Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
codeql-action/analyze/action.yml
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "CodeQL: Finish" | |
| description: "Finalize CodeQL database" | |
| author: "GitHub" | |
| inputs: | |
| check_name: | |
| description: The name of the check run to add text to. | |
| required: false | |
| output: | |
| description: The path of the directory in which to save the SARIF results | |
| required: false | |
| default: "../results" | |
| upload: | |
| description: >- | |
| Upload the SARIF file to Code Scanning. | |
| Defaults to 'always' which uploads the SARIF file to Code Scanning for successful and failed runs. | |
| 'failure-only' only uploads debugging information to Code Scanning if the workflow run fails, for users post-processing the SARIF file before uploading it to Code Scanning. | |
| 'never' avoids uploading the SARIF file to Code Scanning, even if the code scanning run fails. This is not recommended for external users since it complicates debugging. | |
| required: false | |
| # If changing this, make sure to update workflow.ts accordingly. | |
| default: "always" | |
| cleanup-level: | |
| description: "Level of cleanup to perform on CodeQL databases at the end of the analyze step. This should either be 'none' to skip cleanup, or be a valid argument for the --mode flag of the CodeQL CLI command 'codeql database cleanup' as documented at https://codeql.github.com/docs/codeql-cli/manual/database-cleanup" | |
| required: false | |
| default: "brutal" | |
| ram: | |
| description: >- | |
| The amount of memory in MB that can be used by CodeQL for database finalization and query execution. | |
| By default, this action will use the same amount of memory as previously set in the "init" action. | |
| If the "init" action also does not have an explicit "ram" input, this action will use most of the | |
| memory available in the system (which for GitHub-hosted runners is 6GB for Linux, 5.5GB for Windows, | |
| and 13GB for macOS). | |
| required: false | |
| add-snippets: | |
| description: Specify whether or not to add code snippets to the output sarif file. | |
| required: false | |
| default: "false" | |
| skip-queries: | |
| description: If this option is set, the CodeQL database will be built but no queries will be run on it. Thus, no results will be produced. | |
| required: false | |
| default: "false" | |
| threads: | |
| description: >- | |
| The number of threads that can be used by CodeQL for database finalization and query execution. | |
| By default, this action will use the same number of threads as previously set in the "init" action. | |
| If the "init" action also does not have an explicit "threads" input, this action will use all the | |
| hardware threads available in the system (which for GitHub-hosted runners is 2 for Linux and Windows | |
| and 3 for macOS). | |
| required: false | |
| checkout_path: | |
| description: "The path at which the analyzed repository was checked out. Used to relativize any absolute paths in the uploaded SARIF file." | |
| required: false | |
| # If changing this, make sure to update workflow.ts accordingly. | |
| default: ${{ github.workspace }} | |
| ref: | |
| description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable. If provided, the sha input must be provided as well. This input is not available in pull requests from forks." | |
| required: false | |
| sha: | |
| description: "The sha of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable. If provided, the ref input must be provided as well. This input is not available in pull requests from forks." | |
| required: false | |
| category: | |
| description: String used by Code Scanning for matching the analyses | |
| required: false | |
| upload-database: | |
| description: Whether to upload the resulting CodeQL database | |
| required: false | |
| default: "true" | |
| wait-for-processing: | |
| description: If true, the Action will wait for the uploaded SARIF to be processed before completing. | |
| required: true | |
| default: "true" | |
| token: | |
| default: ${{ github.token }} | |
| matrix: | |
| default: ${{ toJson(matrix) }} | |
| expect-error: | |
| description: "[Internal] It is an error to use this input outside of integration testing of the codeql-action." | |
| required: false | |
| default: "false" | |
| outputs: | |
| db-locations: | |
| description: A map from language to absolute path for each database created by CodeQL. | |
| sarif-output: | |
| description: Absolute, local path to the directory containing the generated SARIF file. | |
| sarif-id: | |
| description: The ID of the uploaded SARIF file. | |
| runs: | |
| using: node20 | |
| main: "../lib/analyze-action.js" | |
| post: "../lib/analyze-action-post.js" |