diff --git a/lib/analyze-action.js b/lib/analyze-action.js index b9613ab30c..fd7a163aeb 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -95581,98 +95581,113 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo } return payloadObj; } -async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) { +async function maybeUploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget, uploadKind) { const sarifPaths = getSarifFilePaths( inputSarifPath, uploadTarget.sarifPredicate ); - return uploadSpecifiedFiles( + return maybeUploadSpecifiedFiles( sarifPaths, checkoutPath, category, features, logger, - uploadTarget + uploadTarget, + uploadKind ); } -async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) { - logger.startGroup(`Uploading ${uploadTarget.name} results`); - logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); - const gitHubVersion = await getGitHubVersion(); - let sarif; - if (sarifPaths.length > 1) { - for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile(sarifPath); - validateSarifFileSchema(parsedSarif, sarifPath, logger); - } - sarif = await combineSarifFilesUsingCLI( - sarifPaths, - gitHubVersion, - features, - logger - ); - } else { - const sarifPath = sarifPaths[0]; - sarif = readSarifFile(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); - } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await addFingerprints(sarif, checkoutPath, logger); - const analysisKey = await getAnalysisKey(); - const environment = getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, - category, - analysisKey, - environment - ); - const toolNames = getToolNames(sarif); - logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); - logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); +async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget, uploadKind) { const dumpDir = process.env["CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */]; - if (dumpDir) { - dumpSarifFile(sarifPayload, dumpDir, logger, uploadTarget); - } - logger.debug(`Compressing serialized SARIF`); - const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); - const checkoutURI = url.pathToFileURL(checkoutPath).href; - const payload = buildPayload( - await getCommitOid(checkoutPath), - await getRef(), - analysisKey, - getRequiredEnvParam("GITHUB_WORKFLOW"), - zippedSarif, - getWorkflowRunID(), - getWorkflowRunAttempt(), - checkoutURI, - environment, - toolNames, - await determineBaseBranchHeadCommitOid() - ); - const rawUploadSizeBytes = sarifPayload.length; - logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); - const zippedUploadSizeBytes = zippedSarif.length; - logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); - const numResultInSarif = countResultsInSarif(sarifPayload); - logger.debug(`Number of results in upload: ${numResultInSarif}`); - const sarifID = await uploadPayload( - payload, - getRepositoryNwo(), - logger, - uploadTarget.target - ); - logger.endGroup(); - return { - statusReport: { - raw_upload_size_bytes: rawUploadSizeBytes, - zipped_upload_size_bytes: zippedUploadSizeBytes, - num_results_in_sarif: numResultInSarif - }, - sarifID - }; + const upload = uploadKind === "always"; + if (!upload && !dumpDir) { + logger.info(`Skipping upload of ${uploadTarget.name} results`); + return void 0; + } + logger.startGroup(`Processing ${uploadTarget.name} results`); + try { + logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); + const gitHubVersion = await getGitHubVersion(); + let sarif; + if (sarifPaths.length > 1) { + for (const sarifPath of sarifPaths) { + const parsedSarif = readSarifFile(sarifPath); + validateSarifFileSchema(parsedSarif, sarifPath, logger); + } + sarif = await combineSarifFilesUsingCLI( + sarifPaths, + gitHubVersion, + features, + logger + ); + } else { + const sarifPath = sarifPaths[0]; + sarif = readSarifFile(sarifPath); + validateSarifFileSchema(sarif, sarifPath, logger); + await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + } + sarif = filterAlertsByDiffRange(logger, sarif); + sarif = await addFingerprints(sarif, checkoutPath, logger); + const analysisKey = await getAnalysisKey(); + const environment = getRequiredInput("matrix"); + sarif = populateRunAutomationDetails( + sarif, + category, + analysisKey, + environment + ); + const toolNames = getToolNames(sarif); + logger.debug(`Validating that each SARIF run has a unique category`); + validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + logger.debug(`Serializing SARIF for upload`); + const sarifPayload = JSON.stringify(sarif); + if (dumpDir) { + dumpSarifFile(sarifPayload, dumpDir, logger, uploadTarget); + } + if (!upload) { + logger.info( + `Skipping upload of ${uploadTarget.name} results because upload kind is "${uploadKind}"` + ); + return void 0; + } + logger.debug(`Compressing serialized SARIF`); + const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); + const checkoutURI = url.pathToFileURL(checkoutPath).href; + const payload = buildPayload( + await getCommitOid(checkoutPath), + await getRef(), + analysisKey, + getRequiredEnvParam("GITHUB_WORKFLOW"), + zippedSarif, + getWorkflowRunID(), + getWorkflowRunAttempt(), + checkoutURI, + environment, + toolNames, + await determineBaseBranchHeadCommitOid() + ); + const rawUploadSizeBytes = sarifPayload.length; + logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); + const zippedUploadSizeBytes = zippedSarif.length; + logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); + const numResultInSarif = countResultsInSarif(sarifPayload); + logger.debug(`Number of results in upload: ${numResultInSarif}`); + const sarifID = await uploadPayload( + payload, + getRepositoryNwo(), + logger, + uploadTarget.target + ); + return { + statusReport: { + raw_upload_size_bytes: rawUploadSizeBytes, + zipped_upload_size_bytes: zippedUploadSizeBytes, + num_results_in_sarif: numResultInSarif + }, + sarifID + }; + } finally { + logger.endGroup(); + } } function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { if (!fs18.existsSync(outputDir)) { @@ -96033,21 +96048,26 @@ async function run() { } core14.setOutput("db-locations", dbLocations); core14.setOutput("sarif-output", import_path4.default.resolve(outputDir)); - const uploadInput = getOptionalInput("upload"); - if (runStats && getUploadValue(uploadInput) === "always") { + const uploadInput = getUploadValue( + getOptionalInput("upload") + ); + if (runStats) { if (isCodeScanningEnabled(config)) { - uploadResult = await uploadFiles( + uploadResult = await maybeUploadFiles( outputDir, getRequiredInput("checkout_path"), getOptionalInput("category"), features, logger, - CodeScanning + CodeScanning, + uploadInput ); - core14.setOutput("sarif-id", uploadResult.sarifID); + if (uploadResult) { + core14.setOutput("sarif-id", uploadResult.sarifID); + } } if (isCodeQualityEnabled(config)) { - const qualityUploadResult = await uploadFiles( + const qualityUploadResult = await maybeUploadFiles( outputDir, getRequiredInput("checkout_path"), fixCodeQualityCategory( @@ -96056,12 +96076,15 @@ async function run() { ), features, logger, - CodeQuality + CodeQuality, + uploadInput ); - core14.setOutput("quality-sarif-id", qualityUploadResult.sarifID); + if (qualityUploadResult) { + core14.setOutput("quality-sarif-id", qualityUploadResult.sarifID); + } } } else { - logger.info("Not uploading results"); + logger.info("No query status report, skipping upload"); } await uploadOverlayBaseDatabaseToCache(codeql, config, logger); await uploadDatabases(repositoryNwo, codeql, config, apiDetails, logger); diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 2ce7f2c692..c5c5b87bf8 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -133019,97 +133019,123 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo return payloadObj; } async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) { + return maybeUploadFiles( + inputSarifPath, + checkoutPath, + category, + features, + logger, + uploadTarget, + "always" + ); +} +async function maybeUploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget, uploadKind) { const sarifPaths = getSarifFilePaths( inputSarifPath, uploadTarget.sarifPredicate ); - return uploadSpecifiedFiles( + return maybeUploadSpecifiedFiles( sarifPaths, checkoutPath, category, features, logger, - uploadTarget + uploadTarget, + uploadKind ); } -async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) { - logger.startGroup(`Uploading ${uploadTarget.name} results`); - logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); - const gitHubVersion = await getGitHubVersion(); - let sarif; - if (sarifPaths.length > 1) { - for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile(sarifPath); - validateSarifFileSchema(parsedSarif, sarifPath, logger); - } - sarif = await combineSarifFilesUsingCLI( - sarifPaths, - gitHubVersion, - features, - logger - ); - } else { - const sarifPath = sarifPaths[0]; - sarif = readSarifFile(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); - } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await addFingerprints(sarif, checkoutPath, logger); - const