Delete analysis after uploading

The analysis is purposefully failing. We don't want a failed analysis
sitting in the security center since this can cause some internal
checks to erroneously fail.

lib/init-action-post-helper.js

@@ -26,10 +26,12 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.run = exports.tryUploadSarifIfRunFailed = void 0;
 const core = __importStar(require("@actions/core"));
 const actionsUtil = __importStar(require("./actions-util"));
+const api_client_1 = require("./api-client");
 const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const environment_1 = require("./environment");
 const feature_flags_1 = require("./feature-flags");
+const repository_1 = require("./repository");
 const uploadLib = __importStar(require("./upload-lib"));
 const util_1 = require("./util");
 const workflow_1 = require("./workflow");
@@ -76,7 +78,9 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
     core.info(`Uploading failed SARIF file ${sarifFile}`);
     const uploadResult = await uploadLib.uploadFromActions(sarifFile, checkoutPath, category, logger, { considerInvalidRequestUserError: false });
     await uploadLib.waitForProcessing(repositoryNwo, uploadResult.sarifID, logger, { isUnsuccessfulExecution: true });
-    return uploadResult?.statusReport ?? {};
+    return uploadResult
+        ? { ...uploadResult.statusReport, sarifID: uploadResult.sarifID }
+        : {};
 }
 async function tryUploadSarifIfRunFailed(config, repositoryNwo, features, logger) {
     if (process.env[environment_1.EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY] !== "true") {
@@ -114,6 +118,9 @@ async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, p
         throw new Error("Expected to upload a failed SARIF file for this CodeQL code scanning run, " +
             `but the result was instead ${error}.`);
     }
+    if (process.env["CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF"] === "true") {
+        await removeUploadedSarif(uploadFailedSarifResult);
+    }
     // Upload appropriate Actions artifacts for debugging
     if (config.debugMode) {
         core.info("Debug mode is on. Uploading available database bundles and logs as Actions debugging artifacts...");
@@ -124,4 +131,57 @@ async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, p
     return uploadFailedSarifResult;
 }
 exports.run = run;
+async function removeUploadedSarif(uploadFailedSarifResult) {
+    const sarifID = uploadFailedSarifResult.sarifID;
+    if (sarifID) {
+        core.startGroup("Deleting failed SARIF upload");
+        core.info(`Uploaded failed SARIF file with ID ${sarifID}. Because this is a test, the analysis associated with it will now be deleted.`);
+        const client = (0, api_client_1.getApiClient)();
+        try {
+            const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
+            // Get the analysis associated with the uploaded sarif
+            const analysisInfo = await client.request("GET /repos/:owner/:repo/code-scanning/analyses?sarif_id=:sarif_id", {
+                owner: repositoryNwo.owner,
+                repo: repositoryNwo.repo,
+                sarif_id: sarifID,
+            });
+            // Delete the analysis.
+            if (analysisInfo.data.length === 1) {
+                const analysis = analysisInfo.data[0];
+                core.info(`Deleting analysis ${analysis.id}`);
+                try {
+                    await client.request("DELETE /repos/:owner/:repo/code-scanning/analyses/:analysis_id?confirm_delete", {
+                        owner: repositoryNwo.owner,
+                        repo: repositoryNwo.repo,
+                        analysis_id: analysis.id,
+                    });
+                }
+                catch (e) {
+                    if (e instanceof Error &&
+                        e.message.includes("No analysis found for analysis ID")) {
+                        core.info(`Analysis ${analysis.id} does not exist. It was likely already deleted.`);
+                    }
+                    else {
+                        throw e;
+                    }
+                }
+            }
+            else {
+                core.warning(`Expected to find exactly one analysis with sarif_id ${sarifID}. Found ${analysisInfo.data.length}.`);
+            }
+            core.endGroup();
+        }
+        catch (e) {
+            // Fail the test if we can't delete the analysis.
+            core.error("Failed to delete uploaded SARIF analysis.");
+            throw e;
+        }
+        finally {
+            core.endGroup();
+        }
+    }
+    else {
+        core.warning("Could not delete uploaded SARIF analysis because no sarifID was returned.");
+    }
+}
 //# sourceMappingURL=init-action-post-helper.js.map

lib/init-action-post-helper.test.js

@@ -341,6 +341,7 @@ async function testFailedSarifUpload(t, actionsWorkflow, { category, databaseExi
     const result = await initActionPostHelper.tryUploadSarifIfRunFailed(config, (0, repository_1.parseRepositoryNwo)("github/codeql-action"), (0, testing_utils_1.createFeatures)(features), (0, logging_1.getRunnerLogger)(true));
     if (expectUpload) {
         t.deepEqual(result, {
+            sarifID: "42",
             raw_upload_size_bytes: 20,
             zipped_upload_size_bytes: 10,
         });