github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2025-12-06 07:48:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
main
codeql-action/analyze/action.yml
Michael B. Gale 74c8748a6f Update analyze/action.yml 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
2025-10-29 10:34:13 +00:00

100 lines
5.2 KiB
YAML
Raw Permalink Blame History

name: "CodeQL: Finish"
description: "Finalize CodeQL database"
author: "GitHub"
inputs:
check_name:
description: The name of the check run to add text to.
required: false
output:
description: The path of the directory in which to save the SARIF results from the CodeQL CLI.
required: false
default: "../results"
upload:
description: >-
Upload the SARIF file to Code Scanning.
Defaults to 'always' which uploads the SARIF file to Code Scanning for successful and failed runs.
'failure-only' only uploads debugging information to Code Scanning if the workflow run fails, for users post-processing the SARIF file before uploading it to Code Scanning.
'never' avoids uploading the SARIF file to Code Scanning, even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
required: false
# If changing this, make sure to update workflow.ts accordingly.
default: "always"
cleanup-level:
description: >-
DEPRECATED. This option is ignored since, for performance reasons, the CodeQL Action automatically
manages cleanup of intermediate results.
required: false
ram:
description: >-
The amount of memory in MB that can be used by CodeQL for database finalization and query execution.
By default, this action will use the same amount of memory as previously set in the "init" action.
If the "init" action also does not have an explicit "ram" input, this action will use most of the
memory available in the system (which for GitHub-hosted runners is 6GB for Linux, 5.5GB for Windows,
and 13GB for macOS).
required: false
add-snippets:
description: Does not have any effect.
required: false
deprecationMessage: >-
The input "add-snippets" has been removed and no longer has any effect.
skip-queries:
description: If this option is set, the CodeQL database will be built but no queries will be run on it. Thus, no results will be produced.
required: false
default: "false"
threads:
description: >-
The number of threads that can be used by CodeQL for database finalization and query execution.
By default, this action will use the same number of threads as previously set in the "init" action.
If the "init" action also does not have an explicit "threads" input, this action will use all the
hardware threads available in the system (which for GitHub-hosted runners is 2 for Linux and Windows
and 3 for macOS).
required: false
checkout_path:
description: "The path at which the analyzed repository was checked out. Used to relativize any absolute paths in the uploaded SARIF file."
required: false
# If changing this, make sure to update workflow.ts accordingly.
default: ${{ github.workspace }}
ref:
description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable. If provided, the sha input must be provided as well. This input is ignored for pull requests from forks. Expected format: refs/heads/<branch name>, refs/tags/<tag>, refs/pull/<number>/merge, or refs/pull/<number>/head."
required: false
sha:
description: "The sha of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable. If provided, the ref input must be provided as well. This input is ignored for pull requests from forks."
required: false
category:
description: String used by Code Scanning for matching the analyses
required: false
upload-database:
description: Whether to upload the resulting CodeQL database
required: false
default: "true"
post-processed-sarif-path:
description: >-
Before uploading the SARIF files produced by the CodeQL CLI, the CodeQL Action may perform some post-processing
on them. Ordinarily, these post-processed SARIF files are not saved to disk. However, if a path is provided as an
argument for this input, they are written to the specified directory.
required: false
wait-for-processing:
description: If true, the Action will wait for the uploaded SARIF to be processed before completing.
required: true
default: "true"
token:
description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission. Most of the time it is advisable to avoid specifying this input so that the workflow falls back to using the default value."
required: false
default: ${{ github.token }}
matrix:
default: ${{ toJson(matrix) }}
expect-error:
description: "[Internal] It is an error to use this input outside of integration testing of the codeql-action."
required: false
default: "false"
outputs:
db-locations:
description: A map from language to absolute path for each database created by CodeQL.
sarif-output:
description: Absolute, local path to the directory containing the generated SARIF file.
sarif-id:
description: The ID of the uploaded SARIF file.
runs:
using: node24
main: "../lib/analyze-action.js"
post: "../lib/analyze-action-post.js"
Reference in New Issue View Git Blame Copy Permalink