Permalink
codeql-action/.github/workflows/codeql.yml
Newer
100644
82 lines (75 sloc)
2.71 KB
1
name: "CodeQL action"
2
3
on:
4
push:
5
branches: [main, v1]
6
pull_request:
7
branches: [main, v1]
8
# Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
9
# by other workflows.
10
types: [opened, synchronize, reopened, ready_for_review]
13
# Identify the CodeQL tool versions to use in the analysis job.
14
check-codeql-versions:
15
runs-on: ubuntu-latest
16
outputs:
17
versions: ${{ steps.compare.outputs.versions }}
18
19
permissions:
20
security-events: write
21
22
steps:
23
- uses: actions/checkout@v2
24
- name: Init with default CodeQL bundle from the VM image
25
id: init-default
26
uses: ./init
27
with:
28
languages: javascript
29
- name: Remove empty database
30
# allows us to run init a second time
31
run: |
32
rm -rf "$RUNNER_TEMP/codeql_databases"
33
- name: Init with latest CodeQL bundle
34
id: init-latest
35
uses: ./init
36
with:
37
tools: latest
38
languages: javascript
39
- name: Compare default and latest CodeQL bundle versions
40
id: compare
41
env:
42
CODEQL_DEFAULT: ${{ steps.init-default.outputs.codeql-path }}
43
CODEQL_LATEST: ${{ steps.init-latest.outputs.codeql-path }}
44
run: |
45
CODEQL_VERSION_DEFAULT="$("$CODEQL_DEFAULT" version --format terse)"
46
CODEQL_VERSION_LATEST="$("$CODEQL_LATEST" version --format terse)"
47
echo "Default CodeQL bundle version is $CODEQL_VERSION_DEFAULT"
48
echo "Latest CodeQL bundle version is $CODEQL_VERSION_LATEST"
49
if [[ "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
50
# Just use `tools: null` to avoid duplication in the analysis job.
51
VERSIONS_JSON='[null]'
52
else
53
# Use both `tools: null` and `tools: latest` in the analysis job.
54
VERSIONS_JSON='[null, "latest"]'
55
fi
56
# Output a JSON-encoded list with the distinct versions to test against.
57
echo "Suggested matrix config for analysis job: $VERSIONS_JSON"
58
echo "::set-output name=versions::${VERSIONS_JSON}"
59
61
needs: [check-codeql-versions]
62
strategy:
63
matrix:
64
os: [ubuntu-latest,windows-latest,macos-latest]
65
tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}
66
runs-on: ${{ matrix.os }}
67
68
permissions:
69
security-events: write
70
72
- uses: actions/checkout@v2
73
- uses: ./init
74
id: init
76
languages: javascript
77
config-file: ./.github/codeql/codeql-config.yml
78
tools: ${{ matrix.tools }}
79
# confirm steps.init.outputs.codeql-path points to the codeql binary
80
- name: Print CodeQL Version
81
run: ${{steps.init.outputs.codeql-path}} version --format=json
82
- uses: ./analyze