ * Makes a best effort attempt to retrieve the checkout_path input for the
+ * particular job, given a set of matrix variables.
+ *
+ * @returns the checkout_path input
+ * @throws an error if the checkout_path input could not be determined
+ */
+function getCheckoutPathInputOrThrow(workflow, jobName, matrixVars) {
+    return (getInputOrThrow(workflow, jobName, "github/codeql-action/analyze", "checkout_path", matrixVars) || (0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE") // if unspecified, checkout_path defaults to ${{ github.workspace }}
+    );
+}
+exports.getCheckoutPathInputOrThrow = getCheckoutPathInputOrThrow;
 //# sourceMappingURL=workflow.js.map

node_modules/.package-lock.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.1.36",
+  "version": "2.1.34",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {

package-lock.json

@@ -1,12 +1,12 @@
 {
   "name": "codeql",
-  "version": "2.1.36",
+  "version": "2.1.34",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "codeql",
-      "version": "2.1.36",
+      "version": "2.1.34",
       "license": "MIT",
       "dependencies": {
         "@actions/artifact": "^1.1.0",

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "2.1.36",
+  "version": "2.1.34",
   "private": true,
   "description": "CodeQL action",
   "scripts": {

pr-checks/checks/submit-sarif-failure.yml

@@ -0,0 +1,32 @@
+name: Submit SARIF after failure
+description: Check that a SARIF file is submitted for the workflow run if it fails
+versions: ["latest", "cached", "nightly-latest"]
+operatingSystems: ["ubuntu"]
+
+env:
+  # Internal-only environment variable used to indicate that the post-init Action
+  # should expect to upload a SARIF file for the failed run.
+  CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF: true
+  # Make sure the uploading SARIF files feature is enabled.
+  CODEQL_ACTION_UPLOAD_FAILED_SARIF: true
+  # Upload the failed SARIF file as an integration test of the API endpoint.
+  CODEQL_ACTION_TEST_MODE: false
+
+steps:
+  - uses: actions/checkout@v3
+  - uses: ./init
+    with:
+      languages: javascript
+  - name: Fail
+    # We want this job to pass if the Action correctly uploads the SARIF file for
+    # the failed run.
+    # Setting this step to continue on error means that it is marked as completing
+    # successfully, so will not fail the job.
+    continue-on-error: true
+    run: exit 1
+  - uses: ./analyze
+    # In a real workflow, this step wouldn't run. Since we used `continue-on-error`
+    # above, we manually disable it with an `if` condition.
+    if: false
+    with:
+      category: "/test-codeql-version:${{ matrix.version }}"

pr-checks/sync.py

@@ -115,7 +115,8 @@ for file in os.listdir('checks'):
             checkJob[key] = checkSpecification[key]
 
     checkJob['env'] = checkJob.get('env', {})
-    checkJob['env']['CODEQL_ACTION_TEST_MODE'] = True
+    if 'CODEQL_ACTION_TEST_MODE' not in checkJob['env']:
+        checkJob['env']['CODEQL_ACTION_TEST_MODE'] = True
     checkName = file[:len(file) - 4]
 
     with open(f"../.github/workflows/__{checkName}.yml", 'w') as output_stream:

python-setup/install_tools.ps1

@@ -1,7 +1,11 @@
 #! /usr/bin/pwsh
 
-py -2 -m pip install --user --upgrade pip setuptools wheel
-py -3 -m pip install --user --upgrade pip setuptools wheel
+# while waiting for the next release of `virtualenv` after v20.16.5, we install an older
+# version of `setuptools` to ensure that binaries are always put under
+# `<venv-path>/bin`, which wouldn't always happen with the GitHub actions version of
+# Ubuntu 22.04. See https://github.com/github/codeql-action/issues/1249
+py -2 -m pip install --user --upgrade pip 'setuptools<60' wheel
+py -3 -m pip install --user --upgrade pip 'setuptools<60' wheel
 
 # virtualenv is a bit nicer for setting up virtual environment, since it will provide up-to-date versions of
 # pip/setuptools/wheel which basic `python3 -m venv venv` won't

python-setup/install_tools.sh

@@ -12,15 +12,16 @@ export PATH="$HOME/.local/bin:$PATH"
 
 # Setup Python 3 dependency installation tools.
 
-python3 -m pip install --user --upgrade pip setuptools wheel
+# we install an older version of `setuptools` to ensure that binaries are always put
+# under `<venv-path>/bin`, which wouldn't always happen with the GitHub actions version
+# of Ubuntu 22.04. See https://github.com/github/codeql-action/issues/1249. The the next
+# release of `virtualenv` after v20.16.5 will include a fix for this, so we can remove
+# this bit of the logic again.
+python3 -m pip install --user --upgrade pip 'setuptools<60' wheel
 
-# virtualenv is a bit nicer for setting up virtual environment, since it will provide
-# up-to-date versions of pip/setuptools/wheel which basic `python3 -m venv venv` won't.
-#
-# version 20.16.5 (Python 3 only) had some problems when used together with newer
-# versions of setuptools (60+) and would not always put binaries under `<venv-path>/bin`
-# -- see https://github.com/github/codeql-action/issues/1249 for more details.
-python3 -m pip install --user --upgrade 'virtualenv>20.16.5'
+# virtualenv is a bit nicer for setting up virtual environment, since it will provide up-to-date versions of
+# pip/setuptools/wheel which basic `python3 -m venv venv` won't
+python3 -m pip install --user virtualenv
 
