diff --git a/.github/workflows/__all-platform-bundle.yml b/.github/workflows/__all-platform-bundle.yml index 66700fd68..1be5ba9a4 100644 --- a/.github/workflows/__all-platform-bundle.yml +++ b/.github/workflows/__all-platform-bundle.yml @@ -52,8 +52,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - all-platform-bundle-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} + group: all-platform-bundle-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} jobs: all-platform-bundle: strategy: @@ -95,7 +94,7 @@ jobs: - id: init uses: ./../action/init with: - # Swift is not supported on Ubuntu so we manually exclude it from the list here + # Swift is not supported on Ubuntu so we manually exclude it from the list here languages: cpp,csharp,go,java,javascript,python,ruby tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code diff --git a/.github/workflows/__analysis-kinds.yml b/.github/workflows/__analysis-kinds.yml index e59c1576b..94b8877c7 100644 --- a/.github/workflows/__analysis-kinds.yml +++ b/.github/workflows/__analysis-kinds.yml @@ -87,16 +87,16 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/analyze with: - output: ${{ runner.temp }}/results + output: '${{ runner.temp }}/results' upload-database: false - post-processed-sarif-path: ${{ runner.temp }}/post-processed + post-processed-sarif-path: '${{ runner.temp }}/post-processed' - name: Upload SARIF files uses: actions/upload-artifact@v6 with: name: | analysis-kinds-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }} - path: ${{ runner.temp }}/results/*.sarif + path: '${{ runner.temp }}/results/*.sarif' retention-days: 7 - name: Upload post-processed SARIF @@ -104,7 +104,7 @@ jobs: with: name: | post-processed-${{ matrix.os }}-${{ matrix.version }}-${{ matrix.analysis-kinds }} - path: ${{ runner.temp }}/post-processed + path: '${{ runner.temp }}/post-processed' retention-days: 7 if-no-files-found: error @@ -112,7 +112,7 @@ jobs: if: contains(matrix.analysis-kinds, 'code-scanning') uses: actions/github-script@v8 env: - SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif + SARIF_PATH: '${{ runner.temp }}/results/javascript.sarif' EXPECT_PRESENT: 'false' with: script: ${{ env.CHECK_SCRIPT }} @@ -120,7 +120,7 @@ jobs: if: contains(matrix.analysis-kinds, 'code-quality') uses: actions/github-script@v8 env: - SARIF_PATH: ${{ runner.temp }}/results/javascript.quality.sarif + SARIF_PATH: '${{ runner.temp }}/results/javascript.quality.sarif' EXPECT_PRESENT: 'true' with: script: ${{ env.CHECK_SCRIPT }} diff --git a/.github/workflows/__analyze-ref-input.yml b/.github/workflows/__analyze-ref-input.yml index d28bbeb6a..671e5f57b 100644 --- a/.github/workflows/__analyze-ref-input.yml +++ b/.github/workflows/__analyze-ref-input.yml @@ -62,8 +62,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - analyze-ref-input-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: analyze-ref-input-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} jobs: analyze-ref-input: strategy: @@ -107,13 +106,12 @@ jobs: with: tools: ${{ steps.prepare-test.outputs.tools-url }} languages: cpp,csharp,java,javascript,python - config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ - github.sha }} + config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code run: ./build.sh - uses: ./../action/analyze with: - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__autobuild-action.yml b/.github/workflows/__autobuild-action.yml index ce7fe4be7..ed5cf1937 100644 --- a/.github/workflows/__autobuild-action.yml +++ b/.github/workflows/__autobuild-action.yml @@ -82,7 +82,7 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/autobuild env: - # Explicitly disable the CLR tracer. + # Explicitly disable the CLR tracer. COR_ENABLE_PROFILING: '' COR_PROFILER: '' COR_PROFILER_PATH_64: '' diff --git a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml index 6711dc727..4a411ad1b 100644 --- a/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml +++ b/.github/workflows/__autobuild-direct-tracing-with-working-dir.yml @@ -42,8 +42,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - autobuild-direct-tracing-with-working-dir-${{github.ref}}-${{inputs.java-version}} + group: autobuild-direct-tracing-with-working-dir-${{github.ref}}-${{inputs.java-version}} jobs: autobuild-direct-tracing-with-working-dir: strategy: diff --git a/.github/workflows/__build-mode-autobuild.yml b/.github/workflows/__build-mode-autobuild.yml index 3d05b3963..2863793fd 100644 --- a/.github/workflows/__build-mode-autobuild.yml +++ b/.github/workflows/__build-mode-autobuild.yml @@ -97,7 +97,7 @@ jobs: id: init with: build-mode: autobuild - db-location: ${{ runner.temp }}/customDbLocation + db-location: '${{ runner.temp }}/customDbLocation' languages: java tools: ${{ steps.prepare-test.outputs.tools-url }} diff --git