robojerk/codeql-action

Run integration test PR checks nightly (#2222)

Browse source 
* Run integration test PR checks nightly

Scheduled for 5AM UTC. This will assist in catching bugs introduced with new runner images.

* Specify generated YAML indentations

For consistency with our non-autogenerated files and GitHub documentation, we should further indent items in lists (`sequence`).
This commit is contained in:
Angela P Wen 2024-04-04 10:30:18 -07:00 committed by GitHub
parent 5f535debfe
commit f421cda8e7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
50 changed files with 2986 additions and 2886 deletions
Download patch file Download diff file Expand all files Collapse all files

88
.github/workflows/__all-platform-bundle.yml generated vendored
View file

@ -11,22 +11,24 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
all-platform-bundle: all-platform-bundle:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: All-platform bundle name: All-platform bundle
permissions: permissions:
contents: read contents: read
@ -34,44 +36,44 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'true' use-all-platform-bundle: 'true'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- id: init - id: init
uses: ./../action/init uses: ./../action/init
with: with:
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/.github/actions/setup-swift - uses: ./../action/.github/actions/setup-swift
with: with:
codeql-path: ${{ steps.init.outputs.codeql-path }} codeql-path: ${{ steps.init.outputs.codeql-path }}
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
upload-database: false upload-database: false
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

98
.github/workflows/__analyze-ref-input.yml generated vendored
View file

@ -11,26 +11,28 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
analyze-ref-input: analyze-ref-input:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
name: "Analyze: 'ref' and 'sha' from inputs" name: "Analyze: 'ref' and 'sha' from inputs"
permissions: permissions:
contents: read contents: read
@ -38,45 +40,45 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
with: with:
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
languages: cpp,csharp,java,javascript,python languages: cpp,csharp,java,javascript,python
config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
github.sha }} github.sha }}
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
upload-database: false upload-database: false
ref: refs/heads/main ref: refs/heads/main
sha: 5e235361806c361d4d3f8859e3c897658025a9a2 sha: 5e235361806c361d4d3f8859e3c897658025a9a2
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

116
.github/workflows/__autobuild-action.yml generated vendored
View file

@ -11,26 +11,28 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
autobuild-action: autobuild-action:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: windows-latest - os: windows-latest
version: latest version: latest
name: autobuild-action name: autobuild-action
permissions: permissions:
contents: read contents: read
@ -38,55 +40,55 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: csharp languages: csharp
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/autobuild - uses: ./../action/autobuild
env: env:
# Explicitly disable the CLR tracer. # Explicitly disable the CLR tracer.
COR_ENABLE_PROFILING: '' COR_ENABLE_PROFILING: ''
COR_PROFILER: '' COR_PROFILER: ''
COR_PROFILER_PATH_64: '' COR_PROFILER_PATH_64: ''
CORECLR_ENABLE_PROFILING: '' CORECLR_ENABLE_PROFILING: ''
CORECLR_PROFILER: '' CORECLR_PROFILER: ''
CORECLR_PROFILER_PATH_64: '' CORECLR_PROFILER_PATH_64: ''
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
upload-database: false upload-database: false
- name: Check database - name: Check database
shell: bash shell: bash
run: | run: |
cd "$RUNNER_TEMP/codeql_databases" cd "$RUNNER_TEMP/codeql_databases"
if [[ ! -d csharp ]]; then if [[ ! -d csharp ]]; then
echo "Did not find a C# database" echo "Did not find a C# database"
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

104
.github/workflows/__build-mode-autobuild.yml generated vendored
View file

@ -11,22 +11,24 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
build-mode-autobuild: build-mode-autobuild:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Build mode autobuild name: Build mode autobuild
permissions: permissions:
contents: read contents: read
@ -34,55 +36,55 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Set up Java test repo configuration - name: Set up Java test repo configuration
run: | run: |
mv * .github ../action/tests/multi-language-repo/ mv * .github ../action/tests/multi-language-repo/
mv ../action/tests/multi-language-repo/.github/workflows .github mv ../action/tests/multi-language-repo/.github/workflows .github
mv ../action/tests/java-repo/* . mv ../action/tests/java-repo/* .
- uses: ./../action/init - uses: ./../action/init
id: init id: init
with: with:
build-mode: autobuild build-mode: autobuild
db-location: ${{ runner.temp }}/customDbLocation db-location: ${{ runner.temp }}/customDbLocation
languages: java languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Validate database build mode - name: Validate database build mode
run: | run: |
metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
build_mode=$(yq eval '.buildMode' "$metadata_path") build_mode=$(yq eval '.buildMode' "$metadata_path")
if [[ "$build_mode" != "autobuild" ]]; then if [[ "$build_mode" != "autobuild" ]]; then
echo "Expected build mode to be 'autobuild' but was $build_mode" echo "Expected build mode to be 'autobuild' but was $build_mode"
exit 1 exit 1
fi fi
- uses: ./../action/analyze - uses: ./../action/analyze
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

106
.github/workflows/__build-mode-manual.yml generated vendored
View file

@ -11,22 +11,24 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
build-mode-manual: build-mode-manual:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Build mode manual name: Build mode manual
permissions: permissions:
contents: read contents: read
@ -34,57 +36,57 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
id: init id: init
with: with:
build-mode: manual build-mode: manual
db-location: ${{ runner.temp }}/customDbLocation db-location: ${{ runner.temp }}/customDbLocation
languages: java languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Validate database build mode - name: Validate database build mode
run: | run: |
metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
build_mode=$(yq eval '.buildMode' "$metadata_path") build_mode=$(yq eval '.buildMode' "$metadata_path")
if [[ "$build_mode" != "manual" ]]; then if [[ "$build_mode" != "manual" ]]; then
echo "Expected build mode to be 'manual' but was $build_mode" echo "Expected build mode to be 'manual' but was $build_mode"
exit 1 exit 1
fi fi
- uses: ./../action/.github/actions/setup-swift - uses: ./../action/.github/actions/setup-swift
with: with:
codeql-path: ${{ steps.init.outputs.codeql-path }} codeql-path: ${{ steps.init.outputs.codeql-path }}
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

102
.github/workflows/__build-mode-none.yml generated vendored
View file

@ -11,24 +11,26 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
build-mode-none: build-mode-none:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Build mode none name: Build mode none
permissions: permissions:
contents: read contents: read
@ -36,53 +38,53 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
id: init id: init
with: with:
build-mode: none build-mode: none
db-location: ${{ runner.temp }}/customDbLocation db-location: ${{ runner.temp }}/customDbLocation
languages: java languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Validate database build mode - name: Validate database build mode
run: | run: |
metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
build_mode=$(yq eval '.buildMode' "$metadata_path") build_mode=$(yq eval '.buildMode' "$metadata_path")
if [[ "$build_mode" != "none" ]]; then if [[ "$build_mode" != "none" ]]; then
echo "Expected build mode to be 'none' but was $build_mode" echo "Expected build mode to be 'none' but was $build_mode"
exit 1 exit 1
fi fi
# The latest nightly supports omitting the autobuild Action when the build mode is specified. # The latest nightly supports omitting the autobuild Action when the build mode is specified.
- uses: ./../action/autobuild - uses: ./../action/autobuild
if: matrix.version != 'nightly-latest' if: matrix.version != 'nightly-latest'
- uses: ./../action/analyze - uses: ./../action/analyze
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

104
.github/workflows/__build-mode-rollback.yml generated vendored
View file

@ -11,22 +11,24 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
build-mode-rollback: build-mode-rollback:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Build mode rollback name: Build mode rollback
permissions: permissions:
contents: read contents: read
@ -34,56 +36,56 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Set up Java test repo configuration - name: Set up Java test repo configuration
run: | run: |
mv * .github ../action/tests/multi-language-repo/ mv * .github ../action/tests/multi-language-repo/
mv ../action/tests/multi-language-repo/.github/workflows .github mv ../action/tests/multi-language-repo/.github/workflows .github
mv ../action/tests/java-repo/* . mv ../action/tests/java-repo/* .
- uses: ./../action/init - uses: ./../action/init
id: init id: init
with: with:
build-mode: none build-mode: none
db-location: ${{ runner.temp }}/customDbLocation db-location: ${{ runner.temp }}/customDbLocation
languages: java languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Validate database build mode - name: Validate database build mode
run: | run: |
metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
build_mode=$(yq eval '.buildMode' "$metadata_path") build_mode=$(yq eval '.buildMode' "$metadata_path")
if [[ "$build_mode" != "autobuild" ]]; then if [[ "$build_mode" != "autobuild" ]]; then
echo "Expected build mode to be 'autobuild' but was $build_mode" echo "Expected build mode to be 'autobuild' but was $build_mode"
exit 1 exit 1
fi fi
- uses: ./../action/analyze - uses: ./../action/analyze
env: env:
CODEQL_ACTION_DISABLE_JAVA_BUILDLESS: true CODEQL_ACTION_DISABLE_JAVA_BUILDLESS: true
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