analysisKey = await getAnalysisKey(); - const environment = getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, - category, - analysisKey, - environment - ); - const toolNames = getToolNames(sarif); - logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); - logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); +async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget, uploadKind) { const dumpDir = process.env["CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */]; - if (dumpDir) { - dumpSarifFile(sarifPayload, dumpDir, logger, uploadTarget); - } - logger.debug(`Compressing serialized SARIF`); - const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); - const checkoutURI = url.pathToFileURL(checkoutPath).href; - const payload = buildPayload( - await getCommitOid(checkoutPath), - await getRef(), - analysisKey, - getRequiredEnvParam("GITHUB_WORKFLOW"), - zippedSarif, - getWorkflowRunID(), - getWorkflowRunAttempt(), - checkoutURI, - environment, - toolNames, - await determineBaseBranchHeadCommitOid() - ); - const rawUploadSizeBytes = sarifPayload.length; - logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); - const zippedUploadSizeBytes = zippedSarif.length; - logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); - const numResultInSarif = countResultsInSarif(sarifPayload); - logger.debug(`Number of results in upload: ${numResultInSarif}`); - const sarifID = await uploadPayload( - payload, - getRepositoryNwo(), - logger, - uploadTarget.target - ); - logger.endGroup(); - return { - statusReport: { - raw_upload_size_bytes: rawUploadSizeBytes, - zipped_upload_size_bytes: zippedUploadSizeBytes, - num_results_in_sarif: numResultInSarif - }, - sarifID - }; + const upload = uploadKind === "always"; + if (!upload && !dumpDir) { + logger.info(`Skipping upload of ${uploadTarget.name} results`); + return void 0; + } + logger.startGroup(`Processing ${uploadTarget.name} results`); + try { + logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); + const gitHubVersion = await getGitHubVersion(); + let sarif; + if (sarifPaths.length > 1) { + for (const sarifPath of sarifPaths) { + const parsedSarif = readSarifFile(sarifPath); + validateSarifFileSchema(parsedSarif, sarifPath, logger); + } + sarif = await combineSarifFilesUsingCLI( + sarifPaths, + gitHubVersion, + features, + logger + ); + } else { + const sarifPath = sarifPaths[0]; + sarif = readSarifFile(sarifPath); + validateSarifFileSchema(sarif, sarifPath, logger); + await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + } + sarif = filterAlertsByDiffRange(logger, sarif); + sarif = await addFingerprints(sarif, checkoutPath, logger); + const analysisKey = await getAnalysisKey(); + const environment = getRequiredInput("matrix"); + sarif = populateRunAutomationDetails( + sarif, + category, + analysisKey, + environment + ); + const toolNames = getToolNames(sarif); + logger.debug(`Validating that each SARIF run has a unique category`); + validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + logger.debug(`Serializing SARIF for upload`); + const sarifPayload = JSON.stringify(sarif); + if (dumpDir) { + dumpSarifFile(sarifPayload, dumpDir, logger, uploadTarget); + } + if (!upload) { + logger.info( + `Skipping upload of ${uploadTarget.name} results because upload kind is "${uploadKind}"` + ); + return void 0; + } + logger.debug(`Compressing serialized SARIF`); + const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); + const checkoutURI = url.pathToFileURL(checkoutPath).href; + const payload = buildPayload( + await getCommitOid(checkoutPath), + await getRef(), + analysisKey, + getRequiredEnvParam("GITHUB_WORKFLOW"), + zippedSarif, + getWorkflowRunID(), + getWorkflowRunAttempt(), + checkoutURI, + environment, + toolNames, + await determineBaseBranchHeadCommitOid() + ); + const rawUploadSizeBytes = sarifPayload.length; + logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); + const zippedUploadSizeBytes = zippedSarif.length; + logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); + const numResultInSarif = countResultsInSarif(sarifPayload); + logger.debug(`Number of results in upload: ${numResultInSarif}`); + const sarifID = await uploadPayload( + payload, + getRepositoryNwo(), + logger, + uploadTarget.target + ); + return { + statusReport: { + raw_upload_size_bytes: rawUploadSizeBytes, + zipped_upload_size_bytes: zippedUploadSizeBytes, + num_results_in_sarif: numResultInSarif + }, + sarifID + }; + } finally { + logger.endGroup(); + } } function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { if (!fs17.existsSync(outputDir)) { diff --git a/lib/upload-lib.js b/lib/upload-lib.js index fd8be1bd60..53f1ceedf5 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -84782,6 +84782,7 @@ __export(upload_lib_exports, { buildPayload: () => buildPayload, findSarifFilesInDir: () => findSarifFilesInDir, getSarifFilePaths: () => getSarifFilePaths, + maybeUploadFiles: () => maybeUploadFiles, populateRunAutomationDetails: () => populateRunAutomationDetails, readSarifFile: () => readSarifFile, shouldConsiderConfigurationError: () => shouldConsiderConfigurationError, @@ -92391,97 +92392,134 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo return payloadObj; } async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) { + return maybeUploadFiles( + inputSarifPath, + checkoutPath, + category, + features, + logger, + uploadTarget, + "always" + ); +} +async function maybeUploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget, uploadKind) { const sarifPaths = getSarifFilePaths( inputSarifPath, uploadTarget.sarifPredicate ); - return uploadSpecifiedFiles( + return maybeUploadSpecifiedFiles( sarifPaths, checkoutPath, category, features, logger, - uploadTarget + uploadTarget, + uploadKind ); } async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) { - logger.startGroup(`Uploading ${uploadTarget.name} results`); - logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); - const gitHubVersion = await getGitHubVersion(); - let sarif; - if (sarifPaths.length > 1) { - for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile(sarifPath); - validateSarifFileSchema(parsedSarif, sarifPath, logger); - } - sarif = await combineSarifFilesUsingCLI( - sarifPaths, - gitHubVersion, - features, - logger - ); - } else { - const sarifPath = sarifPaths[0]; - sarif = readSarifFile(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); - } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await addFingerprints(sarif, checkoutPath, logger); - const analysisKey = await getAnalysisKey(); - const environment = getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, + return maybeUploadSpecifiedFiles( + sarifPaths, + checkoutPath, category, - analysisKey, - environment - ); - const toolNames = getToolNames(sarif); - logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); - logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); - const dumpDir = process.env["CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */]; - if (dumpDir) { - dumpSarifFile(sarifPayload, dumpDir, logger, uploadTarget); - } - logger.debug(`Compressing serialized SARIF`); - const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); - const checkoutURI = url.pathToFileURL(checkoutPath).href; - const payload = buildPayload( - await getCommitOid(checkoutPath), - await getRef(), - analysisKey, - getRequiredEnvParam("GITHUB_WORKFLOW"), - zippedSarif, - getWorkflowRunID(), - getWorkflowRunAttempt(), - checkoutURI, - environment, - toolNames, - await determineBaseBranchHeadCommitOid() - ); - const rawUploadSizeBytes = sarifPayload.length; - logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); - const zippedUploadSizeBytes = zippedSarif.length; - logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); - const numResultInSarif = countResultsInSarif(sarifPayload); - logger.debug(`Number of results in upload: ${numResultInSarif}`); - const sarifID = await uploadPayload( - payload, - getRepositoryNwo(), + features, logger, - uploadTarget.target + uploadTarget, + "always" ); - logger.endGroup(); - return { - statusReport: { - raw_upload_size_bytes: rawUploadSizeBytes, - zipped_upload_size_bytes: zippedUploadSizeBytes, - num_results_in_sarif: numResultInSarif - }, - sarifID - }; +} +async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget, uploadKind) { + const dumpDir = process.env["CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */]; + const upload = uploadKind === "always"; + if (!upload && !dumpDir) { + logger.info(`Skipping upload of ${uploadTarget.name} results`); + return void 0; + } + logger.startGroup(`Processing ${uploadTarget.name} results`); + try { + logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); + const gitHubVersion = await getGitHubVersion(); + let sarif; + if (sarifPaths.length > 1) { + for (const sarifPath of sarifPaths) { + const parsedSarif = readSarifFile(sarifPath); + validateSarifFileSchema(parsedSarif, sarifPath, logger); + } + sarif = await combineSarifFilesUsingCLI( + sarifPaths, + gitHubVersion, + features, + logger + ); + } else { + const sarifPath = sarifPaths[0]; + sarif = readSarifFile(sarifPath); + validateSarifFileSchema(sarif, sarifPath, logger); + await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + } + sarif = filterAlertsByDiffRange(logger, sarif); + sarif = await addFingerprints(sarif, checkoutPath, logger); + const analysisKey = await getAnalysisKey(); + const environment = getRequiredInput("matrix"); + sarif = populateRunAutomationDetails( + sarif, + category, + analysisKey, + environment + ); + const toolNames = getToolNames(sarif); + logger.debug(`Validating that each SARIF run has a unique category`); + validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + logger.debug(`Serializing SARIF for upload`); + const sarifPayload = JSON.stringify(sarif); + if (dumpDir) { + dumpSarifFile(sarifPayload, dumpDir, logger, uploadTarget); + } + if (!upload) { + logger.info( + `Skipping upload of ${uploadTarget.name} results because upload kind is "${uploadKind}"` + ); + return void 0; + } + logger.debug(`Compressing serialized SARIF`); + const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); + const checkoutURI = url.pathToFileURL(checkoutPath).href; + const payload = buildPayload( + await getCommitOid(checkoutPath), + await getRef(), + analysisKey, + getRequiredEnvParam("GITHUB_WORKFLOW"), + zippedSarif, + getWorkflowRunID(), + getWorkflowRunAttempt(), + checkoutURI, + environment, + toolNames, + await determineBaseBranchHeadCommitOid() + ); + const rawUploadSizeBytes = sarifPayload.length; + logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); + const zippedUploadSizeBytes = zippedSarif.length; + logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); + const numResultInSarif = countResultsInSarif(sarifPayload); + logger.debug(`Number of results in upload: ${numResultInSarif}`); + const sarifID = await uploadPayload( + payload, + getRepositoryNwo(), + logger, + uploadTarget.target + ); + return { + statusReport: { + raw_upload_size_bytes: rawUploadSizeBytes, + zipped_upload_size_bytes: zippedUploadSizeBytes, + num_results_in_sarif: numResultInSarif + }, + sarifID + }; + } finally { + logger.endGroup(); + } } function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { if (!fs13.existsSync(outputDir)) { @@ -92655,6 +92693,7 @@ function filterAlertsByDiffRange(logger, sarif) { buildPayload, findSarifFilesInDir, getSarifFilePaths, + maybeUploadFiles, populateRunAutomationDetails, readSarifFile, shouldConsiderConfigurationError, diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index edf8de1d36..06080a84b3 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -93092,97 +93092,134 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo return payloadObj; } async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) { + return maybeUploadFiles( + inputSarifPath, + checkoutPath, + category, + features, + logger, + uploadTarget, + "always" + ); +} +async function maybeUploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget, uploadKind) { const sarifPaths = getSarifFilePaths( inputSarifPath, uploadTarget.sarifPredicate ); - return uploadSpecifiedFiles( + return maybeUploadSpecifiedFiles( sarifPaths, checkoutPath, category, features, logger, - uploadTarget + uploadTarget, + uploadKind ); } async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) { - logger.startGroup(`Uploading ${uploadTarget.name} results`); - logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); - const gitHubVersion = await getGitHubVersion(); - let sarif; - if (sarifPaths.length > 1) { - for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile(sarifPath); - validateSarifFileSchema(parsedSarif, sarifPath, logger); - } - sarif = await combineSarifFilesUsingCLI( - sarifPaths, - gitHubVersion, - features, - logger - ); - } else { - const sarifPath = sarifPaths[0]; - sarif = readSarifFile(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); - } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await addFingerprints(sarif, checkoutPath, logger); - const analysisKey = await getAnalysisKey(); - const environment = getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, + return maybeUploadSpecifiedFiles( + sarifPaths, + checkoutPath, category, - analysisKey, - environment - ); - const toolNames = getToolNames(sarif); - logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); - logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); - const dumpDir = process.env["CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */]; - if (dumpDir) { - dumpSarifFile(sarifPayload, dumpDir, logger, uploadTarget); - } - logger.debug(`Compressing serialized SARIF`); - const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); - const checkoutURI = url.pathToFileURL(checkoutPath).href; - const payload = buildPayload( - await getCommitOid(checkoutPath), - await getRef(), - analysisKey, - getRequiredEnvParam("GITHUB_WORKFLOW"), - zippedSarif, - getWorkflowRunID(), - getWorkflowRunAttempt(), - checkoutURI, - environment, - toolNames, - await determineBaseBranchHeadCommitOid() - ); - const rawUploadSizeBytes = sarifPayload.length; - logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); - const zippedUploadSizeBytes = zippedSarif.length; - logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); - const numResultInSarif = countResultsInSarif(sarifPayload); - logger.debug(`Number of results in upload: ${numResultInSarif}`); - const sarifID = await uploadPayload( - payload, - getRepositoryNwo(), + features, logger, - uploadTarget.target + uploadTarget, + "always" ); - logger.endGroup(); - return { - statusReport: { - raw_upload_size_bytes: rawUploadSizeBytes, - zipped_upload_size_bytes: zippedUploadSizeBytes, - num_results_in_sarif: numResultInSarif - }, - sarifID - }; +} +async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget, uploadKind) { + const dumpDir = process.env["CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */]; + const upload = uploadKind === "always"; + if (!upload && !dumpDir) { + logger.info(`Skipping upload of ${uploadTarget.name} results`); + return void 0; + } + logger.startGroup(`Processing ${uploadTarget.name} results`); + try { + logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); + const gitHubVersion = await getGitHubVersion(); + let sarif; + if (sarifPaths.length > 1) { + for (const sarifPath of sarifPaths) { + const parsedSarif = readSarifFile(sarifPath); + validateSarifFileSchema(parsedSarif, sarifPath, logger); + } + sarif = await combineSarifFilesUsingCLI( + sarifPaths, + gitHubVersion, + features, + logger + ); + } else { + const sarifPath = sarifPaths[0]; + sarif = readSarifFile(sarifPath); + validateSarifFileSchema(sarif, sarifPath, logger); + await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + } + sarif = filterAlertsByDiffRange(logger, sarif); + sarif = await addFingerprints(sarif, checkoutPath, logger); + const analysisKey = await getAnalysisKey(); + const environment = getRequiredInput("matrix"); + sarif = populateRunAutomationDetails( + sarif, + category, + analysisKey, + environment + ); + const toolNames = getToolNames(sarif); + logger.debug(`Validating that each SARIF run has a unique category`); + validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + logger.debug(`Serializing SARIF for upload`); + const sarifPayload = JSON.stringify(sarif); + if (dumpDir) { + dumpSarifFile(sarifPayload, dumpDir, logger, uploadTarget); + } + if (!upload) { + logger.info( + `Skipping upload of ${uploadTarget.name} results because upload kind is "${uploadKind}"` + ); + return void 0; + } + logger.debug(`Compressing serialized SARIF`); + const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); + const checkoutURI = url.pathToFileURL(checkoutPath).href; + const payload = buildPayload( + await getCommitOid(checkoutPath), + await getRef(), + analysisKey, + getRequiredEnvParam("GITHUB_WORKFLOW"), + zippedSarif, + getWorkflowRunID(), + getWorkflowRunAttempt(), + checkoutURI, + environment, + toolNames, + await determineBaseBranchHeadCommitOid() + ); + const rawUploadSizeBytes = sarifPayload.length; + logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); + const zippedUploadSizeBytes = zippedSarif.length; + logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); + const numResultInSarif = countResultsInSarif(sarifPayload); + logger.debug(`Number of results in upload: ${numResultInSarif}`); + const sarifID = await uploadPayload( + payload, + getRepositoryNwo(), + logger, + uploadTarget.target + ); + return { + statusReport: { + raw_upload_size_bytes: rawUploadSizeBytes, + zipped_upload_size_bytes: zippedUploadSizeBytes, + num_results_in_sarif: numResultInSarif + }, + sarifID + }; + } finally { + logger.endGroup(); + } } function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { if (!fs14.existsSync(outputDir)) { diff --git a/src/analyze-action.ts b/src/analyze-action.ts index f93072d723..7fed886e73 100644 --- a/src/analyze-action.ts +++ b/src/analyze-action.ts @@ -330,22 +330,27 @@ async function