diff --git a/.github/workflows/__debug-artifacts.yml b/.github/workflows/__debug-artifacts.yml deleted file mode 100644 index fe873d251..000000000 --- a/.github/workflows/__debug-artifacts.yml +++ /dev/null @@ -1,77 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: PR Check - Debug artifact upload -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - v1 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - debug-artifacts: - strategy: - matrix: - version: - - stable-20201028 - - stable-20210319 - - stable-20210809 - - cached - - latest - - nightly-latest - os: [ubuntu-latest, macos-latest] - name: Debug artifact upload - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - name: Initialize dotnet - run: dotnet restore - - uses: ./../action/init - with: - tools: ${{ steps.prepare-test.outputs.tools-url }} - debug: true - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - id: analysis - - uses: actions/download-artifact@v2 - with: - name: debug-artifacts-${{ matrix.os }}-${{ matrix.version }} - - shell: bash - run: | - LANGUAGES="cpp csharp go java javascript python" - for language in $LANGUAGES; do - echo "Checking $language" - if [[ ! -f "$language.sarif" ]] ; then - echo "Missing a SARIF file for $language" - exit 1 - fi - if [[ ! -f "$language.zip" ]] ; then - echo "Missing a database bundle for $language" - exit 1 - fi - if [[ ! -d "$language/log" ]] ; then - echo "Missing logs for $language" - exit 1 - fi - done - env: - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/__extractor-ram-threads.yml b/.github/workflows/__extractor-ram-threads.yml deleted file mode 100644 index dd916d568..000000000 --- a/.github/workflows/__extractor-ram-threads.yml +++ /dev/null @@ -1,63 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: PR Check - Extractor ram and threads options test -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - v1 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - extractor-ram-threads: - strategy: - matrix: - version: [latest] - os: [ubuntu-latest] - name: Extractor ram and threads options test - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - uses: ./../action/init - with: - languages: java - ram: 230 - threads: 1 - - name: Assert Results - shell: bash - run: | - if [ "${CODEQL_RAM}" != "230" ]; then - echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230" - exit 1 - fi - if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then - echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230" - exit 1 - fi - if [ "${CODEQL_THREADS}" != "1" ]; then - echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1" - exit 1 - fi - if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then - echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1" - exit 1 - fi - env: - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml deleted file mode 100644 index 5f700d23b..000000000 --- a/.github/workflows/__go-custom-queries.yml +++ /dev/null @@ -1,64 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: 'PR Check - Go: Custom queries' -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - v1 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - go-custom-queries: - strategy: - matrix: - version: - - stable-20201028 - - stable-20210319 - - stable-20210809 - - cached - - latest - - nightly-latest - os: - - ubuntu-latest - - macos-latest - - windows-latest - name: 'Go: Custom queries' - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - name: Initialize dotnet - run: dotnet restore - - uses: actions/setup-go@v2 - with: - go-version: ^1.13.1 - - uses: ./../action/init - with: - languages: go - config-file: ./.github/codeql/custom-queries.yml - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - env: - TEST_MODE: true - env: - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/__go-custom-tracing-autobuild.yml b/.github/workflows/__go-custom-tracing-autobuild.yml deleted file mode 100644 index 6d2da9331..000000000 --- a/.github/workflows/__go-custom-tracing-autobuild.yml +++ /dev/null @@ -1,64 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: 'PR Check - Go: Autobuild custom tracing' -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - v1 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - go-custom-tracing-autobuild: - strategy: - matrix: - version: - - stable-20201028 - - stable-20210319 - - stable-20210809 - - cached - - latest - - nightly-latest - os: [ubuntu-latest, macos-latest] - name: 'Go: Autobuild custom tracing' - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - uses: actions/setup-go@v2 - with: - go-version: ^1.13.1 - - uses: ./../action/init - with: - languages: go - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/autobuild - - uses: ./../action/analyze - env: - TEST_MODE: true - - shell: bash - run: | - cd "$RUNNER_TEMP/codeql_databases" - if [[ ! -d go ]]; then - echo "Did not find a Go database" - exit 1 - fi - env: - CODEQL_EXTRACTOR_GO_BUILD_TRACING: 'true' - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/__go-custom-tracing.yml b/.github/workflows/__go-custom-tracing.yml deleted file mode 100644 index 49bf78e67..000000000 --- a/.github/workflows/__go-custom-tracing.yml +++ /dev/null @@ -1,62 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: 'PR Check - Go: Custom tracing' -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - v1 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - go-custom-tracing: - strategy: - matrix: - version: - - stable-20201028 - - stable-20210319 - - stable-20210809 - - cached - - latest - - nightly-latest - os: - - ubuntu-latest - - macos-latest - - windows-latest - name: 'Go: Custom tracing' - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - uses: actions/setup-go@v2 - with: - go-version: ^1.13.1 - - uses: ./../action/init - with: - languages: go - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: go build main.go - - uses: ./../action/analyze - env: - TEST_MODE: true - env: - CODEQL_EXTRACTOR_GO_BUILD_TRACING: 'true' - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/__javascript-source-root.yml b/.github/workflows/__javascript-source-root.yml deleted file mode 100644 index 44260b80b..000000000 --- a/.github/workflows/__javascript-source-root.yml +++ /dev/null @@ -1,61 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: PR Check - Custom source root -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - v1 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - javascript-source-root: - strategy: - matrix: - version: [latest, cached, nightly-latest] # This