From a7fb33606453f1e33b4105e8dd926e6956fbb5e9 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 9 Sep 2025 15:05:40 +0200 Subject: [PATCH 1/3] Introduce `CODEQL_ACTION_SARIF_DUMP_DIR` Setting it will cause the SARIF files that would be uploaded to be dumped to the specified directory as `upload.sarif` or `upload.quality.sarif`. Crucially, this happens even if uploads are disabled, which is useful for testing. --- lib/analyze-action.js | 210 ++++++++++++++++++------------- lib/init-action-post.js | 193 ++++++++++++++++++----------- lib/upload-lib.js | 202 +++++++++++++++++++----------- lib/upload-sarif-action.js | 200 +++++++++++++++++++----------- src/analyze-action.ts | 22 ++-- src/environment.ts | 6 + src/upload-lib.ts | 248 +++++++++++++++++++++++++------------ 7 files changed, 692 insertions(+), 389 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index fb95211a34..05c2d704a6 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -95562,94 +95562,128 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo } return payloadObj; } -async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) { +async function maybeUploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget, uploadKind) { const sarifPaths = getSarifFilePaths( inputSarifPath, uploadTarget.sarifPredicate ); - return uploadSpecifiedFiles( + return maybeUploadSpecifiedFiles( sarifPaths, checkoutPath, category, features, logger, - uploadTarget + uploadTarget, + uploadKind ); } -async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) { - logger.startGroup(`Uploading ${uploadTarget.name} results`); - logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); - const gitHubVersion = await getGitHubVersion(); - let sarif; - if (sarifPaths.length > 1) { - for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile(sarifPath); - validateSarifFileSchema(parsedSarif, sarifPath, logger); - } - sarif = await combineSarifFilesUsingCLI( - sarifPaths, - gitHubVersion, - features, - logger +async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget, uploadKind) { + const dumpDir = process.env["CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */]; + const upload = uploadKind === "always"; + if (!upload && !dumpDir) { + logger.info(`Skipping upload of ${uploadTarget.name} results`); + return void 0; + } + logger.startGroup(`Processing ${uploadTarget.name} results`); + try { + logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); + const gitHubVersion = await getGitHubVersion(); + let sarif; + if (sarifPaths.length > 1) { + for (const sarifPath of sarifPaths) { + const parsedSarif = readSarifFile(sarifPath); + validateSarifFileSchema(parsedSarif, sarifPath, logger); + } + sarif = await combineSarifFilesUsingCLI( + sarifPaths, + gitHubVersion, + features, + logger + ); + } else { + const sarifPath = sarifPaths[0]; + sarif = readSarifFile(sarifPath); + validateSarifFileSchema(sarif, sarifPath, logger); + await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + } + sarif = filterAlertsByDiffRange(logger, sarif); + sarif = await addFingerprints(sarif, checkoutPath, logger); + const analysisKey = await getAnalysisKey(); + const environment = getRequiredInput("matrix"); + sarif = populateRunAutomationDetails( + sarif, + category, + analysisKey, + environment ); - } else { - const sarifPath = sarifPaths[0]; - sarif = readSarifFile(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); - } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await addFingerprints(sarif, checkoutPath, logger); - const analysisKey = await getAnalysisKey(); - const environment = getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, - category, - analysisKey, - environment - ); - const toolNames = getToolNames(sarif); - logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); - logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); - logger.debug(`Compressing serialized SARIF`); - const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); - const checkoutURI = url.pathToFileURL(checkoutPath).href; - const payload = buildPayload( - await getCommitOid(checkoutPath), - await getRef(), - analysisKey, - getRequiredEnvParam("GITHUB_WORKFLOW"), - zippedSarif, - getWorkflowRunID(), - getWorkflowRunAttempt(), - checkoutURI, - environment, - toolNames, - await determineBaseBranchHeadCommitOid() - ); - const rawUploadSizeBytes = sarifPayload.length; - logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); - const zippedUploadSizeBytes = zippedSarif.length; - logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); - const numResultInSarif = countResultsInSarif(sarifPayload); - logger.debug(`Number of results in upload: ${numResultInSarif}`); - const sarifID = await uploadPayload( - payload, - getRepositoryNwo(), - logger, - uploadTarget.target + const toolNames = getToolNames(sarif); + logger.debug(`Validating that each SARIF run has a unique category`); + validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + if (dumpDir) { + dumpSarifFile(sarif, dumpDir, logger, uploadTarget); + } + if (!upload) { + logger.info( + `Skipping upload of ${uploadTarget.name} results because upload kind is "${uploadKind}"` + ); + return void 0; + } + logger.debug(`Serializing SARIF for upload`); + const sarifPayload = JSON.stringify(sarif); + logger.debug(`Compressing serialized SARIF`); + const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); + const checkoutURI = url.pathToFileURL(checkoutPath).href; + const payload = buildPayload( + await getCommitOid(checkoutPath), + await getRef(), + analysisKey, + getRequiredEnvParam("GITHUB_WORKFLOW"), + zippedSarif, + getWorkflowRunID(), + getWorkflowRunAttempt(), + checkoutURI, + environment, + toolNames, + await determineBaseBranchHeadCommitOid() + ); + const rawUploadSizeBytes = sarifPayload.length; + logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); + const zippedUploadSizeBytes = zippedSarif.length; + logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); + const numResultInSarif = countResultsInSarif(sarifPayload); + logger.debug(`Number of results in upload: ${numResultInSarif}`); + const sarifID = await uploadPayload( + payload, + getRepositoryNwo(), + logger, + uploadTarget.target + ); + return { + statusReport: { + raw_upload_size_bytes: rawUploadSizeBytes, + zipped_upload_size_bytes: zippedUploadSizeBytes, + num_results_in_sarif: numResultInSarif + }, + sarifID + }; + } finally { + logger.endGroup(); + } +} +function dumpSarifFile(sarif, outputDir, logger, uploadTarget) { + if (!fs18.existsSync(outputDir)) { + fs18.mkdirSync(outputDir, { recursive: true }); + } else if (!fs18.lstatSync(outputDir).isDirectory()) { + throw new