From 37db35431b4bf7886845c1e8db790ac2417618ba Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Fri, 4 Apr 2025 16:44:42 -0700 Subject: [PATCH 1/2] Actions: Ensure autobuild invocations work when the CLI path contains spaces Quote the paths to the CodeQL CLI dist or autobuild scripts when invoked. This unblocks integration testing, since our integration tests always use a CLI with a space in its directory name. --- actions/extractor/tools/autobuild-impl.ps1 | 4 ++-- actions/extractor/tools/autobuild.cmd | 2 +- actions/extractor/tools/autobuild.sh | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/actions/extractor/tools/autobuild-impl.ps1 b/actions/extractor/tools/autobuild-impl.ps1 index 1b7805efa041..5a5aa1ab53aa 100644 --- a/actions/extractor/tools/autobuild-impl.ps1 +++ b/actions/extractor/tools/autobuild-impl.ps1 @@ -21,7 +21,7 @@ if (($null -ne $env:LGTM_INDEX_INCLUDE) -or ($null -ne $env:LGTM_INDEX_EXCLUDE) # Find the JavaScript extractor directory via `codeql resolve extractor`. $CodeQL = Join-Path $env:CODEQL_DIST 'codeql.exe' -$env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT = &$CodeQL resolve extractor --language javascript +$env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT = &"$CodeQL" resolve extractor --language javascript if ($LASTEXITCODE -ne 0) { throw 'Failed to resolve JavaScript extractor.' } @@ -40,7 +40,7 @@ $env:CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR = $env:CODEQL_EXTRACTOR_ACTI $env:CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR $env:CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE = $env:CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE -&$JavaScriptAutoBuild +&"$JavaScriptAutoBuild" if ($LASTEXITCODE -ne 0) { throw "JavaScript autobuilder failed." } diff --git a/actions/extractor/tools/autobuild.cmd b/actions/extractor/tools/autobuild.cmd index ff5ca89d94a4..cd05b9791109 100644 --- a/actions/extractor/tools/autobuild.cmd +++ b/actions/extractor/tools/autobuild.cmd @@ -1,3 +1,3 @@ @echo off rem All of the work is done in the PowerShell script -powershell.exe %~dp0autobuild-impl.ps1 +powershell.exe "%~dp0autobuild-impl.ps1" diff --git a/actions/extractor/tools/autobuild.sh b/actions/extractor/tools/autobuild.sh index ce6a02b5b762..703154f99c9b 100755 --- a/actions/extractor/tools/autobuild.sh +++ b/actions/extractor/tools/autobuild.sh @@ -26,7 +26,7 @@ else fi # Find the JavaScript extractor directory via `codeql resolve extractor`. -CODEQL_EXTRACTOR_JAVASCRIPT_ROOT="$($CODEQL_DIST/codeql resolve extractor --language javascript)" +CODEQL_EXTRACTOR_JAVASCRIPT_ROOT="$("${CODEQL_DIST}/codeql" resolve extractor --language javascript)" export CODEQL_EXTRACTOR_JAVASCRIPT_ROOT echo "Found JavaScript extractor at '${CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}'." @@ -42,4 +42,4 @@ env CODEQL_EXTRACTOR_JAVASCRIPT_DIAGNOSTIC_DIR="${CODEQL_EXTRACTOR_ACTIONS_DIAGN CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR="${CODEQL_EXTRACTOR_ACTIONS_SOURCE_ARCHIVE_DIR}" \ CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR="${CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR}" \ CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE="${CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE}" \ - ${JAVASCRIPT_AUTO_BUILD} + "${JAVASCRIPT_AUTO_BUILD}" From 0bb4ab950f46967171b83948e53a087151d0385c Mon Sep 17 00:00:00 2001 From: Aditya Sharad Date: Fri, 4 Apr 2025 17:46:28 -0700 Subject: [PATCH 2/2] Actions: Add integration test for default filter behaviour Include a reachable workflow, and several unreachable workflow files. Include action metadata files at various depths, all reachable. This test exercises the default filters when the user doesn't specify paths/paths-ignore. --- .../filters-default/actions.expected | 4 ++++ .../ql/integration-tests/filters-default/actions.ql | 5 +++++ .../filters-default/src/.github/action.yaml | 11 +++++++++++ .../src/.github/actions/action-name/action.yml | 11 +++++++++++ .../src/.github/unreachable-workflow.yml | 12 ++++++++++++ .../src/.github/workflows/workflow.yml | 12 ++++++++++++ .../integration-tests/filters-default/src/action.yml | 11 +++++++++++ .../filters-default/src/unreachable-workflow.yml | 12 ++++++++++++ actions/ql/integration-tests/filters-default/test.py | 2 ++ 9 files changed, 80 insertions(+) create mode 100644 actions/ql/integration-tests/filters-default/actions.expected create mode 100644 actions/ql/integration-tests/filters-default/actions.ql create mode 100644 actions/ql/integration-tests/filters-default/src/.github/action.yaml create mode 100644 actions/ql/integration-tests/filters-default/src/.github/actions/action-name/action.yml create mode 100644 