github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-05-01 03:10:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Support skipping checks based on changed files

Browse Source
This commit is contained in:
Michael B. Gale
2026-03-09 15:24:09 +00:00
parent 81005890a3
commit dbd765a1a8
57 changed files with 2888 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/__all-platform-bundle.yml
Generated
+49 -1
View File
@@ -54,6 +54,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: all-platform-bundle-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}
jobs:
should-run-all-platform-bundle:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
all-platform-bundle:
strategy:
fail-fast: false
@@ -66,7 +92,9 @@ jobs:
- os: windows-latest
version: nightly-latest
name: All-platform bundle
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-all-platform-bundle
if: needs.should-run-all-platform-bundle.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -102,3 +130,23 @@ jobs:
- uses: ./../action/analyze
env:
CODEQL_ACTION_TEST_MODE: true
skip-all-platform-bundle:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
- os: windows-latest
version: nightly-latest
name: All-platform bundle
needs:
- should-run-all-platform-bundle
if: needs.should-run-all-platform-bundle.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__analysis-kinds.yml
Generated
+67 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: analysis-kinds-${{github.ref}}
jobs:
should-run-analysis-kinds:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
analysis-kinds:
strategy:
fail-fast: false
@@ -64,7 +90,9 @@ jobs:
version: nightly-latest
analysis-kinds: risk-assessment
name: Analysis kinds
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-analysis-kinds
if: needs.should-run-analysis-kinds.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -150,3 +178,41 @@ jobs:
core.setFailed(`${ found ? "Found" : "Didn't find" } rule ${targetId}`);
}
CODEQL_ACTION_TEST_MODE: true
skip-analysis-kinds:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
analysis-kinds: code-scanning
- os: ubuntu-latest
version: linked
analysis-kinds: code-quality
- os: ubuntu-latest
version: linked
analysis-kinds: code-scanning,code-quality
- os: ubuntu-latest
version: linked
analysis-kinds: risk-assessment
- os: ubuntu-latest
version: nightly-latest
analysis-kinds: code-scanning
- os: ubuntu-latest
version: nightly-latest
analysis-kinds: code-quality
- os: ubuntu-latest
version: nightly-latest
analysis-kinds: code-scanning,code-quality
- os: ubuntu-latest
version: nightly-latest
analysis-kinds: risk-assessment
name: Analysis kinds
needs:
- should-run-analysis-kinds
if: needs.should-run-analysis-kinds.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__analyze-ref-input.yml
Generated
+45 -1
View File
@@ -64,6 +64,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: analyze-ref-input-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}}
jobs:
should-run-analyze-ref-input:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
analyze-ref-input:
strategy:
fail-fast: false
@@ -72,7 +98,9 @@ jobs:
- os: ubuntu-latest
version: default
name: "Analyze: 'ref' and 'sha' from inputs"
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-analyze-ref-input
if: needs.should-run-analyze-ref-input.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -115,3 +143,19 @@ jobs:
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
env:
CODEQL_ACTION_TEST_MODE: true
skip-analyze-ref-input:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: default
name: "Analyze: 'ref' and 'sha' from inputs"
needs:
- should-run-analyze-ref-input
if: needs.should-run-analyze-ref-input.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__autobuild-action.yml
Generated
+49 -1
View File
@@ -44,6 +44,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: autobuild-action-${{github.ref}}-${{inputs.dotnet-version}}
jobs:
should-run-autobuild-action:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
autobuild-action:
strategy:
fail-fast: false
@@ -56,7 +82,9 @@ jobs:
- os: windows-latest
version: linked
name: autobuild-action
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-autobuild-action
if: needs.should-run-autobuild-action.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -99,3 +127,23 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-autobuild-action:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: macos-latest
version: linked
- os: windows-latest
version: linked
name: autobuild-action
needs:
- should-run-autobuild-action
if: needs.should-run-autobuild-action.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__autobuild-direct-tracing-with-working-dir.yml
Generated
+51 -1
View File
@@ -44,6 +44,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: autobuild-direct-tracing-with-working-dir-${{github.ref}}-${{inputs.java-version}}
jobs:
should-run-autobuild-direct-tracing-with-working-dir:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
autobuild-direct-tracing-with-working-dir:
strategy:
fail-fast: false
@@ -58,7 +84,9 @@ jobs:
- os: windows-latest
version: nightly-latest
name: Autobuild direct tracing (custom working directory)
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-autobuild-direct-tracing-with-working-dir
if: needs.should-run-autobuild-direct-tracing-with-working-dir.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -104,3 +132,25 @@ jobs:
env:
CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true
CODEQL_ACTION_TEST_MODE: true
skip-autobuild-direct-tracing-with-working-dir:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: windows-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
- os: windows-latest
version: nightly-latest
name: Autobuild direct tracing (custom working directory)
needs:
- should-run-autobuild-direct-tracing-with-working-dir
if: needs.should-run-autobuild-direct-tracing-with-working-dir.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__autobuild-working-dir.yml
Generated
+45 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: autobuild-working-dir-${{github.ref}}
jobs:
should-run-autobuild-working-dir:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
autobuild-working-dir:
strategy:
fail-fast: false
@@ -42,7 +68,9 @@ jobs:
- os: ubuntu-latest
version: linked
name: Autobuild working directory
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-autobuild-working-dir
if: needs.should-run-autobuild-working-dir.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -81,3 +109,19 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-autobuild-working-dir:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
name: Autobuild working directory
needs:
- should-run-autobuild-working-dir
if: needs.should-run-autobuild-working-dir.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__build-mode-autobuild.yml
Generated
+51 -1
View File
@@ -44,6 +44,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: build-mode-autobuild-${{github.ref}}-${{inputs.java-version}}
jobs:
should-run-build-mode-autobuild:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
build-mode-autobuild:
strategy:
fail-fast: false
@@ -58,7 +84,9 @@ jobs:
- os: windows-latest
version: nightly-latest
name: Build mode autobuild
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-build-mode-autobuild
if: needs.should-run-build-mode-autobuild.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -121,3 +149,25 @@ jobs:
- uses: ./../action/analyze
env:
CODEQL_ACTION_TEST_MODE: true
skip-build-mode-autobuild:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: windows-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
