github
Unable to upload SARIF file
When I attempted to upload a sarif file using the upload-sarif@v1 action, I encountered the following error.
Unable to upload "/home/runner/work/path-to.sarif" as it is not valid SARIF: - instance.runs[0].tool.driver.language does not match pattern "^[a-zA-Z]{2}|^[a-zA-Z]{2}-[a-zA-Z]{2}]?$"
The language property of my sarif file is ja-JP, which is a valid form of language tag, but it did not match the regular expression pattern described above.
I think the regular expression pattern for this schema is a mistake. https://github.com/github/codeql-action/blob/cfec2bbc35f12252507dd0de0e172c08b65e8c13/src/sarif_v2.1.0_schema.json#L2342
I think this schema is coming from https://github.com/oasis-tcs/sarif-spec . So, I'm submitting an issue to that repository as well. https://github.com/oasis-tcs/sarif-spec/issues/488
Yes, that does seem suspicious. For now, can you change the language property to ja? I will investigate further.
Apologies for not following up until now. I think the pattern we would want to use is this: ^[a-zA-Z]{2}(-[a-zA-Z]{2})?$.
@lcartey, does this look right to you?
@aeisenberg
For now, can you change the language property to ja?
My sarif file was generated by the C# compiler, so I can't change the language tag.
I have now disabled this action in my workflow, as it was not important for my project to use the compiler generated sarif file.
I think the pattern we would want to use is this: ^[a-zA-Z]{2}(-[a-zA-Z]{2})?$
Yes. I also think that pattern is correct.
Still getting this error with release 2.9.4. My situation is also using a sarif file generated by the package Microsoft.CodeAnalysis in a .NET project. Example build failure. Locally I see that the sarif file has "en-US" for the language. I will continue to investigate as time is available, to see if I can find a workaround on my side or find and report on the root cause.
Hmmmm...The regex ^[a-zA-Z]{2}(-[a-zA-Z]{2})?$ does match en-US. Is it possible that instance.runs[0].tool.driver.language the value at is actually something different? Or possibly that the sarif generated on Actions is different from the one generated locally?
The sarif file being uploaded is src/EdFi.AnalyticsMiddleTier.Console/results.sarif. Any chance you can grab that and send it over to me?
Tomorrow I can try to upload the artifact in the repo so that we can see the actual file generated in GitHub, and I may be able to spend a few minutes digging in further with the codeql code. Here's a locally-generated file:
{
"$schema": "http://json.schemastore.org/sarif-2.1.0",
"version": "2.1.0",
"runs": [
{
"results": [
],
"tool": {
"driver": {
"name": "Microsoft (R) Visual C# Compiler",
"version": "4.2.0-4.22220.5 (432d17a8)",
"dottedQuadFileVersion": "4.2.0.0",
"semanticVersion": "4.2.0",
"language": "en-US"
}
},
"columnKind": "utf16CodeUnits"
}
]
}
How interesting: the exact same dotnet application produces a sarif file with this, when run on GitHub Actions:
"language": "",
Which is obviously problematic. I will look into that further on the .NET side and submit a ticket in the proper .NET repository if needed. For the upload process, clearly there is a workaround: open the file and inject a valid language into it! And then 🤞 hopefully nothing else turns up.
I worked around it by replacing the value prior to upload
https://stackoverflow.com/questions/76568966/create-sarif-file-to-be-uploaded-to-from-dotnet-build-to-be-loaded-to-github-usi/76568967#76568967
@stephenfuqua @niederee
Roslyn no longer outputs empty language property.
https://github.com/dotnet/roslyn/issues/68745
You can also specify a <PreferredUILang> property to specify the language property values explicitly.