Adding Bundle Feature #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ⚙️ Integration Test Bundle on PR (CPP) | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| pull_request: | |
| branches: | |
| - 'main' | |
| workflow_dispatch: | |
| jobs: | |
| analyze: | |
| name: Analyze | |
| runs-on: ubuntu-latest | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| language: [ 'cpp' ] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install QLT | |
| id: install-qlt | |
| uses: ./.github/actions/install-qlt-local | |
| with: | |
| qlt-version: 'latest' | |
| add-to-path: true | |
| - name: Validate QLT Installation | |
| shell: bash | |
| run: | | |
| echo -e "Checking QLT Version:" | |
| echo "QLT Home: ${{ steps.install-qlt.outputs.qlt-home }}" | |
| qlt version | |
| - name: Create Bundle (compiled) | |
| shell: bash | |
| run: | | |
| if ! qlt codeql run install --base example/ --custom-bundle ; then | |
| echo "Failed to generate bundle." | |
| exit 1 | |
| fi | |
| # ensure bundle runs | |
| if ! qlt query run install-packs --use-bundle --base example/ ; then | |
| echo "Failed to install query packs with tool." | |
| exit 1 | |
| fi | |
| - name: Validate Bundle Existence | |
| shell: bash | |
| run: | | |
| echo "Checking Bundle Existence" | |
| ls -l ${{ env.QLT_CODEQL_HOME }}/../out/ | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| languages: ${{ matrix.language }} | |
| queries: security-extended | |
| source-root: integration-tests/cpp/src/ # Path containing the example application | |
| tools: ${{ env.QLT_CODEQL_HOME }}/../out/codeql-bundle.tar.gz | |
| - name: Autobuild | |
| uses: github/codeql-action/autobuild@v2 | |
| with: | |
| working-directory: integration-tests/cpp/src/ # Path containing the example application | |
| - name: Perform CodeQL Analysis | |
| id: analysis | |
| uses: github/codeql-action/analyze@v2 | |
| - name: Validate SARIF Location | |
| shell: bash | |
| run: | | |
| # validate we have the actual sarif results | |
| echo "Checking SARIF file location at: ${{ steps.analysis.outputs.sarif-output }}" | |
| ls -l ${{ steps.analysis.outputs.sarif-output }} | |
| - name: Upload SARIF Results | |
| uses: actions/upload-artifact@v2 | |
| with: | |
| name: actual.sarif | |
| path: | | |
| ${{ steps.analysis.outputs.sarif-output }}/*.sarif | |
| if-no-files-found: error | |
| # - name: Upload Bundle Used | |
| # uses: actions/upload-artifact@v2 | |
| # with: | |
| # name: codeql-bundle.tar.gz | |
| # path: | | |
| # ${{ env.QLT_CODEQL_HOME }}/../out/codeql-bundle.tar.gz | |
| # if-no-files-found: error | |
| - name: Validate SARIF Results | |
| shell: bash | |
| run: | | |
| # Compare the expected vs the actual | |
| cat integration-tests/cpp/expected.sarif | jq '.runs' > integration-tests/cpp/expected | |
| cat ${{ steps.analysis.outputs.sarif-output }}/cpp.sarif | jq '.runs' > integration-tests/cpp/actual | |
| if ! diff integration-tests/cpp/expected integration-tests/cpp/actual ; then | |
| echo "Expected file does not match actual. Please check the SARIF file for differences." | |
| exit 1 | |
| fi |