[BUG] Fail to uploaded SARIF file to GitHub CodeQL action

[dronkoff]

Describe the bug

Writing a GitHub Actions Bicep code scan workflow.
Runs on ubuntu-latest, uses .NET 8.
The tools itself works fine and produces the result:

      - name: Run scanner
        run: dotnet ./scantool/TemplateAnalyzer.dll analyze-directory --report-format SARIF --output-file-path ./scan_results.sarif ./setup/IaC
        continue-on-error: true

However, uploading the SARIF file to display the scan results in repository UI fails.

      - name: Upload SARIF results
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: scan_results.sarif

The error is:

Run github/codeql-action/upload-sarif@v3
  with:
    sarif_file: scan_results.sarif
    checkout_path: /home/runner/work/azure-guardrails-solution-accelerator/azure-guardrails-solution-accelerator
    token: ***
    matrix: null
    wait-for-processing: true
  env:
    SCANNER_TOOL_URL: https://github.com/Azure/template-analyzer/releases/download/0.8.[1](https://github.com/dronkoff/azure-guardrails-solution-accelerator/actions/runs/13933821472/job/38997193910#step:8:1)/TemplateAnalyzer-linux-x64.zip
    DOTNET_ROOT: /home/runner/.dotnet
Uploading results
  Processing sarif files: ["scan_results.sarif"]
  Validating scan_results.sarif
  Combining SARIF files using the CodeQL CLI
  Adding fingerprints to SARIF file. See https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs for more information.
  Uploading results
  Successfully uploaded results
Waiting for processing to finish
  Analysis upload status is pending.
  Analysis upload status is failed.
Error: Code Scanning could not process the submitted SARIF file:
expected a result message, expected a result message, expected a result message, expected a result message

It turns out that messages in SARIF file are generated using references by ID.

{
          "ruleId": "AZR-000316",
          "ruleIndex": 0,
          "level": "error",
          "message": {
            "id": "default"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "guardrails.bicep",
                  "uriBaseId": "ROOTPATH",
                  "index": 0
                },
                "region": {
                  "startLine": 85
                }
              }
            }
          ]
        }

And GitHub CodeQL accepts only message.text .
Code Scanning support for SARIF message string lookup in uploaded logs

Need to fix generated file or add an option to reformat the output file for GitHub.

Expected behavior

All SARIF file messages have text property.

Reproduction Steps

Create a GH workflow using steps above and try uploading the SARIF file.

Environment

No response