feature is not compatible with old CLIs - os: [ubuntu-latest] - name: Custom source root - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - name: Move codeql-action - shell: bash - run: | - mkdir ../new-source-root - mv * ../new-source-root - - uses: ./../action/init - with: - languages: javascript - source-root: ../new-source-root - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/analyze - with: - skip-queries: true - upload: false - - name: Assert database exists - shell: bash - run: | - cd "$RUNNER_TEMP/codeql_databases" - if [[ ! -d javascript ]]; then - echo "Did not find a JavaScript database" - exit 1 - fi - env: - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml deleted file mode 100644 index 4e0b064f0..000000000 --- a/.github/workflows/__multi-language-autodetect.yml +++ /dev/null @@ -1,90 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: PR Check - Multi-language repository -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - v1 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - multi-language-autodetect: - strategy: - matrix: - version: - - stable-20201028 - - stable-20210319 - - stable-20210809 - - cached - - latest - - nightly-latest - os: [ubuntu-latest, macos-latest] - name: Multi-language repository - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - name: Initialize dotnet - run: dotnet restore - - uses: ./../action/init - with: - db-location: ${{ runner.temp }}/customDbLocation - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - id: analysis - env: - TEST_MODE: true - - shell: bash - run: | - CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} - if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for CPP, or created it in the wrong location." - exit 1 - fi - CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }} - if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for C Sharp, or created it in the wrong location." - exit 1 - fi - GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }} - if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Go, or created it in the wrong location." - exit 1 - fi - JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }} - if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Java, or created it in the wrong location." - exit 1 - fi - JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }} - if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Javascript, or created it in the wrong location." - exit 1 - fi - PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }} - if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Python, or created it in the wrong location." - exit 1 - fi - env: - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml deleted file mode 100644 index 7bd08c291..000000000 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ /dev/null @@ -1,69 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: 'PR Check - Packaging: Config and input' -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - v1 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - packaging-config-inputs-js: - strategy: - matrix: - version: [nightly-20210831] # This CLI version is known to work with package used in this test - os: [ubuntu-latest, macos-latest] - name: 'Packaging: Config and input' - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - name: Initialize dotnet - run: dotnet restore - - uses: ./../action/init - with: - config-file: .github/codeql/codeql-config-packaging3.yml - packs: +dsp-testing/codeql-pack1@0.1.0 - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - env: - TEST_MODE: true - - name: Assert Results - shell: bash - run: | - cd "$RUNNER_TEMP/results" - # We should have 3 hits from these rules - EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/two-block" - - # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace - RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n" " " | xargs)" - echo "Found matching rules '$RULES'" - if [ "$RULES" != "$EXPECTED_RULES" ]; then - echo "Did not match expected rules '$EXPECTED_RULES'." - exit 1 - fi - env: - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml deleted file mode 100644 index 759a08e8d..000000000 --- a/.github/workflows/__packaging-config-js.yml +++ /dev/null @@ -1,68 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: 'PR Check - Packaging: Config file' -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - v1 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - packaging-config-js: - strategy: - matrix: - version: [nightly-20210831] # This CLI version is known to work with package used in this test - os: [ubuntu-latest, macos-latest] - name: 'Packaging: Config file' - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - name: Initialize dotnet - run: dotnet restore - - uses: ./../action/init - with: - config-file: .github/codeql/codeql-config-packaging.yml - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - env: - TEST_MODE: true - - name: Assert Results - shell: bash - run: | - cd "$RUNNER_TEMP/results" - # We should have 3 hits from these rules - EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/two-block" - - # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace - RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n" " " | xargs)" - echo "Found matching rules '$RULES'" - if [ "$RULES" != "$EXPECTED_RULES" ]; then - echo "Did not match expected rules '$EXPECTED_RULES'." - exit 1 - fi - env: - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml deleted file mode 100644 index 08e724a28..000000000 --- a/.github/workflows/__packaging-inputs-js.yml +++ /dev/null @@ -1,69 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: 'PR Check - Packaging: Action input' -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - v1 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - packaging-inputs-js: - strategy: - matrix: - version: [nightly-20210831] # This CLI version is known to work with package used in this test - os: [ubuntu-latest, macos-latest] - name: 'Packaging: Action input' - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - name: Initialize dotnet - run: dotnet restore - - uses: ./../action/init - with: - config-file: .github/codeql/codeql-config-packaging2.yml - languages: javascript - packs: dsp-testing/codeql-pack1@0.1.0, dsp-testing/codeql-pack2 - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - env: - TEST_MODE: true - - name: Assert Results - shell: bash - run: | - cd "$RUNNER_TEMP/results" - # We should have 3 hits from these rules - EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/two-block" - - # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace - RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n" " " | xargs)" - echo "Found matching rules '$RULES'" - if [ "$RULES" != "$EXPECTED_RULES" ]; then - echo "Did not match expected rules '$EXPECTED_RULES'." - exit 1 - fi - env: - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml deleted file mode 100644 index 84aa3c81d..000000000 --- a/.github/workflows/__remote-config.yml +++ /dev/null @@ -1,62 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: PR Check - Remote config file -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - v1 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - remote-config: - strategy: - matrix: - version: - - stable-20201028 - - stable-20210319 - - stable-20210809 - - cached - - latest - - nightly-latest - os: - - ubuntu-latest - - macos-latest - - windows-latest - name: Remote config file - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - name: Initialize dotnet - run: dotnet restore - - uses: ./../action/init - with: - tools: ${{ steps.prepare-test.outputs.tools-url }} - languages: cpp,csharp,java,javascript,python - config-file: github/codeql-action/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ - github.sha }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - env: - TEST_MODE: true - env: - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml deleted file mode 100644 index cc8f77bb1..000000000 --- a/.github/workflows/__rubocop-multi-language.yml +++ /dev/null @@ -1,67 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: PR Check - RuboCop multi-language -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - v1 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - rubocop-multi-language: - strategy: - matrix: - version: - - stable-20201028 - - stable-20210319 - - stable-20210809 - - cached - - latest - - nightly-latest - os: [ubuntu-latest] - name: RuboCop multi-language - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - name: Set up Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: 2.6 - - name: Install Code Scanning integration - shell: bash - run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install - - name: Install dependencies - shell: bash - run: bundle install - - name: RuboCop run - shell: bash - run: | - bash -c " - bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif - [[ $? -ne 2 ]] - " - - uses: ./../action/upload-sarif - with: - sarif_file: rubocop.sarif - env: - TEST_MODE: true - env: - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml deleted file mode 100644 index 3520aca93..000000000 --- a/.github/workflows/__split-workflow.yml +++ /dev/null @@ -1,83 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: PR Check - Split workflow -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - v1 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - split-workflow: - strategy: - matrix: - version: [nightly-20210831] # This CLI version is known to work with package used in this test - os: [ubuntu-latest, macos-latest] - name: Split workflow - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - name: Initialize dotnet - run: dotnet restore - - uses: ./../action/init - with: - config-file: .github/codeql/codeql-config-packaging3.yml - packs: +dsp-testing/codeql-pack1@0.1.0 - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - with: - skip-queries: true - output: ${{ runner.temp }}/results - env: - TEST_MODE: true - - name: Assert No Results - shell: bash - run: | - if [ "$(ls -A $RUNNER_TEMP/results)" ]; then - echo "Expected results directory to be empty after skipping query execution!" - exit 1 - fi - - uses: ./../action/analyze - with: - output: ${{ runner.temp }}/results - upload-database: false - env: - TEST_MODE: true - - name: Assert Results - shell: bash - run: | - cd "$RUNNER_TEMP/results" - # We should have 3 hits from these rules - EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/two-block" - - # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace - RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n" " " | xargs)" - echo "Found matching rules '$RULES'" - if [ "$RULES" != "$EXPECTED_RULES" ]; then - echo "Did not match expected rules '$EXPECTED_RULES'." - exit 1 - fi - env: - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/__test-local-codeql.yml b/.github/workflows/__test-local-codeql.yml deleted file mode 100644 index 6d9389064..000000000 --- a/.github/workflows/__test-local-codeql.yml +++ /dev/null @@ -1,56 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: PR Check - Local CodeQL bundle -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - v1 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - test-local-codeql: - strategy: - matrix: - version: [nightly-latest] - os: [ubuntu-latest] - name: Local CodeQL bundle - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - name: Initialize dotnet - run: dotnet restore - - name: Fetch a CodeQL bundle - shell: bash - env: - CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }} - run: | - wget "$CODEQL_URL" - - uses: ./../action/init - with: - tools: ./codeql-bundle.tar.gz - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - env: - TEST_MODE: true - env: - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/__test-proxy.yml b/.github/workflows/__test-proxy.yml deleted file mode 100644 index 582104acd..000000000 --- a/.github/workflows/__test-proxy.yml +++ /dev/null @@ -1,55 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: PR Check - Proxy test -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - v1 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - test-proxy: - strategy: - matrix: - version: [latest] - os: [ubuntu-latest] - name: Proxy test - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - uses: ./../action/init - with: - languages: javascript - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/analyze - env: - TEST_MODE: true - env: - https_proxy: http://squid-proxy:3128 - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true - container: - image: ubuntu:18.04 - options: --dns 127.0.0.1 - services: - squid-proxy: - image: datadog/squid:latest - ports: - - 3128:3128 diff --git a/.github/workflows/__test-ruby.yml b/.github/workflows/__test-ruby.yml deleted file mode 100644 index 03979f130..000000000 --- a/.github/workflows/__test-ruby.yml +++ /dev/null @@ -1,56 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: PR Check - Ruby analysis -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - v1 