Skip to content

Commit 1bfe335

Browse files
Merge branch 'main' into Token_validation
2 parents 0b0777a + 48761b8 commit 1bfe335

File tree

3,552 files changed

+299735
-156130
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

3,552 files changed

+299735
-156130
lines changed

.github/actions/fetch-codeql/action.yml

Lines changed: 4 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -3,22 +3,12 @@ description: Fetches the latest version of CodeQL
33
runs:
44
using: composite
55
steps:
6-
- name: Select platform - Linux
7-
if: runner.os == 'Linux'
8-
shell: bash
9-
run: echo "GA_CODEQL_CLI_PLATFORM=linux64" >> $GITHUB_ENV
10-
11-
- name: Select platform - MacOS
12-
if: runner.os == 'MacOS'
13-
shell: bash
14-
run: echo "GA_CODEQL_CLI_PLATFORM=osx64" >> $GITHUB_ENV
15-
166
- name: Fetch CodeQL
177
shell: bash
188
run: |
19-
LATEST=$(gh release list --repo https://github.com/github/codeql-cli-binaries | cut -f 1 | grep -v beta | sort --version-sort | tail -1)
20-
gh release download --repo https://github.com/github/codeql-cli-binaries --pattern codeql-$GA_CODEQL_CLI_PLATFORM.zip "$LATEST"
21-
unzip -q -d "${RUNNER_TEMP}" codeql-$GA_CODEQL_CLI_PLATFORM.zip
22-
echo "${RUNNER_TEMP}/codeql" >> "${GITHUB_PATH}"
9+
gh extension install github/gh-codeql
10+
gh codeql set-channel nightly
11+
gh codeql version
12+
gh codeql version --format=json | jq -r .unpackedLocation >> "${GITHUB_PATH}"
2313
env:
2414
GITHUB_TOKEN: ${{ github.token }}

.github/labeler.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,3 +42,4 @@ documentation:
4242

4343
"QL-for-QL":
4444
- ql/**/*
45+
- .github/workflows/ql-for-ql*

.github/workflows/check-change-note.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ on:
1010
- "*/ql/lib/**/*.qll"
1111
- "!**/experimental/**"
1212
- "!ql/**"
13+
- "!swift/**"
1314
- ".github/workflows/check-change-note.yml"
1415

1516
jobs:

.github/workflows/check-qldoc.yml

Lines changed: 6 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@ on:
55
paths:
66
- "*/ql/lib/**"
77
- .github/workflows/check-qldoc.yml
8+
- .github/actions/fetch-codeql/action.yml
89
branches:
910
- main
1011
- "rc/*"
@@ -14,18 +15,13 @@ jobs:
1415
runs-on: ubuntu-latest
1516

1617
steps:
17-
- name: Install CodeQL
18-
run: |
19-
gh extension install github/gh-codeql
20-
gh codeql set-channel nightly
21-
gh codeql version
22-
env:
23-
GITHUB_TOKEN: ${{ github.token }}
24-
2518
- uses: actions/checkout@v3
2619
with:
2720
fetch-depth: 2
2821

22+
- name: Install CodeQL
23+
uses: ./.github/actions/fetch-codeql
24+
2925
- name: Check QLdoc coverage
3026
shell: bash
3127
run: |
@@ -34,15 +30,15 @@ jobs:
3430
changed_lib_packs="$(git diff --name-only --diff-filter=ACMRT HEAD^ HEAD | { grep -Po '^(?!swift)[a-z]*/ql/lib' || true; } | sort -u)"
3531
for pack_dir in ${changed_lib_packs}; do
3632
lang="${pack_dir%/ql/lib}"
37-
gh codeql generate library-doc-coverage --output="${RUNNER_TEMP}/${lang}-current.txt" --dir="${pack_dir}"
33+
codeql generate library-doc-coverage --output="${RUNNER_TEMP}/${lang}-current.txt" --dir="${pack_dir}"
3834
done
3935
git checkout HEAD^
4036
for pack_dir in ${changed_lib_packs}; do
4137
# When we add a new language, pack_dir would not exist in HEAD^.
4238
# In this case the right thing to do is to skip the check.
4339
[[ ! -d "${pack_dir}" ]] && continue
4440
lang="${pack_dir%/ql/lib}"
45-
gh codeql generate library-doc-coverage --output="${RUNNER_TEMP}/${lang}-baseline.txt" --dir="${pack_dir}"
41+
codeql generate library-doc-coverage --output="${RUNNER_TEMP}/${lang}-baseline.txt" --dir="${pack_dir}"
4642
awk -F, '{gsub(/"/,""); if ($4==0 && $6=="public") print "\""$3"\"" }' "${RUNNER_TEMP}/${lang}-current.txt" | sort -u > "${RUNNER_TEMP}/current-undocumented.txt"
4743
awk -F, '{gsub(/"/,""); if ($4==0 && $6=="public") print "\""$3"\"" }' "${RUNNER_TEMP}/${lang}-baseline.txt" | sort -u > "${RUNNER_TEMP}/baseline-undocumented.txt"
4844
UNDOCUMENTED="$(grep -f <(comm -13 "${RUNNER_TEMP}/baseline-undocumented.txt" "${RUNNER_TEMP}/current-undocumented.txt") "${RUNNER_TEMP}/${lang}-current.txt" || true)"

