mirror of
https://github.com/github/codeql-action.git
synced 2025-12-29 10:40:17 +08:00
80 lines
3.0 KiB
YAML
80 lines
3.0 KiB
YAML
name: "Quality queries input"
|
|
description: "Tests that queries specified in the quality-queries input are used."
|
|
versions: ["linked", "nightly-latest"]
|
|
analysisKinds: ["code-scanning", "code-quality", "code-scanning,code-quality"]
|
|
env:
|
|
CHECK_SCRIPT: |
|
|
const fs = require('fs');
|
|
|
|
const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
|
|
const expectPresent = JSON.parse(process.env['EXPECT_PRESENT']);
|
|
const run = sarif.runs[0];
|
|
const extensions = run.tool.extensions;
|
|
|
|
if (extensions === undefined) {
|
|
core.setFailed('`extensions` property not found in the SARIF run property bag.');
|
|
}
|
|
|
|
// ID of a query we want to check the presence for
|
|
const targetId = 'js/regex/always-matches';
|
|
const found = extensions.find(extension => extension.rules && extension.rules.find(rule => rule.id === targetId));
|
|
|
|
if (found && expectPresent) {
|
|
console.log(`Found rule with id '${targetId}'.`);
|
|
} else if (!found && !expectPresent) {
|
|
console.log(`Rule with id '${targetId}' was not found.`);
|
|
} else {
|
|
core.setFailed(`${ found ? "Found" : "Didn't find" } rule ${targetId}`);
|
|
}
|
|
steps:
|
|
- uses: ./../action/init
|
|
with:
|
|
languages: javascript
|
|
analysis-kinds: ${{ matrix.analysis-kinds }}
|
|
tools: ${{ steps.prepare-test.outputs.tools-url }}
|
|
- uses: ./../action/analyze
|
|
with:
|
|
output: "${{ runner.temp }}/results"
|
|
upload-database: false
|
|
post-processed-sarif-path: "${{ runner.temp }}/post-processed"
|
|
- name: Upload security SARIF
|
|
if: contains(matrix.analysis-kinds, 'code-scanning')
|
|
uses: actions/upload-artifact@v5
|
|
with:
|
|
name: |
|
|
quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json
|
|
path: "${{ runner.temp }}/results/javascript.sarif"
|
|
retention-days: 7
|
|
- name: Upload quality SARIF
|
|
if: contains(matrix.analysis-kinds, 'code-quality')
|
|
uses: actions/upload-artifact@v5
|
|
with:
|
|
name: |
|
|
quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.quality.sarif.json
|
|
path: "${{ runner.temp }}/results/javascript.quality.sarif"
|
|
retention-days: 7
|
|
- name: Upload post-processed SARIF
|
|
uses: actions/upload-artifact@v5
|
|
with:
|
|
name: |
|
|
post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json
|
|
path: "${{ runner.temp }}/post-processed"
|
|
retention-days: 7
|
|
if-no-files-found: error
|
|
- name: Check quality query does not appear in security SARIF
|
|
if: contains(matrix.analysis-kinds, 'code-scanning')
|
|
uses: actions/github-script@v8
|
|
env:
|
|
SARIF_PATH: "${{ runner.temp }}/results/javascript.sarif"
|
|
EXPECT_PRESENT: "false"
|
|
with:
|
|
script: ${{ env.CHECK_SCRIPT }}
|
|
- name: Check quality query appears in quality SARIF
|
|
if: contains(matrix.analysis-kinds, 'code-quality')
|
|
uses: actions/github-script@v8
|
|
env:
|
|
SARIF_PATH: "${{ runner.temp }}/results/javascript.quality.sarif"
|
|
EXPECT_PRESENT: "true"
|
|
with:
|
|
script: ${{ env.CHECK_SCRIPT }}
|