From 0f59ff6d4779d29fafccc20131a95ad692801010 Mon Sep 17 00:00:00 2001 From: Zygimantas Date: Wed, 15 Jan 2025 19:37:27 +0100 Subject: [PATCH 01/15] feat(ci): test 52 upgrade --- .github/workflows/52.yml | 51 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 .github/workflows/52.yml diff --git a/.github/workflows/52.yml b/.github/workflows/52.yml new file mode 100644 index 000000000..7d1e7f043 --- /dev/null +++ b/.github/workflows/52.yml @@ -0,0 +1,51 @@ +name: CodeQL Lint (Go, No Security Alerts) + +on: + pull_request: + types: [opened, synchronize, reopened] + +permissions: + contents: read + +jobs: + codeql-lint: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + languages: go + + - name: Build (Make Install) + run: | + make install + + - name: Run CodeQL Analysis (No upload) + run: | + codeql database analyze \ + --format=sarif-latest \ + --output=codeql-results.sarif \ + db \ + ghcr.io/skip-mev/cosmos-52-ql@v0.0.1 + + - name: Annotate code with findings + run: | + issues=$(jq -r ' + .runs[].results[] | + . as $r | + ($r.locations[0].physicalLocation.artifactLocation.uri | select(. != null)) as $file | + ($r.locations[0].physicalLocation.region.startLine | select(. != null)) as $line | + ($r.message.text | gsub("[\r\n]"; " ")) as $msg | + [$file, $line, $msg] | @tsv + ' codeql-results.sarif) + + while IFS=$'\t' read -r file line msg; do + file="${file#file://}" + echo "::warning file=$file,line=$line::$msg" + done <<< "$issues" + From e7f0cf2a483fdc3d26b78195d4f3870009d4e197 Mon Sep 17 00:00:00 2001 From: Zygimantas Date: Wed, 15 Jan 2025 19:40:40 +0100 Subject: [PATCH 02/15] feat(ci): test 52 upgrade --- .github/workflows/52.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/52.yml b/.github/workflows/52.yml index 7d1e7f043..3817903e7 100644 --- a/.github/workflows/52.yml +++ b/.github/workflows/52.yml @@ -16,7 +16,7 @@ jobs: uses: actions/checkout@v3 - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: token: ${{ secrets.GITHUB_TOKEN }} languages: go From e6c7c4faa447141e592e7339d20dd03e65b44f83 Mon Sep 17 00:00:00 2001 From: Zygimantas Date: Wed, 15 Jan 2025 19:47:35 +0100 Subject: [PATCH 03/15] feat(ci): test 52 upgrade --- .github/workflows/52.yml | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/.github/workflows/52.yml b/.github/workflows/52.yml index 3817903e7..9b8b70507 100644 --- a/.github/workflows/52.yml +++ b/.github/workflows/52.yml @@ -20,18 +20,17 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} languages: go + queries: ghcr.io/skip-mev/cosmos-52-ql@v0.0.1 - name: Build (Make Install) run: | make install - - name: Run CodeQL Analysis (No upload) - run: | - codeql database analyze \ - --format=sarif-latest \ - --output=codeql-results.sarif \ - db \ - ghcr.io/skip-mev/cosmos-52-ql@v0.0.1 + - name: Analyze with CodeQL (no upload) + uses: github/codeql-action/analyze@v3 + with: + upload: false + output: codeql-results.sarif - name: Annotate code with findings run: | From 858efeaedbb02245e4ef3ef6866d0941b86324d3 Mon Sep 17 00:00:00 2001 From: Zygimantas Date: Wed, 15 Jan 2025 19:58:32 +0100 Subject: [PATCH 04/15] feat(ci): test 52 upgrade --- .github/workflows/52.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/52.yml b/.github/workflows/52.yml index 9b8b70507..e84fbe977 100644 --- a/.github/workflows/52.yml +++ b/.github/workflows/52.yml @@ -20,7 +20,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} languages: go - queries: ghcr.io/skip-mev/cosmos-52-ql@v0.0.1 + queries: skip-mev/cosmos-52-ql@v0.0.1 - name: Build (Make Install) run: | From aa8f3ff39056fbd43fbce80d77cedcb3ef4f18c4 Mon Sep 17 00:00:00 2001 From: Zygimantas Date: Wed, 15 Jan 2025 20:00:53 +0100 Subject: [PATCH 05/15] feat(ci): test 52 upgrade --- .github/workflows/52.