- os: windows-latest
version: nightly-latest
name: Build mode autobuild
needs:
- should-run-build-mode-autobuild
if: needs.should-run-build-mode-autobuild.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__build-mode-manual.yml
Generated
+45 -1
View File
@@ -54,6 +54,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: build-mode-manual-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}
jobs:
should-run-build-mode-manual:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
build-mode-manual:
strategy:
fail-fast: false
@@ -62,7 +88,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: Build mode manual
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-build-mode-manual
if: needs.should-run-build-mode-manual.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -110,3 +138,19 @@ jobs:
- uses: ./../action/analyze
env:
CODEQL_ACTION_TEST_MODE: true
skip-build-mode-manual:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: nightly-latest
name: Build mode manual
needs:
- should-run-build-mode-manual
if: needs.should-run-build-mode-manual.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__build-mode-none.yml
Generated
+47 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: build-mode-none-${{github.ref}}
jobs:
should-run-build-mode-none:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
build-mode-none:
strategy:
fail-fast: false
@@ -44,7 +70,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: Build mode none
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-build-mode-none
if: needs.should-run-build-mode-none.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -84,3 +112,21 @@ jobs:
- uses: ./../action/analyze
env:
CODEQL_ACTION_TEST_MODE: true
skip-build-mode-none:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
name: Build mode none
needs:
- should-run-build-mode-none
if: needs.should-run-build-mode-none.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__build-mode-rollback.yml
Generated
+45 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: build-mode-rollback-${{github.ref}}
jobs:
should-run-build-mode-rollback:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
build-mode-rollback:
strategy:
fail-fast: false
@@ -42,7 +68,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: Build mode rollback
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-build-mode-rollback
if: needs.should-run-build-mode-rollback.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -85,3 +113,19 @@ jobs:
env:
CODEQL_ACTION_DISABLE_JAVA_BUILDLESS: true
CODEQL_ACTION_TEST_MODE: true
skip-build-mode-rollback:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: nightly-latest
name: Build mode rollback
needs:
- should-run-build-mode-rollback
if: needs.should-run-build-mode-rollback.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__bundle-from-nightly.yml
Generated
+45 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: bundle-from-nightly-${{github.ref}}
jobs:
should-run-bundle-from-nightly:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
bundle-from-nightly:
strategy:
fail-fast: false
@@ -42,7 +68,9 @@ jobs:
- os: ubuntu-latest
version: linked
name: 'Bundle: From nightly'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-bundle-from-nightly
if: needs.should-run-bundle-from-nightly.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -70,3 +98,19 @@ jobs:
run: exit 1
env:
CODEQL_ACTION_TEST_MODE: true
skip-bundle-from-nightly:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
name: 'Bundle: From nightly'
needs:
- should-run-bundle-from-nightly
if: needs.should-run-bundle-from-nightly.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__bundle-from-toolcache.yml
Generated
+45 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: bundle-from-toolcache-${{github.ref}}
jobs:
should-run-bundle-from-toolcache:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
bundle-from-toolcache:
strategy:
fail-fast: false
@@ -42,7 +68,9 @@ jobs:
- os: ubuntu-latest
version: toolcache
name: 'Bundle: From toolcache'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-bundle-from-toolcache
if: needs.should-run-bundle-from-toolcache.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -86,3 +114,19 @@ jobs:
}
env:
CODEQL_ACTION_TEST_MODE: true
skip-bundle-from-toolcache:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: toolcache
name: 'Bundle: From toolcache'
needs:
- should-run-bundle-from-toolcache
if: needs.should-run-bundle-from-toolcache.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__bundle-toolcache.yml
Generated
+49 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: bundle-toolcache-${{github.ref}}
jobs:
should-run-bundle-toolcache:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
bundle-toolcache:
strategy:
fail-fast: false
@@ -46,7 +72,9 @@ jobs:
- os: windows-latest
version: linked
name: 'Bundle: Caching checks'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-bundle-toolcache
if: needs.should-run-bundle-toolcache.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -106,3 +134,23 @@ jobs:
}
env:
CODEQL_ACTION_TEST_MODE: true
skip-bundle-toolcache:
strategy:
fail-fast: false
matrix:
include:
- os: macos-latest
version: linked
- os: ubuntu-latest
version: linked
- os: windows-latest
version: linked
name: 'Bundle: Caching checks'
needs:
- should-run-bundle-toolcache
if: needs.should-run-bundle-toolcache.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__bundle-zstd.yml
Generated
+49 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: bundle-zstd-${{github.ref}}
jobs:
should-run-bundle-zstd:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
bundle-zstd:
strategy:
fail-fast: false
@@ -46,7 +72,9 @@ jobs:
- os: windows-latest
version: linked
name: 'Bundle: Zstandard checks'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-bundle-zstd
if: needs.should-run-bundle-zstd.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -123,3 +151,23 @@ jobs:
}
env:
CODEQL_ACTION_TEST_MODE: true
skip-bundle-zstd:
strategy:
fail-fast: false
matrix:
include:
- os: macos-latest
version: linked
- os: ubuntu-latest
version: linked
- os: windows-latest
version: linked
name: 'Bundle: Zstandard checks'
needs:
- should-run-bundle-zstd
if: needs.should-run-bundle-zstd.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__cleanup-db-cluster-dir.yml
Generated
+45 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: cleanup-db-cluster-dir-${{github.ref}}
jobs:
should-run-cleanup-db-cluster-dir:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
cleanup-db-cluster-dir:
strategy:
fail-fast: false
@@ -42,7 +68,9 @@ jobs:
- os: ubuntu-latest
version: linked
name: Clean up database cluster directory
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-cleanup-db-cluster-dir
if: needs.should-run-cleanup-db-cluster-dir.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -80,3 +108,19 @@ jobs:
echo "File was cleaned up"
env:
CODEQL_ACTION_TEST_MODE: true
skip-cleanup-db-cluster-dir:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
name: Clean up database cluster directory
needs:
- should-run-cleanup-db-cluster-dir
if: needs.should-run-cleanup-db-cluster-dir.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__config-export.yml
Generated
+47 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: config-export-${{github.ref}}
jobs:
should-run-config-export:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
config-export:
strategy:
fail-fast: false
@@ -44,7 +70,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: Config export
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-config-export