a/.github/workflows/__build-mode-manual.yml b/.github/workflows/__build-mode-manual.yml index 356c1b1fc..b2723d64f 100644 --- a/.github/workflows/__build-mode-manual.yml +++ b/.github/workflows/__build-mode-manual.yml @@ -52,8 +52,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - build-mode-manual-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} + group: build-mode-manual-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} jobs: build-mode-manual: strategy: @@ -92,7 +91,7 @@ jobs: id: init with: build-mode: manual - db-location: ${{ runner.temp }}/customDbLocation + db-location: '${{ runner.temp }}/customDbLocation' languages: java tools: ${{ steps.prepare-test.outputs.tools-url }} diff --git a/.github/workflows/__build-mode-none.yml b/.github/workflows/__build-mode-none.yml index a570869ba..5611d2381 100644 --- a/.github/workflows/__build-mode-none.yml +++ b/.github/workflows/__build-mode-none.yml @@ -64,7 +64,7 @@ jobs: id: init with: build-mode: none - db-location: ${{ runner.temp }}/customDbLocation + db-location: '${{ runner.temp }}/customDbLocation' languages: java tools: ${{ steps.prepare-test.outputs.tools-url }} @@ -77,7 +77,7 @@ jobs: exit 1 fi - # The latest nightly supports omitting the autobuild Action when the build mode is specified. + # The latest nightly supports omitting the autobuild Action when the build mode is specified. - uses: ./../action/autobuild if: matrix.version != 'nightly-latest' diff --git a/.github/workflows/__build-mode-rollback.yml b/.github/workflows/__build-mode-rollback.yml index a213bd267..b4dd4041b 100644 --- a/.github/workflows/__build-mode-rollback.yml +++ b/.github/workflows/__build-mode-rollback.yml @@ -68,7 +68,7 @@ jobs: id: init with: build-mode: none - db-location: ${{ runner.temp }}/customDbLocation + db-location: '${{ runner.temp }}/customDbLocation' languages: java tools: ${{ steps.prepare-test.outputs.tools-url }} diff --git a/.github/workflows/__bundle-from-nightly.yml b/.github/workflows/__bundle-from-nightly.yml index c052bff67..a7dc934a0 100644 --- a/.github/workflows/__bundle-from-nightly.yml +++ b/.github/workflows/__bundle-from-nightly.yml @@ -66,7 +66,7 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} languages: javascript - name: Fail if the CodeQL version is not a nightly - if: "!contains(steps.init.outputs.codeql-version, '+')" + if: ${{ !contains(steps.init.outputs.codeql-version, '+') }} run: exit 1 env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__cleanup-db-cluster-dir.yml b/.github/workflows/__cleanup-db-cluster-dir.yml index 6d794e28c..cc41fea77 100644 --- a/.github/workflows/__cleanup-db-cluster-dir.yml +++ b/.github/workflows/__cleanup-db-cluster-dir.yml @@ -67,7 +67,7 @@ jobs: id: init with: build-mode: none - db-location: ${{ runner.temp }}/customDbLocation + db-location: '${{ runner.temp }}/customDbLocation' languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} diff --git a/.github/workflows/__config-export.yml b/.github/workflows/__config-export.yml index 72d76b93f..dce3fc85d 100644 --- a/.github/workflows/__config-export.yml +++ b/.github/workflows/__config-export.yml @@ -67,18 +67,18 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/analyze with: - output: ${{ runner.temp }}/results + output: '${{ runner.temp }}/results' upload-database: false - name: Upload SARIF uses: actions/upload-artifact@v6 with: name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json - path: ${{ runner.temp }}/results/javascript.sarif + path: '${{ runner.temp }}/results/javascript.sarif' retention-days: 7 - name: Check config properties appear in SARIF uses: actions/github-script@v8 env: - SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif + SARIF_PATH: '${{ runner.temp }}/results/javascript.sarif' with: script: | const fs = require('fs'); diff --git a/.github/workflows/__diagnostics-export.yml b/.github/workflows/__diagnostics-export.yml index 29c92d9ec..c18641694 100644 --- a/.github/workflows/__diagnostics-export.yml +++ b/.github/workflows/__diagnostics-export.yml @@ -78,18 +78,18 @@ jobs: --ready-for-status-page - uses: ./../action/analyze with: - output: ${{ runner.temp }}/results + output: '${{ runner.temp }}/results' upload-database: false - name: Upload SARIF uses: actions/upload-artifact@v6 with: name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json - path: ${{ runner.temp }}/results/javascript.sarif + path: '${{ runner.temp }}/results/javascript.sarif' retention-days: 7 - name: Check diagnostics appear in SARIF uses: actions/github-script@v8 env: - SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif + SARIF_PATH: '${{ runner.temp }}/results/javascript.sarif' with: script: | const fs = require('fs'); diff --git a/.github/workflows/__export-file-baseline-information.yml b/.github/workflows/__export-file-baseline-information.yml