# Warning: This file is generated automatically, and should not be modified. # Instead, please modify the template in the pr-checks directory and run: # (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py) # to regenerate this file. name: PR Check - Quality queries input env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto on: push: branches: - main - releases/v* pull_request: types: - opened - synchronize - reopened - ready_for_review schedule: - cron: '0 5 * * *' workflow_dispatch: {} jobs: quality-queries: strategy: fail-fast: false matrix: include: - os: ubuntu-latest version: linked - os: macos-latest version: linked - os: windows-latest version: linked - os: ubuntu-latest version: nightly-latest - os: macos-latest version: nightly-latest - os: windows-latest version: nightly-latest name: Quality queries input permissions: contents: read security-events: read timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - name: Check out repository uses: actions/checkout@v4 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' - uses: ./../action/init with: languages: javascript quality-queries: code-quality tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/analyze with: output: ${{ runner.temp }}/results upload-database: false - name: Upload security SARIF uses: actions/upload-artifact@v4 with: name: quality-queries-${{ matrix.os }}-${{ matrix.version }}.sarif.json path: ${{ runner.temp }}/results/javascript.sarif retention-days: 7 - name: Upload quality SARIF uses: actions/upload-artifact@v4 with: name: quality-queries-${{ matrix.os }}-${{ matrix.version }}.quality.sarif.json path: ${{ runner.temp }}/results/javascript.quality.sarif retention-days: 7 - name: Check quality query does not appear in security SARIF uses: actions/github-script@v7 env: SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif EXPECT_PRESENT: 'false' with: script: ${{ env.CHECK_SCRIPT }} - name: Check quality query appears in quality SARIF uses: actions/github-script@v7 env: SARIF_PATH: ${{ runner.temp }}/results/javascript.quality.sarif EXPECT_PRESENT: 'true' with: script: ${{ env.CHECK_SCRIPT }} env: CHECK_SCRIPT: | const fs = require('fs'); const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); const expectPresent = JSON.parse(process.env['EXPECT_PRESENT']); const run = sarif.runs[0]; const extensions = run.tool.extensions; if (extensions === undefined) { core.setFailed('`extensions` property not found in the SARIF run property bag.'); } // ID of a query we want to check the presence for const targetId = 'js/regex/always-matches'; const found = extensions.find(extension => extension.rules && extension.rules.find(rule => rule.id === targetId)); if (found && expectPresent) { console.log(`Found rule with id '${targetId}'.`); } else if (!found && !expectPresent) { console.log(`Rule with id '${targetId}' was not found.`); } else { core.setFailed(`${ found ? "Found" : "Didn't find" } rule ${targetId}`); } CODEQL_ACTION_TEST_MODE: true