Write processed SARIF files if post-process-output input is provided

Author: mbg

lib/analyze-action.js

@@ -353,6 +353,7 @@ async function run() {
         checkoutPath,
         outputDir,
         category,
+        actionsUtil.getOptionalInput("post-process-output"),
       );
 
       core.setOutput(

lib/init-action-post.js

@@ -758,6 +758,36 @@ export async function postProcessSarifFiles(
   return { sarif, analysisKey, environment };
 }
 
+/**
+ * Writes the processed SARIF file to disk, if needed based on `pathInput` or the `SARIF_DUMP_DIR`.
+ *
+ * @param logger The logger to use.
+ * @param pathInput The input provided for `post-process-output`.
+ * @param uploadTarget The upload target.
+ * @param processingResults The results of post-processing SARIF files.
+ */
+export async function writeProcessedFiles(
+  logger: Logger,
+  pathInput: string | undefined,
+  uploadTarget: analyses.AnalysisConfig,
+  processingResults: PostProcessingResults,
+) {
+  // If there's an explicit input, use that. Otherwise, use the value from the environment variable.
+  const outputPath = pathInput || process.env[EnvVar.SARIF_DUMP_DIR];
+
+  // If we have an output path, write the SARIF file to it.
+  if (outputPath !== undefined) {
+    dumpSarifFile(
+      JSON.stringify(processingResults.sarif),
+      outputPath,
+      logger,
+      uploadTarget,
+    );
+  } else {
+    logger.debug(`Not writing processed SARIF files.`);
+  }
+}
+
 /**
  * Uploads a single SARIF file or a directory of SARIF files depending on what `inputSarifPath` refers
  * to.
@@ -840,11 +870,6 @@ export async function uploadProcessedFiles(
   logger.debug(`Serializing SARIF for upload`);
   const sarifPayload = JSON.stringify(sarif);
 
-  const dumpDir = process.env[EnvVar.SARIF_DUMP_DIR];
-  if (dumpDir) {
-    dumpSarifFile(sarifPayload, dumpDir, logger, uploadTarget);
-  }
-
   logger.debug(`Compressing serialized SARIF`);
   const zippedSarif = zlib.gzipSync(sarifPayload).toString("base64");
   const checkoutURI = url.pathToFileURL(checkoutPath).href;
@@ -904,14 +929,14 @@ function dumpSarifFile(
     fs.mkdirSync(outputDir, { recursive: true });
   } else if (!fs.lstatSync(outputDir).isDirectory()) {
     throw new ConfigurationError(
-      `The path specified by the ${EnvVar.SARIF_DUMP_DIR} environment variable exists and is not a directory: ${outputDir}`,
+      `The path that processed SARIF files should be written to exists, but is not a directory: ${outputDir}`,
     );
   }
   const outputFile = path.resolve(
     outputDir,
     `upload${uploadTarget.sarifExtension}`,
   );
-  logger.info(`Dumping processed SARIF file to ${outputFile}`);
+  logger.info(`Writing processed SARIF file to ${outputFile}`);
   fs.writeFileSync(outputFile, sarifPayload);
 }
 

lib/upload-lib.js

@@ -19,6 +19,7 @@ export type UploadSarifResults = Partial<
  * @param checkoutPath The path where the repository was checked out at.
  * @param sarifPath The path to the file or directory to upload.
  * @param category The analysis category.
+ * @param processedOutputPath The path to a directory to which the post-processed SARIF files should be written to.
  *
  * @returns A partial mapping from analysis kinds to the upload results.
  */
@@ -29,6 +30,7 @@ export async function uploadSarif(
   checkoutPath: string,
   sarifPath: string,
   category?: string,
+  processedOutputPath?: string,
 ): Promise<UploadSarifResults> {
   const sarifGroups = await upload_lib.getGroupedSarifFilePaths(
     logger,
@@ -49,6 +51,15 @@ export async function uploadSarif(
       analysisConfig,
     );
 
+    // Write the processed SARIF files to disk. This will only write them if needed based on user inputs
+    // or environment variables.
+    await upload_lib.writeProcessedFiles(
+      logger,
+      processedOutputPath,
+      analysisConfig,
+      processingResults,
+    );
+
     // Only perform the actual upload of the processed files, if `uploadKind` is `always`.
     if (uploadKind === "always") {
       uploadResults[analysisKind] = await upload_lib.uploadProcessedFiles(