github · koesie10 · Jul 14, 2025 · Jul 14, 2025 · Jul 14, 2025 · Copilot
@@ -399,6 +399,18 @@ test("shouldShowCombineSarifFilesDeprecationWarning when on GHES 3.14", async (t
   );
 });
 
+test("shouldShowCombineSarifFilesDeprecationWarning when on GHES 3.16 pre", async (t) => {
+  t.true(
+    await uploadLib.shouldShowCombineSarifFilesDeprecationWarning(
+      [createMockSarif("abc", "def"), createMockSarif("abc", "def")],
+      {
+        type: GitHubVariant.GHES,
+        version: "3.16.0.pre1",
+      },
+    ),
+  );
+});
+
 test("shouldShowCombineSarifFilesDeprecationWarning with only 1 run", async (t) => {
   t.false(
     await uploadLib.shouldShowCombineSarifFilesDeprecationWarning(
@@ -454,6 +466,10 @@ test("throwIfCombineSarifFilesDisabled when on dotcom with feature flag", async
         type: GitHubVariant.DOTCOM,
       },
     ),
+    {
+      message:
+        /The CodeQL Action does not support uploading multiple SARIF runs with the same category/,
+    },
   );
 });
 
@@ -518,6 +534,10 @@ test("throwIfCombineSarifFilesDisabled when on GHES 3.18 pre", async (t) => {
         version: "3.18.0.pre1",
       },
     ),
+    {
+      message:
+        /The CodeQL Action does not support uploading multiple SARIF runs with the same category/,
+    },
   );
 });
 
@@ -531,6 +551,10 @@ test("throwIfCombineSarifFilesDisabled when on GHES 3.18 alpha", async (t) => {
         version: "3.18.0-alpha.1",
       },
     ),
+    {
+      message:
+        /The CodeQL Action does not support uploading multiple SARIF runs with the same category/,
+    },
   );
 });
 
@@ -544,6 +568,10 @@ test("throwIfCombineSarifFilesDisabled when on GHES 3.18", async (t) => {
         version: "3.18.0",
       },
     ),
+    {
+      message:
+        /The CodeQL Action does not support uploading multiple SARIF runs with the same category/,
+    },
   );
 });
 

@@ -30,6 +30,7 @@ import {
   getRequiredEnvParam,
   GitHubVariant,
   GitHubVersion,
+  parseGhesVersion,
   SarifFile,
   SarifRun,
 } from "./util";
@@ -132,7 +133,7 @@ export async function shouldShowCombineSarifFilesDeprecationWarning(
   // Do not show this warning on GHES versions before 3.14.0
   if (
     githubVersion.type === GitHubVariant.GHES &&
-    semver.lt(githubVersion.version, "3.14.0")
+    semver.lt(parseGhesVersion(githubVersion.version), "3.14.0")
   ) {
     return false;
   }
@@ -177,7 +178,7 @@ async function shouldDisableCombineSarifFiles(
 ) {
   if (githubVersion.type === GitHubVariant.GHES) {
     // Never block on GHES versions before 3.18.
-    if (semver.lt(githubVersion.version, "3.18.0-0")) {
+    if (semver.lt(parseGhesVersion(githubVersion.version), "3.18.0-0")) {
       return false;
     }
   } else {

@@ -1132,6 +1132,23 @@ export function checkActionVersion(
   }
 }
 
+/**
+ * This will parse a GitHub Enterprise Server version string into a SemVer object.
+ *
+ * GHES versions are usually in a semver-compatible format, so usually this will
+ * just call the SemVer constructor. However, for GHES pre-release versions,
+ * the version string is in the format "3.18.0.pre1", which is not a valid semver
+ * version since the pre-release part of the version should be separated by a
+ * hyphen. This function will replace the ".pre" part of the version with "-pre"
+ * to make it a valid semver version.
+ */
+export function parseGhesVersion(version: string): semver.SemVer {
+  if (version.includes(".pre")) {
-  if (version.includes(".pre")) {
+  if (/\.pre\d+$/.test(version)) {
-  if (version.includes(".pre")) {
+  if (/\.pre\d+$/.test(version)) {
+    version = version.replace(".pre", "-pre");
-    version = version.replace(".pre", "-pre");
+    version = version.replaceAll(".pre", "-pre");
-    version = version.replace(".pre", "-pre");
+    version = version.replaceAll(".pre", "-pre");
+  }
+  return new semver.SemVer(version);
+}
+
 /**
  * Supported build modes.
  *