robojerk/codeql-action

Merge pull request #2857 from github/nickfyson/address-vulns

Browse source 
move use of input variables into env vars
This commit is contained in:
Nick Fyson 2025-04-09 16:05:04 +01:00 committed by GitHub
commit c7dbb2084e
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 17 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

21
.github/actions/prepare-test/action.yml vendored
View file

@ -29,24 +29,27 @@ runs:
- id: get-url - id: get-url
name: Determine URL name: Determine URL
shell: bash shell: bash
env:
VERSION: ${{ inputs.version }}
USE_ALL_PLATFORM_BUNDLE: ${{ inputs.use-all-platform-bundle }}
run: | run: |
set -e # Fail this Action if `gh release list` fails. set -e # Fail this Action if `gh release list` fails.
if [[ ${{ inputs.version }} == "linked" ]]; then if [[ "$VERSION" == "linked" ]]; then
echo "tools-url=linked" >> "$GITHUB_OUTPUT" echo "tools-url=linked" >> "$GITHUB_OUTPUT"
exit 0 exit 0
elif [[ ${{ inputs.version }} == "default" ]]; then elif [[ "$VERSION" == "default" ]]; then
echo "tools-url=" >> "$GITHUB_OUTPUT" echo "tools-url=" >> "$GITHUB_OUTPUT"
exit 0 exit 0
fi fi
if [[ ${{ inputs.version }} == "nightly-latest" && "$RUNNER_OS" != "Windows" ]]; then if [[ "$VERSION" == "nightly-latest" && "$RUNNER_OS" != "Windows" ]]; then
extension="tar.zst" extension="tar.zst"
else else
extension="tar.gz" extension="tar.gz"
fi fi
if [[ ${{ inputs.use-all-platform-bundle }} == "true" ]]; then if [[ "$USE_ALL_PLATFORM_BUNDLE" == "true" ]]; then
artifact_name="codeql-bundle.$extension" artifact_name="codeql-bundle.$extension"
elif [[ "$RUNNER_OS" == "Linux" ]]; then elif [[ "$RUNNER_OS" == "Linux" ]]; then
artifact_name="codeql-bundle-linux64.$extension" artifact_name="codeql-bundle-linux64.$extension"
@ -59,14 +62,14 @@ runs:
exit 1 exit 1
fi fi
if [[ ${{ inputs.version }} == "nightly-latest" ]]; then if [[ "$VERSION" == "nightly-latest" ]]; then
tag=`gh release list --repo dsp-testing/codeql-cli-nightlies -L 1 | cut -f 3` tag=`gh release list --repo dsp-testing/codeql-cli-nightlies -L 1 | cut -f 3`
echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/$tag/$artifact_name" >> $GITHUB_OUTPUT echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/$tag/$artifact_name" >> $GITHUB_OUTPUT
elif [[ ${{ inputs.version }} == *"nightly"* ]]; then elif [[ "$VERSION" == *"nightly"* ]]; then
version=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'` version=`echo "$VERSION" | sed -e 's/^.*\-//'`
echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT echo "tools-url=https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT
elif [[ ${{ inputs.version }} == *"stable"* ]]; then elif [[ "$VERSION" == *"stable"* ]]; then
version=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'` version=`echo "$VERSION" | sed -e 's/^.*\-//'`
echo "tools-url=https://github.com/github/codeql-action/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT echo "tools-url=https://github.com/github/codeql-action/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT
else else
echo "::error::Unrecognized version specified!" echo "::error::Unrecognized version specified!"

7
.github/actions/release-branches/action.yml vendored
View file

@ -18,8 +18,11 @@ runs:
using: "composite" using: "composite"
steps: steps:
- id: branches - id: branches
env:
MAJOR_VERSION: ${{ inputs.major_version }}
LATEST_TAG: ${{ inputs.latest_tag }}
run: | run: |
python ${{ github.action_path }}/release-branches.py \ python ${{ github.action_path }}/release-branches.py \
--major-version ${{ inputs.major_version }} \ --major-version "$MAJOR_VERSION" \
--latest-tag ${{ inputs.latest_tag }} --latest-tag "$LATEST_TAG"
shell: bash shell: bash