codeql-action/.github/workflows/debug-artifacts-safe.yml

# Checks logs, SARIF, and database bundle debug artifacts exist.
name: PR Check - Debug artifact upload
env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
on:
  push:
    branches:
    - main
    - releases/v*
  pull_request:
    types:
    - opened
    - synchronize
    - reopened
    - ready_for_review
  schedule:
    - cron: '0 5 * * *'
  workflow_dispatch: {}
jobs:
  upload-artifacts:
    strategy:
      fail-fast: false
      matrix:
        version:
        - stable-v2.20.3
        - default
        - linked
        - nightly-latest
    name: Upload debug artifacts
    env:
      CODEQL_ACTION_TEST_MODE: true
    timeout-minutes: 45
    permissions:
      contents: read
    runs-on: ubuntu-latest
    steps:
      - name: Check out repository
        uses: actions/checkout@v5
      - name: Prepare test
        id: prepare-test
        uses: ./.github/actions/prepare-test
        with:
          version: ${{ matrix.version }}
      - uses: actions/setup-go@v6
        with:
          go-version: ^1.13.1
      - uses: ./../action/init
        id: init
        with:
          tools: ${{ steps.prepare-test.outputs.tools-url }}
          debug: true
          debug-artifact-name: my-debug-artifacts
          debug-database-name: my-db
          # We manually exclude Swift from the languages list here, as it is not supported on Ubuntu
          languages: cpp,csharp,go,java,javascript,python,ruby
      - name: Build code
        shell: bash
        run: ./build.sh
      - uses: ./../action/analyze
        id: analysis
  download-and-check-artifacts:
    name: Download and check debug artifacts
    needs: upload-artifacts
    timeout-minutes: 45
    permissions:
      contents: read
    runs-on: ubuntu-latest
    steps:
      - name: Download all artifacts
        uses: actions/download-artifact@v5
      - name: Check expected artifacts exist
        shell: bash
        run: |
          VERSIONS="stable-v2.20.3 default linked nightly-latest"
          LANGUAGES="cpp csharp go java javascript python"
          for version in $VERSIONS; do
            pushd "./my-debug-artifacts-${version//./}"
            echo "Artifacts from version $version:"
            for language in $LANGUAGES; do
              echo "- Checking $language"
              if [[ ! -f "$language.sarif" ]] ; then
                echo "Missing a SARIF file for $language"
                exit 1
              fi
              if [[ ! -f "my-db-$language.zip" ]] ; then
                echo "Missing a database bundle for $language"
                exit 1
              fi
              if [[ ! -d "$language/log" ]] ; then
                echo "Missing logs for $language"
                exit 1
              fi
            done
            popd
          done
        env:
          GO111MODULE: auto