index 395317ad2..ef33c6485 100644 --- a/.github/workflows/__export-file-baseline-information.yml +++ b/.github/workflows/__export-file-baseline-information.yml @@ -52,8 +52,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - export-file-baseline-information-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} + group: export-file-baseline-information-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} jobs: export-file-baseline-information: strategy: @@ -101,12 +100,12 @@ jobs: run: ./build.sh - uses: ./../action/analyze with: - output: ${{ runner.temp }}/results + output: '${{ runner.temp }}/results' - name: Upload SARIF uses: actions/upload-artifact@v6 with: name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json - path: ${{ runner.temp }}/results/javascript.sarif + path: '${{ runner.temp }}/results/javascript.sarif' retention-days: 7 - name: Check results run: | diff --git a/.github/workflows/__go-custom-queries.yml b/.github/workflows/__go-custom-queries.yml index cc2120e86..f7d5a99f3 100644 --- a/.github/workflows/__go-custom-queries.yml +++ b/.github/workflows/__go-custom-queries.yml @@ -52,8 +52,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - go-custom-queries-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} + group: go-custom-queries-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} jobs: go-custom-queries: strategy: diff --git a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml index 9c2f42ec4..11497389f 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml @@ -77,7 +77,7 @@ jobs: with: languages: go tools: ${{ steps.prepare-test.outputs.tools-url }} - # Deliberately change Go after the `init` step + # Deliberately change Go after the `init` step - uses: actions/setup-go@v6 with: go-version: '1.20' @@ -85,12 +85,12 @@ jobs: run: go build main.go - uses: ./../action/analyze with: - output: ${{ runner.temp }}/results + output: '${{ runner.temp }}/results' upload-database: false - name: Check diagnostic appears in SARIF uses: actions/github-script@v8 env: - SARIF_PATH: ${{ runner.temp }}/results/go.sarif + SARIF_PATH: '${{ runner.temp }}/results/go.sarif' with: script: | const fs = require('fs'); diff --git a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml index 18645dcc3..7d83904e6 100644 --- a/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml +++ b/.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml @@ -42,8 +42,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - go-indirect-tracing-workaround-no-file-program-${{github.ref}}-${{inputs.go-version}} + group: go-indirect-tracing-workaround-no-file-program-${{github.ref}}-${{inputs.go-version}} jobs: go-indirect-tracing-workaround-no-file-program: strategy: @@ -87,12 +86,12 @@ jobs: run: go build main.go - uses: ./../action/analyze with: - output: ${{ runner.temp }}/results + output: '${{ runner.temp }}/results' upload-database: false - name: Check diagnostic appears in SARIF uses: actions/github-script@v8 env: - SARIF_PATH: ${{ runner.temp }}/results/go.sarif + SARIF_PATH: '${{ runner.temp }}/results/go.sarif' with: script: | const fs = require('fs'); diff --git a/.github/workflows/__init-with-registries.yml b/.github/workflows/__init-with-registries.yml index 81532e847..940784361 100644 --- a/.github/workflows/__init-with-registries.yml +++ b/.github/workflows/__init-with-registries.yml @@ -50,7 +50,6 @@ jobs: permissions: contents: read packages: read - timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: @@ -66,7 +65,7 @@ jobs: - name: Init with registries uses: ./../action/init with: - db-location: ${{ runner.temp }}/customDbLocation + db-location: '${{ runner.temp }}/customDbLocation' tools: ${{ steps.prepare-test.outputs.tools-url }} config-file: ./.github/codeql/codeql-config-registries.yml languages: javascript diff --git a/.github/workflows/__job-run-uuid-sarif.yml b/.github/workflows/__job-run-uuid-sarif.yml index da32ec432..3e48afbb1 100644 --- a/.github/workflows/__job-run-uuid-sarif.yml +++ b/.github/workflows/__job-run-uuid-sarif.yml @@ -65,12 +65,12 @@ jobs: tools: ${{ steps.prepare-test.outputs.tools-url }} - uses: ./../action/analyze with: - output: ${{ runner.temp }}/results + output: '${{ runner.temp }}/results' - name: Upload SARIF uses: actions/upload-artifact@v6 with: name: ${{ matrix.os }}-${{ matrix.version }}.sarif.json - path: ${{ runner.temp }}/results/javascript.sarif + path: '${{ runner.temp }}/results/javascript.sarif' retention-days: 7 - name: Check results run: | diff --git a/.github/workflows/__language-aliases.yml b/.github/workflows/__language-aliases.yml index afdc089f3..d64abe876 100644 --- a/.github/workflows/__language-aliases.yml +++ b/.github/workflows/__language-aliases.yml @@ -63,7 +63,7 @@ jobs: languages: C#,java-kotlin,swift,typescript tools: ${{ steps.prepare-test.outputs.tools-url }} - - name: Check languages + - name: 'Check languages' run: | expected_languages="csharp,java,swift,javascript" actual_languages=$(jq -r '.languages | join(",")' "$RUNNER_TEMP"/config) diff --git a/.github/workflows/__local-bundle.yml b/.github/workflows/__local-bundle.yml index bc3ab5ed6..ae7798300 100644 --- a/.github/workflows/__local-bundle.yml +++ b/.github/workflows/__local-bundle.yml @@ -62,8 +62,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - local-bundle-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: local-bundle-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} jobs: local-bundle: strategy: @@ -109,7 +108,7 @@ jobs: - id: init uses: ./../action/init with: - # Swift is not supported on Ubuntu so we manually exclude it from the list here + # Swift is not supported on Ubuntu so we manually exclude it from the list here languages: cpp,csharp,go,java,javascript,python,ruby tools: ./codeql-bundle-linux64.tar.zst - name: Build code diff --git a/.github/workflows/__multi-language-autodetect.yml b/.github/workflows/__multi-language-autodetect.yml index c0a573ffc..9cae8d362 100644 --- a/.github/workflows/__multi-language-autodetect.yml +++ b/.github/workflows/__multi-language-autodetect.yml @@ -62,8 +62,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - multi-language-autodetect-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: multi-language-autodetect-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} jobs: multi-language-autodetect: strategy: @@ -144,9 +143,8 @@ jobs: - uses: ./../action/init id: init with: - db-location: ${{ runner.temp }}/customDbLocation - languages: ${{ runner.os == 'Linux' && 'cpp,csharp,go,java,javascript,python,ruby' - || '' }} + db-location: '${{ runner.temp }}/customDbLocation' + languages: ${{ runner.os == 'Linux' && 'cpp,csharp,go,java,javascript,python,ruby' || '' }} tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code diff --git a/.github/workflows/__packaging-codescanning-config-inputs-js.yml b/.github/workflows/__packaging-codescanning-config-inputs-js.yml index 43b70163a..d0304ecd1 100644 --- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml +++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml @@ -62,8 +62,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - packaging-codescanning-config-inputs-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: packaging-codescanning-config-inputs-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} jobs: packaging-codescanning-config-inputs-js: strategy: @@ -116,7 +115,7 @@ jobs: dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - uses: ./../action/init with: - config-file: .github/codeql/codeql-config-packaging3.yml + config-file: '.github/codeql/codeql-config-packaging3.yml' packs: +codeql-testing/codeql-pack1@1.0.0 languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} @@ -124,15 +123,14 @@ jobs: run: ./build.sh - uses: ./../action/analyze with: - output: ${{ runner.temp }}/results + output: '${{ runner.temp }}/results' upload-database: false - name: Check results uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: - javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block + queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block queries-not-run: foo,bar - name: Assert Results diff --git a/.github/workflows/__packaging-config-inputs-js.yml b/.github/workflows/__packaging-config-inputs-js.yml index 7ea2729c8..f97103009 100644 --- a/.github/workflows/__packaging-config-inputs-js.yml +++ b/.github/workflows/__packaging-config-inputs-js.yml @@ -52,8 +52,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - packaging-config-inputs-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} + group: packaging-config-inputs-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} jobs: packaging-config-inputs-js: strategy: @@ -101,7 +100,7 @@ jobs: dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - uses: ./../action/init with: - config-file: .github/codeql/codeql-config-packaging3.yml + config-file: '.github/codeql/codeql-config-packaging3.yml' packs: +codeql-testing/codeql-pack1@1.0.0 languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} @@ -109,15 +108,14 @@ jobs: run: ./build.sh - uses: ./../action/analyze with: - output: ${{ runner.temp }}/results + output: '${{ runner.temp }}/results' upload-database: false - name: Check results uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: - javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block + queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block queries-not-run: foo,bar - name: Assert Results diff --git a/.github/workflows/__packaging-config-js.yml b/.github/workflows/__packaging-config-js.yml index 7c921cecc..99bd171f9 100644 --- a/.github/workflows/__packaging-config-js.yml +++ b/.github/workflows/__packaging-config-js.yml @@ -52,8 +52,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - packaging-config-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} + group: packaging-config-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} jobs: packaging-config-js: strategy: @@ -101,22 +100,21 @@ jobs: dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - uses: ./../action/init with: - config-file: .github/codeql/codeql-config-packaging.yml + config-file: '.github/codeql/codeql-config-packaging.yml' languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code run: ./build.sh - uses: ./../action/analyze with: - output: ${{ runner.temp }}/results + output: '${{ runner.temp }}/results' upload-database: false - name: Check results uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: - javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block + queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block queries-not-run: foo,bar - name: Assert Results diff --git a/.github/workflows/__packaging-inputs-js.yml b/.github/workflows/__packaging-inputs-js.yml index 224b06305..e5cd0182e 100644 --- a/.github/workflows/__packaging-inputs-js.yml +++ b/.github/workflows/__packaging-inputs-js.yml @@ -52,8 +52,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - packaging-inputs-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} + group: packaging-inputs-js-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} jobs: packaging-inputs-js: strategy: @@ -101,7 +100,7 @@ jobs: dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - uses: ./../action/init with: - config-file: .github/codeql/codeql-config-packaging2.yml + config-file: '.github/codeql/codeql-config-packaging2.yml' languages: javascript packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql tools: ${{ steps.prepare-test.outputs.tools-url }} @@ -109,14 +108,13 @@ jobs: run: ./build.sh - uses: ./../action/analyze with: - output: ${{ runner.temp }}/results + output: '${{ runner.temp }}/results' - name: Check results uses: ./../action/.github/actions/check-sarif with: sarif-file: ${{ runner.temp }}/results/javascript.sarif - queries-run: - javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block + queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block queries-not-run: foo,bar - name: Assert Results diff --git a/.github/workflows/__remote-config.yml b/.github/workflows/__remote-config.yml index a026117a7..abf5cd21e 100644 --- a/.github/workflows/__remote-config.yml +++ b/.github/workflows/__remote-config.yml @@ -62,8 +62,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - remote-config-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: remote-config-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} jobs: remote-config: strategy: @@ -109,8 +108,7 @@ jobs: with: tools: ${{ steps.prepare-test.outputs.tools-url }} languages: cpp,csharp,java,javascript,python - config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ - github.sha }} + config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code run: ./build.sh - uses: ./../action/analyze diff --git a/.github/workflows/__resolve-environment-action.yml b/.github/workflows/__resolve-environment-action.yml index 3acee8d64..8b3391064 100644 --- a/.github/workflows/__resolve-environment-action.yml +++ b/.github/workflows/__resolve-environment-action.yml @@ -84,8 +84,7 @@ jobs: language: javascript-typescript - name: Fail if JavaScript/TypeScript configuration present - if: - fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript + if: fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript run: exit 1 env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__split-workflow.yml b/.github/workflows/__split-workflow.yml index 9e1cad8e0..58e547f36 100644 --- a/.github/workflows/__split-workflow.yml +++ b/.github/workflows/__split-workflow.yml @@ -99,7 +99,7 @@ jobs: dotnet-version: ${{ inputs.dotnet-version || '9.x' }} - uses: ./../action/init with: - config-file: .github/codeql/codeql-config-packaging3.yml + config-file: '.github/codeql/codeql-config-packaging3.yml' packs: +codeql-testing/codeql-pack1@1.0.0 languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} @@ -108,7 +108,7 @@ jobs: - uses: ./../action/analyze with: skip-queries: true - output: ${{ runner.temp }}/results + output: '${{ runner.temp }}/results' upload-database: false - name: Assert No Results @@ -119,7 +119,7 @@ jobs: fi - uses: ./../action/analyze with: - output: ${{ runner.temp }}/results + output: '${{ runner.temp }}/results' upload-database: false - name: Assert Results run: | diff --git a/.github/workflows/__start-proxy.yml b/.github/workflows/__start-proxy.yml index 438a99405..e1a0f833e 100644 --- a/.github/workflows/__start-proxy.yml +++ b/.github/workflows/__start-proxy.yml @@ -71,8 +71,7 @@ jobs: id: proxy