Authenticate when downloading CodeQL Bundle from GHES API #1486
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Warning: This file is generated automatically, and should not be modified. | |
# Instead, please modify the template in the pr-checks directory and run: | |
# (cd pr-checks; pip install [email protected] && python3 sync.py) | |
# to regenerate this file. | |
name: PR Check - Submit SARIF after failure | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GO111MODULE: auto | |
CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true' | |
on: | |
push: | |
branches: | |
- main | |
- releases/v2 | |
pull_request: | |
types: | |
- opened | |
- synchronize | |
- reopened | |
- ready_for_review | |
workflow_dispatch: {} | |
jobs: | |
submit-sarif-failure: | |
strategy: | |
matrix: | |
include: | |
- os: ubuntu-latest | |
version: latest | |
- os: ubuntu-latest | |
version: default | |
- os: ubuntu-latest | |
version: nightly-latest | |
name: Submit SARIF after failure | |
permissions: | |
contents: read | |
security-events: write | |
timeout-minutes: 45 | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Check out repository | |
uses: actions/checkout@v4 | |
- name: Prepare test | |
id: prepare-test | |
uses: ./.github/actions/prepare-test | |
with: | |
version: ${{ matrix.version }} | |
use-all-platform-bundle: 'false' | |
- name: Set environment variable for Swift enablement | |
if: >- | |
runner.os != 'Windows' && ( | |
matrix.version == '20220908' || | |
matrix.version == '20221211' | |
) | |
shell: bash | |
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV | |
- uses: actions/checkout@v4 | |
- uses: ./init | |
with: | |
languages: javascript | |
- name: Fail | |
# We want this job to pass if the Action correctly uploads the SARIF file for | |
# the failed run. | |
# Setting this step to continue on error means that it is marked as completing | |
# successfully, so will not fail the job. | |
continue-on-error: true | |
run: exit 1 | |
- uses: ./analyze | |
# In a real workflow, this step wouldn't run. Since we used `continue-on-error` | |
# above, we manually disable it with an `if` condition. | |
if: false | |
with: | |
category: /test-codeql-version:${{ matrix.version }} | |
env: | |
# Internal-only environment variable used to indicate that the post-init Action | |
# should expect to upload a SARIF file for the failed run. | |
CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF: true | |
# Make sure the uploading SARIF files feature is enabled. | |
CODEQL_ACTION_UPLOAD_FAILED_SARIF: true | |
# Upload the failed SARIF file as an integration test of the API endpoint. | |
CODEQL_ACTION_TEST_MODE: false | |
# Mark telemetry for this workflow so it can be treated separately. | |
CODEQL_ACTION_TESTING_ENVIRONMENT: codeql-action-pr-checks | |