Generate the "Submit SARIF after failure" workflow

pr-checks/checks/submit-sarif-failure.yml

@@ -0,0 +1,30 @@
+name: Submit SARIF after failure
+description: Check that a SARIF file is submitted for the workflow run if it fails
+versions: ["latest", "cached", "nightly-latest"]
+operatingSystems: ["ubuntu"]
+
+env:
+  # Internal-only environment variable used to indicate that the post-init Action
+  # should expect to upload a SARIF file for the failed run.
+  CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF: true
+  # Make sure the uploading SARIF files feature is enabled.
+  CODEQL_ACTION_UPLOAD_FAILED_SARIF: true
+
+steps:
+  - uses: actions/checkout@v3
+  - uses: ./init
+    with:
+      languages: javascript
+  - name: Fail
+    # We want this job to pass if the Action correctly uploads the SARIF file for
+    # the failed run.
+    # Setting this step to continue on error means that it is marked as completing
+    # successfully, so will not fail the job.
+    continue-on-error: true
+    run: exit 1
+  - uses: ./analyze
+    # In a real workflow, this step wouldn't run. Since we used `continue-on-error`
+    # above, we manually disable it with an `if` condition.
+    if: false
+    with:
+      category: "/test-codeql-version:${{ matrix.version }}"