Split SARIF post-processing steps from uploadSpecifiedFiles into a function

2025-12-21 23:00:14 +08:00 · 2025-10-13 11:28:17 +01:00
parent 42642085de
commit 489ed914f1
5 changed files with 192 additions and 101 deletions
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@@ -95898,26 +95898,11 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
  }
  return payloadObj;
 }
-async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) {
-  const sarifPaths = getSarifFilePaths(
-    inputSarifPath,
-    uploadTarget.sarifPredicate
-  );
-  return uploadSpecifiedFiles(
-    sarifPaths,
-    checkoutPath,
-    category,
-    features,
-    logger,
-    uploadTarget
-  );
-}
-async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) {
-  logger.startGroup(`Uploading ${uploadTarget.name} results`);
+async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category, analysis) {
  logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);
  const gitHubVersion = await getGitHubVersion();
  let sarif;
-  category = uploadTarget.fixCategory(logger, category);
+  category = analysis.fixCategory(logger, category);
  if (sarifPaths.length > 1) {
    for (const sarifPath of sarifPaths) {
      const parsedSarif = readSarifFile(sarifPath);
@@ -95945,6 +95930,33 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features
    analysisKey,
    environment
  );
+  return { sarif, analysisKey, environment };
+}
+async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) {
+  const sarifPaths = getSarifFilePaths(
+    inputSarifPath,
+    uploadTarget.sarifPredicate
+  );
+  return uploadSpecifiedFiles(
+    sarifPaths,
+    checkoutPath,
+    category,
+    features,
+    logger,
+    uploadTarget
+  );
+}
+async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) {
+  logger.startGroup(`Uploading ${uploadTarget.name} results`);
+  const processingResults = await postProcessSarifFiles(
+    logger,
+    features,
+    checkoutPath,
+    sarifPaths,
+    category,
+    uploadTarget
+  );
+  const sarif = processingResults.sarif;
  const toolNames = getToolNames(sarif);
  logger.debug(`Validating that each SARIF run has a unique category`);
  validateUniqueCategory(sarif, uploadTarget.sentinelPrefix);
@@ -95960,13 +95972,13 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features
  const payload = buildPayload(
    await getCommitOid(checkoutPath),
    await getRef(),
-    analysisKey,
+    processingResults.analysisKey,
    getRequiredEnvParam("GITHUB_WORKFLOW"),
    zippedSarif,
    getWorkflowRunID(),
    getWorkflowRunAttempt(),
    checkoutURI,
-    environment,
+    processingResults.environment,
    toolNames,
    await determineBaseBranchHeadCommitOid()
  );
--- a/lib/init-action-post.js
+++ b/lib/init-action-post.js
@@ -133309,26 +133309,11 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
  }
  return payloadObj;
 }
-async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) {
-  const sarifPaths = getSarifFilePaths(
-    inputSarifPath,
-    uploadTarget.sarifPredicate
-  );
-  return uploadSpecifiedFiles(
-    sarifPaths,
-    checkoutPath,
-    category,
-    features,
-    logger,
-    uploadTarget
-  );
-}
-async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) {
-  logger.startGroup(`Uploading ${uploadTarget.name} results`);
+async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category, analysis) {
  logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);
  const gitHubVersion = await getGitHubVersion();
  let sarif;
-  category = uploadTarget.fixCategory(logger, category);
+  category = analysis.fixCategory(logger, category);
  if (sarifPaths.length > 1) {
    for (const sarifPath of sarifPaths) {
      const parsedSarif = readSarifFile(sarifPath);
@@ -133356,6 +133341,33 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features
    analysisKey,
    environment
  );
+  return { sarif, analysisKey, environment };
+}
+async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) {
+  const sarifPaths = getSarifFilePaths(
+    inputSarifPath,
+    uploadTarget.sarifPredicate
+  );
+  return uploadSpecifiedFiles(
+    sarifPaths,
+    checkoutPath,
+    category,
+    features,
+    logger,
+    uploadTarget
+  );
+}
+async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) {
+  logger.startGroup(`Uploading ${uploadTarget.name} results`);
+  const processingResults = await postProcessSarifFiles(
+    logger,
+    features,
+    checkoutPath,
+    sarifPaths,
+    category,
+    uploadTarget
+  );
+  const sarif = processingResults.sarif;
  const toolNames = getToolNames(sarif);
  logger.debug(`Validating that each SARIF run has a unique category`);
  validateUniqueCategory(sarif, uploadTarget.sentinelPrefix);
@@ -133371,13 +133383,13 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features
  const payload = buildPayload(
    await getCommitOid(checkoutPath),
    await getRef(),
-    analysisKey,
+    processingResults.analysisKey,
    getRequiredEnvParam("GITHUB_WORKFLOW"),
    zippedSarif,
    getWorkflowRunID(),
    getWorkflowRunAttempt(),
    checkoutURI,
-    environment,
+    processingResults.environment,
    toolNames,
    await determineBaseBranchHeadCommitOid()
  );
--- a/lib/upload-lib.js
+++ b/lib/upload-lib.js