160
.github/workflows/__config-export.yml generated vendored
View file

@ -11,32 +11,34 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
config-export: config-export:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: windows-latest - os: windows-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: Config export name: Config export
permissions: permissions:
contents: read contents: read
@ -44,72 +46,72 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: javascript languages: javascript
queries: security-extended queries: security-extended
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
output: ${{ runner.temp }}/results output: ${{ runner.temp }}/results
upload-database: false upload-database: false
- name: Upload SARIF - name: Upload SARIF
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
with: with:
name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
path: ${{ runner.temp }}/results/javascript.sarif path: ${{ runner.temp }}/results/javascript.sarif
retention-days: 7 retention-days: 7
- name: Check config properties appear in SARIF - name: Check config properties appear in SARIF
uses: actions/github-script@v7 uses: actions/github-script@v7
env: env:
SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
with: with:
script: | script: |
const fs = require('fs'); const fs = require('fs');
const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
const run = sarif.runs[0]; const run = sarif.runs[0];
const configSummary = run.properties.codeqlConfigSummary; const configSummary = run.properties.codeqlConfigSummary;
if (configSummary === undefined) { if (configSummary === undefined) {
core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.'); core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
} }
if (configSummary.disableDefaultQueries !== false) { if (configSummary.disableDefaultQueries !== false) {
core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' + core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
`${JSON.stringify(configSummary.disableDefaultQueries)}.`); `${JSON.stringify(configSummary.disableDefaultQueries)}.`);
} }
const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }]; const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }];
// Use JSON.stringify to deep-equal the arrays. // Use JSON.stringify to deep-equal the arrays.
if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) { if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` + core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
`${JSON.stringify(configSummary.queries)}.`); `${JSON.stringify(configSummary.queries)}.`);
} }
core.info('Finished config export tests.'); core.info('Finished config export tests.');
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

112
.github/workflows/__config-input.yml generated vendored
View file

@ -11,22 +11,24 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
config-input: config-input:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
name: Config input name: Config input
permissions: permissions:
contents: read contents: read
@ -34,59 +36,59 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Copy queries into workspace - name: Copy queries into workspace
run: | run: |
cp -a ../action/queries . cp -a ../action/queries .
- uses: ./../action/init - uses: ./../action/init
with: with:
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
languages: javascript languages: javascript
build-mode: none build-mode: none
config: | config: |
disable-default-queries: true disable-default-queries: true
queries: queries:
- name: Run custom query - name: Run custom query
uses: ./queries/default-setup-environment-variables.ql uses: ./queries/default-setup-environment-variables.ql
paths-ignore: paths-ignore:
- tests - tests
- lib - lib
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
output: ${{ runner.temp }}/results output: ${{ runner.temp }}/results
- name: Check SARIF - name: Check SARIF
uses: ./../action/.github/actions/check-sarif uses: ./../action/.github/actions/check-sarif
with: with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: javascript/codeql-action/default-setup-env-vars queries-run: javascript/codeql-action/default-setup-env-vars
queries-not-run: javascript/codeql-action/default-setup-context-properties queries-not-run: javascript/codeql-action/default-setup-context-properties
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

108
.github/workflows/__cpp-deptrace-disabled.yml generated vendored
View file

@ -11,26 +11,28 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
cpp-deptrace-disabled: cpp-deptrace-disabled:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: 'C/C++: disabling autoinstalling dependencies (Linux)' name: 'C/C++: disabling autoinstalling dependencies (Linux)'
permissions: permissions:
contents: read contents: read
@ -38,51 +40,51 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Test setup - name: Test setup
shell: bash shell: bash
run: | run: |
cp -a ../action/tests/cpp-autobuild autobuild-dir cp -a ../action/tests/cpp-autobuild autobuild-dir
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: cpp languages: cpp
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/autobuild - uses: ./../action/autobuild
with: with:
working-directory: autobuild-dir working-directory: autobuild-dir
env: env:
CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false
- shell: bash - shell: bash
run: | run: |
if ls /usr/bin/errno; then if ls /usr/bin/errno; then
echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled." echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled."
exit 1 exit 1
fi fi
env: env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

104
.github/workflows/__cpp-deptrace-enabled-on-macos.yml generated vendored
View file

@ -11,22 +11,24 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
cpp-deptrace-enabled-on-macos: cpp-deptrace-enabled-on-macos:
strategy: strategy:
matrix: matrix:
include: include:
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: 'C/C++: autoinstalling dependencies is skipped (macOS)' name: 'C/C++: autoinstalling dependencies is skipped (macOS)'
permissions: permissions:
contents: read contents: read
@ -34,53 +36,53 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Test setup - name: Test setup
shell: bash shell: bash
run: | run: |
cp -a ../action/tests/cpp-autobuild autobuild-dir cp -a ../action/tests/cpp-autobuild autobuild-dir
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: cpp languages: cpp
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/autobuild - uses: ./../action/autobuild
with: with:
working-directory: autobuild-dir working-directory: autobuild-dir
env: env:
CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true
- shell: bash - shell: bash
run: | run: |
if ! ls /usr/bin/errno; then if ! ls /usr/bin/errno; then
echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS" echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS"
else else
echo "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES should not have had any effect on macOS" echo "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES should not have had any effect on macOS"
exit 1 exit 1
fi fi
env: env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

108
.github/workflows/__cpp-deptrace-enabled.yml generated vendored
View file

@ -11,26 +11,28 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
cpp-deptrace-enabled: cpp-deptrace-enabled:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: 'C/C++: autoinstalling dependencies (Linux)' name: 'C/C++: autoinstalling dependencies (Linux)'
permissions: permissions:
contents: read contents: read
@ -38,51 +40,51 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Test setup - name: Test setup
shell: bash shell: bash
run: | run: |
cp -a ../action/tests/cpp-autobuild autobuild-dir cp -a ../action/tests/cpp-autobuild autobuild-dir
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: cpp languages: cpp
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/autobuild - uses: ./../action/autobuild
with: with:
working-directory: autobuild-dir working-directory: autobuild-dir
env: env:
CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true
- shell: bash - shell: bash
run: | run: |
if ! ls /usr/bin/errno; then if ! ls /usr/bin/errno; then
echo "Did not autoinstall errno" echo "Did not autoinstall errno"
exit 1 exit 1
fi fi
env: env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

244
.github/workflows/__diagnostics-export.yml generated vendored
View file

@ -11,38 +11,40 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
diagnostics-export: diagnostics-export:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20230317 version: stable-20230317
- os: macos-latest - os: macos-latest
version: stable-20230317 version: stable-20230317
- os: windows-latest - os: windows-latest
version: stable-20230317 version: stable-20230317
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: windows-latest - os: windows-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: Diagnostic export name: Diagnostic export
permissions: permissions:
contents: read contents: read
@ -50,113 +52,113 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
id: init id: init
with: with:
languages: javascript languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Add test diagnostics - name: Add test diagnostics
shell: bash shell: bash
env: env:
CODEQL_PATH: ${{ steps.init.outputs.codeql-path }} CODEQL_PATH: ${{ steps.init.outputs.codeql-path }}
run: | run: |
for i in {1..2}; do for i in {1..2}; do
# Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.5 that # Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.5 that
# produces an invalid diagnostic with multiple identical location objects. # produces an invalid diagnostic with multiple identical location objects.
"$CODEQL_PATH" database add-diagnostic \ "$CODEQL_PATH" database add-diagnostic \
"$RUNNER_TEMP/codeql_databases/javascript" \ "$RUNNER_TEMP/codeql_databases/javascript" \
--file-path /path/to/file \ --file-path /path/to/file \
--plaintext-message "Plaintext message $i" \ --plaintext-message "Plaintext message $i" \
--source-id "lang/diagnostics/example" \ --source-id "lang/diagnostics/example" \
--source-name "Diagnostic name" \ --source-name "Diagnostic name" \
--ready-for-status-page --ready-for-status-page
done done
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
output: ${{ runner.temp }}/results output: ${{ runner.temp }}/results
upload-database: false upload-database: false
- name: Upload SARIF - name: Upload SARIF
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
with: with:
name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
path: ${{ runner.temp }}/results/javascript.sarif path: ${{ runner.temp }}/results/javascript.sarif
retention-days: 7 retention-days: 7
- name: Check diagnostics appear in SARIF - name: Check diagnostics appear in SARIF
uses: actions/github-script@v7 uses: actions/github-script@v7
env: env:
SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
with: with:
script: | script: |
const fs = require('fs'); const fs = require('fs');
function checkStatusPageNotification(n) { function checkStatusPageNotification(n) {
const expectedMessage = 'Plaintext message 1\n\nCodeQL also found 1 other diagnostic like this. See the workflow log for details.'; const expectedMessage = 'Plaintext message 1\n\nCodeQL also found 1 other diagnostic like this. See the workflow log for details.';
if (n.message.text !== expectedMessage) { if (n.message.text !== expectedMessage) {
core.setFailed(`Expected the status page diagnostic to have the message '${expectedMessage}', but found '${n.message.text}'.`); core.setFailed(`Expected the status page diagnostic to have the message '${expectedMessage}', but found '${n.message.text}'.`);
}
if (n.locations.length !== 1) {
core.setFailed(`Expected the status page diagnostic to have exactly 1 location, but found ${n.locations.length}.`);
}
} }
if (n.locations.length !== 1) {
core.setFailed(`Expected the status page diagnostic to have exactly 1 location, but found ${n.locations.length}.`); const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
const run = sarif.runs[0];
const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
const statusPageNotifications = toolExecutionNotifications.filter(n =>
n.descriptor.id === 'lang/diagnostics/example' && n.properties?.visibility?.statusPage
);
if (statusPageNotifications.length !== 1) {
core.setFailed(
'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
`'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
`${statusPageNotifications.length}. All notification reporting descriptors: ` +
`${JSON.stringify(toolExecutionNotifications)}.`
);
} }
} checkStatusPageNotification(statusPageNotifications[0]);
const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); const notifications = run.tool.driver.notifications;
const run = sarif.runs[0]; const diagnosticNotification = notifications.filter(n =>
n.id === 'lang/diagnostics/example' && n.name === 'lang/diagnostics/example' &&
const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications; n.fullDescription.text === 'Diagnostic name'
const statusPageNotifications = toolExecutionNotifications.filter(n =>
n.descriptor.id === 'lang/diagnostics/example' && n.properties?.visibility?.statusPage
);
if (statusPageNotifications.length !== 1) {
core.setFailed(
'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
`'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
`${statusPageNotifications.length}. All notification reporting descriptors: ` +
`${JSON.stringify(toolExecutionNotifications)}.`
); );
} if (diagnosticNotification.length !== 1) {
checkStatusPageNotification(statusPageNotifications[0]); core.setFailed(
'Expected exactly one notification for this diagnostic in the ' +
`'runs[].tool.driver.notifications[]' SARIF property, but found ` +
`${diagnosticNotification.length}. All notifications: ` +
`${JSON.stringify(notifications)}.`
);
}
const notifications = run.tool.driver.notifications; core.info('Finished diagnostic export test');
const diagnosticNotification = notifications.filter(n =>
n.id === 'lang/diagnostics/example' && n.name === 'lang/diagnostics/example' &&
n.fullDescription.text === 'Diagnostic name'
);
if (diagnosticNotification.length !== 1) {
core.setFailed(
'Expected exactly one notification for this diagnostic in the ' +
`'runs[].tool.driver.notifications[]' SARIF property, but found ` +
`${diagnosticNotification.length}. All notifications: ` +
`${JSON.stringify(notifications)}.`
);
}
core.info('Finished diagnostic export test');
env: env:
CODEQL_ACTION_EXPORT_DIAGNOSTICS: true CODEQL_ACTION_EXPORT_DIAGNOSTICS: true
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