ConfigurationError( + `The path specified by the CODEQL_ACTION_SARIF_DUMP_DIR environment variable exists and is not a directory: ${outputDir}` + ); + } + const outputFile = path18.resolve( + outputDir, + `upload${uploadTarget.sarifExtension}` ); - logger.endGroup(); - return { - statusReport: { - raw_upload_size_bytes: rawUploadSizeBytes, - zipped_upload_size_bytes: zippedUploadSizeBytes, - num_results_in_sarif: numResultInSarif - }, - sarifID - }; + logger.info(`Dumping processed SARIF file to ${outputFile}`); + fs18.writeFileSync(outputFile, JSON.stringify(sarif, null, 2)); } var STATUS_CHECK_FREQUENCY_MILLISECONDS = 5 * 1e3; var STATUS_CHECK_TIMEOUT_MILLISECONDS = 2 * 60 * 1e3; @@ -95995,21 +96029,26 @@ async function run() { } core14.setOutput("db-locations", dbLocations); core14.setOutput("sarif-output", import_path4.default.resolve(outputDir)); - const uploadInput = getOptionalInput("upload"); - if (runStats && getUploadValue(uploadInput) === "always") { + const uploadInput = getUploadValue( + getOptionalInput("upload") + ); + if (runStats) { if (isCodeScanningEnabled(config)) { - uploadResult = await uploadFiles( + uploadResult = await maybeUploadFiles( outputDir, getRequiredInput("checkout_path"), getOptionalInput("category"), features, logger, - CodeScanning + CodeScanning, + uploadInput ); - core14.setOutput("sarif-id", uploadResult.sarifID); + if (uploadResult) { + core14.setOutput("sarif-id", uploadResult.sarifID); + } } if (isCodeQualityEnabled(config)) { - const qualityUploadResult = await uploadFiles( + const qualityUploadResult = await maybeUploadFiles( outputDir, getRequiredInput("checkout_path"), fixCodeQualityCategory( @@ -96018,12 +96057,15 @@ async function run() { ), features, logger, - CodeQuality + CodeQuality, + uploadInput ); - core14.setOutput("quality-sarif-id", qualityUploadResult.sarifID); + if (qualityUploadResult) { + core14.setOutput("quality-sarif-id", qualityUploadResult.sarifID); + } } } else { - logger.info("Not uploading results"); + logger.info("No query status report, skipping upload"); } await uploadOverlayBaseDatabaseToCache(codeql, config, logger); await uploadDatabases(repositoryNwo, codeql, config, apiDetails, logger); diff --git a/lib/init-action-post.js b/lib/init-action-post.js index cb65274e00..066acf682b 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -133000,93 +133000,138 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo return payloadObj; } async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) { + return maybeUploadFiles( + inputSarifPath, + checkoutPath, + category, + features, + logger, + uploadTarget, + "always" + ); +} +async function maybeUploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget, uploadKind) { const sarifPaths = getSarifFilePaths( inputSarifPath, uploadTarget.sarifPredicate ); - return uploadSpecifiedFiles( + return maybeUploadSpecifiedFiles( sarifPaths, checkoutPath, category, features, logger, - uploadTarget + uploadTarget, + uploadKind ); } -async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) { - logger.startGroup(`Uploading ${uploadTarget.name} results`); - logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); - const gitHubVersion = await getGitHubVersion(); - let sarif; - if (sarifPaths.length > 1) { - for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile(sarifPath); - validateSarifFileSchema(parsedSarif, sarifPath, logger); - } - sarif = await combineSarifFilesUsingCLI( - sarifPaths, - gitHubVersion, - features, - logger +async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget, uploadKind) { + const dumpDir = process.env["CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */]; + const upload = uploadKind === "always"; + if (!upload && !dumpDir) { + logger.info(`Skipping upload of ${uploadTarget.name} results`); + return void 0; + } + logger.startGroup(`Processing ${uploadTarget.name} results`); + try { + logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); + const gitHubVersion = await getGitHubVersion(); + let sarif; + if (sarifPaths.length > 1) { + for (const sarifPath of sarifPaths) { + const parsedSarif = readSarifFile(sarifPath); + validateSarifFileSchema(parsedSarif, sarifPath, logger); + } + sarif = await combineSarifFilesUsingCLI( + sarifPaths, + gitHubVersion, + features, + logger + ); + } else { + const sarifPath = sarifPaths[0]; + sarif = readSarifFile(sarifPath); + validateSarifFileSchema(sarif, sarifPath, logger); + await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + } + sarif = filterAlertsByDiffRange(logger, sarif); + sarif = await addFingerprints(sarif, checkoutPath, logger); + const analysisKey = await getAnalysisKey(); + const environment = getRequiredInput("matrix"); + sarif = populateRunAutomationDetails( + sarif, + category, + analysisKey, + environment ); - } else { - const sarifPath = sarifPaths[0]; - sarif = readSarifFile(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); - } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await addFingerprints(sarif, checkoutPath, logger); - const analysisKey = await getAnalysisKey(); - const environment = getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, - category, - analysisKey, - environment - ); - const toolNames = getToolNames(sarif); - logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); - logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); - logger.debug(`Compressing serialized SARIF`); - const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); - const checkoutURI = url.pathToFileURL(checkoutPath).href; - const payload = buildPayload( - await getCommitOid(checkoutPath), - await getRef(), - analysisKey, - getRequiredEnvParam("GITHUB_WORKFLOW"), - zippedSarif, - getWorkflowRunID(), - getWorkflowRunAttempt(), - checkoutURI, - environment, - toolNames, - await determineBaseBranchHeadCommitOid() - ); - const rawUploadSizeBytes = sarifPayload.length; - logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); - const zippedUploadSizeBytes = zippedSarif.length; - logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); - const numResultInSarif = countResultsInSarif(sarifPayload); - logger.debug(`Number of results in upload: ${numResultInSarif}`); - const sarifID = await uploadPayload( - payload, - getRepositoryNwo(), - logger, - uploadTarget.target + const toolNames = getToolNames(sarif); + logger.debug(`Validating that each SARIF run has a unique category`); + validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + if (dumpDir) { + dumpSarifFile(sarif, dumpDir, logger, uploadTarget); + } + if (!upload) { + logger.info( + `Skipping upload of ${uploadTarget.name} results because upload kind is "${uploadKind}"` + ); + return void 0; + } + logger.debug(`Serializing SARIF for upload`); + const sarifPayload = JSON.stringify(sarif); + logger.debug(`Compressing serialized SARIF`); + const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); + const checkoutURI = url.pathToFileURL(checkoutPath).href; + const payload = buildPayload( + await getCommitOid(checkoutPath), + await getRef(), + analysisKey, + getRequiredEnvParam("GITHUB_WORKFLOW"), + zippedSarif, + getWorkflowRunID(), + getWorkflowRunAttempt(), + checkoutURI, + environment, + toolNames, + await determineBaseBranchHeadCommitOid() + ); + const rawUploadSizeBytes = sarifPayload.length; + logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); + const zippedUploadSizeBytes = zippedSarif.length; + logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); + const numResultInSarif = countResultsInSarif(sarifPayload); + logger.debug(`Number of results in upload: ${numResultInSarif}`); + const sarifID = await uploadPayload( + payload, + getRepositoryNwo(), + logger, + uploadTarget.target + ); + return { + statusReport: { + raw_upload_size_bytes: rawUploadSizeBytes, + zipped_upload_size_bytes: zippedUploadSizeBytes, + num_results_in_sarif: numResultInSarif + }, + sarifID + }; + } finally { + logger.endGroup(); + } +} +function dumpSarifFile(sarif, outputDir, logger, uploadTarget) { + if (!fs17.existsSync(outputDir)) { + fs17.mkdirSync(outputDir, { recursive: true }); + } else if (!fs17.lstatSync(outputDir).isDirectory()) { + throw new ConfigurationError( + `The path specified by the CODEQL_ACTION_SARIF_DUMP_DIR environment variable exists and is not a directory: ${outputDir}` + ); + } + const outputFile = path17.resolve( + outputDir, + `upload${uploadTarget.sarifExtension}` ); - logger.endGroup(); - return { - statusReport: { - raw_upload_size_bytes: rawUploadSizeBytes, - zipped_upload_size_bytes: zippedUploadSizeBytes, - num_results_in_sarif: numResultInSarif - }, - sarifID - }; + logger.info(`Dumping processed SARIF file to ${outputFile}`); + fs17.writeFileSync(outputFile, JSON.stringify(sarif, null, 2)); } var STATUS_CHECK_FREQUENCY_MILLISECONDS = 5 * 1e3; var STATUS_CHECK_TIMEOUT_MILLISECONDS = 2 * 60 * 1e3; diff --git a/lib/upload-lib.js b/lib/upload-lib.js index f18ee06e90..67cdd75f25 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -84782,6 +84782,7 @@ __export(upload_lib_exports, { buildPayload: () => buildPayload, findSarifFilesInDir: () => findSarifFilesInDir, getSarifFilePaths: () => getSarifFilePaths, + maybeUploadFiles: () => maybeUploadFiles, populateRunAutomationDetails: () => populateRunAutomationDetails, readSarifFile: () => readSarifFile, shouldConsiderConfigurationError: () => shouldConsiderConfigurationError, @@ -92372,93 +92373,149 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo return payloadObj; } async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) { + return maybeUploadFiles( + inputSarifPath, + checkoutPath, + category, + features, + logger, + uploadTarget, + "always" + ); +} +async function maybeUploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget, uploadKind) { const sarifPaths = getSarifFilePaths( inputSarifPath, uploadTarget.sarifPredicate ); - return uploadSpecifiedFiles( + return maybeUploadSpecifiedFiles( sarifPaths, checkoutPath, category, features, logger, - uploadTarget + uploadTarget, + uploadKind ); } async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) { - logger.startGroup(`Uploading ${uploadTarget.name} results`); - logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); - const gitHubVersion = await getGitHubVersion(); - let sarif; - if (sarifPaths.length > 1) { - for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile(sarifPath); - validateSarifFileSchema(parsedSarif, sarifPath, logger); - } - sarif = await combineSarifFilesUsingCLI( - sarifPaths, - gitHubVersion, - features, - logger - ); - } else { - const sarifPath = sarifPaths[0]; - sarif = readSarifFile(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); - } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await addFingerprints(sarif, checkoutPath, logger); - const analysisKey = await getAnalysisKey(); - const environment = getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, + return maybeUploadSpecifiedFiles( + sarifPaths, + checkoutPath, category, - analysisKey, - environment - ); - const toolNames = getToolNames(sarif); - logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); - logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); - logger.debug(`Compressing serialized SARIF`); - const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); - const checkoutURI = url.pathToFileURL(checkoutPath).href; - const payload = buildPayload( - await getCommitOid(checkoutPath), - await getRef(), - analysisKey, - getRequiredEnvParam("GITHUB_WORKFLOW"), - zippedSarif, - getWorkflowRunID(), - getWorkflowRunAttempt(), - checkoutURI, - environment, - toolNames, - await determineBaseBranchHeadCommitOid() - ); - const rawUploadSizeBytes = sarifPayload.length; - logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); - const zippedUploadSizeBytes = zippedSarif.length; - logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); - const numResultInSarif = countResultsInSarif(sarifPayload); - logger.debug(`Number of results in upload: ${numResultInSarif}`); - const sarifID = await uploadPayload( - payload, - getRepositoryNwo(), + features, logger, - uploadTarget.target + uploadTarget, + "always" ); - logger.endGroup(); - return { - statusReport: { - raw_upload_size_bytes: rawUploadSizeBytes, - zipped_upload_size_bytes: zippedUploadSizeBytes, - num_results_in_sarif: numResultInSarif - }, - sarifID - }; +} +async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget, uploadKind) { + const dumpDir = process.env["CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */]; + const upload = uploadKind === "always"; + if (!upload && !dumpDir) { + logger.info(`Skipping upload of ${uploadTarget.name} results`); + return void 0; + } + logger.startGroup(`Processing ${uploadTarget.name} results`); + try { + logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); + const gitHubVersion = await getGitHubVersion(); + let sarif; + if (sarifPaths.length > 1) { + for (const sarifPath of sarifPaths) { + const parsedSarif = readSarifFile(sarifPath); + validateSarifFileSchema(parsedSarif, sarifPath, logger); + } + sarif = await combineSarifFilesUsingCLI( + sarifPaths, + gitHubVersion, + features, + logger + ); + } else { + const sarifPath = sarifPaths[0]; + sarif = readSarifFile(sarifPath); + validateSarifFileSchema(sarif, sarifPath, logger); + await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + } + sarif = filterAlertsByDiffRange(logger, sarif); + sarif = await addFingerprints(sarif, checkoutPath, logger); + const analysisKey = await getAnalysisKey(); + const environment = getRequiredInput("matrix"); + sarif = populateRunAutomationDetails( + sarif, + category, + analysisKey, + environment + ); + const toolNames = getToolNames(sarif); + logger.debug(`Validating that each SARIF run has a unique category`); + validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + if (dumpDir) { + dumpSarifFile(sarif, dumpDir, logger, uploadTarget); + } + if (!upload) { + logger.info( + `Skipping upload of ${uploadTarget.name} results because upload kind is "${uploadKind}"` + ); + return void 0; + } + logger.debug(`Serializing SARIF for upload`); + const sarifPayload = JSON.stringify(sarif); + logger.debug(`Compressing serialized SARIF`); + const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); + const checkoutURI = url.pathToFileURL(checkoutPath).href; + const payload = buildPayload( + await getCommitOid(checkoutPath), + await getRef(), + analysisKey, + getRequiredEnvParam("GITHUB_WORKFLOW"), + zippedSarif, + getWorkflowRunID(), + getWorkflowRunAttempt(), + checkoutURI, + environment, + toolNames, + await determineBaseBranchHeadCommitOid() + ); + const rawUploadSizeBytes = sarifPayload.length; + logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); + const zippedUploadSizeBytes = zippedSarif.length; + logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); + const numResultInSarif = countResultsInSarif(sarifPayload); + logger.debug(`Number of results in upload: ${numResultInSarif}`); + const sarifID = await uploadPayload( + payload, + getRepositoryNwo(), + logger, + uploadTarget.target + ); + return { + statusReport: { + raw_upload_size_bytes: rawUploadSizeBytes, + zipped_upload_size_bytes: zippedUploadSizeBytes, + num_results_in_sarif: numResultInSarif + }, + sarifID + }; + } finally { + logger.endGroup(); + } +} +function dumpSarifFile(sarif, outputDir, logger, uploadTarget) { + if (!fs13.existsSync(outputDir)) { + fs13.mkdirSync(outputDir, { recursive: true }); + } else if (!fs13.lstatSync(outputDir).isDirectory()) { + throw new ConfigurationError( + `The path specified by the CODEQL_ACTION_SARIF_DUMP_DIR environment variable exists and is not a directory: ${outputDir}` + ); + } + const outputFile = path14.resolve( + outputDir, + `upload${uploadTarget.sarifExtension}` + ); + logger.info(`Dumping processed SARIF file to ${outputFile}`); + fs13.writeFileSync(outputFile, JSON.stringify(sarif, null, 2)); } var STATUS_CHECK_FREQUENCY_MILLISECONDS = 5 * 1e3; var STATUS_CHECK_TIMEOUT_MILLISECONDS = 2 * 60 * 1e3; @@ -92617,6 +92674,7 @@ function filterAlertsByDiffRange(logger, sarif) { buildPayload, findSarifFilesInDir, getSarifFilePaths, + maybeUploadFiles, populateRunAutomationDetails, readSarifFile, shouldConsiderConfigurationError, diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 9358462484..b72e46244d 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -93073,93 +93073,149 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo return payloadObj; } async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) { + return maybeUploadFiles( + inputSarifPath, + checkoutPath, + category, + features, + logger, + uploadTarget, + "always" + ); +} +async function maybeUploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget, uploadKind) { const sarifPaths = getSarifFilePaths( inputSarifPath, uploadTarget.sarifPredicate ); - return uploadSpecifiedFiles( + return maybeUploadSpecifiedFiles( sarifPaths, checkoutPath, category, features, logger, - uploadTarget + uploadTarget, + uploadKind ); } async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) { - logger.startGroup(`Uploading ${uploadTarget.name} results`); - logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); - const gitHubVersion = await getGitHubVersion(); - let sarif; - if (sarifPaths.length > 1) { - for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile(sarifPath); - validateSarifFileSchema(parsedSarif, sarifPath, logger); - } - sarif = await combineSarifFilesUsingCLI( - sarifPaths, - gitHubVersion, - features, - logger - ); - } else { - const sarifPath = sarifPaths[0]; - sarif = readSarifFile(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); - } - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await addFingerprints(sarif, checkoutPath, logger); - const analysisKey = await getAnalysisKey(); - const environment = getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, + return maybeUploadSpecifiedFiles( + sarifPaths, + checkoutPath, category, - analysisKey, - environment - ); - const toolNames = getToolNames(sarif); - logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); - logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); - logger.debug(`Compressing serialized SARIF`); - const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); - const checkoutURI = url.pathToFileURL(checkoutPath).href; - const payload = buildPayload( - await getCommitOid(checkoutPath), - await getRef(), - analysisKey, - getRequiredEnvParam("GITHUB_WORKFLOW"), - zippedSarif, - getWorkflowRunID(), - getWorkflowRunAttempt(), - checkoutURI, - environment, - toolNames, - await determineBaseBranchHeadCommitOid() - ); - const rawUploadSizeBytes = sarifPayload.length; - logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); - const zippedUploadSizeBytes = zippedSarif.length; - logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); - const numResultInSarif = countResultsInSarif(sarifPayload); - logger.debug(`Number of results in upload: ${numResultInSarif}`); - const sarifID = await uploadPayload( - payload, - getRepositoryNwo(), + features, logger, - uploadTarget.target + uploadTarget, + "always" ); - logger.endGroup(); - return { - statusReport: { - raw_upload_size_bytes: rawUploadSizeBytes, - zipped_upload_size_bytes: zippedUploadSizeBytes, - num_results_in_sarif: numResultInSarif - }, - sarifID - }; +} +async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget, uploadKind) { + const dumpDir = process.env["CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */]; + const upload = uploadKind === "always"; + if (!upload && !dumpDir) { + logger.info(`Skipping upload of ${uploadTarget.name} results`); + return void 0; + } + logger.startGroup(`Processing ${uploadTarget.name} results`); + try { + logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); + const gitHubVersion = await getGitHubVersion(); + let sarif; + if (sarifPaths.length > 1) { + for (const sarifPath of sarifPaths) { + const parsedSarif = readSarifFile(sarifPath); + validateSarifFileSchema(parsedSarif, sarifPath, logger); + } + sarif = await combineSarifFilesUsingCLI( + sarifPaths, + gitHubVersion, + features, + logger + ); + } else { + const sarifPath = sarifPaths[0]; + sarif = readSarifFile(sarifPath); + validateSarifFileSchema(sarif, sarifPath, logger); + await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + } + sarif = filterAlertsByDiffRange(logger, sarif); + sarif = await addFingerprints(sarif, checkoutPath, logger); + const analysisKey = await getAnalysisKey(); + const environment = getRequiredInput("matrix"); + sarif = populateRunAutomationDetails( + sarif, + category, + analysisKey, + environment + ); + const toolNames = getToolNames(sarif); + logger.debug(`Validating that each SARIF run has a unique category`); + validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + if (dumpDir) { + dumpSarifFile(sarif, dumpDir, logger, uploadTarget); + } + if (!upload) { + logger.info( + `Skipping upload of ${uploadTarget.name} results because upload kind is "${uploadKind}"` + ); + return void 0; + } + logger.debug(`Serializing SARIF for upload`); + const sarifPayload = JSON.stringify(sarif); + logger.debug(`Compressing serialized SARIF`); + const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); + const checkoutURI = url.pathToFileURL(checkoutPath).href; + const payload = buildPayload( + await getCommitOid(checkoutPath), + await getRef(), + analysisKey, + getRequiredEnvParam("GITHUB_WORKFLOW"), + zippedSarif, + getWorkflowRunID(), + getWorkflowRunAttempt(), + checkoutURI, + environment, + toolNames, + await determineBaseBranchHeadCommitOid() + ); + const rawUploadSizeBytes = sarifPayload.length; + logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); + const zippedUploadSizeBytes = zippedSarif.length; + logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); + const numResultInSarif = countResultsInSarif(sarifPayload); + logger.debug(`Number of results in upload: ${numResultInSarif}`); + const sarifID = await uploadPayload( + payload, + getRepositoryNwo(), + logger, + uploadTarget.target + ); + return { + statusReport: { + raw_upload_size_bytes: rawUploadSizeBytes, + zipped_upload_size_bytes: zippedUploadSizeBytes, + num_results_in_sarif: numResultInSarif + }, + sarifID + }; + } finally { + logger.endGroup(); + } +} +function dumpSarifFile(sarif, outputDir, logger, uploadTarget) { + if (!fs14.existsSync(outputDir)) { + fs14.mkdirSync(outputDir, { recursive: true }); + } else if (!fs14.lstatSync(outputDir).isDirectory()) { + throw new ConfigurationError( + `The path specified by the CODEQL_ACTION_SARIF_DUMP_DIR environment variable exists and is not a directory: ${outputDir}` + ); + } + const outputFile = path15.resolve( + outputDir, + `upload${uploadTarget.sarifExtension}` + ); + logger.info(`Dumping processed SARIF file to ${outputFile}`); + fs14.writeFileSync(outputFile, JSON.stringify(sarif, null, 2)); } var STATUS_CHECK_FREQUENCY_MILLISECONDS = 5 * 1e3; var STATUS_CHECK_TIMEOUT_MILLISECONDS = 2 * 60 * 1e3; diff --git a/src/analyze-action.ts b/src/analyze-action.ts index f93072d723..7fed886e73 100644 --- a/src/analyze-action.ts +++ b/src/analyze-action.ts @@ -330,22 +330,27 @@ async function run() { } core.setOutput("db-locations", dbLocations); core.setOutput("sarif-output", path.resolve(outputDir)); - const uploadInput = actionsUtil.getOptionalInput("upload"); - if (runStats && actionsUtil.getUploadValue(uploadInput) === "always") { + const uploadInput = actionsUtil.getUploadValue( + actionsUtil.getOptionalInput("upload"), + ); + if (runStats) { if (isCodeScanningEnabled(config)) { - uploadResult = await uploadLib.uploadFiles( + uploadResult = await uploadLib.maybeUploadFiles( outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.getOptionalInput("category"), features, logger, analyses.CodeScanning, + uploadInput, ); - core.setOutput("sarif-id", uploadResult.sarifID); + if (uploadResult) { + core.setOutput("sarif-id", uploadResult.sarifID); + } } if (isCodeQualityEnabled(config)) { - const qualityUploadResult = await uploadLib.uploadFiles( + const qualityUploadResult = await uploadLib.maybeUploadFiles( outputDir, actionsUtil.getRequiredInput("checkout_path"), actionsUtil.fixCodeQualityCategory( @@ -355,11 +360,14 @@ async function run() { features, logger, analyses.CodeQuality, + uploadInput, ); - core.setOutput("quality-sarif-id", qualityUploadResult.sarifID); + if (qualityUploadResult) { + core.setOutput("quality-sarif-id", qualityUploadResult.sarifID); + } } } else { - logger.info("Not uploading results"); + logger.info("No query status report, skipping upload"); } // Possibly upload the overlay-base database to actions cache. diff --git a/src/environment.ts b/src/environment.ts index f25e7270da..e78c367244 100644 --- a/src/environment.ts +++ b/src/environment.ts @@ -119,4 +119,10 @@ export enum EnvVar { * Whether to enable experimental extractors for CodeQL. */ EXPERIMENTAL_FEATURES = "CODEQL_ENABLE_EXPERIMENTAL_FEATURES", + + /** + * Whether and where to dump the processed SARIF file that would be uploaded, regardless of + * whether the upload is disabled. This is intended for testing and debugging purposes. + */ + SARIF_DUMP_DIR = "CODEQL_ACTION_SARIF_DUMP_DIR", } diff --git a/src/upload-lib.ts b/src/upload-lib.ts index 8939e16944..7eed5faa3e 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -623,18 +623,44 @@ export async function uploadFiles( logger: Logger, uploadTarget: analyses.AnalysisConfig, ): Promise { + return maybeUploadFiles( + inputSarifPath, + checkoutPath, + category, + features, + logger, + uploadTarget, + "always", + ) as Promise; +} + +/** + * Uploads a single SARIF file or a directory of SARIF files depending on what `inputSarifPath` refers + * to. It will only upload if `uploadKind === "always"`, and return `undefined` otherwise. However + * if `CODEQL_ACTION_SARIF_DUMP_DIR` is set, it will unconditionally process the input sarif files. + */ +export async function maybeUploadFiles( + inputSarifPath: string, + checkoutPath: string, + category: string | undefined, + features: FeatureEnablement, + logger: Logger, + uploadTarget: analyses.AnalysisConfig, + uploadKind: actionsUtil.UploadKind, +): Promise { const sarifPaths = getSarifFilePaths( inputSarifPath, uploadTarget.sarifPredicate, ); - return uploadSpecifiedFiles( + return maybeUploadSpecifiedFiles( sarifPaths, checkoutPath, category, features, logger, uploadTarget, + uploadKind, ); } @@ -649,97 +675,159 @@ export async function uploadSpecifiedFiles( logger: Logger, uploadTarget: analyses.AnalysisConfig, ): Promise { - logger.startGroup(`Uploading ${uploadTarget.name} results`); - logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); + return maybeUploadSpecifiedFiles( + sarifPaths, + checkoutPath, + category, + features, + logger, + uploadTarget, + "always", + ) as Promise; +} + +async function maybeUploadSpecifiedFiles( + sarifPaths: string[], + checkoutPath: string, + category: string | undefined, + features: FeatureEnablement, + logger: Logger, + uploadTarget: analyses.AnalysisConfig, + uploadKind: actionsUtil.UploadKind, +): Promise { + const dumpDir = process.env[EnvVar.SARIF_DUMP_DIR]; + const upload = uploadKind === "always"; + if (!upload && !dumpDir) { + logger.info(`Skipping upload of ${uploadTarget.name} results`); + return undefined; + } + + logger.startGroup(`Processing ${uploadTarget.name} results`); + try { + logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); + + const gitHubVersion = await getGitHubVersion(); + + let sarif: SarifFile; - const gitHubVersion = await getGitHubVersion(); + if (sarifPaths.length > 1) { + // Validate that the files we were asked to upload are all valid SARIF files + for (const sarifPath of sarifPaths) { + const parsedSarif = readSarifFile(sarifPath); + validateSarifFileSchema(parsedSarif, sarifPath, logger); + } - let sarif: SarifFile; + sarif = await combineSarifFilesUsingCLI( + sarifPaths, + gitHubVersion, + features, + logger, + ); + } else { + const sarifPath = sarifPaths[0]; + sarif = readSarifFile(sarifPath); + validateSarifFileSchema(sarif, sarifPath, logger); - if (sarifPaths.length > 1) { - // Validate that the files we were asked to upload are all valid SARIF files - for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile(sarifPath); - validateSarifFileSchema(parsedSarif, sarifPath, logger); + // Validate that there are no runs for the same category + await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); } - sarif = await combineSarifFilesUsingCLI( - sarifPaths, - gitHubVersion, - features, - logger, + sarif = filterAlertsByDiffRange(logger, sarif); + sarif = await fingerprints.addFingerprints(sarif, checkoutPath, logger); + + const analysisKey = await api.getAnalysisKey(); + const environment = actionsUtil.getRequiredInput("matrix"); + sarif = populateRunAutomationDetails( + sarif, + category, + analysisKey, + environment, ); - } else { - const sarifPath = sarifPaths[0]; - sarif = readSarifFile(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - // Validate that there are no runs for the same category - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); - } + const toolNames = util.getToolNames(sarif); - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await fingerprints.addFingerprints(sarif, checkoutPath, logger); + logger.debug(`Validating that each SARIF run has a unique category`); + validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + if (dumpDir) { + dumpSarifFile(sarif, dumpDir, logger, uploadTarget); + } + if (!upload) { + logger.info( + `Skipping upload of ${uploadTarget.name} results because upload kind is "${uploadKind}"`, + ); + return undefined; + } + logger.debug(`Serializing SARIF for upload`); + const sarifPayload = JSON.stringify(sarif); + logger.debug(`Compressing serialized SARIF`); + const zippedSarif = zlib.gzipSync(sarifPayload).toString("base64"); + const checkoutURI = url.pathToFileURL(checkoutPath).href; + + const payload = buildPayload( + await gitUtils.getCommitOid(checkoutPath), + await gitUtils.getRef(), + analysisKey, + util.getRequiredEnvParam("GITHUB_WORKFLOW"), + zippedSarif, + actionsUtil.getWorkflowRunID(), + actionsUtil.getWorkflowRunAttempt(), + checkoutURI, + environment, + toolNames, + await gitUtils.determineBaseBranchHeadCommitOid(), + ); - const analysisKey = await api.getAnalysisKey(); - const environment = actionsUtil.getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, - category, - analysisKey, - environment, - ); + // Log some useful debug info about the info + const rawUploadSizeBytes = sarifPayload.length; + logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); + const zippedUploadSizeBytes = zippedSarif.length; + logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); + const numResultInSarif = countResultsInSarif(sarifPayload); + logger.debug(`Number of results in upload: ${numResultInSarif}`); + + // Make the upload + const sarifID = await uploadPayload( + payload, + getRepositoryNwo(), + logger, + uploadTarget.target, + ); - const toolNames = util.getToolNames(sarif); - - logger.debug(`Validating that each SARIF run has a unique category`); - validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); - logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); - logger.debug(`Compressing serialized SARIF`); - const zippedSarif = zlib.gzipSync(sarifPayload).toString("base64"); - const checkoutURI = url.pathToFileURL(checkoutPath).href; - - const payload = buildPayload( - await gitUtils.getCommitOid(checkoutPath), - await gitUtils.getRef(), - analysisKey, - util.getRequiredEnvParam("GITHUB_WORKFLOW"), - zippedSarif, - actionsUtil.getWorkflowRunID(), - actionsUtil.getWorkflowRunAttempt(), - checkoutURI, - environment, - toolNames, - await gitUtils.determineBaseBranchHeadCommitOid(), - ); + return { + statusReport: { + raw_upload_size_bytes: rawUploadSizeBytes, + zipped_upload_size_bytes: zippedUploadSizeBytes, + num_results_in_sarif: numResultInSarif, + }, + sarifID, + }; + } finally { + logger.endGroup(); + } +} - // Log some useful debug info about the info - const rawUploadSizeBytes = sarifPayload.length; - logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`); - const zippedUploadSizeBytes = zippedSarif.length; - logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`); - const numResultInSarif = countResultsInSarif(sarifPayload); - logger.debug(`Number of results in upload: ${numResultInSarif}`); - - // Make the upload - const sarifID = await uploadPayload( - payload, - getRepositoryNwo(), - logger, - uploadTarget.target, +/** + * Dumps the given processed SARIF file contents to `outputDir`. + */ +function dumpSarifFile( + sarif: SarifFile, + outputDir: string, + logger: Logger, + uploadTarget: analyses.AnalysisConfig, +) { + if (!fs.existsSync(outputDir)) { + fs.mkdirSync(outputDir, { recursive: true }); + } else if (!fs.lstatSync(outputDir).isDirectory()) { + throw new ConfigurationError( + `The path specified by the CODEQL_ACTION_SARIF_DUMP_DIR environment variable exists and is not a directory: ${outputDir}`, + ); + } + const outputFile = path.resolve( + outputDir, + `upload${uploadTarget.sarifExtension}`, ); - - logger.endGroup(); - - return { - statusReport: { - raw_upload_size_bytes: rawUploadSizeBytes, - zipped_upload_size_bytes: