Skip to content

Commit 0d7b992

Browse files
mbgmbg
committed
Validate workflow to check that all codeql-action versions are the same
1 parent 31d3ae8 commit 0d7b992

File tree

7 files changed

+166
-77
lines changed

7 files changed

+166
-77
lines changed

lib/analyze-action.js

Lines changed: 12 additions & 15 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/init-action-post.js

Lines changed: 14 additions & 16 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/init-action.js

Lines changed: 30 additions & 16 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/upload-lib.js

Lines changed: 12 additions & 15 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/upload-sarif-action.js

Lines changed: 12 additions & 15 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

src/workflow.test.ts

Lines changed: 59 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -655,6 +655,65 @@ test("getWorkflowErrors() should not report a warning if there is a workflow_cal
655655
t.deepEqual(...errorCodes(errors, []));
656656
});
657657

658+
test("getWorkflowErrors() should report a warning if different versions of the CodeQL Action are used", async (t) => {
659+
const errors = await getWorkflowErrors(
660+
yaml.load(`
661+
name: "CodeQL"
662+
on:
663+
push:
664+
branches: [main]
665+
jobs:
666+
analyze:
667+
steps:
668+
- uses: github/codeql-action/init@v2
669+
- uses: github/codeql-action/analyze@v3
670+
`) as Workflow,
671+
await getCodeQLForTesting(),
672+
);
673+
674+
t.deepEqual(
675+
...errorCodes(errors, [WorkflowErrors.InconsistentActionVersion]),
676+
);
677+
});
678+
679+
test("getWorkflowErrors() should not report a warning if the same versions of the CodeQL Action are used", async (t) => {
680+
const errors = await getWorkflowErrors(
681+
yaml.load(`
682+
name: "CodeQL"
683+
on:
684+
push:
685+
branches: [main]
686+
jobs:
687+
analyze:
688+
steps:
689+
- uses: github/codeql-action/init@v3
690+
- uses: github/codeql-action/analyze@v3
691+
`) as Workflow,
692+
await getCodeQLForTesting(),
693+
);
694+
695+
t.deepEqual(...errorCodes(errors, []));
696+
});
697+
698+
test("getWorkflowErrors() should not report a warning involving versions of other actions", async (t) => {
699+
const errors = await getWorkflowErrors(
700+
yaml.load(`
701+
name: "CodeQL"
702+
on:
703+
push:
704+
branches: [main]
705+
jobs:
706+
analyze:
707+
steps:
708+
- uses: actions/checkout@v5
709+
- uses: github/codeql-action/init@v3
710+
`) as Workflow,
711+
await getCodeQLForTesting(),
712+
);
713+
714+
t.deepEqual(...errorCodes(errors, []));
715+
});
716+
658717
test("getCategoryInputOrThrow returns category for simple workflow with category", (t) => {
659718
process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
660719
t.is(

0 commit comments

Comments
 (0)