Skip to content

Commit

Permalink
Add PR check
Browse files Browse the repository at this point in the history
  • Loading branch information
Henry Mercer committed Mar 9, 2023
1 parent 485cc11 commit b31d983
Show file tree
Hide file tree
Showing 2 changed files with 137 additions and 0 deletions.
89 changes: 89 additions & 0 deletions .github/workflows/__config-export.yml
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

48 changes: 48 additions & 0 deletions pr-checks/checks/config-export.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,48 @@
name: "Config export"
description: "Tests that the code scanning configuration file is exported to SARIF correctly."
versions: ["latest"]
env:
CODEQL_ACTION_EXPORT_CODE_SCANNING_CONFIG: true
CODEQL_PASS_CONFIG_TO_CLI: true
steps:
- uses: ./../action/init
with:
languages: javascript
queries: security-extended
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
output: "${{ runner.temp }}/results"
upload-database: false
- name: Upload SARIF
uses: actions/upload-artifact@v3
with:
name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
path: "${{ runner.temp }}/results/javascript.sarif"
retention-days: 7
- name: Check config properties appear in SARIF
uses: actions/github-script@v6
with:
script: |
const fs = require('fs');
const path = require('path');
const sarifFile = path.join('${{ runner.temp }}', 'results', 'javascript.sarif');
const sarif = JSON.parse(fs.readFileSync(sarifFile, 'utf8'));
const run = sarif.runs[0];
const configSummary = run.properties.codeqlConfigSummary;
if (configSummary === undefined) {
core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
}
if (configSummary.disableDefaultQueries !== false) {
core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
`${JSON.stringify(configSummary.disableDefaultQueries)}.`);
}
const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }];
// Use JSON.stringify to deep-equal the arrays.
if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
`${JSON.stringify(configSummary.queries)}.`);
}
console.log('Finished config export tests.');

0 comments on commit b31d983

Please sign in to comment.