mirror of
https://github.com/github/codeql-action.git
synced 2025-12-27 01:30:10 +08:00
101 lines
3.4 KiB
YAML
Generated
101 lines
3.4 KiB
YAML
Generated
# Warning: This file is generated automatically, and should not be modified.
|
|
# Instead, please modify the template in the pr-checks directory and run:
|
|
# (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
|
|
# to regenerate this file.
|
|
|
|
name: PR Check - Config export
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
GO111MODULE: auto
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- releases/v*
|
|
pull_request:
|
|
types:
|
|
- opened
|
|
- synchronize
|
|
- reopened
|
|
- ready_for_review
|
|
schedule:
|
|
- cron: '0 5 * * *'
|
|
workflow_dispatch: {}
|
|
jobs:
|
|
config-export:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- os: ubuntu-latest
|
|
version: linked
|
|
- os: macos-latest
|
|
version: linked
|
|
- os: windows-latest
|
|
version: linked
|
|
- os: ubuntu-latest
|
|
version: nightly-latest
|
|
- os: macos-latest
|
|
version: nightly-latest
|
|
- os: windows-latest
|
|
version: nightly-latest
|
|
name: Config export
|
|
permissions:
|
|
contents: read
|
|
security-events: read
|
|
timeout-minutes: 45
|
|
runs-on: ${{ matrix.os }}
|
|
steps:
|
|
- name: Check out repository
|
|
uses: actions/checkout@v4
|
|
- name: Prepare test
|
|
id: prepare-test
|
|
uses: ./.github/actions/prepare-test
|
|
with:
|
|
version: ${{ matrix.version }}
|
|
use-all-platform-bundle: 'false'
|
|
setup-kotlin: 'true'
|
|
- uses: ./../action/init
|
|
with:
|
|
languages: javascript
|
|
queries: security-extended
|
|
tools: ${{ steps.prepare-test.outputs.tools-url }}
|
|
- uses: ./../action/analyze
|
|
with:
|
|
output: ${{ runner.temp }}/results
|
|
upload-database: false
|
|
- name: Upload SARIF
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
|
|
path: ${{ runner.temp }}/results/javascript.sarif
|
|
retention-days: 7
|
|
- name: Check config properties appear in SARIF
|
|
uses: actions/github-script@v7
|
|
env:
|
|
SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
|
|
with:
|
|
script: |
|
|
const fs = require('fs');
|
|
|
|
const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
|
|
const run = sarif.runs[0];
|
|
const configSummary = run.properties.codeqlConfigSummary;
|
|
|
|
if (configSummary === undefined) {
|
|
core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
|
|
}
|
|
if (configSummary.disableDefaultQueries !== false) {
|
|
core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
|
|
`${JSON.stringify(configSummary.disableDefaultQueries)}.`);
|
|
}
|
|
const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }];
|
|
// Use JSON.stringify to deep-equal the arrays.
|
|
if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
|
|
core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
|
|
`${JSON.stringify(configSummary.queries)}.`);
|
|
}
|
|
core.info('Finished config export tests.');
|
|
env:
|
|
CODEQL_ACTION_TEST_MODE: true
|