# Warning: This file is generated automatically, and should not be modified. # Instead, please modify the template in the pr-checks directory and run: # pr-checks/sync.sh # to regenerate this file. name: PR Check - Quality queries input env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto on: push: branches: - main - releases/v* pull_request: types: - opened - synchronize - reopened - ready_for_review schedule: - cron: '0 5 * * *' workflow_dispatch: inputs: {} workflow_call: inputs: {} defaults: run: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' }} group: ${{ github.workflow }}-${{ github.ref }} jobs: quality-queries: strategy: fail-fast: false matrix: include: - os: ubuntu-latest version: linked analysis-kinds: code-scanning - os: ubuntu-latest version: linked analysis-kinds: code-quality - os: ubuntu-latest version: linked analysis-kinds: code-scanning,code-quality - os: ubuntu-latest version: nightly-latest analysis-kinds: code-scanning - os: ubuntu-latest version: nightly-latest analysis-kinds: code-quality - os: ubuntu-latest version: nightly-latest analysis-kinds: code-scanning,code-quality name: Quality queries input if: github.triggering_actor != 'dependabot[bot]' permissions: contents: read security-events: read timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: - name: Check out repository uses: actions/checkout@v6 - name: Prepare test id: prepare-test uses: ./.github/actions/prepare-test with: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' - uses: ./../action/init with: languages: javascript analysis-kinds: ${{ matrix.analysis-kinds }} tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/analyze with: output: ${{ runner.temp }}/results upload-database: false post-processed-sarif-path: ${{ runner.temp }}/post-processed - name: Upload security SARIF if: contains(matrix.analysis-kinds, 'code-scanning') uses: actions/upload-artifact@v6 with: name: | quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json path: ${{ runner.temp }}/results/javascript.sarif retention-days: 7 - name: Upload quality SARIF if: contains(matrix.analysis-kinds, 'code-quality') uses: actions/upload-artifact@v6 with: name: | quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.quality.sarif.json path: ${{ runner.temp }}/results/javascript.quality.sarif retention-days: 7 - name: Upload post-processed SARIF uses: actions/upload-artifact@v6 with: name: | post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json path: ${{ runner.temp }}/post-processed retention-days: 7 if-no-files-found: error - name: Check quality query does not appear in security SARIF if: contains(matrix.analysis-kinds, 'code-scanning') uses: actions/github-script@v8 env: SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif EXPECT_PRESENT: 'false' with: script: ${{ env.CHECK_SCRIPT }} - name: Check quality query appears in quality SARIF if: contains(matrix.analysis-kinds, 'code-quality') uses: actions/github-script@v8 env: SARIF_PATH: ${{ runner.temp }}/results/javascript.quality.sarif EXPECT_PRESENT: 'true' with: script: ${{ env.CHECK_SCRIPT }} env: CHECK_SCRIPT: | const fs = require('fs'); const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); const expectPresent = JSON.parse(process.env['EXPECT_PRESENT']); const run = sarif.runs[0]; const extensions = run.tool.extensions; if (extensions === undefined) { core.setFailed('`extensions` property not found in the SARIF run property bag.'); } // ID of a query we want to check the presence for const targetId = 'js/regex/always-matches'; const found = extensions.find(extension => extension.rules && extension.rules.find(rule => rule.id === targetId)); if (found && expectPresent) { console.log(`Found rule with id '${targetId}'.`); } else if (!found && !expectPresent) { console.log(`Rule with id '${targetId}' was not found.`); } else { core.setFailed(`${ found ? "Found" : "Didn't find" } rule ${targetId}`); } CODEQL_ACTION_TEST_MODE: true