run() { } core.setOutput("db-locations", dbLocations); core.setOutput("sarif-output", path.resolve(outputDir)); - const uploadInput = actionsUtil.getOptionalInput("upload"); - if (runStats && actionsUtil.getUploadValue(uploadInput) === "always") { + const uploadInput = actionsUtil.getUploadValue( + actionsUtil.getOptionalInput("upload"), + ); + if (runStats) { if (isCodeScanningEnabled(config)) { - uploadResult = await uploadLib.uploadFiles( + uploadResult = await uploadLib.maybeUploadFiles( outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), features, logger, analyses.CodeScanning, + uploadInput, ); - core.setOutput("sarif-id", uploadResult.sarifID); + if (uploadResult) { + core.setOutput("sarif-id", uploadResult.sarifID); + } } if (isCodeQualityEnabled(config)) { - const qualityUploadResult = await uploadLib.uploadFiles( + const qualityUploadResult = await uploadLib.maybeUploadFiles( outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.fixCodeQualityCategory( @@ -355,11 +360,14 @@ async function run() { features, logger, analyses.CodeQuality, + uploadInput, ); - core.setOutput("quality-sarif-id", qualityUploadResult.sarifID); + if (qualityUploadResult) { + core.setOutput("quality-sarif-id", qualityUploadResult.sarifID); + } } } else { - logger.info("Not uploading results"); + logger.info("No query status report, skipping upload"); } // Possibly upload the overlay-base database to actions cache. diff --git a/src/upload-lib.ts b/src/upload-lib.ts index 650e7a803a..19f6cd2d05 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -623,18 +623,44 @@ export async function uploadFiles( logger: Logger, uploadTarget: analyses.AnalysisConfig, ): Promise { + return maybeUploadFiles( + inputSarifPath, + checkoutPath, + category, + features, + logger, + uploadTarget, + "always", + ) as Promise; +} + +/** + * Uploads a single SARIF file or a directory of SARIF files depending on what `inputSarifPath` refers + * to. It will only upload if `uploadKind === "always"`, and return `undefined` otherwise. However + * if `CODEQL_ACTION_SARIF_DUMP_DIR` is set, it will unconditionally process the input sarif files. + */ +export async function maybeUploadFiles( + inputSarifPath: string, + checkoutPath: string, + category: string | undefined, + features: FeatureEnablement, + logger: Logger, + uploadTarget: analyses.AnalysisConfig, + uploadKind: actionsUtil.UploadKind, +): Promise { const sarifPaths = getSarifFilePaths( inputSarifPath, uploadTarget.sarifPredicate, ); - return uploadSpecifiedFiles( + return maybeUploadSpecifiedFiles( sarifPaths, checkoutPath, category, features, logger, uploadTarget, + uploadKind, ); } @@ -649,103 +675,137 @@ export async function uploadSpecifiedFiles( logger: Logger, uploadTarget: analyses.AnalysisConfig, ): Promise { - logger.startGroup(`Uploading ${uploadTarget.name} results`); - logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); + return maybeUploadSpecifiedFiles( + sarifPaths, + checkoutPath, + category, + features, + logger, + uploadTarget, + "always", + ) as Promise; +} - const gitHubVersion = await getGitHubVersion(); +async function maybeUploadSpecifiedFiles( + sarifPaths: string[], + checkoutPath: string, + category: string | undefined, + features: FeatureEnablement, + logger: Logger, + uploadTarget: analyses.AnalysisConfig, + uploadKind: actionsUtil.UploadKind, +): Promise { + const dumpDir = process.env[EnvVar.SARIF_DUMP_DIR]; + const upload = uploadKind === "always"; + if (!upload && !dumpDir) { + logger.info(`Skipping upload of ${uploadTarget.name} results`); + return undefined; + } - let sarif: SarifFile; + logger.startGroup(`Processing ${uploadTarget.name} results`); + try { + logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); - if (sarifPaths.length > 1) { - // Validate that the files we were asked to upload are all valid SARIF files - for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile(sarifPath); - validateSarifFileSchema(parsedSarif, sarifPath, logger); - } + const gitHubVersion = await getGitHubVersion(); - sarif = await combineSarifFilesUsingCLI( - sarifPaths, - gitHubVersion, - features, - logger, - ); - } else { - const sarifPath = sarifPaths[0]; - sarif = readSarifFile(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); + let sarif: SarifFile; - // Validate that there are no runs for the same category - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); - } + if (sarifPaths.length > 1) { + // Validate that the files we were asked to upload are all valid SARIF files + for (const