mirror of
https://github.com/github/codeql-action.git
synced 2026-05-08 23:00:26 +00:00
Initial commit
This commit is contained in:
anaarmas
@@ -0,0 +1,15 @@
|
||||
name: "CodeQL action"
|
||||
|
||||
on: [push]
|
||||
|
||||
jobs:
|
||||
build:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v1
|
||||
- uses: ./codeql/init
|
||||
with:
|
||||
config-file: ./.github/codeql/codeql-config.yml
|
||||
- uses: ./codeql/finish
|
||||
@@ -0,0 +1,36 @@
|
||||
name: "Integration Testing"
|
||||
|
||||
on: [push]
|
||||
|
||||
# Adding new repositories to be integration tested
|
||||
# 0) Repo needs to be set up with the codeql action working (e.g. have a CODEQL_SSH_KEY as a secret)
|
||||
# https://github.com/github/dsp-code-scanning/issues/312#issuecomment-577631601
|
||||
# 1) Add the `codeql-testuser` to the repository with WRITE permissions (Important!)
|
||||
# 2) Put a copy of the workflow as `.github/workflows/integration-test.yml` in the target repo. You can find a copy of the workflow here: https://raw.githubusercontent.com/Anthophila/amazon-cognito-js-copy/master/.github/workflows/integration-test.ym
|
||||
# 3) Copy and paste the block below filling in the repo owner/name
|
||||
# curl -X POST \
|
||||
# -H "Authorization: Bearer ${{ secrets.CODEQL_TESTING_TOKEN }}" \
|
||||
# -H "Accept: application/vnd.github.everest-preview+json" \
|
||||
# https://api.github.com/repos/OWNER/NAME/dispatches \
|
||||
# -d '{"event_type":"codeql-integration","client_payload": {"sha": "${{ github.sha }}"}}'
|
||||
|
||||
# add another job that creates a new check suite using the API, send check suite id in our payload
|
||||
|
||||
jobs:
|
||||
dispatch-events:
|
||||
if: github.event.repository.full_name == 'github/codeql-action'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Send repository dispatch events
|
||||
run: |
|
||||
curl -X POST \
|
||||
-H "Authorization: Bearer ${{ secrets.CODEQL_TESTING_TOKEN }}" \
|
||||
-H "Accept: application/vnd.github.everest-preview+json" \
|
||||
https://api.github.com/repos/Anthophila/amazon-cognito-js-copy/dispatches \
|
||||
-d '{"event_type":"codeql-integration","client_payload": {"sha": "${{ github.sha }}"}}'
|
||||
|
||||
curl -X POST \
|
||||
-H "Authorization: Bearer ${{ secrets.CODEQL_TESTING_TOKEN }}" \
|
||||
-H "Accept: application/vnd.github.everest-preview+json" \
|
||||
https://api.github.com/repos/Anthophila/electron-test-action/dispatches \
|
||||
-d '{"event_type":"codeql-integration","client_payload": {"sha": "${{ github.sha }}"}}'
|
||||
@@ -0,0 +1,27 @@
|
||||
name: "Check generated JavaScript"
|
||||
|
||||
on: [pull_request]
|
||||
|
||||
jobs:
|
||||
check-js:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v1
|
||||
- name: Check generated JavaScript
|
||||
run: |
|
||||
# Sanity check that repo is clean to start with
|
||||
if [ ! -z "$(git status --porcelain)" ]; then
|
||||
# If we get a fail here then this workflow needs attention...
|
||||
>&2 echo "Failed: Repo should be clean before testing!"
|
||||
exit 1
|
||||
fi
|
||||
# Generate the JavaScript files
|
||||
npm run-script build
|
||||
# Check that repo is still clean
|
||||
if [ ! -z "$(git status --porcelain)" ]; then
|
||||
# If we get a fail here then the PR needs attention
|
||||
>&2 echo "Failed: JavaScript files are not up to date. Run 'npm run-script build' to update"
|
||||
exit 1
|
||||
fi
|
||||
echo "Success: JavaScript files are up to date"
|
||||
@@ -0,0 +1,32 @@
|
||||
# Mirror changes to this repo to Anthophila/codeql-action
|
||||
# whenever a PR is merged into master.
|
||||
name: "Mirror to Anthophila/codeql-action"
|
||||
|
||||
# TODO change to trigger when master branch pushed/PR-merged
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- master
|
||||
|
||||
jobs:
|
||||
mirror:
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v1
|
||||
- name: Mirror
|
||||
run: |
|
||||
# Only run if running on private repo
|
||||
if [ "${{ github.event.repository.full_name }}" == "github/codeql-action" ]; then
|
||||
# setup deploy key
|
||||
mkdir -p ~/.ssh
|
||||
echo "${{ secrets.DEPLOY_KEY }}" > ~/.ssh/id_rsa
|
||||
chmod 600 ~/.ssh/id_rsa
|
||||
# add public repo as remote and push to it
|
||||
git checkout master
|
||||
git remote add public git@github.com:Anthophila/codeql-action.git
|
||||
git push public master
|
||||
else
|
||||
echo "This workflow should only run on github/codeql-action"
|
||||
fi
|
||||
@@ -0,0 +1,12 @@
|
||||
name: "npm run-script test"
|
||||
|
||||
on: [push]
|
||||
|
||||
jobs:
|
||||
npm-test:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v1
|
||||
- name: npm run-script test
|
||||
run: npm run-script test
|
||||
@@ -0,0 +1,12 @@
|
||||
name: "TSLint"
|
||||
|
||||
on: [push]
|
||||
|
||||
jobs:
|
||||
tslint:
|
||||
runs-on: ubuntu-latest
|
||||
|
||||
steps:
|
||||
- uses: actions/checkout@v1
|
||||
- name: tslint
|
||||
run: npm run-script lint
|
||||
Reference in New Issue
Block a user