uses: ./../action/start-proxy with: - registry_secrets: '[{ "type": "nuget_feed", "url": "https://api.nuget.org/v3/index.json" - }]' + registry_secrets: '[{ "type": "nuget_feed", "url": "https://api.nuget.org/v3/index.json" }]' - name: Print proxy outputs run: | @@ -81,8 +80,7 @@ jobs: echo "${{ steps.proxy.outputs.proxy_urls }}" - name: Fail if proxy outputs are not set - if: (!steps.proxy.outputs.proxy_host) || (!steps.proxy.outputs.proxy_port) - || (!steps.proxy.outputs.proxy_ca_certificate) || (!steps.proxy.outputs.proxy_urls) + if: (!steps.proxy.outputs.proxy_host) || (!steps.proxy.outputs.proxy_port) || (!steps.proxy.outputs.proxy_ca_certificate) || (!steps.proxy.outputs.proxy_urls) run: exit 1 env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__submit-sarif-failure.yml b/.github/workflows/__submit-sarif-failure.yml index 93553d18d..2fdfeddfb 100644 --- a/.github/workflows/__submit-sarif-failure.yml +++ b/.github/workflows/__submit-sarif-failure.yml @@ -49,8 +49,7 @@ jobs: if: github.triggering_actor != 'dependabot[bot]' permissions: contents: read - security-events: write # needed to upload the SARIF file - + security-events: write timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: @@ -69,26 +68,20 @@ jobs: languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Fail - # We want this job to pass if the Action correctly uploads the SARIF file for - # the failed run. - # Setting this step to continue on error means that it is marked as completing - # successfully, so will not fail the job. + # We want this job to pass if the Action correctly uploads the SARIF file for + # the failed run. + # Setting this step to continue on error means that it is marked as completing + # successfully, so will not fail the job. continue-on-error: true run: exit 1 - uses: ./analyze - # In a real workflow, this step wouldn't run. Since we used `continue-on-error` - # above, we manually disable it with an `if` condition. + # In a real workflow, this step wouldn't run. Since we used `continue-on-error` + # above, we manually disable it with an `if` condition. if: false with: - category: /test-codeql-version:${{ matrix.version }} + category: '/test-codeql-version:${{ matrix.version }}' env: - # Internal-only environment variable used to indicate that the post-init Action - # should expect to upload a SARIF file for the failed run. CODEQL_ACTION_EXPECT_UPLOAD_FAILED_SARIF: true - # Make sure the uploading SARIF files feature is enabled. CODEQL_ACTION_UPLOAD_FAILED_SARIF: true - # Upload the failed SARIF file as an integration test of the API endpoint. CODEQL_ACTION_TEST_MODE: false - # Mark telemetry for this workflow so it can be treated separately. CODEQL_ACTION_TESTING_ENVIRONMENT: codeql-action-pr-checks - diff --git a/.github/workflows/__swift-custom-build.yml b/.github/workflows/__swift-custom-build.yml index bc3e5d71f..7749f1b81 100644 --- a/.github/workflows/__swift-custom-build.yml +++ b/.github/workflows/__swift-custom-build.yml @@ -52,8 +52,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - swift-custom-build-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} + group: swift-custom-build-${{github.ref}}-${{inputs.go-version}}-${{inputs.dotnet-version}} jobs: swift-custom-build: strategy: diff --git a/.github/workflows/__unset-environment.yml b/.github/workflows/__unset-environment.yml index b1918fe26..5be68f810 100644 --- a/.github/workflows/__unset-environment.yml +++ b/.github/workflows/__unset-environment.yml @@ -62,8 +62,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - unset-environment-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: unset-environment-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} jobs: unset-environment: strategy: @@ -109,7 +108,7 @@ jobs: id: init with: db-location: ${{ runner.temp }}/customDbLocation - # Swift is not supported on Ubuntu so we manually exclude it from the list here + # Swift is not supported on Ubuntu so we manually exclude it from the list here languages: cpp,csharp,go,java,javascript,python,ruby tools: ${{ steps.prepare-test.outputs.tools-url }} - name: Build code diff --git a/.github/workflows/__upload-ref-sha-input.yml b/.github/workflows/__upload-ref-sha-input.yml index ad242dd7c..f9a832d7e 100644 --- a/.github/workflows/__upload-ref-sha-input.yml +++ b/.github/workflows/__upload-ref-sha-input.yml @@ -62,8 +62,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - upload-ref-sha-input-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: upload-ref-sha-input-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} jobs: upload-ref-sha-input: strategy: @@ -107,19 +106,18 @@ jobs: with: tools: ${{ steps.prepare-test.outputs.tools-url }} languages: cpp,csharp,java,javascript,python - config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ - github.sha }} + config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - name: Build code run: ./build.sh - # Generate some SARIF we can upload with the upload-sarif step + # Generate some SARIF we can upload with the upload-sarif step - uses: ./../action/analyze with: - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' upload: never - uses: ./../action/upload-sarif with: - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__upload-sarif.yml b/.github/workflows/__upload-sarif.yml index 494731fa4..873ba5ca9 100644 --- a/.github/workflows/__upload-sarif.yml +++ b/.github/workflows/__upload-sarif.yml @@ -62,8 +62,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - upload-sarif-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: upload-sarif-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} jobs: upload-sarif: strategy: @@ -117,11 +116,11 @@ jobs: analysis-kinds: ${{ matrix.analysis-kinds }} - name: Build code run: ./build.sh - # Generate some SARIF we can upload with the upload-sarif step + # Generate some SARIF we can upload with the upload-sarif step - uses: ./../action/analyze with: - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' upload: never output: ${{ runner.temp }}/results @@ -130,15 +129,15 @@ jobs: uses: ./../action/upload-sarif id: upload-sarif with: - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' sarif_file: ${{ runner.temp }}/results category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:all-files/ - - name: Fail for missing output from `upload-sarif` step for `code-scanning` + - name: 'Fail for missing output from `upload-sarif` step for `code-scanning`' if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning) run: exit 1 - - name: Fail for missing output from `upload-sarif` step for `code-quality` + - name: 'Fail for missing output from `upload-sarif` step for `code-quality`' if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality) run: exit 1 @@ -147,28 +146,26 @@ jobs: id: upload-single-sarif-code-scanning if: contains(matrix.analysis-kinds, 'code-scanning') with: - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' sarif_file: ${{ runner.temp }}/results/javascript.sarif category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-scanning/ - - name: Fail for missing output from `upload-single-sarif-code-scanning` step - if: contains(matrix.analysis-kinds, 'code-scanning') && - !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning) + - name: 'Fail for missing output from `upload-single-sarif-code-scanning` step' + if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning) run: exit 1 - name: Upload single SARIF file for Code Quality uses: ./../action/upload-sarif id: upload-single-sarif-code-quality if: contains(matrix.analysis-kinds, 'code-quality') with: - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' sarif_file: ${{ runner.temp }}/results/javascript.quality.sarif category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-quality/ - - name: Fail for missing output from `upload-single-sarif-code-quality` step - if: contains(matrix.analysis-kinds, 'code-quality') && - !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality) + - name: 'Fail for missing output from `upload-single-sarif-code-quality` step' + if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality) run: exit 1 - name: Change SARIF file extension @@ -179,12 +176,12 @@ jobs: id: upload-single-non-sarif if: contains(matrix.analysis-kinds, 'code-scanning') with: - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' sarif_file: ${{ runner.temp }}/results/javascript.sarif.json category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:non-sarif/ - - name: Fail for missing output from `upload-single-non-sarif` step + - name: 'Fail for missing output from `upload-single-non-sarif` step' if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning) run: exit 1 env: diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index c976b4e9b..11f6e1dbc 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -62,8 +62,7 @@ defaults: shell: bash concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' || false }} - group: - with-checkout-path-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} + group: with-checkout-path-${{github.ref}}-${{inputs.go-version}}-${{inputs.python-version}}-${{inputs.dotnet-version}} jobs: with-checkout-path: strategy: @@ -80,6 +79,7 @@ jobs: timeout-minutes: 45 runs-on: ${{ matrix.os }} steps: + # This ensures we don't accidentally use the original checkout for any part of the test. - name: Check out repository uses: actions/checkout@v6 - name: Prepare test @@ -109,8 +109,8 @@ jobs: # Actions does not support deleting the current working directory, so we # delete the contents of the directory instead. rm -rf ./* .github .git - # Check out the actions repo again, but at