Skip to content
Permalink
codeql-action/.github/workflows/codeql.yml
Newer
Older
100644 88 lines (79 sloc) 3.02 KB
Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)
April 28, 2020 16:46
1
name: "CodeQL action"
2
Reduce triggers in workflows
September 17, 2020 14:35
3
on:
4
push:
Update references to release branches
April 12, 2022 18:16
5
branches: [main, releases/v1, releases/v2]
Reduce triggers in workflows
September 17, 2020 14:35
6
pull_request:
Update references to release branches
April 12, 2022 18:16
7
branches: [main, releases/v1, releases/v2]
Add ready_for_review type to pull_request trigger types
August 3, 2021 19:29
8
# Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
9
# by other workflows.
10
types: [opened, synchronize, reopened, ready_for_review]
Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)
April 28, 2020 16:46
11
12
jobs:
Code scanning: Compare the default and latest CodeQL tools bundles
April 9, 2021 14:51
13
# Identify the CodeQL tool versions to use in the analysis job.
14
check-codeql-versions:
15
runs-on: ubuntu-latest
16
outputs:
17
versions: ${{ steps.compare.outputs.versions }}
18
Restrict Actions token permissions in CodeQL workflow.
April 22, 2021 16:59
19
permissions:
Fix the token permissions for private copies of the CodeQL Action, an…
April 30, 2021 13:42
20
security-events: write
Restrict Actions token permissions in CodeQL workflow.
April 22, 2021 16:59
21
Code scanning: Compare the default and latest CodeQL tools bundles
April 9, 2021 14:51
22
steps:
Update actions/checkout from v2 to v3
March 30, 2022 19:42
23
- uses: actions/checkout@v3
Code scanning: Compare the default and latest CodeQL tools bundles
April 9, 2021 14:51
24
- name: Init with default CodeQL bundle from the VM image
25
id: init-default
26
uses: ./init
27
with:
28
languages: javascript
29
- name: Remove empty database
30
# allows us to run init a second time
31
run: |
32
rm -rf "$RUNNER_TEMP/codeql_databases"
33
- name: Init with latest CodeQL bundle
34
id: init-latest
35
uses: ./init
36
with:
37
tools: latest
38
languages: javascript
39
- name: Compare default and latest CodeQL bundle versions
40
id: compare
41
env:
42
CODEQL_DEFAULT: ${{ steps.init-default.outputs.codeql-path }}
43
CODEQL_LATEST: ${{ steps.init-latest.outputs.codeql-path }}
44
run: |
45
CODEQL_VERSION_DEFAULT="$("$CODEQL_DEFAULT" version --format terse)"
46
CODEQL_VERSION_LATEST="$("$CODEQL_LATEST" version --format terse)"
47
echo "Default CodeQL bundle version is $CODEQL_VERSION_DEFAULT"
48
echo "Latest CodeQL bundle version is $CODEQL_VERSION_LATEST"
Always run codeql (latest) job on PRs so we can make it required
August 11, 2021 18:42
49
50
# If we're running on a pull request, run with both bundles, even if `tools: latest` would
51
# be the same as `tools: null`. This allows us to make the job for each of the bundles a
52
# required status check.
53
#
54
# If we're running on push, then we can skip running with `tools: latest` when it would be
55
# the same as running with `tools: null`.
56
if [[ "$GITHUB_EVENT_NAME" != "pull_request" && "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
Code scanning: Compare the default and latest CodeQL tools bundles
April 9, 2021 14:51
57
VERSIONS_JSON='[null]'
58
else
59
VERSIONS_JSON='[null, "latest"]'
60
fi
Always run codeql (latest) job on PRs so we can make it required
August 11, 2021 18:42
61
Code scanning: Compare the default and latest CodeQL tools bundles
April 9, 2021 14:51
62
# Output a JSON-encoded list with the distinct versions to test against.
63
echo "Suggested matrix config for analysis job: $VERSIONS_JSON"
64
echo "::set-output name=versions::${VERSIONS_JSON}"
65
Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)
April 28, 2020 16:46
66
build:
Code scanning: Compare the default and latest CodeQL tools bundles
April 9, 2021 14:51
67
needs: [check-codeql-versions]
Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)
April 28, 2020 16:46
68
strategy:
69
matrix:
70
os: [ubuntu-latest,windows-latest,macos-latest]
Code scanning: Compare the default and latest CodeQL tools bundles
April 9, 2021 14:51
71
tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}
Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)
April 28, 2020 16:46
72
runs-on: ${{ matrix.os }}
73
Restrict Actions token permissions in CodeQL workflow.
April 22, 2021 16:59
74
permissions:
75
security-events: write
76
Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)
April 28, 2020 16:46
77
steps:
Update actions/checkout from v2 to v3
March 30, 2022 19:42
78
- uses: actions/checkout@v3
Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)
April 28, 2020 16:46
79
- uses: ./init
Expand readme to include codeql-path output example
November 4, 2020 19:27
80
id: init
Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)
April 28, 2020 16:46
81
with:
Don't analyse tests
May 8, 2020 11:57
82
languages: javascript
83
config-file: ./.github/codeql/codeql-config.yml
PR checks: Run integration tests against both tools: null and `tool…
April 8, 2021 13:29
84
tools: ${{ matrix.tools }}
Remove output from README
November 5, 2020 08:31
85
# confirm steps.init.outputs.codeql-path points to the codeql binary
Expand readme to include codeql-path output example
November 4, 2020 19:27
86
- name: Print CodeQL Version
87
run: ${{steps.init.outputs.codeql-path}} version --format=json
Initial commit (from f5274cbdce4ae7c9e4b937dcdf95ac70ae436d5f)
April 28, 2020 16:46
88
- uses: ./analyze