zippedUploadSizeBytes, - num_results_in_sarif: numResultInSarif, - }, - sarifID, - }; + logger.info(`Dumping processed SARIF file to ${outputFile}`); + fs.writeFileSync(outputFile, JSON.stringify(sarif, null, 2)); } const STATUS_CHECK_FREQUENCY_MILLISECONDS = 5 * 1000; From 33a31c1c92e9fdf0f6f2e4ce256f2a60442a0d90 Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Tue, 9 Sep 2025 17:05:44 +0200 Subject: [PATCH 2/3] Do not prettify dumped SARIF file --- lib/analyze-action.js | 10 +++++----- lib/init-action-post.js | 10 +++++----- lib/upload-lib.js | 10 +++++----- lib/upload-sarif-action.js | 10 +++++----- src/upload-lib.ts | 10 +++++----- 5 files changed, 25 insertions(+), 25 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 05c2d704a6..0bfb66aace 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -95619,8 +95619,10 @@ async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, fea const toolNames = getToolNames(sarif); logger.debug(`Validating that each SARIF run has a unique category`); validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + logger.debug(`Serializing SARIF for upload`); + const sarifPayload = JSON.stringify(sarif); if (dumpDir) { - dumpSarifFile(sarif, dumpDir, logger, uploadTarget); + dumpSarifFile(sarifPayload, dumpDir, logger, uploadTarget); } if (!upload) { logger.info( @@ -95628,8 +95630,6 @@ async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, fea ); return void 0; } - logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); logger.debug(`Compressing serialized SARIF`); const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); const checkoutURI = url.pathToFileURL(checkoutPath).href; @@ -95670,7 +95670,7 @@ async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, fea logger.endGroup(); } } -function dumpSarifFile(sarif, outputDir, logger, uploadTarget) { +function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { if (!fs18.existsSync(outputDir)) { fs18.mkdirSync(outputDir, { recursive: true }); } else if (!fs18.lstatSync(outputDir).isDirectory()) { @@ -95683,7 +95683,7 @@ function dumpSarifFile(sarif, outputDir, logger, uploadTarget) { `upload${uploadTarget.sarifExtension}` ); logger.info(`Dumping processed SARIF file to ${outputFile}`); - fs18.writeFileSync(outputFile, JSON.stringify(sarif, null, 2)); + fs18.writeFileSync(outputFile, sarifPayload); } var STATUS_CHECK_FREQUENCY_MILLISECONDS = 5 * 1e3; var STATUS_CHECK_TIMEOUT_MILLISECONDS = 2 * 60 * 1e3; diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 066acf682b..52d67086c3 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -133067,8 +133067,10 @@ async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, fea const toolNames = getToolNames(sarif); logger.debug(`Validating that each SARIF run has a unique category`); validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + logger.debug(`Serializing SARIF for upload`); + const sarifPayload = JSON.stringify(sarif); if (dumpDir) { - dumpSarifFile(sarif, dumpDir, logger, uploadTarget); + dumpSarifFile(sarifPayload, dumpDir, logger, uploadTarget); } if (!upload) { logger.info( @@ -133076,8 +133078,6 @@ async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, fea ); return void 0; } - logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); logger.debug(`Compressing serialized SARIF`); const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); const checkoutURI = url.pathToFileURL(checkoutPath).href; @@ -133118,7 +133118,7 @@ async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, fea logger.endGroup(); } } -function dumpSarifFile(sarif, outputDir, logger, uploadTarget) { +function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { if (!fs17.existsSync(outputDir)) { fs17.mkdirSync(outputDir, { recursive: true }); } else if (!fs17.lstatSync(outputDir).isDirectory()) { @@ -133131,7 +133131,7 @@ function dumpSarifFile(sarif, outputDir, logger, uploadTarget) { `upload${uploadTarget.sarifExtension}` ); logger.info(`Dumping processed SARIF file to ${outputFile}`); - fs17.writeFileSync(outputFile, JSON.stringify(sarif, null, 2)); + fs17.writeFileSync(outputFile, sarifPayload); } var STATUS_CHECK_FREQUENCY_MILLISECONDS = 5 * 1e3; var STATUS_CHECK_TIMEOUT_MILLISECONDS = 2 * 60 * 1e3; diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 67cdd75f25..d7ce92e9c1 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -92451,8 +92451,10 @@ async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, fea const toolNames = getToolNames(sarif); logger.debug(`Validating that each SARIF run has a unique category`); validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + logger.debug(`Serializing SARIF for upload`); + const sarifPayload = JSON.stringify(sarif); if (dumpDir) { - dumpSarifFile(sarif, dumpDir, logger, uploadTarget); + dumpSarifFile(sarifPayload, dumpDir, logger, uploadTarget); } if (!upload) { logger.info( @@ -92460,8 +92462,6 @@ async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, fea ); return void 0; } - logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); logger.debug(`Compressing serialized SARIF`); const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); const checkoutURI = url.pathToFileURL(checkoutPath).href; @@ -92502,7 +92502,7 @@ async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, fea logger.endGroup(); } } -function dumpSarifFile(sarif, outputDir, logger, uploadTarget) { +function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { if (!fs13.existsSync(outputDir)) { fs13.mkdirSync(outputDir, { recursive: true }); } else if (!fs13.lstatSync(outputDir).isDirectory()) { @@ -92515,7 +92515,7 @@ function dumpSarifFile(sarif, outputDir, logger, uploadTarget) { `upload${uploadTarget.sarifExtension}` ); logger.info(`Dumping processed SARIF file to ${outputFile}`); - fs13.writeFileSync(outputFile, JSON.stringify(sarif, null, 2)); + fs13.writeFileSync(outputFile, sarifPayload); } var STATUS_CHECK_FREQUENCY_MILLISECONDS = 5 * 1e3; var STATUS_CHECK_TIMEOUT_MILLISECONDS = 2 * 60 * 1e3; diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index b72e46244d..a6881c4c64 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -93151,8 +93151,10 @@ async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, fea const toolNames = getToolNames(sarif); logger.debug(`Validating that each SARIF run has a unique category`); validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + logger.debug(`Serializing SARIF for upload`); + const sarifPayload = JSON.stringify(sarif); if (dumpDir) { - dumpSarifFile(sarif, dumpDir, logger, uploadTarget); + dumpSarifFile(sarifPayload, dumpDir, logger, uploadTarget); } if (!upload) { logger.info( @@ -93160,8 +93162,6 @@ async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, fea ); return void 0; } - logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); logger.debug(`Compressing serialized SARIF`); const zippedSarif = import_zlib.default.gzipSync(sarifPayload).toString("base64"); const checkoutURI = url.pathToFileURL(checkoutPath).href; @@ -93202,7 +93202,7 @@ async function maybeUploadSpecifiedFiles(sarifPaths, checkoutPath, category, fea logger.endGroup(); } } -function dumpSarifFile(sarif, outputDir, logger, uploadTarget) { +function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { if (!fs14.existsSync(outputDir)) { fs14.mkdirSync(outputDir, { recursive: true }); } else if (!fs14.lstatSync(outputDir).isDirectory()) { @@ -93215,7 +93215,7 @@ function dumpSarifFile(sarif, outputDir, logger, uploadTarget) { `upload${uploadTarget.sarifExtension}` ); logger.info(`Dumping processed SARIF file to ${outputFile}`); - fs14.writeFileSync(outputFile, JSON.stringify(sarif, null, 2)); + fs14.writeFileSync(outputFile, sarifPayload); } var STATUS_CHECK_FREQUENCY_MILLISECONDS = 5 * 1e3; var STATUS_CHECK_TIMEOUT_MILLISECONDS = 2 * 60 * 1e3; diff --git a/src/upload-lib.ts b/src/upload-lib.ts index 7eed5faa3e..f1b9eb4b90 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -748,8 +748,10 @@ async function maybeUploadSpecifiedFiles( logger.debug(`Validating that each SARIF run has a unique category`); validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); + logger.debug(`Serializing SARIF for upload`); + const sarifPayload = JSON.stringify(sarif); if (dumpDir) { - dumpSarifFile(sarif, dumpDir, logger, uploadTarget); + dumpSarifFile(sarifPayload, dumpDir, logger, uploadTarget); } if (!upload) { logger.info( @@ -757,8 +759,6 @@ async function maybeUploadSpecifiedFiles( ); return undefined; } - logger.debug(`Serializing SARIF for upload`); - const sarifPayload = JSON.stringify(sarif); logger.debug(`Compressing serialized SARIF`); const zippedSarif = zlib.gzipSync(sarifPayload).toString("base64"); const checkoutURI = url.pathToFileURL(checkoutPath).href; @@ -810,7 +810,7 @@ async function maybeUploadSpecifiedFiles( * Dumps the given processed SARIF file contents to `outputDir`. */ function dumpSarifFile( - sarif: SarifFile, + sarifPayload: string, outputDir: string, logger: Logger, uploadTarget: analyses.AnalysisConfig, @@ -827,7 +827,7 @@ function dumpSarifFile( `upload${uploadTarget.sarifExtension}`, ); logger.info(`Dumping processed SARIF file to ${outputFile}`); - fs.writeFileSync(outputFile, JSON.stringify(sarif, null, 2)); + fs.writeFileSync(outputFile, sarifPayload); } const STATUS_CHECK_FREQUENCY_MILLISECONDS = 5 * 1000; From 53b268a8f03c26d30249868099dac82219cf3b1d Mon Sep 17 00:00:00 2001 From: Paolo Tranquilli Date: Fri, 12 Sep 2025 12:28:03 +0200 Subject: [PATCH 3/3] Prepare for merge from main --- lib/analyze-action.js | 2 +- lib/init-action-post.js | 2 +- lib/upload-lib.js | 2 +- lib/upload-sarif-action.js | 2 +- src/upload-lib.ts | 4 +++- 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 0bfb66aace..d79056a20c 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -95675,7 +95675,7 @@ function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { fs18.mkdirSync(outputDir, { recursive: true }); } else if (!fs18.lstatSync(outputDir).isDirectory()) { throw new ConfigurationError( - `The path specified by the CODEQL_ACTION_SARIF_DUMP_DIR environment variable exists and is not a directory: ${outputDir}` + `The path specified by the ${"CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */} environment variable exists and is not a directory: ${outputDir}` ); } const outputFile = path18.resolve( diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 52d67086c3..f761edef2e 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -133123,7 +133123,7 @@ function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { fs17.mkdirSync(outputDir, { recursive: true }); } else if (!fs17.lstatSync(outputDir).isDirectory()) { throw new ConfigurationError( - `The path specified by the CODEQL_ACTION_SARIF_DUMP_DIR environment variable exists and is not a directory: ${outputDir}` + `The path specified by the ${"CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */} environment variable exists and is not a directory: ${outputDir}` ); } const outputFile = path17.resolve( diff --git a/lib/upload-lib.js b/lib/upload-lib.js index d7ce92e9c1..e312beccb2 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -92507,7 +92507,7 @@ function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { fs13.mkdirSync(outputDir, { recursive: true }); } else if (!fs13.lstatSync(outputDir).isDirectory()) { throw new ConfigurationError( - `The path specified by the CODEQL_ACTION_SARIF_DUMP_DIR environment variable exists and is not a directory: ${outputDir}` + `The path specified by the ${"CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */} environment variable exists and is not a directory: ${outputDir}` ); } const outputFile = path14.resolve( diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index a6881c4c64..624b843fdd 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -93207,7 +93207,7 @@ function dumpSarifFile(sarifPayload, outputDir, logger, uploadTarget) { fs14.mkdirSync(outputDir, { recursive: true }); } else if (!fs14.lstatSync(outputDir).isDirectory()) { throw new ConfigurationError( - `The path specified by the CODEQL_ACTION_SARIF_DUMP_DIR environment variable exists and is not a directory: ${outputDir}` + `The path specified by the ${"CODEQL_ACTION_SARIF_DUMP_DIR" /* SARIF_DUMP_DIR */} environment variable exists and is not a directory: ${outputDir}` ); } const outputFile = path15.resolve( diff --git a/src/upload-lib.ts b/src/upload-lib.ts index f1b9eb4b90..19f6cd2d05 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -750,9 +750,11 @@ async function maybeUploadSpecifiedFiles( validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); logger.debug(`Serializing SARIF for upload`); const sarifPayload = JSON.stringify(sarif); + if (dumpDir) { dumpSarifFile(sarifPayload, dumpDir, logger, uploadTarget); } + if (!upload) { logger.info( `Skipping upload of ${uploadTarget.name} results because upload kind is "${uploadKind}"`, @@ -819,7 +821,7 @@ function dumpSarifFile( fs.mkdirSync(outputDir, { recursive: true }); } else if (!fs.lstatSync(outputDir).isDirectory()) { throw new ConfigurationError( - `The path specified by the CODEQL_ACTION_SARIF_DUMP_DIR environment variable exists and is not a directory: ${outputDir}`, + `The path specified by the ${EnvVar.SARIF_DUMP_DIR} environment variable exists and is not a directory: ${outputDir}`, ); } const outputFile = path.resolve(