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - test-ruby: - strategy: - matrix: - version: [latest, cached, nightly-latest] - os: [ubuntu-latest, macos-latest] - name: Ruby analysis - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - uses: ./../action/init - with: - languages: ruby - tools: ${{ steps.prepare-test.outputs.tools-url }} - - uses: ./../action/analyze - id: analysis - env: - TEST_MODE: true - - name: Check database - shell: bash - run: | - RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}" - if [[ ! -d "$RUBY_DB" ]]; then - echo "Did not create a database for Ruby." - exit 1 - fi - env: - CODEQL_ENABLE_EXPERIMENTAL_FEATURES: 'true' - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml deleted file mode 100644 index 0ca4cb25c..000000000 --- a/.github/workflows/__unset-environment.yml +++ /dev/null @@ -1,90 +0,0 @@ -# Warning: This file is generated automatically, and should not be modified. -# Instead, please modify the template in the pr-checks directory and run: -# pip install ruamel.yaml && python3 sync.py -# to regenerate this file. - -name: PR Check - Test unsetting environment variables -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - GO111MODULE: auto -on: - push: - branches: - - main - - v1 - pull_request: - types: - - opened - - synchronize - - reopened - - ready_for_review - workflow_dispatch: {} -jobs: - unset-environment: - strategy: - matrix: - version: - - stable-20201028 - - stable-20210319 - - stable-20210809 - - cached - - latest - - nightly-latest - os: [ubuntu-latest] - name: Test unsetting environment variables - runs-on: ${{ matrix.os }} - steps: - - name: Check out repository - uses: actions/checkout@v2 - - name: Prepare test - id: prepare-test - uses: ./.github/prepare-test - with: - version: ${{ matrix.version }} - - name: Initialize dotnet - run: dotnet restore - - uses: ./../action/init - with: - db-location: ${{ runner.temp }}/customDbLocation - tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Build code - shell: bash - run: env -i PATH="$PATH" HOME="$HOME" ./build.sh - - uses: ./../action/analyze - id: analysis - env: - TEST_MODE: true - - shell: bash - run: | - CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} - if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for CPP, or created it in the wrong location." - exit 1 - fi - CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }} - if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for C Sharp, or created it in the wrong location." - exit 1 - fi - GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }} - if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Go, or created it in the wrong location." - exit 1 - fi - JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }} - if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Java, or created it in the wrong location." - exit 1 - fi - JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }} - if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Javascript, or created it in the wrong location." - exit 1 - fi - PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }} - if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then - echo "Did not create a database for Python, or created it in the wrong location." - exit 1 - fi - env: - INTERNAL_CODEQL_ACTION_DEBUG_LOC: true diff --git a/.github/workflows/check-expected-release-files.yml b/.github/workflows/check-expected-release-files.yml deleted file mode 100644 index 123495e23..000000000 --- a/.github/workflows/check-expected-release-files.yml +++ /dev/null @@ -1,25 +0,0 @@ -name: Check Expected Release Files - -on: - pull_request: - paths: - - .github/workflows/check-expected-release-files.yml - - src/defaults.json - # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened - # by other workflows. - types: [opened, synchronize, reopened, ready_for_review] - -jobs: - check-expected-release-files: - runs-on: ubuntu-latest - - steps: - - name: Checkout CodeQL Action - uses: actions/checkout@v2 - - name: Check Expected Release Files - run: | - bundle_version="$(cat "./src/defaults.json" | jq -r ".bundleVersion")" - set -x - for expected_file in "codeql-bundle.tar.gz" "codeql-bundle-linux64.tar.gz" "codeql-bundle-osx64.tar.gz" "codeql-bundle-win64.tar.gz" "codeql-runner-linux" "codeql-runner-macos" "codeql-runner-win.exe"; do - curl --location --fail --head --request GET "https://github.com/github/codeql-action/releases/download/$bundle_version/$expected_file" > /dev/null - done diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 320a790e8..000000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,88 +0,0 @@ -name: "CodeQL action" - -on: - push: - branches: [main, v1] - pull_request: - branches: [main, v1] - # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened - # by other workflows. - types: [opened, synchronize, reopened, ready_for_review] - -jobs: - # Identify the CodeQL tool versions to use in the analysis job. - check-codeql-versions: - runs-on: ubuntu-latest - outputs: - versions: ${{ steps.compare.outputs.versions }} - - permissions: - security-events: write - - steps: - - uses: actions/checkout@v2 - - name: Init with default CodeQL bundle from the VM image - id: init-default - uses: ./init - with: - languages: javascript - - name: Remove empty database - # allows us to run init a second time - run: | - rm -rf "$RUNNER_TEMP/codeql_databases" - - name: Init with latest CodeQL bundle - id: init-latest - uses: ./init - with: - tools: latest - languages: javascript - - name: Compare default and latest CodeQL bundle versions - id: compare - env: - CODEQL_DEFAULT: ${{ steps.init-default.outputs.codeql-path }} - CODEQL_LATEST: ${{ steps.init-latest.outputs.codeql-path }} - run: | - CODEQL_VERSION_DEFAULT="$("$CODEQL_DEFAULT" version --format terse)" - CODEQL_VERSION_LATEST="$("$CODEQL_LATEST" version --format terse)" - echo "Default CodeQL bundle version is $CODEQL_VERSION_DEFAULT" - echo "Latest CodeQL bundle version is $CODEQL_VERSION_LATEST" - - # If we're running on a pull request, run with both bundles, even if `tools: latest` would - # be the same as `tools: null`. This allows us to make the job for each of the bundles a - # required status check. - # - # If we're running on push, then we can skip running with `tools: latest` when it would be - # the same as running with `tools: null`. - if [[ "$GITHUB_EVENT_NAME" != "pull_request" && "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then - VERSIONS_JSON='[null]' - else - VERSIONS_JSON='[null, "latest"]' - fi - - # Output a JSON-encoded list with the distinct versions to test against. - echo "Suggested matrix config for analysis job: $VERSIONS_JSON" - echo "::set-output name=versions::${VERSIONS_JSON}" - - build: - needs: [check-codeql-versions] - strategy: - matrix: - os: [ubuntu-latest,windows-latest,macos-latest] - tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }} - runs-on: ${{ matrix.os }} - - permissions: - security-events: write - - steps: - - uses: actions/checkout@v2 - - uses: ./init - id: init - with: - languages: javascript - config-file: ./.github/codeql/codeql-config.yml - tools: ${{ matrix.tools }} - # confirm steps.init.outputs.codeql-path points to the codeql binary - - name: Print CodeQL Version - run: ${{steps.init.outputs.codeql-path}} version --format=json - - uses: ./analyze diff --git a/.github/workflows/post-release-mergeback.yml b/.github/workflows/post-release-mergeback.yml deleted file mode 100644 index 636bd18d1..000000000 --- a/.github/workflows/post-release-mergeback.yml +++ /dev/null @@ -1,119 +0,0 @@ -# This workflow runs after a release of the action. -# It merges any changes from the release back into the -# main branch. Typically, this is just a single commit -# that updates the changelog. -name: Tag release and merge back - -on: - workflow_dispatch: - inputs: - baseBranch: - description: 'The base branch to merge into' - default: main - required: false - - push: - branches: - - v1 - -jobs: - merge-back: - runs-on: ubuntu-latest - if: github.repository == 'github/codeql-action' - env: - BASE_BRANCH: "${{ github.event.inputs.baseBranch || 'main' }}" - HEAD_BRANCH: "${{ github.head_ref || github.ref }}" - - steps: - - name: Dump GitHub Event context - env: - GITHUB_EVENT_CONTEXT: "${{ toJson(github.event) }}" - run: echo "$GITHUB_EVENT_CONTEXT" - - - uses: actions/checkout@v2 - - uses: actions/setup-node@v2 - - - name: Update git config - run: | - git config --global user.email "github-actions@github.com" - git config --global user.name "github-actions[bot]" - - - name: Get version and new branch - id: getVersion - run: | - VERSION="v$(jq '.version' -r 'package.json')" - SHORT_SHA="${GITHUB_SHA:0:8}" - echo "::set-output name=version::$VERSION" - NEW_BRANCH="mergeback/${VERSION}-to-${BASE_BRANCH}-${SHORT_SHA}" - echo "::set-output name=newBranch::$NEW_BRANCH" - - - - name: Dump branches - env: - NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}" - run: | - echo "BASE_BRANCH $BASE_BRANCH" - echo "HEAD_BRANCH $HEAD_BRANCH" - echo "NEW_BRANCH $NEW_BRANCH" - - - name: Create mergeback branch - env: - NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}" - run: | - git checkout -b "$NEW_BRANCH" - - - name: Check for tag - id: check - env: - VERSION: "${{ steps.getVersion.outputs.version }}" - run: | - set +e # don't fail on an errored command - git ls-remote --tags origin | grep "$VERSION" - EXISTS="$?" - if [ "$EXISTS" -eq 0 ]; then - echo "Tag $TAG exists. Not going to re-release." - echo "::set-output name=exists::true" - else - echo "Tag $TAG does not exist yet." - fi - - # we didn't tag the release during the update-release-branch workflow because the - # commit that actually makes it to the release branch is a merge commit, - # and not yet known during the first workflow. We tag now because we know the correct commit. - - name: Tag release - if: steps.check.outputs.exists != 'true' - env: - VERSION: ${{ steps.getVersion.outputs.version }} - run: | - git tag -a "$VERSION" -m "$VERSION" - git fetch --unshallow # unshallow the repo in order to allow pushes - git push origin --follow-tags "$VERSION" - - - name: Create mergeback branch - if: steps.check.outputs.exists != 'true' - env: - VERSION: "${{ steps.getVersion.outputs.version }}" - NEW_BRANCH: "${{ steps.getVersion.outputs.newBranch }}" - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - set -exu - PR_TITLE="Mergeback $VERSION $HEAD_BRANCH into $BASE_BRANCH" - PR_BODY="Updates version and changelog." - - # Update the changelog - perl -i -pe 's/^/## \[UNRELEASED\]\n\nNo user facing changes.\n\n/ if($.==3)' CHANGELOG.md - git add . - git commit -m "Update changelog and version after $VERSION" - npm version patch - - git push origin "$NEW_BRANCH" - - # PR checks won't be triggered on PRs created by Actions. Therefore mark the PR as draft - # so that a maintainer can take the PR out of draft, thereby triggering the PR checks. - gh pr create \ - --head "$NEW_BRANCH" \ - --base "$BASE_BRANCH" \ - --title "$PR_TITLE" \ - --label "Update dependencies" \ - --body "$PR_BODY" \ - --draft diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 78bc30064..02ad5d97e 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -10,347 +10,10 @@ on: workflow_dispatch: jobs: - lint-js: - name: Lint - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - name: Run Lint - run: npm run-script lint - - check-js: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - name: Check generated JS - run: .github/workflows/script/check-js.sh - - check-node-modules: - name: Check modules up to date - runs-on: macos-latest - - steps: - - uses: actions/checkout@v2 - - name: Check node modules up to date - run: .github/workflows/script/check-node-modules.sh - - verify-pr-checks: - name: Verify PR checks up to date - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.8 - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install ruamel.yaml - - name: Verify PR checks up to date - run: .github/workflows/script/verify-pr-checks.sh - - npm-test: - name: Unit Test - needs: [check-js, check-node-modules] - strategy: - matrix: - os: [ubuntu-latest, macos-latest] - runs-on: ${{ matrix.os }} - - steps: - - uses: actions/checkout@v2 - - name: npm run-script test - run: npm run-script test - - runner-analyze-javascript-ubuntu: - name: Runner ubuntu JS analyze - needs: [check-js, check-node-modules] - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: Build runner - run: | - cd runner - npm install - npm run build-runner - - - name: Run init - run: | - # Pass --config-file here, but not for other jobs in this workflow. - # This means we're testing the config file parsing in the runner - # but not slowing down all jobs unnecessarily as it doesn't add much - # testing the parsing on different operating systems and languages. - runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Run analyze - run: | - runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-javascript-windows: - name: Runner windows JS analyze - needs: [check-js, check-node-modules] - runs-on: windows-latest - - steps: - - uses: actions/checkout@v2 - - - name: Build runner - run: | - cd runner - npm install - npm run build-runner - - - name: Run init - run: | - runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages javascript --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Run analyze - run: | - runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-javascript-macos: - name: Runner macos JS analyze - needs: [check-js, check-node-modules] - runs-on: macos-latest - - steps: - - uses: actions/checkout@v2 - - - name: Build runner - run: | - cd runner - npm install - npm run build-runner - - - name: Run init - run: | - runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Run analyze - run: | - runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-csharp-ubuntu: - name: Runner ubuntu C# analyze - needs: [check-js, check-node-modules] - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - mv ../action/.github/workflows .github - - - name: Build runner - run: | - cd ../action/runner - npm install - npm run build-runner - - - name: Initialize dotnet - run: dotnet restore - - - name: Run init - run: | - ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Build code - run: | - . ./codeql-runner/codeql-env.sh - $CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false - - - name: Run analyze - run: | - ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-csharp-windows: - name: Runner windows C# analyze - needs: [check-js, check-node-modules] - runs-on: windows-latest - - steps: - - uses: actions/checkout@v2 - - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - mv ../action/.github/workflows .github - - - name: Build runner - run: | - cd ../action/runner - npm install - npm run build-runner - - - name: Initialize dotnet - run: dotnet restore - - - name: Run init - run: | - ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Build code - shell: powershell - run: | - cat ./codeql-runner/codeql-env.sh | Invoke-Expression - $Env:CODEQL_EXTRACTOR_CSHARP_ROOT = "" # Unset an environment variable to make sure the tracer resists this - & $Env:CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false - - - name: Upload tracer logs - uses: actions/upload-artifact@v2 - with: - name: tracer-logs - path: ./codeql-runner/compound-build-tracer.log - - - name: Run analyze - run: | - ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-csharp-macos: - name: Runner macos C# analyze - needs: [check-js, check-node-modules] - runs-on: macos-latest - - steps: - - uses: actions/checkout@v2 - - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - mv ../action/.github/workflows .github - - - name: Build runner - run: | - cd ../action/runner - npm install - npm run build-runner - - - name: Initialize dotnet - run: dotnet restore - - - name: Run init - run: | - ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Build code - shell: bash - run: | - . ./codeql-runner/codeql-env.sh - $CODEQL_RUNNER dotnet build /p:UseSharedCompilation=false - - - name: Run analyze - run: | - ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-csharp-autobuild-ubuntu: - name: Runner ubuntu autobuild C# analyze - needs: [check-js, check-node-modules] - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - mv ../action/.github/workflows .github - - - name: Build runner - run: | - cd ../action/runner - npm install - npm run build-runner - - - name: Run init - run: | - ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Build code - run: | - ../action/runner/dist/codeql-runner-linux autobuild - - - name: Run analyze - run: | - ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - - runner-analyze-csharp-autobuild-windows: - name: Runner windows autobuild C# analyze - needs: [check-js, check-node-modules] - runs-on: windows-latest - - steps: - - uses: actions/checkout@v2 - - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - mv ../action/.github/workflows .github - - - name: Build runner - run: | - cd ../action/runner - npm install - npm run build-runner - - - name: Run init - run: | - ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Build code - shell: powershell - run: | - ../action/runner/dist/codeql-runner-win.exe autobuild - - - name: Run analyze - run: | - ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }} - env: - TEST_MODE: true - runner-analyze-csharp-autobuild-macos: name: Runner macos autobuild C# analyze - needs: [check-js, check-node-modules] runs-on: macos-latest - env: - ACTIONS_RUNNER_DEBUG: 1 steps: - uses: actions/checkout@v2 @@ -385,64 +48,3 @@ jobs: ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} env: TEST_MODE: true - - runner-upload-sarif: - name: Runner upload sarif - needs: [check-js, check-node-modules] - runs-on: ubuntu-latest - - if: ${{ github.event_name != 'pull_request' || github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id }} - - steps: - - uses: actions/checkout@v2 - - - name: Build runner - run: | - cd runner - npm install - npm run build-runner - - - name: Upload with runner - run: | - # Deliberately don't use TEST_MODE here. This is specifically testing - # the compatibility with the API. - runner/dist/codeql-runner-linux upload --sarif-file src/testdata/empty-sarif.sarif --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - runner-extractor-ram-threads-options: - name: Runner ubuntu extractor RAM and threads options - needs: [check-js, check-node-modules] - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v2 - - - name: Build runner - run: | - cd runner - npm install - npm run build-runner - - - name: Run init - run: | - runner/dist/codeql-runner-linux init --ram=230 --threads=1 --repository $GITHUB_REPOSITORY --languages java --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} - - - name: Assert Results - shell: bash - run: | - . ./codeql-runner/codeql-env.sh - if [ "${CODEQL_RAM}" != "230" ]; then - echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230" - exit 1 - fi - if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then - echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230" - exit 1 - fi - if [ "${CODEQL_THREADS}" != "1" ]; then - echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1" - exit 1 - fi - if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then - echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1" - exit 1 - fi diff --git a/.github/workflows/python-deps.yml b/.github/workflows/python-deps.yml deleted file mode 100644 index 0e3e65664..000000000 --- a/.github/workflows/python-deps.yml +++ /dev/null @@ -1,157 +0,0 @@ -name: Test Python Package Installation on Linux and Mac - -on: - push: - branches: [main, v1] - pull_request: - # Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened - # by other workflows. - types: [opened, synchronize, reopened, ready_for_review] - -jobs: - test-setup-python-scripts: - runs-on: ${{ matrix.os }} - strategy: - fail-fast: false - matrix: - os: [ubuntu-latest, macos-latest] - python_deps_type: [pipenv, poetry, requirements, setup_py] - python_version: [2, 3] - - env: - PYTHON_DEPS_TYPE: ${{ matrix.python_deps_type }} - PYTHON_VERSION: ${{ matrix.python_version }} - - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - - name: Initialize CodeQL - uses: ./init - id: init - with: - tools: latest - languages: python - setup-python-dependencies: false - - - name: Test Auto Package Installation - run: | - set -x - $GITHUB_WORKSPACE/python-setup/install_tools.sh - - cd $GITHUB_WORKSPACE/python-setup/tests/${PYTHON_DEPS_TYPE}/requests-${PYTHON_VERSION} - - case ${{ matrix.os }} in - ubuntu-latest*) basePath="/opt";; - macos-latest*) basePath="/Users/runner";; - esac - echo ${basePath} - - $GITHUB_WORKSPACE/python-setup/auto_install_packages.py "$(dirname ${{steps.init.outputs.codeql-path}})" - - name: Setup for extractor - run: | - echo $CODEQL_PYTHON - # only run if $CODEQL_PYTHON is set - if [ ! -z $CODEQL_PYTHON ]; then - $GITHUB_WORKSPACE/python-setup/tests/from_python_exe.py $CODEQL_PYTHON; - fi - - - name: Verify packages installed - run: | - $GITHUB_WORKSPACE/python-setup/tests/check_requests_2_26_0.sh ${PYTHON_VERSION} - - # This one shouldn't fail, but also won't install packages - test-setup-python-scripts-non-standard-location: - runs-on: ${{ matrix.os }} - strategy: - fail-fast: false - matrix: - os: [ubuntu-latest, macos-latest] - - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - - name: Initialize CodeQL - uses: ./init - id: init - with: - tools: latest - languages: python - setup-python-dependencies: false - - - name: Test Auto Package Installation - run: | - set -x - $GITHUB_WORKSPACE/python-setup/install_tools.sh - - cd $GITHUB_WORKSPACE/python-setup/tests/requirements/non-standard-location - - case ${{ matrix.os }} in - ubuntu-latest*) basePath="/opt";; - macos-latest*) basePath="/Users/runner";; - esac - echo ${basePath} - - $GITHUB_WORKSPACE/python-setup/auto_install_packages.py "$(dirname ${{steps.init.outputs.codeql-path}})" - - - name: Setup for extractor - run: | - echo $CODEQL_PYTHON - # only run if $CODEQL_PYTHON is set - if [ ! -z $CODEQL_PYTHON ]; then - $GITHUB_WORKSPACE/python-setup/tests/from_python_exe.py $CODEQL_PYTHON; - fi - - - name: Verify packages installed - run: | - test -z $LGTM_INDEX_IMPORT_PATH - - test-setup-python-scripts-windows: - runs-on: windows-latest - strategy: - fail-fast: false - matrix: - python_deps_type: [pipenv, poetry, requirements, setup_py] - python_version: [2, 3] - - env: - PYTHON_DEPS_TYPE: ${{ matrix.python_deps_type }} - PYTHON_VERSION: ${{ matrix.python_version }} - - steps: - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - - uses: actions/checkout@v2 - - - uses: actions/setup-python@v2 - with: - python-version: ${{ matrix.python-version }} - - - name: Initialize CodeQL - uses: ./init - with: - tools: latest - languages: python - setup-python-dependencies: false - - - name: Test Auto Package Installation - run: | - $cmd = $Env:GITHUB_WORKSPACE + "\\python-setup\\install_tools.ps1" - powershell -File $cmd - - cd $Env:GITHUB_WORKSPACE\\python-setup/tests/$Env:PYTHON_DEPS_TYPE/requests-$Env:PYTHON_VERSION - $DefaultsPath = Join-Path (Join-Path $Env:GITHUB_WORKSPACE "src") "defaults.json" - $CodeQLBundleName = (Get-Content -Raw -Path $DefaultsPath | ConvertFrom-Json).bundleVersion - $CodeQLVersion = "0.0.0-" + $CodeQLBundleName.split("-")[-1] - py -3 $Env:GITHUB_WORKSPACE\\python-setup\\auto_install_packages.py C:\\hostedtoolcache\\windows\\CodeQL\\$CodeQLVersion\\x64\\codeql - - - name: Setup for extractor - run: | - echo $Env:CODEQL_PYTHON - - py -3 $Env:GITHUB_WORKSPACE\\python-setup\\tests\\from_python_exe.py $Env:CODEQL_PYTHON - - - name: Verify packages installed - run: | - $cmd = $Env:GITHUB_WORKSPACE + "\\python-setup\\tests\\check_requests_2_26_0.ps1" - powershell -File $cmd $Env:PYTHON_VERSION diff --git a/.github/workflows/release-runner.yml b/.github/workflows/release-runner.yml deleted file mode 100644 index 1ef0b7899..000000000 --- a/.github/workflows/release-runner.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: Release runner - -on: - workflow_dispatch: - inputs: - bundle-tag: - description: 'Tag of the bundle release (e.g., "codeql-bundle-20200826")' - required: false - -jobs: - release-runner: - runs-on: ubuntu-latest - env: - RELEASE_TAG: "${{ github.event.inputs.bundle-tag }}" - - strategy: - matrix: - extension: ["linux", "macos", "win.exe"] - - steps: - - uses: actions/checkout@v2 - - - name: Build runner - run: | - cd runner - npm install - npm run build-runner - - - uses: actions/upload-artifact@v2 - with: - name: codeql-runner-${{matrix.extension}} - path: runner/dist/codeql-runner-${{matrix.extension}} - - - name: Resolve Upload URL for the release - if: ${{ github.event.inputs.bundle-tag != null }} - id: save_url - run: | - UPLOAD_URL=$(curl -sS \ - "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/tags/${RELEASE_TAG}" \ - -H "Accept: application/json" \ - -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" | jq .upload_url | sed s/\"//g) - echo ${UPLOAD_URL} - echo "::set-output name=upload_url::${UPLOAD_URL}" - - - name: Upload Platform Package - if: ${{ github.event.inputs.bundle-tag != null }} - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.save_url.outputs.upload_url }} - asset_path: runner/dist/codeql-runner-${{matrix.extension}} - asset_name: codeql-runner-${{matrix.extension}} - asset_content_type: application/octet-stream diff --git a/.github/workflows/split.yml b/.github/workflows/split.yml deleted file mode 100644 index 547ac1fba..000000000 --- a/.github/workflows/split.yml +++ /dev/null @@ -1,73 +0,0 @@ -# -# Split the CodeQL Bundle into platform bundles -# -# Instructions: -# 1. Upload the new codeql-bundle (codeql-bundle.tar.gz) as an asset of the -# release (codeql-bundle-20200826) -# 2. Take note of the CLI Release used by the bundle (e.g., v2.2.5) -# 3. Manually launch this workflow file (via the Actions UI) specifying -# - The CLI Release (e.g., v2.2.5) -# - The release