Update upload input values and logic (#1598)

- The `upload` input to the `analyze` Action now accepts the following values: - `always` is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs. - `failure-only` is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience. - `never` avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging. - The legacy `true` and `false` options will be interpreted as `always` and `failure-only` respectively. --------- Co-authored-by: Henry Mercer <henry.mercer@me.com>
2023-03-23 10:23:25 -07:00 · 2023-03-23 10:23:25 -07:00 · a21bb7f968
commit a21bb7f968
parent 0214d1d378
25 changed files with 206 additions and 89 deletions
--- a/lib/init-action-post-helper.test.js
+++ b/lib/init-action-post-helper.test.js
@ -159,33 +159,64 @@ const workflow = __importStar(require("./workflow"));
        exportDiagnosticsEnabled: true,
    });
 });
-(0, ava_1.default)("doesn't upload failed SARIF for workflow with upload: false", async (t) => {
-    const actionsWorkflow = createTestWorkflow([
-        {
-            name: "Checkout repository",
-            uses: "actions/checkout@v3",
-        },
-        {
-            name: "Initialize CodeQL",
-            uses: "github/codeql-action/init@v2",
-            with: {
-                languages: "javascript",
+const UPLOAD_INPUT_TEST_CASES = [
+    {
+        uploadInput: "true",
+        shouldUpload: true,
+    },
+    {
+        uploadInput: "false",
+        shouldUpload: true,
+    },
+    {
+        uploadInput: "always",
+        shouldUpload: true,
+    },
+    {
+        uploadInput: "failure-only",
+        shouldUpload: true,
+    },
+    {
+        uploadInput: "never",
+        shouldUpload: false,
+    },
+    {
+        uploadInput: "unrecognized-value",
+        shouldUpload: true,
+    },
+];
+for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) {
+    (0, ava_1.default)(`does ${shouldUpload ? "" : "not "}upload failed SARIF run for workflow with upload: ${uploadInput}`, async (t) => {
+        const actionsWorkflow = createTestWorkflow([
+            {
+                name: "Checkout repository",
+                uses: "actions/checkout@v3",
            },
-        },
-        {
-            name: "Perform CodeQL Analysis",
-            uses: "github/codeql-action/analyze@v2",
-            with: {
-                category: "my-category",
-                upload: false,
+            {
+                name: "Initialize CodeQL",
+                uses: "github/codeql-action/init@v2",
+                with: {
+                    languages: "javascript",
+                },
            },
-        },
-    ]);
-    const result = await testFailedSarifUpload(t, actionsWorkflow, {
-        expectUpload: false,
+            {
+                name: "Perform CodeQL Analysis",
+                uses: "github/codeql-action/analyze@v2",
+                with: {
+                    category: "my-category",
+                    upload: uploadInput,
+                },
+            },
+        ]);
+        const result = await testFailedSarifUpload(t, actionsWorkflow, {
+            category: "my-category",
+            expectUpload: shouldUpload,
+        });
+        if (!shouldUpload) {
+            t.is(result.upload_failed_run_skipped_because, "SARIF upload is disabled");
+        }
    });
-    t.is(result.upload_failed_run_skipped_because, "SARIF upload is disabled");
-});
+}
 (0, ava_1.default)("uploading failed SARIF run succeeds when workflow uses an input with a matrix var", async (t) => {
    const actionsWorkflow = createTestWorkflow([
        {
@ -273,7 +304,7 @@ function createTestWorkflow(steps) {
        },
    };
 }
-async function testFailedSarifUpload(t, actionsWorkflow, { category, databaseExists = true, exportDiagnosticsEnabled = false, expectUpload = true, matrix = {}, } = {}) {
+async function testFailedSarifUpload(t, actionsWorkflow, { category, databaseExists = true, expectUpload = true, exportDiagnosticsEnabled = false, matrix = {}, } = {}) {
    const config = {
        codeQLCmd: "codeql",
        debugMode: true,
@ -312,8 +343,6 @@ async function testFailedSarifUpload(t, actionsWorkflow, { category, databaseExi
            raw_upload_size_bytes: 20,
            zipped_upload_size_bytes: 10,
        });
-    }
-    if (expectUpload) {
        if (databaseExists && exportDiagnosticsEnabled) {
            t.true(databaseExportDiagnosticsStub.calledOnceWith(config.dbLocation, sinon.match.string, category), `Actual args were: ${databaseExportDiagnosticsStub.args}`);
        }