Implement package preprocessor2 #3596
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Code Scanning Query Pack Generation | |
| on: | |
| merge_group: | |
| types: [checks_requested] | |
| pull_request: | |
| branches: | |
| - main | |
| - next | |
| - "rc/**" | |
| push: | |
| branches: | |
| - main | |
| - next | |
| - "rc/**" | |
| env: | |
| XARGS_MAX_PROCS: 4 | |
| jobs: | |
| prepare-code-scanning-pack-matrix: | |
| name: Prepare CodeQL Code Scanning pack matrix | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| matrix: ${{ steps.export-code-scanning-pack-matrix.outputs.matrix }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Export Code Scanning pack matrix | |
| id: export-code-scanning-pack-matrix | |
| run: | | |
| echo "matrix=$( | |
| jq --compact-output '.supported_environment | {include: .}' supported_codeql_configs.json | |
| )" >> $GITHUB_OUTPUT | |
| create-code-scanning-pack: | |
| name: Create Code Scanning pack | |
| needs: prepare-code-scanning-pack-matrix | |
| runs-on: ubuntu-latest-xl | |
| strategy: | |
| fail-fast: false | |
| matrix: ${{ fromJSON(needs.prepare-code-scanning-pack-matrix.outputs.matrix) }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Cache CodeQL | |
| id: cache-codeql | |
| uses: actions/cache@v4 | |
| with: | |
| path: ${{ github.workspace }}/codeql_home | |
| key: codeql-home-${{ matrix.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library }} | |
| - name: Install CodeQL | |
| if: steps.cache-codeql.outputs.cache-hit != 'true' | |
| uses: ./.github/actions/install-codeql | |
| with: | |
| codeql-cli-version: ${{ matrix.codeql_cli }} | |
| codeql-stdlib-version: ${{ matrix.codeql_standard_library }} | |
| codeql-home: ${{ github.workspace }}/codeql_home | |
| add-to-path: false | |
| - name: Install CodeQL packs | |
| uses: ./.github/actions/install-codeql-packs | |
| with: | |
| cli_path: ${{ github.workspace }}/codeql_home/codeql | |
| - name: Determine ref for external help files | |
| id: determine-ref | |
| run: | | |
| if [[ $GITHUB_EVENT_NAME == "pull_request" ]]; then | |
| EXTERNAL_HELP_REF="${{ github.event.pull_request.base.ref }}" | |
| elif [[ $GITHUB_EVENT_NAME == "merge_group" ]]; then | |
| EXTERNAL_HELP_REF="${{ github.event.merge_group.base_ref }}" | |
| else | |
| EXTERNAL_HELP_REF="$GITHUB_REF" | |
| fi | |
| echo "EXTERNAL_HELP_REF=$EXTERNAL_HELP_REF" >> "$GITHUB_ENV" | |
| echo "Using ref $EXTERNAL_HELP_REF for external help files." | |
| - name: Checkout external help files | |
| id: checkout-external-help-files | |
| # PRs from forks and dependabot do not have access to an appropriate token for cloning the help files repos | |
| if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]' }} | |
| uses: actions/checkout@v4 | |
| with: | |
| ssh-key: ${{ secrets.CODEQL_CODING_STANDARDS_HELP_KEY }} | |
| repository: "github/codeql-coding-standards-help" | |
| ref: ${{ env.EXTERNAL_HELP_REF }} | |
| path: external-help-files | |
| - name: Include external help files | |
| if: ${{ !github.event.pull_request.head.repo.fork && github.actor != 'dependabot[bot]'&& steps.checkout-external-help-files.outcome == 'success' }} | |
| run: | | |
| pushd external-help-files | |
| find . -name '*.md' -exec rsync -av --relative {} "$GITHUB_WORKSPACE" \; | |
| popd | |
| - name: Pre-compiling queries | |
| env: | |
| CODEQL_HOME: ${{ github.workspace }}/codeql_home | |
| run: | | |
| PATH=$PATH:$CODEQL_HOME/codeql | |
| # Precompile all queries, and use a compilation cache larger than default | |
| # to ensure we cache all the queries for later steps | |
| codeql query compile --precompile --threads 0 --compilation-cache-size=1024 cpp c | |
| cd .. | |
| zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/schemas | |
| - name: Upload GHAS Query Pack | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: code-scanning-cpp-query-pack.zip | |
| path: code-scanning-cpp-query-pack.zip | |
| - name: Create qlpack bundles | |
| env: | |
| CODEQL_HOME: ${{ github.workspace }}/codeql_home | |
| run: | | |
| PATH=$PATH:$CODEQL_HOME/codeql | |
| codeql pack bundle --output=common-cpp-coding-standards.tgz cpp/common/src | |
| codeql pack bundle --output=common-c-coding-standards.tgz c/common/src | |
| codeql pack bundle --output=misra-c-coding-standards.tgz c/misra/src | |
| codeql pack bundle --output=cert-c-coding-standards.tgz c/cert/src | |
| codeql pack bundle --output=cert-cpp-coding-standards.tgz cpp/cert/src | |
| codeql pack bundle --output=autosar-cpp-coding-standards.tgz cpp/autosar/src | |
| codeql pack bundle --output=misra-cpp-coding-standards.tgz cpp/misra/src | |
| codeql pack bundle --output=report-coding-standards.tgz cpp/report/src | |
| - name: Upload qlpack bundles | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: coding-standards-codeql-packs | |
| path: '*-coding-standards.tgz' |