From 3e95091e3b6c52c7155baa35db6b4773b41ff770 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Fri, 27 Jun 2025 12:11:12 +0100 Subject: [PATCH] Add test workflow for `upload-sarif` with quality results --- .github/workflows/__upload-quality-sarif.yml | 78 ++++++++++++++++++++ pr-checks/checks/upload-quality-sarif.yml | 24 ++++++ 2 files changed, 102 insertions(+) create mode 100644 .github/workflows/__upload-quality-sarif.yml create mode 100644 pr-checks/checks/upload-quality-sarif.yml diff --git a/.github/workflows/__upload-quality-sarif.yml b/.github/workflows/__upload-quality-sarif.yml new file mode 100644 index 000000000..ea19c2879 --- /dev/null +++ b/.github/workflows/__upload-quality-sarif.yml @@ -0,0 +1,78 @@ +# Warning: This file is generated automatically, and should not be modified. +# Instead, please modify the template in the pr-checks directory and run: +# (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py) +# to regenerate this file. + +name: 'PR Check - Upload-sarif: code quality endpoint' +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GO111MODULE: auto +on: + push: + branches: + - main + - releases/v* + pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' + workflow_dispatch: {} +jobs: + upload-quality-sarif: + strategy: + fail-fast: false + matrix: + include: + - os: ubuntu-latest + version: default + - os: macos-latest + version: default + - os: windows-latest + version: default + name: 'Upload-sarif: code quality endpoint' + permissions: + contents: read + security-events: read + timeout-minutes: 45 + runs-on: ${{ matrix.os }} + steps: + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + setup-kotlin: 'true' + - name: Install Go + uses: actions/setup-go@v5 + with: + go-version: '>=1.21.0' + cache: false + - uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + languages: cpp,csharp,java,javascript,python + config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ + github.sha }} + quality-queries: code-quality + - name: Build code + shell: bash + run: ./build.sh + # Generate some SARIF we can upload with the upload-sarif step + - uses: ./../action/analyze + with: + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + upload: never + - uses: ./../action/upload-sarif + with: + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + env: + CODEQL_ACTION_TEST_MODE: true diff --git a/pr-checks/checks/upload-quality-sarif.yml b/pr-checks/checks/upload-quality-sarif.yml new file mode 100644 index 000000000..bca2a5379 --- /dev/null +++ b/pr-checks/checks/upload-quality-sarif.yml @@ -0,0 +1,24 @@ +name: "Upload-sarif: code quality endpoint" +description: "Checks that uploading SARIFs to the code quality endpoint works" +versions: ["default"] +installGo: "true" +steps: + - uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + languages: cpp,csharp,java,javascript,python + config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} + quality-queries: code-quality + - name: Build code + shell: bash + run: ./build.sh + # Generate some SARIF we can upload with the upload-sarif step + - uses: ./../action/analyze + with: + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' + upload: never + - uses: ./../action/upload-sarif + with: + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2'