-
Notifications
You must be signed in to change notification settings - Fork 334
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1098 from github/aeisenberg/remove-queries
Add capability to filter queries
- Loading branch information
Showing
25 changed files
with
836 additions
and
95 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,52 @@ | ||
name: Query Filter Test | ||
description: Runs a test of query filters using the check SARIF action | ||
inputs: | ||
sarif-file: | ||
required: true | ||
description: The SARIF file to check | ||
|
||
queries-run: | ||
required: true | ||
description: | | ||
Comma separated list of query ids that should be included in this SARIF file. | ||
queries-not-run: | ||
required: true | ||
description: | | ||
Comma separated list of query ids that should NOT be included in this SARIF file. | ||
config-file: | ||
required: true | ||
description: | | ||
The location of the codeql configuration file to use. | ||
tools: | ||
required: true | ||
description: | | ||
The url of codeql to use. | ||
runs: | ||
using: composite | ||
steps: | ||
- uses: ./../action/init | ||
with: | ||
languages: javascript | ||
config-file: ./.github/codeql/codeql-config-query-filters1.yml | ||
tools: ${{ inputs.tools }} | ||
db-location: ${{ runner.temp }}/query-filter-test | ||
- uses: ./../action/analyze | ||
with: | ||
output: ${{ runner.temp }}/results | ||
upload-database: false | ||
upload: false | ||
env: | ||
TEST_MODE: "true" | ||
- name: Check SARIF | ||
uses: ./../action/.github/check-sarif | ||
with: | ||
sarif-file: ${{ inputs.sarif-file }} | ||
queries-run: ${{ inputs.queries-run}} | ||
queries-not-run: ${{ inputs.queries-not-run}} | ||
- name: Cleanup after test | ||
shell: bash | ||
run: rm -rf "$RUNNER_TEMP/results" "$RUNNER_TEMP//query-filter-test" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,4 @@ | ||
name: Check queries that ran | ||
env: | ||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
on: | ||
push: | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
name: Query filters tests | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
- releases/v1 | ||
- releases/v2 | ||
pull_request: | ||
types: | ||
- opened | ||
- synchronize | ||
- reopened | ||
- ready_for_review | ||
workflow_dispatch: {} | ||
|
||
jobs: | ||
expected-queries: | ||
timeout-minutes: 45 | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Check out repository | ||
uses: actions/checkout@v3 | ||
- name: Prepare test | ||
id: prepare-test | ||
uses: ./.github/prepare-test | ||
with: | ||
version: latest | ||
|
||
- name: Check SARIF for default queries with Single include, Single exclude | ||
uses: ./../action/.github/query-filter-test | ||
with: | ||
sarif-file: ${{ runner.temp }}/results/javascript.sarif | ||
queries-run: js/zipslip | ||
queries-not-run: js/path-injection | ||
config-file: ./.github/codeql/codeql-config-query-filters1.yml | ||
tools: ${{ steps.prepare-test.outputs.tools-url }} | ||
|
||
- name: Check SARIF for query packs with Single include, Single exclude | ||
uses: ./../action/.github/query-filter-test | ||
with: | ||
sarif-file: ${{ runner.temp }}/results/javascript.sarif | ||
queries-run: js/zipslip,javascript/example/empty-or-one-block | ||
queries-not-run: js/path-injection | ||
config-file: ./.github/codeql/codeql-config-query-filters2.yml | ||
tools: ${{ steps.prepare-test.outputs.tools-url }} | ||
|
||
- name: Check SARIF for query packs and local queries with Single include, Single exclude | ||
uses: ./../action/.github/query-filter-test | ||
with: | ||
sarif-file: ${{ runner.temp }}/results/javascript.sarif | ||
queries-run: js/zipslip,javascript/example/empty-or-one-block,inrepo-javascript-querypack/show-ifs | ||
queries-not-run: js/path-injection,complex-python-querypack/show-ifs,complex-python-querypack/foo/bar/show-ifs | ||
config-file: ./.github/codeql/codeql-config-query-filters3.yml | ||
tools: ${{ steps.prepare-test.outputs.tools-url }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
Oops, something went wrong.