 # We install poetry with pip instead of the recommended way, since the recommended way
 # caused some problem since `poetry run` gives output like:
@@ -44,7 +45,7 @@ if command -v python2 >/dev/null 2>&1; then
 		curl --location --fail https://bootstrap.pypa.io/pip/2.7/get-pip.py | python2
 	fi
 
-	python2 -m pip install --user --upgrade pip setuptools wheel
+	python2 -m pip install --user --upgrade pip 'setuptools<60' wheel
 
 	python2 -m pip install --user 'virtualenv!=20.12.0'
 fi

src/actions-util.ts

@@ -17,6 +17,7 @@ import {
   GITHUB_DOTCOM_URL,
   isHTTPError,
   isInTestMode,
+  parseMatrixInput,
   UserError,
 } from "./util";
 import { getWorkflowPath } from "./workflow";
@@ -192,10 +193,10 @@ export function computeAutomationID(
 ): string {
   let automationID = `${analysis_key}/`;
 
-  // the id has to be deterministic so we sort the fields
-  if (environment !== undefined && environment !== "null") {
-    const environmentObject = JSON.parse(environment);
-    for (const entry of Object.entries(environmentObject).sort()) {
+  const matrix = parseMatrixInput(environment);
+  if (matrix !== undefined) {
+    // the id has to be deterministic so we sort the fields
+    for (const entry of Object.entries(matrix).sort()) {
       if (typeof entry[1] === "string") {
         automationID += `${entry[0]}:${entry[1]}/`;
       } else {

src/analyze-action-env.test.ts

@@ -29,8 +29,6 @@ test("analyze action with RAM & threads from environment variables", async (t) =
       .stub(actionsUtil, "createStatusReportBase")
       .resolves({} as actionsUtil.StatusReportBase);
     sinon.stub(actionsUtil, "sendStatusReport").resolves(true);
-    sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
-
     const gitHubVersion: util.GitHubVersion = {
       type: util.GitHubVariant.DOTCOM,
     };

src/analyze-action-input.test.ts

@@ -45,7 +45,6 @@ test("analyze action with RAM & threads from action inputs", async (t) => {
     optionalInputStub.withArgs("cleanup-level").returns("none");
     optionalInputStub.withArgs("expect-error").returns("false");
     sinon.stub(util, "getGitHubVersion").resolves(gitHubVersion);
-    sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
     setupActionsVars(tmpDir, tmpDir);
     mockFeatureFlagApiEndpoint(200, {});
 

src/analyze-action.ts

@@ -9,7 +9,6 @@ import * as actionsUtil from "./actions-util";
 import { DatabaseCreationTimings } from "./actions-util";
 import {
   CodeQLAnalysisError,
-  dbIsFinalized,
   QueriesStatusReport,
   runCleanup,
   runFinalize,
@@ -24,6 +23,7 @@ import { Features } from "./feature-flags";
 import { Language } from "./languages";
 import { getActionsLogger, Logger } from "./logging";
 import { parseRepositoryNwo } from "./repository";
+import { CODEQL_ACTION_ANALYZE_DID_UPLOAD_SARIF } from "./shared-environment";
 import { getTotalCacheSize, uploadTrapCaches } from "./trap-caching";
 import * as upload_lib from "./upload-lib";
 import { UploadResult } from "./upload-lib";
@@ -135,8 +135,6 @@ function doesGoExtractionOutputExist(config: Config): boolean {
  * - We detect whether an autobuild step is present by checking the
  * `util.DID_AUTOBUILD_GO_ENV_VAR_NAME` environment variable, which is set
  * when the autobuilder is invoked.
- * - We detect whether the Go database has already been finalized in case it
- * has been manually set in a prior Action step.
  * - We approximate whether manual build steps are present by looking at
  * whether any extraction output already exists for Go.
  */
@@ -148,12 +146,6 @@ async function runAutobuildIfLegacyGoWorkflow(config: Config, logger: Logger) {
     logger.debug("Won't run Go autobuild since it has already been run.");
     return;
   }
-  if (dbIsFinalized(config, Language.go, logger)) {
-    logger.debug(
-      "Won't run Go autobuild since there is already a finalized database for Go."
-    );
-    return;
-  }
   // This captures whether a user has added manual build steps for Go
   if (doesGoExtractionOutputExist(config)) {
     logger.debug(
@@ -271,8 +263,14 @@ async function run() {
     core.setOutput("db-locations", dbLocations);
 
     if (runStats && actionsUtil.getRequiredInput("upload") === "true") {
-      uploadResult = await upload_lib.uploadFromActions(outputDir, logger);
+      uploadResult = await upload_lib.uploadFromActions(
+        outputDir,
+        actionsUtil.getRequiredInput("checkout_path"),
+        actionsUtil.getOptionalInput("category"),
+        logger
+      );
       core.setOutput("sarif-id", uploadResult.sarifID);
+      core.exportVariable(CODEQL_ACTION_ANALYZE_DID_UPLOAD_SARIF, "true");
     } else {
       logger.info("Not uploading results");
     }
@@ -315,6 +313,8 @@ async function run() {
       core.setFailed(error.message);
     }
 
