mirror of
https://github.com/github/codeql-action.git
synced 2025-12-26 17:20:10 +08:00
84 lines
2.6 KiB
YAML
84 lines
2.6 KiB
YAML
name: "CodeQL action"
|
|
|
|
on:
|
|
push:
|
|
branches: [main, v1]
|
|
pull_request:
|
|
branches: [main, v1]
|
|
|
|
jobs:
|
|
# Identify the CodeQL tool versions to use in the analysis job.
|
|
check-codeql-versions:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
versions: ${{ steps.compare.outputs.versions }}
|
|
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
security-events: write
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Init with default CodeQL bundle from the VM image
|
|
id: init-default
|
|
uses: ./init
|
|
with:
|
|
languages: javascript
|
|
- name: Remove empty database
|
|
# allows us to run init a second time
|
|
run: |
|
|
rm -rf "$RUNNER_TEMP/codeql_databases"
|
|
- name: Init with latest CodeQL bundle
|
|
id: init-latest
|
|
uses: ./init
|
|
with:
|
|
tools: latest
|
|
languages: javascript
|
|
- name: Compare default and latest CodeQL bundle versions
|
|
id: compare
|
|
env:
|
|
CODEQL_DEFAULT: ${{ steps.init-default.outputs.codeql-path }}
|
|
CODEQL_LATEST: ${{ steps.init-latest.outputs.codeql-path }}
|
|
run: |
|
|
CODEQL_VERSION_DEFAULT="$("$CODEQL_DEFAULT" version --format terse)"
|
|
CODEQL_VERSION_LATEST="$("$CODEQL_LATEST" version --format terse)"
|
|
echo "Default CodeQL bundle version is $CODEQL_VERSION_DEFAULT"
|
|
echo "Latest CodeQL bundle version is $CODEQL_VERSION_LATEST"
|
|
if [[ "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
|
|
# Just use `tools: null` to avoid duplication in the analysis job.
|
|
VERSIONS_JSON='[null]'
|
|
else
|
|
# Use both `tools: null` and `tools: latest` in the analysis job.
|
|
VERSIONS_JSON='[null, "latest"]'
|
|
fi
|
|
# Output a JSON-encoded list with the distinct versions to test against.
|
|
echo "Suggested matrix config for analysis job: $VERSIONS_JSON"
|
|
echo "::set-output name=versions::${VERSIONS_JSON}"
|
|
|
|
build:
|
|
needs: [check-codeql-versions]
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-latest,windows-latest,macos-latest]
|
|
tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}
|
|
runs-on: ${{ matrix.os }}
|
|
|
|
permissions:
|
|
actions: read
|
|
contents: read
|
|
security-events: write
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- uses: ./init
|
|
id: init
|
|
with:
|
|
languages: javascript
|
|
config-file: ./.github/codeql/codeql-config.yml
|
|
tools: ${{ matrix.tools }}
|
|
# confirm steps.init.outputs.codeql-path points to the codeql binary
|
|
- name: Print CodeQL Version
|
|
run: ${{steps.init.outputs.codeql-path}} version --format=json
|
|
- uses: ./analyze
|