if: needs.should-run-config-export.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -103,3 +131,21 @@ jobs:
core.info('Finished config export tests.');
env:
CODEQL_ACTION_TEST_MODE: true
skip-config-export:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
name: Config export
needs:
- should-run-config-export
if: needs.should-run-config-export.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__config-input.yml
Generated
+45 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: config-input-${{github.ref}}
jobs:
should-run-config-input:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
config-input:
strategy:
fail-fast: false
@@ -42,7 +68,9 @@ jobs:
- os: ubuntu-latest
version: linked
name: Config input
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-config-input
if: needs.should-run-config-input.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -95,3 +123,19 @@ jobs:
queries-not-run: javascript/codeql-action/default-setup-context-properties
env:
CODEQL_ACTION_TEST_MODE: true
skip-config-input:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
name: Config input
needs:
- should-run-config-input
if: needs.should-run-config-input.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__cpp-deptrace-disabled.yml
Generated
+49 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: cpp-deptrace-disabled-${{github.ref}}
jobs:
should-run-cpp-deptrace-disabled:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
cpp-deptrace-disabled:
strategy:
fail-fast: false
@@ -46,7 +72,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: 'C/C++: disabling autoinstalling dependencies (Linux)'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-cpp-deptrace-disabled
if: needs.should-run-cpp-deptrace-disabled.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -82,3 +110,23 @@ jobs:
env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true
skip-cpp-deptrace-disabled:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: default
- os: ubuntu-latest
version: nightly-latest
name: 'C/C++: disabling autoinstalling dependencies (Linux)'
needs:
- should-run-cpp-deptrace-disabled
if: needs.should-run-cpp-deptrace-disabled.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__cpp-deptrace-enabled-on-macos.yml
Generated
+47 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: cpp-deptrace-enabled-on-macos-${{github.ref}}
jobs:
should-run-cpp-deptrace-enabled-on-macos:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
cpp-deptrace-enabled-on-macos:
strategy:
fail-fast: false
@@ -44,7 +70,9 @@ jobs:
- os: macos-latest
version: nightly-latest
name: 'C/C++: autoinstalling dependencies is skipped (macOS)'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-cpp-deptrace-enabled-on-macos
if: needs.should-run-cpp-deptrace-enabled-on-macos.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -82,3 +110,21 @@ jobs:
env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true
skip-cpp-deptrace-enabled-on-macos:
strategy:
fail-fast: false
matrix:
include:
- os: macos-latest
version: linked
- os: macos-latest
version: nightly-latest
name: 'C/C++: autoinstalling dependencies is skipped (macOS)'
needs:
- should-run-cpp-deptrace-enabled-on-macos
if: needs.should-run-cpp-deptrace-enabled-on-macos.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__cpp-deptrace-enabled.yml
Generated
+49 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: cpp-deptrace-enabled-${{github.ref}}
jobs:
should-run-cpp-deptrace-enabled:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
cpp-deptrace-enabled:
strategy:
fail-fast: false
@@ -46,7 +72,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: 'C/C++: autoinstalling dependencies (Linux)'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-cpp-deptrace-enabled
if: needs.should-run-cpp-deptrace-enabled.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -82,3 +110,23 @@ jobs:
env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true
skip-cpp-deptrace-enabled:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: default
- os: ubuntu-latest
version: nightly-latest
name: 'C/C++: autoinstalling dependencies (Linux)'
needs:
- should-run-cpp-deptrace-enabled
if: needs.should-run-cpp-deptrace-enabled.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__diagnostics-export.yml
Generated
+47 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: diagnostics-export-${{github.ref}}
jobs:
should-run-diagnostics-export:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
diagnostics-export:
strategy:
fail-fast: false
@@ -44,7 +70,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: Diagnostic export
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-diagnostics-export
if: needs.should-run-diagnostics-export.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -139,3 +167,21 @@ jobs:
env:
CODEQL_ACTION_EXPORT_DIAGNOSTICS: true
CODEQL_ACTION_TEST_MODE: true
skip-diagnostics-export:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
name: Diagnostic export
needs:
- should-run-diagnostics-export
if: needs.should-run-diagnostics-export.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__export-file-baseline-information.yml
Generated
+49 -1
View File
@@ -54,6 +54,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: export-file-baseline-information-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}
jobs:
should-run-export-file-baseline-information:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
export-file-baseline-information:
strategy:
fail-fast: false
@@ -66,7 +92,9 @@ jobs:
- os: windows-latest
version: nightly-latest
name: Export file baseline information
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-export-file-baseline-information
if: needs.should-run-export-file-baseline-information.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -130,3 +158,23 @@ jobs:
CODEQL_ACTION_SKIP_FILE_COVERAGE_ON_PRS: false
CODEQL_ACTION_SUBLANGUAGE_FILE_COVERAGE: true
CODEQL_ACTION_TEST_MODE: true
skip-export-file-baseline-information:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
- os: windows-latest
version: nightly-latest
name: Export file baseline information
needs:
- should-run-export-file-baseline-information
if: needs.should-run-export-file-baseline-information.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__extractor-ram-threads.yml
Generated
+45 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: extractor-ram-threads-${{github.ref}}
jobs:
should-run-extractor-ram-threads:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
extractor-ram-threads:
strategy:
fail-fast: false
@@ -42,7 +68,9 @@ jobs:
- os: ubuntu-latest
version: linked
name: Extractor ram and threads options test
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-extractor-ram-threads
if: needs.should-run-extractor-ram-threads.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -83,3 +111,19 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-extractor-ram-threads:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
name: Extractor ram and threads options test
needs:
- should-run-extractor-ram-threads
if: needs.should-run-extractor-ram-threads.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__global-proxy.yml
Generated
+47 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: global-proxy-${{github.ref}}
jobs:
should-run-global-proxy:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
global-proxy:
strategy:
fail-fast: false
@@ -44,7 +70,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: Proxy test
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-global-proxy
