Allow multiple uploads in a single job

They must all have a unique category. The category will be converted into an environment variable.
2021-10-29 11:31:30 -07:00 · 2021-10-29 11:31:30 -07:00 · 6a98a4b500
commit 6a98a4b500
parent f360da772a
10 changed files with 101 additions and 22 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -8,6 +8,7 @@ No user facing changes.

 - The `init` step of the Action now supports `ram` and `threads` inputs to limit resource use of CodeQL extractors. These inputs also serve as defaults to the subsequent `analyze` step, which finalizes the database and executes queries. [#738](https://github.com/github/codeql-action/pull/738)
 - When used with CodeQL 2.7.1 or above, the Action now includes custom query help in the analysis results uploaded to GitHub code scanning, if available. To add help text for a custom query, create a Markdown file next to the `.ql` file containing the query, using the same base name but the file extension `.md`. [#804](https://github.com/github/codeql-action/pull/804)
+- The `upload-sarif` action now allows multiple uploads in a single job, as long as they have different categories. [#801](https://github.com/github/codeql-action/pull/801)

 ## 1.0.21 - 28 Oct 2021

--- a/lib/actions-util.js
+++ b/lib/actions-util.js
@ -98,6 +98,7 @@ const getCommitOid = async function (ref = "HEAD") {
    }
    catch (e) {
        core.info(`Failed to call git to get current commit. Continuing with data from environment: ${e}`);
+        core.info(e.stack || "NO STACK");
        return (0, util_1.getRequiredEnvParam)("GITHUB_SHA");
    }
 };
--- a/lib/actions-util.js.map
+++ b/lib/actions-util.js.map
--- a/lib/upload-lib.js
+++ b/lib/upload-lib.js
@ -22,7 +22,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.buildPayload = exports.validateSarifFileSchema = exports.countResultsInSarif = exports.uploadFromRunner = exports.uploadFromActions = exports.findSarifFilesInDir = exports.populateRunAutomationDetails = exports.combineSarifFiles = void 0;
+exports.validateUniqueCategory = exports.buildPayload = exports.validateSarifFileSchema = exports.countResultsInSarif = exports.uploadFromRunner = exports.uploadFromActions = exports.findSarifFilesInDir = exports.populateRunAutomationDetails = exports.combineSarifFiles = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const zlib_1 = __importDefault(require("zlib"));
@ -243,14 +243,7 @@ exports.buildPayload = buildPayload;
 async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKey, category, analysisName, workflowRunID, sourceRoot, environment, gitHubVersion, apiDetails, logger) {
    logger.startGroup("Uploading results");
    logger.info(`Processing sarif files: ${JSON.stringify(sarifFiles)}`);
-    if (util.isActions()) {
-        // This check only works on actions as env vars don't persist between calls to the runner
-        const sentinelEnvVar = "CODEQL_UPLOAD_SARIF";
-        if (process.env[sentinelEnvVar]) {
-            throw new Error("Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job");
-        }
-        core.exportVariable(sentinelEnvVar, sentinelEnvVar);
-    }
+    validateUniqueCategory(category);
    // Validate that the files we were asked to upload are all valid SARIF files
    for (const file of sarifFiles) {
        validateSarifFileSchema(file, logger);
@ -278,4 +271,29 @@ async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKe
        num_results_in_sarif: numResultInSarif,
    };
 }
+function validateUniqueCategory(category) {
+    if (util.isActions()) {
+        // This check only works on actions as env vars don't persist between calls to the runner
+        const sentinelEnvVar = `CODEQL_UPLOAD_SARIF${category ? `_${sanitize(category)}` : ""}`;
+        if (process.env[sentinelEnvVar]) {
+            throw new Error("Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job per category. " +
+                "Please specify a unique `category` to call this action multiple times. " +
+                `Category: ${category ? category : "(none)"}`);
+        }
+        core.exportVariable(sentinelEnvVar, sentinelEnvVar);
+    }
+}
+exports.validateUniqueCategory = validateUniqueCategory;
+/**
+ * Santizes a string to be used as an environment variable name.
+ * This will replace all non-alphanumeric characters with underscores.
+ * There could still be some false category clashes if two uploads
+ * occur that differ only in their non-alphanumeric characters. This is
+ * unlikely.
+ *
+ * @param str the initial value to sanitize
+ */
+function sanitize(str) {
+    return str.replace(/[^a-zA-Z0-9_]/g, "_");
+}
 //# sourceMappingURL=upload-lib.js.map
--- a/lib/upload-lib.js.map
+++ b/lib/upload-lib.js.map
--- a/lib/upload-lib.test.js
+++ b/lib/upload-lib.test.js
@ -113,4 +113,20 @@ ava_1.default.beforeEach(() => {
    modifiedSarif = uploadLib.populateRunAutomationDetails(sarif, undefined, analysisKey, '{"os": "linux", "language": "javascript"}');
    t.deepEqual(modifiedSarif, expectedSarif);
 });
+(0, ava_1.default)("validateUniqueCategory", (t) => {
+    t.notThrows(() => uploadLib.validateUniqueCategory(undefined));
+    t.throws(() => uploadLib.validateUniqueCategory(undefined));
+    t.notThrows(() => uploadLib.validateUniqueCategory("abc"));
+    t.throws(() => uploadLib.validateUniqueCategory("abc"));
+    t.notThrows(() => uploadLib.validateUniqueCategory("def"));
+    t.throws(() => uploadLib.validateUniqueCategory("def"));
+    // Our category sanitization is not perfect. Here are some examples
+    // of where we see false clashes
+    t.notThrows(() => uploadLib.validateUniqueCategory("abc/def"));
+    t.throws(() => uploadLib.validateUniqueCategory("abc@def"));
+    t.throws(() => uploadLib.validateUniqueCategory("abc_def"));
+    t.throws(() => uploadLib.validateUniqueCategory("abc def"));
+    // this one is fine
+    t.notThrows(() => uploadLib.validateUniqueCategory("abc_ def"));
+});
 //# sourceMappingURL=upload-lib.test.js.map
--- a/lib/upload-lib.test.js.map
+++ b/lib/upload-lib.test.js.map
--- a/src/actions-util.ts
+++ b/src/actions-util.ts
@ -85,6 +85,7 @@ export const getCommitOid = async function (ref = "HEAD"): Promise<string> {
    core.info(
      `Failed to call git to get current commit. Continuing with data from environment: ${e}`
    );
+    core.info((e as Error).stack || "NO STACK");
    return getRequiredEnvParam("GITHUB_SHA");
  }
 };
--- a/src/upload-lib.test.ts
+++ b/src/upload-lib.test.ts
@ -175,3 +175,24 @@ test("populateRunAutomationDetails", (t) => {
  );
  t.deepEqual(modifiedSarif, expectedSarif);
 });
+
+test("validateUniqueCategory", (t) => {
+  t.notThrows(() => uploadLib.validateUniqueCategory(undefined));
+  t.throws(() => uploadLib.validateUniqueCategory(undefined));
+
+  t.notThrows(() => uploadLib.validateUniqueCategory("abc"));
+  t.throws(() => uploadLib.validateUniqueCategory("abc"));
+
+  t.notThrows(() => uploadLib.validateUniqueCategory("def"));
+  t.throws(() => uploadLib.validateUniqueCategory("def"));
+
+  // Our category sanitization is not perfect. Here are some examples
+  // of where we see false clashes
+  t.notThrows(() => uploadLib.validateUniqueCategory("abc/def"));
+  t.throws(() => uploadLib.validateUniqueCategory("abc@def"));
+  t.throws(() => uploadLib.validateUniqueCategory("abc_def"));
+  t.throws(() => uploadLib.validateUniqueCategory("abc def"));
+
+  // this one is fine
+  t.notThrows(() => uploadLib.validateUniqueCategory("abc_ def"));
+});
--- a/src/upload-lib.ts
+++ b/src/upload-lib.ts
@ -343,16 +343,7 @@ async function uploadFiles(
  logger.startGroup("Uploading results");
  logger.info(`Processing sarif files: ${JSON.stringify(sarifFiles)}`);

