Add category input

analyze/action.yml

@@ -27,6 +27,9 @@ inputs:
     description: "The path at which the analyzed repository was checked out. Used to relativize any absolute paths in the uploaded SARIF file."
     required: false
     default: ${{ github.workspace }}
+  category:
+    description: String used by Code Scanning for matching the analyses
+    required: false
   token:
     default: ${{ github.token }}
   matrix:

src/upload-lib.test.ts

@@ -137,10 +137,31 @@ test("populateRunAutomationDetails", (t) => {
   const analysisKey = ".github/workflows/codeql-analysis.yml:analyze";
 
   let expectedSarif =
-    '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/"}}]}';
+    '{"runs":[{"automationDetails":{"id":"language:javascript/os:linux/"}}]}';
 
+  // Category has priority over analysis_key/environment
   let modifiedSarif = uploadLib.populateRunAutomationDetails(
     sarif,
+    "language:javascript/os:linux",
+    analysisKey,
+    '{"language": "other", "os": "other"}'
+  );
+  t.deepEqual(modifiedSarif, expectedSarif);
+
+  // It doesn't matter if the category has a slash at the end or not
+  modifiedSarif = uploadLib.populateRunAutomationDetails(
+    sarif,
+    "language:javascript/os:linux/",
+    analysisKey,
+    ""
+  );
+  t.deepEqual(modifiedSarif, expectedSarif);
+
+  expectedSarif =
+    '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/"}}]}';
+  modifiedSarif = uploadLib.populateRunAutomationDetails(
+    sarif,
+    undefined,
     analysisKey,
     '{"language": "javascript", "os": "linux"}'
   );
@@ -149,6 +170,7 @@ test("populateRunAutomationDetails", (t) => {
   // check the environment sorting
   modifiedSarif = uploadLib.populateRunAutomationDetails(
     sarif,
+    undefined,
     analysisKey,
     '{"os": "linux", "language": "javascript"}'
   );
@@ -159,6 +181,7 @@ test("populateRunAutomationDetails", (t) => {
     '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/"}}]}';
   modifiedSarif = uploadLib.populateRunAutomationDetails(
     sarif,
+    undefined,
     analysisKey,
     "{}"
   );
@@ -169,6 +192,7 @@ test("populateRunAutomationDetails", (t) => {
     '{"runs":[{"automationDetails":{"id":".github/workflows/codeql-analysis.yml:analyze/number:/object:/"}}]}';
   modifiedSarif = uploadLib.populateRunAutomationDetails(
     sarif,
+    undefined,
     analysisKey,
     '{"number": 1, "object": {"language": "javascript"}}'
   );
@@ -179,6 +203,7 @@ test("populateRunAutomationDetails", (t) => {
   expectedSarif = '{"runs":[{"automationDetails":{"id":"my_id"}}]}';
   modifiedSarif = uploadLib.populateRunAutomationDetails(
     sarif,
+    undefined,
     analysisKey,
     '{"os": "linux", "language": "javascript"}'
   );

src/upload-lib.ts

@@ -44,12 +44,47 @@ export function combineSarifFiles(sarifFiles: string[]): string {
 // and return an updated sarif file contents.
 export function populateRunAutomationDetails(
   sarifContents: string,
+  category: string | undefined,
   analysis_key: string | undefined,
   environment: string | undefined
 ): string {
   if (analysis_key === undefined) {
     return sarifContents;
   }
+  const automationID = getAutomationID(category, analysis_key, environment);
+
+  const sarif = JSON.parse(sarifContents);
+  for (const run of sarif.runs || []) {
+    if (run.automationDetails === undefined) {
+      run.automationDetails = {
+        id: automationID,
+      };
+    }
+  }
+
+  return JSON.stringify(sarif);
+}
+
+function getAutomationID(
+  category: string | undefined,
+  analysis_key: string | undefined,
+  environment: string | undefined
+): string {
+  if (category !== undefined) {
+    let automationID = category;
+    if (!automationID.endsWith("/")) {
+      automationID += "/";
+    }
+    return automationID;
+  }
+
+  return computeAutomationID(analysis_key, environment);
+}
+
+function computeAutomationID(
+  analysis_key: string | undefined,
+  environment: string | undefined
+): string {
   let automationID = `${analysis_key}/`;
 
   // the id has to be deterministic so we sort the fields
@@ -66,16 +101,7 @@ export function populateRunAutomationDetails(
     }
   }
 
-  const sarif = JSON.parse(sarifContents);
-  for (const run of sarif.runs || []) {
-    if (run.automationDetails === undefined) {
-      run.automationDetails = {
-        id: automationID,
-      };
-    }
-  }
-
-  return JSON.stringify(sarif);
+  return automationID;
 }
 
 // Upload the given payload.
@@ -361,6 +387,7 @@ async function uploadFiles(
   );
   sarifPayload = populateRunAutomationDetails(
     sarifPayload,
+    actionsUtil.getOptionalInput("category"),
     analysisKey,
     environment
   );

upload-sarif/action.yml

@@ -14,6 +14,9 @@ inputs:
     default: ${{ github.token }}
   matrix:
     default: ${{ toJson(matrix) }}
+  category:
+    description: String used by Code Scanning for matching the analyses
+    required: false
 runs:
   using: 'node12'
   main: '../lib/upload-sarif-action.js'