+    console.log(error);
+
     if (error instanceof CodeQLAnalysisError) {
       const stats = { ...error.queriesStatusReport };
       await sendStatusReport(
@@ -389,6 +389,7 @@ async function runWrapper() {
     await runPromise;
   } catch (error) {
     core.setFailed(`analyze action failed: ${error}`);
+    console.log(error);
   }
   await checkForTimeout();
 }

src/codeql.test.ts

@@ -3,7 +3,6 @@ import * as path from "path";
 
 import * as toolrunner from "@actions/exec/lib/toolrunner";
 import * as toolcache from "@actions/tool-cache";
-import * as safeWhich from "@chrisgavin/safe-which";
 import test, { ExecutionContext } from "ava";
 import del from "del";
 import * as yaml from "js-yaml";
@@ -443,8 +442,6 @@ test("databaseInterpretResults() does not set --sarif-add-query-help for 2.7.0",
   const runnerConstructorStub = stubToolRunnerConstructor();
   const codeqlObject = await codeql.getCodeQLForTesting();
   sinon.stub(codeqlObject, "getVersion").resolves("2.7.0");
-  // safeWhich throws because of the test CodeQL object.
-  sinon.stub(safeWhich, "safeWhich").resolves("");
   await codeqlObject.databaseInterpretResults(
     "",
     [],
@@ -465,8 +462,6 @@ test("databaseInterpretResults() sets --sarif-add-query-help for 2.7.1", async (
   const runnerConstructorStub = stubToolRunnerConstructor();
   const codeqlObject = await codeql.getCodeQLForTesting();
   sinon.stub(codeqlObject, "getVersion").resolves("2.7.1");
-  // safeWhich throws because of the test CodeQL object.
-  sinon.stub(safeWhich, "safeWhich").resolves("");
   await codeqlObject.databaseInterpretResults(
     "",
     [],
@@ -488,8 +483,6 @@ test("databaseInitCluster() without injected codescanning config", async (t) =>
     const runnerConstructorStub = stubToolRunnerConstructor();
     const codeqlObject = await codeql.getCodeQLForTesting();
     sinon.stub(codeqlObject, "getVersion").resolves("2.8.1");
-    // safeWhich throws because of the test CodeQL object.
-    sinon.stub(safeWhich, "safeWhich").resolves("");
 
     const thisStubConfig: Config = {
       ...stubConfig,
@@ -872,8 +865,6 @@ test("databaseInterpretResults() sets --sarif-add-baseline-file-info when featur
   // The version of CodeQL is checked separately to determine feature enablement, and does not
   // otherwise impact this test, so set it to 0.0.0.
   sinon.stub(codeqlObject, "getVersion").resolves("0.0.0");
-  // safeWhich throws because of the test CodeQL object.
-  sinon.stub(safeWhich, "safeWhich").resolves("");
   await codeqlObject.databaseInterpretResults(
     "",
     [],
@@ -899,8 +890,6 @@ test("databaseInterpretResults() does not set --sarif-add-baseline-file-info if
   // The version of CodeQL is checked upstream to determine feature enablement, so it does not
   // affect this test.
   sinon.stub(codeqlObject, "getVersion").resolves("0.0.0");
-  // safeWhich throws because of the test CodeQL object.
-  sinon.stub(safeWhich, "safeWhich").resolves("");
   await codeqlObject.databaseInterpretResults(
     "",
     [],

src/codeql.ts

@@ -179,6 +179,13 @@ export interface CodeQL {
    * Run 'codeql database print-baseline'.
    */
   databasePrintBaseline(databasePath: string): Promise<string>;
+  /**
+   * Run 'codeql diagnostics export'.
+   */
+  diagnosticsExport(
+    sarifFile: string,
+    automationDetailsId: string | undefined
+  ): Promise<void>;
 }
 
 export interface ResolveLanguagesOutput {
@@ -634,6 +641,7 @@ export function setCodeQL(partialCodeql: Partial<CodeQL>): CodeQL {
       partialCodeql,
       "databasePrintBaseline"
     ),
+    diagnosticsExport: resolveFunction(partialCodeql, "diagnosticsExport"),
   };
   return cachedCodeQL;
 }
@@ -675,7 +683,7 @@ async function getCodeQLForCmd(
   cmd: string,
   checkVersion: boolean
 ): Promise<CodeQL> {
-  const codeql = {
+  const codeql: CodeQL = {
     getPath() {
       return cmd;
     },
@@ -1016,7 +1024,7 @@ async function getCodeQLForCmd(
       if (querySuitePath) {
         codeqlArgs.push(querySuitePath);
       }
-      await toolrunnerErrorCatcher(cmd, codeqlArgs, errorMatchers);
+      await runTool(cmd, codeqlArgs);
     },
     async databaseInterpretResults(
       databasePath: string,
@@ -1059,12 +1067,7 @@ async function getCodeQLForCmd(
         codeqlArgs.push(...querySuitePaths);
       }
       // capture stdout, which contains analysis summaries
-      const returnState = await toolrunnerErrorCatcher(
-        cmd,
-        codeqlArgs,
-        errorMatchers
-      );
-      return returnState.stdout;
+      return await runTool(cmd, codeqlArgs);
     },
     async databasePrintBaseline(databasePath: string): Promise<string> {
       const codeqlArgs = [
@@ -1156,6 +1159,22 @@ async function getCodeQLForCmd(
       ];
       await new toolrunner.ToolRunner(cmd, args).exec();
     },
+    async diagnosticsExport(
+      sarifFile: string,
+      automationDetailsId: string | undefined
+    ): Promise<void> {
+      const args = [
+        "diagnostics",
+        "export",
+        "--format=sarif-latest",
+        `--output=${sarifFile}`,
+        ...getExtraOptionsFromEnv(["diagnostics", "export"]),
+      ];
+      if (automationDetailsId !== undefined) {
+        args.push("--sarif-category", automationDetailsId);
+      }
+      await new toolrunner.ToolRunner(cmd, args).exec();
+    },
   };
   // To ensure that status reports include the CodeQL CLI version wherever
   // possible, we want to call getVersion(), which populates the version value
@@ -1252,16 +1271,11 @@ async function runTool(cmd: string, args: string[] = []) {
   const exitCode = await new toolrunner.ToolRunner(cmd, args, {
     listeners: {
       stdout: (data: Buffer) => {
-        output += data.toString("utf8");
+        output += data.toString();
       },
       stderr: (data: Buffer) => {
-        let readStartIndex = 0;
-        // If the error is too large, then we only take the last 20,000 characters
-        if (data.length - maxErrorSize > 0) {
-          // Eg: if we have 20,000 the start index should be 2.
-          readStartIndex = data.length - maxErrorSize + 1;
-        }
-        error += data.toString("utf8", readStartIndex);
+        const toRead = Math.min(maxErrorSize - error.length, data.length);
+        error += data.toString("utf8", 0, toRead);
       },
     },
     ignoreReturnCode: true,

