Add actions analysis to code scanning #4921
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Query filters tests | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - releases/v* | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - ready_for_review | |
| schedule: | |
| - cron: '0 5 * * *' | |
| workflow_dispatch: {} | |
| jobs: | |
| query-filters: | |
| name: Query Filters Tests | |
| timeout-minutes: 45 | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read # This permission is needed to allow the GitHub Actions workflow to read the contents of the repository. | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Prepare test | |
| id: prepare-test | |
| uses: ./.github/actions/prepare-test | |
| with: | |
| version: linked | |
| - name: Check SARIF for default queries with Single include, Single exclude | |
| uses: ./../action/.github/actions/query-filter-test | |
| with: | |
| sarif-file: ${{ runner.temp }}/results/javascript.sarif | |
| queries-run: js/zipslip | |
| queries-not-run: js/path-injection | |
| config-file: ./.github/codeql/codeql-config-query-filters1.yml | |
| tools: ${{ steps.prepare-test.outputs.tools-url }} | |
| - name: Check SARIF for query packs with Single include, Single exclude | |
| uses: ./../action/.github/actions/query-filter-test | |
| with: | |
| sarif-file: ${{ runner.temp }}/results/javascript.sarif | |
| queries-run: js/zipslip,javascript/example/empty-or-one-block | |
| queries-not-run: js/path-injection | |
| config-file: ./.github/codeql/codeql-config-query-filters2.yml | |
| tools: ${{ steps.prepare-test.outputs.tools-url }} | |
| - name: Check SARIF for query packs and local queries with Single include, Single exclude | |
| uses: ./../action/.github/actions/query-filter-test | |
| with: | |
| sarif-file: ${{ runner.temp }}/results/javascript.sarif | |
| queries-run: js/zipslip,javascript/example/empty-or-one-block,inrepo-javascript-querypack/show-ifs | |
| queries-not-run: js/path-injection,complex-python-querypack/show-ifs,complex-python-querypack/foo/bar/show-ifs | |
| config-file: ./.github/codeql/codeql-config-query-filters3.yml | |
| tools: ${{ steps.prepare-test.outputs.tools-url }} |