148
.github/workflows/__export-file-baseline-information.yml generated vendored
View file

@ -11,26 +11,28 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
export-file-baseline-information: export-file-baseline-information:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: Export file baseline information name: Export file baseline information
permissions: permissions:
contents: read contents: read
@ -38,72 +40,72 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
id: init id: init
with: with:
languages: javascript languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/.github/actions/setup-swift - uses: ./../action/.github/actions/setup-swift
with: with:
codeql-path: ${{ steps.init.outputs.codeql-path }} codeql-path: ${{ steps.init.outputs.codeql-path }}
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
output: ${{ runner.temp }}/results output: ${{ runner.temp }}/results
- name: Upload SARIF - name: Upload SARIF
uses: actions/upload-artifact@v3 uses: actions/upload-artifact@v3
with: with:
name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json
path: ${{ runner.temp }}/results/javascript.sarif path: ${{ runner.temp }}/results/javascript.sarif
retention-days: 7 retention-days: 7
- name: Check results - name: Check results
shell: bash shell: bash
run: | run: |
cd "$RUNNER_TEMP/results" cd "$RUNNER_TEMP/results"
expected_baseline_languages="c csharp go java kotlin javascript python ruby" expected_baseline_languages="c csharp go java kotlin javascript python ruby"
if [[ $RUNNER_OS != "Windows" ]]; then if [[ $RUNNER_OS != "Windows" ]]; then
expected_baseline_languages+=" swift" expected_baseline_languages+=" swift"
fi
for lang in ${expected_baseline_languages}; do
rule_name="cli/expected-extracted-files/${lang}"
found_notification=$(jq --arg rule_name "${rule_name}" '[.runs[0].tool.driver.notifications |
select(. != null) | flatten | .[].id] | any(. == $rule_name)' javascript.sarif)
if [[ "${found_notification}" != "true" ]]; then
echo "Expected SARIF output to contain notification '${rule_name}', but found no such notification."
exit 1
else
echo "Found notification '${rule_name}'."
fi fi
done
for lang in ${expected_baseline_languages}; do
rule_name="cli/expected-extracted-files/${lang}"
found_notification=$(jq --arg rule_name "${rule_name}" '[.runs[0].tool.driver.notifications |
select(. != null) | flatten | .[].id] | any(. == $rule_name)' javascript.sarif)
if [[ "${found_notification}" != "true" ]]; then
echo "Expected SARIF output to contain notification '${rule_name}', but found no such notification."
exit 1
else
echo "Found notification '${rule_name}'."
fi
done
env: env:
CODEQL_ACTION_SUBLANGUAGE_FILE_COVERAGE: true CODEQL_ACTION_SUBLANGUAGE_FILE_COVERAGE: true
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

110
.github/workflows/__extractor-ram-threads.yml generated vendored
View file

@ -11,22 +11,24 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
extractor-ram-threads: extractor-ram-threads:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
name: Extractor ram and threads options test name: Extractor ram and threads options test
permissions: permissions:
contents: read contents: read
@ -34,55 +36,55 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: java languages: java
ram: 230 ram: 230
threads: 1 threads: 1
- name: Assert Results - name: Assert Results
shell: bash shell: bash
run: | run: |
if [ "${CODEQL_RAM}" != "230" ]; then if [ "${CODEQL_RAM}" != "230" ]; then
echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230" echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230"
exit 1 exit 1
fi fi
if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then
echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230" echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230"
exit 1 exit 1
fi fi
if [ "${CODEQL_THREADS}" != "1" ]; then if [ "${CODEQL_THREADS}" != "1" ]; then
echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1" echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1"
exit 1 exit 1
fi fi
if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then
echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1" echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1"
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

164
.github/workflows/__go-custom-queries.yml generated vendored
View file

@ -11,62 +11,64 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
go-custom-queries: go-custom-queries:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20221211 version: stable-20221211
- os: macos-latest - os: macos-latest
version: stable-20221211 version: stable-20221211
- os: windows-latest - os: windows-latest
version: stable-20221211 version: stable-20221211
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20230418 version: stable-20230418
- os: macos-latest - os: macos-latest
version: stable-20230418 version: stable-20230418
- os: windows-latest - os: windows-latest
version: stable-20230418 version: stable-20230418
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.13.5 version: stable-v2.13.5
- os: macos-latest - os: macos-latest
version: stable-v2.13.5 version: stable-v2.13.5
- os: windows-latest - os: windows-latest
version: stable-v2.13.5 version: stable-v2.13.5
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.14.6 version: stable-v2.14.6
- os: macos-latest - os: macos-latest
version: stable-v2.14.6 version: stable-v2.14.6
- os: windows-latest - os: windows-latest
version: stable-v2.14.6 version: stable-v2.14.6
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: windows-latest - os: windows-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: 'Go: Custom queries' name: 'Go: Custom queries'
permissions: permissions:
contents: read contents: read
@ -74,43 +76,43 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: go languages: go
config-file: ./.github/codeql/custom-queries.yml config-file: ./.github/codeql/custom-queries.yml
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
upload-database: false upload-database: false
env: env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

136
.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml generated vendored
View file

@ -11,22 +11,24 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
go-indirect-tracing-workaround-diagnostic: go-indirect-tracing-workaround-diagnostic:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.14.6 version: stable-v2.14.6
name: 'Go: diagnostic when Go is changed after init step' name: 'Go: diagnostic when Go is changed after init step'
permissions: permissions:
contents: read contents: read
@ -34,73 +36,73 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/setup-go@v5 - uses: actions/setup-go@v5
with: with:
# We need a Go version that ships with statically linked binaries on Linux # We need a Go version that ships with statically linked binaries on Linux
go-version: '>=1.21.0' go-version: '>=1.21.0'
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: go languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
# Deliberately change Go after the `init` step # Deliberately change Go after the `init` step
- uses: actions/setup-go@v5 - uses: actions/setup-go@v5
with: with:
go-version: '1.20' go-version: '1.20'
- name: Build code - name: Build code
shell: bash shell: bash
run: go build main.go run: go build main.go
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
output: ${{ runner.temp }}/results output: ${{ runner.temp }}/results
upload-database: false upload-database: false
- name: Check diagnostic appears in SARIF - name: Check diagnostic appears in SARIF
uses: actions/github-script@v7 uses: actions/github-script@v7
env: env:
SARIF_PATH: ${{ runner.temp }}/results/go.sarif SARIF_PATH: ${{ runner.temp }}/results/go.sarif
with: with:
script: | script: |
const fs = require('fs'); const fs = require('fs');
const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
const run = sarif.runs[0]; const run = sarif.runs[0];
const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications; const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
const statusPageNotifications = toolExecutionNotifications.filter(n => const statusPageNotifications = toolExecutionNotifications.filter(n =>
n.descriptor.id === 'go/workflow/go-installed-after-codeql-init' && n.properties?.visibility?.statusPage n.descriptor.id === 'go/workflow/go-installed-after-codeql-init' && n.properties?.visibility?.statusPage
);
if (statusPageNotifications.length !== 1) {
core.setFailed(
'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
`'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
`${statusPageNotifications.length}. All notification reporting descriptors: ` +
`${JSON.stringify(toolExecutionNotifications)}.`
); );
} if (statusPageNotifications.length !== 1) {
core.setFailed(
'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
`'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
`${statusPageNotifications.length}. All notification reporting descriptors: ` +
`${JSON.stringify(toolExecutionNotifications)}.`
);
}
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

136
.github/workflows/__go-indirect-tracing-workaround.yml generated vendored
View file