if: needs.should-run-global-proxy.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -76,3 +104,21 @@ jobs:
image: ubuntu/squid:latest
ports:
- 3128:3128
skip-global-proxy:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
name: Proxy test
needs:
- should-run-global-proxy
if: needs.should-run-global-proxy.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__go-custom-queries.yml
Generated
+47 -1
View File
@@ -54,6 +54,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: go-custom-queries-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}
jobs:
should-run-go-custom-queries:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
go-custom-queries:
strategy:
fail-fast: false
@@ -64,7 +90,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: 'Go: Custom queries'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-go-custom-queries
if: needs.should-run-go-custom-queries.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -100,3 +128,21 @@ jobs:
env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true
skip-go-custom-queries:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
name: 'Go: Custom queries'
needs:
- should-run-go-custom-queries
if: needs.should-run-go-custom-queries.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml
Generated
+45 -1
View File
@@ -44,6 +44,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: go-indirect-tracing-workaround-diagnostic-${{github.ref}}-${{inputs.go-version}}
jobs:
should-run-go-indirect-tracing-workaround-diagnostic:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
go-indirect-tracing-workaround-diagnostic:
strategy:
fail-fast: false
@@ -52,7 +78,9 @@ jobs:
- os: ubuntu-latest
version: default
name: 'Go: diagnostic when Go is changed after init step'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-go-indirect-tracing-workaround-diagnostic
if: needs.should-run-go-indirect-tracing-workaround-diagnostic.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -112,3 +140,19 @@ jobs:
}
env:
CODEQL_ACTION_TEST_MODE: true
skip-go-indirect-tracing-workaround-diagnostic:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: default
name: 'Go: diagnostic when Go is changed after init step'
needs:
- should-run-go-indirect-tracing-workaround-diagnostic
if: needs.should-run-go-indirect-tracing-workaround-diagnostic.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml
Generated
+45 -1
View File
@@ -44,6 +44,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: go-indirect-tracing-workaround-no-file-program-${{github.ref}}-${{inputs.go-version}}
jobs:
should-run-go-indirect-tracing-workaround-no-file-program:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
go-indirect-tracing-workaround-no-file-program:
strategy:
fail-fast: false
@@ -52,7 +78,9 @@ jobs:
- os: ubuntu-latest
version: default
name: 'Go: diagnostic when `file` is not installed'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-go-indirect-tracing-workaround-no-file-program
if: needs.should-run-go-indirect-tracing-workaround-no-file-program.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -113,3 +141,19 @@ jobs:
}
env:
CODEQL_ACTION_TEST_MODE: true
skip-go-indirect-tracing-workaround-no-file-program:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: default
name: 'Go: diagnostic when `file` is not installed'
needs:
- should-run-go-indirect-tracing-workaround-no-file-program
if: needs.should-run-go-indirect-tracing-workaround-no-file-program.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__go-indirect-tracing-workaround.yml
Generated
+45 -1
View File
@@ -44,6 +44,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: go-indirect-tracing-workaround-${{github.ref}}-${{inputs.go-version}}
jobs:
should-run-go-indirect-tracing-workaround:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
go-indirect-tracing-workaround:
strategy:
fail-fast: false
@@ -52,7 +78,9 @@ jobs:
- os: ubuntu-latest
version: default
name: 'Go: workaround for indirect tracing'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-go-indirect-tracing-workaround
if: needs.should-run-go-indirect-tracing-workaround.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -107,3 +135,19 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-go-indirect-tracing-workaround:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: default
name: 'Go: workaround for indirect tracing'
needs:
- should-run-go-indirect-tracing-workaround
if: needs.should-run-go-indirect-tracing-workaround.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__go-tracing-autobuilder.yml
Generated
+79 -1
View File
@@ -44,6 +44,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: go-tracing-autobuilder-${{github.ref}}-${{inputs.go-version}}
jobs:
should-run-go-tracing-autobuilder:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
go-tracing-autobuilder:
strategy:
fail-fast: false
@@ -86,7 +112,9 @@ jobs:
- os: macos-latest
version: nightly-latest
name: 'Go: tracing with autobuilder step'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-go-tracing-autobuilder
if: needs.should-run-go-tracing-autobuilder.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -127,3 +155,53 @@ jobs:
env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true
skip-go-tracing-autobuilder:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: stable-v2.17.6
- os: macos-latest
version: stable-v2.17.6
- os: ubuntu-latest
version: stable-v2.18.4
- os: macos-latest
version: stable-v2.18.4
- os: ubuntu-latest
version: stable-v2.19.4
- os: macos-latest
version: stable-v2.19.4
- os: ubuntu-latest
version: stable-v2.20.7
- os: macos-latest
version: stable-v2.20.7
- os: ubuntu-latest
version: stable-v2.21.4
- os: macos-latest
version: stable-v2.21.4
- os: ubuntu-latest
version: stable-v2.22.4
- os: macos-latest
version: stable-v2.22.4
- os: ubuntu-latest
version: default
- os: macos-latest
version: default
- os: ubuntu-latest
version: linked
- os: macos-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
name: 'Go: tracing with autobuilder step'
needs:
- should-run-go-tracing-autobuilder
if: needs.should-run-go-tracing-autobuilder.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__go-tracing-custom-build-steps.yml
Generated
+79 -1
View File
@@ -44,6 +44,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: go-tracing-custom-build-steps-${{github.ref}}-${{inputs.go-version}}
jobs:
should-run-go-tracing-custom-build-steps:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
go-tracing-custom-build-steps:
strategy:
fail-fast: false
@@ -86,7 +112,9 @@ jobs:
- os: macos-latest
version: nightly-latest
name: 'Go: tracing with custom build steps'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-go-tracing-custom-build-steps
if: needs.should-run-go-tracing-custom-build-steps.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -130,3 +158,53 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-go-tracing-custom-build-steps:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: stable-v2.17.6
- os: macos-latest
version: stable-v2.17.6
- os: ubuntu-latest
version: stable-v2.18.4
- os: macos-latest
version: stable-v2.18.4
- os: ubuntu-latest
version: stable-v2.19.4
- os: macos-latest
version: stable-v2.19.4
- os: ubuntu-latest
version: stable-v2.20.7
- os: macos-latest
version: stable-v2.20.7
- os: ubuntu-latest
version: stable-v2.21.4
- os: macos-latest
version: stable-v2.21.4
- os: ubuntu-latest
version: stable-v2.22.4
- os: macos-latest
version: stable-v2.22.4
- os: ubuntu-latest
version: default
- os: macos-latest
version: default
- os: ubuntu-latest
version: linked
- os: macos-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
