From c098b253f67fa4b78e43bd654fb9c108e8504148 Mon Sep 17 00:00:00 2001
From: Angela P Wen <angelapwen@github.com>
Date: Wed, 11 Sep 2024 15:11:27 -0700
Subject: [PATCH] Only upload `upload-sarif` debug artifacts at most once
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previously, we uploaded combined SARIF artifacts in both the `analyze-post` and `upload-sarif-post` steps. This change ensures that these artifacts are uploaded at most once — in `analyze-post` if it is a first-party run and `upload-sarif-post` if it is a third-party run.

This is a defensive check because as we upgrade to the new `artifact` dependencies we will not be able to upload artifacts to the same artifact directory.
---
 src/analyze-action-post.ts      | 13 ++++++++-----
 src/upload-sarif-action-post.ts | 11 ++++++++---
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/src/analyze-action-post.ts b/src/analyze-action-post.ts
index 75cb6e4f6..a68154a2f 100644
--- a/src/analyze-action-post.ts
+++ b/src/analyze-action-post.ts
@@ -7,6 +7,7 @@ import * as core from "@actions/core";
 
 import * as analyzeActionPostHelper from "./analyze-action-post-helper";
 import * as debugArtifacts from "./debug-artifacts";
+import { EnvVar } from "./environment";
 import * as uploadSarifActionPostHelper from "./upload-sarif-action-post-helper";
 import { wrapError } from "./util";
 
@@ -14,11 +15,13 @@ async function runWrapper() {
   try {
     await analyzeActionPostHelper.run();
 
-    // Also run the upload-sarif post action since we're potentially running
-    // the same steps in the analyze action.
-    await uploadSarifActionPostHelper.uploadArtifacts(
-      debugArtifacts.uploadDebugArtifacts,
-    );
+    // Upload SARIF artifacts if we determine that this is a first-party analysis run.
+    // For third-party runs, this artifact will be uploaded in the `upload-sarif-post` step.
+    if (process.env[EnvVar.INIT_ACTION_HAS_RUN] === "true") {
+      await uploadSarifActionPostHelper.uploadArtifacts(
+        debugArtifacts.uploadDebugArtifacts,
+      );
+    }
   } catch (error) {
     core.setFailed(
       `analyze post-action step failed: ${wrapError(error).message}`,
diff --git a/src/upload-sarif-action-post.ts b/src/upload-sarif-action-post.ts
index 6ddee543c..e46c85ce1 100644
--- a/src/upload-sarif-action-post.ts
+++ b/src/upload-sarif-action-post.ts
@@ -6,14 +6,19 @@
 import * as core from "@actions/core";
 
 import * as debugArtifacts from "./debug-artifacts";
+import { EnvVar } from "./environment";
 import * as uploadSarifActionPostHelper from "./upload-sarif-action-post-helper";
 import { wrapError } from "./util";
 
 async function runWrapper() {
   try {
-    await uploadSarifActionPostHelper.uploadArtifacts(
-      debugArtifacts.uploadDebugArtifacts,
-    );
+    // Upload SARIF artifacts if we determine that this is a third-party analysis run.
+    // For first-party runs, this artifact will be uploaded in the `analyze-post` step.
+    if (process.env[EnvVar.INIT_ACTION_HAS_RUN] !== "true") {
+      await uploadSarifActionPostHelper.uploadArtifacts(
+        debugArtifacts.uploadDebugArtifacts,
+      );
+    }
   } catch (error) {
     core.setFailed(
       `upload-sarif post-action step failed: ${wrapError(error).message}`,