@ -11,22 +11,24 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
go-indirect-tracing-workaround: go-indirect-tracing-workaround:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.14.6 version: stable-v2.14.6
name: 'Go: workaround for indirect tracing' name: 'Go: workaround for indirect tracing'
permissions: permissions:
contents: read contents: read
@ -34,71 +36,71 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/setup-go@v5 - uses: actions/setup-go@v5
with: with:
# We need a Go version that ships with statically linked binaries on Linux # We need a Go version that ships with statically linked binaries on Linux
go-version: '>=1.21.0' go-version: '>=1.21.0'
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: go languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code - name: Build code
shell: bash shell: bash
run: go build main.go run: go build main.go
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
upload-database: false upload-database: false
- shell: bash - shell: bash
run: | run: |
if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then
echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \ echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \
"CODEQL_ACTION_GO_BINARY environment variable is not set." "CODEQL_ACTION_GO_BINARY environment variable is not set."
exit 1 exit 1
fi fi
if [[ ! -f "${CODEQL_ACTION_GO_BINARY}" ]]; then if [[ ! -f "${CODEQL_ACTION_GO_BINARY}" ]]; then
echo "CODEQL_ACTION_GO_BINARY is set, but the corresponding script does not exist." echo "CODEQL_ACTION_GO_BINARY is set, but the corresponding script does not exist."
exit 1 exit 1
fi fi
# Once we start running Bash 4.2 in all environments, we can replace the # Once we start running Bash 4.2 in all environments, we can replace the
# `! -z` flag with the more elegant `-v` which confirms that the variable # `! -z` flag with the more elegant `-v` which confirms that the variable
# is actually unset and not potentially set to a blank value. # is actually unset and not potentially set to a blank value.
if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then
echo "Expected the Go autobuilder not to be run, but the" \ echo "Expected the Go autobuilder not to be run, but the" \
"CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set." "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set."
exit 1 exit 1
fi fi
cd "$RUNNER_TEMP/codeql_databases" cd "$RUNNER_TEMP/codeql_databases"
if [[ ! -d go ]]; then if [[ ! -d go ]]; then
echo "Did not find a Go database" echo "Did not find a Go database"
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

162
.github/workflows/__go-tracing-autobuilder.yml generated vendored
View file

@ -11,48 +11,50 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
go-tracing-autobuilder: go-tracing-autobuilder:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20221211 version: stable-20221211
- os: macos-latest - os: macos-latest
version: stable-20221211 version: stable-20221211
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20230418 version: stable-20230418
- os: macos-latest - os: macos-latest
version: stable-20230418 version: stable-20230418
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.13.5 version: stable-v2.13.5
- os: macos-latest - os: macos-latest
version: stable-v2.13.5 version: stable-v2.13.5
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.14.6 version: stable-v2.14.6
- os: macos-latest - os: macos-latest
version: stable-v2.14.6 version: stable-v2.14.6
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: 'Go: tracing with autobuilder step' name: 'Go: tracing with autobuilder step'
permissions: permissions:
contents: read contents: read
@ -60,58 +62,58 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/setup-go@v5 - uses: actions/setup-go@v5
with: with:
go-version: ~1.22.0 go-version: ~1.22.0
# to avoid potentially misleading autobuilder results where we expect it to download # to avoid potentially misleading autobuilder results where we expect it to download
# dependencies successfully, but they actually come from a warm cache # dependencies successfully, but they actually come from a warm cache
cache: false cache: false
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: go languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/autobuild - uses: ./../action/autobuild
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
upload-database: false upload-database: false
- shell: bash - shell: bash
run: | run: |
if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then
echo "Expected the Go autobuilder to be run, but the" \ echo "Expected the Go autobuilder to be run, but the" \
"CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was not true." "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was not true."
exit 1 exit 1
fi fi
cd "$RUNNER_TEMP/codeql_databases" cd "$RUNNER_TEMP/codeql_databases"
if [[ ! -d go ]]; then if [[ ! -d go ]]; then
echo "Did not find a Go database" echo "Did not find a Go database"
exit 1 exit 1
fi fi
env: env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

172
.github/workflows/__go-tracing-custom-build-steps.yml generated vendored
View file

@ -11,48 +11,50 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
go-tracing-custom-build-steps: go-tracing-custom-build-steps:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20221211 version: stable-20221211
- os: macos-latest - os: macos-latest
version: stable-20221211 version: stable-20221211
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20230418 version: stable-20230418
- os: macos-latest - os: macos-latest
version: stable-20230418 version: stable-20230418
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.13.5 version: stable-v2.13.5
- os: macos-latest - os: macos-latest
version: stable-v2.13.5 version: stable-v2.13.5
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.14.6 version: stable-v2.14.6
- os: macos-latest - os: macos-latest
version: stable-v2.14.6 version: stable-v2.14.6
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: 'Go: tracing with custom build steps' name: 'Go: tracing with custom build steps'
permissions: permissions:
contents: read contents: read
@ -60,62 +62,62 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/setup-go@v5 - uses: actions/setup-go@v5
with: with:
go-version: ~1.22.0 go-version: ~1.22.0
# to avoid potentially misleading autobuilder results where we expect it to download # to avoid potentially misleading autobuilder results where we expect it to download
# dependencies successfully, but they actually come from a warm cache # dependencies successfully, but they actually come from a warm cache
cache: false cache: false
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: go languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code - name: Build code
shell: bash shell: bash
run: go build main.go run: go build main.go
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
upload-database: false upload-database: false
- shell: bash - shell: bash
run: | run: |
# Once we start running Bash 4.2 in all environments, we can replace the # Once we start running Bash 4.2 in all environments, we can replace the
# `! -z` flag with the more elegant `-v` which confirms that the variable # `! -z` flag with the more elegant `-v` which confirms that the variable
# is actually unset and not potentially set to a blank value. # is actually unset and not potentially set to a blank value.
if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then
echo "Expected the Go autobuilder not to be run, but the" \ echo "Expected the Go autobuilder not to be run, but the" \
"CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set." "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set."
exit 1 exit 1
fi fi
cd "$RUNNER_TEMP/codeql_databases" cd "$RUNNER_TEMP/codeql_databases"
if [[ ! -d go ]]; then if [[ ! -d go ]]; then
echo "Did not find a Go database" echo "Did not find a Go database"
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

150
.github/workflows/__go-tracing-legacy-workflow.yml generated vendored
View file

@ -11,48 +11,50 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
go-tracing-legacy-workflow: go-tracing-legacy-workflow:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20221211 version: stable-20221211
- os: macos-latest - os: macos-latest
version: stable-20221211 version: stable-20221211
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20230418 version: stable-20230418
- os: macos-latest - os: macos-latest
version: stable-20230418 version: stable-20230418
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.13.5 version: stable-v2.13.5
- os: macos-latest - os: macos-latest
version: stable-v2.13.5 version: stable-v2.13.5
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.14.6 version: stable-v2.14.6
- os: macos-latest - os: macos-latest
version: stable-v2.14.6 version: stable-v2.14.6
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: 'Go: tracing with legacy workflow' name: 'Go: tracing with legacy workflow'
permissions: permissions:
contents: read contents: read
@ -60,52 +62,52 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/setup-go@v5 - uses: actions/setup-go@v5
with: with:
go-version: ~1.22.0 go-version: ~1.22.0
# to avoid potentially misleading autobuilder results where we expect it to download # to avoid potentially misleading autobuilder results where we expect it to download
# dependencies successfully, but they actually come from a warm cache # dependencies successfully, but they actually come from a warm cache
cache: false cache: false
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: go languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
upload-database: false upload-database: false
- shell: bash - shell: bash
run: | run: |
cd "$RUNNER_TEMP/codeql_databases" cd "$RUNNER_TEMP/codeql_databases"
if [[ ! -d go ]]; then if [[ ! -d go ]]; then
echo "Did not find a Go database" echo "Did not find a Go database"
exit 1 exit 1
fi fi
env: env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

208
.github/workflows/__init-with-registries.yml generated vendored
View file

@ -11,38 +11,40 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
init-with-registries: init-with-registries:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: windows-latest - os: windows-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: 'Packaging: Download using registries' name: 'Packaging: Download using registries'
permissions: permissions:
contents: read contents: read
@ -51,94 +53,94 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Init with registries - name: Init with registries
uses: ./../action/init uses: ./../action/init
with: with:
db-location: ${{ runner.temp }}/customDbLocation db-location: ${{ runner.temp }}/customDbLocation
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
config-file: ./.github/codeql/codeql-config-registries.yml config-file: ./.github/codeql/codeql-config-registries.yml
languages: javascript languages: javascript
registries: | registries: |
- url: "https://ghcr.io/v2/" - url: "https://ghcr.io/v2/"
packages: "*/*" packages: "*/*"
token: "${{ secrets.GITHUB_TOKEN }}" token: "${{ secrets.GITHUB_TOKEN }}"
- name: Verify packages installed - name: Verify packages installed
shell: bash shell: bash
run: | run: |
PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack" PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack"
CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1" CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1"
if [[ -d $PRIVATE_PACK ]] if [[ -d $PRIVATE_PACK ]]
then then
echo "$PRIVATE_PACK was installed." echo "$PRIVATE_PACK was installed."
else else
echo "::error $PRIVATE_PACK pack was not installed." echo "::error $PRIVATE_PACK pack was not installed."
exit 1 exit 1
fi fi
if [[ -d $CODEQL_PACK1 ]] if [[ -d $CODEQL_PACK1 ]]
then then
echo "$CODEQL_PACK1 was installed." echo "$CODEQL_PACK1 was installed."
else else
echo "::error $CODEQL_PACK1 pack was not installed." echo "::error $CODEQL_PACK1 pack was not installed."
exit 1 exit 1
fi fi
- name: Verify qlconfig.yml file was created - name: Verify qlconfig.yml file was created
shell: bash shell: bash
run: | run: |
QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml
echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH" echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH"
if [[ -f $QLCONFIG_PATH ]] if [[ -f $QLCONFIG_PATH ]]
then then
echo "qlconfig.yml file was created." echo "qlconfig.yml file was created."
else else
echo "::error qlconfig.yml file was not created." echo "::error qlconfig.yml file was not created."
exit 1 exit 1
fi fi
- name: Verify contents of qlconfig.yml - name: Verify contents of qlconfig.yml
# yq is not available on windows # yq is not available on windows
if: runner.os != 'Windows' if: runner.os != 'Windows'
shell: bash shell: bash
run: | run: |
QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml
cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")' cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")'
if [[ $? -eq 0 ]] if [[ $? -eq 0 ]]
then then
echo "Registry was added to qlconfig.yml file." echo "Registry was added to qlconfig.yml file."
else else
echo "::error Registry was not added to qlconfig.yml file." echo "::error Registry was not added to qlconfig.yml file."
echo "Contents of qlconfig.yml file:" echo "Contents of qlconfig.yml file:"
cat $QLCONFIG_PATH cat $QLCONFIG_PATH
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

