mirror of
https://github.com/github/codeql-action.git
synced 2025-12-06 07:48:17 +08:00
391 lines
12 KiB
YAML
391 lines
12 KiB
YAML
name: PR Checks (Basic Checks and Runner)
|
|
|
|
on:
|
|
push:
|
|
branches: [main, v1]
|
|
pull_request:
|
|
# Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
|
|
# by other workflows.
|
|
types: [opened, synchronize, reopened, ready_for_review]
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
lint-js:
|
|
name: Lint
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Run Lint
|
|
run: npm run-script lint
|
|
|
|
check-js:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Check generated JS
|
|
run: .github/workflows/script/check-js.sh
|
|
|
|
check-node-modules:
|
|
name: Check modules up to date
|
|
runs-on: macos-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Check node modules up to date
|
|
run: .github/workflows/script/check-node-modules.sh
|
|
|
|
verify-pr-checks:
|
|
name: Verify PR checks up to date
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Set up Python
|
|
uses: actions/setup-python@v2
|
|
with:
|
|
python-version: 3.8
|
|
- name: Install dependencies
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install ruamel.yaml
|
|
- name: Verify PR checks up to date
|
|
run: .github/workflows/script/verify-pr-checks.sh
|
|
|
|
npm-test:
|
|
name: Unit Test
|
|
needs: [check-js, check-node-modules]
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest, macos-latest]
|
|
runs-on: ${{ matrix.os }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: npm run-script test
|
|
run: npm run-script test
|
|
|
|
runner-analyze-javascript-ubuntu:
|
|
name: Runner ubuntu JS analyze
|
|
needs: [check-js, check-node-modules]
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Build runner
|
|
run: |
|
|
cd runner
|
|
npm install
|
|
npm run build-runner
|
|
|
|
- name: Run init
|
|
run: |
|
|
# Pass --config-file here, but not for other jobs in this workflow.
|
|
# This means we're testing the config file parsing in the runner
|
|
# but not slowing down all jobs unnecessarily as it doesn't add much
|
|
# testing the parsing on different operating systems and languages.
|
|
runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
|
|
- name: Run analyze
|
|
run: |
|
|
runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
env:
|
|
TEST_MODE: true
|
|
|
|
runner-analyze-javascript-windows:
|
|
name: Runner windows JS analyze
|
|
needs: [check-js, check-node-modules]
|
|
runs-on: windows-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Build runner
|
|
run: |
|
|
cd runner
|
|
npm install
|
|
npm run build-runner
|
|
|
|
- name: Run init
|
|
run: |
|
|
runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages javascript --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
|
|
- name: Run analyze
|
|
run: |
|
|
runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
env:
|
|
TEST_MODE: true
|
|
|
|
runner-analyze-javascript-macos:
|
|
name: Runner macos JS analyze
|
|
needs: [check-js, check-node-modules]
|
|
runs-on: macos-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Build runner
|
|
run: |
|
|
cd runner
|
|
npm install
|
|
npm run build-runner
|
|
|
|
- name: Run init
|
|
run: |
|
|
runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
|
|
- name: Run analyze
|
|
run: |
|
|
runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
env:
|
|
TEST_MODE: true
|
|
|
|
runner-analyze-csharp-ubuntu:
|
|
name: Runner ubuntu C# analyze
|
|
needs: [check-js, check-node-modules]
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Move codeql-action
|
|
shell: bash
|
|
run: |
|
|
mkdir ../action
|
|
mv * .github ../action/
|
|
mv ../action/tests/multi-language-repo/{*,.github} .
|
|
mv ../action/.github/workflows .github
|
|
|
|
- name: Build runner
|
|
run: |
|
|
cd ../action/runner
|
|
npm install
|
|
npm run build-runner
|
|
|
|
- name: Run init
|
|
run: |
|
|
../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
|
|
- name: Build code
|
|
run: |
|
|
. ./codeql-runner/codeql-env.sh
|
|
$CODEQL_RUNNER dotnet build
|
|
|
|
- name: Run analyze
|
|
run: |
|
|
../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
env:
|
|
TEST_MODE: true
|
|
|
|
runner-analyze-csharp-windows:
|
|
name: Runner windows C# analyze
|
|
needs: [check-js, check-node-modules]
|
|
runs-on: windows-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Move codeql-action
|
|
shell: bash
|
|
run: |
|
|
mkdir ../action
|
|
mv * .github ../action/
|
|
mv ../action/tests/multi-language-repo/{*,.github} .
|
|
mv ../action/.github/workflows .github
|
|
|
|
- name: Build runner
|
|
run: |
|
|
cd ../action/runner
|
|
npm install
|
|
npm run build-runner
|
|
|
|
- name: Run init
|
|
run: |
|
|
../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
|
|
- name: Build code
|
|
shell: powershell
|
|
# Note we want to make sure that the .win32env file is read correctly, so we unset the CODEQL_EXTRACTOR_CSHARP_ROOT from the .sh file.
