robojerk/codeql-action

Merge pull request #2328 from github/henrymercer/direct-tracing-fix

Browse source 
Fix incompatibility between direct tracing in the `autobuild` Action and specifying a custom working directory
This commit is contained in:
Henry Mercer 2024-06-13 10:26:41 +01:00 committed by GitHub
commit 789b5f86ef
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
43 changed files with 148 additions and 77 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/__all-platform-bundle.yml generated vendored
View file

@ -68,7 +68,5 @@ jobs:
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
upload-database: false
env:
CODEQL_ACTION_TEST_MODE: true

1
.github/workflows/__analyze-ref-input.yml generated vendored
View file

@ -72,7 +72,6 @@ jobs:
run: ./build.sh
- uses: ./../action/analyze
with:
upload-database: false
ref: refs/heads/main
sha: 5e235361806c361d4d3f8859e3c897658025a9a2
env:

2
.github/workflows/__autobuild-action.yml generated vendored
View file

@ -75,8 +75,6 @@ jobs:
CORECLR_PROFILER: ''
CORECLR_PROFILER_PATH_64: ''
- uses: ./../action/analyze
with:
upload-database: false
- name: Check database
shell: bash
run: |

92
.github/workflows/__autobuild-direct-tracing-with-working-dir.yml generated vendored Normal file
View file

@ -0,0 +1,92 @@
# Warning: This file is generated automatically, and should not be modified.
# Instead, please modify the template in the pr-checks directory and run:
# (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
# to regenerate this file.
name: PR Check - Autobuild direct tracing (custom working directory)
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto
CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
on:
push:
branches:
- main
- releases/v*
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {}
jobs:
autobuild-direct-tracing-with-working-dir:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: windows-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
- os: windows-latest
version: nightly-latest
name: Autobuild direct tracing (custom working directory)
permissions:
contents: read
security-events: write
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
uses: actions/setup-python@v5
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Test setup
shell: bash
run: |
# Make sure that Gradle build succeeds in autobuild-dir ...
cp -a ../action/tests/java-repo autobuild-dir
# ... and fails if attempted in the current directory
echo > build.gradle
- uses: ./../action/init
with:
build-mode: autobuild
languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Check that indirect tracing is disabled
shell: bash
run: |
if [[ ! -z "${CODEQL_RUNNER}" ]]; then
echo "Expected indirect tracing to be disabled, but the" \
"CODEQL_RUNNER environment variable is set."
exit 1
fi
- uses: ./../action/autobuild
with:
working-directory: autobuild-dir
- uses: ./../action/analyze
env:
CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true
CODEQL_ACTION_TEST_MODE: true

2
.github/workflows/__go-custom-queries.yml generated vendored
View file

@ -115,8 +115,6 @@ jobs:
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
upload-database: false
env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true

2
.github/workflows/__go-indirect-tracing-workaround.yml generated vendored
View file

@ -69,8 +69,6 @@ jobs:
shell: bash
run: go build main.go
- uses: ./../action/analyze
with:
upload-database: false
- shell: bash
run: |
if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then

2
.github/workflows/__go-tracing-autobuilder.yml generated vendored
View file

@ -99,8 +99,6 @@ jobs:
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/autobuild
- uses: ./../action/analyze
with:
upload-database: false
- shell: bash
run: |
if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then

2
.github/workflows/__go-tracing-custom-build-steps.yml generated vendored
View file

@ -101,8 +101,6 @@ jobs:
shell: bash
run: go build main.go
- uses: ./../action/analyze
with:
upload-database: false
- shell: bash
run: |
# Once we start running Bash 4.2 in all environments, we can replace the

2
.github/workflows/__go-tracing-legacy-workflow.yml generated vendored
View file

@ -98,8 +98,6 @@ jobs:
languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
upload-database: false
- shell: bash
run: |
cd "$RUNNER_TEMP/codeql_databases"

2
.github/workflows/__javascript-source-root.yml generated vendored
View file

@ -73,9 +73,7 @@ jobs:
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
upload-database: false
skip-queries: true
upload: never
- name: Assert database exists
shell: bash
run: |

2
.github/workflows/__test-autobuild-working-dir.yml generated vendored
View file

@ -72,8 +72,6 @@ jobs:
with:
working-directory: autobuild-dir
- uses: ./../action/analyze
with:
upload-database: false
- name: Check database
shell: bash
run: |

2
.github/workflows/__test-local-codeql.yml generated vendored
View file

@ -74,7 +74,5 @@ jobs:
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
upload-database: false
env:
CODEQL_ACTION_TEST_MODE: true

2
.github/workflows/__test-proxy.yml generated vendored
View file

@ -62,8 +62,6 @@ jobs:
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
upload-database: false
env:
https_proxy: http://squid-proxy:3128
CODEQL_ACTION_TEST_MODE: true

2
.github/workflows/__upload-ref-sha-input.yml generated vendored
View file

@ -70,9 +70,9 @@ jobs:
- name: Build code
shell: bash
run: ./build.sh
# Generate some SARIF we can upload with the upload-sarif step
- uses: ./../action/analyze
with:
upload-database: false
ref: refs/heads/main
sha: 5e235361806c361d4d3f8859e3c897658025a9a2
upload: never

8
.github/workflows/__with-checkout-path.yml generated vendored
View file

@ -93,14 +93,6 @@ jobs:
checkout_path: x/y/z/some-path/tests/multi-language-repo
ref: v1.1.0
sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
upload: never
upload-database: false
- uses: ./../action/upload-sarif
with:
ref: v1.1.0
sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
checkout_path: x/y/z/some-path/tests/multi-language-repo
- name: Verify SARIF after upload
shell: bash

2
.github/workflows/expected-queries-runs.yml vendored
View file

@ -37,8 +37,6 @@ jobs:
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
upload: never
- name: Check Sarif
uses: ./../action/.github/actions/check-sarif

5
.github/workflows/python312-windows.yml vendored
View file

@ -14,6 +14,8 @@ on:
jobs:
test-setup-python-scripts:
env:
CODEQL_ACTION_TEST_MODE: true
timeout-minutes: 45
runs-on: windows-latest
@ -37,6 +39,3 @@ jobs:
- name: Analyze
uses: ./../action/analyze
with:
upload: false
upload-database: false

2
.github/workflows/test-codeql-bundle-all.yml vendored
View file

@ -53,7 +53,5 @@ jobs:
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
upload-database: false
env:
CODEQL_ACTION_TEST_MODE: true