Merge pull request #625 from github/update-v1.0.7-3428407b

Merge main into v1

CHANGELOG.md

@@ -1,5 +1,9 @@
 # CodeQL Action and CodeQL Runner Changelog
 
+## 1.0.7 - 21 Jul 2021
+
+No user facing changes.
+
 ## 1.0.6 - 19 Jul 2021
 
 - The `init` step of the Action now supports a `source-root` input as a path to the root source-code directory. By default, the path is relative to `$GITHUB_WORKSPACE`. [#607](https://github.com/github/codeql-action/pull/607)

package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql",
-  "version": "1.0.6",
+  "version": "1.0.7",
   "private": true,
   "description": "CodeQL action",
   "scripts": {

runner/package.json

@@ -1,6 +1,6 @@
 {
   "name": "codeql-runner",
-  "version": "1.0.6",
+  "version": "1.0.7",
   "private": true,
   "description": "CodeQL runner",
   "scripts": {

src/analyze.test.ts

@@ -94,6 +94,35 @@ test("status report fields and search path setting", async (t) => {
                     ],
                   },
                 },
+                // variant 3 references a rule with the lines-of-code tag
+                {
+                  tool: {
+                    extensions: [
+                      {
+                        rules: [
+                          {
+                            properties: {
+                              tags: ["lines-of-code"],
+                            },
+                          },
+                        ],
+                      },
+                    ],
+                  },
+                  properties: {
+                    metricResults: [
+                      {
+                        rule: {
+                          index: 0,
+                          toolComponent: {
+                            index: 0,
+                          },
+                        },
+                        value: 123,
+                      },
+                    ],
+                  },
+                },
                 {},
               ],
             })
@@ -233,8 +262,20 @@ test("status report fields and search path setting", async (t) => {
         baseline: lineCount,
       },
     ]);
+    t.deepEqual(sarif.runs[2].properties.metricResults, [
+      {
+        rule: {
+          index: 0,
+          toolComponent: {
+            index: 0,
+          },
+        },
+        value: 123,
+        baseline: lineCount,
+      },
+    ]);
     // when the rule doesn't exist, it should not be added
-    t.deepEqual(sarif.runs[2].properties.metricResults, []);
+    t.deepEqual(sarif.runs[3].properties.metricResults, []);
   }
 
   function verifyQuerySuites(tmpDir: string) {

src/analyze.ts

@@ -415,8 +415,10 @@ async function injectLinesOfCode(
   const idPrefix = getIdPrefix(language);
   if (language in lineCounts) {
     const sarif = JSON.parse(fs.readFileSync(sarifFile, "utf8"));
+
     if (Array.isArray(sarif.runs)) {
       for (const run of sarif.runs) {
+        // Old style: Baseline is inserted when rule ID has suffix /summary/lines-of-code
         const ruleId = `${idPrefix}/summary/lines-of-code`;
         run.properties = run.properties || {};
         run.properties.metricResults = run.properties.metricResults || [];
@@ -428,8 +430,22 @@ async function injectLinesOfCode(
         if (rule) {
           rule.baseline = lineCounts[language];
         }
+
+        // New style: Baseline is inserted when matching rule has tag lines-of-code
+        for (const metric of run.properties.metricResults) {
+          if (metric.rule && metric.rule.toolComponent) {
+            const matchingRule =
+              run.tool.extensions[metric.rule.toolComponent.index].rules[
+                metric.rule.index
+              ];
+            if (matchingRule.properties.tags?.includes("lines-of-code")) {
+              metric.baseline = lineCounts[language];
+            }
+          }
+        }
       }
     }
+
     fs.writeFileSync(sarifFile, JSON.stringify(sarif));
   }
 }