From 96f44cb9d26dd888572d0f1eed86eee91bd83841 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Thu, 11 Apr 2024 13:17:20 +0100 Subject: [PATCH] Add integration test for new diagnostic --- ...ect-tracing-workaround-no-file-program.yml | 103 ++++++++++++++++++ ...ect-tracing-workaround-no-file-program.yml | 50 +++++++++ 2 files changed, 153 insertions(+) create mode 100644 .github/workflows/__go-indirect-tracing-workaround-no-file-program.yml create mode 100644 pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml diff --git a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml new file mode 100644 index 000000000..5a97492ac --- /dev/null +++ b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml @@ -0,0 +1,103 @@ +# Warning: This file is generated automatically, and should not be modified. +# Instead, please modify the template in the pr-checks directory and run: +# (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py) +# to regenerate this file. + +name: 'PR Check - Go: diagnostic when `file` is not installed' +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GO111MODULE: auto + CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' +on: + push: + branches: + - main + - releases/v* + pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' + workflow_dispatch: {} +jobs: + go-indirect-tracing-workaround-no-file-program: + strategy: + matrix: + include: + - os: ubuntu-latest + version: stable-v2.14.6 + name: 'Go: diagnostic when `file` is not installed' + permissions: + contents: read + security-events: write + timeout-minutes: 45 + runs-on: ${{ matrix.os }} + steps: + - name: Setup Python on MacOS + uses: actions/setup-python@v5 + if: >- + matrix.os == 'macos-latest' && ( + + matrix.version == 'stable-20230403' || + + matrix.version == 'stable-v2.13.5' || + + matrix.version == 'stable-v2.14.6') + with: + python-version: '3.11' + - name: Check out repository + uses: actions/checkout@v4 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + - uses: actions/setup-go@v5 + with: + # We need a Go version that ships with statically linked binaries on Linux + go-version: '>=1.21.0' + - name: Remove `file` program + run: | + echo $(which file) + sudo rm -rf $(which file) + echo $(which file) + - uses: ./../action/init + with: + languages: go + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: go build main.go + - uses: ./../action/analyze + with: + output: ${{ runner.temp }}/results + upload-database: false + - name: Check diagnostic appears in SARIF + uses: actions/github-script@v7 + env: + SARIF_PATH: ${{ runner.temp }}/results/go.sarif + with: + script: | + const fs = require('fs'); + + const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); + const run = sarif.runs[0]; + + const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications; + const statusPageNotifications = toolExecutionNotifications.filter(n => + n.descriptor.id === 'go/workflow/file-program-unavailable' && n.properties?.visibility?.statusPage + ); + if (statusPageNotifications.length !== 1) { + core.setFailed( + 'Expected exactly one status page reporting descriptor for this diagnostic in the ' + + `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` + + `${statusPageNotifications.length}. All notification reporting descriptors: ` + + `${JSON.stringify(toolExecutionNotifications)}.` + ); + } + env: + CODEQL_ACTION_TEST_MODE: true diff --git a/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml new file mode 100644 index 000000000..8f90bbde5 --- /dev/null +++ b/pr-checks/checks/go-indirect-tracing-workaround-no-file-program.yml @@ -0,0 +1,50 @@ +name: "Go: diagnostic when `file` is not installed" +description: "Checks that we emit a diagnostic if the `file` program is not installed" +# only Linux is affected +operatingSystems: ["ubuntu"] +# pinned to a version which does not support statically linked binaries for indirect tracing +versions: ["stable-v2.14.6"] +steps: + - uses: actions/setup-go@v5 + with: + # We need a Go version that ships with statically linked binaries on Linux + go-version: ">=1.21.0" + - name: Remove `file` program + run: | + echo $(which file) + sudo rm -rf $(which file) + echo $(which file) + - uses: ./../action/init + with: + languages: go + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Build code + shell: bash + run: go build main.go + - uses: ./../action/analyze + with: + output: "${{ runner.temp }}/results" + upload-database: false + - name: Check diagnostic appears in SARIF + uses: actions/github-script@v7 + env: + SARIF_PATH: "${{ runner.temp }}/results/go.sarif" + with: + script: | + const fs = require('fs'); + + const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); + const run = sarif.runs[0]; + + const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications; + const statusPageNotifications = toolExecutionNotifications.filter(n => + n.descriptor.id === 'go/workflow/file-program-unavailable' && n.properties?.visibility?.statusPage + ); + if (statusPageNotifications.length !== 1) { + core.setFailed( + 'Expected exactly one status page reporting descriptor for this diagnostic in the ' + + `'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` + + `${statusPageNotifications.length}. All notification reporting descriptors: ` + + `${JSON.stringify(toolExecutionNotifications)}.` + ); + }