diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 9fb4261..99dc1de 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -54,8 +54,155 @@ jobs: # This will handover control about PR rejection to the GitHub side max-allowed-issues: 2147483647 - # Upload the SARIF file generated in the previous step + # Split the SARIF file into individual runs to comply with new GitHub requirements + # https://github.blog/changelog/2025-07-21-code-scanning-will-stop-combining-multiple-sarif-runs-uploaded-in-the-same-sarif-file/ + - name: Split SARIF file into individual runs + id: split-sarif + run: | + python3 << 'EOF' + import json + import sys + import os + + # Check if results.sarif exists + if not os.path.exists('results.sarif'): + print("Error: results.sarif file not found") + sys.exit(1) + + try: + # Read the original SARIF file + with open('results.sarif', 'r') as f: + sarif = json.load(f) + except json.JSONDecodeError as e: + print(f"Error: Invalid JSON in results.sarif: {e}") + sys.exit(1) + except Exception as e: + print(f"Error reading results.sarif: {e}") + sys.exit(1) + + # Check if there are multiple runs + if 'runs' not in sarif or len(sarif['runs']) == 0: + print("No runs found in SARIF file") + print("single_run=true") + with open(os.environ['GITHUB_OUTPUT'], 'a') as f: + f.write("single_run=true\n") + sys.exit(0) + + run_count = len(sarif['runs']) + print(f"Found {run_count} run(s) in SARIF file") + + # If there's only one run, no need to split + if run_count == 1: + print("Only one run found, no splitting needed") + with open(os.environ['GITHUB_OUTPUT'], 'a') as f: + f.write("single_run=true\n") + sys.exit(0) + + # Split into individual files + for i, run in enumerate(sarif['runs']): + output_file = f'results-{i}.sarif' + single_run_sarif = { + 'version': sarif['version'], + 'runs': [run] + } + # Include $schema if it exists in the original + if '$schema' in sarif: + single_run_sarif['$schema'] = sarif['$schema'] + + with open(output_file, 'w') as f: + json.dump(single_run_sarif, f, indent=2) + print(f"Created {output_file}") + + print(f"Successfully split {run_count} runs into individual files") + with open(os.environ['GITHUB_OUTPUT'], 'a') as f: + f.write("single_run=false\n") + EOF + + # Upload SARIF results file (handles single run case) - name: Upload SARIF results file uses: github/codeql-action/upload-sarif@v3 with: sarif_file: results.sarif + if: steps.split-sarif.outputs.single_run == 'true' + + # Upload split SARIF results files (handles multiple runs case) + # Each file is uploaded separately with a unique category to avoid conflicts + - name: Upload SARIF results file - Run 0 + if: hashFiles('results-0.sarif') != '' + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results-0.sarif + category: codacy-run-0 + + - name: Upload SARIF results file - Run 1 + if: hashFiles('results-1.sarif') != '' + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results-1.sarif + category: codacy-run-1 + + - name: Upload SARIF results file - Run 2 + if: hashFiles('results-2.sarif') != '' + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results-2.sarif + category: codacy-run-2 + + - name: Upload SARIF results file - Run 3 + if: hashFiles('results-3.sarif') != '' + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results-3.sarif + category: codacy-run-3 + + - name: Upload SARIF results file - Run 4 + if: hashFiles('results-4.sarif') != '' + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results-4.sarif + category: codacy-run-4 + + - name: Upload SARIF results file - Run 5 + if: hashFiles('results-5.sarif') != '' + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results-5.sarif + category: codacy-run-5 + + - name: Upload SARIF results file - Run 6 + if: hashFiles('results-6.sarif') != '' + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results-6.sarif + category: codacy-run-6 + + - name: Upload SARIF results file - Run 7 + if: hashFiles('results-7.sarif') != '' + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results-7.sarif + category: codacy-run-7 + + - name: Upload SARIF results file - Run 8 + if: hashFiles('results-8.sarif') != '' + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results-8.sarif + category: codacy-run-8 + + - name: Upload SARIF results file - Run 9 + if: hashFiles('results-9.sarif') != '' + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: results-9.sarif + category: codacy-run-9 + + # Warn if there are more than 10 runs (would require manual workflow update) + - name: Check for additional runs + if: steps.split-sarif.outputs.single_run == 'false' + run: | + # Check for files beyond results-9.sarif + if ls results-[1-9][0-9]*.sarif 2>/dev/null | grep -qv 'results-[0-9]\.sarif'; then + echo "::warning::More than 10 SARIF runs detected. Please update the workflow to handle additional runs." + ls results-*.sarif + fi