Add CSV coverage PR commenter

2026-04-30 03:05:15 +02:00 · 2021-06-07 10:27:27 +02:00
parent 200126b302
commit 4abaa7870f
5 changed files with 336 additions and 69 deletions
--- a/.github/workflows/csv-coverage-pr-artifacts.yml
+++ b/.github/workflows/csv-coverage-pr-artifacts.yml
@@ -0,0 +1,85 @@
+name: Check framework coverage changes
+
+on:
+  pull_request:
+    paths:
+      - '.github/workflows/csv-coverage-pr-comment.yml'
+      - '*/ql/src/**/*.ql'
+      - '*/ql/src/**/*.qll'
+      - 'misc/scripts/library-coverage/*.py'
+      # input data files
+      - '*/documentation/library-coverage/cwe-sink.csv'
+      - '*/documentation/library-coverage/frameworks.csv'
+    branches:
+      - main
+      - 'rc/*'
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Dump GitHub context
+      env:
+        GITHUB_CONTEXT: ${{ toJSON(github) }}
+      run: echo "$GITHUB_CONTEXT"
+    - name: Clone self (github/codeql) head
+      uses: actions/checkout@v2
+      with:
+        path: head
+    - name: Clone self (github/codeql) base
+      uses: actions/checkout@v2
+      with:
+        ref: ${{ github.event.pull_request.base.sha }}
+        path: base
+    - name: Set up Python 3.8
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.8
+    - name: Download CodeQL CLI
+      uses: dsaltares/fetch-gh-release-asset@aa37ae5c44d3c9820bc12fe675e8670ecd93bd1c
+      with:
+        repo: "github/codeql-cli-binaries"
+        version: "latest"
+        file: "codeql-linux64.zip"
+        token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Unzip CodeQL CLI
+      run: unzip -d codeql-cli codeql-linux64.zip
+    - name: Generate CSV files on head and base of the PR
+      run: |
+        echo "Running generator on ${{github.sha}}"
+        PATH="$PATH:codeql-cli/codeql" python head/misc/scripts/library-coverage/generate-report.py ci head head
+        mkdir out_head
+        cp framework-coverage-*.csv out_head/
+        cp framework-coverage-*.rst out_head/
+
+        echo "Running generator on ${{github.event.pull_request.base.sha}}"
+        PATH="$PATH:codeql-cli/codeql" python base/misc/scripts/library-coverage/generate-report.py ci base base
+        mkdir out_base
+        cp framework-coverage-*.csv out_base/
+        cp framework-coverage-*.rst out_base/
+    - name: Upload CSV package list
+      uses: actions/upload-artifact@v2
+      with:
+        name: csv-framework-coverage-merge
+        path: |
+          out_head/framework-coverage-*.csv
+          out_head/framework-coverage-*.rst
+    - name: Upload CSV package list
+      uses: actions/upload-artifact@v2
+      with:
+        name: csv-framework-coverage-base
+        path: |
+          out_base/framework-coverage-*.csv
+          out_base/framework-coverage-*.rst
+    - name: Save PR number
+      run: |
+        mkdir -p pr
+        echo ${{ github.event.number }} > pr/NR
+    - name: Upload PR number
+      uses: actions/upload-artifact@v2
+      with:
+        name: pr
+        path: pr/
+
--- a/.github/workflows/csv-coverage-pr-comment.yml
+++ b/.github/workflows/csv-coverage-pr-comment.yml
@@ -0,0 +1,66 @@
+name: Comment on PR with framework coverage changes
+
+on:
+  workflow_run:
+    workflows: ["Check framework coverage changes"]
+    types:
+      - completed
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+    if: >
+      ${{ github.event.workflow_run.event == 'pull_request' &&
+      github.event.workflow_run.conclusion == 'success' }}
+
+    steps:
+    - name: Dump GitHub context
+      env:
+        GITHUB_CONTEXT: ${{ toJSON(github) }}
+      run: echo "$GITHUB_CONTEXT"
+    - name: Clone self (github/codeql) head
+      uses: actions/checkout@v2
+      with:
+        path: head
+    - name: Set up Python 3.8
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.8
+
+    # download artifacts from the PR job:
+    - name: Download artifact - HEAD
+      uses: dawidd6/action-download-artifact@v2.14.0
+      with:
+        workflow: csv-coverage-pr-artifacts.yml
+        run_id: ${{ github.event.workflow_run.id }}
+        name: csv-framework-coverage-merge
+        path: out_head
+
+    - name: Download artifact - BASE
+      uses: dawidd6/action-download-artifact@v2.14.0
+      with:
+        workflow: csv-coverage-pr-artifacts.yml
+        run_id: ${{ github.event.workflow_run.id }}
+        name: csv-framework-coverage-base
+        path: out_base
+
+    - name: Download artifact - PR
+      uses: dawidd6/action-download-artifact@v2.14.0
+      with:
+        workflow: csv-coverage-pr-artifacts.yml
+        run_id: ${{ github.event.workflow_run.id }}
+        name: pr
+        path: pr
+
+    - name: Check coverage files
+      run: |
+        PR=$(cat "pr/NR")
+        GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} python head/misc/scripts/library-coverage/compare-files-comment-pr.py \
+          out_head out_base comparison.md ${{ github.repository }} $PR ${{ github.event.workflow_run.id }}
+    - name: Upload comparison results
+      uses: actions/upload-artifact@v2
+      with:
+        name: comparison
+        path: |
+          comparison.md