github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-06 07:48:17 +08:00
Code Issues Packages Projects Releases Wiki Activity

Change check to be restrictive by default

Browse Source
This commit is contained in:
Michael B. Gale
2025-10-16 15:00:12 +01:00
parent c77b3fb96e
commit db6938a4d0
3 changed files with 9 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
lib/init-action-post.js generated
View File

@@ -129786,8 +129786,8 @@ function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) {
}
return augmentedConfig;
}
function isCodeQualityEnabled(config) {
return config.analysisKinds.includes("code-quality" /* CodeQuality */);
function isCodeScanningEnabled(config) {
return config.analysisKinds.includes("code-scanning" /* CodeScanning */);
}
// src/setup-codeql.ts
@@ -133753,9 +133753,9 @@ async function tryUploadSarifIfRunFailed(config, repositoryNwo, features, logger
"CODEQL_ACTION_JOB_STATUS" /* JOB_STATUS */,
process.env["CODEQL_ACTION_JOB_STATUS" /* JOB_STATUS */] ?? "JOB_STATUS_CONFIGURATION_ERROR" /* ConfigErrorStatus */
);
if (config.analysisKinds.length === 1 && isCodeQualityEnabled(config)) {
if (!isCodeScanningEnabled(config)) {
return {
upload_failed_run_skipped_because: "Code Quality is the only enabled analysis kind."
upload_failed_run_skipped_because: "Code Scanning is not enabled."
};
}
try {

4
src/init-action-post-helper.test.ts
View File

@@ -297,14 +297,14 @@ test("uploading failed SARIF run fails when workflow does not reference github/c
t.truthy(result.upload_failed_run_stack_trace);
});
test("not uploading failed SARIF when `code-quality` is the only analysis kind", async (t) => {
test("not uploading failed SARIF when `code-scanning` is not an enabled analysis kind", async (t) => {
const result = await testFailedSarifUpload(t, createTestWorkflow([]), {
analysisKinds: [AnalysisKind.CodeQuality],
expectUpload: false,
});
t.is(
result.upload_failed_run_skipped_because,
"Code Quality is the only enabled analysis kind.",
"Code Scanning is not enabled.",
);
});

7
src/init-action-post-helper.ts
View File

@@ -7,7 +7,7 @@ import * as actionsUtil from "./actions-util";
import { CodeScanning } from "./analyses";
import { getApiClient } from "./api-client";
import { CodeQL, getCodeQL } from "./codeql";
import { Config, isCodeQualityEnabled } from "./config-utils";
import { Config, isCodeScanningEnabled } from "./config-utils";
import * as dependencyCaching from "./dependency-caching";
import { EnvVar } from "./environment";
import { Feature, FeatureEnablement } from "./feature-flags";
@@ -142,10 +142,9 @@ export async function tryUploadSarifIfRunFailed(
// If the only enabled analysis kind is `code-quality`, then we shouldn't
// upload the failed SARIF to Code Scanning.
if (config.analysisKinds.length === 1 && isCodeQualityEnabled(config)) {
if (!isCodeScanningEnabled(config)) {
return {
upload_failed_run_skipped_because:
"Code Quality is the only enabled analysis kind.",
upload_failed_run_skipped_because: "Code Scanning is not enabled.",
};
}