WIP: Use github/codeql-action/upload-sarif

Co-authored-by: Kamil Dudka <[email protected]>

.github/workflows/differential-shellcheck.yml

@@ -36,7 +36,23 @@ jobs:
           sed -i "s/docker:\/\/ghcr\.io\/redhat-plumbers-in-action\/differential-shellcheck.*/Dockerfile/g" action.yml
 
       - name: Differential ShellCheck - test current changes
+        id: ShellCheck
         uses: ./
         with:
           shell-scripts: .github/.differential-shellcheck-scripts.txt
           token: ${{ secrets.GITHUB_TOKEN }}
+
+      - if: ${{ always() }}
+        name: Upload artifact with defects in SARIF format
+        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce
+        with:
+          name: Differential ShellCheck SARIF
+          path: ${{ steps.ShellCheck.outputs.sarif }}
+          retention-days: 7
+
+      - if: ${{ always() }}
+        name: Upload SARIF
+        uses: github/codeql-action/upload-sarif@ff3337ee1b38c9bcf43046bde6450e50c5e88ebb
+        with:
+          sarif_file: ${{ steps.ShellCheck.outputs.sarif }}
+          category: shellcheck

action.yml

@@ -74,6 +74,10 @@ inputs:
     description: GitHub TOKEN used to upload SARIF data.
     required: false
 
+outputs:
+  sarif:
+    description: 'The SARIF file containing defects'
+
 runs:
   using: docker
   image: docker://ghcr.io/redhat-plumbers-in-action/differential-shellcheck:v3.3.1

src/index.sh

@@ -112,7 +112,9 @@ if [[ -n "${INPUT_TOKEN}" ]]; then
     --set-scan-prop='tool:ShellCheck' \
     --set-scan-prop='tool-version:0.8.0' \
     --set-scan-prop='tool-url:https://www.shellcheck.net/wiki/' \
-    '../sarif-defects.log' >> output.sarif && uploadSARIF
+    '../sarif-defects.log' >> output.sarif
+
+  echo "sarif=output.sarif" >> "${GITHUB_OUTPUT}"
 fi
 
 summary >> "${GITHUB_STEP_SUMMARY}"