ci: combine SARIF files for avoiding GitHub limits

GitHub only allows 20 SARIF runs in a single upload. However, our number
of modules already exceeds this limit. Therefore, we combine the
resulting detekt sarif files into a single file with only a single run,
which circumvents this limit.

Author: languitar

.github/workflows/build.yaml

@@ -56,10 +56,18 @@ jobs:
           token: ${{ secrets.GITHUB_TOKEN }}
           title: JVM coverage report
           update-comment: true
+        # We need to combine the SARIF files because GitHub has a limit of 20 runs. Our number of modules + targets
+        # exceeds this limit. Therefore, we combine the individual runs in the SARIF files.
+      - uses: actions/setup-node@v4
+        with:
+          node-version: '20.x'
+      - name: Combine SARIF files
+        run: |
+          npx @microsoft/sarif-multitool merge --merge-runs --output-file merged.sarif  $(find . -iname '*.sarif*')
       - name: Upload SARIF file
         uses: github/codeql-action/upload-sarif@v3
         with:
-          sarif_file: 'build/reports/detekt/'
+          sarif_file: merged.sarif
           category: detekt
 
   test-model-api-gen-gradle:

build.gradle.kts

@@ -170,8 +170,6 @@ subprojects {
 
             reports {
                 sarif.required.set(true)
-                // This is required for the GitHub upload action to easily find all sarif files in a single directory.
-                sarif.outputLocation.set(parentProject.layout.buildDirectory.file("reports/detekt/${project.name}.sarif"))
                 html.required.set(true)
             }
         }