116
.github/workflows/__javascript-source-root.yml generated vendored
View file

@ -11,26 +11,28 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
javascript-source-root: javascript-source-root:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Custom source root name: Custom source root
permissions: permissions:
contents: read contents: read
@ -38,54 +40,54 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Move codeql-action - name: Move codeql-action
shell: bash shell: bash
run: | run: |
mkdir ../new-source-root mkdir ../new-source-root
mv * ../new-source-root mv * ../new-source-root
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: javascript languages: javascript
source-root: ../new-source-root source-root: ../new-source-root
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
upload-database: false upload-database: false
skip-queries: true skip-queries: true
upload: never upload: never
- name: Assert database exists - name: Assert database exists
shell: bash shell: bash
run: | run: |
cd "$RUNNER_TEMP/codeql_databases" cd "$RUNNER_TEMP/codeql_databases"
if [[ ! -d javascript ]]; then if [[ ! -d javascript ]]; then
echo "Did not find a JavaScript database" echo "Did not find a JavaScript database"
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

88
.github/workflows/__language-aliases.yml generated vendored
View file

@ -11,22 +11,24 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
language-aliases: language-aliases:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
name: Language aliases name: Language aliases
permissions: permissions:
contents: read contents: read
@ -34,46 +36,46 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: C#,java-kotlin,swift,typescript languages: C#,java-kotlin,swift,typescript
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Check languages - name: Check languages
run: | run: |
expected_languages="csharp,java,swift,javascript" expected_languages="csharp,java,swift,javascript"
actual_languages=$(jq -r '.languages | join(",")' "$RUNNER_TEMP"/config) actual_languages=$(jq -r '.languages | join(",")' "$RUNNER_TEMP"/config)
if [ "$expected_languages" != "$actual_languages" ]; then if [ "$expected_languages" != "$actual_languages" ]; then
echo "Resolved languages did not match expected list. " \ echo "Resolved languages did not match expected list. " \
"Expected languages: $expected_languages. Actual languages: $actual_languages." "Expected languages: $expected_languages. Actual languages: $actual_languages."
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

242
.github/workflows/__multi-language-autodetect.yml generated vendored
View file

@ -11,48 +11,50 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
multi-language-autodetect: multi-language-autodetect:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20221211 version: stable-20221211
- os: macos-latest - os: macos-latest
version: stable-20221211 version: stable-20221211
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20230418 version: stable-20230418
- os: macos-latest - os: macos-latest
version: stable-20230418 version: stable-20230418
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.13.5 version: stable-v2.13.5
- os: macos-latest - os: macos-latest
version: stable-v2.13.5 version: stable-v2.13.5
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.14.6 version: stable-v2.14.6
- os: macos-latest - os: macos-latest
version: stable-v2.14.6 version: stable-v2.14.6
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: Multi-language repository name: Multi-language repository
permissions: permissions:
contents: read contents: read
@ -60,100 +62,100 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
id: init id: init
with: with:
db-location: ${{ runner.temp }}/customDbLocation db-location: ${{ runner.temp }}/customDbLocation
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/.github/actions/setup-swift - uses: ./../action/.github/actions/setup-swift
with: with:
codeql-path: ${{ steps.init.outputs.codeql-path }} codeql-path: ${{ steps.init.outputs.codeql-path }}
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
id: analysis id: analysis
with: with:
upload-database: false upload-database: false
- name: Check language autodetect for all languages excluding Swift - name: Check language autodetect for all languages excluding Swift
shell: bash shell: bash
run: | run: |
CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }}
if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
echo "Did not create a database for CPP, or created it in the wrong location." echo "Did not create a database for CPP, or created it in the wrong location."
exit 1 exit 1
fi fi
CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }} CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }}
if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
echo "Did not create a database for C Sharp, or created it in the wrong location." echo "Did not create a database for C Sharp, or created it in the wrong location."
exit 1 exit 1
fi fi
GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }} GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }}
if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
echo "Did not create a database for Go, or created it in the wrong location." echo "Did not create a database for Go, or created it in the wrong location."
exit 1 exit 1
fi fi
JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }} JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }}
if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
echo "Did not create a database for Java, or created it in the wrong location." echo "Did not create a database for Java, or created it in the wrong location."
exit 1 exit 1
fi fi
JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }} JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }}
if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
echo "Did not create a database for Javascript, or created it in the wrong location." echo "Did not create a database for Javascript, or created it in the wrong location."
exit 1 exit 1
fi fi
PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }} PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }}
if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
echo "Did not create a database for Python, or created it in the wrong location." echo "Did not create a database for Python, or created it in the wrong location."
exit 1 exit 1
fi fi
RUBY_DB=${{ fromJson(steps.analysis.outputs.db-locations).ruby }} RUBY_DB=${{ fromJson(steps.analysis.outputs.db-locations).ruby }}
if [[ ! -d $RUBY_DB ]] || [[ ! $RUBY_DB == ${{ runner.temp }}/customDbLocation/* ]]; then if [[ ! -d $RUBY_DB ]] || [[ ! $RUBY_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
echo "Did not create a database for Ruby, or created it in the wrong location." echo "Did not create a database for Ruby, or created it in the wrong location."
exit 1 exit 1
fi fi
- name: Check language autodetect for Swift - name: Check language autodetect for Swift
if: >- if: >-
env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' || env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' ||
(runner.os != 'Windows' && matrix.version == 'nightly-latest') (runner.os != 'Windows' && matrix.version == 'nightly-latest')
shell: bash shell: bash
run: | run: |
SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }} SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }}
if [[ ! -d $SWIFT_DB ]] || [[ ! $SWIFT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then if [[ ! -d $SWIFT_DB ]] || [[ ! $SWIFT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
echo "Did not create a database for Swift, or created it in the wrong location." echo "Did not create a database for Swift, or created it in the wrong location."
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

160
.github/workflows/__packaging-codescanning-config-inputs-js.yml generated vendored
View file

@ -11,38 +11,40 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
packaging-codescanning-config-inputs-js: packaging-codescanning-config-inputs-js:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: windows-latest - os: windows-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: 'Packaging: Config and input passed to the CLI' name: 'Packaging: Config and input passed to the CLI'
permissions: permissions:
contents: read contents: read
@ -50,67 +52,67 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
with: with:
config-file: .github/codeql/codeql-config-packaging3.yml config-file: .github/codeql/codeql-config-packaging3.yml
packs: +codeql-testing/codeql-pack1@1.0.0 packs: +codeql-testing/codeql-pack1@1.0.0
languages: javascript languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
output: ${{ runner.temp }}/results output: ${{ runner.temp }}/results
upload-database: false upload-database: false
- name: Check results - name: Check results
uses: ./../action/.github/actions/check-sarif uses: ./../action/.github/actions/check-sarif
with: with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: queries-run:
javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
queries-not-run: foo,bar queries-not-run: foo,bar
- name: Assert Results - name: Assert Results
shell: bash shell: bash
run: | run: |
cd "$RUNNER_TEMP/results" cd "$RUNNER_TEMP/results"
# We should have 4 hits from these rules # We should have 4 hits from these rules
EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
# use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
echo "Found matching rules '$RULES'" echo "Found matching rules '$RULES'"
if [ "$RULES" != "$EXPECTED_RULES" ]; then if [ "$RULES" != "$EXPECTED_RULES" ]; then
echo "Did not match expected rules '$EXPECTED_RULES'." echo "Did not match expected rules '$EXPECTED_RULES'."
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

160
.github/workflows/__packaging-config-inputs-js.yml generated vendored
View file

@ -11,38 +11,40 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
packaging-config-inputs-js: packaging-config-inputs-js:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: windows-latest - os: windows-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: 'Packaging: Config and input' name: 'Packaging: Config and input'
permissions: permissions:
contents: read contents: read
@ -50,67 +52,67 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
with: with:
config-file: .github/codeql/codeql-config-packaging3.yml config-file: .github/codeql/codeql-config-packaging3.yml
packs: +codeql-testing/codeql-pack1@1.0.0 packs: +codeql-testing/codeql-pack1@1.0.0
languages: javascript languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
output: ${{ runner.temp }}/results output: ${{ runner.temp }}/results
upload-database: false upload-database: false
- name: Check results - name: Check results
uses: ./../action/.github/actions/check-sarif uses: ./../action/.github/actions/check-sarif
with: with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: queries-run:
javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
queries-not-run: foo,bar queries-not-run: foo,bar
- name: Assert Results - name: Assert Results
shell: bash shell: bash
run: | run: |
cd "$RUNNER_TEMP/results" cd "$RUNNER_TEMP/results"
# We should have 4 hits from these rules # We should have 4 hits from these rules
EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
# use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
echo "Found matching rules '$RULES'" echo "Found matching rules '$RULES'"
if [ "$RULES" != "$EXPECTED_RULES" ]; then if [ "$RULES" != "$EXPECTED_RULES" ]; then
echo "Did not match expected rules '$EXPECTED_RULES'." echo "Did not match expected rules '$EXPECTED_RULES'."
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

