From 90cf3d26a7ee3440e4c2a0b3149b9f2468d1dc8d Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Thu, 5 Sep 2024 14:57:11 +0200 Subject: [PATCH] Add PR check for job run UUID --- .github/workflows/__job-run-uuid-sarif.yml | 84 ++++++++++++++++++++++ pr-checks/checks/job-run-uuid-sarif.yml | 30 ++++++++ 2 files changed, 114 insertions(+) create mode 100644 .github/workflows/__job-run-uuid-sarif.yml create mode 100644 pr-checks/checks/job-run-uuid-sarif.yml diff --git a/.github/workflows/__job-run-uuid-sarif.yml b/.github/workflows/__job-run-uuid-sarif.yml new file mode 100644 index 000000000..d60f80025 --- /dev/null +++ b/.github/workflows/__job-run-uuid-sarif.yml @@ -0,0 +1,84 @@ +# Warning: This file is generated automatically, and should not be modified. +# Instead, please modify the template in the pr-checks directory and run: +# (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py) +# to regenerate this file. + +name: PR Check - Job run UUID added to SARIF +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GO111MODULE: auto +on: + push: + branches: + - main + - releases/v* + pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' + workflow_dispatch: {} +jobs: + job-run-uuid-sarif: + strategy: + fail-fast: false + matrix: + include: + - os: ubuntu-latest + version: nightly-latest + name: Job run UUID added to SARIF + permissions: + contents: read + security-events: write + timeout-minutes: 45 + runs-on: ${{ matrix.os }} + steps: + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + runner.os == 'macOS' && ( + + matrix.version == 'stable-v2.13.5' || + + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + setup-kotlin: 'true' + - uses: ./../action/init + id: init + with: + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + - name: Upload SARIF + uses: actions/upload-artifact@v3 + with: + name: ${{ matrix.os }}-${{ matrix.version }}.sarif.json + path: ${{ runner.temp }}/results/javascript.sarif + retention-days: 7 + - name: Check results + shell: bash + run: | + cd "$RUNNER_TEMP/results" + actual=$(jq -r '.runs[0].properties.jobRunUuid' javascript.sarif) + if [[ "$actual" != "$JOB_RUN_UUID" ]]; then + echo "Expected SARIF output to contain job run UUID '$JOB_RUN_UUID', but found '$actual'." + exit 1 + else + echo "Found job run UUID '$actual'." + fi + env: + CODEQL_ACTION_TEST_MODE: true diff --git a/pr-checks/checks/job-run-uuid-sarif.yml b/pr-checks/checks/job-run-uuid-sarif.yml new file mode 100644 index 000000000..c4901c935 --- /dev/null +++ b/pr-checks/checks/job-run-uuid-sarif.yml @@ -0,0 +1,30 @@ +name: "Job run UUID added to SARIF" +description: "Tests that the job run UUID is added to the SARIF output" +operatingSystems: ["ubuntu"] +versions: ["nightly-latest"] +steps: + - uses: ./../action/init + id: init + with: + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - uses: ./../action/analyze + with: + output: "${{ runner.temp }}/results" + - name: Upload SARIF + uses: actions/upload-artifact@v3 + with: + name: ${{ matrix.os }}-${{ matrix.version }}.sarif.json + path: "${{ runner.temp }}/results/javascript.sarif" + retention-days: 7 + - name: Check results + shell: bash + run: | + cd "$RUNNER_TEMP/results" + actual=$(jq -r '.runs[0].properties.jobRunUuid' javascript.sarif) + if [[ "$actual" != "$JOB_RUN_UUID" ]]; then + echo "Expected SARIF output to contain job run UUID '$JOB_RUN_UUID', but found '$actual'." + exit 1 + else + echo "Found job run UUID '$actual'." + fi