Only upload upload-sarif debug artifacts at most once

Previously, we uploaded combined SARIF artifacts in both the `analyze-post` and `upload-sarif-post` steps. This change ensures that these artifacts are uploaded at most once — in `analyze-post` if it is a first-party run and `upload-sarif-post` if it is a third-party run. This is a defensive check because as we upgrade to the new `artifact` dependencies we will not be able to upload artifacts to the same artifact directory.
github · Sep 11, 2024 · c098b25 · c098b25
1 parent b296f26
commit c098b25
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 8 deletions.
diff --git a/src/analyze-action-post.ts b/src/analyze-action-post.ts
@@ -7,18 +7,21 @@ import * as core from "@actions/core";
 
 import * as analyzeActionPostHelper from "./analyze-action-post-helper";
 import * as debugArtifacts from "./debug-artifacts";
+import { EnvVar } from "./environment";
 import * as uploadSarifActionPostHelper from "./upload-sarif-action-post-helper";
 import { wrapError } from "./util";
 
 async function runWrapper() {
   try {
     await analyzeActionPostHelper.run();
 
-    // Also run the upload-sarif post action since we're potentially running
-    // the same steps in the analyze action.
-    await uploadSarifActionPostHelper.uploadArtifacts(
-      debugArtifacts.uploadDebugArtifacts,
-    );
+    // Upload SARIF artifacts if we determine that this is a first-party analysis run.
+    // For third-party runs, this artifact will be uploaded in the `upload-sarif-post` step.
+    if (process.env[EnvVar.INIT_ACTION_HAS_RUN] === "true") {
+      await uploadSarifActionPostHelper.uploadArtifacts(
+        debugArtifacts.uploadDebugArtifacts,
+      );
+    }
   } catch (error) {
     core.setFailed(
       `analyze post-action step failed: ${wrapError(error).message}`,

diff --git a/src/upload-sarif-action-post.ts b/src/upload-sarif-action-post.ts
@@ -6,14 +6,19 @@
 import * as core from "@actions/core";
 
 import * as debugArtifacts from "./debug-artifacts";
+import { EnvVar } from "./environment";
 import * as uploadSarifActionPostHelper from "./upload-sarif-action-post-helper";
 import { wrapError } from "./util";
 
 async function runWrapper() {
   try {
-    await uploadSarifActionPostHelper.uploadArtifacts(
-      debugArtifacts.uploadDebugArtifacts,
-    );
+    // Upload SARIF artifacts if we determine that this is a third-party analysis run.
+    // For first-party runs, this artifact will be uploaded in the `analyze-post` step.
+    if (process.env[EnvVar.INIT_ACTION_HAS_RUN] !== "true") {
+      await uploadSarifActionPostHelper.uploadArtifacts(
+        debugArtifacts.uploadDebugArtifacts,
+      );
+    }
   } catch (error) {
     core.setFailed(
       `upload-sarif post-action step failed: ${wrapError(error).message}`,