name: 'Go: tracing with custom build steps'
needs:
- should-run-go-tracing-custom-build-steps
if: needs.should-run-go-tracing-custom-build-steps.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__go-tracing-legacy-workflow.yml
Generated
+79 -1
View File
@@ -44,6 +44,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: go-tracing-legacy-workflow-${{github.ref}}-${{inputs.go-version}}
jobs:
should-run-go-tracing-legacy-workflow:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
go-tracing-legacy-workflow:
strategy:
fail-fast: false
@@ -86,7 +112,9 @@ jobs:
- os: macos-latest
version: nightly-latest
name: 'Go: tracing with legacy workflow'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-go-tracing-legacy-workflow
if: needs.should-run-go-tracing-legacy-workflow.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -121,3 +149,53 @@ jobs:
env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true
skip-go-tracing-legacy-workflow:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: stable-v2.17.6
- os: macos-latest
version: stable-v2.17.6
- os: ubuntu-latest
version: stable-v2.18.4
- os: macos-latest
version: stable-v2.18.4
- os: ubuntu-latest
version: stable-v2.19.4
- os: macos-latest
version: stable-v2.19.4
- os: ubuntu-latest
version: stable-v2.20.7
- os: macos-latest
version: stable-v2.20.7
- os: ubuntu-latest
version: stable-v2.21.4
- os: macos-latest
version: stable-v2.21.4
- os: ubuntu-latest
version: stable-v2.22.4
- os: macos-latest
version: stable-v2.22.4
- os: ubuntu-latest
version: default
- os: macos-latest
version: default
- os: ubuntu-latest
version: linked
- os: macos-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
name: 'Go: tracing with legacy workflow'
needs:
- should-run-go-tracing-legacy-workflow
if: needs.should-run-go-tracing-legacy-workflow.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__init-with-registries.yml
Generated
+49 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: init-with-registries-${{github.ref}}
jobs:
should-run-init-with-registries:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
init-with-registries:
strategy:
fail-fast: false
@@ -46,7 +72,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: 'Packaging: Download using registries'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-init-with-registries
if: needs.should-run-init-with-registries.outputs.run-check == 'true'
permissions:
contents: read
packages: read
@@ -122,3 +150,23 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-init-with-registries:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: default
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
name: 'Packaging: Download using registries'
needs:
- should-run-init-with-registries
if: needs.should-run-init-with-registries.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__javascript-source-root.yml
Generated
+49 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: javascript-source-root-${{github.ref}}
jobs:
should-run-javascript-source-root:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
javascript-source-root:
strategy:
fail-fast: false
@@ -46,7 +72,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: Custom source root
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-javascript-source-root
if: needs.should-run-javascript-source-root.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -83,3 +111,23 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-javascript-source-root:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: default
- os: ubuntu-latest
version: nightly-latest
name: Custom source root
needs:
- should-run-javascript-source-root
if: needs.should-run-javascript-source-root.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__job-run-uuid-sarif.yml
Generated
+45 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: job-run-uuid-sarif-${{github.ref}}
jobs:
should-run-job-run-uuid-sarif:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
job-run-uuid-sarif:
strategy:
fail-fast: false
@@ -42,7 +68,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: Job run UUID added to SARIF
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-job-run-uuid-sarif
if: needs.should-run-job-run-uuid-sarif.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -84,3 +112,19 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-job-run-uuid-sarif:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: nightly-latest
name: Job run UUID added to SARIF
needs:
- should-run-job-run-uuid-sarif
if: needs.should-run-job-run-uuid-sarif.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__language-aliases.yml
Generated
+45 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: language-aliases-${{github.ref}}
jobs:
should-run-language-aliases:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
language-aliases:
strategy:
fail-fast: false
@@ -42,7 +68,9 @@ jobs:
- os: ubuntu-latest
version: linked
name: Language aliases
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-language-aliases
if: needs.should-run-language-aliases.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -75,3 +103,19 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-language-aliases:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
name: Language aliases
needs:
- should-run-language-aliases
if: needs.should-run-language-aliases.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__local-bundle.yml
Generated
+45 -1
View File
@@ -64,6 +64,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: local-bundle-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}}
jobs:
should-run-local-bundle:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
local-bundle:
strategy:
fail-fast: false
@@ -72,7 +98,9 @@ jobs:
- os: ubuntu-latest
version: linked
name: Local CodeQL bundle
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-local-bundle
if: needs.should-run-local-bundle.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -116,3 +144,19 @@ jobs:
- uses: ./../action/analyze
env:
CODEQL_ACTION_TEST_MODE: true
skip-local-bundle:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
name: Local CodeQL bundle
needs:
- should-run-local-bundle
if: needs.should-run-local-bundle.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__multi-language-autodetect.yml
Generated
+79 -1
View File
@@ -64,6 +64,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: multi-language-autodetect-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}}
jobs:
should-run-multi-language-autodetect:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
multi-language-autodetect:
strategy:
fail-fast: false
@@ -106,7 +132,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: Multi-language repository
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-multi-language-autodetect
if: needs.should-run-multi-language-autodetect.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -204,3 +232,53 @@ jobs:
env:
CODEQL_ACTION_RESOLVE_SUPPORTED_LANGUAGES_USING_CLI: true
CODEQL_ACTION_TEST_MODE: true
skip-multi-language-autodetect:
strategy:
fail-fast: false
matrix:
include:
- os: macos-latest
version: stable-v2.17.6
- os: ubuntu-latest
version: stable-v2.17.6
- os: macos-latest
version: stable-v2.18.4
- os: ubuntu-latest
version: stable-v2.18.4
- os: macos-latest
version: stable-v2.19.4
- os: ubuntu-latest
version: stable-v2.19.4
- os: macos-latest
version: stable-v2.20.7
- os: ubuntu-latest
version: stable-v2.20.7
- os: macos-latest
version: stable-v2.21.4
- os: ubuntu-latest
version: stable-v2.21.4
- os: macos-latest
version: stable-v2.22.4
- os: ubuntu-latest
version: stable-v2.22.4
- os: macos-latest
version: default