-  if (util.isActions()) {
-    // This check only works on actions as env vars don't persist between calls to the runner
-    const sentinelEnvVar = "CODEQL_UPLOAD_SARIF";
-    if (process.env[sentinelEnvVar]) {
-      throw new Error(
-        "Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job"
-      );
-    }
-    core.exportVariable(sentinelEnvVar, sentinelEnvVar);
-  }
+  validateUniqueCategory(category);

  // Validate that the files we were asked to upload are all valid SARIF files
  for (const file of sarifFiles) {
@ -409,3 +400,33 @@ async function uploadFiles(
    num_results_in_sarif: numResultInSarif,
  };
 }
+
+export function validateUniqueCategory(category: string | undefined) {
+  if (util.isActions()) {
+    // This check only works on actions as env vars don't persist between calls to the runner
+    const sentinelEnvVar = `CODEQL_UPLOAD_SARIF${
+      category ? `_${sanitize(category)}` : ""
+    }`;
+    if (process.env[sentinelEnvVar]) {
+      throw new Error(
+        "Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job per category. " +
+          "Please specify a unique `category` to call this action multiple times. " +
+          `Category: ${category ? category : "(none)"}`
+      );
+    }
+    core.exportVariable(sentinelEnvVar, sentinelEnvVar);
+  }
+}
+
+/**
+ * Santizes a string to be used as an environment variable name.
+ * This will replace all non-alphanumeric characters with underscores.
+ * There could still be some false category clashes if two uploads
+ * occur that differ only in their non-alphanumeric characters. This is
+ * unlikely.
+ *
+ * @param str the initial value to sanitize
+ */
+function sanitize(str: string) {
+  return str.replace(/[^a-zA-Z0-9_]/g, "_");
+}