Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upload multiple sarif files #1573

Open
JavierSegoviaCordoba opened this issue Mar 13, 2023 · 10 comments
Open

Upload multiple sarif files #1573

JavierSegoviaCordoba opened this issue Mar 13, 2023 · 10 comments
Labels
CodeQL Action This repo! Helps for internal planning good first issue Good for newcomers

Comments

@JavierSegoviaCordoba
Copy link

JavierSegoviaCordoba commented Mar 13, 2023
edited
Loading

Similar to actions/upload-artifact, upload-sarif should allow upload multiple sarif files. Pattern matching from upload-artifact should be great too.
@aeisenberg
Copy link
Contributor

aeisenberg commented Mar 13, 2023
edited
Loading

This is already available (except no pattern matching). The sarif_file accepts a directory. All files ending in *.sarif will be merged and uploaded. Is this what you are looking for?

See more in the docs.
@JavierSegoviaCordoba
Copy link
Author

JavierSegoviaCordoba commented Mar 13, 2023
edited
Loading

@aeisenberg I have all sarif files on different directories. I could move them in a previous step but would be great if this feature was directly supported.
@aeisenberg
Copy link
Contributor

This feature will recursively search the directory you pass it for sarif files.
@JavierSegoviaCordoba
Copy link
Author

JavierSegoviaCordoba commented Mar 13, 2023
edited
Loading

I can pass the root directory so it can check the whole project?

The files are on different folders at the same level too so passing the root one is the only solution.
@aeisenberg
Copy link
Contributor

I imagine that this should work. It will search all files in all subdirectories, so if you are talking about the root of the filesystem, this will search through a lot of files. I recommend that you try it out and see if it works for you.
@JavierSegoviaCordoba
Copy link
Author

JavierSegoviaCordoba commented Mar 13, 2023
edited
Loading

I will try, but it can be a problem with a lot of files. Should I still keep this feature request?

Feels free to close this if not.
@JavierSegoviaCordoba
Copy link
Author

I tried the next one but it fails.

      - name: Upload Code Scanning code analysis report
        if: matrix.os == 'ubuntu-latest'
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: '/'
@aeisenberg
Copy link
Contributor

Are you able to move the output location of all of your sarif so that there is a common root directory that is not the root of the file syste?
@JavierSegoviaCordoba
Copy link
Author

I could move it with bash yeah. I will do that workaround. Still I would like to be able to provide a pattern to upload-sarif :D
@aeisenberg
Copy link
Contributor

Thanks for the feedback. I can keep this issue open and put it on our backlog, but I cannot guarantee that we will have a good opportunity to look at this.
@aeisenberg aeisenberg added good first issue Good for newcomers CodeQL Action This repo! Helps for internal planning labels Mar 13, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
CodeQL Action This repo! Helps for internal planning good first issue Good for newcomers
2 participants
@aeisenberg @JavierSegoviaCordoba