fslef · Copilot · Dec 9, 2025 · Dec 9, 2025 · Dec 9, 2025
diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml
@@ -54,8 +54,155 @@ jobs:
           # This will handover control about PR rejection to the GitHub side
           max-allowed-issues: 2147483647
 
-      # Upload the SARIF file generated in the previous step
+      # Split the SARIF file into individual runs to comply with new GitHub requirements
+      # https://github.blog/changelog/2025-07-21-code-scanning-will-stop-combining-multiple-sarif-runs-uploaded-in-the-same-sarif-file/
+      - name: Split SARIF file into individual runs
+        id: split-sarif
+        run: |
+          python3 << 'EOF'
+          import json
+          import sys
+          import os
+
+          # Check if results.sarif exists
+          if not os.path.exists('results.sarif'):
+              print("Error: results.sarif file not found")
+              sys.exit(1)
+
+          try:
+              # Read the original SARIF file
+              with open('results.sarif', 'r') as f:
+                  sarif = json.load(f)
+          except json.JSONDecodeError as e:
+              print(f"Error: Invalid JSON in results.sarif: {e}")
+              sys.exit(1)
+          except Exception as e:
+              print(f"Error reading results.sarif: {e}")
+              sys.exit(1)
+
+          # Check if there are multiple runs
+          if 'runs' not in sarif or len(sarif['runs']) == 0:
+              print("No runs found in SARIF file")
+              print("single_run=true")
+              with open(os.environ['GITHUB_OUTPUT'], 'a') as f:
+                  f.write("single_run=true\n")
+              sys.exit(0)
+
+          run_count = len(sarif['runs'])
+          print(f"Found {run_count} run(s) in SARIF file")
+
+          # If there's only one run, no need to split
+          if run_count == 1:
+              print("Only one run found, no splitting needed")
+              with open(os.environ['GITHUB_OUTPUT'], 'a') as f:
+                  f.write("single_run=true\n")
+              sys.exit(0)
+
+          # Split into individual files
+          for i, run in enumerate(sarif['runs']):
+              output_file = f'results-{i}.sarif'
+              single_run_sarif = {
+                  'version': sarif['version'],
+                  'runs': [run]
+              }
+              # Include $schema if it exists in the original
+              if '$schema' in sarif:
+                  single_run_sarif['$schema'] = sarif['$schema']
+
+              with open(output_file, 'w') as f:
+                  json.dump(single_run_sarif, f, indent=2)
+              print(f"Created {output_file}")
+
+          print(f"Successfully split {run_count} runs into individual files")
+          with open(os.environ['GITHUB_OUTPUT'], 'a') as f:
+              f.write("single_run=false\n")
+          EOF
+
+      # Upload SARIF results file (handles single run case)
       - name: Upload SARIF results file
         uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: results.sarif
+        if: steps.split-sarif.outputs.single_run == 'true'
+
+      # Upload split SARIF results files (handles multiple runs case)
+      # Each file is uploaded separately with a unique category to avoid conflicts
+      - name: Upload SARIF results file - Run 0
+        if: hashFiles('results-0.sarif') != ''
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results-0.sarif
+          category: codacy-run-0
+
+      - name: Upload SARIF results file - Run 1
+        if: hashFiles('results-1.sarif') != ''
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results-1.sarif
+          category: codacy-run-1
+
+      - name: Upload SARIF results file - Run 2
+        if: hashFiles('results-2.sarif') != ''
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results-2.sarif
+          category: codacy-run-2
+
+      - name: Upload SARIF results file - Run 3
+        if: hashFiles('results-3.sarif') != ''
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results-3.sarif
+          category: codacy-run-3
+
+      - name: Upload SARIF results file - Run 4
+        if: hashFiles('results-4.sarif') != ''
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results-4.sarif
+          category: codacy-run-4
+
+      - name: Upload SARIF results file - Run 5
+        if: hashFiles('results-5.sarif') != ''
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results-5.sarif
+          category: codacy-run-5
+
+      - name: Upload SARIF results file - Run 6
+        if: hashFiles('results-6.sarif') != ''
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results-6.sarif
+          category: codacy-run-6
+
+      - name: Upload SARIF results file - Run 7
+        if: hashFiles('results-7.sarif') != ''
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results-7.sarif
+          category: codacy-run-7
+
+      - name: Upload SARIF results file - Run 8
+        if: hashFiles('results-8.sarif') != ''
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results-8.sarif
+          category: codacy-run-8
+
+      - name: Upload SARIF results file - Run 9
+        if: hashFiles('results-9.sarif') != ''
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results-9.sarif
+          category: codacy-run-9
+
+      # Warn if there are more than 10 runs (would require manual workflow update)
+      - name: Check for additional runs
+        if: steps.split-sarif.outputs.single_run == 'false'
+        run: |
+          # Check for files beyond results-9.sarif
+          if ls results-[1-9][0-9]*.sarif 2>/dev/null | grep -qv 'results-[0-9]\.sarif'; then
+            echo "::warning::More than 10 SARIF runs detected. Please update the workflow to handle additional runs."
+            ls results-*.sarif
+          fi