Permalink
codeql-action/.github/workflows/__config-export.yml
Newer
100644
122 lines (114 sloc)
3.92 KB
Ignoring revisions in .git-blame-ignore-revs.
1
# Warning: This file is generated automatically, and should not be modified.
2
# Instead, please modify the template in the pr-checks directory and run:
3
# (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
4
# to regenerate this file.
5
6
name: PR Check - Config export
7
env:
8
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
9
GO111MODULE: auto
10
CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
11
on:
12
push:
13
branches:
14
- main
15
- releases/v*
16
pull_request:
17
types:
18
- opened
19
- synchronize
20
- reopened
21
- ready_for_review
22
workflow_dispatch: {}
23
jobs:
24
config-export:
25
strategy:
26
matrix:
27
include:
28
- os: ubuntu-latest
29
version: latest
30
- os: macos-latest
31
version: latest
32
- os: windows-latest
33
version: latest
34
- os: ubuntu-latest
35
version: nightly-latest
36
- os: macos-latest
37
version: nightly-latest
38
- os: windows-latest
39
version: nightly-latest
41
permissions:
42
contents: read
43
security-events: write
47
- name: Setup Python on MacOS
48
uses: actions/setup-python@v4
49
if: >-
50
matrix.os == 'macos-latest' && (
51
52
matrix.version == 'stable-20220908' ||
53
54
matrix.version == 'stable-20221211' ||
55
56
matrix.version == 'stable-20230418' ||
57
58
matrix.version == 'stable-v2.13.5' ||
59
60
matrix.version == 'stable-v2.14.6')
61
with:
62
python-version: '3.11'
64
uses: actions/checkout@v4
67
uses: ./.github/actions/prepare-test
70
use-all-platform-bundle: 'false'
71
- name: Set environment variable for Swift enablement
72
if: >-
73
runner.os != 'Windows' && (
74
matrix.version == '20220908' ||
75
matrix.version == '20221211'
76
)
77
shell: bash
78
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
79
- uses: ./../action/init
80
with:
81
languages: javascript
82
queries: security-extended
83
tools: ${{ steps.prepare-test.outputs.tools-url }}
84
- uses: ./../action/analyze
85
with:
86
output: ${{ runner.temp }}/results
87
upload-database: false
88
- name: Upload SARIF
89
uses: actions/upload-artifact@v3
90
with:
91
name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
92
path: ${{ runner.temp }}/results/javascript.sarif
93
retention-days: 7
94
- name: Check config properties appear in SARIF
95
uses: actions/github-script@v7
96
env:
97
SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
102
const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
103
const run = sarif.runs[0];
104
const configSummary = run.properties.codeqlConfigSummary;
105
106
if (configSummary === undefined) {
107
core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
108
}
109
if (configSummary.disableDefaultQueries !== false) {
110
core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
111
`${JSON.stringify(configSummary.disableDefaultQueries)}.`);
112
}
113
const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }];
114
// Use JSON.stringify to deep-equal the arrays.
115
if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
116
core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
117
`${JSON.stringify(configSummary.queries)}.`);
118
}
119
core.info('Finished config export tests.');
120
env:
121
CODEQL_PASS_CONFIG_TO_CLI: true
122
CODEQL_ACTION_TEST_MODE: true