robojerk/codeql-action

Merge branch 'main' into oscarsj-patch-1

Browse source
This commit is contained in:
Andrew Eisenberg 2025-01-29 14:16:29 -08:00 committed by GitHub
commit dcf2d0d183
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
402 changed files with 26640 additions and 1254 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.github/codeql/codeql-actions-config.yml vendored Normal file
View file

@ -0,0 +1,4 @@
# Configuration for the CodeQL Actions Queries
name: "CodeQL Actions Queries config"
queries:
- uses: security-and-quality

28
.github/workflows/codeql.yml vendored
View file

@ -70,7 +70,7 @@ jobs:
echo "Suggested matrix config for analysis job: $VERSIONS_JSON"
echo "versions=${VERSIONS_JSON}" >> $GITHUB_OUTPUT
build:
analyze-javascript:
needs: [check-codeql-versions]
strategy:
fail-fast: false
@ -81,7 +81,7 @@ jobs:
permissions:
contents: read
security-events: write # needed to upload results
security-events: write
steps:
- name: Checkout
@ -100,3 +100,27 @@ jobs:
uses: ./analyze
with:
category: "/language:javascript"
analyze-actions:
runs-on: ubuntu-latest
strategy:
fail-fast: false
permissions:
contents: read
security-events: write
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Initialize CodeQL
uses: ./init
with:
languages: actions
config-file: ./.github/codeql/codeql-actions-config.yml
- name: Perform CodeQL Analysis
uses: ./analyze
with:
category: "/language:actions"

45
.github/workflows/debug-artifacts-failure.yml → .github/workflows/debug-artifacts-failure-safe.yml vendored
View file

@ -19,6 +19,14 @@ on:
workflow_dispatch: {}
jobs:
upload-artifacts:
strategy:
fail-fast: false
matrix:
version:
- stable-v2.20.3
- default
- linked
- nightly-latest
name: Upload debug artifacts after failure in analyze
continue-on-error: true
env:
@ -36,7 +44,7 @@ jobs:
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: linked
version: ${{ matrix.version }}
- uses: actions/setup-go@v5
with:
go-version: ^1.13.1
@ -70,22 +78,25 @@ jobs:
shell: bash
run: |
LANGUAGES="cpp csharp go java javascript python"
cd "./my-debug-artifacts"
echo "Artifacts from run:"
for language in $LANGUAGES; do
echo "- Checking $language"
if [[ ! -f "my-db-$language-partial.zip" ]] ; then
echo "Missing a partial database bundle for $language"
exit 1
fi
if [[ ! -d "log" ]] ; then
echo "Missing database initialization logs"
exit 1
fi
if [[ ! "$language" == "go" ]] && [[ ! -d "$language/log" ]] ; then
echo "Missing logs for $language"
exit 1
fi
for version in $VERSIONS; do
echo "Artifacts from version $version:"
pushd "./my-debug-artifacts-${version//./}"
for language in $LANGUAGES; do
echo "- Checking $language"
if [[ ! -f "my-db-$language-partial.zip" ]] ; then
echo "Missing a partial database bundle for $language"
exit 1
fi
if [[ ! -d "log" ]] ; then
echo "Missing database initialization logs"
exit 1
fi
if [[ ! "$language" == "go" ]] && [[ ! -d "$language/log" ]] ; then
echo "Missing logs for $language"
exit 1
fi
done
popd
done
env:
GO111MODULE: auto

8
.github/workflows/debug-artifacts.yml → .github/workflows/debug-artifacts-safe.yml vendored
View file

@ -22,11 +22,7 @@ jobs:
fail-fast: false
matrix:
version:
- stable-v2.15.5
- stable-v2.16.6
- stable-v2.17.6
- stable-v2.18.4
- stable-v2.19.4
- stable-v2.20.3
- default
- linked
- nightly-latest
@ -75,7 +71,7 @@ jobs:
- name: Check expected artifacts exist
shell: bash
run: |
VERSIONS="stable-v2.15.5 stable-v2.16.6 stable-v2.17.6 stable-v2.18.4 stable-v2.19.4 default linked nightly-latest"
VERSIONS="stable-v2.20.3 default linked nightly-latest"
LANGUAGES="cpp csharp go java javascript python"
for version in $VERSIONS; do
pushd "./my-debug-artifacts-${version//./}"

1
.github/workflows/post-release-mergeback.yml vendored
View file

@ -29,6 +29,7 @@ jobs:
permissions:
contents: write # needed to create tags and push commits
pull-requests: write
steps:
- name: Dump environment