Upload multiple sarif files

[JavierSegoviaCordoba]

Similar to actions/upload-artifact, upload-sarif should allow upload multiple sarif files. Pattern matching from upload-artifact should be great too.

[aeisenberg]

This is already available (except no pattern matching). The sarif_file accepts a directory. All files ending in *.sarif will be merged and uploaded. Is this what you are looking for?

See more in the docs.

[JavierSegoviaCordoba]

@aeisenberg I have all sarif files on different directories. I could move them in a previous step but would be great if this feature was directly supported.

[aeisenberg]

This feature will recursively search the directory you pass it for sarif files.

[JavierSegoviaCordoba]

I can pass the root directory so it can check the whole project?

The files are on different folders at the same level too so passing the root one is the only solution.

[aeisenberg]

I imagine that this should work. It will search all files in all subdirectories, so if you are talking about the root of the filesystem, this will search through a lot of files. I recommend that you try it out and see if it works for you.

[JavierSegoviaCordoba]

I will try, but it can be a problem with a lot of files. Should I still keep this feature request?

Feels free to close this if not.

[JavierSegoviaCordoba]

I tried the next one but it fails.

      - name: Upload Code Scanning code analysis report
        if: matrix.os == 'ubuntu-latest'
        uses: github/codeql-action/upload-sarif@v2
        with:
          sarif_file: '/'

[aeisenberg]

Are you able to move the output location of all of your sarif so that there is a common root directory that is not the root of the file syste?

[JavierSegoviaCordoba]

I could move it with bash yeah. I will do that workaround. Still I would like to be able to provide a pattern to upload-sarif :D

[aeisenberg]

Thanks for the feedback. I can keep this issue open and put it on our backlog, but I cannot guarantee that we will have a good opportunity to look at this.