Skip to content

Find, then filter, SARIF files for upload-sarif Action #3167

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

Find, then filter, SARIF files for upload-sarif Action #3167

wants to merge 7 commits into from

Conversation

mbg
Copy link
Member

@mbg mbg commented Sep 29, 2025
edited
Loading

This PR changes the approach used by upload-sarif to simplify the complexity of the implementation:

Instead of using findAndUpload, which finds files relevant to an analysis and uploads them, for Code Scanning and Code Quality in turn, the implementation in this PR is based around a new getGroupedSarifFilePaths function which:

  • Finds all .sarif files.
  • Decides which analysis they belong to.

We then loop through the results of getGroupedSarifFilePaths and upload the SARIF files to the respective endpoint.

Risk assessment

For internal use only. Please select the risk level of this change:

  • Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Merge / deployment checklist

  • Confirm this change is backwards compatible with existing workflows.
  • Consider adding a changelog entry for this change.
  • Confirm the readme and docs have been updated if necessary.

@mbg mbg self-assigned this Sep 29, 2025
@mbg mbg force-pushed the mbg/upload-sarif/find-then-filter branch from 6b42eb8 to 2ba3c8b Compare September 29, 2025 12:04
Base automatically changed from mbg/upload-sarif/add-tests to main September 29, 2025 14:06
@mbg mbg force-pushed the mbg/upload-sarif/find-then-filter branch from 2ba3c8b to 93711d3 Compare September 29, 2025 14:07
@mbg mbg requested review from esbena and henrymercer September 29, 2025 14:11
@mbg mbg marked this pull request as ready for review September 29, 2025 14:11
@mbg mbg requested a review from a team as a code owner September 29, 2025 14:11
@Copilot Copilot AI review requested due to automatic review settings September 29, 2025 14:11
@mbg mbg mentioned this pull request Sep 29, 2025
Closed
Copilot
Copilot AI reviewed Sep 29, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR refactors the upload-sarif Action's approach by introducing a "find, then filter" strategy that simplifies the implementation while maintaining backward compatibility.

  • Replaces the complex findAndUpload function with a new getGroupedSarifFilePaths function that finds all SARIF files first, then categorizes them by analysis type
  • Streamlines the upload logic by processing grouped SARIF files in a single loop
  • Moves category fixing logic into the analysis configuration objects for better organization

Reviewed Changes

Copilot reviewed 12 out of 12 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
src/util.ts Adds typed helper functions for Object.keys and Object.entries
src/upload-sarif.ts Refactors main upload logic to use new grouping approach, removes findAndUpload function
src/upload-sarif.test.ts Updates tests to reflect new API structure and removes findAndUpload tests
src/upload-lib.ts Implements new getGroupedSarifFilePaths function and moves category fixing to uploadSpecifiedFiles
src/upload-lib.test.ts Adds comprehensive tests for the new grouping functionality
src/analyze.ts Updates to use analysis-specific category fixing method
src/analyze-action.ts Simplifies quality upload by removing duplicate category fixing
src/analyses.ts Adds fixCategory method to analysis configs and introduces helper functions
Generated JS files Compiled output reflecting TypeScript changes

src/upload-lib.ts
} else {
for (const analysisConfig of analyses.SarifScanOrder) {
if (
analysisConfig.kind === analyses.AnalysisKind.CodeScanning ||
Copy link
Preview

Copilot AI Sep 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The hardcoded check for CodeScanning analysis kind breaks the abstraction pattern. Consider adding a isDefaultAnalysis property to the analysis configuration or restructuring the logic to avoid special-casing specific analysis types.

Suggested change
analysisConfig.kind === analyses.AnalysisKind.CodeScanning ||
analysisConfig.isDefaultAnalysis ||

Copilot uses AI. Check for mistakes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

@esbena esbena Awaiting requested review from esbena

@henrymercer henrymercer Awaiting requested review from henrymercer

At least 1 approving review is required to merge this pull request.

Assignees

@mbg mbg

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@mbg