robojerk/codeql-action

Rename TEST_MODE to specific variable for CodeQL Action

Browse source 
This allows us to set it automatically in the workflow generator,
simplifying things and reducing the scope for error.
This commit is contained in:
Henry Mercer 2022-11-16 16:08:15 +00:00
parent c939e6615d
commit a190d3876a
70 changed files with 51 additions and 245 deletions
Download patch file Download diff file Expand all files Collapse all files

4
pr-checks/checks/analyze-ref-input.yml
View file

@ -6,8 +6,6 @@ steps:
tools: ${{ steps.prepare-test.outputs.tools-url }}
languages: cpp,csharp,java,javascript,python
config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }}
env:
TEST_MODE: true
- name: Build code
shell: bash
run: ./build.sh
@ -15,5 +13,3 @@ steps:
with:
ref: 'refs/heads/main'
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
env:
TEST_MODE: true

4
pr-checks/checks/autobuild-action.yml
View file

@ -6,8 +6,6 @@ steps:
with:
languages: csharp
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- uses: ./../action/autobuild
env:
# Explicitly disable the CLR tracer.
@ -18,8 +16,6 @@ steps:
CORECLR_PROFILER: ""
CORECLR_PROFILER_PATH_64: ""
- uses: ./../action/analyze
env:
TEST_MODE: true
- name: Check database
shell: bash
run: |

2
pr-checks/checks/export-file-baseline-information.yml
View file

@ -9,7 +9,6 @@ steps:
env:
CODEQL_FILE_BASELINE_INFORMATION: true
CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: true
TEST_MODE: true
- name: Build code
shell: bash
run: ./build.sh
@ -19,7 +18,6 @@ steps:
env:
CODEQL_FILE_BASELINE_INFORMATION: true
CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT: true
TEST_MODE: true
- name: Upload SARIF
uses: actions/upload-artifact@v3
with:

2
pr-checks/checks/extractor-ram-threads.yml
View file

@ -8,8 +8,6 @@ steps:
languages: java
ram: 230
threads: 1
env:
TEST_MODE: true
- name: Assert Results
shell: bash
run: |

4
pr-checks/checks/go-custom-queries.yml
View file

@ -8,11 +8,7 @@ steps:
languages: go
config-file: ./.github/codeql/custom-queries.yml
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
env:
TEST_MODE: true

4
pr-checks/checks/go-tracing-autobuilder.yml
View file

@ -8,12 +8,8 @@ steps:
with:
languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- uses: ./../action/autobuild
- uses: ./../action/analyze
env:
TEST_MODE: true
- shell: bash
run: |
if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then

4
pr-checks/checks/go-tracing-custom-build-steps.yml
View file

@ -6,14 +6,10 @@ steps:
with:
languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- name: Build code
shell: bash
run: go build main.go
- uses: ./../action/analyze
env:
TEST_MODE: true
- shell: bash
run: |
# Once we start running Bash 4.2 in all environments, we can replace the

4
pr-checks/checks/go-tracing-legacy-workflow.yml
View file

@ -8,11 +8,7 @@ steps:
with:
languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- uses: ./../action/analyze
env:
TEST_MODE: true
- shell: bash
run: |
cd "$RUNNER_TEMP/codeql_databases"

2
pr-checks/checks/init-with-registries.yml
View file

@ -19,8 +19,6 @@ steps:
packages: "*/*"
token: "${{ secrets.GITHUB_TOKEN }}"
env:
TEST_MODE: true
- name: Verify packages installed
shell: bash
run: |

2
pr-checks/checks/javascript-source-root.yml
View file

@ -13,8 +13,6 @@ steps:
languages: javascript
source-root: ../new-source-root
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- uses: ./../action/analyze
with:
skip-queries: true

4
pr-checks/checks/ml-powered-queries.yml
View file

@ -14,15 +14,11 @@ steps:
queries: security-extended
source-root: ./../action/tests/ml-powered-queries-repo
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- uses: ./../action/analyze
with:
output: "${{ runner.temp }}/results"
upload-database: false
env:
TEST_MODE: true
- name: Upload SARIF
uses: actions/upload-artifact@v3

4
pr-checks/checks/multi-language-autodetect.yml
View file

@ -6,15 +6,11 @@ steps:
with:
db-location: "${{ runner.temp }}/customDbLocation"
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
id: analysis
env:
TEST_MODE: true
- shell: bash
run: |
CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }}

4
pr-checks/checks/packaging-codescanning-config-inputs-js.yml
View file

@ -12,16 +12,12 @@ steps:
packs: +dsp-testing/codeql-pack1@1.0.0
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
output: "${{ runner.temp }}/results"
env:
TEST_MODE: true
- name: Check results
uses: ./../action/.github/check-sarif

4
pr-checks/checks/packaging-config-inputs-js.yml
View file

@ -8,16 +8,12 @@ steps:
packs: +dsp-testing/codeql-pack1@1.0.0
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
output: "${{ runner.temp }}/results"
env:
TEST_MODE: true
- name: Check results
uses: ./../action/.github/check-sarif

4
pr-checks/checks/packaging-config-js.yml
View file

@ -7,16 +7,12 @@ steps:
config-file: ".github/codeql/codeql-config-packaging.yml"
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
output: "${{ runner.temp }}/results"
env:
TEST_MODE: true
- name: Check results
uses: ./../action/.github/check-sarif