158
.github/workflows/__packaging-config-js.yml generated vendored
View file

@ -11,38 +11,40 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
packaging-config-js: packaging-config-js:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: windows-latest - os: windows-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: 'Packaging: Config file' name: 'Packaging: Config file'
permissions: permissions:
contents: read contents: read
@ -50,66 +52,66 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
with: with:
config-file: .github/codeql/codeql-config-packaging.yml config-file: .github/codeql/codeql-config-packaging.yml
languages: javascript languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
output: ${{ runner.temp }}/results output: ${{ runner.temp }}/results
upload-database: false upload-database: false
- name: Check results - name: Check results
uses: ./../action/.github/actions/check-sarif uses: ./../action/.github/actions/check-sarif
with: with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: queries-run:
javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
queries-not-run: foo,bar queries-not-run: foo,bar
- name: Assert Results - name: Assert Results
shell: bash shell: bash
run: | run: |
cd "$RUNNER_TEMP/results" cd "$RUNNER_TEMP/results"
# We should have 4 hits from these rules # We should have 4 hits from these rules
EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
# use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
echo "Found matching rules '$RULES'" echo "Found matching rules '$RULES'"
if [ "$RULES" != "$EXPECTED_RULES" ]; then if [ "$RULES" != "$EXPECTED_RULES" ]; then
echo "Did not match expected rules '$EXPECTED_RULES'." echo "Did not match expected rules '$EXPECTED_RULES'."
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

158
.github/workflows/__packaging-inputs-js.yml generated vendored
View file

@ -11,38 +11,40 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
packaging-inputs-js: packaging-inputs-js:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: windows-latest - os: windows-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: 'Packaging: Action input' name: 'Packaging: Action input'
permissions: permissions:
contents: read contents: read
@ -50,66 +52,66 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
with: with:
config-file: .github/codeql/codeql-config-packaging2.yml config-file: .github/codeql/codeql-config-packaging2.yml
languages: javascript languages: javascript
packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
output: ${{ runner.temp }}/results output: ${{ runner.temp }}/results
- name: Check results - name: Check results
uses: ./../action/.github/actions/check-sarif uses: ./../action/.github/actions/check-sarif
with: with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: queries-run:
javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
queries-not-run: foo,bar queries-not-run: foo,bar
- name: Assert Results - name: Assert Results
shell: bash shell: bash
run: | run: |
cd "$RUNNER_TEMP/results" cd "$RUNNER_TEMP/results"
# We should have 4 hits from these rules # We should have 4 hits from these rules
EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
# use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
echo "Found matching rules '$RULES'" echo "Found matching rules '$RULES'"
if [ "$RULES" != "$EXPECTED_RULES" ]; then if [ "$RULES" != "$EXPECTED_RULES" ]; then
echo "Did not match expected rules '$EXPECTED_RULES'." echo "Did not match expected rules '$EXPECTED_RULES'."
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

162
.github/workflows/__remote-config.yml generated vendored
View file

@ -11,62 +11,64 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
remote-config: remote-config:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20221211 version: stable-20221211
- os: macos-latest - os: macos-latest
version: stable-20221211 version: stable-20221211
- os: windows-latest - os: windows-latest
version: stable-20221211 version: stable-20221211
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20230418 version: stable-20230418
- os: macos-latest - os: macos-latest
version: stable-20230418 version: stable-20230418
- os: windows-latest - os: windows-latest
version: stable-20230418 version: stable-20230418
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.13.5 version: stable-v2.13.5
- os: macos-latest - os: macos-latest
version: stable-v2.13.5 version: stable-v2.13.5
- os: windows-latest - os: windows-latest
version: stable-v2.13.5 version: stable-v2.13.5
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.14.6 version: stable-v2.14.6
- os: macos-latest - os: macos-latest
version: stable-v2.14.6 version: stable-v2.14.6
- os: windows-latest - os: windows-latest
version: stable-v2.14.6 version: stable-v2.14.6
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: windows-latest - os: windows-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: Remote config file name: Remote config file
permissions: permissions:
contents: read contents: read
@ -74,41 +76,41 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
with: with:
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
languages: cpp,csharp,java,javascript,python languages: cpp,csharp,java,javascript,python
config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
github.sha }} github.sha }}
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

152
.github/workflows/__resolve-environment-action.yml generated vendored
View file

@ -11,44 +11,46 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
resolve-environment-action: resolve-environment-action:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.13.4 version: stable-v2.13.4
- os: macos-latest - os: macos-latest
version: stable-v2.13.4 version: stable-v2.13.4
- os: windows-latest - os: windows-latest
version: stable-v2.13.4 version: stable-v2.13.4
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: windows-latest - os: windows-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: Resolve environment name: Resolve environment
permissions: permissions:
contents: read contents: read
@ -56,58 +58,58 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: ${{ matrix.version == 'stable-v2.13.4' && 'go' || 'go,javascript-typescript' languages: ${{ matrix.version == 'stable-v2.13.4' && 'go' || 'go,javascript-typescript'
}} }}
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Resolve environment for Go - name: Resolve environment for Go
uses: ./../action/resolve-environment uses: ./../action/resolve-environment
id: resolve-environment-go id: resolve-environment-go
with: with:
language: go language: go
- name: Fail if Go configuration missing - name: Fail if Go configuration missing
if: (!fromJSON(steps.resolve-environment-go.outputs.environment).configuration.go) if: (!fromJSON(steps.resolve-environment-go.outputs.environment).configuration.go)
run: exit 1 run: exit 1
- name: Resolve environment for JavaScript/TypeScript - name: Resolve environment for JavaScript/TypeScript
if: matrix.version != 'stable-v2.13.4' if: matrix.version != 'stable-v2.13.4'
uses: ./../action/resolve-environment uses: ./../action/resolve-environment
id: resolve-environment-js id: resolve-environment-js
with: with:
language: javascript-typescript language: javascript-typescript
- name: Fail if JavaScript/TypeScript configuration present - name: Fail if JavaScript/TypeScript configuration present
if: matrix.version != 'stable-v2.13.4' && if: matrix.version != 'stable-v2.13.4' &&
fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript
run: exit 1 run: exit 1
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

102
.github/workflows/__rubocop-multi-language.yml generated vendored
View file

@ -11,22 +11,24 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
rubocop-multi-language: rubocop-multi-language:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
name: RuboCop multi-language name: RuboCop multi-language
permissions: permissions:
contents: read contents: read
@ -34,51 +36,51 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Set up Ruby - name: Set up Ruby
uses: ruby/setup-ruby@v1 uses: ruby/setup-ruby@v1
with: with:
ruby-version: 2.6 ruby-version: 2.6
- name: Install Code Scanning integration - name: Install Code Scanning integration
shell: bash shell: bash
run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install
- name: Install dependencies - name: Install dependencies
shell: bash shell: bash
run: bundle install run: bundle install
- name: RuboCop run - name: RuboCop run
shell: bash shell: bash
run: | run: |
bash -c " bash -c "
bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
[[ $? -ne 2 ]] [[ $? -ne 2 ]]
" "
- uses: ./../action/upload-sarif - uses: ./../action/upload-sarif
with: with:
sarif_file: rubocop.sarif sarif_file: rubocop.sarif
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

114
.github/workflows/__ruby.yml generated vendored
View file

@ -11,32 +11,34 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
ruby: ruby:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: Ruby analysis name: Ruby analysis
permissions: permissions:
contents: read contents: read
@ -44,47 +46,47 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: ruby languages: ruby
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze - uses: ./../action/analyze
id: analysis id: analysis
with: with:
upload-database: false upload-database: false
- name: Check database - name: Check database
shell: bash shell: bash
run: | run: |
RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}" RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}"
if [[ ! -d "$RUBY_DB" ]]; then if [[ ! -d "$RUBY_DB" ]]; then
echo "Did not create a database for Ruby." echo "Did not create a database for Ruby."
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

144
.github/workflows/__scaling-reserved-ram.yml generated vendored
View file

@ -11,48 +11,50 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
scaling-reserved-ram: scaling-reserved-ram:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20221211 version: stable-20221211
- os: macos-latest - os: macos-latest
version: stable-20221211 version: stable-20221211
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20230418 version: stable-20230418
- os: macos-latest - os: macos-latest
version: stable-20230418 version: stable-20230418
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.13.5 version: stable-v2.13.5
- os: macos-latest - os: macos-latest
version: stable-v2.13.5 version: stable-v2.13.5
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.14.6 version: stable-v2.14.6
- os: macos-latest - os: macos-latest
version: stable-v2.14.6 version: stable-v2.14.6
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: Scaling reserved RAM name: Scaling reserved RAM
permissions: permissions:
contents: read contents: read
@ -60,50 +62,50 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
id: init id: init
with: with:
db-location: ${{ runner.temp }}/customDbLocation db-location: ${{ runner.temp }}/customDbLocation
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/.github/actions/setup-swift - uses: ./../action/.github/actions/setup-swift
with: with:
codeql-path: ${{ steps.init.outputs.codeql-path }} codeql-path: ${{ steps.init.outputs.codeql-path }}
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
id: analysis id: analysis
with: with:
upload-database: false upload-database: false
env: env:
CODEQL_ACTION_SCALING_RESERVED_RAM: true CODEQL_ACTION_SCALING_RESERVED_RAM: true
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