src/error-matcher.test.ts

@@ -20,15 +20,6 @@ test("noSourceCodeFound matches against example javascript output", async (t) =>
   );
 });
 
-test("fatalError matches against example log output", async (t) => {
-  t.assert(
-    testErrorMatcher(
-      "fatalError",
-      "A fatal error occurred: Could not process query metadata for test-query.ql"
-    )
-  );
-});
-
 function testErrorMatcher(matcherName: string, logSample: string): boolean {
   if (!(matcherName in namedMatchersForTesting)) {
     throw new Error(`Unknown matcher ${matcherName}`);

src/error-matcher.ts

@@ -18,10 +18,6 @@ export const namedMatchersForTesting: { [key: string]: ErrorMatcher } = {
       "No code found during the build. Please see:\n" +
       "https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning#no-code-found-during-the-build",
   },
-  fatalError: {
-    outputRegex: new RegExp("A fatal error occurred"),
-    message: "A fatal error occurred.",
-  },
 };
 
 // we collapse the matches into an array for use in execErrorCatcher

src/feature-flags.ts

@@ -19,6 +19,7 @@ export enum Feature {
   FileBaselineInformationEnabled = "file_baseline_information_enabled",
   MlPoweredQueriesEnabled = "ml_powered_queries_enabled",
   TrapCachingEnabled = "trap_caching_enabled",
+  UploadFailedSarifEnabled = "upload_failed_sarif_enabled",
 }
 
 export const featureConfig: Record<
@@ -57,6 +58,10 @@ export const featureConfig: Record<
     envVar: "CODEQL_TRAP_CACHING",
     minimumVersion: undefined,
   },
+  [Feature.UploadFailedSarifEnabled]: {
+    envVar: "CODEQL_ACTION_UPLOAD_FAILED_SARIF",
+    minimumVersion: "2.11.3",
+  },
 };
 
 /**

src/init-action-post-helper.test.ts

@@ -3,7 +3,9 @@ import * as sinon from "sinon";
 
 import * as configUtils from "./config-utils";
 import * as initActionPostHelper from "./init-action-post-helper";
-import { setupTests } from "./testing-utils";
+import { getRunnerLogger } from "./logging";
+import { parseRepositoryNwo } from "./repository";
+import { createFeatures, setupTests } from "./testing-utils";
 import * as util from "./util";
 
 setupTests(test);
@@ -29,7 +31,10 @@ test("post: init action with debug mode off", async (t) => {
     await initActionPostHelper.run(
       uploadDatabaseBundleSpy,
       uploadLogsSpy,
-      printDebugLogsSpy
+      printDebugLogsSpy,
+      parseRepositoryNwo("github/codeql-action"),
+      createFeatures([]),
+      getRunnerLogger(true)
     );
 
     t.assert(uploadDatabaseBundleSpy.notCalled);
@@ -59,7 +64,10 @@ test("post: init action with debug mode on", async (t) => {
     await initActionPostHelper.run(
       uploadDatabaseBundleSpy,
       uploadLogsSpy,
-      printDebugLogsSpy
+      printDebugLogsSpy,
+      parseRepositoryNwo("github/codeql-action"),
+      createFeatures([]),
+      getRunnerLogger(true)
     );
 
     t.assert(uploadDatabaseBundleSpy.called);

src/init-action-post-helper.ts

@@ -1,25 +1,132 @@
 import * as core from "@actions/core";
 
