8000 Add PR check · github/codeql-action@b31d983 · GitHub
[go: up one dir, main page]
Skip to content

Commit b31d983

Browse files
henrymercerhenrymercer
committed
Add PR check
1 parent 485cc11 commit b31d983

File tree

2 files changed

+137
-0
lines changed

2 files changed

+137
-0
lines changed

.github/workflows/__config-export.yml

Lines changed: 89 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pr-checks/checks/config-export.yml

Lines changed: 48 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,48 @@
1+
name: "Config export"
2+
description: "Tests that the code scanning configuration file is exported to SARIF correctly."
3+
versions: ["latest"]
4+
env:
5+
CODEQL_ACTION_EXPORT_CODE_SCANNING_CONFIG: true
6+
CODEQL_PASS_CONFIG_TO_CLI: true
7+
steps:
8+
- uses: ./../action/init
9+
with:
10+
languages: javascript
11+
queries: security-extended
12+
tools: ${{ steps.prepare-test.outputs.tools-url }}
13+
- uses: ./../action/analyze
14+
with:
15+
output: "${{ runner.temp }}/results"
16+
upload-database: false
17+
- name: Upload SARIF
18+
uses: actions/upload-artifact@v3
19+
with:
20+
name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
21+
path: "${{ runner.temp }}/results/javascript.sarif"
22+
retention-days: 7
23+
- name: Check config properties appear in SARIF
24+
uses: actions/github-script@v6
25+
with:
26+
script: |
27+
const fs = require('fs');
28+
const path = require('path');
29+
30+
const sarifFile = path.join('${{ runner.temp }}', 'results', 'javascript.sarif');
31+
const sarif = JSON.parse(fs.readFileSync(sarifFile, 'utf8'));
32+
const run = sarif.runs[0];
33+
const configSummary = run.properties.codeqlConfigSummary;
34+
35+
if (configSummary === undefined) {
36+
core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
37+
}
38+
if (configSummary.disableDefaultQueries !== false) {
39+
core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
40+
`${JSON.stringify(configSummary.disableDefaultQueries)}.`);
41+
}
42+
const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }];
43+
// Use JSON.stringify to deep-equal the arrays.
44+
if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
45+
core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
46+
`${JSON.stringify(configSummary.queries)}.`);
47+
}
48+
console.log('Finished config export tests.');

0 commit comments

Comments
 (0)
0