158
.github/workflows/__split-workflow.yml generated vendored
View file

@ -11,32 +11,34 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
split-workflow: split-workflow:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: Split workflow name: Split workflow
permissions: permissions:
contents: read contents: read
@ -44,71 +46,71 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
with: with:
config-file: .github/codeql/codeql-config-packaging3.yml config-file: .github/codeql/codeql-config-packaging3.yml
packs: +codeql-testing/codeql-pack1@1.0.0 packs: +codeql-testing/codeql-pack1@1.0.0
languages: javascript languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
skip-queries: true skip-queries: true
output: ${{ runner.temp }}/results output: ${{ runner.temp }}/results
upload-database: false upload-database: false
- name: Assert No Results - name: Assert No Results
shell: bash shell: bash
run: | run: |
if [ "$(ls -A $RUNNER_TEMP/results)" ]; then if [ "$(ls -A $RUNNER_TEMP/results)" ]; then
echo "Expected results directory to be empty after skipping query execution!" echo "Expected results directory to be empty after skipping query execution!"
exit 1 exit 1
fi fi
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
output: ${{ runner.temp }}/results output: ${{ runner.temp }}/results
upload-database: false upload-database: false
- name: Assert Results - name: Assert Results
shell: bash shell: bash
run: | run: |
cd "$RUNNER_TEMP/results" cd "$RUNNER_TEMP/results"
# We should have 4 hits from these rules # We should have 4 hits from these rules
EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
# use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
echo "Found matching rules '$RULES'" echo "Found matching rules '$RULES'"
if [ "$RULES" != "$EXPECTED_RULES" ]; then if [ "$RULES" != "$EXPECTED_RULES" ]; then
echo "Did not match expected rules '$EXPECTED_RULES'." echo "Did not match expected rules '$EXPECTED_RULES'."
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

92
.github/workflows/__submit-sarif-failure.yml generated vendored
View file

@ -11,26 +11,28 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
submit-sarif-failure: submit-sarif-failure:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Submit SARIF after failure name: Submit SARIF after failure
permissions: permissions:
contents: read contents: read
@ -38,49 +40,49 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: ./init - uses: ./init
with: with:
languages: javascript languages: javascript
- name: Fail - name: Fail
# We want this job to pass if the Action correctly uploads the SARIF file for # We want this job to pass if the Action correctly uploads the SARIF file for
# the failed run. # the failed run.
# Setting this step to continue on error means that it is marked as completing # Setting this step to continue on error means that it is marked as completing
# successfully, so will not fail the job. # successfully, so will not fail the job.
continue-on-error: true continue-on-error: true
run: exit 1 run: exit 1
- uses: ./analyze - uses: ./analyze
# In a real workflow, this step wouldn't run. Since we used `continue-on-error` # In a real workflow, this step wouldn't run. Since we used `continue-on-error`
# above, we manually disable it with an `if` condition. # above, we manually disable it with an `if` condition.
if: false if: false
with: with:
category: /test-codeql-version:${{ matrix.version }} category: /test-codeql-version:${{ matrix.version }}
env: env:
# Internal-only environment variable used to indicate that the post-init Action # Internal-only environment variable used to indicate that the post-init Action
# should expect to upload a SARIF file for the failed run. # should expect to upload a SARIF file for the failed run.

134
.github/workflows/__swift-custom-build.yml generated vendored
View file

@ -11,32 +11,34 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
swift-custom-build: swift-custom-build:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: Swift analysis using a custom build command name: Swift analysis using a custom build command
permissions: permissions:
contents: read contents: read
@ -44,58 +46,58 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
id: init id: init
with: with:
languages: swift languages: swift
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/.github/actions/setup-swift - uses: ./../action/.github/actions/setup-swift
with: with:
codeql-path: ${{steps.init.outputs.codeql-path}} codeql-path: ${{steps.init.outputs.codeql-path}}
- name: Check working directory - name: Check working directory
shell: bash shell: bash
run: pwd run: pwd
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
id: analysis id: analysis
with: with:
upload-database: false upload-database: false
- name: Check database - name: Check database
shell: bash shell: bash
run: | run: |
SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}" SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}"
if [[ ! -d "$SWIFT_DB" ]]; then if [[ ! -d "$SWIFT_DB" ]]; then
echo "Did not create a database for Swift." echo "Did not create a database for Swift."
exit 1 exit 1
fi fi
env: env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

112
.github/workflows/__test-autobuild-working-dir.yml generated vendored
View file

@ -11,22 +11,24 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
test-autobuild-working-dir: test-autobuild-working-dir:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
name: Autobuild working directory name: Autobuild working directory
permissions: permissions:
contents: read contents: read
@ -34,56 +36,56 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Test setup - name: Test setup
shell: bash shell: bash
run: | run: |
# Make sure that Gradle build succeeds in autobuild-dir ... # Make sure that Gradle build succeeds in autobuild-dir ...
cp -a ../action/tests/java-repo autobuild-dir cp -a ../action/tests/java-repo autobuild-dir
# ... and fails if attempted in the current directory # ... and fails if attempted in the current directory
echo > build.gradle echo > build.gradle
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: java languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/autobuild - uses: ./../action/autobuild
with: with:
working-directory: autobuild-dir working-directory: autobuild-dir
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
upload-database: false upload-database: false
- name: Check database - name: Check database
shell: bash shell: bash
run: | run: |
cd "$RUNNER_TEMP/codeql_databases" cd "$RUNNER_TEMP/codeql_databases"
if [[ ! -d java ]]; then if [[ ! -d java ]]; then
echo "Did not find a Java database" echo "Did not find a Java database"
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

100
.github/workflows/__test-local-codeql.yml generated vendored
View file

@ -11,22 +11,24 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
test-local-codeql: test-local-codeql:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Local CodeQL bundle name: Local CodeQL bundle
permissions: permissions:
contents: read contents: read
@ -34,50 +36,50 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Fetch a CodeQL bundle - name: Fetch a CodeQL bundle
shell: bash shell: bash
env: env:
CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }} CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }}
run: | run: |
wget "$CODEQL_URL" wget "$CODEQL_URL"
- id: init - id: init
uses: ./../action/init uses: ./../action/init
with: with:
tools: ./codeql-bundle-linux64.tar.gz tools: ./codeql-bundle-linux64.tar.gz
- uses: ./../action/.github/actions/setup-swift - uses: ./../action/.github/actions/setup-swift
with: with:
codeql-path: ${{ steps.init.outputs.codeql-path }} codeql-path: ${{ steps.init.outputs.codeql-path }}
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
upload-database: false upload-database: false
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

78
.github/workflows/__test-proxy.yml generated vendored
View file

@ -11,22 +11,24 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
test-proxy: test-proxy:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
name: Proxy test name: Proxy test
permissions: permissions:
contents: read contents: read
@ -34,39 +36,39 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: javascript languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
upload-database: false upload-database: false
env: env:
https_proxy: http://squid-proxy:3128 https_proxy: http://squid-proxy:3128
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true
@ -77,4 +79,4 @@ jobs:
squid-proxy: squid-proxy:
image: ubuntu/squid:latest image: ubuntu/squid:latest
ports: ports:
- 3128:3128 - 3128:3128

194
.github/workflows/__unset-environment.yml generated vendored
View file

@ -11,34 +11,36 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
unset-environment: unset-environment:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20221211 version: stable-20221211
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20230418 version: stable-20230418
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.13.5 version: stable-v2.13.5
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.14.6 version: stable-v2.14.6
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Test unsetting environment variables name: Test unsetting environment variables
permissions: permissions:
contents: read contents: read
@ -46,87 +48,87 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
id: init id: init
with: with:
db-location: ${{ runner.temp }}/customDbLocation db-location: ${{ runner.temp }}/customDbLocation
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/.github/actions/setup-swift - uses: ./../action/.github/actions/setup-swift
with: with:
codeql-path: ${{ steps.init.outputs.codeql-path }} codeql-path: ${{ steps.init.outputs.codeql-path }}
- name: Build code - name: Build code
shell: bash shell: bash
# Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a # Disable Kotlin analysis while it's incompatible with Kotlin 1.8, until we find a
# workaround for our PR checks. # workaround for our PR checks.
run: env -i CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN=true PATH="$PATH" HOME="$HOME" run: env -i CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN=true PATH="$PATH" HOME="$HOME"
./build.sh ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
id: analysis id: analysis
with: with:
upload-database: false upload-database: false
- shell: bash - shell: bash
run: | run: |
CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}"
if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then
echo "::error::Did not create a database for CPP, or created it in the wrong location." \ echo "::error::Did not create a database for CPP, or created it in the wrong location." \
"Expected location was '${RUNNER_TEMP}/customDbLocation/cpp' but actual was '${CPP_DB}'" "Expected location was '${RUNNER_TEMP}/customDbLocation/cpp' but actual was '${CPP_DB}'"
exit 1 exit 1
fi fi
CSHARP_DB="${{ fromJson(steps.analysis.outputs.db-locations).csharp }}" CSHARP_DB="${{ fromJson(steps.analysis.outputs.db-locations).csharp }}"
if [[ ! -d "$CSHARP_DB" ]] || [[ ! "$CSHARP_DB" == "${RUNNER_TEMP}/customDbLocation/csharp" ]]; then if [[ ! -d "$CSHARP_DB" ]] || [[ ! "$CSHARP_DB" == "${RUNNER_TEMP}/customDbLocation/csharp" ]]; then
echo "::error::Did not create a database for C Sharp, or created it in the wrong location." \ echo "::error::Did not create a database for C Sharp, or created it in the wrong location." \
"Expected location was '${RUNNER_TEMP}/customDbLocation/csharp' but actual was '${CSHARP_DB}'" "Expected location was '${RUNNER_TEMP}/customDbLocation/csharp' but actual was '${CSHARP_DB}'"
exit 1 exit 1
fi fi
GO_DB="${{ fromJson(steps.analysis.outputs.db-locations).go }}" GO_DB="${{ fromJson(steps.analysis.outputs.db-locations).go }}"
if [[ ! -d "$GO_DB" ]] || [[ ! "$GO_DB" == "${RUNNER_TEMP}/customDbLocation/go" ]]; then if [[ ! -d "$GO_DB" ]] || [[ ! "$GO_DB" == "${RUNNER_TEMP}/customDbLocation/go" ]]; then
echo "::error::Did not create a database for Go, or created it in the wrong location." \ echo "::error::Did not create a database for Go, or created it in the wrong location." \
"Expected location was '${RUNNER_TEMP}/customDbLocation/go' but actual was '${GO_DB}'" "Expected location was '${RUNNER_TEMP}/customDbLocation/go' but actual was '${GO_DB}'"
exit 1 exit 1
fi fi
JAVA_DB="${{ fromJson(steps.analysis.outputs.db-locations).java }}" JAVA_DB="${{ fromJson(steps.analysis.outputs.db-locations).java }}"
if [[ ! -d "$JAVA_DB" ]] || [[ ! "$JAVA_DB" == "${RUNNER_TEMP}/customDbLocation/java" ]]; then if [[ ! -d "$JAVA_DB" ]] || [[ ! "$JAVA_DB" == "${RUNNER_TEMP}/customDbLocation/java" ]]; then
echo "::error::Did not create a database for Java, or created it in the wrong location." \ echo "::error::Did not create a database for Java, or created it in the wrong location." \
"Expected location was '${RUNNER_TEMP}/customDbLocation/java' but actual was '${JAVA_DB}'" "Expected location was '${RUNNER_TEMP}/customDbLocation/java' but actual was '${JAVA_DB}'"
exit 1 exit 1
fi fi
JAVASCRIPT_DB="${{ fromJson(steps.analysis.outputs.db-locations).javascript }}" JAVASCRIPT_DB="${{ fromJson(steps.analysis.outputs.db-locations).javascript }}"
if [[ ! -d "$JAVASCRIPT_DB" ]] || [[ ! "$JAVASCRIPT_DB" == "${RUNNER_TEMP}/customDbLocation/javascript" ]]; then if [[ ! -d "$JAVASCRIPT_DB" ]] || [[ ! "$JAVASCRIPT_DB" == "${RUNNER_TEMP}/customDbLocation/javascript" ]]; then
echo "::error::Did not create a database for Javascript, or created it in the wrong location." \ echo "::error::Did not create a database for Javascript, or created it in the wrong location." \
"Expected location was '${RUNNER_TEMP}/customDbLocation/javascript' but actual was '${JAVASCRIPT_DB}'" "Expected location was '${RUNNER_TEMP}/customDbLocation/javascript' but actual was '${JAVASCRIPT_DB}'"
exit 1 exit 1
fi fi
PYTHON_DB="${{ fromJson(steps.analysis.outputs.db-locations).python }}" PYTHON_DB="${{ fromJson(steps.analysis.outputs.db-locations).python }}"
if [[ ! -d "$PYTHON_DB" ]] || [[ ! "$PYTHON_DB" == "${RUNNER_TEMP}/customDbLocation/python" ]]; then if [[ ! -d "$PYTHON_DB" ]] || [[ ! "$PYTHON_DB" == "${RUNNER_TEMP}/customDbLocation/python" ]]; then
echo "::error::Did not create a database for Python, or created it in the wrong location." \ echo "::error::Did not create a database for Python, or created it in the wrong location." \
"Expected location was '${RUNNER_TEMP}/customDbLocation/python' but actual was '${PYTHON_DB}'" "Expected location was '${RUNNER_TEMP}/customDbLocation/python' but actual was '${PYTHON_DB}'"
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

