github / codeql-action

There's an input for the output:

inputs:

Lines 8 to 11 in 57a11be

    
           output: 
        
             description: The path of the directory in which to save the SARIF results 
        
             required: false 
        
             default: "../results"

But there is no output for the sarif file path:

codeql-action/analyze/action.yml

Lines 79 to 83 in 57a11be

    
           outputs: 
        
             db-locations: 
        
               description: A map from language to absolute path for each database created by CodeQL. 
        
             sarif-id: 
        
               description: The ID of the uploaded SARIF file.

The output file defaults to ../results which isn't accepted by actions/upload-artifact:
https://github.com/jsoref/pdns/actions/runs/5657547911/job/15326842548#step:12:4
https://github.com/jsoref/pdns/actions/runs/5657547911/job/15326842548#step:12:48

Run actions/upload-artifact@v3
  with:
    name: sarif
    path: ../results
    if-no-files-found: warn
...
Error: Invalid pattern '../results'. Relative pathing '.' and '..' is not allowed.

That's interesting. Have you considered passing in a custom output value for the input to the analyze action and then using that value for upload artifact?

I'm not sure if our team has capacity to look at this right now. However, we'd be willing to accept an external contribution for this.

	output:
	description: The path of the directory in which to save the SARIF results
	required: false
	default: "../results"

	outputs:
	db-locations:
	description: A map from language to absolute path for each database created by CodeQL.
	sarif-id:
	description: The ID of the uploaded SARIF file.

`github/codeql-action/analyze` should offer an output for the sarif path