SARIF export test from Cad4DevOps-Cad4DevOps #665

Workflow file for this run

.github/workflows/upload-sarif.yml at 79df811

	# GitHub Actions workflow to upload SARIF files to GitHub Code Scanning
	# This enables viewing DevOps Shield security assessment results in the Security tab

	name: Upload SARIF to Code Scanning

	on:
	push:
	branches: [main]
	paths:
	- 'docs/sarif/*.sarif'
	- 'sarif-results/*.sarif'
	pull_request:
	branches: [main]
	paths:
	- 'docs/sarif/*.sarif'
	- 'sarif-results/*.sarif'
	workflow_dispatch:
	inputs:
	sarif_file:
	description: 'Path to SARIF file to upload'
	required: false
	default: 'sarif-results/devops-shield-assessment.sarif'
	category:
	description: 'Category for Code Scanning'
	required: false
	default: 'devops-shield-sarif-export-test'

	permissions:
	contents: read
	security-events: write
	actions: read

	jobs:
	upload-sarif:
	name: Upload SARIF
	runs-on: ubuntu-latest

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- name: Check for SARIF files
	id: check-sarif
	run: \|
	SARIF_COUNT=0

	# Check sarif-results (new location - no cleanup needed)
	if [ -d "sarif-results" ]; then
	COUNT=$(find sarif-results -name "*.sarif" \| wc -l)
	SARIF_COUNT=$((SARIF_COUNT + COUNT))
	echo "Found $COUNT SARIF file(s) in sarif-results/"
	find sarif-results -name "*.sarif" -exec echo " - {}" \;
	fi

	# Check docs/sarif (legacy location - may need cleanup)
	if [ -d "docs/sarif" ]; then
	COUNT=$(find docs/sarif -name "*.sarif" \| wc -l)
	SARIF_COUNT=$((SARIF_COUNT + COUNT))
	echo "Found $COUNT SARIF file(s) in docs/sarif/"
	find docs/sarif -name "*.sarif" -exec echo " - {}" \;
	fi

	echo "sarif_count=$SARIF_COUNT" >> $GITHUB_OUTPUT
	echo "Total: $SARIF_COUNT SARIF file(s)"

	- name: Upload SARIF from sarif-results (no cleanup - native export)
	if: steps.check-sarif.outputs.sarif_count != '0'
	uses: github/codeql-action/upload-sarif@v4
	with:
	sarif_file: ${{ github.event.inputs.sarif_file \|\| 'sarif-results' }}
	category: ${{ github.event.inputs.category \|\| 'devops-shield-sarif-export-test' }}
	wait-for-processing: true
	continue-on-error: true

	- name: Summary
	if: steps.check-sarif.outputs.sarif_count != '0'
	run: \|
	echo "## SARIF Upload Summary" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "✅ Successfully uploaded SARIF files to GitHub Code Scanning" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "### Files Uploaded" >> $GITHUB_STEP_SUMMARY
	find sarif-results -name "*.sarif" -exec echo "- \\\{}\\\" \; >> $GITHUB_STEP_SUMMARY 2>/dev/null \|\| true
	find docs/sarif -name "*.sarif" -exec echo "- \\\{}\\\" \; >> $GITHUB_STEP_SUMMARY 2>/dev/null \|\| true
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "### View Results" >> $GITHUB_STEP_SUMMARY
	echo "Navigate to Security > Code scanning to view the results." >> $GITHUB_STEP_SUMMARY

	- name: No SARIF files found
	if: steps.check-sarif.outputs.sarif_count == '0'
	run: \|
	echo "## SARIF Upload Summary" >> $GITHUB_STEP_SUMMARY
	echo "" >> $GITHUB_STEP_SUMMARY
	echo "⚠️ No SARIF files found" >> $GITHUB_STEP_SUMMARY

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

SARIF export test from Cad4DevOps-Cad4DevOps #665

Workflow file

SARIF export test from Cad4DevOps-Cad4DevOps #665

Uh oh!

Workflow file for this run