actions/ql/integration-tests/filters-default/src/.github/unreachable-workflow.yml create mode 100644 actions/ql/integration-tests/filters-default/src/.github/workflows/workflow.yml create mode 100644 actions/ql/integration-tests/filters-default/src/action.yml create mode 100644 actions/ql/integration-tests/filters-default/src/unreachable-workflow.yml create mode 100755 actions/ql/integration-tests/filters-default/test.py diff --git a/actions/ql/integration-tests/filters-default/actions.expected b/actions/ql/integration-tests/filters-default/actions.expected new file mode 100644 index 000000000000..376c71bad6d4 --- /dev/null +++ b/actions/ql/integration-tests/filters-default/actions.expected @@ -0,0 +1,4 @@ +| src/.github/action.yaml:1:1:11:32 | name: ' ... action' | +| src/.github/actions/action-name/action.yml:1:1:11:32 | name: ' ... action' | +| src/.github/workflows/workflow.yml:1:1:12:33 | name: A workflow | +| src/action.yml:1:1:11:32 | name: ' ... action' | diff --git a/actions/ql/integration-tests/filters-default/actions.ql b/actions/ql/integration-tests/filters-default/actions.ql new file mode 100644 index 000000000000..f0a3e0ab297d --- /dev/null +++ b/actions/ql/integration-tests/filters-default/actions.ql @@ -0,0 +1,5 @@ +import actions + +from AstNode n +where n instanceof Workflow or n instanceof CompositeAction +select n diff --git a/actions/ql/integration-tests/filters-default/src/.github/action.yaml b/actions/ql/integration-tests/filters-default/src/.github/action.yaml new file mode 100644 index 000000000000..f611f8c72ffb --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/.github/action.yaml @@ -0,0 +1,11 @@ +name: 'A composite action' +description: 'Do something' +runs: + using: "composite" + steps: + - name: Print + run: echo "Hello world" + shell: bash + + - name: Checkout + uses: actions/checkout@v4 diff --git a/actions/ql/integration-tests/filters-default/src/.github/actions/action-name/action.yml b/actions/ql/integration-tests/filters-default/src/.github/actions/action-name/action.yml new file mode 100644 index 000000000000..f611f8c72ffb --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/.github/actions/action-name/action.yml @@ -0,0 +1,11 @@ +name: 'A composite action' +description: 'Do something' +runs: + using: "composite" + steps: + - name: Print + run: echo "Hello world" + shell: bash + + - name: Checkout + uses: actions/checkout@v4 diff --git a/actions/ql/integration-tests/filters-default/src/.github/unreachable-workflow.yml b/actions/ql/integration-tests/filters-default/src/.github/unreachable-workflow.yml new file mode 100644 index 000000000000..6f980d6a6b0d --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/.github/unreachable-workflow.yml @@ -0,0 +1,12 @@ +name: An unreachable workflow +on: + push: + branches: + - main + +jobs: + job: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 \ No newline at end of file diff --git a/actions/ql/integration-tests/filters-default/src/.github/workflows/workflow.yml b/actions/ql/integration-tests/filters-default/src/.github/workflows/workflow.yml new file mode 100644 index 000000000000..8be09d6d07ea --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/.github/workflows/workflow.yml @@ -0,0 +1,12 @@ +name: A workflow +on: + push: + branches: + - main + +jobs: + job: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 \ No newline at end of file diff --git a/actions/ql/integration-tests/filters-default/src/action.yml b/actions/ql/integration-tests/filters-default/src/action.yml new file mode 100644 index 000000000000..f611f8c72ffb --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/action.yml @@ -0,0 +1,11 @@ +name: 'A composite action' +description: 'Do something' +runs: + using: "composite" + steps: + - name: Print + run: echo "Hello world" + shell: bash + + - name: Checkout + uses: actions/checkout@v4 diff --git a/actions/ql/integration-tests/filters-default/src/unreachable-workflow.yml b/actions/ql/integration-tests/filters-default/src/unreachable-workflow.yml new file mode 100644 index 000000000000..6f980d6a6b0d --- /dev/null +++ b/actions/ql/integration-tests/filters-default/src/unreachable-workflow.yml @@ -0,0 +1,12 @@ +name: An unreachable workflow +on: + push: + branches: + - main + +jobs: + job: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 \ No newline at end of file diff --git a/actions/ql/integration-tests/filters-default/test.py b/actions/ql/integration-tests/filters-default/test.py new file mode 100755 index 000000000000..c0ac8d191b9f --- /dev/null +++ b/actions/ql/integration-tests/filters-default/test.py @@ -0,0 +1,2 @@ +def test(codeql, actions): + codeql.database.create(source_root="src")