github · cw-alexcroteau · Feb 1, 2022 · Jan 24, 2022 · Jan 25, 2022 · Jan 25, 2022
diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml
diff --git a/.github/workflows/__debug-artifacts.yml b/.github/workflows/__debug-artifacts.yml
diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml
diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml
diff --git a/.github/workflows/__go-custom-tracing-autobuild.yml b/.github/workflows/__go-custom-tracing-autobuild.yml
diff --git a/.github/workflows/__go-custom-tracing.yml b/.github/workflows/__go-custom-tracing.yml
diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml
diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml
diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml
diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml
diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml
diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml
diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml
diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml
diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml
diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml
diff --git a/.github/workflows/__test-ruby.yml b/.github/workflows/__test-ruby.yml
diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml
diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,10 +2,13 @@
 
 ## [UNRELEASED]
 
-No user facing changes.
+- Add sarif-id as an output for upload-sarif action and analyze action (if uploading)
+- Accept ref and hash as inputs to override the ones provided by the runner
 
 ## 1.0.31 - 31 Jan 2022
 
+- Add `sarif-id` as an output for the `upload-sarif` and `analyze` actions. [#889](https://github.com/github/codeql-action/pull/889)
+- Add `ref` and `sha` inputs to the `analyze` action, which override the defaults provided by the GitHub Action context. [#889](https://github.com/github/codeql-action/pull/889)
 - Remove `experimental` message when using custom CodeQL packages. [#888](https://github.com/github/codeql-action/pull/888)
 - Add a better warning message stating that experimental features will be disabled if the workflow has been triggered by a pull request from a fork or the `security-events: write` permission is not present. [#882](https://github.com/github/codeql-action/pull/882)
 

diff --git a/analyze/action.yml b/analyze/action.yml
@@ -45,6 +45,12 @@ inputs:
     description: "The path at which the analyzed repository was checked out. Used to relativize any absolute paths in the uploaded SARIF file."
     required: false
     default: ${{ github.workspace }}
+  ref:
+    description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable. If provided, the sha input must be provided as well."
+    required: false
+  sha:
+    description: "The sha of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable. If provided, the ref input must be provided as well."
+    required: false
   category:
     description: String used by Code Scanning for matching the analyses
     required: false
@@ -63,6 +69,8 @@ inputs:
 outputs:
   db-locations:
     description: A map from language to absolute path for each database created by CodeQL.
+  sarif-id:
+    description: The ID of the uploaded SARIF file.
 runs:
   using: "node12"
   main: "../lib/analyze-action.js"
diff --git a/lib/actions-util.js b/lib/actions-util.js