Merge branch 'aeisenberg/unrevert-query-filters' into aeisenberg/fix-…

…config-files
github · Aug 11, 2022 · 0fcf0fc · 0fcf0fc
2 parents d74f663 + bcf4720
commit 0fcf0fc
Show file tree

Hide file tree

Showing 61 changed files with 879 additions and 109 deletions.
diff --git a/.github/query-filter-test/action.yml b/.github/query-filter-test/action.yml
@@ -1,5 +1,5 @@
 name: Query Filter Test
-description: Runs a test of query filters using the check sarif action
+description: Runs a test of query filters using the check SARIF action
 inputs:
   sarif-file:
     required: true

diff --git a/.github/workflows/expected-queries-runs.yml b/.github/workflows/expected-queries-runs.yml
@@ -1,6 +1,4 @@
-name: Expected queries runs
-env:
-  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+name: Check queries that ran
 
 on:
   push:

diff --git a/.github/workflows/query-filters.yml b/.github/workflows/query-filters.yml
@@ -0,0 +1,56 @@
+name: Query filters tests
+
+on:
+  push:
+    branches:
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+
+jobs:
+  query-filters:
+    name: Query Filters Tests
+    timeout-minutes: 45
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/prepare-test
+      with:
+        version: latest
+
+    - name: Check SARIF for default queries with Single include, Single exclude
+      uses: ./../action/.github/query-filter-test
+      with:
+        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
+        queries-run: js/zipslip
+        queries-not-run: js/path-injection
+        config-file: ./.github/codeql/codeql-config-query-filters1.yml
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Check SARIF for query packs with Single include, Single exclude
+      uses: ./../action/.github/query-filter-test
+      with:
+        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
+        queries-run: js/zipslip,javascript/example/empty-or-one-block
+        queries-not-run: js/path-injection
+        config-file: ./.github/codeql/codeql-config-query-filters2.yml
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Check SARIF for query packs and local queries with Single include, Single exclude
+      uses: ./../action/.github/query-filter-test
+      with:
+        sarif-file:  ${{ runner.temp }}/results/javascript.sarif
+        queries-run: js/zipslip,javascript/example/empty-or-one-block,inrepo-javascript-querypack/show-ifs
+        queries-not-run: js/path-injection,complex-python-querypack/show-ifs,complex-python-querypack/foo/bar/show-ifs
+        config-file: ./.github/codeql/codeql-config-query-filters3.yml
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -29,6 +29,7 @@ No user facing changes.
 
 ## 2.1.13 - 21 Jun 2022
 
+- Add the ability to filter queries from a code scanning run by using the `query-filters` option in the code scanning configuration file. [#1098](https://github.com/github/codeql-action/pull/1098)
 - Update default CodeQL bundle version to 2.9.4. [#1100](https://github.com/github/codeql-action/pull/1100)
 
 ## 2.1.12 - 01 Jun 2022

diff --git a/lib/analyze-action-env.test.js b/lib/analyze-action-env.test.js
diff --git a/lib/analyze-action-env.test.js.map b/lib/analyze-action-env.test.js.map
diff --git a/lib/analyze-action-input.test.js b/lib/analyze-action-input.test.js
diff --git a/lib/analyze-action-input.test.js.map b/lib/analyze-action-input.test.js.map
diff --git a/lib/analyze-action.js b/lib/analyze-action.js