|
|
run: |
|
|
cat ./codeql-runner/codeql-env.sh | Invoke-Expression
|
|
$Env:CODEQL_EXTRACTOR_CSHARP_ROOT = ""
|
|
& $Env:CODEQL_RUNNER dotnet build
|
|
|
|
- name: Run analyze
|
|
run: |
|
|
../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
env:
|
|
TEST_MODE: true
|
|
|
|
runner-analyze-csharp-macos:
|
|
name: Runner macos C# analyze
|
|
needs: [check-js, check-node-modules]
|
|
runs-on: macos-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Move codeql-action
|
|
shell: bash
|
|
run: |
|
|
mkdir ../action
|
|
mv * .github ../action/
|
|
mv ../action/tests/multi-language-repo/{*,.github} .
|
|
mv ../action/.github/workflows .github
|
|
|
|
- name: Build runner
|
|
run: |
|
|
cd ../action/runner
|
|
npm install
|
|
npm run build-runner
|
|
|
|
- name: Run init
|
|
run: |
|
|
../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
|
|
- name: Build code
|
|
shell: bash
|
|
run: |
|
|
. ./codeql-runner/codeql-env.sh
|
|
$CODEQL_RUNNER dotnet build
|
|
|
|
- name: Run analyze
|
|
run: |
|
|
../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
env:
|
|
TEST_MODE: true
|
|
|
|
runner-analyze-csharp-autobuild-ubuntu:
|
|
name: Runner ubuntu autobuild C# analyze
|
|
needs: [check-js, check-node-modules]
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Move codeql-action
|
|
shell: bash
|
|
run: |
|
|
mkdir ../action
|
|
mv * .github ../action/
|
|
mv ../action/tests/multi-language-repo/{*,.github} .
|
|
mv ../action/.github/workflows .github
|
|
|
|
- name: Build runner
|
|
run: |
|
|
cd ../action/runner
|
|
npm install
|
|
npm run build-runner
|
|
|
|
- name: Run init
|
|
run: |
|
|
../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
|
|
- name: Build code
|
|
run: |
|
|
../action/runner/dist/codeql-runner-linux autobuild
|
|
|
|
- name: Run analyze
|
|
run: |
|
|
../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
env:
|
|
TEST_MODE: true
|
|
|
|
runner-analyze-csharp-autobuild-windows:
|
|
name: Runner windows autobuild C# analyze
|
|
needs: [check-js, check-node-modules]
|
|
runs-on: windows-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Move codeql-action
|
|
shell: bash
|
|
run: |
|
|
mkdir ../action
|
|
mv * .github ../action/
|
|
mv ../action/tests/multi-language-repo/{*,.github} .
|
|
mv ../action/.github/workflows .github
|
|
|
|
- name: Build runner
|
|
run: |
|
|
cd ../action/runner
|
|
npm install
|
|
npm run build-runner
|
|
|
|
- name: Run init
|
|
run: |
|
|
../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
|
|
- name: Build code
|
|
shell: powershell
|
|
run: |
|
|
../action/runner/dist/codeql-runner-win.exe autobuild
|
|
|
|
- name: Run analyze
|
|
run: |
|
|
../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
env:
|
|
TEST_MODE: true
|
|
|
|
runner-analyze-csharp-autobuild-macos:
|
|
name: Runner macos autobuild C# analyze
|
|
needs: [check-js, check-node-modules]
|
|
runs-on: macos-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Move codeql-action
|
|
shell: bash
|
|
run: |
|
|
mkdir ../action
|
|
mv * .github ../action/
|
|
mv ../action/tests/multi-language-repo/{*,.github} .
|
|
mv ../action/.github/workflows .github
|
|
|
|
- name: Build runner
|
|
run: |
|
|
cd ../action/runner
|
|
npm install
|
|
npm run build-runner
|
|
|
|
- name: Run init
|
|
run: |
|
|
../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
|
|
- name: Build code
|
|
shell: bash
|
|
run: |
|
|
../action/runner/dist/codeql-runner-macos autobuild
|
|
|
|
- name: Run analyze
|
|
run: |
|
|
../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
|
|
env:
|
|
TEST_MODE: true
|
|
|
|
runner-upload-sarif:
|
|
name: Runner upload sarif
|
|
needs: [check-js, check-node-modules]
|
|
runs-on: ubuntu-latest
|
|
|
|
if: ${{ github.event_name != 'pull_request' || github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Build runner
|
|
run: |
|
|
cd runner
|
|
npm install
|
|
npm run build-runner
|
|
|
|
- name: Upload with runner
|
|
run: |
|
|
# Deliberately don't use TEST_MODE here. This is specifically testing
|
|
# the compatibility with the API.
|
|
runner/dist/codeql-runner-linux upload --sarif-file src/testdata/empty-sarif.sarif --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
|