codeql-action/pr-checks/checks/upload-sarif.yml at 3569065d7e4c16500d262bfcc3df7355dbccea04 · github/codeql-action · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
name: "Test different uses of `upload-sarif`"
description: "Checks that uploading SARIFs to the code quality endpoint works"
versions: ["default"]
analysisKinds: ["code-scanning", "code-quality", "code-scanning,code-quality"]
installGo: true
installPython: true
steps:
  - uses: ./../action/init
    with:
      tools: ${{ steps.prepare-test.outputs.tools-url }}
      languages: csharp,java,javascript,python
      analysis-kinds: ${{ matrix.analysis-kinds }}
  - name: Build code
    run: ./build.sh
  # Generate some SARIF we can upload with the upload-sarif step
  - uses: ./../action/analyze
    with:
      ref: 'refs/heads/main'
      sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
      upload: never
      output: ${{ runner.temp }}/results

  - name: |
      Upload all SARIF files for `analysis-kinds: ${{ matrix.analysis-kinds }}`
    uses: ./../action/upload-sarif
    id: upload-sarif
    with:
      ref: 'refs/heads/main'
      sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
      sarif_file: ${{ runner.temp }}/results
      category: |
        ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:all-files/
  - name: "Fail for missing output from `upload-sarif` step for `code-scanning`"
    if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning)"
    run: exit 1
  - name: "Fail for missing output from `upload-sarif` step for `code-quality`"
    if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)"
    run: exit 1

  - name: Upload single SARIF file for Code Scanning
    uses: ./../action/upload-sarif
    id: upload-single-sarif-code-scanning
    if: "contains(matrix.analysis-kinds, 'code-scanning')"
    with:
      ref: 'refs/heads/main'
      sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
      sarif_file: ${{ runner.temp }}/results/javascript.sarif
      category: |
        ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-scanning/
  - name: "Fail for missing output from `upload-single-sarif-code-scanning` step"
    if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning)"
    run: exit 1
  - name: Upload single SARIF file for Code Quality
    uses: ./../action/upload-sarif
    id: upload-single-sarif-code-quality
    if: "contains(matrix.analysis-kinds, 'code-quality')"
    with:
      ref: 'refs/heads/main'
      sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
      sarif_file: ${{ runner.temp }}/results/javascript.quality.sarif
      category: |
        ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-quality/
  - name: "Fail for missing output from `upload-single-sarif-code-quality` step"
    if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality)"
    run: exit 1

  - name: Change SARIF file extension
    if: "contains(matrix.analysis-kinds, 'code-scanning')"
    run: mv ${{ runner.temp }}/results/javascript.sarif ${{ runner.temp }}/results/javascript.sarif.json
  - name: Upload single non-`.sarif` file
    uses: ./../action/upload-sarif
    id: upload-single-non-sarif
    if: "contains(matrix.analysis-kinds, 'code-scanning')"
    with:
      ref: 'refs/heads/main'
      sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
      sarif_file: ${{ runner.temp }}/results/javascript.sarif.json
      category: |
        ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:non-sarif/
  - name: "Fail for missing output from `upload-single-non-sarif` step"
    if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning)"
    run: exit 1