diff --git a/.github/workflows/codegen.yml b/.github/workflows/codegen.yml new file mode 100644 index 00000000000..24422eba10f --- /dev/null +++ b/.github/workflows/codegen.yml @@ -0,0 +1,34 @@ +name: Codegen + +on: + pull_request: + paths: + - "misc/bazel/**" + - "misc/codegen/**" + - "*.bazel*" + - .github/workflows/codegen.yml + - .pre-commit-config.yaml + branches: + - main + - rc/* + - codeql-cli-* + +permissions: + contents: read + +jobs: + codegen: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-python@v4 + with: + python-version-file: 'misc/codegen/.python-version' + - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 + name: Check that python code is properly formatted + with: + extra_args: autopep8 --all-files + - name: Run codegen tests + shell: bash + run: | + bazel test //misc/codegen/... diff --git a/.github/workflows/swift.yml b/.github/workflows/swift.yml index 23a97af6baf..4af46d302ac 100644 --- a/.github/workflows/swift.yml +++ b/.github/workflows/swift.yml @@ -18,45 +18,39 @@ on: - main - rc/* - codeql-cli-* - push: - paths: - - "swift/**" - - "misc/bazel/**" - - "misc/codegen/**" - - "shared/**" - - "*.bazel*" - - .github/workflows/swift.yml - - .github/actions/** - - codeql-workspace.yml - - .pre-commit-config.yaml - - "!**/*.md" - - "!**/*.qhelp" - branches: - - main - - rc/* - - codeql-cli-* permissions: contents: read +defaults: + run: + shell: bash + working-directory: swift + jobs: - # not using a matrix as you cannot depend on a specific job in a matrix, and we want to start linux checks - # without waiting for the macOS build - build-and-test-macos: + build-and-test: if: github.repository_owner == 'github' - runs-on: macos-13-xlarge + strategy: + matrix: + runner: [ubuntu-latest, macos-13-xlarge] + fail-fast: false + runs-on: ${{ matrix.runner }} steps: - uses: actions/checkout@v4 - - uses: ./swift/actions/build-and-test - qltests-macos: - if: ${{ github.repository_owner == 'github' && github.event_name == 'pull_request' }} - needs: build-and-test-macos - runs-on: macos-13-xlarge - steps: - - uses: actions/checkout@v4 - - uses: ./swift/actions/run-ql-tests + - name: Setup (Linux) + if: runner.os == 'Linux' + run: | + sudo apt-get update + sudo apt-get install -y uuid-dev zlib1g-dev + - name: Build Swift extractor + shell: bash + run: | + bazel run :install + - name: Run Swift tests + shell: bash + run: | + bazel test ... --test_tag_filters=-override --test_output=errors clang-format: - if : ${{ github.event_name == 'pull_request' }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -65,18 +59,9 @@ jobs: with: extra_args: clang-format --all-files codegen: - if : ${{ github.event_name == 'pull_request' }} runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - uses: bazelbuild/setup-bazelisk@v2 - - uses: actions/setup-python@v4 - with: - python-version-file: 'swift/.python-version' - - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 - name: Check that python code is properly formatted - with: - extra_args: autopep8 --all-files - uses: ./.github/actions/fetch-codeql - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 name: Check that QL generated code was checked in @@ -84,22 +69,14 @@ jobs: extra_args: swift-codegen --all-files - name: Generate C++ files run: | - bazel run //swift/codegen:codegen -- --generate=trap,cpp --cpp-output=$PWD/generated-cpp-files + bazel run codegen -- --generate=trap,cpp --cpp-output=$PWD/generated-cpp-files - uses: actions/upload-artifact@v4 with: name: swift-generated-cpp-files path: generated-cpp-files/** - database-upgrade-scripts: - if : ${{ github.event_name == 'pull_request' }} - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: ./.github/actions/fetch-codeql - - uses: ./swift/actions/database-upgrade-scripts check-no-override: - if : github.event_name == 'pull_request' runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - - shell: bash - run: bazel test //swift/... --test_tag_filters=override --test_output=errors + - name: Check that no override is present in load.bzl + run: bazel test ... --test_tag_filters=override --test_output=errors diff --git a/swift/.python-version b/misc/codegen/.python-version similarity index 100% rename from swift/.python-version rename to misc/codegen/.python-version diff --git a/swift/actions/build-and-test/action.yml b/swift/actions/build-and-test/action.yml deleted file mode 100644 index b1683680fce..00000000000 --- a/swift/actions/build-and-test/action.yml +++ /dev/null @@ -1,68 +0,0 @@ -name: Build Swift CodeQL pack -description: Builds the Swift CodeQL pack -runs: - using: composite - steps: - - uses: bazelbuild/setup-bazelisk@v2 - - uses: actions/setup-python@v4 - with: - python-version-file: 'swift/.python-version' - # FIXME: this is copy-pasted from .github/actions/cache-query-compilation, but we cannot factor it out to a common - # composite action because of https://github.com/actions/runner/issues/2009 (cache fails to save in