Add category input

analyze/action.yml

@@ -27,6 +27,9 @@ inputs:
     description: "The path at which the analyzed repository was checked out. Used to relativize any absolute paths in the uploaded SARIF file."
     required: false
     default: ${{ github.workspace }}
+  category:
+    description: String used by Code Scanning for matching the analyses
+    required: false
   token:
     default: ${{ github.token }}
   matrix:

lib/upload-lib.js

@@ -46,10 +46,33 @@ function combineSarifFiles(sarifFiles) {
 exports.combineSarifFiles = combineSarifFiles;
 // Populates the run.automationDetails.id field using the analysis_key and environment
 // and return an updated sarif file contents.
-function populateRunAutomationDetails(sarifContents, analysis_key, environment) {
+function populateRunAutomationDetails(sarifContents, category, analysis_key, environment) {
     if (analysis_key === undefined) {
         return sarifContents;
     }
+    const automationID = getAutomationID(category, analysis_key, environment);
+    const sarif = JSON.parse(sarifContents);
+    for (const run of sarif.runs || []) {
+        if (run.automationDetails === undefined) {
+            run.automationDetails = {
+                id: automationID,
+            };
+        }
+    }
+    return JSON.stringify(sarif);
+}
+exports.populateRunAutomationDetails = populateRunAutomationDetails;
+function getAutomationID(category, analysis_key, environment) {
+    if (category !== undefined) {
+        let automationID = category;
+        if (!automationID.endsWith("/")) {
+            automationID += "/";
+        }
+        return automationID;
+    }
+    return computeAutomationID(analysis_key, environment);
+}
+function computeAutomationID(analysis_key, environment) {
     let automationID = `${analysis_key}/`;
     // the id has to be deterministic so we sort the fields
     if (environment !== undefined && environment !== "null") {
@@ -65,17 +88,8 @@ function populateRunAutomationDetails(sarifContents, analysis_key, environment)
             }
         }
     }
-    const sarif = JSON.parse(sarifContents);
+    return automationID;
-    for (const run of sarif.runs || []) {
-        if (run.automationDetails === undefined) {
-            run.automationDetails = {
-                id: automationID,
-            };
-        }
-    }
-    return JSON.stringify(sarif);
 }
-exports.populateRunAutomationDetails = populateRunAutomationDetails;
 // Upload the given payload.
 // If the request fails then this will retry a small number of times.
 async function uploadPayload(payload, repositoryNwo, apiDetails, mode, logger) {
@@ -247,7 +261,7 @@ async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKe
     }
     let sarifPayload = combineSarifFiles(sarifFiles);
     sarifPayload = fingerprints.addFingerprints(sarifPayload, checkoutPath, logger);
-    sarifPayload = populateRunAutomationDetails(sarifPayload, analysisKey, environment);
+    sarifPayload = populateRunAutomationDetails(sarifPayload, actionsUtil.getOptionalInput("category"), analysisKey, environment);
     const zippedSarif = zlib_1.default.gzipSync(sarifPayload).toString("base64");
     const checkoutURI = file_url_1.default(checkoutPath);
     const toolNames = util.getToolNames(sarifPayload);

lib/upload-lib.test.js

@@ -85,26 +85,34 @@ ava_1.default("finding SARIF files", async (t) => {
 ava_1.default("populateRunAutomationDetails", (t) => {
     let sarif = '{"runs": [{}]}';
     const analysisKey = ".github/workflows/codeql-analysis.yml:analyze";
-    let expectedSarif = '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/"}}]}';
+    let expectedSarif = '{"runs":[{"automationDetails":{"id":"language:javascript/os:linux/"}}]}';
-    let modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, analysisKey, '{"language": "javascript", "os": "linux"}');
+    // Category has priority over analysis_key/environment
+    let modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, "language:javascript/os:linux", analysisKey, '{"language": "other", "os": "other"}');
+    t.deepEqual(modifiedSarif, expectedSarif);
+    // It doesn't matter if the category has a slash at the end or not
+    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, "language:javascript/os:linux/", analysisKey, "");
+    t.deepEqual(modifiedSarif, expectedSarif);
+    expectedSarif =
+        '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/"}}]}';
+    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, undefined, analysisKey, '{"language": "javascript", "os": "linux"}');
     t.deepEqual(modifiedSarif, expectedSarif);
     // check the environment sorting
-    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, analysisKey, '{"os": "linux", "language": "javascript"}');
+    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, undefined, analysisKey, '{"os": "linux", "language": "javascript"}');
     t.deepEqual(modifiedSarif, expectedSarif);
     // check that an empty environment produces the right results
     expectedSarif =
         '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/"}}]}';
-    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, analysisKey, "{}");
+    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, undefined, analysisKey, "{}");
     t.deepEqual(modifiedSarif, expectedSarif);
     // check non string environment values
     expectedSarif =
         '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/number:/object:/"}}]}';
-    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, analysisKey, '{"number": 1, "object": {"language": "javascript"}}');
+    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, undefined, analysisKey, '{"number": 1, "object": {"language": "javascript"}}');
     t.deepEqual(modifiedSarif, expectedSarif);
     // check that the automation details doesn't get overwritten
     sarif = '{"runs":[{"automationDetails":{"id":"my_id"}}]}';
     expectedSarif = '{"runs":[{"automationDetails":{"id":"my_id"}}]}';
-    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, analysisKey, '{"os": "linux", "language": "javascript"}');
+    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, undefined, analysisKey, '{"os": "linux", "language": "javascript"}');
     t.deepEqual(modifiedSarif, expectedSarif);
 });
 //# sourceMappingURL=upload-lib.test.js.map

src/upload-lib.test.ts

@@ -137,10 +137,31 @@ test("populateRunAutomationDetails", (t) => {
   const analysisKey = ".github/workflows/codeql-analysis.yml:analyze";
 
   let expectedSarif =
-    '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/"}}]}';
+    '{"runs":[{"automationDetails":{"id":"language:javascript/os:linux/"}}]}';
 