sarifPath of sarifPaths) { + const parsedSarif = readSarifFile(sarifPath); + validateSarifFileSchema(parsedSarif, sarifPath, logger); + } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await fingerprints.addFingerprints(sarif, checkoutPath, logger); + sarif = await combineSarifFilesUsingCLI( + sarifPaths, + gitHubVersion, + features, + logger, + ); + } else { + const sarifPath = sarifPaths[0]; + sarif = readSarifFile(sarifPath); + validateSarifFileSchema(sarif, sarifPath, logger); - const analysisKey = await api.getAnalysisKey(); - const environment = actionsUtil.getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, - category, - analysisKey, - environment, - ); + // Validate that there are no runs for the same category + await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + } - const toolNames = util.getToolNames(sarif); + sarif = filterAlertsByDiffRange(logger, sarif); + sarif = await fingerprints.addFingerprints(sarif, checkoutPath, logger); - logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); - logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); + const analysisKey = await api.getAnalysisKey(); + const environment = actionsUtil.getRequiredInput("matrix"); + sarif = populateRunAutomationDetails( + sarif, + category, + analysisKey, + environment, + ); - const dumpDir = process.env[EnvVar.SARIF_DUMP_DIR]; - if (dumpDir) { - dumpSarifFile(sarifPayload, dumpDir, logger, uploadTarget); - } + const toolNames = util.getToolNames(sarif); - logger.debug(`Compressing serialized SARIF`); - const zippedSarif = zlib.gzipSync(sarifPayload).toString("base64"); - const checkoutURI = url.pathToFileURL(checkoutPath).href; - - const payload = buildPayload( - await gitUtils.getCommitOid(checkoutPath), - await gitUtils.getRef(), - analysisKey, - util.getRequiredEnvParam("GITHUB_WORKFLOW"), - zippedSarif, - actionsUtil.getWorkflowRunID(), - actionsUtil.getWorkflowRunAttempt(), - checkoutURI, - environment, - toolNames, - await gitUtils.determineBaseBranchHeadCommitOid(), - ); + logger.debug(`Validating that each SARIF run has a unique category`); + validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + logger.debug(`Serializing SARIF for upload`); + const sarifPayload = JSON.stringify(sarif); - // Log some useful debug info about the info - const rawUploadSizeBytes = sarifPayload.length; - logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); - const zippedUploadSizeBytes = zippedSarif.length; - logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); - const numResultInSarif = countResultsInSarif(sarifPayload); - logger.debug(`Number of results in upload: ${numResultInSarif}`); - - // Make the upload - const sarifID = await uploadPayload( - payload, - getRepositoryNwo(), - logger, - uploadTarget.target, - ); + if (dumpDir) { + dumpSarifFile(sarifPayload, dumpDir, logger, uploadTarget); + } - logger.endGroup(); + if (!upload) { + logger.info( + `Skipping upload of ${uploadTarget.name} results because upload kind is "${uploadKind}"`, + ); + return undefined; + } + logger.debug(`Compressing serialized SARIF`); + const zippedSarif = zlib.gzipSync(sarifPayload).toString("base64"); + const checkoutURI = url.pathToFileURL(checkoutPath).href; + + const payload = buildPayload( + await gitUtils.getCommitOid(checkoutPath), + await gitUtils.getRef(), + analysisKey, + util.getRequiredEnvParam("GITHUB_WORKFLOW"), + zippedSarif, + actionsUtil.getWorkflowRunID(), + actionsUtil.getWorkflowRunAttempt(), + checkoutURI, + environment, + toolNames, + await gitUtils.determineBaseBranchHeadCommitOid(), + ); - return { - statusReport: { - raw_upload_size_bytes: rawUploadSizeBytes, - zipped_upload_size_bytes: zippedUploadSizeBytes, - num_results_in_sarif: numResultInSarif, - }, - sarifID, - }; + // Log some useful debug info about the info + const rawUploadSizeBytes = sarifPayload.length; + logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); + const zippedUploadSizeBytes = zippedSarif.length; + logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); + const numResultInSarif = countResultsInSarif(sarifPayload); + logger.debug(`Number of results in upload: ${numResultInSarif}`); + + // Make the upload + const sarifID = await uploadPayload( + payload, + getRepositoryNwo(), + logger, + uploadTarget.target, + ); + + return { + statusReport: { + raw_upload_size_bytes: rawUploadSizeBytes, + zipped_upload_size_bytes: zippedUploadSizeBytes, + num_results_in_sarif: numResultInSarif, + }, + sarifID, + }; + } finally { + logger.endGroup(); + } } /**