diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 7069a7375..9531dc918 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -95898,26 +95898,11 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo } return payloadObj; } -async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) { - const sarifPaths = getSarifFilePaths( - inputSarifPath, - uploadTarget.sarifPredicate - ); - return uploadSpecifiedFiles( - sarifPaths, - checkoutPath, - category, - features, - logger, - uploadTarget - ); -} -async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) { - logger.startGroup(`Uploading ${uploadTarget.name} results`); +async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category, analysis) { logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); const gitHubVersion = await getGitHubVersion(); let sarif; - category = uploadTarget.fixCategory(logger, category); + category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { const parsedSarif = readSarifFile(sarifPath); @@ -95945,6 +95930,33 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features analysisKey, environment ); + return { sarif, analysisKey, environment }; +} +async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) { + const sarifPaths = getSarifFilePaths( + inputSarifPath, + uploadTarget.sarifPredicate + ); + return uploadSpecifiedFiles( + sarifPaths, + checkoutPath, + category, + features, + logger, + uploadTarget + ); +} +async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) { + logger.startGroup(`Uploading ${uploadTarget.name} results`); + const processingResults = await postProcessSarifFiles( + logger, + features, + checkoutPath, + sarifPaths, + category, + uploadTarget + ); + const sarif = processingResults.sarif; const toolNames = getToolNames(sarif); logger.debug(`Validating that each SARIF run has a unique category`); validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); @@ -95960,13 +95972,13 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features const payload = buildPayload( await getCommitOid(checkoutPath), await getRef(), - analysisKey, + processingResults.analysisKey, getRequiredEnvParam("GITHUB_WORKFLOW"), zippedSarif, getWorkflowRunID(), getWorkflowRunAttempt(), checkoutURI, - environment, + processingResults.environment, toolNames, await determineBaseBranchHeadCommitOid() ); diff --git a/lib/init-action-post.js b/lib/init-action-post.js index bb0b377d3..5bf4bb579 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -133309,26 +133309,11 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo } return payloadObj; } -async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) { - const sarifPaths = getSarifFilePaths( - inputSarifPath, - uploadTarget.sarifPredicate - ); - return uploadSpecifiedFiles( - sarifPaths, - checkoutPath, - category, - features, - logger, - uploadTarget - ); -} -async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) { - logger.startGroup(`Uploading ${uploadTarget.name} results`); +async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category, analysis) { logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); const gitHubVersion = await getGitHubVersion(); let sarif; - category = uploadTarget.fixCategory(logger, category); + category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { const parsedSarif = readSarifFile(sarifPath); @@ -133356,6 +133341,33 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features analysisKey, environment ); + return { sarif, analysisKey, environment }; +} +async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) { + const sarifPaths = getSarifFilePaths( + inputSarifPath, + uploadTarget.sarifPredicate + ); + return uploadSpecifiedFiles( + sarifPaths, + checkoutPath, + category, + features, + logger, + uploadTarget + ); +} +async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) { + logger.startGroup(`Uploading ${uploadTarget.name} results`); + const processingResults = await postProcessSarifFiles( + logger, + features, + checkoutPath, + sarifPaths, + category, + uploadTarget + ); + const sarif = processingResults.sarif; const toolNames = getToolNames(sarif); logger.debug(`Validating that each SARIF run has a unique category`); validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); @@ -133371,13 +133383,13 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features const payload = buildPayload( await getCommitOid(checkoutPath), await getRef(), - analysisKey, + processingResults.analysisKey, getRequiredEnvParam("GITHUB_WORKFLOW"), zippedSarif, getWorkflowRunID(), getWorkflowRunAttempt(), checkoutURI, - environment, + processingResults.environment, toolNames, await