- os: ubuntu-latest
version: default
- os: macos-latest
version: linked
- os: ubuntu-latest
version: linked
- os: macos-latest
version: nightly-latest
- os: ubuntu-latest
version: nightly-latest
name: Multi-language repository
needs:
- should-run-multi-language-autodetect
if: needs.should-run-multi-language-autodetect.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__overlay-init-fallback.yml
Generated
+47 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: overlay-init-fallback-${{github.ref}}
jobs:
should-run-overlay-init-fallback:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
overlay-init-fallback:
strategy:
fail-fast: false
@@ -44,7 +70,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: Overlay database init fallback
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-overlay-init-fallback
if: needs.should-run-overlay-init-fallback.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -79,3 +107,21 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-overlay-init-fallback:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
name: Overlay database init fallback
needs:
- should-run-overlay-init-fallback
if: needs.should-run-overlay-init-fallback.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__packaging-codescanning-config-inputs-js.yml
Generated
+49 -1
View File
@@ -64,6 +64,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: packaging-codescanning-config-inputs-js-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}}
jobs:
should-run-packaging-codescanning-config-inputs-js:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
packaging-codescanning-config-inputs-js:
strategy:
fail-fast: false
@@ -76,7 +102,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: 'Packaging: Config and input passed to the CLI'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-packaging-codescanning-config-inputs-js
if: needs.should-run-packaging-codescanning-config-inputs-js.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -148,3 +176,23 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-packaging-codescanning-config-inputs-js:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: default
- os: ubuntu-latest
version: nightly-latest
name: 'Packaging: Config and input passed to the CLI'
needs:
- should-run-packaging-codescanning-config-inputs-js
if: needs.should-run-packaging-codescanning-config-inputs-js.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__packaging-config-inputs-js.yml
Generated
+49 -1
View File
@@ -54,6 +54,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: packaging-config-inputs-js-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}
jobs:
should-run-packaging-config-inputs-js:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
packaging-config-inputs-js:
strategy:
fail-fast: false
@@ -66,7 +92,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: 'Packaging: Config and input'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-packaging-config-inputs-js
if: needs.should-run-packaging-config-inputs-js.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -133,3 +161,23 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-packaging-config-inputs-js:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: default
- os: ubuntu-latest
version: nightly-latest
name: 'Packaging: Config and input'
needs:
- should-run-packaging-config-inputs-js
if: needs.should-run-packaging-config-inputs-js.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__packaging-config-js.yml
Generated
+49 -1
View File
@@ -54,6 +54,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: packaging-config-js-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}
jobs:
should-run-packaging-config-js:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
packaging-config-js:
strategy:
fail-fast: false
@@ -66,7 +92,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: 'Packaging: Config file'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-packaging-config-js
if: needs.should-run-packaging-config-js.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -132,3 +160,23 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-packaging-config-js:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: default
- os: ubuntu-latest
version: nightly-latest
name: 'Packaging: Config file'
needs:
- should-run-packaging-config-js
if: needs.should-run-packaging-config-js.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__packaging-inputs-js.yml
Generated
+49 -1
View File
@@ -54,6 +54,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: packaging-inputs-js-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}
jobs:
should-run-packaging-inputs-js:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
packaging-inputs-js:
strategy:
fail-fast: false
@@ -66,7 +92,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: 'Packaging: Action input'
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-packaging-inputs-js
if: needs.should-run-packaging-inputs-js.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -132,3 +160,23 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-packaging-inputs-js:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: default
- os: ubuntu-latest
version: nightly-latest
name: 'Packaging: Action input'
needs:
- should-run-packaging-inputs-js
if: needs.should-run-packaging-inputs-js.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__remote-config.yml
Generated
+47 -1
View File
@@ -64,6 +64,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: remote-config-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}}
jobs:
should-run-remote-config:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
remote-config:
strategy:
fail-fast: false
@@ -74,7 +100,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: Remote config file
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-remote-config
if: needs.should-run-remote-config.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -114,3 +142,21 @@ jobs:
- uses: ./../action/analyze
env:
CODEQL_ACTION_TEST_MODE: true
skip-remote-config:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
name: Remote config file
needs:
- should-run-remote-config
if: needs.should-run-remote-config.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__resolve-environment-action.yml
Generated
+49 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: resolve-environment-action-${{github.ref}}
jobs:
should-run-resolve-environment-action:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
resolve-environment-action:
strategy:
fail-fast: false
@@ -46,7 +72,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: Resolve environment
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-resolve-environment-action
if: needs.should-run-resolve-environment-action.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -88,3 +116,23 @@ jobs:
run: exit 1
env:
CODEQL_ACTION_TEST_MODE: true
skip-resolve-environment-action:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: default
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
name: Resolve environment
needs:
- should-run-resolve-environment-action
if: needs.should-run-resolve-environment-action.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__rubocop-multi-language.yml
Generated
+45 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: rubocop-multi-language-${{github.ref}}
jobs:
should-run-rubocop-multi-language:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
rubocop-multi-language:
strategy:
fail-fast: false
@@ -42,7 +68,9 @@ jobs:
- os: ubuntu-latest
version: default
name: RuboCop multi-language
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-rubocop-multi-language