 import * as actionsUtil from "./actions-util";
-import { getConfig } from "./config-utils";
-import { getActionsLogger } from "./logging";
+import { getCodeQL } from "./codeql";
+import { Config, getConfig } from "./config-utils";
+import { Feature, FeatureEnablement } from "./feature-flags";
+import { Logger } from "./logging";
+import { RepositoryNwo } from "./repository";
+import { CODEQL_ACTION_ANALYZE_DID_UPLOAD_SARIF } from "./shared-environment";
+import * as uploadLib from "./upload-lib";
+import { getRequiredEnvParam, isInTestMode, parseMatrixInput } from "./util";
+import {
+  getCategoryInputOrThrow,
+  getCheckoutPathInputOrThrow,
+  getUploadInputOrThrow,
+  getWaitForProcessingInputOrThrow,
+  getWorkflow,
+} from "./workflow";
+
+async function uploadFailedSarif(
+  config: Config,
+  repositoryNwo: RepositoryNwo,
+  featureEnablement: FeatureEnablement,
+  logger: Logger
+) {
+  if (!config.codeQLCmd) {
+    logger.warning(
+      "CodeQL command not found. Unable to upload failed SARIF file."
+    );
+    return;
+  }
+  const codeql = await getCodeQL(config.codeQLCmd);
+  if (
+    !(await featureEnablement.getValue(
+      Feature.UploadFailedSarifEnabled,
+      codeql
+    ))
+  ) {
+    logger.debug("Uploading failed SARIF is disabled.");
+    return;
+  }
+  const workflow = await getWorkflow();
+  const jobName = getRequiredEnvParam("GITHUB_JOB");
+  const matrix = parseMatrixInput(actionsUtil.getRequiredInput("matrix"));
+  if (
+    getUploadInputOrThrow(workflow, jobName, matrix) !== "true" ||
+    isInTestMode()
+  ) {
+    logger.debug(
+      "Won't upload a failed SARIF file since SARIF upload is disabled."
+    );
+    return;
+  }
+  const category = getCategoryInputOrThrow(workflow, jobName, matrix);
+  const checkoutPath = getCheckoutPathInputOrThrow(workflow, jobName, matrix);
+  const waitForProcessing =
+    getWaitForProcessingInputOrThrow(workflow, jobName, matrix) === "true";
+
+  const sarifFile = "../codeql-failed-run.sarif";
+  await codeql.diagnosticsExport(sarifFile, category);
+
+  core.info(`Uploading failed SARIF file ${sarifFile}`);
+  const uploadResult = await uploadLib.uploadFromActions(
+    sarifFile,
+    checkoutPath,
+    category,
+    logger
+  );
+  if (uploadResult !== undefined && waitForProcessing) {
+    try {
+      await uploadLib.waitForProcessing(
+        repositoryNwo,
+        uploadResult.sarifID,
+        logger
+      );
+    } catch (e) {
+      if (e instanceof Error && e.message.includes("unsuccessful execution")) {
+        logger.info(
+          "Submitting a SARIF file for the failed run isn't yet supported, continuing."
+        );
+      } else {
+        throw e;
+      }
+    }
+  }
+}
 
 export async function run(
   uploadDatabaseBundleDebugArtifact: Function,
   uploadLogsDebugArtifact: Function,
-  printDebugLogs: Function
+  printDebugLogs: Function,
+  repositoryNwo: RepositoryNwo,
+  featureEnablement: FeatureEnablement,
+  logger: Logger
 ) {
-  const logger = getActionsLogger();
-
   const config = await getConfig(actionsUtil.getTemporaryDirectory(), logger);
   if (config === undefined) {
     logger.warning(
       "Debugging artifacts are unavailable since the 'init' Action failed before it could produce any."
     );
+    return;
+  }
+
+  // Environment variable used to integration test uploading a SARIF file for failed runs
+  const expectFailedSarifUpload =
+    process.env["CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF"] === "true";
+
+  if (process.env[CODEQL_ACTION_ANALYZE_DID_UPLOAD_SARIF] !== "true") {
+    try {
+      await uploadFailedSarif(config, repositoryNwo, featureEnablement, logger);
+    } catch (e) {
+      if (expectFailedSarifUpload) {
+        throw new Error(
+          "Expected to upload a SARIF file for the failed run, but encountered " +
+            `the following error: ${e}`
+        );
+      }
+      logger.warning(
+        `Failed to upload a SARIF file for the failed run. Error: ${e}`
+      );
+    }
+  } else if (expectFailedSarifUpload) {
+    throw new Error(
+      "Expected to upload a SARIF file for the failed run, but didn't."
+    );
   }
 
   // Upload appropriate Actions artifacts for debugging
-  if (config?.debugMode) {
+  if (config.debugMode) {
     core.info(
       "Debug mode is on. Uploading available database bundles and logs as Actions debugging artifacts..."
     );

src/init-action-post.ts

@@ -7,15 +7,37 @@
 import * as core from "@actions/core";
 
 import * as actionsUtil from "./actions-util";
+import { getGitHubVersion } from "./api-client";
 import * as debugArtifacts from "./debug-artifacts";
+import { Features } from "./feature-flags";
 import * as initActionPostHelper from "./init-action-post-helper";
+import { getActionsLogger } from "./logging";
+import { parseRepositoryNwo } from "./repository";
+import { checkGitHubVersionInRange, getRequiredEnvParam } from "./util";
 
 async function runWrapper() {
   try {
+    const logger = getActionsLogger();
+    const gitHubVersion = await getGitHubVersion();
+    checkGitHubVersionInRange(gitHubVersion, logger);
+
+    const repositoryNwo = parseRepositoryNwo(
+      getRequiredEnvParam("GITHUB_REPOSITORY")
+    );
+    const features = new Features(
+      gitHubVersion,
+      repositoryNwo,
+      actionsUtil.getTemporaryDirectory(),
+      logger
+    );
+
     await initActionPostHelper.run(
       debugArtifacts.uploadDatabaseBundleDebugArtifact,
       debugArtifacts.uploadLogsDebugArtifact,
-      actionsUtil.printDebugLogs
+      actionsUtil.printDebugLogs,
+      repositoryNwo,
+      features,
+      logger
     );
   } catch (error) {
     core.setFailed(`init post-action step failed: ${error}`);

src/shared-environment.ts

@@ -1,13 +1,24 @@
-export const ODASA_TRACER_CONFIGURATION = "ODASA_TRACER_CONFIGURATION";
-// The time at which the first action (normally init) started executing.
-// If a workflow invokes a different action without first invoking the init
-// action (i.e. the upload action is being used by a third-party integrator)
-// then this variable will be assigned the start time of the action invoked
-// rather that the init action.
-export const CODEQL_WORKFLOW_STARTED_AT = "CODEQL_WORKFLOW_STARTED_AT";
+/**
+ * This environment variable is set to true when the `analyze` Action
+ * successfully uploads a SARIF file. It does NOT indicate whether the
+ * SARIF file was processed successfully.
+ */
+export const CODEQL_ACTION_ANALYZE_DID_UPLOAD_SARIF =
+  "CODEQL_ACTION_ANALYZE_DID_UPLOAD_SARIF";
 
 export const CODEQL_ACTION_TESTING_ENVIRONMENT =
   "CODEQL_ACTION_TESTING_ENVIRONMENT";
 