determineBaseBranchHeadCommitOid() ); diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 490fabfa8..8c7fa5434 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -84847,6 +84847,7 @@ __export(upload_lib_exports, { getGroupedSarifFilePaths: () => getGroupedSarifFilePaths, getSarifFilePaths: () => getSarifFilePaths, populateRunAutomationDetails: () => populateRunAutomationDetails, + postProcessSarifFiles: () => postProcessSarifFiles, readSarifFile: () => readSarifFile, shouldConsiderConfigurationError: () => shouldConsiderConfigurationError, shouldConsiderInvalidRequest: () => shouldConsiderInvalidRequest, @@ -92712,26 +92713,11 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo } return payloadObj; } -async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) { - const sarifPaths = getSarifFilePaths( - inputSarifPath, - uploadTarget.sarifPredicate - ); - return uploadSpecifiedFiles( - sarifPaths, - checkoutPath, - category, - features, - logger, - uploadTarget - ); -} -async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) { - logger.startGroup(`Uploading ${uploadTarget.name} results`); +async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category, analysis) { logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); const gitHubVersion = await getGitHubVersion(); let sarif; - category = uploadTarget.fixCategory(logger, category); + category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { const parsedSarif = readSarifFile(sarifPath); @@ -92759,6 +92745,33 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features analysisKey, environment ); + return { sarif, analysisKey, environment }; +} +async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) { + const sarifPaths = getSarifFilePaths( + inputSarifPath, + uploadTarget.sarifPredicate + ); + return uploadSpecifiedFiles( + sarifPaths, + checkoutPath, + category, + features, + logger, + uploadTarget + ); +} +async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) { + logger.startGroup(`Uploading ${uploadTarget.name} results`); + const processingResults = await postProcessSarifFiles( + logger, + features, + checkoutPath, + sarifPaths, + category, + uploadTarget + ); + const sarif = processingResults.sarif; const toolNames = getToolNames(sarif); logger.debug(`Validating that each SARIF run has a unique category`); validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); @@ -92774,13 +92787,13 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features const payload = buildPayload( await getCommitOid(checkoutPath), await getRef(), - analysisKey, + processingResults.analysisKey, getRequiredEnvParam("GITHUB_WORKFLOW"), zippedSarif, getWorkflowRunID(), getWorkflowRunAttempt(), checkoutURI, - environment, + processingResults.environment, toolNames, await determineBaseBranchHeadCommitOid() ); @@ -92980,6 +92993,7 @@ function filterAlertsByDiffRange(logger, sarif) { getGroupedSarifFilePaths, getSarifFilePaths, populateRunAutomationDetails, + postProcessSarifFiles, readSarifFile, shouldConsiderConfigurationError, shouldConsiderInvalidRequest, diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 73391b6be..128721983 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -93368,12 +93368,11 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo } return payloadObj; } -async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) { - logger.startGroup(`Uploading ${uploadTarget.name} results`); +async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category, analysis) { logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); const gitHubVersion = await getGitHubVersion(); let sarif; - category = uploadTarget.fixCategory(logger, category); + category = analysis.fixCategory(logger, category); if (sarifPaths.length > 1) { for (const sarifPath of sarifPaths) { const parsedSarif = readSarifFile(sarifPath); @@ -93401,6 +93400,19 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features analysisKey, environment ); + return { sarif, analysisKey, environment }; +} +async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) { + logger.startGroup(`Uploading ${uploadTarget.name} results`); + const processingResults = await postProcessSarifFiles( + logger, + features, + checkoutPath, + sarifPaths, + category, + uploadTarget + ); + const sarif = processingResults.sarif; const toolNames = getToolNames(sarif); logger.debug(`Validating that each SARIF run has a unique category`); validateUniqueCategory(sarif, uploadTarget.sentinelPrefix); @@ -93416,13 +93428,13 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features const payload = buildPayload( await getCommitOid(checkoutPath), await