-
Notifications
You must be signed in to change notification settings - Fork 28
133 lines (108 loc) · 5.61 KB
/
build-codeql.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
# Continuous integration action for the CodeQL components of this repo.
# This downloads the CodeQL CLI and then builds all the queries in the "windows-drivers" folder.
name: Build and Publish Windows CodeQL queries
on:
# Triggers the workflow on push or pull request events but only for the main and development branches
push:
branches: [ main, development ]
pull_request:
branches: [ main, development ]
# Allow manual scheduling
workflow_dispatch:
jobs:
build-publish:
runs-on: windows-latest
permissions:
contents: read
packages: write
steps:
- name: Enable long git paths
shell: cmd
run: git config --global core.longpaths true
- name: Clone self (windows-driver-developer-supplemental-tools)
uses: actions/checkout@v4
with:
path: .
fetch-depth: 0
- name: Download CodeQL CLI
uses: i3h/download-release-asset@v1.2.0
with:
owner: "github"
repo: "codeql-cli-binaries"
tag: "v2.15.4"
file: "codeql-win64.zip"
- name: Unzip CodeQL CLI
run: Expand-Archive -Path codeql-win64.zip -DestinationPath .\codeql-zip -Force
- name: Move CodeQL CLI folder to main subdirectory
shell: cmd
continue-on-error: true # Required because robocopy returns 1 on success
run: robocopy /S /move .\codeql-zip\codeql .\codeql-cli\
- name: Install CodeQL pack dependencies
shell: cmd
run: |
pushd .\src
..\codeql-cli\codeql.cmd pack install
popd
- name: codeql version test
run: .\codeql-cli\codeql.exe version
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: 3.11
- name: Install Python Packages
run: |
python -m pip install --upgrade pip
pip install -r .\src\drivers\test\requirements.txt
- name: Add msbuild to PATH
uses: microsoft/setup-msbuild@v2
- name: Run test script
shell: pwsh
continue-on-error: true # Allow script to return non-zero exit code
env:
CONNECTION_STRING: ${{ secrets.CONNECTION_STRING }}
ACCOUNT_KEY: ${{ secrets.ACCOUNT_KEY }}
SHARE_NAME: ${{ secrets.SHARE_NAME }}
CONTAINER_NAME: ${{ secrets.CONTAINER_NAME }}
ACCOUNT_NAME: ${{ secrets.ACCOUNT_NAME }}
run: python src\drivers\test\build_create_analyze_test.py --codeql_path .\codeql-cli\codeql.exe --no_build --compare_results --connection_string "$env:CONNECTION_STRING" --share_name "$env:SHARE_NAME" --container_name "$env:CONTAINER_NAME" --storage_account_key "$env:ACCOUNT_KEY" --storage_account_name "$env:ACCOUNT_NAME"
- name: Build must-fix driver suite
shell: cmd
run: .\codeql-cli\codeql.cmd query compile --check-only windows_mustfix_partial.qls
- name: Build recommended driver suite
shell: cmd
run: .\codeql-cli\codeql.cmd query compile --check-only windows_recommended_partial.qls
- name: Build CA ported queries
shell: cmd
run: .\codeql-cli\codeql.cmd query compile --check-only ported_driver_ca_checks.qls
- name: Build all Windows queries
shell: cmd
run: .\codeql-cli\codeql.cmd query compile --check-only .\src
- name: Check for changes to qlpack
shell: pwsh
run:
$qlpack_diff = git diff HEAD~1:src/qlpack.yml src/qlpack.yml;
$rec_diff = git diff HEAD~1:src/windows-driver-suites/windows_recommended_partial.qls src/windows-driver-suites/windows_recommended_partial.qls;
$mf_diff = git diff HEAD~1:src/windows-driver-suites/windows_mustfix_partial.qls src/windows-driver-suites/windows_mustfix_partial.qls;
if (!$qlpack_diff -and ($rec_diff -or $mf_diff)) { "Query suite file updated without updating qlpack version"; exit 1 }
$last_qlpack_commit = git log -n 1 --pretty=format:%H -- src/qlpack.yml;
$qlpack_changes =git show $last_qlpack_commit -- .\src\qlpack.yml;
$last_mf_commit = git log -n 1 --pretty=format:%H -- src/windows-driver-suites/windows_mustfix_partial.qls;
$last_rec_commit = git log -n 1 --pretty=format:%H -- src/windows-driver-suites/windows_recommended_partial.qls;
$commits_since_qlpack_change = [int](git rev-list --count HEAD...$last_qlpack_commit);
$commits_since_mf_change = [int](git rev-list --count HEAD...$last_mf_commit);
$commits_since_rec_change = [int](git rev-list --count HEAD...$last_rec_commit);
if ($commits_since_qlpack_change -gt $commits_since_mf_change) { "Mustfix query suite file modified without updating version"; exit 1 };
if ($commits_since_qlpack_change -gt $commits_since_rec_change) {"Recommended query suite file modified without updating version"; exit 1 };
try{$old_qlpack_version = [version]($qlpack_changes -match "-version").Substring(10);} catch {"Changed qlpack.yml without updating version"; exit 1 }
try{$new_qlpack_version = [version]($qlpack_changes -match "\+version").Substring(10);} catch {"Changed qlpack.yml without updating version"; exit 1 }
if ($new_qlpack_version -gt $old_qlpack_version) { exit 0 } else { "qlpack.yml version not incremented"; exit 1 }
- name: Publish New CodeQL Pack
shell: pwsh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run:
$build = git rev-parse --short HEAD;
$version =( Select-String .\src\qlpack.yml -Pattern "version").line;
$new_ver = "$version-alpha+$build";
(Get-Content .\src\qlpack.yml).Replace($version, $new_ver) | Set-Content .\src\qlpack.yml;
.\codeql-cli\codeql.cmd pack publish --allow-prerelease ./src;