Merge pull request #11 from advanced-security/jsinglet/ci-cd-additions

CI/CD Gating Functions

.github/actions/install-qlt/action.yml

@@ -27,7 +27,6 @@ runs:
       env:
         RUNNER_OS: ${{ runner.os }}
         RUNNER_TEMP: ${{ runner.temp }}
-        GITHUB_TOKEN: ${{ github.token }}
         ADD_TO_PATH: ${{ inputs.add-to-path }}
         QLT_VERSION: ${{ inputs.qlt-version }}
         QLT_HOME: ${{ inputs.qlt-home }}

.github/workflows/internal-validate-workflow-files.yml

@@ -0,0 +1,62 @@
+name: ⚙️ Validate Workflow Files
+
+on:
+  push:
+    branches:
+      - '**'
+  pull_request:
+    branches:
+      - '**'
+  workflow_dispatch:
+
+jobs:
+  validate-workflow-files:
+    name: Validate Workflow Files
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Install QLT
+        id: install-qlt
+        uses: ./.github/actions/install-qlt-local
+        with:
+          qlt-version: 'latest'
+          add-to-path: true
+
+      - name: Validate QLT Installation
+        shell: bash
+        run: |
+          echo -e "Checking QLT Version:"
+          echo "QLT Home: ${{ steps.install-qlt.outputs.qlt-home }}"
+          qlt version
+
+      - name: Generate Workflow Files (Test Feature)
+        shell: bash
+        run: |
+          if ! qlt test init --use-runner ubuntu-latest --num-threads 4 --language cpp --automation-type actions --development --overwrite-existing ; then
+            echo "Failed to generate test workflow files."
+            exit 1
+          fi
+
+      - name: Generate Workflow Files (Validation Feature)
+        shell: bash
+        run: |
+          if ! qlt validation init --use-runner ubuntu-latest --language cpp --automation-type actions --development --overwrite-existing ; then
+            echo "Failed to generate validation workflow files."
+            exit 1
+          fi
+
+      - name: Check Git Clean Status 
+        shell: bash
+        run: |
+          if git diff --quiet .github ; then
+            echo "Git is clean - generation is as expected."
+          else
+            echo "Some files have changed - please check for regressions."
+            git status
+            git diff .github
+            exit 1
+          fi
+
+

.github/workflows/DEMO-run-codeql-unit-tests-cpp.yml → .github/workflows/run-codeql-unit-tests-cpp.yml

@@ -1,4 +1,4 @@
-name: ⚙️ DEMO CodeQL - Run Unit Tests (cpp)
+name: ⚙️ CodeQL - Run Unit Tests (cpp)
 
 
 on:
@@ -20,6 +20,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
+
       - name: Install QLT
         id: install-qlt
         uses: ./.github/actions/install-qlt-local
@@ -32,6 +33,7 @@ jobs:
         run: |
           qlt test run get-matrix --os-version ubuntu-latest --base example/
 
+
   run-test-suites:
     name: Run Unit Tests
     needs: create-unit-test-matrix
@@ -45,13 +47,15 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
+
       - name: Install QLT
         id: install-qlt
         uses: ./.github/actions/install-qlt-local
         with:
           qlt-version: 'latest'
           add-to-path: true
-
+
+
       - name: Install CodeQL
         id: install-codeql
         uses: ./.github/actions/install-codeql
@@ -71,11 +75,13 @@ jobs:
           echo "QLT Home: ${{ steps.install-qlt.outputs.qlt-home }}"
           qlt version
 
+
       - name: Install QL Packs
         shell: bash
         run: |
           qlt query run install-packs --base example/
 
+
       - name: Run test suites
         id: run-test-suites
         env:
@@ -86,11 +92,14 @@ jobs:
           RUNNER_TMP: ${{ runner.temp }}
         shell: bash
         run: >
-          qlt test run execute-unit-tests 
+
+
+          qlt test run execute-unit-tests  
+          --codeql-args "--threads=0" 
           --num-threads 4 
           --language cpp 
           --runner-os $RUNNER_OS 
-          --work-dir $RUNNER_TMP 
+          --work-dir $RUNNER_TMP
           --base example/
 
