initial commit of actions
This commit is contained in:
commit
949ece5785
44660 changed files with 12034344 additions and 0 deletions
96
github/codeql-action-v2/analyze/action.yml
Normal file
96
github/codeql-action-v2/analyze/action.yml
Normal file
|
|
@ -0,0 +1,96 @@
|
|||
name: "CodeQL: Finish"
|
||||
description: "Finalize CodeQL database"
|
||||
author: "GitHub"
|
||||
inputs:
|
||||
check_name:
|
||||
description: The name of the check run to add text to.
|
||||
required: false
|
||||
output:
|
||||
description: The path of the directory in which to save the SARIF results
|
||||
required: false
|
||||
default: "../results"
|
||||
upload:
|
||||
description: >-
|
||||
Upload the SARIF file to Code Scanning.
|
||||
Defaults to 'always' which uploads the SARIF file to Code Scanning for successful and failed runs.
|
||||
'failure-only' only uploads debugging information to Code Scanning if the workflow run fails, for users post-processing the SARIF file before uploading it to Code Scanning.
|
||||
'never' avoids uploading the SARIF file to Code Scanning, even if the code scanning run fails. This is not recommended for external users since it complicates debugging.
|
||||
required: false
|
||||
# If changing this, make sure to update workflow.ts accordingly.
|
||||
default: "always"
|
||||
cleanup-level:
|
||||
description: "Level of cleanup to perform on CodeQL databases at the end of the analyze step. This should either be 'none' to skip cleanup, or be a valid argument for the --cache-cleanup flag of the CodeQL CLI command 'codeql database cleanup' as documented at https://codeql.github.com/docs/codeql-cli/manual/database-cleanup"
|
||||
required: false
|
||||
default: "brutal"
|
||||
ram:
|
||||
description: >-
|
||||
The amount of memory in MB that can be used by CodeQL for database finalization and query execution.
|
||||
By default, this action will use the same amount of memory as previously set in the "init" action.
|
||||
If the "init" action also does not have an explicit "ram" input, this action will use most of the
|
||||
memory available in the system (which for GitHub-hosted runners is 6GB for Linux, 5.5GB for Windows,
|
||||
and 13GB for macOS).
|
||||
required: false
|
||||
add-snippets:
|
||||
description: Specify whether or not to add code snippets to the output sarif file.
|
||||
required: false
|
||||
default: "false"
|
||||
deprecationMessage: >-
|
||||
The input "add-snippets" is deprecated and will be removed on the first release in August 2025.
|
||||
When this input is set to true it is expected to add code snippets with an alert to the SARIF file.
|
||||
However, since Code Scanning ignores code snippets provided as part of a SARIF file this is currently
|
||||
a no operation. No alternative is available.
|
||||
skip-queries:
|
||||
description: If this option is set, the CodeQL database will be built but no queries will be run on it. Thus, no results will be produced.
|
||||
required: false
|
||||
default: "false"
|
||||
threads:
|
||||
description: >-
|
||||
The number of threads that can be used by CodeQL for database finalization and query execution.
|
||||
By default, this action will use the same number of threads as previously set in the "init" action.
|
||||
If the "init" action also does not have an explicit "threads" input, this action will use all the
|
||||
hardware threads available in the system (which for GitHub-hosted runners is 2 for Linux and Windows
|
||||
and 3 for macOS).
|
||||
required: false
|
||||
checkout_path:
|
||||
description: "The path at which the analyzed repository was checked out. Used to relativize any absolute paths in the uploaded SARIF file."
|
||||
required: false
|
||||
# If changing this, make sure to update workflow.ts accordingly.
|
||||
default: ${{ github.workspace }}
|
||||
ref:
|
||||
description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable. If provided, the sha input must be provided as well. This input is ignored for pull requests from forks."
|
||||
required: false
|
||||
sha:
|
||||
description: "The sha of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable. If provided, the ref input must be provided as well. This input is ignored for pull requests from forks."
|
||||
required: false
|
||||
category:
|
||||
description: String used by Code Scanning for matching the analyses
|
||||
required: false
|
||||
upload-database:
|
||||
description: Whether to upload the resulting CodeQL database
|
||||
required: false
|
||||
default: "true"
|
||||
wait-for-processing:
|
||||
description: If true, the Action will wait for the uploaded SARIF to be processed before completing.
|
||||
required: true
|
||||
default: "true"
|
||||
token:
|
||||
description: "GitHub token to use for authenticating with this instance of GitHub. The token must be the built-in GitHub Actions token, and the workflow must have the `security-events: write` permission. Most of the time it is advisable to avoid specifying this input so that the workflow falls back to using the default value."
|
||||
required: false
|
||||
default: ${{ github.token }}
|
||||
matrix:
|
||||
default: ${{ toJson(matrix) }}
|
||||
expect-error:
|
||||
description: "[Internal] It is an error to use this input outside of integration testing of the codeql-action."
|
||||
required: false
|
||||
default: "false"
|
||||
outputs:
|
||||
db-locations:
|
||||
description: A map from language to absolute path for each database created by CodeQL.
|
||||
sarif-output:
|
||||
description: Absolute, local path to the directory containing the generated SARIF file.
|
||||
sarif-id:
|
||||
description: The ID of the uploaded SARIF file.
|
||||
runs:
|
||||
using: node16
|
||||
main: "../lib/analyze-action.js"
|
||||
post: "../lib/analyze-action-post.js"
|
||||
Loading…
Add table
Add a link
Reference in a new issue