make sarif error scanning script support scan-build output

scan-build output doesn't set the `level` field for the rules. Default to "warning" if unspecified, according to the SARIF schema.

Rename `fail_on_error.py ==> fail_on_warning.py` and fail (unsurprisingly) on warning-level results.

.github/workflows/codeql.yml

@@ -89,9 +89,9 @@ jobs:
         path: ${{ steps.step1.outputs.sarif-output }}
         retention-days: 5
 
-    - name: Fail if an error is found
+    - name: Fail if a warning is found
       run: |
-        ./.github/workflows/fail_on_error.py \
+        ./.github/workflows/fail_on_warning.py \
           ${{ steps.step1.outputs.sarif-output }}/cpp.sarif
 
   scan-build:
@@ -125,6 +125,6 @@ jobs:
         category: "scan-build"
         sarif_file: build/sarif/merged.sarif
 
-    - name: Fail if an error is found
+    - name: Fail if a warning is found
       run: |
-        ./.github/workflows/fail_on_error.py build/sarif/merged.sarif
+        ./.github/workflows/fail_on_warning.py build/sarif/merged.sarif

.github/workflows/fail_on_error.py → .github/workflows/fail_on_warning.py

@@ -20,13 +20,18 @@ def codeql_sarif_contain_error(filename):
                 rule_index = res['rule']['index']
             else:
                 continue
+
             try:
                 rule_level = rules_metadata[rule_index]['defaultConfiguration']['level']
             except IndexError as e:
-                print(e, rule_index, len(rules_metadata))
-            else:
-                if rule_level == 'error':
-                    return True
+                # According to the SARIF schema (https://www.schemastore.org/schemas/json/sarif-2.1.0-rtm.6.json),
+                # the defalt level is "warning" if not specified.
+                rule_level = 'warning'
+
+            if rule_level == 'error':
+                return True
+            elif rule_level == 'warning':
+                return True
     return False
 
 if __name__ == "__main__":