@@ -84847,6 +84847,7 @@ __export(upload_lib_exports, {
  getGroupedSarifFilePaths: () => getGroupedSarifFilePaths,
  getSarifFilePaths: () => getSarifFilePaths,
  populateRunAutomationDetails: () => populateRunAutomationDetails,
+  postProcessSarifFiles: () => postProcessSarifFiles,
  readSarifFile: () => readSarifFile,
  shouldConsiderConfigurationError: () => shouldConsiderConfigurationError,
  shouldConsiderInvalidRequest: () => shouldConsiderInvalidRequest,
@@ -92712,26 +92713,11 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
  }
  return payloadObj;
 }
-async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) {
-  const sarifPaths = getSarifFilePaths(
-    inputSarifPath,
-    uploadTarget.sarifPredicate
-  );
-  return uploadSpecifiedFiles(
-    sarifPaths,
-    checkoutPath,
-    category,
-    features,
-    logger,
-    uploadTarget
-  );
-}
-async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) {
-  logger.startGroup(`Uploading ${uploadTarget.name} results`);
+async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category, analysis) {
  logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);
  const gitHubVersion = await getGitHubVersion();
  let sarif;
-  category = uploadTarget.fixCategory(logger, category);
+  category = analysis.fixCategory(logger, category);
  if (sarifPaths.length > 1) {
    for (const sarifPath of sarifPaths) {
      const parsedSarif = readSarifFile(sarifPath);
@@ -92759,6 +92745,33 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features
    analysisKey,
    environment
  );
+  return { sarif, analysisKey, environment };
+}
+async function uploadFiles(inputSarifPath, checkoutPath, category, features, logger, uploadTarget) {
+  const sarifPaths = getSarifFilePaths(
+    inputSarifPath,
+    uploadTarget.sarifPredicate
+  );
+  return uploadSpecifiedFiles(
+    sarifPaths,
+    checkoutPath,
+    category,
+    features,
+    logger,
+    uploadTarget
+  );
+}
+async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) {
+  logger.startGroup(`Uploading ${uploadTarget.name} results`);
+  const processingResults = await postProcessSarifFiles(
+    logger,
+    features,
+    checkoutPath,
+    sarifPaths,
+    category,
+    uploadTarget
+  );
+  const sarif = processingResults.sarif;
  const toolNames = getToolNames(sarif);
  logger.debug(`Validating that each SARIF run has a unique category`);
  validateUniqueCategory(sarif, uploadTarget.sentinelPrefix);
@@ -92774,13 +92787,13 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features
  const payload = buildPayload(
    await getCommitOid(checkoutPath),
    await getRef(),
-    analysisKey,
+    processingResults.analysisKey,
    getRequiredEnvParam("GITHUB_WORKFLOW"),
    zippedSarif,
    getWorkflowRunID(),
    getWorkflowRunAttempt(),
    checkoutURI,
-    environment,
+    processingResults.environment,
    toolNames,
    await determineBaseBranchHeadCommitOid()
  );
@@ -92980,6 +92993,7 @@ function filterAlertsByDiffRange(logger, sarif) {
  getGroupedSarifFilePaths,
  getSarifFilePaths,
  populateRunAutomationDetails,
+  postProcessSarifFiles,
  readSarifFile,
  shouldConsiderConfigurationError,
  shouldConsiderInvalidRequest,
--- a/lib/upload-sarif-action.js
+++ b/lib/upload-sarif-action.js
@@ -93368,12 +93368,11 @@ function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, wo
  }
  return payloadObj;
 }
-async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) {
-  logger.startGroup(`Uploading ${uploadTarget.name} results`);
+async function postProcessSarifFiles(logger, features, checkoutPath, sarifPaths, category, analysis) {
  logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);
  const gitHubVersion = await getGitHubVersion();
  let sarif;
-  category = uploadTarget.fixCategory(logger, category);
+  category = analysis.fixCategory(logger, category);
  if (sarifPaths.length > 1) {
    for (const sarifPath of sarifPaths) {
      const parsedSarif = readSarifFile(sarifPath);
@@ -93401,6 +93400,19 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features
    analysisKey,
    environment
  );
+  return { sarif, analysisKey, environment };
+}
+async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features, logger, uploadTarget) {
+  logger.startGroup(`Uploading ${uploadTarget.name} results`);
+  const processingResults = await postProcessSarifFiles(
+    logger,
+    features,
+    checkoutPath,
+    sarifPaths,
+    category,
+    uploadTarget
+  );
+  const sarif = processingResults.sarif;
  const toolNames = getToolNames(sarif);
  logger.debug(`Validating that each SARIF run has a unique category`);
  validateUniqueCategory(sarif, uploadTarget.sentinelPrefix);
@@ -93416,13 +93428,13 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features
  const payload = buildPayload(
    await getCommitOid(checkoutPath),
    await getRef(),
-    analysisKey,
+    processingResults.analysisKey,
    getRequiredEnvParam("GITHUB_WORKFLOW"),
    zippedSarif,
    getWorkflowRunID(),
    getWorkflowRunAttempt(),
    checkoutURI,
-    environment,
+    processingResults.environment,
    toolNames,
    await determineBaseBranchHeadCommitOid()
  );
--- a/src/upload-lib.ts
+++ b/src/upload-lib.ts
@@ -688,6 +688,77 @@ export function buildPayload(
  return payloadObj;
 }

