From 24fd4c0f4e58085f18255f3e9e4c2027a00210a3 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Fri, 25 Nov 2022 18:00:42 +0000 Subject: [PATCH] Generate the "Submit SARIF after failure" workflow --- .github/workflows/__submit-sarif-failure.yml | 70 ++++++++++++++++++++ .github/workflows/submit-sarif-failure.yml | 34 ---------- pr-checks/checks/submit-sarif-failure.yml | 32 +++++++++ pr-checks/sync.py | 3 +- 4 files changed, 104 insertions(+), 35 deletions(-) create mode 100644 .github/workflows/__submit-sarif-failure.yml delete mode 100644 .github/workflows/submit-sarif-failure.yml create mode 100644 pr-checks/checks/submit-sarif-failure.yml diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml new file mode 100644 index 0000000000..fe64adb6a7 --- /dev/null +++ b/.github/workflows/__submit-sarif-failure.yml @@ -0,0 +1,70 @@ +# Warning: This file is generated automatically, and should not be modified. +# Instead, please modify the template in the pr-checks directory and run: +# pip install ruamel.yaml && python3 sync.py +# to regenerate this file. + +name: PR Check - Submit SARIF after failure +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GO111MODULE: auto +on: + push: + branches: + - main + - releases/v1 + - releases/v2 + pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review + workflow_dispatch: {} +jobs: + submit-sarif-failure: + strategy: + matrix: + include: + - os: ubuntu-latest + version: latest + - os: ubuntu-latest + version: cached + - os: ubuntu-latest + version: nightly-latest + name: Submit SARIF after failure + timeout-minutes: 45 + runs-on: ${{ matrix.os }} + steps: + - name: Check out repository + uses: actions/checkout@v3 + - name: Prepare test + id: prepare-test + uses: ./.github/prepare-test + with: + version: ${{ matrix.version }} + - uses: actions/checkout@v3 + - uses: ./init + with: + languages: javascript + - name: Fail + # We want this job to pass if the Action correctly uploads the SARIF file for + # the failed run. + # Setting this step to continue on error means that it is marked as completing + # successfully, so will not fail the job. + continue-on-error: true + run: exit 1 + - uses: ./analyze + # In a real workflow, this step wouldn't run. Since we used `continue-on-error` + # above, we manually disable it with an `if` condition. + if: false + with: + category: /test-codeql-version:${{ matrix.version }} + env: + # Internal-only environment variable used to indicate that the post-init Action + # should expect to upload a SARIF file for the failed run. + CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF: true + # Make sure the uploading SARIF files feature is enabled. + CODEQL_ACTION_UPLOAD_FAILED_SARIF: true + # Upload the failed SARIF file as an integration test of the API endpoint. + CODEQL_ACTION_TEST_MODE: false + diff --git a/.github/workflows/submit-sarif-failure.yml b/.github/workflows/submit-sarif-failure.yml deleted file mode 100644 index a66bceef08..0000000000 --- a/.github/workflows/submit-sarif-failure.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: Submit SARIF after failure -on: push - -env: - # Internal-only environment variable used to indicate that the post-init Action - # should expect to upload a SARIF file for the failed run. - CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF: true - # Make sure the uploading SARIF files feature is enabled. - CODEQL_ACTION_UPLOAD_FAILED_SARIF: true - -jobs: - test: - runs-on: ubuntu-latest - strategy: - matrix: - language: [javascript] - steps: - - uses: actions/checkout@v3 - - uses: ./init - with: - languages: ${{ matrix.language }} - - name: Fail - # We want this job to pass if the Action correctly uploads the SARIF file for - # the failed run. - # Setting this step to continue on error means that it is marked as completing - # successfully, so will not fail the job. - continue-on-error: true - run: exit 1 - - uses: ./analyze - # In a real workflow, this step wouldn't run. Since we used `continue-on-error` - # above, we manually disable it with an `if` condition. - if: false - with: - category: "/language:${{ matrix.language }}" diff --git a/pr-checks/checks/submit-sarif-failure.yml b/pr-checks/checks/submit-sarif-failure.yml new file mode 100644 index 0000000000..74e7392ea2 --- /dev/null +++ b/pr-checks/checks/submit-sarif-failure.yml @@ -0,0 +1,32 @@ +name: Submit SARIF after failure +description: Check that a SARIF file is submitted for the workflow run if it fails +versions: ["latest", "cached", "nightly-latest"] +operatingSystems: ["ubuntu"] + +env: + # Internal-only environment variable used to indicate that the post-init Action + # should expect to upload a SARIF file for the failed run. + CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF: true + # Make sure the uploading SARIF files feature is enabled. + CODEQL_ACTION_UPLOAD_FAILED_SARIF: true + # Upload the failed SARIF file as an integration test of the API endpoint. + CODEQL_ACTION_TEST_MODE: false + +steps: + - uses: actions/checkout@v3 + - uses: ./init + with: + languages: javascript + - name: Fail + # We want this job to pass if the Action correctly uploads the SARIF file for + # the failed run. + # Setting this step to continue on error means that it is marked as completing + # successfully, so will not fail the job. + continue-on-error: true + run: exit 1 + - uses: ./analyze + # In a real workflow, this step wouldn't run. Since we used `continue-on-error` + # above, we manually disable it with an `if` condition. + if: false + with: + category: "/test-codeql-version:${{ matrix.version }}" diff --git a/pr-checks/sync.py b/pr-checks/sync.py index bd23bdf414..b38c7c535f 100644 --- a/pr-checks/sync.py +++ b/pr-checks/sync.py @@ -115,7 +115,8 @@ def writeHeader(checkStream): checkJob[key] = checkSpecification[key] checkJob['env'] = checkJob.get('env', {}) - checkJob['env']['CODEQL_ACTION_TEST_MODE'] = True + if 'CODEQL_ACTION_TEST_MODE' not in checkJob['env']: + checkJob['env']['CODEQL_ACTION_TEST_MODE'] = True checkName = file[:len(file) - 4] with open(f"../.github/workflows/__{checkName}.yml", 'w') as output_stream: