Remove support for combining SARIF runs with non-unique categories

lib/feature-flags.js

@@ -61,6 +61,7 @@ var Feature;
     Feature["CppBuildModeNone"] = "cpp_build_mode_none";
     Feature["CppDependencyInstallation"] = "cpp_dependency_installation_enabled";
     Feature["DiffInformedQueries"] = "diff_informed_queries";
+    Feature["DisableCombineSarifFiles"] = "disable_combine_sarif_files";
     Feature["DisableCsharpBuildless"] = "disable_csharp_buildless";
     Feature["DisableJavaBuildlessEnabled"] = "disable_java_buildless_enabled";
     Feature["DisableKotlinAnalysisEnabled"] = "disable_kotlin_analysis_enabled";
@@ -98,6 +99,11 @@ exports.featureConfig = {
         envVar: "CODEQL_ACTION_DIFF_INFORMED_QUERIES",
         minimumVersion: "2.21.0",
     },
+    [Feature.DisableCombineSarifFiles]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_DISABLE_COMBINE_SARIF_FILES",
+        minimumVersion: undefined,
+    },
     [Feature.DisableCsharpBuildless]: {
         defaultValue: false,
         envVar: "CODEQL_ACTION_DISABLE_CSHARP_BUILDLESS",

lib/upload-lib.js

@@ -38,6 +38,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.InvalidSarifUploadError = void 0;
 exports.shouldShowCombineSarifFilesDeprecationWarning = shouldShowCombineSarifFilesDeprecationWarning;
+exports.throwIfCombineSarifFilesDisabled = throwIfCombineSarifFilesDisabled;
 exports.populateRunAutomationDetails = populateRunAutomationDetails;
 exports.findSarifFilesInDir = findSarifFilesInDir;
 exports.readSarifFile = readSarifFile;
@@ -63,6 +64,7 @@ const codeql_1 = require("./codeql");
 const config_utils_1 = require("./config-utils");
 const diff_informed_analysis_utils_1 = require("./diff-informed-analysis-utils");
 const environment_1 = require("./environment");
+const feature_flags_1 = require("./feature-flags");
 const fingerprints = __importStar(require("./fingerprints"));
 const gitUtils = __importStar(require("./git-utils"));
 const init_1 = require("./init");
@@ -144,6 +146,27 @@ async function shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, githu
     return (!areAllRunsUnique(sarifObjects) &&
         !process.env.CODEQL_MERGE_SARIF_DEPRECATION_WARNING);
 }
+async function throwIfCombineSarifFilesDisabled(sarifObjects, features, githubVersion) {
+    if (!(await shouldDisableCombineSarifFiles(sarifObjects, features, githubVersion))) {
+        return;
+    }
+    // TODO: Update this changelog URL to the correct one when it's published.
+    const deprecationMoreInformationMessage = "For more information, see https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload";
+    throw new util_1.ConfigurationError(`The CodeQL Action does not support uploading multiple SARIF runs with the same category. Please update your workflow to upload a single run per category. ${deprecationMoreInformationMessage}`);
+}
+// Checks whether combining SARIF files should be disabled.
+async function shouldDisableCombineSarifFiles(sarifObjects, features, githubVersion) {
+    // Never block on GHES versions before 3.18.0
+    if (githubVersion.type === util_1.GitHubVariant.GHES &&
+        semver.lt(githubVersion.version, "3.18.0")) {
+        return false;
+    }
+    if (areAllRunsUnique(sarifObjects)) {
+        // If all runs are unique, we can safely combine them.
+        return false;
+    }
+    return features.getValue(feature_flags_1.Feature.DisableCombineSarifFiles);
+}
 // Takes a list of paths to sarif files and combines them together using the
 // CLI `github merge-results` command when all SARIF files are produced by
 // CodeQL. Otherwise, it will fall back to combining the files in the action.
@@ -158,9 +181,10 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo
     });
     const deprecationWarningMessage = gitHubVersion.type === util_1.GitHubVariant.GHES
         ? "and will be removed in GitHub Enterprise Server 3.18"
-        : "and will be removed on June 4, 2025";
+        : "and will be removed in July 2025";
     const deprecationMoreInformationMessage = "For more information, see https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-from-a-single-upload";
     if (!areAllRunsProducedByCodeQL(sarifObjects)) {
+        await throwIfCombineSarifFilesDisabled(sarifObjects, features, gitHubVersion);
         logger.debug("Not all SARIF files were produced by CodeQL. Merging files in the action.");
         if (await shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, gitHubVersion)) {
             logger.warning(`Uploading multiple SARIF runs with the same category is deprecated ${deprecationWarningMessage}. Please update your workflow to upload a single run per category. ${deprecationMoreInformationMessage}`);
@@ -192,6 +216,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo
         codeQL = initCodeQLResult.codeql;
     }
     if (!(await codeQL.supportsFeature(tools_features_1.ToolsFeature.SarifMergeRunsFromEqualCategory))) {
+        await throwIfCombineSarifFilesDisabled(sarifObjects, features, gitHubVersion);
         logger.warning("The CodeQL CLI does not support merging SARIF files. Merging files in the action.");
         if (await shouldShowCombineSarifFilesDeprecationWarning(sarifObjects, gitHubVersion)) {
             logger.warning(`Uploading multiple CodeQL runs with the same category is deprecated ${deprecationWarningMessage} for CodeQL CLI 2.16.6 and earlier. Please update your CodeQL CLI version or update your workflow to set a distinct category for each CodeQL run. ${deprecationMoreInformationMessage}`);

lib/upload-lib.test.js

@@ -39,6 +39,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const ava_1 = __importDefault(require("ava"));
+const feature_flags_1 = require("./feature-flags");
 const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
 const uploadLib = __importStar(require("./upload-lib"));
@@ -244,6 +245,49 @@ ava_1.default.beforeEach(() => {
         type: util_1.GitHubVariant.DOTCOM,
     }));
 });
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on dotcom with feature flag", async (t) => {
+    await t.throwsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableCombineSarifFiles]), {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on dotcom without feature flag", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([]), {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on GHES 3.13", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableCombineSarifFiles]), {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.13.2",
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on GHES 3.14", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableCombineSarifFiles]), {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.14.0",
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled when on GHES 3.18", async (t) => {
+    await t.throwsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableCombineSarifFiles]), {
+        type: util_1.GitHubVariant.GHES,
+        version: "3.18.0",
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled with only 1 run", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableCombineSarifFiles]), {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled with distinct categories", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "def"), createMockSarif("def", "def")], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableCombineSarifFiles]), {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
+(0, ava_1.default)("throwIfCombineSarifFilesDisabled with distinct tools", async (t) => {
+    await t.notThrowsAsync(uploadLib.throwIfCombineSarifFilesDisabled([createMockSarif("abc", "abc"), createMockSarif("abc", "def")], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableCombineSarifFiles]), {
+        type: util_1.GitHubVariant.DOTCOM,
+    }));
+});
 (0, ava_1.default)("shouldConsiderConfigurationError correctly detects configuration errors", (t) => {
     const error1 = [
         "CodeQL analyses from advanced configurations cannot be processed when the default setup is enabled",