             
@@ -107,20 +116,24 @@ jobs:
     needs: [run-test-suites]
     runs-on: ubuntu-latest
     steps:
+
       - name: Checkout repository
         uses: actions/checkout@v3
 
+
       - name: Install QLT
         id: install-qlt
         uses: ./.github/actions/install-qlt-local
         with:
           qlt-version: 'latest'
           add-to-path: true
 
+
       - name: Collect test results
         uses: actions/download-artifact@v2
 
       - name: Validate test results
         run: |
           qlt test run validate-unit-tests --pretty-print --results-directory . >> $GITHUB_STEP_SUMMARY
-          qlt test run validate-unit-tests --results-directory .           
+          qlt test run validate-unit-tests --results-directory . 
+

.github/workflows/DEMO-validate-codeql-queries-cpp.yml → .github/workflows/validate-codeql-queries-cpp.yml

@@ -1,4 +1,4 @@
-name: ⚙️ DEMO CodeQL - Validate Queries (cpp)
+name: ⚙️ CodeQL - Validate Queries (cpp)
 
 on:
   push:
@@ -19,6 +19,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
+
       - name: Install QLT
         id: install-qlt
         uses: ./.github/actions/install-qlt-local
@@ -31,6 +32,7 @@ jobs:
         run: |
           qlt test run get-matrix --os-version ubuntu-latest --base example/
 
+
   validate-queries:
     name: Validate Queries
     needs: create-matrix
@@ -44,11 +46,15 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v3
 
+
+
       - name: Install QLT
+        id: install-qlt
         uses: ./.github/actions/install-qlt-local
         with:
           qlt-version: 'latest'
           add-to-path: true
+
 
       - name: Install CodeQL
         uses: ./.github/actions/install-codeql
@@ -68,14 +74,16 @@ jobs:
           echo "QLT Home: ${{ steps.install-qlt.outputs.qlt-home }}"
           qlt version
 
+
       - name: Install QL Packs
         shell: bash
         run: |
           qlt query run install-packs --base example/
 
+
       - name: Run validation tests
         shell: bash
         run: >
-          qlt validation run check-queries --pretty-print  --language cpp --base example/ >> $GITHUB_STEP_SUMMARY
+          qlt validation run check-queries --pretty-print --language cpp --base example/ >> $GITHUB_STEP_SUMMARY
 
-          qlt validation run check-queries --language cpp --base example/ 
+          qlt validation run check-queries --language cpp --base example/

src/CodeQLToolkit.Core/Main.cs

@@ -27,6 +27,7 @@ public static async Task<int> Main(string[] args)
             // Add global option for the root directory          
             rootCommand.AddGlobalOption(Globals.BasePathOption);
             rootCommand.AddGlobalOption(Globals.AutomationTypeOption);
+            rootCommand.AddGlobalOption(Globals.Development);
 
             var versionCommand = new Command("version", "Get the current tool version.");
             rootCommand.Add(versionCommand);
@@ -49,9 +50,7 @@ public static async Task<int> Main(string[] args)
             // Register the `Validation` feature
             ValidationFeatureMain.Instance.Register(rootCommand);
 
-            await rootCommand.InvokeAsync(args);
-
-            return 0;            
+            return await rootCommand.InvokeAsync(args);
         }
     }
 }

src/CodeQLToolkit.Features/Templates/Test/Actions/install-qlt.liquid

@@ -14,12 +14,6 @@ inputs:
     required: false
     default: 'true'
 