if: needs.should-run-rubocop-multi-language.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -77,3 +105,19 @@ jobs:
sarif_file: rubocop.sarif
env:
CODEQL_ACTION_TEST_MODE: true
skip-rubocop-multi-language:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: default
name: RuboCop multi-language
needs:
- should-run-rubocop-multi-language
if: needs.should-run-rubocop-multi-language.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__ruby.yml
Generated
+55 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: ruby-${{github.ref}}
jobs:
should-run-ruby:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
ruby:
strategy:
fail-fast: false
@@ -52,7 +78,9 @@ jobs:
- os: macos-latest
version: nightly-latest
name: Ruby analysis
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-ruby
if: needs.should-run-ruby.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -85,3 +113,29 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-ruby:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: macos-latest
version: linked
- os: ubuntu-latest
version: default
- os: macos-latest
version: default
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
name: Ruby analysis
needs:
- should-run-ruby
if: needs.should-run-ruby.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__rust.yml
Generated
+53 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: rust-${{github.ref}}
jobs:
should-run-rust:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
rust:
strategy:
fail-fast: false
@@ -50,7 +76,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: Rust analysis
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-rust
if: needs.should-run-rust.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -83,3 +111,27 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-rust:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: stable-v2.19.3
- os: ubuntu-latest
version: stable-v2.22.1
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: default
- os: ubuntu-latest
version: nightly-latest
name: Rust analysis
needs:
- should-run-rust
if: needs.should-run-rust.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__split-workflow.yml
Generated
+55 -1
View File
@@ -54,6 +54,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: split-workflow-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}
jobs:
should-run-split-workflow:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
split-workflow:
strategy:
fail-fast: false
@@ -72,7 +98,9 @@ jobs:
- os: macos-latest
version: nightly-latest
name: Split workflow
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-split-workflow
if: needs.should-run-split-workflow.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -136,3 +164,29 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-split-workflow:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: macos-latest
version: linked
- os: ubuntu-latest
version: default
- os: macos-latest
version: default
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
name: Split workflow
needs:
- should-run-split-workflow
if: needs.should-run-split-workflow.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__start-proxy.yml
Generated
+49 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: start-proxy-${{github.ref}}
jobs:
should-run-start-proxy:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
start-proxy:
strategy:
fail-fast: false
@@ -46,7 +72,9 @@ jobs:
- os: windows-latest
version: linked
name: Start proxy
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-start-proxy
if: needs.should-run-start-proxy.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -84,3 +112,23 @@ jobs:
run: exit 1
env:
CODEQL_ACTION_TEST_MODE: true
skip-start-proxy:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: macos-latest
version: linked
- os: windows-latest
version: linked
name: Start proxy
needs:
- should-run-start-proxy
if: needs.should-run-start-proxy.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__submit-sarif-failure.yml
Generated
+49 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: submit-sarif-failure-${{github.ref}}
jobs:
should-run-submit-sarif-failure:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
submit-sarif-failure:
strategy:
fail-fast: false
@@ -46,7 +72,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: Submit SARIF after failure
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-submit-sarif-failure
if: needs.should-run-submit-sarif-failure.outputs.run-check == 'true'
permissions:
contents: read
security-events: write
@@ -85,3 +113,23 @@ jobs:
CODEQL_ACTION_UPLOAD_FAILED_SARIF: true
CODEQL_ACTION_TEST_MODE: false
CODEQL_ACTION_TESTING_ENVIRONMENT: codeql-action-pr-checks
skip-submit-sarif-failure:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: default
- os: ubuntu-latest
version: nightly-latest
name: Submit SARIF after failure
needs:
- should-run-submit-sarif-failure
if: needs.should-run-submit-sarif-failure.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__swift-autobuild.yml
Generated
+45 -1
View File
@@ -34,6 +34,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: swift-autobuild-${{github.ref}}
jobs:
should-run-swift-autobuild:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
swift-autobuild:
strategy:
fail-fast: false
@@ -42,7 +68,9 @@ jobs:
- os: macos-latest
version: nightly-latest
name: Swift analysis using autobuild
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-swift-autobuild
if: needs.should-run-swift-autobuild.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -81,3 +109,19 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-swift-autobuild:
strategy:
fail-fast: false
matrix:
include:
- os: macos-latest
version: nightly-latest
name: Swift analysis using autobuild
needs:
- should-run-swift-autobuild
if: needs.should-run-swift-autobuild.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__swift-custom-build.yml
Generated
+49 -1
View File
@@ -54,6 +54,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: swift-custom-build-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}
jobs:
should-run-swift-custom-build:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
swift-custom-build:
strategy:
fail-fast: false
@@ -66,7 +92,9 @@ jobs:
- os: macos-latest
version: nightly-latest
name: Swift analysis using a custom build command
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-swift-custom-build
if: needs.should-run-swift-custom-build.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -117,3 +145,23 @@ jobs:
env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true
skip-swift-custom-build:
strategy:
fail-fast: false
matrix:
include:
- os: macos-latest
version: linked
- os: macos-latest
version: default
- os: macos-latest
version: nightly-latest
name: Swift analysis using a custom build command
needs:
- should-run-swift-custom-build
if: needs.should-run-swift-custom-build.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__unset-environment.yml
Generated
+47 -1
View File
@@ -64,6 +64,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: unset-environment-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}}
jobs:
should-run-unset-environment:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
unset-environment:
strategy:
fail-fast: false
@@ -74,7 +100,9 @@ jobs:
- os: ubuntu-latest
version: nightly-latest
name: Test unsetting environment variables
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-unset-environment
if: needs.should-run-unset-environment.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -156,3 +184,21 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-unset-environment:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
