Skip to content

Commit

Permalink
Merge pull request #1098 from github/aeisenberg/remove-queries
Browse files Browse the repository at this point in the history
Add capability to filter queries
  • Loading branch information
aeisenberg authored Jun 16, 2022
2 parents ee4575b + 7c412c6 commit 25cbd7a
Show file tree
Hide file tree
Showing 25 changed files with 836 additions and 95 deletions.
52 changes: 52 additions & 0 deletions .github/query-filter-test/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
name: Query Filter Test
description: Runs a test of query filters using the check SARIF action
inputs:
sarif-file:
required: true
description: The SARIF file to check

queries-run:
required: true
description: |
Comma separated list of query ids that should be included in this SARIF file.
queries-not-run:
required: true
description: |
Comma separated list of query ids that should NOT be included in this SARIF file.
config-file:
required: true
description: |
The location of the codeql configuration file to use.
tools:
required: true
description: |
The url of codeql to use.
runs:
using: composite
steps:
- uses: ./../action/init
with:
languages: javascript
config-file: ./.github/codeql/codeql-config-query-filters1.yml
tools: ${{ inputs.tools }}
db-location: ${{ runner.temp }}/query-filter-test
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
upload: false
env:
TEST_MODE: "true"
- name: Check SARIF
uses: ./../action/.github/check-sarif
with:
sarif-file: ${{ inputs.sarif-file }}
queries-run: ${{ inputs.queries-run}}
queries-not-run: ${{ inputs.queries-not-run}}
- name: Cleanup after test
shell: bash
run: rm -rf "$RUNNER_TEMP/results" "$RUNNER_TEMP//query-filter-test"
2 changes: 0 additions & 2 deletions .github/workflows/expected-queries-runs.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,4 @@
name: Check queries that ran
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

on:
push:
Expand Down
55 changes: 55 additions & 0 deletions .github/workflows/query-filters.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
name: Query filters tests

on:
push:
branches:
- main
- releases/v1
- releases/v2
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
workflow_dispatch: {}

jobs:
expected-queries:
timeout-minutes: 45
runs-on: ubuntu-latest
steps:
- name: Check out repository
uses: actions/checkout@v3
- name: Prepare test
id: prepare-test
uses: ./.github/prepare-test
with:
version: latest

- name: Check SARIF for default queries with Single include, Single exclude
uses: ./../action/.github/query-filter-test
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: js/zipslip
queries-not-run: js/path-injection
config-file: ./.github/codeql/codeql-config-query-filters1.yml
tools: ${{ steps.prepare-test.outputs.tools-url }}

- name: Check SARIF for query packs with Single include, Single exclude
uses: ./../action/.github/query-filter-test
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: js/zipslip,javascript/example/empty-or-one-block
queries-not-run: js/path-injection
config-file: ./.github/codeql/codeql-config-query-filters2.yml
tools: ${{ steps.prepare-test.outputs.tools-url }}

- name: Check SARIF for query packs and local queries with Single include, Single exclude
uses: ./../action/.github/query-filter-test
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: js/zipslip,javascript/example/empty-or-one-block,inrepo-javascript-querypack/show-ifs
queries-not-run: js/path-injection,complex-python-querypack/show-ifs,complex-python-querypack/foo/bar/show-ifs
config-file: ./.github/codeql/codeql-config-query-filters3.yml
tools: ${{ steps.prepare-test.outputs.tools-url }}
2 changes: 1 addition & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@

## [UNRELEASED]

No user facing changes.
- Add the ability to filter queries from a code scanning run by using the `query-filters` option in the code scanning configuration file. [#1098](https://github.com/github/codeql-action/pull/1098)

## 2.1.12 - 01 Jun 2022

Expand Down
69 changes: 56 additions & 13 deletions lib/analyze.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 25cbd7a

Please sign in to comment.