From 61ec68f26b7bd67ac8b65f031f61abfa2b0964b2 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Fri, 25 Nov 2022 18:00:42 +0000 Subject: [PATCH] Generate the "Submit SARIF after failure" workflow --- .github/workflows/__submit-sarif-failure.yml | 69 ++++++++++++++++++++ .github/workflows/submit-sarif-failure.yml | 34 ---------- pr-checks/checks/submit-sarif-failure.yml | 30 +++++++++ 3 files changed, 99 insertions(+), 34 deletions(-) create mode 100644 .github/workflows/__submit-sarif-failure.yml delete mode 100644 .github/workflows/submit-sarif-failure.yml create mode 100644 pr-checks/checks/submit-sarif-failure.yml diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml new file mode 100644 index 0000000000..849a51c017 --- /dev/null +++ b/.github/workflows/__submit-sarif-failure.yml @@ -0,0 +1,69 @@ +# Warning: This file is generated automatically, and should not be modified. +# Instead, please modify the template in the pr-checks directory and run: +# pip install ruamel.yaml && python3 sync.py +# to regenerate this file. + +name: PR Check - Submit SARIF after failure +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GO111MODULE: auto +on: + push: + branches: + - main + - releases/v1 + - releases/v2 + pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review + workflow_dispatch: {} +jobs: + submit-sarif-failure: + strategy: + matrix: + include: + - os: ubuntu-latest + version: latest + - os: ubuntu-latest + version: cached + - os: ubuntu-latest + version: nightly-latest + name: Submit SARIF after failure + timeout-minutes: 45 + runs-on: ${{ matrix.os }} + steps: + - name: Check out repository + uses: actions/checkout@v3 + - name: Prepare test + id: prepare-test + uses: ./.github/prepare-test + with: + version: ${{ matrix.version }} + - uses: actions/checkout@v3 + - uses: ./init + with: + languages: javascript + - name: Fail + # We want this job to pass if the Action correctly uploads the SARIF file for + # the failed run. + # Setting this step to continue on error means that it is marked as completing + # successfully, so will not fail the job. + continue-on-error: true + run: exit 1 + - uses: ./analyze + # In a real workflow, this step wouldn't run. Since we used `continue-on-error` + # above, we manually disable it with an `if` condition. + if: false + with: + category: /test-codeql-version:${{ matrix.version }} + env: + # Internal-only environment variable used to indicate that the post-init Action + # should expect to upload a SARIF file for the failed run. + CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF: true + # Make sure the uploading SARIF files feature is enabled. + CODEQL_ACTION_UPLOAD_FAILED_SARIF: true + + CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/submit-sarif-failure.yml b/.github/workflows/submit-sarif-failure.yml deleted file mode 100644 index a66bceef08..0000000000 --- a/.github/workflows/submit-sarif-failure.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: Submit SARIF after failure -on: push - -env: - # Internal-only environment variable used to indicate that the post-init Action - # should expect to upload a SARIF file for the failed run. - CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF: true - # Make sure the uploading SARIF files feature is enabled. - CODEQL_ACTION_UPLOAD_FAILED_SARIF: true - -jobs: - test: - runs-on: ubuntu-latest - strategy: - matrix: - language: [javascript] - steps: - - uses: actions/checkout@v3 - - uses: ./init - with: - languages: ${{ matrix.language }} - - name: Fail - # We want this job to pass if the Action correctly uploads the SARIF file for - # the failed run. - # Setting this step to continue on error means that it is marked as completing - # successfully, so will not fail the job. - continue-on-error: true - run: exit 1 - - uses: ./analyze - # In a real workflow, this step wouldn't run. Since we used `continue-on-error` - # above, we manually disable it with an `if` condition. - if: false - with: - category: "/language:${{ matrix.language }}" diff --git a/pr-checks/checks/submit-sarif-failure.yml b/pr-checks/checks/submit-sarif-failure.yml new file mode 100644 index 0000000000..556f530d8f --- /dev/null +++ b/pr-checks/checks/submit-sarif-failure.yml @@ -0,0 +1,30 @@ +name: Submit SARIF after failure +description: Check that a SARIF file is submitted for the workflow run if it fails +versions: ["latest", "cached", "nightly-latest"] +operatingSystems: ["ubuntu"] + +env: + # Internal-only environment variable used to indicate that the post-init Action + # should expect to upload a SARIF file for the failed run. + CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF: true + # Make sure the uploading SARIF files feature is enabled. + CODEQL_ACTION_UPLOAD_FAILED_SARIF: true + +steps: + - uses: actions/checkout@v3 + - uses: ./init + with: + languages: javascript + - name: Fail + # We want this job to pass if the Action correctly uploads the SARIF file for + # the failed run. + # Setting this step to continue on error means that it is marked as completing + # successfully, so will not fail the job. + continue-on-error: true + run: exit 1 + - uses: ./analyze + # In a real workflow, this step wouldn't run. Since we used `continue-on-error` + # above, we manually disable it with an `if` condition. + if: false + with: + category: "/test-codeql-version:${{ matrix.version }}"