Skip failed SARIF upload if Code Quality is the only analysis kind

[mbg]

In the init-post action, we upload a SARIF file to Code Scanning if the analyze step did not complete successfully. This doesn't make sense if analysis-kinds: code-quality, since that does not involve Code Scanning.

This PR adds a check to see if code-quality is the only enabled analysis kind and skips the upload if so.

Risk assessment

For internal use only. Please select the risk level of this change:

• Low risk: Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only.

Which use cases does this change impact?

• Advanced setup - Impacts users who have custom workflows.
• Default setup - Impacts users who use default setup.
• Code Quality - Impacts Code Quality (i.e. analysis-kinds: code-quality).
• GHES - Impacts GitHub Enterprise Server.

How did/will you validate this change?

• Unit tests - I am depending on unit test coverage (i.e. tests in .test.ts files).
• End-to-end tests - I am depending on PR checks (i.e. tests in pr-checks).

If something goes wrong after this change is released, what are the mitigation and rollback strategies?

• Feature flags - All new or changed code paths can be fully disabled with corresponding feature flags.
• Rollback - Change can only be disabled by rolling back the release or releasing a new version with a fix.

How will you know if something goes wrong after this change is released?

• Telemetry - I rely on existing telemetry or have made changes to the telemetry.
  • Dashboards - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release.
  • Alerts - New or existing monitors will trip if something goes wrong with this change.

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Consider adding a changelog entry for this change.
• Confirm the readme and docs have been updated if necessary.

[Copilot]

Pull Request Overview

Adds a check to skip SARIF upload for failed runs when code-quality is the only enabled analysis kind, since code-quality doesn't involve Code Scanning.

• Added early return in tryUploadSarifIfRunFailed to skip upload when only code-quality is enabled
• Updated test helper function to support configurable analysis kinds
• Added test case to verify the skip behavior

Reviewed Changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
src/init-action-post-helper.ts	Added check to skip failed SARIF upload when code-quality is the only analysis kind
src/init-action-post-helper.test.ts	Updated test infrastructure and added test case for the new skip behavior
lib/init-action-post.js	Generated JavaScript code reflecting the TypeScript changes

[henrymercer]

Suggested change

	// If the only enabled analysis kind is `code-quality`, then we shouldn't
	// upload the failed SARIF to Code Scanning.
	if (!isCodeScanningEnabled(config)) {
	return {
	upload_failed_run_skipped_because:
	"Code Quality is the only enabled analysis kind.",
	// Code scanning is the only analysis kind that makes use of failed SARIF uploads.
	if (!isCodeScanningEnabled(config)) {
	return {
	upload_failed_run_skipped_because:
	"The code scanning analysis kind is not enabled.",

[henrymercer]

Suggested change

	"Code Quality is the only enabled analysis kind.",
	"The code scanning analysis kind is not enabled.",