github · pelikhan · Oct 3, 2025 · Oct 3, 2025 · Oct 3, 2025 · Oct 3, 2025
diff --git a/.github/workflows/artifacts-summary.lock.yml b/.github/workflows/artifacts-summary.lock.yml
diff --git a/.github/workflows/ci-doctor.lock.yml b/.github/workflows/ci-doctor.lock.yml
diff --git a/.github/workflows/dev.lock.yml b/.github/workflows/dev.lock.yml
diff --git a/.github/workflows/tidy.lock.yml b/.github/workflows/tidy.lock.yml
diff --git a/pkg/workflow/threat_detection.go b/pkg/workflow/threat_detection.go
@@ -115,6 +115,9 @@ func (c *Compiler) buildThreatDetectionSteps(data *WorkflowData, mainJobName str
 		steps = append(steps, c.buildCustomThreatDetectionSteps(data.SafeOutputs.ThreatDetection.Steps)...)
 	}
 
+	// Step 4: Upload detection log artifact
+	steps = append(steps, c.buildUploadDetectionLogStep()...)
+
 	return steps
 }
 
@@ -401,3 +404,16 @@ func (c *Compiler) buildCustomThreatDetectionSteps(steps []any) []string {
 	}
 	return result
 }
+
+// buildUploadDetectionLogStep creates the step to upload the detection log
+func (c *Compiler) buildUploadDetectionLogStep() []string {
+	return []string{
+		"      - name: Upload threat detection log\n",
+		"        if: always()\n",
+		"        uses: actions/upload-artifact@v4\n",
+		"        with:\n",
+		"          name: threat-detection.log\n",
+		"          path: /tmp/threat-detection/detection.log\n",
+		"          if-no-files-found: ignore\n",
+	}
+}
diff --git a/pkg/workflow/threat_detection_test.go b/pkg/workflow/threat_detection_test.go
@@ -536,3 +536,73 @@ func TestBuildEngineStepsWithThreatDetectionEngine(t *testing.T) {
 		})
 	}
 }
+
+func TestBuildUploadDetectionLogStep(t *testing.T) {
+	compiler := NewCompiler(false, "", "test")
+
+	// Test that upload detection log step is created with correct properties
+	steps := compiler.buildUploadDetectionLogStep()
+
+	if len(steps) == 0 {
+		t.Fatal("Expected non-empty steps for upload detection log")
+	}
+
+	// Join all steps into a single string for easier verification
+	stepsString := strings.Join(steps, "")
+
+	// Verify key components of the upload step
+	expectedComponents := []string{
+		"name: Upload threat detection log",
+		"if: always()",
+		"uses: actions/upload-artifact@v4",
+		"name: threat-detection.log",
+		"path: /tmp/threat-detection/detection.log",
+		"if-no-files-found: ignore",
+	}
+
+	for _, expected := range expectedComponents {
+		if !strings.Contains(stepsString, expected) {
+			t.Errorf("Expected upload detection log step to contain %q, but it was not found.\nGenerated steps:\n%s", expected, stepsString)
+		}
+	}
+}
+
+func TestThreatDetectionStepsIncludeUpload(t *testing.T) {
+	compiler := NewCompiler(false, "", "test")
+
+	data := &WorkflowData{
+		SafeOutputs: &SafeOutputsConfig{
+			ThreatDetection: &ThreatDetectionConfig{
+				Enabled: true,
+			},
+		},
+	}
+
+	steps := compiler.buildThreatDetectionSteps(data, "agent")
+
+	if len(steps) == 0 {
+		t.Fatal("Expected non-empty steps")
+	}
+
+	// Join all steps into a single string for easier verification
+	stepsString := strings.Join(steps, "")
+
+	// Verify that the upload detection log step is included
+	if !strings.Contains(stepsString, "Upload threat detection log") {
+		t.Error("Expected threat detection steps to include upload detection log step")
+	}
+
+	if !strings.Contains(stepsString, "threat-detection.log") {
+		t.Error("Expected threat detection steps to include threat-detection.log artifact name")
+	}
+
+	// Verify it uses the always() condition
+	if !strings.Contains(stepsString, "if: always()") {
+		t.Error("Expected upload step to have 'if: always()' condition")
+	}
+
+	// Verify it ignores missing files
+	if !strings.Contains(stepsString, "if-no-files-found: ignore") {
+		t.Error("Expected upload step to have 'if-no-files-found: ignore'")
+	}
+}