mirror of
https://github.com/github/codeql-action.git
synced 2026-05-01 19:30:49 +00:00
Henry Mercer
81 lines
2.7 KiB
YAML
81 lines
2.7 KiB
YAML
name: "Analysis kinds"
|
|
description: "Tests basic functionality for different `analysis-kinds` inputs."
|
|
versions:
|
|
- linked
|
|
- nightly-latest
|
|
analysisKinds:
|
|
- code-scanning
|
|
- code-quality
|
|
- code-scanning,code-quality
|
|
- risk-assessment
|
|
env:
|
|
CODEQL_ACTION_RISK_ASSESSMENT_ID: 1
|
|
CHECK_SCRIPT: |
|
|
const fs = require('fs');
|
|
|
|
const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
|
|
const expectPresent = JSON.parse(process.env['EXPECT_PRESENT']);
|
|
const run = sarif.runs[0];
|
|
const extensions = run.tool.extensions;
|
|
|
|
if (extensions === undefined) {
|
|
core.setFailed('`extensions` property not found in the SARIF run property bag.');
|
|
}
|
|
|
|
// ID of a query we want to check the presence for
|
|
const targetId = 'js/regex/always-matches';
|
|
const found = extensions.find(extension => extension.rules && extension.rules.find(rule => rule.id === targetId));
|
|
|
|
if (found && expectPresent) {
|
|
console.log(`Found rule with id '${targetId}'.`);
|
|
} else if (!found && !expectPresent) {
|
|
console.log(`Rule with id '${targetId}' was not found.`);
|
|
} else {
|
|
core.setFailed(`${ found ? "Found" : "Didn't find" } rule ${targetId}`);
|
|
}
|
|
steps:
|
|
- uses: ./../action/init
|
|
with:
|
|
languages: javascript
|
|
analysis-kinds: ${{ matrix.analysis-kinds }}
|
|
tools: ${{ steps.prepare-test.outputs.tools-url }}
|
|
- uses: ./../action/analyze
|
|
with:
|
|
output: "${{ runner.temp }}/results"
|
|
upload-database: false
|
|
post-processed-sarif-path: "${{ runner.temp }}/post-processed"
|
|
|
|
- name: Upload SARIF files
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: |
|
|
analysis-kinds-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}
|
|
path: "${{ runner.temp }}/results/*.sarif"
|
|
retention-days: 7
|
|
|
|
- name: Upload post-processed SARIF
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: |
|
|
post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}
|
|
path: "${{ runner.temp }}/post-processed"
|
|
retention-days: 7
|
|
if-no-files-found: error
|
|
|
|
- name: Check quality query does not appear in security SARIF
|
|
if: contains(matrix.analysis-kinds, 'code-scanning')
|
|
uses: actions/github-script@v8
|
|
env:
|
|
SARIF_PATH: "${{ runner.temp }}/results/javascript.sarif"
|
|
EXPECT_PRESENT: "false"
|
|
with:
|
|
script: ${{ env.CHECK_SCRIPT }}
|
|
- name: Check quality query appears in quality SARIF
|
|
if: contains(matrix.analysis-kinds, 'code-quality')
|
|
uses: actions/github-script@v8
|
|
env:
|
|
SARIF_PATH: "${{ runner.temp }}/results/javascript.quality.sarif"
|
|
EXPECT_PRESENT: "true"
|
|
with:
|
|
script: ${{ env.CHECK_SCRIPT }}
|