getRef(), - analysisKey, + processingResults.analysisKey, getRequiredEnvParam("GITHUB_WORKFLOW"), zippedSarif, getWorkflowRunID(), getWorkflowRunAttempt(), checkoutURI, - environment, + processingResults.environment, toolNames, await determineBaseBranchHeadCommitOid() ); diff --git a/src/upload-lib.ts b/src/upload-lib.ts index b765cd397..0b553157e 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -688,6 +688,77 @@ export function buildPayload( return payloadObj; } +export interface PostProcessingResults { + sarif: util.SarifFile; + analysisKey: string; + environment: string; +} + +/** + * Performs post-processing of the SARIF files given by `sarifPaths`. + * + * @param logger The logger to use. + * @param features Information about enabled features. + * @param checkoutPath The path where the repo was checked out at. + * @param sarifPaths The paths of the SARIF files to post-process. + * @param category The analysis category. + * @param analysis The analysis configuration. + * + * @returns Returns the results of post-processing the SARIF files, + * including the resulting SARIF file. + */ +export async function postProcessSarifFiles( + logger: Logger, + features: FeatureEnablement, + checkoutPath: string, + sarifPaths: string[], + category: string | undefined, + analysis: analyses.AnalysisConfig, +): Promise { + logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); + + const gitHubVersion = await getGitHubVersion(); + + let sarif: SarifFile; + category = analysis.fixCategory(logger, category); + + if (sarifPaths.length > 1) { + // Validate that the files we were asked to upload are all valid SARIF files + for (const sarifPath of sarifPaths) { + const parsedSarif = readSarifFile(sarifPath); + validateSarifFileSchema(parsedSarif, sarifPath, logger); + } + + sarif = await combineSarifFilesUsingCLI( + sarifPaths, + gitHubVersion, + features, + logger, + ); + } else { + const sarifPath = sarifPaths[0]; + sarif = readSarifFile(sarifPath); + validateSarifFileSchema(sarif, sarifPath, logger); + + // Validate that there are no runs for the same category + await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); + } + + sarif = filterAlertsByDiffRange(logger, sarif); + sarif = await fingerprints.addFingerprints(sarif, checkoutPath, logger); + + const analysisKey = await api.getAnalysisKey(); + const environment = actionsUtil.getRequiredInput("matrix"); + sarif = populateRunAutomationDetails( + sarif, + category, + analysisKey, + environment, + ); + + return { sarif, analysisKey, environment }; +} + /** * Uploads a single SARIF file or a directory of SARIF files depending on what `inputSarifPath` refers * to. @@ -727,46 +798,16 @@ export async function uploadSpecifiedFiles( uploadTarget: analyses.AnalysisConfig, ): Promise { logger.startGroup(`Uploading ${uploadTarget.name} results`); - logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`); - const gitHubVersion = await getGitHubVersion(); - - let sarif: SarifFile; - category = uploadTarget.fixCategory(logger, category); - - if (sarifPaths.length > 1) { - // Validate that the files we were asked to upload are all valid SARIF files - for (const sarifPath of sarifPaths) { - const parsedSarif = readSarifFile(sarifPath); - validateSarifFileSchema(parsedSarif, sarifPath, logger); - } - - sarif = await combineSarifFilesUsingCLI( - sarifPaths, - gitHubVersion, - features, - logger, - ); - } else { - const sarifPath = sarifPaths[0]; - sarif = readSarifFile(sarifPath); - validateSarifFileSchema(sarif, sarifPath, logger); - - // Validate that there are no runs for the same category - await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion); - } - - sarif = filterAlertsByDiffRange(logger, sarif); - sarif = await fingerprints.addFingerprints(sarif, checkoutPath, logger); - - const analysisKey = await api.getAnalysisKey(); - const environment = actionsUtil.getRequiredInput("matrix"); - sarif = populateRunAutomationDetails( - sarif, + const processingResults: PostProcessingResults = await postProcessSarifFiles( + logger, + features, + checkoutPath, + sarifPaths, category, - analysisKey, - environment, + uploadTarget, ); + const sarif = processingResults.sarif; const toolNames = util.getToolNames(sarif); @@ -787,13 +828,13 @@ export async function uploadSpecifiedFiles( const payload = buildPayload( await gitUtils.getCommitOid(checkoutPath), await gitUtils.getRef(), - analysisKey, + processingResults.analysisKey, util.getRequiredEnvParam("GITHUB_WORKFLOW"), zippedSarif, actionsUtil.getWorkflowRunID(), actionsUtil.getWorkflowRunAttempt(), checkoutURI, - environment, + processingResults.environment, toolNames, await gitUtils.determineBaseBranchHeadCommitOid(), );