tag (e.g., codeql-bundle-20200826) -# 4. If everything succeeds you should see 3 new assets. -# - -name: Split Bundle - -on: - workflow_dispatch: - inputs: - cli-release: - description: 'CodeQL CLI Release (e.g., "v2.2.5")' - required: true - bundle-tag: - description: 'Tag of the bundle release (e.g., "codeql-bundle-20200826")' - required: true - -jobs: - build: - runs-on: ubuntu-latest - env: - CLI_RELEASE: "${{ github.event.inputs.cli-release }}" - RELEASE_TAG: "${{ github.event.inputs.bundle-tag }}" - - strategy: - fail-fast: false - matrix: - platform: ["linux64", "osx64", "win64"] - - steps: - - name: Resolve Upload URL for the release - id: save_url - run: | - UPLOAD_URL=$(curl -sS \ - "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/tags/${RELEASE_TAG}" \ - -H "Accept: application/json" \ - -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" | jq .upload_url | sed s/\"//g) - echo ${UPLOAD_URL} - echo "::set-output name=upload_url::${UPLOAD_URL}" - - - name: Download CodeQL CLI and Bundle - run: | - wget --no-verbose "https://github.com/${GITHUB_REPOSITORY}/releases/download/${RELEASE_TAG}/codeql-bundle.tar.gz" - wget --no-verbose "https://github.com/github/codeql-cli-binaries/releases/download/${CLI_RELEASE}/codeql-${{matrix.platform}}.zip" - - - name: Create Platform Package - # Replace the codeql-binaries with the platform specific ones - run: | - gunzip codeql-bundle.tar.gz - tar -f codeql-bundle.tar --delete codeql - unzip -q codeql-${{matrix.platform}}.zip - tar -f codeql-bundle.tar --append codeql - gzip codeql-bundle.tar - mv codeql-bundle.tar.gz codeql-bundle-${{matrix.platform}}.tar.gz - du -sh codeql-bundle-${{matrix.platform}}.tar.gz - - - name: Upload Platform Package - uses: actions/upload-release-asset@v1 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - upload_url: ${{ steps.save_url.outputs.upload_url }} - asset_path: ./codeql-bundle-${{matrix.platform}}.tar.gz - asset_name: codeql-bundle-${{matrix.platform}}.tar.gz - asset_content_type: application/tar+gzip diff --git a/.github/workflows/update-dependencies.yml b/.github/workflows/update-dependencies.yml deleted file mode 100644 index a1657e7fe..000000000 --- a/.github/workflows/update-dependencies.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: Update dependencies -on: - pull_request_target: - types: [opened, synchronize, reopened, ready_for_review, labeled] - -jobs: - update: - name: Update dependencies - runs-on: macos-latest - if: contains(github.event.pull_request.labels.*.name, 'Update dependencies') && (github.event.pull_request.head.repo.full_name == 'github/codeql-action') - steps: - - name: Checkout repository - uses: actions/checkout@v2 - - - name: Remove PR label - env: - REPOSITORY: '${{ github.repository }}' - PR_NUMBER: '${{ github.event.pull_request.number }}' - GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' - run: | - gh api "repos/$REPOSITORY/issues/$PR_NUMBER/labels/Update%20dependencies" -X DELETE - - - name: Push updated dependencies - env: - BRANCH: '${{ github.head_ref }}' - run: | - git fetch origin "$BRANCH" --depth=1 - git checkout "origin/$BRANCH" - sudo npm install --force -g npm@latest - npm install - npm ci - npm run removeNPMAbsolutePaths - if [ ! -z "$(git status --porcelain)" ]; then - git config --global user.email "github-actions@github.com" - git config --global user.name "github-actions[bot]" - git add node_modules - git commit -am "Update checked-in dependencies" - git push origin "HEAD:$BRANCH" - fi diff --git a/.github/workflows/update-release-branch.yml b/.github/workflows/update-release-branch.yml deleted file mode 100644 index 60817f215..000000000 --- a/.github/workflows/update-release-branch.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: Update release branch -on: - schedule: - - cron: 0 9 * * 1 - repository_dispatch: - # Example of how to trigger this: - # curl -H "Authorization: Bearer " -X POST https://api.github.com/repos/github/codeql-action/dispatches -d '{"event_type":"update-release-branch"}' - # Replace with a personal access token from this page: https://github.com/settings/tokens - types: [update-release-branch] - workflow_dispatch: - -jobs: - update: - runs-on: ubuntu-latest - if: ${{ github.repository == 'github/codeql-action' }} - steps: - - uses: actions/checkout@v2 - with: - # Need full history so we calculate diffs - fetch-depth: 0 - - - name: Set up Python - uses: actions/setup-python@v2 - with: - python-version: 3.8 - - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install PyGithub==1.55 requests - - - name: Update git config - run: | - git config --global user.email "github-actions@github.com" - git config --global user.name "github-actions[bot]" - - - name: Update release branch - run: python .github/update-release-branch.py ${{ secrets.GITHUB_TOKEN }} ${{ github.repository }} diff --git a/.github/workflows/update-supported-enterprise-server-versions.yml b/.github/workflows/update-supported-enterprise-server-versions.yml deleted file mode 100644 index 0e786f98c..000000000 --- a/.github/workflows/update-supported-enterprise-server-versions.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: Update Supported Enterprise Server Versions - -on: - schedule: - - cron: "0 0 * * *" - -jobs: - update-supported-enterprise-server-versions: - runs-on: ubuntu-latest - if: ${{ github.repository == 'github/codeql-action' }} - - steps: - - name: Setup Python - uses: actions/setup-python@v2 - with: - python-version: "3.7" - - name: Checkout CodeQL Action - uses: actions/checkout@v2 - - name: Checkout Enterprise Releases - uses: actions/checkout@v2 - with: - repository: github/enterprise-releases - ssh-key: ${{ secrets.ENTERPRISE_RELEASES_SSH_KEY }} - path: ${{ github.workspace }}/enterprise-releases/ - - name: Update Supported Enterprise Server Versions - run: | - cd ./.github/workflows/update-supported-enterprise-server-versions/ - python3 -m pip install pipenv - pipenv install - pipenv run ./update.py - rm --recursive "$ENTERPRISE_RELEASES_PATH" - npm run build - env: - ENTERPRISE_RELEASES_PATH: ${{ github.workspace }}/enterprise-releases/ - - name: Commit Changes - uses: peter-evans/create-pull-request@c7f493a8000b8aeb17a1332e326ba76b57cb83eb # v3.4.1 - with: - commit-message: Update supported GitHub Enterprise Server versions. - title: Update supported GitHub Enterprise Server versions. - body: "" - author: GitHub - branch: update-supported-enterprise-server-versions - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}