Introduce CODEQL_ACTION_SKIP_SARIF_UPLOAD
#3180
Conversation
This triggers a subset of the behavior of `CODEQL_ACTION_TEST_MODE`, specifically just skipping the SARIF upload step. This is required for our internal testing where we want the SARIF file (via `CODEQL_ACTION_DUMP_SARIF_DIR`) but don't want to actually upload it, but we don't want the rest of the behaviour of `CODEQL_ACTION_TEST_MODE` that is specific for `codeql-action` own CI checks.
There was a problem hiding this comment.
Pull Request Overview
This PR introduces a new environment variable CODEQL_ACTION_SKIP_SARIF_UPLOAD that provides more granular control over SARIF upload behavior. It allows skipping SARIF uploads without enabling full test mode, which is useful for internal testing scenarios where SARIF files are needed locally but should not be uploaded to GitHub.
Key changes:
- Adds new environment variable
CODEQL_ACTION_SKIP_SARIF_UPLOADfor selective SARIF upload control - Introduces
shouldSkipSarifUpload()function that combines test mode and the new skip flag - Updates upload logic and messaging to use the new function instead of direct test mode checks
Reviewed Changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| src/environment.ts | Adds the new SKIP_SARIF_UPLOAD environment variable enum |
| src/util.ts | Introduces shouldSkipSarifUpload() function and updates test mode documentation |
| src/upload-lib.ts | Updates upload logic to use new function and improves messaging |
| src/upload-sarif-action.ts | Updates wait-for-processing logic to use new function |
| src/init-action-post-helper.ts | Updates failed SARIF upload logic to use new function |
| lib/*.js | Generated JavaScript code corresponding to TypeScript changes |
Co-authored-by: Copilot <[email protected]>
src/upload-lib.ts
Outdated
|
|
||
| // If in test mode we don't want to upload the results | ||
| if (util.isInTestMode()) { | ||
| // If in test mode we don't want to upload the results, |
There was a problem hiding this comment.
this comment is a bit stale now, ditto at the other isInTestMode/shouldSkipSarifUpload switch.
src/environment.ts
Outdated
|
|
||
| /** | ||
| * Whether to skip uploading SARIF results to GitHub. Intended for testing purposes. | ||
| * This setting is implied but is more specific than `CODEQL_ACTION_TEST_MODE`. |
There was a problem hiding this comment.
Minor: the wording here isn't great.
| * This setting is implied but is more specific than `CODEQL_ACTION_TEST_MODE`. | |
| * This setting is more specific than `CODEQL_ACTION_TEST_MODE`, which also implies this option. |
src/upload-lib.ts
Outdated
| logger.info( | ||
| `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}`, | ||
| ); | ||
| logger.info(`SARIF upload disabled. Saving to ${payloadSaveFile}`); |
There was a problem hiding this comment.
Minor: This no longer explains why the SARIF upload is disabled. A simple fix might be wording it like this:
| logger.info(`SARIF upload disabled. Saving to ${payloadSaveFile}`); | |
| logger.info(`SARIF upload disabled with an environment variable. Saving to ${payloadSaveFile}`); |
A better fix would be to include the responsible environment variable, perhaps with:
| logger.info(`SARIF upload disabled. Saving to ${payloadSaveFile}`); | |
| logger.info(`SARIF upload disabled by `${ isInTestMode() ? EnvVar.TEST_MODE : EnvVar.SKIP_SARIF_UPLOAD }`. Saving to ${payloadSaveFile}`); |
@mbg: how would you go on about this?
|
src/util.ts
Outdated
| export function getSarifUploadSkipReason(): string | null { | ||
| if (isInTestMode()) { | ||
| return `SARIF upload is disabled via ${EnvVar.TEST_MODE}`; | ||
| } | ||
| if (process.env[EnvVar.SKIP_SARIF_UPLOAD] === "true") { | ||
| return `SARIF upload is disabled via ${EnvVar.SKIP_SARIF_UPLOAD}`; | ||
| } | ||
| return null; | ||
| } |
There was a problem hiding this comment.
I had considered something like this when I wrote my comment, but wasn't too keen on it. I also don't love using the human-readable reason phrase to mean true for enablement purposes. The previous version with the boolean function was preferable.
Also, in general, we don't use null in the codeql-action codebase (unless it comes to us from outside the codebase) and would go for undefined here.
There was a problem hiding this comment.
I was trying to avoid something like
logger.info(`SARIF upload disabled by `${ isInTestMode() ? EnvVar.TEST_MODE : EnvVar.SKIP_SARIF_UPLOAD }`. Saving to ${payloadSaveFile}`);
as I didn't want to expose that util implementation detail. So I think I'll just go with your first proposal for a generic with an environment variable. The users of those variables (us) probably are savvy enough for that to be enough for them.
Hmm yes. Unit tests for |
Let's make that into a follow-up PR. I'll try to see what copilot can do there. |
src/environment.ts
Outdated
| /** | ||
| * Whether to skip uploading SARIF results to GitHub. Intended for testing purposes. | ||
| * This setting is implied by `CODEQL_ACTION_TEST_MODE`, but is more specific. | ||
| * This setting is implied by but is more specific than `CODEQL_ACTION_TEST_MODE`. |
src/upload-lib.ts
Outdated
| ); | ||
| logger.info( | ||
| `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}`, | ||
| `SARIF upload disabled via environment variable. Saving to ${payloadSaveFile}`, |
There was a problem hiding this comment.
Minor:
| `SARIF upload disabled via environment variable. Saving to ${payloadSaveFile}`, | |
| `SARIF upload disabled by an environment variable. Saving to ${payloadSaveFile}`, |
src/upload-sarif-action.ts
Outdated
| core.debug("In test mode. Waiting for processing is disabled."); | ||
| if (shouldSkipSarifUpload()) { | ||
| core.debug( | ||
| "SARIF upload disabled via environment variable. Waiting for processing is disabled.", |
There was a problem hiding this comment.
| "SARIF upload disabled via environment variable. Waiting for processing is disabled.", | |
| "SARIF upload disabled by an environment variable. Waiting for processing is disabled.", |
This triggers a subset of the behavior of
CODEQL_ACTION_TEST_MODE, specifically just skipping the SARIF upload step. This is required for our internal testing where we want the SARIF file (viaCODEQL_ACTION_DUMP_SARIF_DIR) but don't want to actually upload it, but we don't want the rest of the behaviour ofCODEQL_ACTION_TEST_MODEthat is specific forcodeql-actionown CI checks.This is a fresh take at #3089, with less impact on the codebase.
Risk assessment
For internal use only. Please select the risk level of this change:
Merge / deployment checklist