 /** Used to disable uploading SARIF results or status reports to the GitHub API */
 export const CODEQL_ACTION_TEST_MODE = "CODEQL_ACTION_TEST_MODE";
+
+/**
+ * The time at which the first action (normally init) started executing.
+ * If a workflow invokes a different action without first invoking the init
+ * action (i.e. the upload action is being used by a third-party integrator)
+ * then this variable will be assigned the start time of the action invoked
+ * rather that the init action.
+ */
+export const CODEQL_WORKFLOW_STARTED_AT = "CODEQL_WORKFLOW_STARTED_AT";
+
+export const ODASA_TRACER_CONFIGURATION = "ODASA_TRACER_CONFIGURATION";

src/toolrunner-error-catcher.test.ts

@@ -21,8 +21,7 @@ test("matchers are never applied if non-error exit", async (t) => {
 
   t.deepEqual(await exec.exec("node", testArgs), 0);
 
-  const returnState = await toolrunnerErrorCatcher("node", testArgs, matchers);
-  t.deepEqual(returnState.exitCode, 0);
+  t.deepEqual(await toolrunnerErrorCatcher("node", testArgs, matchers), 0);
 });
 
 test("regex matchers are applied to stdout for non-zero exit code", async (t) => {
@@ -151,11 +150,12 @@ test("execErrorCatcher respects the ignoreReturnValue option", async (t) => {
     { instanceOf: Error }
   );
 
-  const returnState = await toolrunnerErrorCatcher("node", testArgs, [], {
-    ignoreReturnCode: true,
-  });
-
-  t.deepEqual(returnState.exitCode, 199);
+  t.deepEqual(
+    await toolrunnerErrorCatcher("node", testArgs, [], {
+      ignoreReturnCode: true,
+    }),
+    199
+  );
 });
 
 test("execErrorCatcher preserves behavior of provided listeners", async (t) => {
@@ -176,10 +176,12 @@ test("execErrorCatcher preserves behavior of provided listeners", async (t) => {
 
   const testArgs = buildDummyArgs(stdoutExpected, stderrExpected, "", 0);
 
-  const returnState = await toolrunnerErrorCatcher("node", testArgs, [], {
-    listeners,
-  });
-  t.deepEqual(returnState.exitCode, 0);
+  t.deepEqual(
+    await toolrunnerErrorCatcher("node", testArgs, [], {
+      listeners,
+    }),
+    0
+  );
 
   t.deepEqual(stdoutActual, `${stdoutExpected}\n`);
   t.deepEqual(stderrActual, `${stderrExpected}\n`);

src/toolrunner-error-catcher.ts

@@ -4,11 +4,6 @@ import * as safeWhich from "@chrisgavin/safe-which";
 
 import { ErrorMatcher } from "./error-matcher";
 
-export interface ReturnState {
-  exitCode: number;
-  stdout: string;
-}
-
 /**
  * Wrapper for toolrunner.Toolrunner which checks for specific return code and/or regex matches in console output.
  * Output will be streamed to the live console as well as captured for subsequent processing.
@@ -18,14 +13,14 @@ export interface ReturnState {
  * @param     args               optional arguments for tool. Escaping is handled by the lib.
  * @param     matchers           defines specific codes and/or regexes that should lead to return of a custom error
  * @param     options            optional exec options.  See ExecOptions
- * @returns   ReturnState        exit code and stdout output, if applicable
+ * @returns   Promise<number>    exit code
  */
 export async function toolrunnerErrorCatcher(
   commandLine: string,
   args?: string[],
   matchers?: ErrorMatcher[],
   options?: im.ExecOptions
-): Promise<ReturnState> {
+): Promise<number> {
   let stdout = "";
   let stderr = "";
 
@@ -45,9 +40,9 @@ export async function toolrunnerErrorCatcher(
   };
 
   // we capture the original return code or error so that if no match is found we can duplicate the behavior
-  let exitCode: number;
+  let returnState: Error | number;
   try {
-    exitCode = await new toolrunner.ToolRunner(
+    returnState = await new toolrunner.ToolRunner(
       await safeWhich.safeWhich(commandLine),
       args,
       {
@@ -56,32 +51,35 @@ export async function toolrunnerErrorCatcher(
         ignoreReturnCode: true, // so we can check for specific codes using the matchers
       }
     ).exec();
+  } catch (e) {
+    returnState = e instanceof Error ? e : new Error(String(e));
+  }
 
-    // if there is a zero return code then we do not apply the matchers
-    if (exitCode === 0) return { exitCode, stdout };
+  // if there is a zero return code then we do not apply the matchers
+  if (returnState === 0) return returnState;
 
-    if (matchers) {
-      for (const matcher of matchers) {
-        if (
-          matcher.exitCode === exitCode ||
-          matcher.outputRegex?.test(stderr) ||
-          matcher.outputRegex?.test(stdout)
-        ) {
-          throw new Error(matcher.message);
-        }
+  if (matchers) {
+    for (const matcher of matchers) {
+      if (
+        matcher.exitCode === returnState ||
+        matcher.outputRegex?.test(stderr) ||
+        matcher.outputRegex?.test(stdout)
+      ) {
+        throw new Error(matcher.message);
       }
     }
+  }
 