4
pr-checks/checks/packaging-inputs-js.yml
View file

@ -8,16 +8,12 @@ steps:
languages: javascript
packs: dsp-testing/codeql-pack1@1.0.0, dsp-testing/codeql-pack2, dsp-testing/codeql-pack3:other-query.ql
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
output: "${{ runner.temp }}/results"
env:
TEST_MODE: true
- name: Check results
uses: ./../action/.github/check-sarif

4
pr-checks/checks/remote-config.yml
View file

@ -6,11 +6,7 @@ steps:
tools: ${{ steps.prepare-test.outputs.tools-url }}
languages: cpp,csharp,java,javascript,python
config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }}
env:
TEST_MODE: true
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
env:
TEST_MODE: true

2
pr-checks/checks/rubocop-multi-language.yml
View file

@ -24,5 +24,3 @@ steps:
- uses: ./../action/upload-sarif
with:
sarif_file: rubocop.sarif
env:
TEST_MODE: true

4
pr-checks/checks/ruby-autodetect.yml
View file

@ -10,12 +10,8 @@ steps:
- uses: ./../action/init
with:
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- uses: ./../action/analyze
id: analysis
env:
TEST_MODE: true
- name: Check database
shell: bash
run: |

4
pr-checks/checks/ruby.yml
View file

@ -9,12 +9,8 @@ steps:
with:
languages: ruby
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- uses: ./../action/analyze
id: analysis
env:
TEST_MODE: true
- name: Check database
shell: bash
run: |

6
pr-checks/checks/split-workflow.yml
View file

@ -9,8 +9,6 @@ steps:
packs: +dsp-testing/codeql-pack1@1.0.0
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- name: Build code
shell: bash
run: ./build.sh
@ -18,8 +16,6 @@ steps:
with:
skip-queries: true
output: "${{ runner.temp }}/results"
env:
TEST_MODE: true
- name: Assert No Results
shell: bash
@ -32,8 +28,6 @@ steps:
with:
output: "${{ runner.temp }}/results"
upload-database: false
env:
TEST_MODE: true
- name: Assert Results
shell: bash
run: |

4
pr-checks/checks/swift-autobuild.yml
View file

@ -10,13 +10,9 @@ steps:
with:
languages: swift
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- uses: ./../action/autobuild
- uses: ./../action/analyze
id: analysis
env:
TEST_MODE: true
- name: Check database
shell: bash
run: |

4
pr-checks/checks/swift-custom-build.yml
View file

@ -10,15 +10,11 @@ steps:
with:
languages: swift
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
id: analysis
env:
TEST_MODE: true
- name: Check database
shell: bash
run: |

4
pr-checks/checks/test-autobuild-working-dir.yml
View file

@ -14,14 +14,10 @@ steps:
with:
languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- uses: ./../action/autobuild
with:
working-directory: autobuild-dir
- uses: ./../action/analyze
env:
TEST_MODE: true
- name: Check database
shell: bash
run: |

4
pr-checks/checks/test-local-codeql.yml
View file

@ -12,11 +12,7 @@ steps:
- uses: ./../action/init
with:
tools: ./codeql-bundle.tar.gz
env:
TEST_MODE: true
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
env:
TEST_MODE: true

4
pr-checks/checks/test-proxy.yml
View file

@ -17,8 +17,4 @@ steps:
with:
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- uses: ./../action/analyze
env:
TEST_MODE: true

4
pr-checks/checks/unset-environment.yml
View file

@ -6,15 +6,11 @@ steps:
with:
db-location: ${{ runner.temp }}/customDbLocation
tools: ${{ steps.prepare-test.outputs.tools-url }}
env:
TEST_MODE: true
- name: Build code
shell: bash
run: env -i PATH="$PATH" HOME="$HOME" ./build.sh
- uses: ./../action/analyze
id: analysis
env:
TEST_MODE: true
- shell: bash
run: |
CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}"

6
pr-checks/checks/upload-ref-sha-input.yml
View file

@ -6,8 +6,6 @@ steps:
tools: ${{ steps.prepare-test.outputs.tools-url }}
languages: cpp,csharp,java,javascript,python
config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }}
env:
TEST_MODE: true
- name: Build code
shell: bash
run: ./build.sh
@ -16,11 +14,7 @@ steps:
ref: 'refs/heads/main'
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
upload: false
env:
TEST_MODE: true
- uses: ./../action/upload-sarif
with:
ref: 'refs/heads/main'
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
env:
TEST_MODE: true

6
pr-checks/checks/with-checkout-path.yml
View file

@ -14,8 +14,6 @@ steps:
languages: csharp,javascript
source-path: x/y/z/some-path/tests/multi-language-repo
debug: true
env:
TEST_MODE: true
- name: Build code (non-windows)
shell: bash
if: ${{ runner.os != 'Windows' }}
@ -32,16 +30,12 @@ steps:
ref: v1.1.0
sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
upload: false
env:
TEST_MODE: true
- uses: ./../action/upload-sarif
with:
ref: v1.1.0
sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
checkout_path: x/y/z/some-path/tests/multi-language-repo
env:
TEST_MODE: true
- name: Verify SARIF after upload
shell: bash

1
pr-checks/sync.py
View file

@ -116,6 +116,7 @@ for file in os.listdir('checks'):
checkJob['env'] = checkJob.get('env', {})
checkJob['env']['INTERNAL_CODEQL_ACTION_DEBUG_LOC'] = True
checkJob['env']['CODEQL_ACTION_TEST_MODE'] = True
checkName = file[:len(file) - 4]
with open(f"../.github/workflows/__{checkName}.yml", 'w') as output_stream: