diff --git a/.github/workflows/__zstd-bundle-streaming.yml b/.github/workflows/__zstd-bundle-streaming.yml new file mode 100644 index 000000000..9d6130347 --- /dev/null +++ b/.github/workflows/__zstd-bundle-streaming.yml @@ -0,0 +1,118 @@ +# Warning: This file is generated automatically, and should not be modified. +# Instead, please modify the template in the pr-checks directory and run: +# (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py) +# to regenerate this file. + +name: PR Check - Zstandard bundle (streaming) +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GO111MODULE: auto +on: + push: + branches: + - main + - releases/v* + pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' + workflow_dispatch: {} +jobs: + zstd-bundle-streaming: + strategy: + fail-fast: false + matrix: + include: + - os: macos-latest + version: linked + - os: ubuntu-latest + version: linked + name: Zstandard bundle (streaming) + permissions: + contents: read + security-events: write + timeout-minutes: 45 + runs-on: ${{ matrix.os }} + steps: + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + runner.os == 'macOS' && ( + + matrix.version == 'stable-v2.13.5' || + + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + setup-kotlin: 'true' + - name: Remove CodeQL from toolcache + uses: actions/github-script@v7 + with: + script: | + const fs = require('fs'); + const path = require('path'); + const codeqlPath = path.join(process.env['RUNNER_TOOL_CACHE'], 'CodeQL'); + fs.rmdirSync(codeqlPath, { recursive: true }); + - id: init + uses: ./../action/init + with: + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + upload-database: false + - name: Upload SARIF + uses: actions/upload-artifact@v3 + with: + name: zstd-bundle.sarif + path: ${{ runner.temp }}/results/javascript.sarif + retention-days: 7 + - name: Check diagnostic with expected tools URL appears in SARIF + uses: actions/github-script@v7 + env: + SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif + with: + script: | + const fs = require('fs'); + + const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); + const run = sarif.runs[0]; + + const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications; + const downloadTelemetryNotifications = toolExecutionNotifications.filter(n => + n.descriptor.id === 'codeql-action/bundle-download-telemetry' + ); + if (downloadTelemetryNotifications.length !== 1) { + core.setFailed( + 'Expected exactly one reporting descriptor in the ' + + `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` + + `${downloadTelemetryNotifications.length}. All notification reporting descriptors: ` + + `${JSON.stringify(toolExecutionNotifications)}.` + ); + } + + const toolsUrl = downloadTelemetryNotifications[0].properties.attributes.toolsUrl; + console.log(`Found tools URL: ${toolsUrl}`); + + if (!toolsUrl.endsWith('.tar.zst')) { + core.setFailed( + `Expected the tools URL to be a .tar.zst file, but found ${toolsUrl}.` + ); + } + env: + CODEQL_ACTION_ZSTD_BUNDLE: true + CODEQL_ACTION_ZSTD_BUNDLE_STREAMING_EXTRACTION: true + CODEQL_ACTION_TEST_MODE: true diff --git a/pr-checks/checks/zstd-bundle-streaming.yml b/pr-checks/checks/zstd-bundle-streaming.yml new file mode 100644 index 000000000..40937fa14 --- /dev/null +++ b/pr-checks/checks/zstd-bundle-streaming.yml @@ -0,0 +1,66 @@ +name: "Zstandard bundle (streaming)" +description: "Stream the download and extraction of a Zstandard-compressed CodeQL Bundle" +versions: + - linked +operatingSystems: + - macos + - ubuntu +env: + CODEQL_ACTION_ZSTD_BUNDLE: true + CODEQL_ACTION_ZSTD_BUNDLE_STREAMING_EXTRACTION: true +steps: + - name: Remove CodeQL from toolcache + uses: actions/github-script@v7 + with: + script: | + const fs = require('fs'); + const path = require('path'); + const codeqlPath = path.join(process.env['RUNNER_TOOL_CACHE'], 'CodeQL'); + fs.rmdirSync(codeqlPath, { recursive: true }); + - id: init + uses: ./../action/init + with: + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + upload-database: false + - name: Upload SARIF + uses: actions/upload-artifact@v3 + with: + name: zstd-bundle.sarif + path: ${{ runner.temp }}/results/javascript.sarif + retention-days: 7 + - name: Check diagnostic with expected tools URL appears in SARIF + uses: actions/github-script@v7 + env: + SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif + with: + script: | + const fs = require('fs'); + + const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); + const run = sarif.runs[0]; + + const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications; + const downloadTelemetryNotifications = toolExecutionNotifications.filter(n => + n.descriptor.id === 'codeql-action/bundle-download-telemetry' + ); + if (downloadTelemetryNotifications.length !== 1) { + core.setFailed( + 'Expected exactly one reporting descriptor in the ' + + `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` + + `${downloadTelemetryNotifications.length}. All notification reporting descriptors: ` + + `${JSON.stringify(toolExecutionNotifications)}.` + ); + } + + const toolsUrl = downloadTelemetryNotifications[0].properties.attributes.toolsUrl; + console.log(`Found tools URL: ${toolsUrl}`); + + if (!toolsUrl.endsWith('.tar.zst')) { + core.setFailed( + `Expected the tools URL to be a .tar.zst file, but found ${toolsUrl}.` + ); + }