Skip to content
Permalink
Newer
Older
100644 88 lines (79 sloc) 3.02 KB
1
name: "CodeQL action"
2
September 17, 2020 14:35
3
on:
4
push:
5
branches: [main, releases/v1, releases/v2]
September 17, 2020 14:35
6
pull_request:
7
branches: [main, releases/v1, releases/v2]
8
# Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
9
# by other workflows.
10
types: [opened, synchronize, reopened, ready_for_review]
13
# Identify the CodeQL tool versions to use in the analysis job.
14
check-codeql-versions:
15
runs-on: ubuntu-latest
16
outputs:
17
versions: ${{ steps.compare.outputs.versions }}
18
19
permissions:
20
security-events: write
21
22
steps:
23
- uses: actions/checkout@v3
24
- name: Init with default CodeQL bundle from the VM image
25
id: init-default
26
uses: ./init
27
with:
28
languages: javascript
29
- name: Remove empty database
30
# allows us to run init a second time
31
run: |
32
rm -rf "$RUNNER_TEMP/codeql_databases"
33
- name: Init with latest CodeQL bundle
34
id: init-latest
35
uses: ./init
36
with:
37
tools: latest
38
languages: javascript
39
- name: Compare default and latest CodeQL bundle versions
40
id: compare
41
env:
42
CODEQL_DEFAULT: ${{ steps.init-default.outputs.codeql-path }}
43
CODEQL_LATEST: ${{ steps.init-latest.outputs.codeql-path }}
44
run: |
45
CODEQL_VERSION_DEFAULT="$("$CODEQL_DEFAULT" version --format terse)"
46
CODEQL_VERSION_LATEST="$("$CODEQL_LATEST" version --format terse)"
47
echo "Default CodeQL bundle version is $CODEQL_VERSION_DEFAULT"
48
echo "Latest CodeQL bundle version is $CODEQL_VERSION_LATEST"
49
50
# If we're running on a pull request, run with both bundles, even if `tools: latest` would
51
# be the same as `tools: null`. This allows us to make the job for each of the bundles a
52
# required status check.
53
#
54
# If we're running on push, then we can skip running with `tools: latest` when it would be
55
# the same as running with `tools: null`.
56
if [[ "$GITHUB_EVENT_NAME" != "pull_request" && "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
57
VERSIONS_JSON='[null]'
58
else
59
VERSIONS_JSON='[null, "latest"]'
60
fi
61
62
# Output a JSON-encoded list with the distinct versions to test against.
63
echo "Suggested matrix config for analysis job: $VERSIONS_JSON"
64
echo "::set-output name=versions::${VERSIONS_JSON}"
65
67
needs: [check-codeql-versions]
68
strategy:
69
matrix:
70
os: [ubuntu-latest,windows-latest,macos-latest]
71
tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}
72
runs-on: ${{ matrix.os }}
73
74
permissions:
75
security-events: write
76
78
- uses: actions/checkout@v3
80
id: init
May 8, 2020 11:57
82
languages: javascript
83
config-file: ./.github/codeql/codeql-config.yml
84
tools: ${{ matrix.tools }}
November 5, 2020 08:31
85
# confirm steps.init.outputs.codeql-path points to the codeql binary
86
- name: Print CodeQL Version
87
run: ${{steps.init.outputs.codeql-path}} version --format=json
88
- uses: ./analyze