- The `upload` input to the `analyze` Action now accepts the following values:
- `always` is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
- `failure-only` is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
- `never` avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
- The legacy `true` and `false` options will be interpreted as `always` and `failure-only` respectively.
---------
Co-authored-by: Henry Mercer <henry.mercer@me.com>
Kotlin analysis is incompatible with Kotlin 1.8.0, which is now rolling
out to the Actions runner images.
While we work on a more permanent fix to our PR checks, this will
prevent us losing other
test coverage.
Build tracing using CLIs before 2.7.3 no longer works with the most
recent update to the `ubuntu-22.04` runner image.
With this new logic, we can remove the workarounds around testing
`windows-2019` and `windows-2022`.
This commit also adds a new integration check to verify this.
When running in test mode, payloads will not be uploaded. Instead, they
will be saved to disk so that they can be inspected later.
