PR Check - Packaging: Config and input passed to the CLI #3291
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Warning: This file is generated automatically, and should not be modified. | |
| # Instead, please modify the template in the pr-checks directory and run: | |
| # (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py) | |
| # to regenerate this file. | |
| name: 'PR Check - Packaging: Config and input passed to the CLI' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GO111MODULE: auto | |
| CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - releases/v* | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - ready_for_review | |
| schedule: | |
| - cron: '0 5 * * *' | |
| workflow_dispatch: {} | |
| jobs: | |
| packaging-codescanning-config-inputs-js: | |
| strategy: | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| version: latest | |
| - os: macos-latest | |
| version: latest | |
| - os: windows-latest | |
| version: latest | |
| - os: ubuntu-latest | |
| version: default | |
| - os: macos-latest | |
| version: default | |
| - os: windows-latest | |
| version: default | |
| - os: ubuntu-latest | |
| version: nightly-latest | |
| - os: macos-latest | |
| version: nightly-latest | |
| - os: windows-latest | |
| version: nightly-latest | |
| name: 'Packaging: Config and input passed to the CLI' | |
| permissions: | |
| contents: read | |
| security-events: write | |
| timeout-minutes: 45 | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Setup Python on MacOS | |
| uses: actions/setup-python@v5 | |
| if: >- | |
| runner.os == 'macOS' && ( | |
| matrix.version == 'stable-20230403' || | |
| matrix.version == 'stable-v2.13.5' || | |
| matrix.version == 'stable-v2.14.6') | |
| with: | |
| python-version: '3.11' | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Prepare test | |
| id: prepare-test | |
| uses: ./.github/actions/prepare-test | |
| with: | |
| version: ${{ matrix.version }} | |
| use-all-platform-bundle: 'false' | |
| - uses: ./../action/init | |
| with: | |
| config-file: .github/codeql/codeql-config-packaging3.yml | |
| packs: +codeql-testing/codeql-pack1@1.0.0 | |
| languages: javascript | |
| tools: ${{ steps.prepare-test.outputs.tools-url }} | |
| - name: Build code | |
| shell: bash | |
| run: ./build.sh | |
| - uses: ./../action/analyze | |
| with: | |
| output: ${{ runner.temp }}/results | |
| upload-database: false | |
| - name: Check results | |
| uses: ./../action/.github/actions/check-sarif | |
| with: | |
| sarif-file: ${{ runner.temp }}/results/javascript.sarif | |
| queries-run: | |
| javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block | |
| queries-not-run: foo,bar | |
| - name: Assert Results | |
| shell: bash | |
| run: | | |
| cd "$RUNNER_TEMP/results" | |
| # We should have 4 hits from these rules | |
| EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" | |
| # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace | |
| RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)" | |
| echo "Found matching rules '$RULES'" | |
| if [ "$RULES" != "$EXPECTED_RULES" ]; then | |
| echo "Did not match expected rules '$EXPECTED_RULES'." | |
| exit 1 | |
| fi | |
| env: | |
| CODEQL_ACTION_TEST_MODE: true |