Skip to content

Commit

Permalink
Merge branch 'main' into dependabot/pip/scripts/jinja2-3.1.3
Browse files Browse the repository at this point in the history
  • Loading branch information
lcartey authored Nov 15, 2024
2 parents 2ba43b3 + 373b793 commit 4ce95a3
Show file tree
Hide file tree
Showing 660 changed files with 8,778 additions and 2,330 deletions.
49 changes: 49 additions & 0 deletions .github/actions/check-permissions/action.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Check current actor permissions
description: |
Checks whether the current actor has the specified permssions
inputs:
minimum-permission:
description: |
The minimum required permission. One of: read, write, admin
required: true
outputs:
has-permission:
description: "Whether the actor had the minimum required permission"
value: ${{ steps.check-permission.outputs.has-permission }}

runs:
using: composite
steps:
- uses: actions/github-script@v7
id: check-permission
env:
INPUT_MINIMUM-PERMISSION: ${{ inputs.minimum-permission }}
with:
script: |
// Valid permissions are none, read, write, admin (legacy base permissions)
const permissionsRanking = ["none", "read", "write", "admin"];
// Note: core.getInput doesn't work by default in a composite action - in this case
// it would try to fetch the input to the github-script instead of the action
// itself. Instead, we set the appropriate magic env var with the actions input.
// See: https://github.com/actions/runner/issues/665
const minimumPermission = core.getInput('minimum-permission');
if (!permissionsRanking.includes(minimumPermission)) {
core.setFailed(`Invalid minimum permission: ${minimumPermission}`);
return;
}
const { data : { permission : actorPermission } } = await github.rest.repos.getCollaboratorPermissionLevel({
owner: context.repo.owner,
repo: context.repo.repo,
username: context.actor
});
// Confirm whether the actor permission is at least the selected permission
const hasPermission = permissionsRanking.indexOf(minimumPermission) <= permissionsRanking.indexOf(actorPermission) ? "1" : "";
core.setOutput('has-permission', hasPermission);
if (!hasPermission) {
core.info(`Current actor (${context.actor}) does not have the minimum required permission '${minimumPermission}' (has '${actorPermission}')`);
} else {
core.info(`Current actor (${context.actor}) has the minimum required permission '${minimumPermission}' (has '${actorPermission}')`);
}
8 changes: 8 additions & 0 deletions .github/dependabot.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
version: 2
updates:

- package-ecosystem: "github-actions"
directory: "/"
schedule:
# Check for updates to GitHub Actions every week
interval: "weekly"
34 changes: 27 additions & 7 deletions .github/workflows/code-scanning-pack-gen.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ on:
- main
- next
- "rc/**"

push:
branches:
- main
Expand Down Expand Up @@ -47,7 +46,7 @@ jobs:

- name: Cache CodeQL
id: cache-codeql
uses: actions/cache@v2.1.3
uses: actions/cache@v4
with:
path: ${{ github.workspace }}/codeql_home
key: codeql-home-${{ matrix.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library }}
Expand Down Expand Up @@ -98,15 +97,36 @@ jobs:
CODEQL_HOME: ${{ github.workspace }}/codeql_home
run: |
PATH=$PATH:$CODEQL_HOME/codeql
codeql query compile --precompile --threads 0 cpp
codeql query compile --precompile --threads 0 c
# Precompile all queries, and use a compilation cache larger than default
# to ensure we cache all the queries for later steps
codeql query compile --precompile --threads 0 --compilation-cache-size=1024 cpp c
cd ..
zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/schemas
zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/schemas
- name: Upload GHAS Query Pack
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v4
with:
name: code-scanning-cpp-query-pack.zip
path: code-scanning-cpp-query-pack.zip

- name: Create qlpack bundles
env:
CODEQL_HOME: ${{ github.workspace }}/codeql_home
run: |
PATH=$PATH:$CODEQL_HOME/codeql
codeql pack bundle --output=common-cpp-coding-standards.tgz cpp/common/src
codeql pack bundle --output=common-c-coding-standards.tgz c/common/src
codeql pack bundle --output=misra-c-coding-standards.tgz c/misra/src
codeql pack bundle --output=cert-c-coding-standards.tgz c/cert/src
codeql pack bundle --output=cert-cpp-coding-standards.tgz cpp/cert/src
codeql pack bundle --output=autosar-cpp-coding-standards.tgz cpp/autosar/src
codeql pack bundle --output=misra-cpp-coding-standards.tgz cpp/misra/src
codeql pack bundle --output=report-coding-standards.tgz cpp/report/src
- name: Upload qlpack bundles
uses: actions/upload-artifact@v4
with:
name: coding-standards-codeql-packs
path: '*-coding-standards.tgz'
15 changes: 11 additions & 4 deletions .github/workflows/codeql_unit_tests.yml
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ jobs:
uses: actions/checkout@v4

- name: Install Python
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "3.9"

Expand All @@ -57,7 +57,7 @@ jobs:

- name: Cache CodeQL
id: cache-codeql
uses: actions/cache@v3
uses: actions/cache@v4
with:
# A list of files, directories, and wildcard patterns to cache and restore
path: ${{github.workspace}}/codeql_home
Expand Down Expand Up @@ -151,7 +151,7 @@ jobs:
file.close()
- name: Upload test results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.language }}-test-results-${{ runner.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library_ident }}
path: |
Expand All @@ -160,11 +160,18 @@ jobs:

validate-test-results:
name: Validate test results
if: ${{ always() }}
needs: run-test-suites
runs-on: ubuntu-22.04
steps:
- name: Check if run-test-suites job failed to complete, if so fail
if: ${{ needs.run-test-suites.result == 'failure' }}
uses: actions/github-script@v3
with:
script: |
core.setFailed('Test run job failed')
- name: Collect test results
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4

- name: Validate test results
run: |
Expand Down
39 changes: 0 additions & 39 deletions .github/workflows/dispatch-matrix-check.yml

This file was deleted.

55 changes: 29 additions & 26 deletions .github/workflows/dispatch-matrix-test-on-comment.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,42 +3,45 @@ name: 🤖 Run Matrix Check (On Comment)
on:
issue_comment:
types: [created]
branches:
- main
- "rc/**"
- next


jobs:
dispatch-matrix-check:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Test Variables
shell: pwsh
run: |
Write-Host "Running as: ${{github.actor}}"
$actor = "${{github.actor}}"
$acl = @("jsinglet","mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "kraiouchkine")
if(-not ($actor -in $acl)){
throw "Refusing to run workflow for user not in acl."
}
- name: Check permission
id: check-write-permission
uses: ./.github/actions/check-permissions
with:
minimum-permission: "write"

- name: Dispatch Matrix Testing Job
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') }}
uses: peter-evans/repository-dispatch@v2
- name: Generate token
id: generate-token
uses: actions/create-github-app-token@v1
with:
token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
repository: github/codeql-coding-standards-release-engineering
event-type: matrix-test
client-payload: '{"pr": "${{ github.event.issue.number }}"}'
app-id: ${{ vars.AUTOMATION_APP_ID }}
private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
repositories: "codeql-coding-standards-release-engineering"

- name: Invoke matrix testing job
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}
env:
ISSUE_NR: ${{ github.event.issue.number }}
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
run: |
jq -n \
--arg issue_nr "$ISSUE_NR" \
'{"issue-nr": $issue_nr}' \
| \
gh workflow run pr-compiler-validation.yml \
--json \
-R github/codeql-coding-standards-release-engineering
- uses: actions/github-script@v6
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') }}
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}
with:
script: |
github.rest.issues.createComment({
Expand Down
56 changes: 30 additions & 26 deletions .github/workflows/dispatch-release-performance-check.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,46 +3,50 @@ name: 🏁 Run Release Performance Check
on:
issue_comment:
types: [created]
branches:
- main
- "rc/**"
- next

jobs:
dispatch-matrix-check:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Test Variables
shell: pwsh
run: |
Write-Host "Running as: ${{github.actor}}"
$actor = "${{github.actor}}"
$acl = @("jsinglet","mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "kraiouchkine")
if(-not ($actor -in $acl)){
throw "Refusing to run workflow for user not in acl."
}
- name: Dispatch Performance Testing Job
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') }}
uses: peter-evans/repository-dispatch@v2
- name: Check permission
id: check-write-permission
uses: ./.github/actions/check-permissions
with:
token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
repository: github/codeql-coding-standards-release-engineering
event-type: performance-test
client-payload: '{"pr": "${{ github.event.issue.number }}"}'
minimum-permission: "write"

- name: Generate token
id: generate-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.AUTOMATION_APP_ID }}
private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
repositories: "codeql-coding-standards-release-engineering"

- name: Invoke performance test
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}
env:
ISSUE_NR: ${{ github.event.issue.number }}
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
run: |
jq -n \
--arg issue_nr "$ISSUE_NR" \
'{"issue-nr": $issue_nr}' \
| \
gh workflow run pr-performance-testing.yml \
--json \
-R github/codeql-coding-standards-release-engineering
- uses: actions/github-script@v6
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') }}
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: '🏁 Beep Boop! Performance testing for this PR has been initiated. Please check back later for results. Note that the query package generation step must complete before testing will start so it might be a minute. <br><br> :bulb: If you do not hear back from me please check my status! **I will report even if I fail!**'
})
})
8 changes: 4 additions & 4 deletions .github/workflows/extra-rule-validation.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v4

- name: Check Rules
shell: pwsh
Expand All @@ -33,7 +33,7 @@ jobs:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v4

- name: Ensure CPP Shared Rules Have Valid Structure
shell: pwsh
Expand All @@ -44,13 +44,13 @@ jobs:
run: scripts/util/Test-SharedImplementationsHaveTestCases.ps1 -Language c -CIMode


- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@v4
if: failure()
with:
name: missing-test-report.csv
path: MissingTestReport*.csv

- uses: actions/upload-artifact@v3
- uses: actions/upload-artifact@v4
if: failure()
with:
name: test-report.csv
Expand Down
Loading

0 comments on commit 4ce95a3

Please sign in to comment.