+  // Category has priority over analysis_key/environment
   let modifiedSarif = uploadLib.populateRunAutomationDetails(
     sarif,
+    "language:javascript/os:linux",
+    analysisKey,
+    '{"language": "other", "os": "other"}'
+  );
+  t.deepEqual(modifiedSarif, expectedSarif);
+
+  // It doesn't matter if the category has a slash at the end or not
+  modifiedSarif = uploadLib.populateRunAutomationDetails(
+    sarif,
+    "language:javascript/os:linux/",
+    analysisKey,
+    ""
+  );
+  t.deepEqual(modifiedSarif, expectedSarif);
+
+  expectedSarif =
+    '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/"}}]}';
+  modifiedSarif = uploadLib.populateRunAutomationDetails(
+    sarif,
+    undefined,
     analysisKey,
     '{"language": "javascript", "os": "linux"}'
   );
@@ -149,6 +170,7 @@ test("populateRunAutomationDetails", (t) => {
   // check the environment sorting
   modifiedSarif = uploadLib.populateRunAutomationDetails(
     sarif,
+    undefined,
     analysisKey,
     '{"os": "linux", "language": "javascript"}'
   );
@@ -159,6 +181,7 @@ test("populateRunAutomationDetails", (t) => {
     '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/"}}]}';
   modifiedSarif = uploadLib.populateRunAutomationDetails(
     sarif,
+    undefined,
     analysisKey,
     "{}"
   );
@@ -169,6 +192,7 @@ test("populateRunAutomationDetails", (t) => {
     '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/number:/object:/"}}]}';
   modifiedSarif = uploadLib.populateRunAutomationDetails(
     sarif,
+    undefined,
     analysisKey,
     '{"number": 1, "object": {"language": "javascript"}}'
   );
@@ -179,6 +203,7 @@ test("populateRunAutomationDetails", (t) => {
   expectedSarif = '{"runs":[{"automationDetails":{"id":"my_id"}}]}';
   modifiedSarif = uploadLib.populateRunAutomationDetails(
     sarif,
+    undefined,
     analysisKey,
     '{"os": "linux", "language": "javascript"}'
   );

src/upload-lib.ts

@@ -44,12 +44,47 @@ export function combineSarifFiles(sarifFiles: string[]): string {
 // and return an updated sarif file contents.
 export function populateRunAutomationDetails(
   sarifContents: string,
+  category: string | undefined,
   analysis_key: string | undefined,
   environment: string | undefined
 ): string {
   if (analysis_key === undefined) {
     return sarifContents;
   }
+  const automationID = getAutomationID(category, analysis_key, environment);
+
+  const sarif = JSON.parse(sarifContents);
+  for (const run of sarif.runs || []) {
+    if (run.automationDetails === undefined) {
+      run.automationDetails = {
+        id: automationID,
+      };
+    }
+  }
+
+  return JSON.stringify(sarif);
+}
+
+function getAutomationID(
+  category: string | undefined,
+  analysis_key: string | undefined,
+  environment: string | undefined
+): string {
+  if (category !== undefined) {
+    let automationID = category;
+    if (!automationID.endsWith("/")) {
+      automationID += "/";
+    }
+    return automationID;
+  }
+
+  return computeAutomationID(analysis_key, environment);
+}
+
+function computeAutomationID(
+  analysis_key: string | undefined,
+  environment: string | undefined
+): string {
   let automationID = `${analysis_key}/`;
 
   // the id has to be deterministic so we sort the fields
@@ -66,16 +101,7 @@ export function populateRunAutomationDetails(
     }
   }
 
-  const sarif = JSON.parse(sarifContents);
+  return automationID;
-  for (const run of sarif.runs || []) {
-    if (run.automationDetails === undefined) {
-      run.automationDetails = {
-        id: automationID,
-      };
-    }
-  }
-
-  return JSON.stringify(sarif);
 }
 
 // Upload the given payload.
@@ -361,6 +387,7 @@ async function uploadFiles(
   );
   sarifPayload = populateRunAutomationDetails(
     sarifPayload,
+    actionsUtil.getOptionalInput("category"),
     analysisKey,
     environment
   );

upload-sarif/action.yml

@@ -14,6 +14,9 @@ inputs:
     default: ${{ github.token }}
   matrix:
     default: ${{ toJson(matrix) }}
+  category:
+    description: String used by Code Scanning for matching the analyses
+    required: false
 runs:
   using: 'node12'
   main: '../lib/upload-sarif-action.js'