Skip to content

Commit d378195

Browse files
mbgmbg
committed
Add new sarif-ids output to upload-sarif action
Unlike `sarif-id` which is for the single Code Scanning SARIF id, `sarif-ids` contains stringified JSON object with details of all SARIF ids.
1 parent a2ce099 commit d378195

File tree

3 files changed

+32
-3
lines changed

3 files changed

+32
-3
lines changed

lib/upload-sarif-action.js

Lines changed: 13 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/upload-sarif-action.ts

Lines changed: 13 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -145,6 +145,7 @@ async function run() {
145145
throw new ConfigurationError(`Path does not exist: ${sarifPath}.`);
146146
}
147147

148+
const sarifIds: Array<{ analysis: string; id: string }> = [];
148149
const uploadResult = await findAndUpload(
149150
logger,
150151
features,
@@ -156,12 +157,16 @@ async function run() {
156157
);
157158
if (uploadResult !== undefined) {
158159
core.setOutput("sarif-id", uploadResult.sarifID);
160+
sarifIds.push({
161+
analysis: analyses.AnalysisKind.CodeScanning,
162+
id: uploadResult.sarifID,
163+
});
159164
}
160165

161166
// If there are `.quality.sarif` files in `sarifPath`, then upload those to the code quality service.
162167
// Code quality can currently only be enabled on top of security, so we'd currently always expect to
163168
// have a directory for the results here.
164-
await findAndUpload(
169+
const qualityUploadResult = await findAndUpload(
165170
logger,
166171
features,
167172
sarifPath,
@@ -170,6 +175,13 @@ async function run() {
170175
analyses.CodeQuality,
171176
actionsUtil.fixCodeQualityCategory(logger, category),
172177
);
178+
if (qualityUploadResult !== undefined) {
179+
sarifIds.push({
180+
analysis: analyses.AnalysisKind.CodeQuality,
181+
id: qualityUploadResult.sarifID,
182+
});
183+
}
184+
core.setOutput("sarif-ids", JSON.stringify(sarifIds));
173185

174186
// We don't upload results in test mode, so don't wait for processing
175187
if (isInTestMode()) {

upload-sarif/action.yml

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,12 @@ inputs:
3434
default: "true"
3535
outputs:
3636
sarif-id:
37-
description: The ID of the uploaded SARIF file.
37+
description: The ID of the uploaded Code Scanning SARIF file, if any.
38+
sarif-ids:
39+
description: |
40+
A stringified JSON object containing the SARIF ID for each kind of analysis. For example:
41+
42+
{ "code-scanning": "some-id", "code-quality": "some-other-id" }
3843
runs:
3944
using: node20
4045
main: '../lib/upload-sarif-action.js'

0 commit comments

Comments
 (0)