ATM: Simplify DB path definition and improve quoting

henrymercer · henrymercer · commit 7976d746b6c7 · 2022-11-04T10:49:25.000Z
diff --git a/.github/workflows/atm-check-queries-run.yml b/.github/workflows/atm-check-queries-run.yml
@@ -1,7 +1,6 @@
 name: ATM Check Queries Run
 
 env:
-  DB_PATH: test_db
   QUERY_PACK: javascript/ql/experimental/adaptivethreatmodeling/src
   QUERY_SUITE: codeql-suites/javascript-atm-code-scanning.qls
 
@@ -27,22 +26,23 @@ jobs:
       - name: Install ATM model
         run: |
           set -exu
-          
-          # Install dependencies of ATM query pack
-          codeql pack install ${QUERY_PACK}
+
+          # Install dependencies of ATM query pack, i.e. the ATM model
+          codeql pack install "${QUERY_PACK}"
 
           # Retrieve model checksum
-          model_checksum=$(codeql resolve extensions ${QUERY_PACK}/${QUERY_SUITE} | jq -r '.models[0].checksum')
+          model_checksum=$(codeql resolve extensions "${QUERY_PACK}/${QUERY_SUITE}" | jq -r '.models[0].checksum')
 
           # Trust the model so that we can use it in the ATM boosted queries
           mkdir -p "$HOME/.config/codeql"
           echo "--insecurely-execute-ml-model-checksums ${model_checksum}" >> "$HOME/.config/codeql/config"
 
       - name: Create test DB
         run: |
-          codeql database create ${RUNNER_TEMP}/${DB_PATH} --source-root config/atm/ --language javascript 
+          DB_PATH="${RUNNER_TEMP}/db"
+          codeql database create "${DB_PATH}" --source-root config/atm --language javascript 
+          echo "DB_PATH=${DB_PATH}" >> "${GITHUB_ENV}"
 
       - name: Run ATM query suite
         run: |
-          codeql database run-queries -vv -- ${RUNNER_TEMP}/${DB_PATH} ${QUERY_PACK}/${QUERY_SUITE}
-      
+          codeql database run-queries -vv -- "${DB_PATH}" "${QUERY_PACK}/${QUERY_SUITE}"