a different location. - # choose an arbitrary SHA so that we can later test that the commit_oid is not from main + # Check out the actions repo again, but at a different location. + # choose an arbitrary SHA so that we can later test that the commit_oid is not from main - uses: actions/checkout@v6 with: ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 @@ -119,7 +119,7 @@ jobs: - uses: ./../action/init with: tools: ${{ steps.prepare-test.outputs.tools-url }} - # it's enough to test one compiled language and one interpreted language + # it's enough to test one compiled language and one interpreted language languages: csharp,javascript source-root: x/y/z/some-path/tests/multi-language-repo diff --git a/pr-checks/checks/bundle-from-nightly.yml b/pr-checks/checks/bundle-from-nightly.yml index 4f68b7829..ac7076cb0 100644 --- a/pr-checks/checks/bundle-from-nightly.yml +++ b/pr-checks/checks/bundle-from-nightly.yml @@ -11,5 +11,5 @@ steps: tools: ${{ steps.prepare-test.outputs.tools-url }} languages: javascript - name: Fail if the CodeQL version is not a nightly - if: "!contains(steps.init.outputs.codeql-version, '+')" + if: ${{ !contains(steps.init.outputs.codeql-version, '+') }} run: exit 1 diff --git a/pr-checks/checks/upload-sarif.yml b/pr-checks/checks/upload-sarif.yml index cfe66a3f8..8009225c2 100644 --- a/pr-checks/checks/upload-sarif.yml +++ b/pr-checks/checks/upload-sarif.yml @@ -32,16 +32,16 @@ steps: category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:all-files/ - name: "Fail for missing output from `upload-sarif` step for `code-scanning`" - if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning)" + if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning) run: exit 1 - name: "Fail for missing output from `upload-sarif` step for `code-quality`" - if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)" + if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality) run: exit 1 - name: Upload single SARIF file for Code Scanning uses: ./../action/upload-sarif id: upload-single-sarif-code-scanning - if: "contains(matrix.analysis-kinds, 'code-scanning')" + if: contains(matrix.analysis-kinds, 'code-scanning') with: ref: 'refs/heads/main' sha: '5e235361806c361d4d3f8859e3c897658025a9a2' @@ -49,12 +49,12 @@ steps: category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-scanning/ - name: "Fail for missing output from `upload-single-sarif-code-scanning` step" - if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning)" + if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning) run: exit 1 - name: Upload single SARIF file for Code Quality uses: ./../action/upload-sarif id: upload-single-sarif-code-quality - if: "contains(matrix.analysis-kinds, 'code-quality')" + if: contains(matrix.analysis-kinds, 'code-quality') with: ref: 'refs/heads/main' sha: '5e235361806c361d4d3f8859e3c897658025a9a2' @@ -62,16 +62,16 @@ steps: category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-quality/ - name: "Fail for missing output from `upload-single-sarif-code-quality` step" - if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality)" + if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality) run: exit 1 - name: Change SARIF file extension - if: "contains(matrix.analysis-kinds, 'code-scanning')" + if: contains(matrix.analysis-kinds, 'code-scanning') run: mv ${{ runner.temp }}/results/javascript.sarif ${{ runner.temp }}/results/javascript.sarif.json - name: Upload single non-`.sarif` file uses: ./../action/upload-sarif id: upload-single-non-sarif - if: "contains(matrix.analysis-kinds, 'code-scanning')" + if: contains(matrix.analysis-kinds, 'code-scanning') with: ref: 'refs/heads/main' sha: '5e235361806c361d4d3f8859e3c897658025a9a2' @@ -79,5 +79,5 @@ steps: category: | ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:non-sarif/ - name: "Fail for missing output from `upload-single-non-sarif` step" - if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning)" + if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning) run: exit 1 diff --git a/pr-checks/sync.ts b/pr-checks/sync.ts index c57cbbdc2..d4e5ea2e0 100755 --- a/pr-checks/sync.ts +++ b/pr-checks/sync.ts @@ -365,6 +365,18 @@ function main(): void { // Extract the sequence of steps from the YAML document to persist as much formatting as possible. const specSteps = specDocument.get("steps") as yaml.YAMLSeq; + + // A handful of workflow specifications use double quotes for values, while we generally use single quotes. + // This replaces double quotes with single quotes for consistency. + yaml.visit(specSteps, { + Scalar(_key, node) { + if (node.type === "QUOTE_DOUBLE") { + node.type = "QUOTE_SINGLE"; + } + } + }); + + // Add the generated steps in front of the ones from the specification. specSteps.items.unshift(...steps); const checkJob: Record = {