mirror of
https://github.com/github/codeql-action.git
synced 2026-06-04 12:54:26 +00:00
Henry Mercer
117 lines
3.5 KiB
YAML
117 lines
3.5 KiB
YAML
# Checks logs, SARIF, and database bundle debug artifacts exist.
|
|
name: PR Check - Debug artifact upload
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- releases/v*
|
|
pull_request:
|
|
types:
|
|
- opened
|
|
- synchronize
|
|
- reopened
|
|
- ready_for_review
|
|
merge_group:
|
|
types: [checks_requested]
|
|
schedule:
|
|
- cron: '0 5 * * *'
|
|
workflow_dispatch:
|
|
|
|
concurrency:
|
|
cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
|
|
defaults:
|
|
run:
|
|
shell: bash
|
|
|
|
jobs:
|
|
upload-artifacts:
|
|
if: github.triggering_actor != 'dependabot[bot]'
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
version:
|
|
- stable-v2.20.3
|
|
- default
|
|
- linked
|
|
- nightly-latest
|
|
name: Upload debug artifacts
|
|
env:
|
|
CODEQL_ACTION_TEST_MODE: true
|
|
timeout-minutes: 45
|
|
permissions:
|
|
contents: read
|
|
# We currently need `security-events: read` to access feature flags.
|
|
security-events: read
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Check out repository
|
|
uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3
|
|
- name: Prepare test
|
|
id: prepare-test
|
|
uses: ./.github/actions/prepare-test
|
|
with:
|
|
version: ${{ matrix.version }}
|
|
- uses: actions/setup-go@4a3601121dd01d1626a1e23e37211e3254c1c06c # v6.4.0
|
|
with:
|
|
go-version: ^1.13.1
|
|
- name: Install .NET
|
|
uses: actions/setup-dotnet@9a946fdbd5fb07b82b2f5a4466058b876ab72bb2 # v5.3.0
|
|
with:
|
|
dotnet-version: '9.x'
|
|
- name: Assert best-effort artifact scan completed
|
|
uses: ./../action/.github/actions/verify-debug-artifact-scan-completed
|
|
- uses: ./../action/init
|
|
id: init
|
|
with:
|
|
tools: ${{ steps.prepare-test.outputs.tools-url }}
|
|
debug: true
|
|
debug-artifact-name: my-debug-artifacts
|
|
debug-database-name: my-db
|
|
# We manually exclude Swift from the languages list here, as it is not supported on Ubuntu
|
|
languages: cpp,csharp,go,java,javascript,python,ruby
|
|
- name: Build code
|
|
run: ./build.sh
|
|
- uses: ./../action/analyze
|
|
id: analysis
|
|
download-and-check-artifacts:
|
|
name: Download and check debug artifacts
|
|
if: github.triggering_actor != 'dependabot[bot]'
|
|
needs: upload-artifacts
|
|
timeout-minutes: 45
|
|
permissions:
|
|
contents: read
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Download all artifacts
|
|
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
|
|
- name: Check expected artifacts exist
|
|
run: |
|
|
VERSIONS="stable-v2.20.3 default linked nightly-latest"
|
|
LANGUAGES="cpp csharp go java javascript python"
|
|
for version in $VERSIONS; do
|
|
pushd "./my-debug-artifacts-${version//./}"
|
|
echo "Artifacts from version $version:"
|
|
for language in $LANGUAGES; do
|
|
echo "- Checking $language"
|
|
if [[ ! -f "$language.sarif" ]] ; then
|
|
echo "Missing a SARIF file for $language"
|
|
exit 1
|
|
fi
|
|
if [[ ! -f "my-db-$language.zip" ]] ; then
|
|
echo "Missing a database bundle for $language"
|
|
exit 1
|
|
fi
|
|
if [[ ! -d "$language/log" ]] ; then
|
|
echo "Missing logs for $language"
|
|
exit 1
|
|
fi
|
|
done
|
|
popd
|
|
done
|
|
env:
|
|
GO111MODULE: auto
|