Always merge SARIF files in analyze action

lib/analyze-action.js

@@ -183,6 +183,16 @@ async function run() {
         }
         else {
             logger.info("Not uploading results");
+            // TODO: Do not merge this code
+            const sarifFiles = uploadLib.getSarifFilePaths(outputDir);
+            // Merge the SARIF files into a single file. This will tell us whether the
+            // merge works.
+            const sarif = (await features.getValue(feature_flags_1.Feature.CliSarifMerge))
+                ? await uploadLib.combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, logger)
+                : uploadLib.combineSarifFiles(sarifFiles);
+            // Write the combined SARIF file to disk
+            fs.writeFileSync(path_1.default.join(outputDir, "combined-sarif.sarif"), JSON.stringify(sarif, null, 2), "utf-8");
+            logger.info(`Combined SARIF file written to ${path_1.default.join(outputDir, "combined-sarif.sarif")} with ${sarif.runs.length} runs`);
         }
         // Possibly upload the database bundles for remote queries
         await (0, database_upload_1.uploadDatabases)(repositoryNwo, config, apiDetails, logger);

lib/upload-lib.js

@@ -26,7 +26,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.InvalidSarifUploadError = exports.validateUniqueCategory = exports.waitForProcessing = exports.buildPayload = exports.validateSarifFileSchema = exports.uploadFromActions = exports.findSarifFilesInDir = exports.populateRunAutomationDetails = void 0;
+exports.InvalidSarifUploadError = exports.validateUniqueCategory = exports.waitForProcessing = exports.buildPayload = exports.validateSarifFileSchema = exports.getSarifFilePaths = exports.uploadFromActions = exports.findSarifFilesInDir = exports.populateRunAutomationDetails = exports.combineSarifFilesUsingCLI = exports.combineSarifFiles = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const zlib_1 = __importDefault(require("zlib"));
@@ -69,6 +69,7 @@ function combineSarifFiles(sarifFiles) {
     }
     return combinedSarif;
 }
+exports.combineSarifFiles = combineSarifFiles;
 /**
  * Checks whether all the runs in the given SARIF files were produced by CodeQL.
  * @param sarifFiles The list of SARIF files to check.
@@ -127,6 +128,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo
     });
     return JSON.parse(fs.readFileSync(outputFile, "utf8"));
 }
+exports.combineSarifFilesUsingCLI = combineSarifFilesUsingCLI;
 // Populates the run.automationDetails.id field using the analysis_key and environment
 // and return an updated sarif file contents.
 function populateRunAutomationDetails(sarif, category, analysis_key, environment) {
@@ -237,6 +239,7 @@ function getSarifFilePaths(sarifPath) {
     }
     return sarifFiles;
 }
+exports.getSarifFilePaths = getSarifFilePaths;
 // Counts the number of results in the given SARIF file
 function countResultsInSarif(sarif) {
     let numResults = 0;

src/analyze-action.ts

@@ -20,7 +20,7 @@ import { getCodeQL } from "./codeql";
 import { Config, getConfig } from "./config-utils";
 import { uploadDatabases } from "./database-upload";
 import { EnvVar } from "./environment";
-import { Features } from "./feature-flags";
+import { Feature, Features } from "./feature-flags";
 import { Language } from "./languages";
 import { getActionsLogger, Logger } from "./logging";
 import { parseRepositoryNwo } from "./repository";
@@ -291,6 +291,35 @@ async function run() {
       core.setOutput("sarif-id", uploadResult.sarifID);
     } else {
       logger.info("Not uploading results");
+
+      // TODO: Do not merge this code
+
+      const sarifFiles = uploadLib.getSarifFilePaths(outputDir);
+
+      // Merge the SARIF files into a single file. This will tell us whether the
+      // merge works.
+      const sarif = (await features.getValue(Feature.CliSarifMerge))
+        ? await uploadLib.combineSarifFilesUsingCLI(
+            sarifFiles,
+            gitHubVersion,
+            features,
+            logger,
+          )
+        : uploadLib.combineSarifFiles(sarifFiles);
+
+      // Write the combined SARIF file to disk
+      fs.writeFileSync(
+        path.join(outputDir, "combined-sarif.sarif"),
+        JSON.stringify(sarif, null, 2),
+        "utf-8",
+      );
+
+      logger.info(
+        `Combined SARIF file written to ${path.join(
+          outputDir,
+          "combined-sarif.sarif",
+        )} with ${sarif.runs.length} runs`,
+      );
     }
 
     // Possibly upload the database bundles for remote queries

src/upload-lib.ts

@@ -36,7 +36,7 @@ const GENERIC_404_MSG =
 
 // Takes a list of paths to sarif files and combines them together,
 // returning the contents of the combined sarif file.
-function combineSarifFiles(sarifFiles: string[]): SarifFile {
+export function combineSarifFiles(sarifFiles: string[]): SarifFile {
   const combinedSarif: SarifFile = {
     version: null,
     runs: [],
@@ -81,7 +81,7 @@ function areAllRunsProducedByCodeQL(sarifFiles: string[]): boolean {
 // CLI `github merge-results` command when all SARIF files are produced by
 // CodeQL. Otherwise, it will fall back to combining the files in the action.
 // Returns the contents of the combined sarif file.
-async function combineSarifFilesUsingCLI(
+export async function combineSarifFilesUsingCLI(
   sarifFiles: string[],
   gitHubVersion: GitHubVersion,
   features: Features,
@@ -315,7 +315,7 @@ export async function uploadFromActions(
   );
 }
 
-function getSarifFilePaths(sarifPath: string) {
+export function getSarifFilePaths(sarifPath: string) {
   if (!fs.existsSync(sarifPath)) {
     throw new InvalidSarifUploadError(`Path does not exist: ${sarifPath}`);
   }