.github/workflows/csv-coverage-metrics.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ on:
1212
- main
1313
paths:
1414
- ".github/workflows/csv-coverage-metrics.yml"
15+
- ".github/actions/fetch-codeql/action.yml"
1516

1617
jobs:
1718
publish-java:

.github/workflows/csv-coverage-pr-artifacts.yml

Lines changed: 80 additions & 83 deletions
Original file line numberDiff line numberDiff line change
@@ -3,18 +3,20 @@ name: Check framework coverage changes
33
on:
44
pull_request:
55
paths:
6-
- '.github/workflows/csv-coverage-pr-comment.yml'
7-
- '*/ql/src/**/*.ql'
8-
- '*/ql/src/**/*.qll'
9-
- '*/ql/lib/**/*.ql'
10-
- '*/ql/lib/**/*.qll'
11-
- 'misc/scripts/library-coverage/*.py'
6+
- ".github/workflows/csv-coverage-pr-comment.yml"
7+
- ".github/workflows/csv-coverage-pr-artifacts.yml"
8+
- ".github/actions/fetch-codeql/action.yml"
9+
- "*/ql/src/**/*.ql"
10+
- "*/ql/src/**/*.qll"
11+
- "*/ql/lib/**/*.ql"
12+
- "*/ql/lib/**/*.qll"
13+
- "misc/scripts/library-coverage/*.py"
1214
# input data files
13-
- '*/documentation/library-coverage/cwe-sink.csv'
14-
- '*/documentation/library-coverage/frameworks.csv'
15+
- "*/documentation/library-coverage/cwe-sink.csv"
16+
- "*/documentation/library-coverage/frameworks.csv"
1517
branches:
1618
- main
17-
- 'rc/*'
19+
- "rc/*"
1820

1921
jobs:
2022
generate:
@@ -23,77 +25,72 @@ jobs:
2325
runs-on: ubuntu-latest
2426

2527
steps:
26-
- name: Dump GitHub context
27-
env:
28-
GITHUB_CONTEXT: ${{ toJSON(github.event) }}
29-
run: echo "$GITHUB_CONTEXT"
30-
- name: Clone self (github/codeql) - MERGE
31-
uses: actions/checkout@v3
32-
with:
33-
path: merge
34-
- name: Clone self (github/codeql) - BASE
35-
uses: actions/checkout@v3
36-
with:
37-
fetch-depth: 2
38-
path: base
39-
- run: |
40-
git checkout HEAD^1
41-
git log -1 --format='%H'
42-
working-directory: base
43-
- name: Set up Python 3.8
44-
uses: actions/setup-python@v4
45-
with:
46-
python-version: 3.8
47-
- name: Download CodeQL CLI
48-
env:
49-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
50-
run: |
51-
gh release download --repo "github/codeql-cli-binaries" --pattern "codeql-linux64.zip"
52-
- name: Unzip CodeQL CLI
53-
run: unzip -d codeql-cli codeql-linux64.zip
54-
- name: Generate CSV files on merge commit of the PR
55-
run: |
56-
echo "Running generator on merge"
57-
PATH="$PATH:codeql-cli/codeql" python merge/misc/scripts/library-coverage/generate-report.py ci merge merge
58-
mkdir out_merge
59-
cp framework-coverage-*.csv out_merge/
60-
cp framework-coverage-*.rst out_merge/
61-
- name: Generate CSV files on base commit of the PR
62-
run: |
63-
echo "Running generator on base"
64-
PATH="$PATH:codeql-cli/codeql" python base/misc/scripts/library-coverage/generate-report.py ci base base
65-
mkdir out_base
66-
cp framework-coverage-*.csv out_base/
67-
cp framework-coverage-*.rst out_base/
68-
- name: Generate diff of coverage reports
69-
run: |
70-
python base/misc/scripts/library-coverage/compare-folders.py out_base out_merge comparison.md
71-
- name: Upload CSV package list
72-
uses: actions/upload-artifact@v3
73-
with:
74-
name: csv-framework-coverage-merge
75-
path: |
76-
out_merge/framework-coverage-*.csv
77-
out_merge/framework-coverage-*.rst
78-
- name: Upload CSV package list
79-
uses: actions/upload-artifact@v3
80-
with:
81-
name: csv-framework-coverage-base
82-
path: |
83-
out_base/framework-coverage-*.csv
84-
out_base/framework-coverage-*.rst
85-
- name: Upload comparison results
86-
uses: actions/upload-artifact@v3
87-
with:
88-
name: comparison
89-
path: |
90-
comparison.md
91-
- name: Save PR number
92-
run: |
93-
mkdir -p pr
94-
echo ${{ github.event.pull_request.number }} > pr/NR
95-
- name: Upload PR number
96-
uses: actions/upload-artifact@v3
97-
with:
98-
name: pr
99-
path: pr/
28+
- name: Dump GitHub context
29+
env:
30+
GITHUB_CONTEXT: ${{ toJSON(github.event) }}
31+
run: echo "$GITHUB_CONTEXT"
32+
- name: Clone self (github/codeql) - MERGE
33+
uses: actions/checkout@v3
34+
with:
35+
path: merge
36+
- name: Clone self (github/codeql) - BASE
37+
uses: actions/checkout@v3
38+
with:
39+
fetch-depth: 2
40+
path: base
41+
- run: |
42+
git checkout HEAD^1
43+
git log -1 --format='%H'
44+
working-directory: base
45+
- name: Set up Python 3.8
46+
uses: actions/setup-python@v4
47+
with:
48+
python-version: 3.8
49+
- name: Download CodeQL CLI
50+
uses: ./merge/.github/actions/fetch-codeql
51+
- name: Generate CSV files on merge commit of the PR
52+
run: |
53+
echo "Running generator on merge"
54+
python merge/misc/scripts/library-coverage/generate-report.py ci merge merge
55+
mkdir out_merge
56+
cp framework-coverage-*.csv out_merge/
57+
cp framework-coverage-*.rst out_merge/
58+
- name: Generate CSV files on base commit of the PR
59+
run: |
60+
echo "Running generator on base"
61+
python base/misc/scripts/library-coverage/generate-report.py ci base base
62+
mkdir out_base
63+
cp framework-coverage-*.csv out_base/
64+
cp framework-coverage-*.rst out_base/
65+
- name: Generate diff of coverage reports
66+
run: |
67+
python base/misc/scripts/library-coverage/compare-folders.py out_base out_merge comparison.md
68+
- name: Upload CSV package list
69+
uses: actions/upload-artifact@v3
70+
with:
71+
name: csv-framework-coverage-merge
72+
path: |
73+
out_merge/framework-coverage-*.csv
74+
out_merge/framework-coverage-*.rst
75+
- name: Upload CSV package list
76+
uses: actions/upload-artifact@v3
77+
with:
78+
name: csv-framework-coverage-base
79+
path: |
80+
out_base/framework-coverage-*.csv
81+
out_base/framework-coverage-*.rst
82+
- name: Upload comparison results
83+
uses: actions/upload-artifact@v3
84+
with:
85+
name: comparison
86+
path: |
87+
comparison.md
88+
- name: Save PR number
89+
run: |
90+
mkdir -p pr
91+
echo ${{ github.event.pull_request.number }} > pr/NR
92+
- name: Upload PR number
93+
uses: actions/upload-artifact@v3
94+
with:
95+
name: pr
96+
path: pr/

.github/workflows/csv-coverage-timeseries.yml

Lines changed: 23 additions & 32 deletions
Original file line numberDiff line numberDiff line change
@@ -5,38 +5,29 @@ on:
55

66
jobs:
77
build:
8-
98
runs-on: ubuntu-latest
109

1110
steps:
12-
- name: Clone self (github/codeql)
13-
uses: actions/checkout@v3
14-
with:
15-
path: script
16-
- name: Clone self (github/codeql) for analysis
17-
uses: actions/checkout@v3
18-
with:
19-
path: codeqlModels
20-
fetch-depth: 0
21-
- name: Set up Python 3.8
22-
uses: actions/setup-python@v4
23-
with:
24-
python-version: 3.8
25-
- name: Download CodeQL CLI
26-
env:
27-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
28-
run: |
29-
gh release download --repo "github/codeql-cli-binaries" --pattern "codeql-linux64.zip"
30-
- name: Unzip CodeQL CLI
31-
run: unzip -d codeql-cli codeql-linux64.zip
32-
- name: Build modeled package list
33-
run: |
34-
CLI=$(realpath "codeql-cli/codeql")
35-
echo $CLI
36-
PATH="$PATH:$CLI" python script/misc/scripts/library-coverage/generate-timeseries.py codeqlModels
37-
- name: Upload timeseries CSV
38-
uses: actions/upload-artifact@v3
39-
with:
40-
name: framework-coverage-timeseries
41-
path: framework-coverage-timeseries-*.csv
42-
11+
- name: Clone self (github/codeql)
12+
uses: actions/checkout@v3
13+
with:
14+
path: script
15+
- name: Clone self (github/codeql) for analysis
16+
uses: actions/checkout@v3
17+
with:
18+
path: codeqlModels
19+
fetch-depth: 0
20+
- name: Set up Python 3.8
21+
uses: actions/setup-python@v4
22+
with:
23+
python-version: 3.8
24+
- name: Download CodeQL CLI
25+
uses: ./script/.github/actions/fetch-codeql
26+
- name: Build modeled package list
27+
run: |
28+
python script/misc/scripts/library-coverage/generate-timeseries.py codeqlModels
29+
- name: Upload timeseries CSV
30+
uses: actions/upload-artifact@v3
31+
with:
32+
name: framework-coverage-timeseries
33+
path: framework-coverage-timeseries-*.csv

.github/workflows/csv-coverage-update.yml

Lines changed: 23 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -12,33 +12,27 @@ jobs:
1212
runs-on: ubuntu-latest
1313

1414
steps:
15-
- name: Dump GitHub context
16-
env:
17-
GITHUB_CONTEXT: ${{ toJSON(github.event) }}
18-
run: echo "$GITHUB_CONTEXT"
19-
- name: Clone self (github/codeql)
20-
uses: actions/checkout@v3
21-
with:
22-
path: ql
23-
fetch-depth: 0
24-
- name: Set up Python 3.8
25-
uses: actions/setup-python@v4
26-
with:
27-
python-version: 3.8
28-
- name: Download CodeQL CLI
29-
env:
30-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
31-
run: |
32-
gh release download --repo "github/codeql-cli-binaries" --pattern "codeql-linux64.zip"
33-
- name: Unzip CodeQL CLI
34-
run: unzip -d codeql-cli codeql-linux64.zip
15+
- name: Dump GitHub context
16+
env:
17+
GITHUB_CONTEXT: ${{ toJSON(github.event) }}
18+
run: echo "$GITHUB_CONTEXT"
19+
- name: Clone self (github/codeql)
20+
uses: actions/checkout@v3
21+
with:
22+
path: ql
23+
fetch-depth: 0
24+
- name: Set up Python 3.8
25+
uses: actions/setup-python@v4
26+
with:
27+
python-version: 3.8
28+
- name: Download CodeQL CLI
29+
uses: ./ql/.github/actions/fetch-codeql
30+
- name: Generate coverage files
31+
run: |
32+
python ql/misc/scripts/library-coverage/generate-report.py ci ql ql
3533
36-
- name: Generate coverage files
37-
run: |
38-
PATH="$PATH:codeql-cli/codeql" python ql/misc/scripts/library-coverage/generate-report.py ci ql ql
39-
40-
- name: Create pull request with changes
41-
env:
42-
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
43-
run: |
44-
python ql/misc/scripts/library-coverage/create-pr.py ql "$GITHUB_REPOSITORY"
34+
- name: Create pull request with changes
35+
env:
36+
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
37+
run: |
38+
python ql/misc/scripts/library-coverage/create-pr.py ql "$GITHUB_REPOSITORY"

0 commit comments

Comments
 (0)