# Warning: This file is generated automatically, and should not be modified. # Instead, please modify the template in the pr-checks directory and run: # pr-checks/sync.sh # to regenerate this file. name: PR Check - Test different uses of `upload-sarif` env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto on: push: branches: - main - releases/v* pull_request: types: - opened - synchronize - reopened - ready_for_review schedule: - cron: '0 5 * * *' workflow_dispatch: inputs: go-version: type: string description: The version of Go to install required: false default: '>=1.21.0' python-version: type: string description: The version of Python to install required: false default: '3.13' workflow_call: inputs: go-version: type: string description: The version of Go to install required: false default: '>=1.21.0' python-version: type: string description: The version of Python to install required: false default: '3.13' defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' }} group: ${{ github.workflow }}-${{ github.ref }} jobs: upload-sarif: strategy: fail-fast: false matrix: include: - os: ubuntu-latest version: default analysis-kinds: code-scanning - os: ubuntu-latest version: default analysis-kinds: code-quality - os: ubuntu-latest version: default analysis-kinds: code-scanning,code-quality name: Test different uses of `upload-sarif` if: github.triggering_actor != 'dependabot[bot]' permissions: contents: read security-events: read timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - name: Check out repository uses: actions/checkout@v5 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' - name: Install Go uses: actions/setup-go@v6 with: go-version: ${{ inputs.go-version || '>=1.21.0' }} cache: false - name: Install Python if: matrix.version != 'nightly-latest' uses: actions/setup-python@v6 with: python-version: ${{ inputs.python-version || '3.13' }} - uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} languages: csharp,java,javascript,python analysis-kinds: ${{ matrix.analysis-kinds }} - name: Build code run: ./build.sh # Generate some SARIF we can upload with the upload-sarif step - uses: ./../action/analyze with: ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2 upload: never output: ${{ runner.temp }}/results - name: | Upload all SARIF files for `analysis-kinds: ${{ matrix.analysis-kinds }}` uses: ./../action/upload-sarif id: upload-sarif with: ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2 sarif_file: ${{ runner.temp }}/results category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:all-files/ - name: Fail for missing output from `upload-sarif` step for `code-scanning` if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning) run: exit 1 - name: Fail for missing output from `upload-sarif` step for `code-quality` if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality) run: exit 1 - name: Upload single SARIF file for Code Scanning uses: ./../action/upload-sarif id: upload-single-sarif-code-scanning if: contains(matrix.analysis-kinds, 'code-scanning') with: ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2 sarif_file: ${{ runner.temp }}/results/javascript.sarif category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-scanning/ - name: Fail for missing output from `upload-single-sarif-code-scanning` step if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning) run: exit 1 - name: Upload single SARIF file for Code Quality uses: ./../action/upload-sarif id: upload-single-sarif-code-quality if: contains(matrix.analysis-kinds, 'code-quality') with: ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2 sarif_file: ${{ runner.temp }}/results/javascript.quality.sarif category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-quality/ - name: Fail for missing output from `upload-single-sarif-code-quality` step if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality) run: exit 1 - name: Change SARIF file extension if: contains(matrix.analysis-kinds, 'code-scanning') run: mv ${{ runner.temp }}/results/javascript.sarif ${{ runner.temp }}/results/javascript.sarif.json - name: Upload single non-`.sarif` file uses: ./../action/upload-sarif id: upload-single-non-sarif if: contains(matrix.analysis-kinds, 'code-scanning') with: ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2 sarif_file: ${{ runner.temp }}/results/javascript.sarif.json category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:non-sarif/ - name: Fail for missing output from `upload-single-non-sarif` step if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning) run: exit 1 env: CODEQL_ACTION_TEST_MODE: true