Skip to content

adding new option for default codescanning config #21

adding new option for default codescanning config

adding new option for default codescanning config #21

name: ⚙️ Integration Test Bundle on PR (CPP)
on:
push:
branches:
- 'main'
pull_request:
branches:
- 'main'
workflow_dispatch:
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'cpp' ]
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install QLT
id: install-qlt
uses: ./.github/actions/install-qlt-local
with:
qlt-version: 'latest'
add-to-path: true
- name: Validate QLT Installation
shell: bash
run: |
echo -e "Checking QLT Version:"
echo "QLT Home: ${{ steps.install-qlt.outputs.qlt-home }}"
qlt version
- name: Create Bundle (compiled)
shell: bash
run: |
if ! qlt codeql run install --base example/ --custom-bundle ; then
echo "Failed to generate bundle."
exit 1
fi
# ensure bundle runs
if ! qlt query run install-packs --use-bundle --base example/ ; then
echo "Failed to install query packs with tool."
exit 1
fi
- name: Validate Bundle Existence
shell: bash
run: |
echo "Checking Bundle Existence"
ls -l ${{ env.QLT_CODEQL_HOME }}/../out/
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
queries: security-extended
source-root: integration-tests/cpp/src/ # Path containing the example application
tools: ${{ env.QLT_CODEQL_BUNDLE_PATH }}
- name: Autobuild
uses: github/codeql-action/autobuild@v2
with:
working-directory: integration-tests/cpp/src/ # Path containing the example application
- name: Perform CodeQL Analysis
id: analysis
uses: github/codeql-action/analyze@v2
- name: Validate SARIF Location
shell: bash
run: |
# validate we have the actual sarif results
echo "Checking SARIF file location at: ${{ steps.analysis.outputs.sarif-output }}"
ls -l ${{ steps.analysis.outputs.sarif-output }}
- name: Upload SARIF Results
uses: actions/upload-artifact@v2
with:
name: actual.sarif
path: |
${{ steps.analysis.outputs.sarif-output }}/*.sarif
if-no-files-found: error
- name: Upload Bundle Used
uses: actions/upload-artifact@v2
with:
name: codeql-bundle.tar.gz
path: |
${{ env.QLT_CODEQL_BUNDLE_PATH }}
if-no-files-found: error
- name: Validate SARIF Results
shell: bash
run: |
# Compare the expected vs the actual
qlt bundle run validate-integration-tests --expected integration-tests/cpp/expected.sarif --actual ${{ steps.analysis.outputs.sarif-output }}/cpp.sarif