+  if (typeof returnState === "number") {
     // only if we were instructed to ignore the return code do we ever return it non-zero
     if (options?.ignoreReturnCode) {
-      return { exitCode, stdout };
+      return returnState;
     } else {
       throw new Error(
-        `The process '${commandLine}' failed with exit code ${exitCode}`
+        `The process '${commandLine}' failed with exit code ${returnState}`
       );
     }
-  } catch (e) {
-    const error = e instanceof Error ? e : new Error(String(e));
-    throw error;
+  } else {
+    throw returnState;
   }
 }

src/upload-lib.ts

@@ -158,23 +158,22 @@ export function findSarifFilesInDir(sarifPath: string): string[] {
 
 // Uploads a single sarif file or a directory of sarif files
 // depending on what the path happens to refer to.
-// Returns true iff the upload occurred and succeeded
 export async function uploadFromActions(
   sarifPath: string,
+  checkoutPath: string,
+  category: string | undefined,
   logger: Logger
 ): Promise<UploadResult> {
   return await uploadFiles(
     getSarifFilePaths(sarifPath),
     parseRepositoryNwo(util.getRequiredEnvParam("GITHUB_REPOSITORY")),
-    await actionsUtil.getCommitOid(
-      actionsUtil.getRequiredInput("checkout_path")
-    ),
+    await actionsUtil.getCommitOid(checkoutPath),
     await actionsUtil.getRef(),
     await actionsUtil.getAnalysisKey(),
-    actionsUtil.getOptionalInput("category"),
+    category,
     util.getRequiredEnvParam("GITHUB_WORKFLOW"),
     workflow.getWorkflowRunID(),
-    actionsUtil.getRequiredInput("checkout_path"),
+    checkoutPath,
     actionsUtil.getRequiredInput("matrix"),
     logger
   );
@@ -393,53 +392,57 @@ export async function waitForProcessing(
   logger: Logger
 ): Promise<void> {
   logger.startGroup("Waiting for processing to finish");
-  const client = api.getApiClient();
+  try {
+    const client = api.getApiClient();
 
-  const statusCheckingStarted = Date.now();
-  // eslint-disable-next-line no-constant-condition
-  while (true) {
-    if (
-      Date.now() >
-      statusCheckingStarted + STATUS_CHECK_TIMEOUT_MILLISECONDS
-    ) {
-      // If the analysis hasn't finished processing in the allotted time, we continue anyway rather than failing.
-      // It's possible the analysis will eventually finish processing, but it's not worth spending more Actions time waiting.
-      logger.warning(
-        "Timed out waiting for analysis to finish processing. Continuing."
-      );
-      break;
-    }
-    let response: OctokitResponse<any> | undefined = undefined;
-    try {
-      response = await client.request(
-        "GET /repos/:owner/:repo/code-scanning/sarifs/:sarif_id",
-        {
-          owner: repositoryNwo.owner,
-          repo: repositoryNwo.repo,
-          sarif_id: sarifID,
-        }
-      );
-    } catch (e) {
-      logger.warning(
-        `An error occurred checking the status of the delivery. ${e} It should still be processed in the background, but errors that occur during processing may not be reported.`
-      );
-      break;
-    }
-    const status = response.data.processing_status;
-    logger.info(`Analysis upload status is ${status}.`);
-    if (status === "complete") {
-      break;
-    } else if (status === "pending") {
-      logger.debug("Analysis processing is still pending...");
-    } else if (status === "failed") {
-      throw new Error(
-        `Code Scanning could not process the submitted SARIF file:\n${response.data.errors}`
-      );
-    }
+    const statusCheckingStarted = Date.now();
+    // eslint-disable-next-line no-constant-condition
+    while (true) {
+      if (
+        Date.now() >
+        statusCheckingStarted + STATUS_CHECK_TIMEOUT_MILLISECONDS
+      ) {
+        // If the analysis hasn't finished processing in the allotted time, we continue anyway rather than failing.
+        // It's possible the analysis will eventually finish processing, but it's not worth spending more Actions time waiting.
+        logger.warning(
+          "Timed out waiting for analysis to finish processing. Continuing."
+        );
+        break;
+      }
+      let response: OctokitResponse<any> | undefined = undefined;
+      try {
+        response = await client.request(
+          "GET /repos/:owner/:repo/code-scanning/sarifs/:sarif_id",
+          {
+            owner: repositoryNwo.owner,
+            repo: repositoryNwo.repo,
+            sarif_id: sarifID,
+          }
+        );
+      } catch (e) {
+        logger.warning(
+          `An error occurred checking the status of the delivery. ${e} It should still be processed in the background, but errors that occur during processing may not be reported.`
+        );
+        break;
+      }
+      const status = response.data.processing_status;
+      logger.info(`Analysis upload status is ${status}.`);
+      if (status === "complete") {
+        break;
+      } else if (status === "pending") {
+        logger.debug("Analysis processing is still pending...");
+      } else if (status === "failed") {
+        logger.info(JSON.stringify(response.data));
+        throw new Error(
+          `Code Scanning could not process the submitted SARIF file:\n${response.data.errors}`
+        );
+      }
 