the post action - # phase because its inputs were lost in the meantime) - # calculate the merge-base with main, in a way that works both on PRs and pushes to main. - - name: Calculate merge-base - shell: bash - if: ${{ github.event_name == 'pull_request' }} - env: - BASE_BRANCH: ${{ github.base_ref }} - run: | - MERGE_BASE=$(git cat-file commit $GITHUB_SHA | grep '^parent ' | head -1 | cut -f 2 -d " ") - echo "merge_base=$MERGE_BASE" >> $GITHUB_ENV - - name: Restore read-only cache (PR) - if: ${{ github.event_name == 'pull_request' }} - uses: actions/cache/restore@v3 - with: - path: 'bazel-cache' - key: bazel-pr-${{ github.sha }} - restore-keys: | - bazel-${{ github.base_ref }}-${{ env.merge_base }} - bazel-${{ github.base_ref }}- - bazel-main- - - name: Fill cache (push) - if: ${{ github.event_name != 'pull_request' }} - uses: actions/cache@v3 - with: - path: 'bazel-cache' - key: bazel-${{ github.ref_name }}-${{ github.sha }} # just fill on main - restore-keys: | # restore the latest cache if the exact cache is unavailable, to speed up compilation. - bazel-${{ github.ref_name }}- - bazel-main- - - name: Configure bazel - shell: bash - run: | - mkdir -p bazel-cache/{repository,disk} - echo build --repository_cache=bazel-cache/repository --disk_cache=bazel-cache/disk > local.bazelrc - echo test --test_output=errors >> local.bazelrc - - uses: ./swift/actions/share-extractor-pack - - name: Build Swift extractor - shell: bash - run: | - bazel run //swift:install - - name: Run codegen tests - if : ${{ github.event_name == 'pull_request' }} - shell: bash - run: | - bazel test //misc/codegen/... - - name: Run Swift tests - if: ${{ github.event_name == 'pull_request' }} - shell: bash - run: | - bazel test //swift/... --test_tag_filters=-override --test_output=errors - - name: Evict bazel cache - if: ${{ github.event_name != 'pull_request' }} - shell: bash - run: | - du -sh bazel-cache/* - find bazel-cache -atime +0 -type f -delete - du -sh bazel-cache/* diff --git a/swift/actions/database-upgrade-scripts/action.yml b/swift/actions/database-upgrade-scripts/action.yml deleted file mode 100644 index 26f95d44b8a..00000000000 --- a/swift/actions/database-upgrade-scripts/action.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Check Swift database upgrade/downgrade scripts -runs: - using: composite - steps: - - name: Check upgrade scripts - shell: bash - working-directory: swift - run: | - echo > empty.trap - codeql dataset import -S ql/lib/upgrades/initial/swift.dbscheme testdb empty.trap - codeql dataset upgrade testdb --additional-packs ql/lib - diff -q testdb/swift.dbscheme ql/lib/swift.dbscheme - - name: Check downgrade scripts - shell: bash - working-directory: swift - run: | - echo > empty.trap - rm -rf testdb - codeql dataset import -S ql/lib/swift.dbscheme testdb empty.trap - codeql resolve upgrades --format=lines --allow-downgrades --additional-packs downgrades \ - --dbscheme=ql/lib/swift.dbscheme --target-dbscheme=downgrades/initial/swift.dbscheme | - xargs -r codeql execute upgrades testdb - diff -q testdb/swift.dbscheme downgrades/initial/swift.dbscheme diff --git a/swift/actions/run-ql-tests/action.yml b/swift/actions/run-ql-tests/action.yml deleted file mode 100644 index 23d1b8f5da6..00000000000 --- a/swift/actions/run-ql-tests/action.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: Build Swift CodeQL pack -description: Builds the Swift CodeQL pack -inputs: - flags: - description: "Additional `codeql test run` flags" - required: false - default: "" -runs: - using: composite - steps: - - uses: ./swift/actions/share-extractor-pack - - uses: ./.github/actions/fetch-codeql - - id: query-cache - uses: ./.github/actions/cache-query-compilation - with: - key: swift-qltest - - name: Run QL tests - shell: bash - run: | - codeql test run \ - --threads=0 \ - --ram 50000 \ - --search-path "$GITHUB_WORKSPACE" \ - --check-databases \ - --check-unused-labels \ - --check-repeated-labels \ - --check-redefined-labels \ - --check-use-before-definition \ - --consistency-queries "${{ github.workspace }}/swift/ql/consistency-queries" \ - --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" \ - ${{ inputs.flags }} \ - swift/ql/test - env: - GITHUB_TOKEN: ${{ github.token }} - GITHUB_WORKSPACE: ${{ github.workspace }} diff --git a/swift/actions/share-extractor-pack/action.yml b/swift/actions/share-extractor-pack/action.yml deleted file mode 100644 index e9b7f9d5dac..00000000000 --- a/swift/actions/share-extractor-pack/action.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: Build Swift CodeQL pack -description: Builds the Swift CodeQL pack -runs: - using: composite - steps: - # not using artifacts because of annoying https://github.com/actions/upload-artifact/issues/38 - - name: Mount cache for sharing extractor pack - uses: actions/cache@v3 - with: - path: swift/extractor-pack - key: extractor-pack-${{ github.run_id }}-${{ github.run_number }}-${{ runner.os }}