Add threat-models as a property to config file and inputs

There's a lot of changes here, but it's pretty formulaic. It follows the approach used by the `queries` input and config property. `threat-models` can appear as an input or in the config file. If it appears in the input, then we need to either merge it with the threat-models in the config (if prefixed with `+`) or overwrite it. There's no danger if someone uses `threat-models` with an older CLI since the CLI can handle configs with extra properties.
github · Apr 19, 2023 · a494fed · a494fed
1 parent afdf30f
commit a494fed
Show file tree

Hide file tree

Showing 44 changed files with 534 additions and 142 deletions.
diff --git a/init/action.yml b/init/action.yml
@@ -45,17 +45,22 @@ inputs:
     description: Path where CodeQL databases should be created. If not specified, a temporary directory will be used.
     required: false
   queries:
-    description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
+    description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to combine both sets of queries.
     required: false
   packs:
     description: >-
       [Experimental] Comma-separated list of packs to run. Reference a pack in the format `scope/name[@version]`. If `version` is not
       specified, then the latest version of the pack is used. By default, this overrides the same setting in a
-      configuration file; prefix with "+" to use both sets of packs.
+      configuration file; prefix with "+" to combine both sets of packs.
 
       This input is only available in single-language analyses. To use packs in multi-language
       analyses, you must specify packs in the codeql-config.yml file.
     required: false
+  threat-models:
+    description: >-
+      [Experimental] Comma-separated list of threat models to include in this analysis. By default, this overrides the same setting in a
+      configuration file; prefix with "+" to combine both sets of threat-models.
+    required: false
   external-repository-token:
     description: A token for fetching external config files and queries if they reside in a private repository in the same GitHub instance that is running this action.
     required: false

diff --git a/lib/analysis-paths.test.js b/lib/analysis-paths.test.js
diff --git a/lib/analysis-paths.test.js.map b/lib/analysis-paths.test.js.map
diff --git a/lib/analyze.test.js b/lib/analyze.test.js