mirror of
https://github.com/github/codeql-action.git
synced 2026-01-01 20:20:07 +08:00
a21bb7f968
- The `upload` input to the `analyze` Action now accepts the following values:
- `always` is the default value, which uploads the SARIF file to Code Scanning for successful and failed runs.
- `failure-only` is recommended for customers post-processing the SARIF file before uploading it to Code Scanning. This option uploads debugging information to Code Scanning for failed runs to improve the debugging experience.
- `never` avoids uploading the SARIF file to Code Scanning even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
- The legacy `true` and `false` options will be interpreted as `always` and `failure-only` respectively.
---------
Co-authored-by: Henry Mercer <henry.mercer@me.com>
69 lines
2.5 KiB
YAML
69 lines
2.5 KiB
YAML
name: "Use a custom `checkout_path`"
|
|
description: "Checks that a custom `checkout_path` will find the proper commit_oid"
|
|
steps:
|
|
# Check out the actions repo again, but at a different location.
|
|
# choose an arbitrary SHA so that we can later test that the commit_oid is not from main
|
|
- uses: actions/checkout@v3
|
|
with:
|
|
ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
|
|
path: x/y/z/some-path
|
|
- uses: ./../action/init
|
|
with:
|
|
tools: ${{ steps.prepare-test.outputs.tools-url }}
|
|
# it's enough to test one compiled language and one interpreted language
|
|
languages: csharp,javascript
|
|
source-path: x/y/z/some-path/tests/multi-language-repo
|
|
debug: true
|
|
- name: Build code (non-windows)
|
|
shell: bash
|
|
if: ${{ runner.os != 'Windows' }}
|
|
run: |
|
|
$CODEQL_RUNNER x/y/z/some-path/tests/multi-language-repo/build.sh
|
|
- name: Build code (windows)
|
|
shell: bash
|
|
if: ${{ runner.os == 'Windows' }}
|
|
run: |
|
|
x/y/z/some-path/tests/multi-language-repo/build.sh
|
|
- uses: ./../action/analyze
|
|
with:
|
|
checkout_path: x/y/z/some-path/tests/multi-language-repo
|
|
ref: v1.1.0
|
|
sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
|
|
upload: never
|
|
upload-database: false
|
|
|
|
- uses: ./../action/upload-sarif
|
|
with:
|
|
ref: v1.1.0
|
|
sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
|
|
checkout_path: x/y/z/some-path/tests/multi-language-repo
|
|
|
|
- name: Verify SARIF after upload
|
|
shell: bash
|
|
run: |
|
|
EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6"
|
|
EXPECTED_REF="v1.1.0"
|
|
EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo"
|
|
|
|
ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)"
|
|
ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)"
|
|
ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)"
|
|
|
|
if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then
|
|
echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID"
|
|
echo "$RUNNER_TEMP/payload.json"
|
|
exit 1
|
|
fi
|
|
|
|
if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then
|
|
echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'"
|
|
echo "$RUNNER_TEMP/payload.json"
|
|
exit 1
|
|
fi
|
|
|
|
if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then
|
|
echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI"
|
|
echo "$RUNNER_TEMP/payload.json"
|
|
exit 1
|
|
fi
|