Add a function that can lint a CodeQL action workflow

2020-11-23 17:29:19 +00:00 · 2020-11-23 17:29:19 +00:00 · 7eb9dfcc60
commit 7eb9dfcc60
parent b15854c9af
6 changed files with 417 additions and 2 deletions
--- a/lib/actions-util.js
+++ b/lib/actions-util.js
@ -96,6 +96,87 @@ exports.getCommitOid = async function () {
        return getRequiredEnvParam("GITHUB_SHA");
    }
 };
+function isObject(o) {
+    return o !== null && typeof o === "object";
+}
+var MissingTriggers;
+(function (MissingTriggers) {
+    MissingTriggers[MissingTriggers["NONE"] = 0] = "NONE";
+    MissingTriggers[MissingTriggers["PUSH"] = 1] = "PUSH";
+    MissingTriggers[MissingTriggers["PULL_REQUEST"] = 2] = "PULL_REQUEST";
+})(MissingTriggers || (MissingTriggers = {}));
+function validateWorkflow(doc) {
+    var _a, _b, _c, _d;
+    const errors = [];
+    // .jobs[key].steps[].run
+    for (const job of Object.values(((_a = doc) === null || _a === void 0 ? void 0 : _a.jobs) || {})) {
+        for (const step of ((_b = job) === null || _b === void 0 ? void 0 : _b.steps) || []) {
+            if (((_c = step) === null || _c === void 0 ? void 0 : _c.run) === "git checkout HEAD^2") {
+                errors.push(`Git checkout HEAD^2 is no longer necessary. Please remove this line from your workflow.`);
+            }
+        }
+    }
+    let missing = MissingTriggers.NONE;
+    if (doc.on === undefined) {
+        missing = MissingTriggers.PUSH | MissingTriggers.PULL_REQUEST;
+    }
+    else if (typeof doc.on === "string") {
+        switch (doc.on) {
+            case "push":
+                missing = MissingTriggers.PULL_REQUEST;
+                break;
+            case "pull_request":
+                missing = MissingTriggers.PUSH;
+                break;
+            default:
+                missing = MissingTriggers.PUSH | MissingTriggers.PULL_REQUEST;
+                break;
+        }
+    }
+    else if (Array.isArray(doc.on)) {
+        if (!doc.on.includes("push")) {
+            missing = missing | MissingTriggers.PUSH;
+        }
+        if (!doc.on.includes("pull_request")) {
+            missing = missing | MissingTriggers.PULL_REQUEST;
+        }
+    }
+    else if (isObject(doc.on)) {
+        if (!Object.prototype.hasOwnProperty.call(doc.on, "pull_request")) {
+            missing = missing | MissingTriggers.PULL_REQUEST;
+        }
+        if (!Object.prototype.hasOwnProperty.call(doc.on, "push")) {
+            missing = missing | MissingTriggers.PUSH;
+        }
+        else {
+            const paths = (_d = doc.on.push) === null || _d === void 0 ? void 0 : _d.paths;
+            if (Array.isArray(paths) && paths.length > 0) {
+                errors.push("Please do not specify paths at on.pull.");
+            }
+        }
+        if (doc.on.pull_request !== undefined && doc.on.push !== undefined) {
+            const push = doc.on.push.branches || [];
+            const pull_request = doc.on.pull_request.branches || [];
+            const intersects = pull_request.filter((value) => !push.includes(value));
+            if (intersects.length > 0) {
+                errors.push("Please make sure that any branches in on.pull_request: are also in on.push: so that CodeQL can establish a baseline.");
+            }
+        }
+    }
+    switch (missing) {
+        case MissingTriggers.PULL_REQUEST | MissingTriggers.PUSH:
+            errors.push("Please specify on.push and on.pull_request hooks.");
+            break;
+        case MissingTriggers.PULL_REQUEST:
+            errors.push("Please specify an on.pull_request hook so CodeQL is run against new pull requests.");
+            break;
+        case MissingTriggers.PUSH:
+            errors.push("Please specify an on.push hook so CodeQL can establish a baseline.");
+            break;
+    }
+    return errors;
+}
+exports.validateWorkflow = validateWorkflow;
 /**
 * Get the path of the currently executing workflow.
 */