Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Export configuration information to SARIF #1565

Merged
merged 8 commits into from Mar 13, 2023
Merged

Export configuration information to SARIF #1565

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
d98eadb
Export configuration information for red runs
henrymercer Mar 7, 2023
4b1f530
Export configuration information for green runs
henrymercer Mar 7, 2023
fc1366f
Gate config export behind a feature flag
henrymercer Mar 9, 2023
485cc11
Rename `featureEnablement` to `features`
henrymercer Mar 9, 2023
b31d983
Add PR check
henrymercer Mar 9, 2023
53f80ed
Merge branch 'main' into henrymercer/diagnostics-code-scanning-config
henrymercer Mar 9, 2023
b36480d
Specify SARIF path via env variable
henrymercer Mar 9, 2023
a92a146
Prefer `core.info` to `console.log`
henrymercer Mar 13, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
89 changes: 89 additions & 0 deletions .github/workflows/__config-export.yml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

48 changes: 48 additions & 0 deletions pr-checks/checks/config-export.yml
View file
Open in desktop
@@ -0,0 +1,48 @@
name: "Config export"
description: "Tests that the code scanning configuration file is exported to SARIF correctly."
versions: ["latest"]
env:
CODEQL_ACTION_EXPORT_CODE_SCANNING_CONFIG: true
CODEQL_PASS_CONFIG_TO_CLI: true
steps:
- uses: ./../action/init
with:
languages: javascript
queries: security-extended
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
output: "${{ runner.temp }}/results"
upload-database: false
- name: Upload SARIF
uses: actions/upload-artifact@v3
with:
name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
path: "${{ runner.temp }}/results/javascript.sarif"
retention-days: 7
- name: Check config properties appear in SARIF
uses: actions/github-script@v6
with:
script: |
const fs = require('fs');
const path = require('path');

const sarifFile = path.join('${{ runner.temp }}', 'results', 'javascript.sarif');
const sarif = JSON.parse(fs.readFileSync(sarifFile, 'utf8'));
const run = sarif.runs[0];
const configSummary = run.properties.codeqlConfigSummary;

if (configSummary === undefined) {
core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
}
if (configSummary.disableDefaultQueries !== false) {
core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
`${JSON.stringify(configSummary.disableDefaultQueries)}.`);
}
const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }];
// Use JSON.stringify to deep-equal the arrays.
if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
`${JSON.stringify(configSummary.queries)}.`);
}
console.log('Finished config export tests.');
henrymercer marked this conversation as resolved.
Show resolved Hide resolved