Skip to content

Commit

Permalink
Update build-codeql.yaml test codeql action
Browse files Browse the repository at this point in the history 
Signed-off-by: Jacob Ronstadt <147542405+jacob-ronstadt@users.noreply.github.com>
  • Loading branch information
@jacob-ronstadt
jacob-ronstadt authored Apr 29, 2024
1 parent 35782fd commit d77f7de
Showing 1 changed file with 7 additions and 99 deletions.
106 changes: 7 additions & 99 deletions .github/workflows/build-codeql.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,15 @@ name: Build and Publish Windows CodeQL queries
on:
# Triggers the workflow on push or pull request events but only for the main and development branches
push:
branches: [ main, development ]
branches: [ main, development, jacob-ronstadt/github_actions_update ]
pull_request:
branches: [ main, development ]

# Allow manual scheduling
workflow_dispatch:

jobs:
build-publish:
build:
runs-on: windows-latest
permissions:
contents: read
Expand All @@ -30,104 +30,12 @@ jobs:
path: .
fetch-depth: 0

- name: Download CodeQL CLI
uses: i3h/download-release-asset@v1.2.0
with:
owner: "github"
repo: "codeql-cli-binaries"
tag: "v2.15.4"
file: "codeql-win64.zip"

- name: Unzip CodeQL CLI
run: Expand-Archive -Path codeql-win64.zip -DestinationPath .\codeql-zip -Force

- name: Move CodeQL CLI folder to main subdirectory
shell: cmd
continue-on-error: true # Required because robocopy returns 1 on success
run: robocopy /S /move .\codeql-zip\codeql .\codeql-cli\

- name: Install CodeQL pack dependencies
shell: cmd
run: |
pushd .\src
..\codeql-cli\codeql.cmd pack install
popd
- name: codeql version test
run: .\codeql-cli\codeql.exe version

- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: 3.11

- name: Install Python Packages
run: |
python -m pip install --upgrade pip
pip install -r .\src\drivers\test\requirements.txt
- name: Add msbuild to PATH
uses: microsoft/setup-msbuild@v2

- name: Run test script
shell: pwsh
continue-on-error: true # Allow script to return non-zero exit code
env:
CONNECTION_STRING: ${{ secrets.CONNECTION_STRING }}
ACCOUNT_KEY: ${{ secrets.ACCOUNT_KEY }}
SHARE_NAME: ${{ secrets.SHARE_NAME }}
CONTAINER_NAME: ${{ secrets.CONTAINER_NAME }}
ACCOUNT_NAME: ${{ secrets.ACCOUNT_NAME }}

run: python src\drivers\test\build_create_analyze_test.py --codeql_path .\codeql-cli\codeql.exe --no_build --compare_results --connection_string "$env:CONNECTION_STRING" --share_name "$env:SHARE_NAME" --container_name "$env:CONTAINER_NAME" --storage_account_key "$env:ACCOUNT_KEY" --storage_account_name "$env:ACCOUNT_NAME"
- name: codeql init
uses: github/codeql-action/init@v3

- name: Build must-fix driver suite
shell: cmd
run: .\codeql-cli\codeql.cmd query compile --check-only windows_mustfix_partial.qls
- name: codeql test
run: codeql version

- name: Build recommended driver suite
shell: cmd
run: .\codeql-cli\codeql.cmd query compile --check-only windows_recommended_partial.qls

- name: Build CA ported queries
shell: cmd
run: .\codeql-cli\codeql.cmd query compile --check-only ported_driver_ca_checks.qls

- name: Build all Windows queries
shell: cmd
run: .\codeql-cli\codeql.cmd query compile --check-only .\src

- name: Check for changes to qlpack
shell: pwsh
run:
$qlpack_diff = git diff HEAD~1:src/qlpack.yml src/qlpack.yml;
$rec_diff = git diff HEAD~1:src/windows-driver-suites/windows_recommended_partial.qls src/windows-driver-suites/windows_recommended_partial.qls;
$mf_diff = git diff HEAD~1:src/windows-driver-suites/windows_mustfix_partial.qls src/windows-driver-suites/windows_mustfix_partial.qls;
if (!$qlpack_diff -and ($rec_diff -or $mf_diff)) { "Query suite file updated without updating qlpack version"; exit 1 }

$last_qlpack_commit = git log -n 1 --pretty=format:%H -- src/qlpack.yml;
$qlpack_changes =git show $last_qlpack_commit -- .\src\qlpack.yml;

$last_mf_commit = git log -n 1 --pretty=format:%H -- src/windows-driver-suites/windows_mustfix_partial.qls;
$last_rec_commit = git log -n 1 --pretty=format:%H -- src/windows-driver-suites/windows_recommended_partial.qls;
$commits_since_qlpack_change = [int](git rev-list --count HEAD...$last_qlpack_commit);
$commits_since_mf_change = [int](git rev-list --count HEAD...$last_mf_commit);
$commits_since_rec_change = [int](git rev-list --count HEAD...$last_rec_commit);

if ($commits_since_qlpack_change -gt $commits_since_mf_change) { "Mustfix query suite file modified without updating version"; exit 1 };
if ($commits_since_qlpack_change -gt $commits_since_rec_change) {"Recommended query suite file modified without updating version"; exit 1 };

try{$old_qlpack_version = [version]($qlpack_changes -match "-version").Substring(10);} catch {"Changed qlpack.yml without updating version"; exit 1 }
try{$new_qlpack_version = [version]($qlpack_changes -match "\+version").Substring(10);} catch {"Changed qlpack.yml without updating version"; exit 1 }
if ($new_qlpack_version -gt $old_qlpack_version) { exit 0 } else { "qlpack.yml version not incremented"; exit 1 }


- name: Publish New CodeQL Pack
shell: pwsh
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

run:
$build = git rev-parse --short HEAD;
$version =( Select-String .\src\qlpack.yml -Pattern "version").line;
$new_ver = "$version-alpha+$build";
(Get-Content .\src\qlpack.yml).Replace($version, $new_ver) | Set-Content .\src\qlpack.yml;
.\codeql-cli\codeql.cmd pack publish --allow-prerelease ./src;

0 comments on commit d77f7de

Please sign in to comment.