name: Test unsetting environment variables
needs:
- should-run-unset-environment
if: needs.should-run-unset-environment.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__upload-ref-sha-input.yml
Generated
+45 -1
View File
@@ -64,6 +64,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: upload-ref-sha-input-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}}
jobs:
should-run-upload-ref-sha-input:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
upload-ref-sha-input:
strategy:
fail-fast: false
@@ -72,7 +98,9 @@ jobs:
- os: ubuntu-latest
version: default
name: "Upload-sarif: 'ref' and 'sha' from inputs"
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-upload-ref-sha-input
if: needs.should-run-upload-ref-sha-input.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -121,3 +149,19 @@ jobs:
sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
env:
CODEQL_ACTION_TEST_MODE: true
skip-upload-ref-sha-input:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: default
name: "Upload-sarif: 'ref' and 'sha' from inputs"
needs:
- should-run-upload-ref-sha-input
if: needs.should-run-upload-ref-sha-input.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__upload-sarif.yml
Generated
+52 -1
View File
@@ -64,6 +64,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: upload-sarif-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}}
jobs:
should-run-upload-sarif:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
upload-sarif:
strategy:
fail-fast: false
@@ -79,7 +105,9 @@ jobs:
version: default
analysis-kinds: code-scanning,code-quality
name: Test different uses of `upload-sarif`
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-upload-sarif
if: needs.should-run-upload-sarif.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -186,3 +214,26 @@ jobs:
run: exit 1
env:
CODEQL_ACTION_TEST_MODE: true
skip-upload-sarif:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: default
analysis-kinds: code-scanning
- os: ubuntu-latest
version: default
analysis-kinds: code-quality
- os: ubuntu-latest
version: default
analysis-kinds: code-scanning,code-quality
name: Test different uses of `upload-sarif`
needs:
- should-run-upload-sarif
if: needs.should-run-upload-sarif.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
.github/workflows/__with-checkout-path.yml
Generated
+45 -1
View File
@@ -64,6 +64,32 @@ concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
group: with-checkout-path-${{github.ref}}-${{inputs.dotnet-version}}-${{inputs.go-version}}-${{inputs.python-version}}
jobs:
should-run-with-checkout-path:
name: Decide whether to run this check
timeout-minutes: 10
runs-on: ubuntu-slim
if: github.triggering_actor != 'dependabot[bot]'
outputs:
run-check: ${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}
steps:
- name: Run check if this is not a PR
id: event-type-check
if: github.event_name != 'pull_request'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
- name: Check out repository
if: github.event_name == 'pull_request'
uses: actions/checkout@v6
- name: Determine changed files
id: changed-files
if: github.event_name == 'pull_request'
uses: ./.github/actions/changed-files
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
exclude: '["README.md"]'
- name: Run check because of changed files
id: changed-files-check
if: github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'
run: echo "run-check=true" >> "$GITHUB_OUTPUT"
with-checkout-path:
strategy:
fail-fast: false
@@ -72,7 +98,9 @@ jobs:
- os: ubuntu-latest
version: linked
name: Use a custom `checkout_path`
if: github.triggering_actor != 'dependabot[bot]'
needs:
- should-run-with-checkout-path
if: needs.should-run-with-checkout-path.outputs.run-check == 'true'
permissions:
contents: read
security-events: read
@@ -164,3 +192,19 @@ jobs:
fi
env:
CODEQL_ACTION_TEST_MODE: true
skip-with-checkout-path:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
name: Use a custom `checkout_path`
needs:
- should-run-with-checkout-path
if: needs.should-run-with-checkout-path.outputs.run-check != 'true'
timeout-minutes: 5
runs-on: ubuntu-slim
steps:
- name: Success
run: exit 0
pr-checks/sync.ts
+77 -1
View File
@@ -387,6 +387,7 @@ function getSetupSteps(checkSpecification: JobSpecification): {
function generateJob(
specDocument: yaml.Document,
checkSpecification: Specification,
checkName: string,
) {
const matrix: Array<Record<string, any>> =
generateJobMatrix(checkSpecification);
@@ -444,7 +445,8 @@ function generateJob(
},
},
name: checkSpecification.name,
if: "github.triggering_actor != 'dependabot[bot]'",
needs: [`should-run-${checkName}`],
if: `needs.should-run-${checkName}.outputs.run-check == 'true'`,
permissions: {
contents: "read",
"security-events": "read",
@@ -472,6 +474,74 @@ function generateJob(
return { checkJob, workflowInputs };
}
function generateChangedFilesJob(checkSpecification: Specification) {
const changedFilesJob: Record<string, any> = {
name: "Decide whether to run this check",
"timeout-minutes": 10,
"runs-on": "ubuntu-slim",
if: "github.triggering_actor != 'dependabot[bot]'",
outputs: {
"run-check":
"${{ steps.changed-files-check.outputs.run-check || steps.event-type-check.outputs.run-check }}",
},
steps: [
{
name: "Run check if this is not a PR",
id: "event-type-check",
if: "github.event_name != 'pull_request'",
run: 'echo "run-check=true" >> "$GITHUB_OUTPUT"',
},
{
name: "Check out repository",
if: "github.event_name == 'pull_request'",
uses: "actions/checkout@v6",
},
{
name: "Determine changed files",
id: "changed-files",
if: "github.event_name == 'pull_request'",
uses: "./.github/actions/changed-files",
with: {
"github-token": "${{ secrets.GITHUB_TOKEN }}",
exclude: JSON.stringify(["README.md"]),
},
},
{
name: "Run check because of changed files",
id: "changed-files-check",
if: "github.event_name != 'pull_request' && steps.changed-files.outputs.files != '[]'",
run: 'echo "run-check=true" >> "$GITHUB_OUTPUT"',
},
],
};
return changedFilesJob;
}
function generateSkipJob(checkSpecification: Specification, checkName: string) {
const matrix: Array<Record<string, any>> =
generateJobMatrix(checkSpecification);
const skipJob: Record<string, any> = {
strategy: {
"fail-fast": false,
matrix: {
include: matrix,
},
},
// This has to be the same as for the main job.
name: checkSpecification.name,
needs: [`should-run-${checkName}`],
if: `needs.should-run-${checkName}.outputs.run-check != 'true'`,
"timeout-minutes": 5,
// Since we are not actually doing anything, we don't need to run on `matrix.os`
"runs-on": "ubuntu-slim",
steps: [{ name: "Success", run: "exit 0" }],
};
return skipJob;
}
/** Generates a validation job. */
function generateValidationJob(
specDocument: yaml.Document,
@@ -593,6 +663,7 @@ function main(): void {
const { checkJob, workflowInputs } = generateJob(
specDocument,
checkSpecification,
checkName,
);
const { validationJobs, workflowInputs: validationJobInputs } =
generateValidationJobs(specDocument, checkSpecification, checkName);
@@ -611,6 +682,9 @@ function main(): void {
});
}
const shouldRunJob = generateChangedFilesJob(checkSpecification);
const skipJob = generateSkipJob(checkSpecification, checkName);
let extraGroupName = "";
for (const inputName of Object.keys(combinedInputs)) {
extraGroupName += "-${{inputs." + inputName + "}}";
@@ -654,7 +728,9 @@ function main(): void {
group: checkName + "-${{github.ref}}" + extraGroupName,
},
jobs: {
["should-run-" + checkName]: shouldRunJob,
[checkName]: checkJob,
["skip-" + checkName]: skipJob,
...validationJobs,
},
};