-  token:
-    description: |
-      Token to use for auth
-    required: true
-
-
 outputs:
   qlt-home:
     description: 'The directory containing the QLT installation'
@@ -33,8 +27,6 @@ runs:
       env:
         RUNNER_OS: ${{ runner.os }}
         RUNNER_TEMP: ${{ runner.temp }}
-        # GITHUB_TOKEN: ${{ github.token }}
-        GITHUB_TOKEN: ${{ inputs.token }}
         ADD_TO_PATH: ${{ inputs.add-to-path }}
         QLT_VERSION: ${{ inputs.qlt-version }}
         QLT_HOME: ${{ inputs.qlt-home }}

src/CodeQLToolkit.Features/Templates/Test/Actions/run-unit-tests.liquid

@@ -19,18 +19,32 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
+{% endraw %}
+{% if dev_mode %}
+      - name: Install QLT
+        id: install-qlt
+        uses: ./.github/actions/install-qlt-local
+        with:
+          qlt-version: 'latest'
+          add-to-path: true
 
+      - name: Export unit test matrix
+        id: export-unit-test-matrix
+        run: |
+          qlt test run get-matrix --os-version {{ use_runner }} --base example/
+{% else %}
       - name: Install QLT
         id: install-qlt
         uses: ./.github/actions/install-qlt
         with:
           qlt-version: 'latest'
           add-to-path: true
-{% endraw %}
+
       - name: Export unit test matrix
         id: export-unit-test-matrix
         run: |
           qlt test run get-matrix --os-version {{ use_runner }}
+{% endif %}
 {% raw %}
   run-test-suites:
     name: Run Unit Tests
@@ -44,14 +58,23 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v3
-
+{% endraw %}
+{% if dev_mode %}
+      - name: Install QLT
+        id: install-qlt
+        uses: ./.github/actions/install-qlt-local
+        with:
+          qlt-version: 'latest'
+          add-to-path: true
+{% else %}
       - name: Install QLT
         id: install-qlt
         uses: ./.github/actions/install-qlt
         with:
           qlt-version: 'latest'
           add-to-path: true
-      
+{% endif %}
+{% raw %}
       - name: Install CodeQL
         id: install-codeql
         uses: ./.github/actions/install-codeql
@@ -70,12 +93,19 @@ jobs:
           echo -e "Checking QLT Version:"
           echo "QLT Home: ${{ steps.install-qlt.outputs.qlt-home }}"
           qlt version
-
+{% endraw %}
+{% if dev_mode %}
+      - name: Install QL Packs
+        shell: bash
+        run: |
+          qlt query run install-packs --base example/
+{% else %}
       - name: Install QL Packs
         shell: bash
         run: |
           qlt query run install-packs
-
+{% endif %}
+{% raw %}
       - name: Run test suites
         id: run-test-suites
         env:
@@ -87,12 +117,22 @@ jobs:
         shell: bash
         run: >
 {% endraw %}
+{% if dev_mode %}
+          qlt test run execute-unit-tests  
+          --codeql-args "{{ codeql_args }}" 
+          --num-threads {{ num_threads }} 
+          --language {{ language }} 
+          --runner-os $RUNNER_OS 
+          --work-dir $RUNNER_TMP
+          --base example/
+{% else %}
           qlt test run execute-unit-tests  
           --codeql-args "{{ codeql_args }}"
           --num-threads {{ num_threads }} 
           --language {{ language }} 
           --runner-os $RUNNER_OS 
           --work-dir $RUNNER_TMP
+{% endif %}
 {% raw %}            
       - name: Upload test results
         uses: actions/upload-artifact@v2
@@ -110,14 +150,23 @@ jobs:
 
       - name: Checkout repository
         uses: actions/checkout@v3
-
+{% endraw %}
+{% if dev_mode %}
+      - name: Install QLT
+        id: install-qlt
+        uses: ./.github/actions/install-qlt-local
+        with:
+          qlt-version: 'latest'
+          add-to-path: true
+{% else %}
       - name: Install QLT
         id: install-qlt
         uses: ./.github/actions/install-qlt
         with:
           qlt-version: 'latest'
           add-to-path: true
-
+{% endif %}
+{% raw %}
       - name: Collect test results
         uses: actions/download-artifact@v2