diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 09e9368b7..129e7f808 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -2,7 +2,7 @@ name: PR Checks (Basic Checks and Runner) on: push: - branches: [main, releases/v1, releases/v2] + branches: [main, releases/v1, releases/v2, criemen/debug-check] pull_request: # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened # by other workflows. @@ -10,264 +10,6 @@ on: workflow_dispatch: jobs: - lint-js: - name: Lint - runs-on: ubuntu-latest - timeout-minutes: 45 - - steps: - - uses: actions/checkout@v3 - - name: Run Lint - run: npm run-script lint - - check-js: - runs-on: ubuntu-latest - timeout-minutes: 45 - - strategy: - fail-fast: true - matrix: - node-types-version: [12.12, current] - - steps: - - uses: actions/checkout@v3 - - - name: Update version of @types/node - if: matrix.node-types-version != 'current' - env: - NODE_TYPES_VERSION: ${{ matrix.node-types-version }} - run: | - # Export `NODE_TYPES_VERSION` so it's available to jq - export NODE_TYPES_VERSION="${NODE_TYPES_VERSION}" - contents=$(jq '.devDependencies."@types/node" = env.NODE_TYPES_VERSION' package.json) - echo "${contents}" > package.json - # Usually we run `npm install` on macOS to ensure that we pick up macOS-only dependencies. - # However we're not checking in the updated lockfile here, so it's fine to run - # `npm install` on Linux. - npm install - - if [ ! -z "$(git status --porcelain)" ]; then - git config --global user.email "github-actions@github.com" - git config --global user.name "github-actions[bot]" - # The period in `git add --all .` ensures that we stage deleted files too. - git add --all . - git commit -m "Use @types/node=${NODE_TYPES_VERSION}" - fi - - - name: Check generated JS - run: .github/workflows/script/check-js.sh - - check-node-modules: - name: Check modules up to date - runs-on: macos-latest - timeout-minutes: 45 - - steps: - - uses: actions/checkout@v3 - - name: Check node modules up to date - run: .github/workflows/script/check-node-modules.sh - - verify-pr-checks: - name: Verify PR checks up to date - runs-on: ubuntu-latest - timeout-minutes: 45 - - steps: - - uses: actions/checkout@v3 - - name: Set up Python - uses: actions/setup-python@v3 - with: - python-version: 3.8 - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install ruamel.yaml - - name: Verify PR checks up to date - run: .github/workflows/script/verify-pr-checks.sh - - npm-test: - name: Unit Test - needs: [check-js, check-node-modules] - strategy: - matrix: - os: [ubuntu-latest, macos-latest, windows-latest] - runs-on: ${{ matrix.os }} - timeout-minutes: 45 - - steps: - - uses: actions/checkout@v3 - - name: npm test - run: | - # Run any commands referenced in package.json using Bash, otherwise - # we won't be able to find them on Windows. - npm config set script-shell bash - npm test - - runner-analyze-javascript-ubuntu: - name: Runner ubuntu JS analyze - needs: [check-js, check-node-modules] - timeout-minutes: 45 - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - - name: Build runner - run: | - cd runner - npm install - npm run build-runner - - - name: Run init - run: | - # Pass --config-file here, but not for other jobs in this workflow. - # This means we're testing the config file parsing in the runner - # but not slowing down all jobs unnecessarily as it doesn't add much - # testing the parsing on different operating systems and languages. - runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Run analyze - run: | - runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-javascript-windows: - name: Runner windows JS analyze - needs: [check-js, check-node-modules] - timeout-minutes: 45 - runs-on: windows-latest - - steps: - - uses: actions/checkout@v3 - - - name: Build runner - run: | - cd runner - npm install - npm run build-runner - - - name: Run init - run: | - runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages javascript --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Run analyze - run: | - runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-javascript-macos: - name: Runner macos JS analyze - needs: [check-js, check-node-modules] - timeout-minutes: 45 - runs-on: macos-latest - - steps: - - uses: actions/checkout@v3 - - - name: Build runner - run: | - cd runner - npm install - npm run build-runner - - - name: Run init - run: | - runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Run analyze - run: | - runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-csharp-ubuntu: - name: Runner ubuntu C# analyze - needs: [check-js, check-node-modules] - timeout-minutes: 45 - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - mv ../action/.github/workflows .github - - - name: Build runner - run: | - cd ../action/runner - npm install - npm run build-runner - - - name: Run init - run: | - ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Build code - run: | - . ./codeql-runner/codeql-env.sh - $CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false - - - name: Run analyze - run: | - ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-csharp-windows: - name: Runner windows C# analyze - needs: [check-js, check-node-modules] - # Build tracing currently does not support Windows 2022, so use `windows-2019` instead of - # `windows-latest`. - timeout-minutes: 45 - runs-on: windows-2019 - - steps: - - uses: actions/checkout@v3 - - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - mv ../action/.github/workflows .github - - - name: Build runner - run: | - cd ../action/runner - npm install - npm run build-runner - - - name: Run init - run: | - ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Build code - shell: powershell - run: | - cat ./codeql-runner/codeql-env.sh | Invoke-Expression - $Env:CODEQL_EXTRACTOR_CSHARP_ROOT = "" # Unset an environment variable to make sure the tracer resists this - & $Env:CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false - - - name: Upload tracer logs - uses: actions/upload-artifact@v3 - with: - name: tracer-logs - path: ./codeql-runner/compound-build-tracer.log - - - name: Run analyze - run: | - ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - runner-analyze-csharp-macos: name: Runner macos C# analyze timeout-minutes: 45 @@ -300,187 +42,15 @@ jobs: run: | . ./codeql-runner/codeql-env.sh $CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false - + - uses: actions/upload-artifact@v3 + if: always() + with: + name: debug-artifact-log + path: | + /Users/runner/work/codeql-action/codeql-action/codeql-runner/codeql_databases/ + !/Users/runner/work/codeql-action/codeql-action/codeql-runner/codeql_databases//working/copy-root - name: Run analyze run: | ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} env: TEST_MODE: true - - runner-analyze-csharp-autobuild-ubuntu: - name: Runner ubuntu autobuild C# analyze - timeout-minutes: 45 - needs: [check-js, check-node-modules] - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v3 - - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - mv ../action/.github/workflows .github - - - name: Build runner - run: | - cd ../action/runner - npm install - npm run build-runner - - - name: Run init - run: | - ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Build code - run: | - ../action/runner/dist/codeql-runner-linux autobuild - - - name: Run analyze - run: | - ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-csharp-autobuild-windows: - timeout-minutes: 45 - name: Runner windows autobuild C# analyze - needs: [check-js, check-node-modules] - # Build tracing currently does not support Windows 2022, so use `windows-2019` instead of - # `windows-latest`. - runs-on: windows-2019 - - steps: - - uses: actions/checkout@v3 - - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - mv ../action/.github/workflows .github - - - name: Build runner - run: | - cd ../action/runner - npm install - npm run build-runner - - - name: Run init - run: | - ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Build code - shell: powershell - run: | - ../action/runner/dist/codeql-runner-win.exe autobuild - - - name: Run analyze - run: | - ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-csharp-autobuild-macos: - name: Runner macos autobuild C# analyze - needs: [check-js, check-node-modules] - runs-on: macos-latest - timeout-minutes: 45 - - steps: - - uses: actions/checkout@v3 - - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - mv ../action/.github/workflows .github - - - name: Build runner - run: | - cd ../action/runner - npm install - npm run build-runner - - - name: Run init - run: | - ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Build code - shell: bash - run: | - ../action/runner/dist/codeql-runner-macos autobuild - - - name: Run analyze - run: | - ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-upload-sarif: - name: Runner upload sarif - needs: [check-js, check-node-modules] - runs-on: ubuntu-latest - timeout-minutes: 45 - - if: ${{ github.event_name != 'pull_request' || github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id }} - - steps: - - uses: actions/checkout@v3 - - - name: Build runner - run: | - cd runner - npm install - npm run build-runner - - - name: Upload with runner - run: | - # Deliberately don't use TEST_MODE here. This is specifically testing - # the compatibility with the API. - runner/dist/codeql-runner-linux upload --sarif-file src/testdata/empty-sarif.sarif --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - runner-extractor-ram-threads-options: - name: Runner ubuntu extractor RAM and threads options - needs: [check-js, check-node-modules] - runs-on: ubuntu-latest - timeout-minutes: 45 - - steps: - - uses: actions/checkout@v3 - - - name: Build runner - run: | - cd runner - npm install - npm run build-runner - - - name: Run init - run: | - runner/dist/codeql-runner-linux init --ram=230 --threads=1 --repository $GITHUB_REPOSITORY --languages java --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Assert Results - shell: bash - run: | - . ./codeql-runner/codeql-env.sh - if [ "${CODEQL_RAM}" != "230" ]; then - echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230" - exit 1 - fi - if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then - echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230" - exit 1 - fi - if [ "${CODEQL_THREADS}" != "1" ]; then - echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1" - exit 1 - fi - if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then - echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1" - exit 1 - fi