Introduce CODEQL_ACTION_SKIP_SARIF_UPLOAD

src/environment.ts

@@ -128,4 +128,10 @@ export enum EnvVar {
    * whether the upload is disabled. This is intended for testing and debugging purposes.
    */
   SARIF_DUMP_DIR = "CODEQL_ACTION_SARIF_DUMP_DIR",
+
+  /**
+   * Whether to skip uploading SARIF results to GitHub. Intended for testing purposes.
+   * This setting is implied by `CODEQL_ACTION_TEST_MODE`, but is more specific.
+   */
+  SKIP_SARIF_UPLOAD = "CODEQL_ACTION_SKIP_SARIF_UPLOAD",
 }

src/init-action-post-helper.ts

@@ -19,8 +19,8 @@ import {
   delay,
   getErrorMessage,
   getRequiredEnvParam,
-  isInTestMode,
   parseMatrixInput,
+  getSarifUploadSkipReason,
   wrapError,
 } from "./util";
 import {
@@ -80,11 +80,14 @@ async function maybeUploadFailedSarif(
   if (
     !["always", "failure-only"].includes(
       actionsUtil.getUploadValue(shouldUpload),
-    ) ||
-    isInTestMode()
+    )
   ) {
     return { upload_failed_run_skipped_because: "SARIF upload is disabled" };
   }
+  const skipReason = getSarifUploadSkipReason();
+  if (skipReason) {
+    return { upload_failed_run_skipped_because: skipReason };
+  }
   const category = getCategoryInputOrThrow(workflow, jobName, matrix);
   const checkoutPath = getCheckoutPathInputOrThrow(workflow, jobName, matrix);
   const databasePath = config.dbLocation;

src/upload-lib.ts

@@ -356,18 +356,17 @@ async function uploadPayload(
 ): Promise<string> {
   logger.info("Uploading results");
 
-  // If in test mode we don't want to upload the results
-  if (util.isInTestMode()) {
+  // If in test mode we don't want to upload the results,
+  const skipReason = util.getSarifUploadSkipReason();
+  if (skipReason) {
     const payloadSaveFile = path.join(
       actionsUtil.getTemporaryDirectory(),
       "payload.json",
     );
-    logger.info(
-      `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}`,
-    );
+    logger.info(`${skipReason}. Saving to ${payloadSaveFile}`);
     logger.info(`Payload: ${JSON.stringify(payload, null, 2)}`);
     fs.writeFileSync(payloadSaveFile, JSON.stringify(payload, null, 2));
-    return "test-mode-sarif-id";
+    return "dummy-sarif-id";
   }
 
   const client = api.getApiClient();

src/upload-sarif-action.ts

@@ -23,7 +23,7 @@ import {
   checkDiskUsage,
   getErrorMessage,
   initializeEnvironment,
-  isInTestMode,
+  getSarifUploadSkipReason,
   wrapError,
 } from "./util";
 
@@ -113,8 +113,9 @@ async function run() {
     core.setOutput("sarif-ids", JSON.stringify(uploadResults));
 
     // We don't upload results in test mode, so don't wait for processing
-    if (isInTestMode()) {
-      core.debug("In test mode. Waiting for processing is disabled.");
+    const skipReason = getSarifUploadSkipReason();
+    if (skipReason) {
+      core.debug(`${skipReason}. Waiting for processing is disabled.`);
     } else if (actionsUtil.getRequiredInput("wait-for-processing") === "true") {
       if (codeScanningResult !== undefined) {
         await upload_lib.waitForProcessing(

src/util.ts

@@ -764,12 +764,25 @@ export function isGoodVersion(versionSpec: string) {
 /**
  * Returns whether we are in test mode. This is used by CodeQL Action PR checks.
  *
- * In test mode, we don't upload SARIF results or status reports to the GitHub API.
+ * In test mode, we skip several uploads (SARIF results, status reports, DBs, ...).
  */
 export function isInTestMode(): boolean {
   return process.env[EnvVar.TEST_MODE] === "true";
 }
 
+/**
+ * Returns whether we specifically want to skip uploading SARIF files, and if so, why.
+ */
+export function getSarifUploadSkipReason(): string | null {
+  if (isInTestMode()) {
+    return `SARIF upload is disabled via ${EnvVar.TEST_MODE}`;
+  }
+  if (process.env[EnvVar.SKIP_SARIF_UPLOAD] === "true") {
+    return `SARIF upload is disabled via ${EnvVar.SKIP_SARIF_UPLOAD}`;
+  }
+  return null;
+}
+
 /**
  * Get the testing environment.
  *