Skip to content
PR Check - Quality queries input

PR Check - Quality queries input #980

Sign in to view logs

PR Check - Quality queries input

PR Check - Quality queries input #980

Workflow file for this run

.github/workflows/__quality-queries.yml at 065c6cf
# Warning: This file is generated automatically, and should not be modified.
# Instead, please modify the template in the pr-checks directory and run:
# pr-checks/sync.sh
# to regenerate this file.
name: PR Check - Quality queries input
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto
on:
push:
branches:
- main
- releases/v*
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch:
inputs: {}
workflow_call:
inputs: {}
defaults:
run:
shell: bash
concurrency:
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
group: ${{ github.workflow }}-${{ github.ref }}
jobs:
quality-queries:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
analysis-kinds: code-scanning
- os: ubuntu-latest
version: linked
analysis-kinds: code-quality
- os: ubuntu-latest
version: linked
analysis-kinds: code-scanning,code-quality
- os: ubuntu-latest
version: nightly-latest
analysis-kinds: code-scanning
- os: ubuntu-latest
version: nightly-latest
analysis-kinds: code-quality
- os: ubuntu-latest
version: nightly-latest
analysis-kinds: code-scanning,code-quality
name: Quality queries input
if: github.triggering_actor != 'dependabot[bot]'
permissions:
contents: read
security-events: read
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Check out repository
uses: actions/checkout@v5
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: 'true'
- uses: ./../action/init
with:
languages: javascript
analysis-kinds: ${{ matrix.analysis-kinds }}
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
- name: Upload security SARIF
if: contains(matrix.analysis-kinds, 'code-scanning')
uses: actions/upload-artifact@v4
with:
name: |
quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json
path: ${{ runner.temp }}/results/javascript.sarif
retention-days: 7
- name: Upload quality SARIF
if: contains(matrix.analysis-kinds, 'code-quality')
uses: actions/upload-artifact@v4
with:
name: |
quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.quality.sarif.json
path: ${{ runner.temp }}/results/javascript.quality.sarif
retention-days: 7
- name: Check quality query does not appear in security SARIF
if: contains(matrix.analysis-kinds, 'code-scanning')
uses: actions/github-script@v8
env:
SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
EXPECT_PRESENT: 'false'
with:
script: ${{ env.CHECK_SCRIPT }}
- name: Check quality query appears in quality SARIF
if: contains(matrix.analysis-kinds, 'code-quality')
uses: actions/github-script@v8
env:
SARIF_PATH: ${{ runner.temp }}/results/javascript.quality.sarif
EXPECT_PRESENT: 'true'
with:
script: ${{ env.CHECK_SCRIPT }}
env:
CHECK_SCRIPT: |
const fs = require('fs');
const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
const expectPresent = JSON.parse(process.env['EXPECT_PRESENT']);
const run = sarif.runs[0];
const extensions = run.tool.extensions;
if (extensions === undefined) {
core.setFailed('`extensions` property not found in the SARIF run property bag.');
}
// ID of a query we want to check the presence for
const targetId = 'js/regex/always-matches';
const found = extensions.find(extension => extension.rules && extension.rules.find(rule => rule.id === targetId));
if (found && expectPresent) {
console.log(`Found rule with id '${targetId}'.`);
} else if (!found && !expectPresent) {
console.log(`Rule with id '${targetId}' was not found.`);
} else {
core.setFailed(`${ found ? "Found" : "Didn't find" } rule ${targetId}`);
}
CODEQL_ACTION_TEST_MODE: true