Add new packs input to init action

This input allows users to specify which packs to run. It works in unison with the packs block of the config file and it is similar to how `queries` works. They both use `+` in the same way. Note that the `#TODO` in the pr check is still around, but the CLI is available. I will remove the TODO in the next commit.
github · Jun 23, 2021 · 108ced1 · 108ced1
1 parent 7729b51
commit 108ced1
Show file tree

Hide file tree

Showing 18 changed files with 535 additions and 59 deletions.
diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml
@@ -101,7 +101,7 @@ jobs:
         fi
 
   # Packaging test that runs against a javascript database
-  test-packaging-javascript:
+  test-packaging-javascript-config:
     needs: [check-js, check-node-modules]
     runs-on: ubuntu-latest
 
@@ -143,6 +143,50 @@ jobs:
           exit 1
         fi
 
+  # tests that we can run packages through actions inputs
+  test-packaging-javascript-inputs:
+    needs: [check-js, check-node-modules]
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+    - name: Move codeql-action
+      shell: bash
+      run: |
+        mkdir ../action
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
+        mv ../action/.github/workflows .github
+    - uses: ./../action/init
+      with:
+        config-file: ".github/codeql/codeql-config-packaging2.yml"
+        languages: javascript
+        packs: dsp-testing/codeql-pack1@0.0.4, dsp-testing/codeql-pack2
+        # TODO: this can be removed when cli v2.5.6 is released and available in the tool cache
+        tools: https://github.com/dsp-testing/aeisenberg-codeql-action-packaging/releases/download/codeql-bundle-20210615/codeql-bundle-linux64.tar.gz
+
+    - name: Build code
+      shell: bash
+      run: ./build.sh
+    - uses: ./../action/analyze
+      with:
+        output: "${{ runner.temp }}/results"
+      env:
+        TEST_MODE: true
+    - name: Assert Results
+      run: |
+        cd "$RUNNER_TEMP/results"
+        # We should have 3 hits from these rules
+        EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/two-block"
+
+        # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
+        RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n" " " | xargs)"
+        echo "Found matching rules '$RULES'"
+        if [ "$RULES" != "$EXPECTED_RULES" ]; then
+          echo "Did not match expected rules '$EXPECTED_RULES'."
+          exit 1
+        fi
+
   # Identify the CodeQL tool versions to integration test against.
   check-codeql-versions:
     needs: [check-js, check-node-modules]

diff --git a/init/action.yml b/init/action.yml
@@ -22,6 +22,14 @@ inputs:
   queries:
     description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
     required: false
+  packs:
+    description: >-
+      Comma-separated list of packs to run. Reference a pack in the format `scope/name[@version]`. If `version` is not
+      specified, then the latest version of the pack is used. By default, this overrides the same setting in a
+      configuration file; prefix with "+" to use both sets of packs.
+
+      This input is only available in single-language analyses.
+    required: false
   external-repository-token:
     description: A token for fetching external config files and queries if they reside in a private repository.
     required: false

diff --git a/lib/config-utils.js b/lib/config-utils.js
diff --git a/lib/config-utils.js.map b/lib/config-utils.js.map