-    await util.delay(STATUS_CHECK_FREQUENCY_MILLISECONDS);
+      await util.delay(STATUS_CHECK_FREQUENCY_MILLISECONDS);
+    }
+  } finally {
+    logger.endGroup();
   }
-  logger.endGroup();
 }
 
 export function validateUniqueCategory(sarif: SarifFile): void {

src/upload-sarif-action.ts

@@ -53,6 +53,8 @@ async function run() {
   try {
     const uploadResult = await upload_lib.uploadFromActions(
       actionsUtil.getRequiredInput("sarif_file"),
+      actionsUtil.getRequiredInput("checkout_path"),
+      actionsUtil.getOptionalInput("category"),
       getActionsLogger()
     );
     core.setOutput("sarif-id", uploadResult.sarifID);

src/util.ts

@@ -892,3 +892,12 @@ export async function shouldBypassToolcache(
   }
   return bypass;
 }
+
+export function parseMatrixInput(
+  matrixInput: string | undefined
+): { [key: string]: string } | undefined {
+  if (matrixInput === undefined || matrixInput === "null") {
+    return undefined;
+  }
+  return JSON.parse(matrixInput);
+}

src/workflow.ts

@@ -293,7 +293,7 @@ export function getWorkflowRunID(): number {
   return workflowRunID;
 }
 
-function getStepsCallingAction(
+export function getStepsCallingAction(
   job: WorkflowJob,
   actionName: string
 ): WorkflowJobStep[] {
@@ -310,8 +310,6 @@ function getStepsCallingAction(
  * Makes a best effort attempt to retrieve the value of a particular input with which
  * an Action in the workflow would be invoked.
  *
- * Typically you'll want to wrap this function in a try/catch block and handle the error.
- *
  * @returns the value of the input, or undefined if no such input is passed to the Action
  * @throws an error if the value of the input could not be determined, or we could not
  * determine that no such input is passed to the Action.
@@ -321,7 +319,7 @@ function getInputOrThrow(
   jobName: string,
   actionName: string,
   inputName: string,
-  matrixVars: { [key: string]: string }
+  matrixVars: { [key: string]: string } | undefined
 ) {
   if (!workflow.jobs) {
     throw new Error(
@@ -349,11 +347,15 @@ function getInputOrThrow(
     );
   }
 
-  // Make a basic attempt to substitute matrix variables
-  // First normalize by removing whitespace
-  let input = inputs[0].replace(/\${{\s+/, "${{").replace(/\s+}}/, "}}");
-  for (const [key, value] of Object.entries(matrixVars)) {
-    input = input.replace(`\${{matrix.${key}}}`, value);
+  let input = inputs[0];
+
+  if (matrixVars !== undefined) {
+    // Make a basic attempt to substitute matrix variables
+    // First normalize by removing whitespace
+    input = input.replace(/\${{\s+/, "${{").replace(/\s+}}/, "}}");
+    for (const [key, value] of Object.entries(matrixVars)) {
+      input = input.replace(`\${{matrix.${key}}}`, value);
+    }
   }
 
   if (input.includes("${{")) {
@@ -368,15 +370,13 @@ function getInputOrThrow(
  * Makes a best effort attempt to retrieve the category input for the particular job,
  * given a set of matrix variables.
  *
- * Typically you'll want to wrap this function in a try/catch block and handle the error.
- *
  * @returns the category input, or undefined if the category input is not defined
  * @throws an error if the category input could not be determined
  */
 export function getCategoryInputOrThrow(
   workflow: Workflow,
   jobName: string,
-  matrixVars: { [key: string]: string }
+  matrixVars: { [key: string]: string } | undefined
 ): string | undefined {
   return getInputOrThrow(
     workflow,
@@ -386,3 +386,72 @@ export function getCategoryInputOrThrow(
     matrixVars
   );
 }
+
+/**
+ * Makes a best effort attempt to retrieve the upload input for the particular job,
+ * given a set of matrix variables.
+ *
+ * @returns the upload input
+ * @throws an error if the upload input could not be determined
+ */
+export function getUploadInputOrThrow(
+  workflow: Workflow,
+  jobName: string,
+  matrixVars: { [key: string]: string } | undefined
+): string {
+  return (
+    getInputOrThrow(
+      workflow,
+      jobName,
+      "github/codeql-action/analyze",
+      "upload",
+      matrixVars
+    ) || "true" // if unspecified, upload defaults to true
+  );
+}
+
+/**
+ * Makes a best effort attempt to retrieve the wait-for-processing input for the
+ * particular job, given a set of matrix variables.
+ *
+ * @returns the wait-for-processing input
+ * @throws an error if the wait-for-processing input could not be determined
+ */
+export function getWaitForProcessingInputOrThrow(
+  workflow: Workflow,
+  jobName: string,
+  matrixVars: { [key: string]: string } | undefined
+): string {
+  return (
+    getInputOrThrow(
+      workflow,
+      jobName,
+      "github/codeql-action/analyze",
+      "wait-for-processing",
+      matrixVars
+    ) || "true" // if unspecified, wait-for-processing defaults to true
+  );
+}
+
+/**
+ * Makes a best effort attempt to retrieve the checkout_path input for the
+ * particular job, given a set of matrix variables.
+ *
+ * @returns the checkout_path input
+ * @throws an error if the checkout_path input could not be determined
+ */
+export function getCheckoutPathInputOrThrow(
+  workflow: Workflow,
+  jobName: string,
+  matrixVars: { [key: string]: string } | undefined
+): string {
+  return (
+    getInputOrThrow(
+      workflow,
+      jobName,
+      "github/codeql-action/analyze",
+      "checkout_path",
+      matrixVars
+    ) || getRequiredEnvParam("GITHUB_WORKSPACE") // if unspecified, checkout_path defaults to ${{ github.workspace }}
+  );
+}