From bc33041cc228a614067213cf318b63741b5a9561 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Wed, 11 Aug 2021 18:42:29 +0100 Subject: [PATCH] Always run `codeql (latest)` job on PRs so we can make it required --- .github/workflows/codeql.yml | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 3d5ccade2..320a790e8 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -46,13 +46,19 @@ jobs: CODEQL_VERSION_LATEST="$("$CODEQL_LATEST" version --format terse)" echo "Default CodeQL bundle version is $CODEQL_VERSION_DEFAULT" echo "Latest CodeQL bundle version is $CODEQL_VERSION_LATEST" - if [[ "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then - # Just use `tools: null` to avoid duplication in the analysis job. + + # If we're running on a pull request, run with both bundles, even if `tools: latest` would + # be the same as `tools: null`. This allows us to make the job for each of the bundles a + # required status check. + # + # If we're running on push, then we can skip running with `tools: latest` when it would be + # the same as running with `tools: null`. + if [[ "$GITHUB_EVENT_NAME" != "pull_request" && "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then VERSIONS_JSON='[null]' else - # Use both `tools: null` and `tools: latest` in the analysis job. VERSIONS_JSON='[null, "latest"]' fi + # Output a JSON-encoded list with the distinct versions to test against. echo "Suggested matrix config for analysis job: $VERSIONS_JSON" echo "::set-output name=versions::${VERSIONS_JSON}"