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/52.yml b/.github/workflows/52.yml index e84fbe977..4986e6348 100644 --- a/.github/workflows/52.yml +++ b/.github/workflows/52.yml @@ -20,7 +20,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} languages: go - queries: skip-mev/cosmos-52-ql@v0.0.1 + queries: skip-mev/cosmos-52-ql - name: Build (Make Install) run: | From 1126f324c7477f09e794b1b24a567a9ef84d4c23 Mon Sep 17 00:00:00 2001 From: Zygimantas Date: Wed, 15 Jan 2025 20:04:32 +0100 Subject: [PATCH 06/15] feat(ci): test 52 upgrade --- .github/workflows/52.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/52.yml b/.github/workflows/52.yml index 4986e6348..322d3cfb0 100644 --- a/.github/workflows/52.yml +++ b/.github/workflows/52.yml @@ -20,7 +20,7 @@ jobs: with: token: ${{ secrets.GITHUB_TOKEN }} languages: go - queries: skip-mev/cosmos-52-ql + packs: skip-mev/cosmos-52-ql - name: Build (Make Install) run: | From 29575b42ce72a49d1a3d72cb0ef4c6e122d10a5e Mon Sep 17 00:00:00 2001 From: Zygimantas Date: Wed, 15 Jan 2025 20:34:05 +0100 Subject: [PATCH 07/15] feat(ci): test 52 upgrade --- .github/workflows/52.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/52.yml b/.github/workflows/52.yml index 322d3cfb0..8e53e4ce9 100644 --- a/.github/workflows/52.yml +++ b/.github/workflows/52.yml @@ -28,9 +28,10 @@ jobs: - name: Analyze with CodeQL (no upload) uses: github/codeql-action/analyze@v3 + id: analyze with: - upload: false - output: codeql-results.sarif + upload: never + output: ../codeql-results.sarif - name: Annotate code with findings run: | @@ -41,7 +42,7 @@ jobs: ($r.locations[0].physicalLocation.region.startLine | select(. != null)) as $line | ($r.message.text | gsub("[\r\n]"; " ")) as $msg | [$file, $line, $msg] | @tsv - ' codeql-results.sarif) + ' ${{ steps.analyze.outputs.sarif-output }} ) while IFS=$'\t' read -r file line msg; do file="${file#file://}" From 50643506f5fa2407b86cd0db29f831042025bb4d Mon Sep 17 00:00:00 2001 From: Zygimantas Date: Wed, 15 Jan 2025 20:46:39 +0100 Subject: [PATCH 08/15] feat(ci): test 52 upgrade --- .github/workflows/52.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/52.yml b/.github/workflows/52.yml index 8e53e4ce9..a48762741 100644 --- a/.github/workflows/52.yml +++ b/.github/workflows/52.yml @@ -35,6 +35,8 @@ jobs: - name: Annotate code with findings run: | + set -eoux pipefail + issues=$(jq -r ' .runs[].results[] | . as $r | From 1b35b9327bbca591ecbf9d23ead9ae1bf300ff16 Mon Sep 17 00:00:00 2001 From: Zygimantas Date: Wed, 15 Jan 2025 20:50:55 +0100 Subject: [PATCH 09/15] feat(ci): test 52 upgrade --- .github/workflows/52.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/52.yml b/.github/workflows/52.yml index a48762741..86e45bc36 100644 --- a/.github/workflows/52.yml +++ b/.github/workflows/52.yml @@ -33,6 +33,8 @@ jobs: upload: never output: ../codeql-results.sarif + - name: Install jq + uses: dcarbone/install-jq-action@v3.0.1 - name: Annotate code with findings run: | set -eoux pipefail From 2fde02838924581fa5d611fb80cf729c03179bdd Mon Sep 17 00:00:00 2001 From: Zygimantas Date: Thu, 16 Jan 2025 07:48:37 +0100 Subject: [PATCH 10/15] fix --- .github/workflows/52.