108
.github/workflows/__upload-ref-sha-input.yml generated vendored
View file

@ -11,26 +11,28 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
upload-ref-sha-input: upload-ref-sha-input:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
name: "Upload-sarif: 'ref' and 'sha' from inputs" name: "Upload-sarif: 'ref' and 'sha' from inputs"
permissions: permissions:
contents: read contents: read
@ -38,50 +40,50 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init - uses: ./../action/init
with: with:
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
languages: cpp,csharp,java,javascript,python languages: cpp,csharp,java,javascript,python
config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
github.sha }} github.sha }}
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
upload-database: false upload-database: false
ref: refs/heads/main ref: refs/heads/main
sha: 5e235361806c361d4d3f8859e3c897658025a9a2 sha: 5e235361806c361d4d3f8859e3c897658025a9a2
upload: never upload: never
- uses: ./../action/upload-sarif - uses: ./../action/upload-sarif
with: with:
ref: refs/heads/main ref: refs/heads/main
sha: 5e235361806c361d4d3f8859e3c897658025a9a2 sha: 5e235361806c361d4d3f8859e3c897658025a9a2
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

184
.github/workflows/__with-checkout-path.yml generated vendored
View file

@ -11,26 +11,28 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
with-checkout-path: with-checkout-path:
strategy: strategy:
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: latest
- os: macos-latest - os: macos-latest
version: latest version: latest
- os: windows-latest - os: windows-latest
version: latest version: latest
name: Use a custom `checkout_path` name: Use a custom `checkout_path`
permissions: permissions:
contents: read contents: read
@ -38,100 +40,100 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( matrix.os == 'macos-latest' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20221211' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-20230418' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6') matrix.version == 'stable-v2.14.6')
with: with:
python-version: '3.11' python-version: '3.11'
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
- name: Prepare test - name: Prepare test
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
use-all-platform-bundle: 'false' use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement - name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211' if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Delete original checkout - name: Delete original checkout
shell: bash shell: bash
run: | run: |
# delete the original checkout so we don't accidentally use it. # delete the original checkout so we don't accidentally use it.
# Actions does not support deleting the current working directory, so we # Actions does not support deleting the current working directory, so we
# delete the contents of the directory instead. # delete the contents of the directory instead.
rm -rf ./* .github .git rm -rf ./* .github .git
# Check out the actions repo again, but at a different location. # Check out the actions repo again, but at a different location.
# choose an arbitrary SHA so that we can later test that the commit_oid is not from main # choose an arbitrary SHA so that we can later test that the commit_oid is not from main
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:
ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
path: x/y/z/some-path path: x/y/z/some-path
- uses: ./../action/init - uses: ./../action/init
with: with:
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
# it's enough to test one compiled language and one interpreted language # it's enough to test one compiled language and one interpreted language
languages: csharp,javascript languages: csharp,javascript
source-root: x/y/z/some-path/tests/multi-language-repo source-root: x/y/z/some-path/tests/multi-language-repo
- name: Build code - name: Build code
shell: bash shell: bash
working-directory: x/y/z/some-path/tests/multi-language-repo working-directory: x/y/z/some-path/tests/multi-language-repo
run: | run: |
./build.sh ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
checkout_path: x/y/z/some-path/tests/multi-language-repo checkout_path: x/y/z/some-path/tests/multi-language-repo
ref: v1.1.0 ref: v1.1.0
sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
upload: never upload: never
upload-database: false upload-database: false
- uses: ./../action/upload-sarif - uses: ./../action/upload-sarif
with: with:
ref: v1.1.0 ref: v1.1.0
sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
checkout_path: x/y/z/some-path/tests/multi-language-repo checkout_path: x/y/z/some-path/tests/multi-language-repo
- name: Verify SARIF after upload - name: Verify SARIF after upload
shell: bash shell: bash
run: | run: |
EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6" EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6"
EXPECTED_REF="v1.1.0" EXPECTED_REF="v1.1.0"
EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo" EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo"
ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)" ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)"
ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)" ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)"
ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)" ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)"
if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then
echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID" echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID"
echo "$RUNNER_TEMP/payload.json" echo "$RUNNER_TEMP/payload.json"
exit 1 exit 1
fi fi
if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then
echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'" echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'"
echo "$RUNNER_TEMP/payload.json" echo "$RUNNER_TEMP/payload.json"
exit 1 exit 1
fi fi
if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then
echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI" echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI"
echo "$RUNNER_TEMP/payload.json" echo "$RUNNER_TEMP/payload.json"
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

2
.github/workflows/codescanning-config-cli.yml vendored
View file

@ -15,6 +15,8 @@ on:
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:

2
.github/workflows/debug-artifacts-failure.yml vendored
View file

@ -17,6 +17,8 @@ on:
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
upload-artifacts: upload-artifacts:

2
.github/workflows/debug-artifacts.yml vendored
View file

@ -16,6 +16,8 @@ on:
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
upload-artifacts: upload-artifacts:

2
.github/workflows/expected-queries-runs.yml vendored
View file

@ -11,6 +11,8 @@ on:
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:

2
.github/workflows/query-filters.yml vendored
View file

@ -11,6 +11,8 @@ on:
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:

2
.github/workflows/test-codeql-bundle-all.yml vendored
View file

@ -16,6 +16,8 @@ on:
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
test-codeql-bundle-all: test-codeql-bundle-all:

4
pr-checks/sync.py
View file

@ -1,7 +1,7 @@
#!/usr/bin/env python #!/usr/bin/env python
import ruamel.yaml import ruamel.yaml
from ruamel.yaml.scalarstring import FoldedScalarString from ruamel.yaml.scalarstring import FoldedScalarString, SingleQuotedScalarString
import pathlib import pathlib
import textwrap import textwrap
@ -46,6 +46,7 @@ def writeHeader(checkStream):
yaml = ruamel.yaml.YAML() yaml = ruamel.yaml.YAML()
yaml.Representer = NonAliasingRTRepresenter yaml.Representer = NonAliasingRTRepresenter
yaml.indent(mapping=2, sequence=4, offset=2)
this_dir = pathlib.Path(__file__).resolve().parent this_dir = pathlib.Path(__file__).resolve().parent
@ -157,6 +158,7 @@ for file in (this_dir / 'checks').glob('*.yml'):
'pull_request': { 'pull_request': {
'types': ["opened", "synchronize", "reopened", "ready_for_review"] 'types': ["opened", "synchronize", "reopened", "ready_for_review"]
}, },
'schedule': [{'cron': SingleQuotedScalarString('0 5 * * *')}],
'workflow_dispatch': {} 'workflow_dispatch': {}
}, },
'jobs': { 'jobs': {