github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-30 03:00:13 +08:00
Code Issues Packages Projects Releases Wiki Activity

Verify using post step

Browse Source
This commit is contained in:
Henry Mercer
2025-12-17 11:23:38 +00:00
parent 3b94cfeb15
commit faf6d35e7b
5 changed files with 23 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/actions/verify-debug-artifact-scan-completed/action.yml vendored Normal file
View File

@@ -0,0 +1,6 @@
name: Verify that the best-effort debug artifact scan completed
description: Verifies that the best-effort debug artifact scan completed successfully during tests
runs:
using: node20
main: index.js
post: post.js

2
.github/actions/verify-debug-artifact-scan-completed/index.js vendored Normal file
View File

@@ -0,0 +1,2 @@
// The main step is a no-op, since we can only verify artifact scan completion in the post step.
console.log("Will verify artifact scan completion in the post step.");

11
.github/actions/verify-debug-artifact-scan-completed/post.js vendored Normal file
View File

@@ -0,0 +1,11 @@
// Post step - runs after the workflow completes, when artifact scan has finished
const process = require("process");
const scanFinished = process.env.CODEQL_ACTION_ARTIFACT_SCAN_FINISHED;
if (scanFinished !== "true") {
console.error("Error: Best-effort artifact scan did not complete. Expected CODEQL_ACTION_ARTIFACT_SCAN_FINISHED=true");
process.exit(1);
}
console.log("✓ Best-effort artifact scan completed successfully");

10
.github/workflows/debug-artifacts-failure-safe.yml vendored
View File

@@ -58,6 +58,8 @@ jobs:
uses: actions/setup-dotnet@v5
with:
dotnet-version: '9.x'
- name: Assert best-effort artifact scan completed
uses: ./../action/.github/actions/verify-debug-artifact-scan-completed
- uses: ./../action/init
with:
tools: ${{ steps.prepare-test.outputs.tools-url }}
@@ -73,14 +75,6 @@ jobs:
CODEQL_ACTION_EXTRA_OPTIONS: '{ "database": { "finalize": ["--invalid-option"] } }'
with:
expect-error: true
- name: Verify artifact scan ran
shell: bash
run: |
if [[ "$CODEQL_ACTION_ARTIFACT_SCAN_FINISHED" != "true" ]]; then
echo "Error: Best effort artifact scan did not run"
exit 1
fi
echo "✓ Best effort artifact scan completed successfully"
download-and-check-artifacts:
name: Download and check debug artifacts after failure in analyze
if: github.triggering_actor != 'dependabot[bot]'

10
.github/workflows/debug-artifacts-safe.yml vendored
View File

@@ -54,6 +54,8 @@ jobs:
uses: actions/setup-dotnet@v5
with:
dotnet-version: '9.x'
- name: Assert best-effort artifact scan completed
uses: ./../action/.github/actions/verify-debug-artifact-scan-completed
- uses: ./../action/init
id: init
with:
@@ -67,14 +69,6 @@ jobs:
run: ./build.sh
- uses: ./../action/analyze
id: analysis
- name: Verify artifact scan ran
shell: bash
run: |
if [[ "$CODEQL_ACTION_ARTIFACT_SCAN_FINISHED" != "true" ]]; then
echo "Error: Best effort artifact scan did not run"
exit 1
fi
echo "✓ Best effort artifact scan completed successfully"
download-and-check-artifacts:
name: Download and check debug artifacts
if: github.triggering_actor != 'dependabot[bot]'