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/52.yml b/.github/workflows/52.yml index 86e45bc36..730f59082 100644 --- a/.github/workflows/52.yml +++ b/.github/workflows/52.yml @@ -39,6 +39,8 @@ jobs: run: | set -eoux pipefail + cat ${{ steps.analyze.outputs.sarif-output }} + issues=$(jq -r ' .runs[].results[] | . as $r | From 4bd96d1613563cb24c7ba55b4f7a59f65e060a77 Mon Sep 17 00:00:00 2001 From: Zygimantas Date: Thu, 16 Jan 2025 08:24:10 +0100 Subject: [PATCH 11/15] fix --- .github/workflows/52.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/52.yml b/.github/workflows/52.yml index 730f59082..9515b9cc3 100644 --- a/.github/workflows/52.yml +++ b/.github/workflows/52.yml @@ -14,7 +14,9 @@ jobs: steps: - name: Checkout uses: actions/checkout@v3 - + - uses: actions/setup-go@v5 + with: + go-version: 1.22 - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: @@ -31,7 +33,7 @@ jobs: id: analyze with: upload: never - output: ../codeql-results.sarif + output: ../results - name: Install jq uses: dcarbone/install-jq-action@v3.0.1 @@ -39,8 +41,6 @@ jobs: run: | set -eoux pipefail - cat ${{ steps.analyze.outputs.sarif-output }} - issues=$(jq -r ' .runs[].results[] | . as $r | @@ -48,7 +48,7 @@ jobs: ($r.locations[0].physicalLocation.region.startLine | select(. != null)) as $line | ($r.message.text | gsub("[\r\n]"; " ")) as $msg | [$file, $line, $msg] | @tsv - ' ${{ steps.analyze.outputs.sarif-output }} ) + ' ${{ steps.analyze.outputs.sarif-output }}/go.sarif ) while IFS=$'\t' read -r file line msg; do file="${file#file://}" From 8a9f6195695613eca1861e1e93b338154824e3f5 Mon Sep 17 00:00:00 2001 From: Zygimantas Date: Thu, 16 Jan 2025 12:41:03 +0100 Subject: [PATCH 12/15] feat(ci): test 52 upgrade --- .github/workflows/52.yml | 31 +++++++++++++++++++++++-------- 1 file changed, 23 insertions(+), 8 deletions(-) diff --git a/.github/workflows/52.yml b/.github/workflows/52.yml index 9515b9cc3..47a26c534 100644 --- a/.github/workflows/52.yml +++ b/.github/workflows/52.yml @@ -19,28 +19,43 @@ jobs: go-version: 1.22 - name: Initialize CodeQL uses: github/codeql-action/init@v3 + id: codeql-init with: + db-location: ./tests/simapp/codeql-db token: ${{ secrets.GITHUB_TOKEN }} languages: go + source-root: ./tests/simapp + build-mode: manual packs: skip-mev/cosmos-52-ql - name: Build (Make Install) + working-directory: ./tests/simapp run: | - make install + go build ./connectd/... - - name: Analyze with CodeQL (no upload) - uses: github/codeql-action/analyze@v3 - id: analyze - with: - upload: never - output: ../results + - name: Analyze + working-directory: ./tests/simapp + run: | + echo $PWD + ls $PWD + ${{ steps.codeql-init.outputs.codeql-path }} database finalize \ + codeql-db/go + + ${{ steps.codeql-init.outputs.codeql-path }} database analyze \ + --format=sarif-latest \ + --output=codeql-results.sarif \ + codeql-db/go \ + skip-mev/cosmos-52-ql - name: Install jq uses: dcarbone/install-jq-action@v3.0.1 - name: Annotate code with findings + working-directory: ./tests/simapp run: | set -eoux pipefail + cat codeql-results.sarif + issues=$(jq -r ' .runs[].results[] | . as $r | @@ -48,7 +63,7 @@ jobs: ($r.locations[0].physicalLocation.region.startLine | select(. != null)) as $line | ($r.message.text | gsub("[\r\n]"; " ")) as $msg | [$file, $line, $msg] | @tsv - ' ${{ steps.analyze.outputs.sarif-output }}/go.sarif ) + ' codeql-results.sarif ) while IFS=$'\t' read -r file line msg; do file="${file#file://}" From 5a3e6404b7b6d11f4c7447bcb9f4598a1fc01152 Mon Sep 17 00:00:00 2001 From: Zygimantas Date: Thu, 16 Jan 2025 12:54:42 +0100 Subject: [PATCH 13/15] feat(ci): test 52 upgrade --- .github/52-problem-matcher.json | 17 +++++++++++++++++ .github/workflows/52.yml | 24 +++++------------------- 2 files changed, 22 insertions(+), 19 deletions(-) create mode 100644 .github/52-problem-matcher.json diff --git a/.github/52-problem-matcher.json b/.github/52-problem-matcher.json new file mode 100644 index 000000000..14268a72c --- /dev/null +++ b/.github/52-problem-matcher.json @@ -0,0 +1,17 @@ +{ + "problemMatcher": [ + { + "owner": "cosmos-52-ql", + "pattern": [ + { + "regexp": ""\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\", + "file": 5, + "line": 6, + "column": 7, + "severity": 3, + "message": 2, + } + ] + } + ] +} diff --git a/.github/workflows/52.yml b/.github/workflows/52.yml index 47a26c534..ee43c4cd1 100644 --- a/.github/workflows/52.yml +++ b/.github/workflows/52.yml @@ -42,31 +42,17 @@ jobs: codeql-db/go ${{ steps.codeql-init.outputs.codeql-path }} database analyze \ - --format=sarif-latest \ - --output=codeql-results.sarif \ + --format=csv\ + --output=codeql-results.csv \ codeql-db/go \ skip-mev/cosmos-52-ql - - name: Install jq uses: dcarbone/install-jq-action@v3.0.1 + - name: Add problem matcher + run: echo "::add-matcher::.github/52-problem-matcher.json" - name: Annotate code with findings working-directory: ./tests/simapp run: | set -eoux pipefail - cat codeql-results.sarif - - issues=$(jq -r ' - .runs[].results[] | - . as $r | - ($r.locations[0].physicalLocation.artifactLocation.uri | select(. != null)) as $file | - ($r.locations[0].physicalLocation.region.startLine | select(. != null)) as $line | - ($r.message.text | gsub("[\r\n]"; " ")) as $msg | - [$file, $line, $msg] | @tsv - ' codeql-results.sarif ) - - while IFS=$'\t' read -r file line msg; do - file="${file#file://}" - echo "::warning file=$file,line=$line::$msg" - done <<< "$issues" - + cat codeql-results.csv From 00392a891f546cef88cb20f60c5bf8892f9a8ce6 Mon Sep 17 00:00:00 2001 From: Zygimantas Date: Thu, 16 Jan 2025 13:00:03 +0100 Subject: [PATCH 14/15] feat(ci): test 52 upgrade --- .github/52-problem-matcher.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/52-problem-matcher.json b/.github/52-problem-matcher.json index 14268a72c..081205d60 100644 --- a/.github/52-problem-matcher.json +++ b/.github/52-problem-matcher.json @@ -1,15 +1,15 @@ { "problemMatcher": [ { - "owner": "cosmos-52-ql", + "owner": "test", "pattern": [ { - "regexp": ""\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\", + "regexp": "\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\",\"(.+)\"", "file": 5, "line": 6, "column": 7, "severity": 3, - "message": 2, + "message": 2 } ] } From 3dc86b52c04a192dcd3cbf67fe38c9112fbb96b3 Mon Sep 17 00:00:00 2001 From: Zygimantas Date: Thu, 16 Jan 2025 13:25:13 +0100 Subject: [PATCH 15/15] feat(ci): test 52 upgrade --- .github/workflows/52.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/.github/workflows/52.yml b/.github/workflows/52.yml index ee43c4cd1..041fe07b3 100644 --- a/.github/workflows/52.yml +++ b/.github/workflows/52.yml @@ -46,6 +46,12 @@ jobs: --output=codeql-results.csv \ codeql-db/go \ skip-mev/cosmos-52-ql + + ${{ steps.codeql-init.outputs.codeql-path }} database analyze \ + --format=sarif-latest\ + --output=codeql-results.sarif \ + codeql-db/go \ + skip-mev/cosmos-52-ql - name: Install jq uses: dcarbone/install-jq-action@v3.0.1 - name: Add problem matcher @@ -56,3 +62,9 @@ jobs: set -eoux pipefail cat codeql-results.csv + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@v3 + if: always() + with: + sarif_file: ./tests/simapp/codeql-results.sarif + category: migration-lint