64b50fa2a6
Create a prerequisite job that runs the init step twice, with `tools: null` and `tools: latest`. Use the outputs of these steps to compare the two CodeQL versions. Pass the list of distinct tool versions for the analysis job to matrix over. This lets us test the analysis against both versions, while avoiding duplication when they are actually the same version.
73 lines
2.4 KiB
YAML
73 lines
2.4 KiB
YAML
name: "CodeQL action"
|
|
|
|
on:
|
|
push:
|
|
branches: [main, v1]
|
|
pull_request:
|
|
branches: [main, v1]
|
|
|
|
jobs:
|
|
# Identify the CodeQL tool versions to use in the analysis job.
|
|
check-codeql-versions:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
versions: ${{ steps.compare.outputs.versions }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Init with default CodeQL bundle from the VM image
|
|
id: init-default
|
|
uses: ./init
|
|
with:
|
|
languages: javascript
|
|
- name: Remove empty database
|
|
# allows us to run init a second time
|
|
run: |
|
|
rm -rf "$RUNNER_TEMP/codeql_databases"
|
|
- name: Init with latest CodeQL bundle
|
|
id: init-latest
|
|
uses: ./init
|
|
with:
|
|
tools: latest
|
|
languages: javascript
|
|
- name: Compare default and latest CodeQL bundle versions
|
|
id: compare
|
|
env:
|
|
CODEQL_DEFAULT: ${{ steps.init-default.outputs.codeql-path }}
|
|
CODEQL_LATEST: ${{ steps.init-latest.outputs.codeql-path }}
|
|
run: |
|
|
CODEQL_VERSION_DEFAULT="$("$CODEQL_DEFAULT" version --format terse)"
|
|
CODEQL_VERSION_LATEST="$("$CODEQL_LATEST" version --format terse)"
|
|
echo "Default CodeQL bundle version is $CODEQL_VERSION_DEFAULT"
|
|
echo "Latest CodeQL bundle version is $CODEQL_VERSION_LATEST"
|
|
if [[ "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
|
|
# Just use `tools: null` to avoid duplication in the analysis job.
|
|
VERSIONS_JSON='[null]'
|
|
else
|
|
# Use both `tools: null` and `tools: latest` in the analysis job.
|
|
VERSIONS_JSON='[null, "latest"]'
|
|
fi
|
|
# Output a JSON-encoded list with the distinct versions to test against.
|
|
echo "Suggested matrix config for analysis job: $VERSIONS_JSON"
|
|
echo "::set-output name=versions::${VERSIONS_JSON}"
|
|
|
|
build:
|
|
needs: [check-codeql-versions]
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest,windows-latest,macos-latest]
|
|
tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}
|
|
runs-on: ${{ matrix.os }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- uses: ./init
|
|
id: init
|
|
with:
|
|
languages: javascript
|
|
config-file: ./.github/codeql/codeql-config.yml
|
|
tools: ${{ matrix.tools }}
|
|
# confirm steps.init.outputs.codeql-path points to the codeql binary
|
|
- name: Print CodeQL Version
|
|
run: ${{steps.init.outputs.codeql-path}} version --format=json
|
|
- uses: ./analyze
|