+export interface PostProcessingResults {
+  sarif: util.SarifFile;
+  analysisKey: string;
+  environment: string;
+}
+
+/**
+ * Performs post-processing of the SARIF files given by `sarifPaths`.
+ *
+ * @param logger The logger to use.
+ * @param features Information about enabled features.
+ * @param checkoutPath The path where the repo was checked out at.
+ * @param sarifPaths The paths of the SARIF files to post-process.
+ * @param category The analysis category.
+ * @param analysis The analysis configuration.
+ *
+ * @returns Returns the results of post-processing the SARIF files,
+ *          including the resulting SARIF file.
+ */
+export async function postProcessSarifFiles(
+  logger: Logger,
+  features: FeatureEnablement,
+  checkoutPath: string,
+  sarifPaths: string[],
+  category: string | undefined,
+  analysis: analyses.AnalysisConfig,
+): Promise<PostProcessingResults> {
+  logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);
+
+  const gitHubVersion = await getGitHubVersion();
+
+  let sarif: SarifFile;
+  category = analysis.fixCategory(logger, category);
+
+  if (sarifPaths.length > 1) {
+    // Validate that the files we were asked to upload are all valid SARIF files
+    for (const sarifPath of sarifPaths) {
+      const parsedSarif = readSarifFile(sarifPath);
+      validateSarifFileSchema(parsedSarif, sarifPath, logger);
+    }
+
+    sarif = await combineSarifFilesUsingCLI(
+      sarifPaths,
+      gitHubVersion,
+      features,
+      logger,
+    );
+  } else {
+    const sarifPath = sarifPaths[0];
+    sarif = readSarifFile(sarifPath);
+    validateSarifFileSchema(sarif, sarifPath, logger);
+
+    // Validate that there are no runs for the same category
+    await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion);
+  }
+
+  sarif = filterAlertsByDiffRange(logger, sarif);
+  sarif = await fingerprints.addFingerprints(sarif, checkoutPath, logger);
+
+  const analysisKey = await api.getAnalysisKey();
+  const environment = actionsUtil.getRequiredInput("matrix");
+  sarif = populateRunAutomationDetails(
+    sarif,
+    category,
+    analysisKey,
+    environment,
+  );
+
+  return { sarif, analysisKey, environment };
+}
+
 /**
 * Uploads a single SARIF file or a directory of SARIF files depending on what `inputSarifPath` refers
 * to.
@@ -727,46 +798,16 @@ export async function uploadSpecifiedFiles(
  uploadTarget: analyses.AnalysisConfig,
 ): Promise<UploadResult> {
  logger.startGroup(`Uploading ${uploadTarget.name} results`);
-  logger.info(`Processing sarif files: ${JSON.stringify(sarifPaths)}`);

-  const gitHubVersion = await getGitHubVersion();
-
-  let sarif: SarifFile;
-  category = uploadTarget.fixCategory(logger, category);
-
-  if (sarifPaths.length > 1) {
-    // Validate that the files we were asked to upload are all valid SARIF files
-    for (const sarifPath of sarifPaths) {
-      const parsedSarif = readSarifFile(sarifPath);
-      validateSarifFileSchema(parsedSarif, sarifPath, logger);
-    }
-
-    sarif = await combineSarifFilesUsingCLI(
-      sarifPaths,
-      gitHubVersion,
-      features,
+  const processingResults: PostProcessingResults = await postProcessSarifFiles(
    logger,
-    );
-  } else {
-    const sarifPath = sarifPaths[0];
-    sarif = readSarifFile(sarifPath);
-    validateSarifFileSchema(sarif, sarifPath, logger);
-
-    // Validate that there are no runs for the same category
-    await throwIfCombineSarifFilesDisabled([sarif], gitHubVersion);
-  }
-
-  sarif = filterAlertsByDiffRange(logger, sarif);
-  sarif = await fingerprints.addFingerprints(sarif, checkoutPath, logger);
-
-  const analysisKey = await api.getAnalysisKey();
-  const environment = actionsUtil.getRequiredInput("matrix");
-  sarif = populateRunAutomationDetails(
-    sarif,
+    features,
+    checkoutPath,
+    sarifPaths,
    category,
-    analysisKey,
-    environment,
+    uploadTarget,
  );
+  const sarif = processingResults.sarif;

  const toolNames = util.getToolNames(sarif);

@@ -787,13 +828,13 @@ export async function uploadSpecifiedFiles(
  const payload = buildPayload(
    await gitUtils.getCommitOid(checkoutPath),
    await gitUtils.getRef(),
-    analysisKey,
+    processingResults.analysisKey,
    util.getRequiredEnvParam("GITHUB_WORKFLOW"),
    zippedSarif,
    actionsUtil.getWorkflowRunID(),
    actionsUtil.getWorkflowRunAttempt(),
    checkoutURI,
-    environment,
+    processingResults.environment,
    toolNames,
    await gitUtils.determineBaseBranchHeadCommitOid(),
  );