Update PR check for csra

2026-05-23 20:00:54 +03:00 · 2026-02-11 22:41:32 +00:00
parent 6a17f4e258
commit 2de76b6faa
2 changed files with 43 additions and 33 deletions
@@ -3,7 +3,7 @@
 #     pr-checks/sync.sh
 # to regenerate this file.

-name: PR Check - Quality queries input
+name: PR Check - Analysis kinds
 env:
  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
  GO111MODULE: auto
@@ -29,9 +29,9 @@ defaults:
    shell: bash
 concurrency:
  cancel-in-progress: ${{ github.event_name == 'pull_request' || false }}
-  group: quality-queries-${{github.ref}}
+  group: analysis-kinds-${{github.ref}}
 jobs:
-  quality-queries:
+  analysis-kinds:
    strategy:
      fail-fast: false
      matrix:
@@ -45,6 +45,9 @@ jobs:
          - os: ubuntu-latest
            version: linked
            analysis-kinds: code-scanning,code-quality
+          - os: ubuntu-latest
+            version: linked
+            analysis-kinds: csra
          - os: ubuntu-latest
            version: nightly-latest
            analysis-kinds: code-scanning
@@ -54,7 +57,10 @@ jobs:
          - os: ubuntu-latest
            version: nightly-latest
            analysis-kinds: code-scanning,code-quality
-    name: Quality queries input
+          - os: ubuntu-latest
+            version: nightly-latest
+            analysis-kinds: csra
+    name: Analysis kinds
    if: github.triggering_actor != 'dependabot[bot]'
    permissions:
      contents: read
@@ -81,30 +87,24 @@ jobs:
          output: ${{ runner.temp }}/results
          upload-database: false
          post-processed-sarif-path: ${{ runner.temp }}/post-processed
-      - name: Upload security SARIF
-        if: contains(matrix.analysis-kinds, 'code-scanning')
+
+      - name: Upload SARIF files
        uses: actions/upload-artifact@v6
        with:
          name: |
-            quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json
-          path: ${{ runner.temp }}/results/javascript.sarif
-          retention-days: 7
-      - name: Upload quality SARIF
-        if: contains(matrix.analysis-kinds, 'code-quality')
-        uses: actions/upload-artifact@v6
-        with:
-          name: |
-            quality-queries-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.quality.sarif.json
-          path: ${{ runner.temp }}/results/javascript.quality.sarif
+            analysis-kinds-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}
+          path: ${{ runner.temp }}/results/*.sarif
          retention-days: 7
+
      - name: Upload post-processed SARIF
        uses: actions/upload-artifact@v6
        with:
          name: |
-            post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}.sarif.json
+            post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }}
          path: ${{ runner.temp }}/post-processed
          retention-days: 7
          if-no-files-found: error
+
      - name: Check quality query does not appear in security SARIF
        if: contains(matrix.analysis-kinds, 'code-scanning')
        uses: actions/github-script@v8
@@ -121,6 +121,14 @@ jobs:
          EXPECT_PRESENT: 'true'
        with:
          script: ${{ env.CHECK_SCRIPT }}
+      - name: Check quality query does not appear in CSRA SARIF
+        if: contains(matrix.analysis-kinds, 'csra')
+        uses: actions/github-script@v8
+        env:
+          SARIF_PATH: ${{ runner.temp }}/results/javascript.csra.sarif
+          EXPECT_PRESENT: 'false'
+        with:
+          script: ${{ env.CHECK_SCRIPT }}
    env:
      CHECK_SCRIPT: |
        const fs = require('fs');