Skip to content

Update some GitHub Actions versions, and enable Dependabot updates #3142

Update some GitHub Actions versions, and enable Dependabot updates

Update some GitHub Actions versions, and enable Dependabot updates #3142

name: Code Scanning Query Pack Generation
on:
merge_group:
types: [checks_requested]
pull_request:
branches:
- main
- next
- "rc/**"
push:
branches:
- main
- next
- "rc/**"
env:
XARGS_MAX_PROCS: 4
jobs:
prepare-code-scanning-pack-matrix:
name: Prepare CodeQL Code Scanning pack matrix
runs-on: ubuntu-22.04
outputs:
matrix: ${{ steps.export-code-scanning-pack-matrix.outputs.matrix }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Export Code Scanning pack matrix
id: export-code-scanning-pack-matrix
run: |
echo "matrix=$(
jq --compact-output '.supported_environment | {include: .}' supported_codeql_configs.json
)" >> $GITHUB_OUTPUT
create-code-scanning-pack:
name: Create Code Scanning pack
needs: prepare-code-scanning-pack-matrix
runs-on: ubuntu-latest-xl
strategy:
fail-fast: false
matrix: ${{ fromJSON(needs.prepare-code-scanning-pack-matrix.outputs.matrix) }}
steps:
- uses: actions/checkout@v4
- name: Cache CodeQL
id: cache-codeql
uses: actions/cache@v4
with:
path: ${{ github.workspace }}/codeql_home
key: codeql-home-${{ matrix.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library }}
- name: Install CodeQL
if: steps.cache-codeql.outputs.cache-hit != 'true'
uses: ./.github/actions/install-codeql
with:
codeql-cli-version: ${{ matrix.codeql_cli }}
codeql-stdlib-version: ${{ matrix.codeql_standard_library }}
codeql-home: ${{ github.workspace }}/codeql_home
add-to-path: false
- name: Install CodeQL packs
uses: ./.github/actions/install-codeql-packs
with:
cli_path: ${{ github.workspace }}/codeql_home/codeql
- name: Determine ref for external help files
id: determine-ref
run: |
if [[ $GITHUB_EVENT_NAME == "pull_request" || $GITHUB_EVENT_NAME == "merge_group" ]]; then
echo "EXTERNAL_HELP_REF=$GITHUB_HEAD_REF" >> "$GITHUB_ENV"
else
echo "EXTERNAL_HELP_REF=$GITHUB_REF" >> "$GITHUB_ENV"
fi
echo "Using ref $EXTERNAL_HELP_REF for external help files."
- name: Checkout external help files
continue-on-error: true
id: checkout-external-help-files
uses: actions/checkout@v4
with:
ssh-key: ${{ secrets.CODEQL_CODING_STANDARDS_HELP_KEY }}
repository: "github/codeql-coding-standards-help"
ref: ${{ env.EXTERNAL_HELP_REF }}
path: external-help-files
- name: Include external help files
if: steps.checkout-external-help-files.outcome == 'success'
run: |
pushd external-help-files
find . -name '*.md' -exec rsync -av --relative {} "$GITHUB_WORKSPACE" \;
popd
- name: Pre-compiling queries
env:
CODEQL_HOME: ${{ github.workspace }}/codeql_home
run: |
PATH=$PATH:$CODEQL_HOME/codeql
# Precompile all queries, and use a compilation cache larger than default
# to ensure we cache all the queries for later steps
codeql query compile --precompile --threads 0 --compilation-cache-size=1024 cpp c
cd ..
zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/schemas
- name: Upload GHAS Query Pack
uses: actions/upload-artifact@v4
with:
name: code-scanning-cpp-query-pack.zip
path: code-scanning-cpp-query-pack.zip
- name: Create qlpack bundles
env:
CODEQL_HOME: ${{ github.workspace }}/codeql_home
run: |
PATH=$PATH:$CODEQL_HOME/codeql
codeql pack bundle --output=common-cpp-coding-standards.tgz cpp/common/src
codeql pack bundle --output=common-c-coding-standards.tgz c/common/src
codeql pack bundle --output=misra-c-coding-standards.tgz c/misra/src
codeql pack bundle --output=cert-c-coding-standards.tgz c/cert/src
codeql pack bundle --output=cert-cpp-coding-standards.tgz cpp/cert/src
codeql pack bundle --output=autosar-cpp-coding-standards.tgz cpp/autosar/src
codeql pack bundle --output=misra-cpp-coding-standards.tgz cpp/misra/src
codeql pack bundle --output=report-coding-standards.tgz cpp/report/src
- name: Upload qlpack bundles
uses: actions/upload-artifact@v4
with:
name: coding-standards-codeql-packs
path: '*-coding-standards.tgz'