hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Swift: simplify codeql workflow

Browse Source 
* remove ql test running and upgrade/downgrade scripts checking (now
  done internally)
* removed all the bazel caching stuff, that never really worked any way
* moved `misc/codegen` generic testing to a separate workflow, as it's
  not swift specific any more
* reinstanted checking that the extractor can be built locally from
  the `codeql` repo.
This commit is contained in:
Paolo Tranquilli
2025-03-14 15:45:27 +01:00
parent 28f40f1d45
commit 622aa7c170
7 changed files with 61 additions and 187 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
.github/workflows/codegen.yml vendored Normal file
View File

@@ -0,0 +1,34 @@
name: Codegen
on:
pull_request:
paths:
- "misc/bazel/**"
- "misc/codegen/**"
- "*.bazel*"
- .github/workflows/codegen.yml
- .pre-commit-config.yaml
branches:
- main
- rc/*
- codeql-cli-*
permissions:
contents: read
jobs:
codegen:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/setup-python@v4
with:
python-version-file: 'misc/codegen/.python-version'
- uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
name: Check that python code is properly formatted
with:
extra_args: autopep8 --all-files
- name: Run codegen tests
shell: bash
run: |
bazel test //misc/codegen/...

77
.github/workflows/swift.yml vendored
View File

@@ -18,45 +18,39 @@ on:
- main - main
- rc/* - rc/*
- codeql-cli-* - codeql-cli-*
push:
paths:
- "swift/**"
- "misc/bazel/**"
- "misc/codegen/**"
- "shared/**"
- "*.bazel*"
- .github/workflows/swift.yml
- .github/actions/**
- codeql-workspace.yml
- .pre-commit-config.yaml
- "!**/*.md"
- "!**/*.qhelp"
branches:
- main
- rc/*
- codeql-cli-*
permissions: permissions:
contents: read contents: read
defaults:
run:
shell: bash
working-directory: swift
jobs: jobs:
# not using a matrix as you cannot depend on a specific job in a matrix, and we want to start linux checks build-and-test:
# without waiting for the macOS build
build-and-test-macos:
if: github.repository_owner == 'github' if: github.repository_owner == 'github'
runs-on: macos-13-xlarge strategy:
matrix:
runner: [ubuntu-latest, macos-13-xlarge]
fail-fast: false
runs-on: ${{ matrix.runner }}
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: ./swift/actions/build-and-test - name: Setup (Linux)
qltests-macos: if: runner.os == 'Linux'
if: ${{ github.repository_owner == 'github' && github.event_name == 'pull_request' }} run: |
needs: build-and-test-macos sudo apt-get update
runs-on: macos-13-xlarge sudo apt-get install -y uuid-dev zlib1g-dev
steps: - name: Build Swift extractor
- uses: actions/checkout@v4 shell: bash
- uses: ./swift/actions/run-ql-tests run: |
bazel run :install
- name: Run Swift tests
shell: bash
run: |
bazel test ... --test_tag_filters=-override --test_output=errors
clang-format: clang-format:
if : ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
@@ -65,18 +59,9 @@ jobs:
with: with:
extra_args: clang-format --all-files extra_args: clang-format --all-files
codegen: codegen:
if : ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- uses: bazelbuild/setup-bazelisk@v2
- uses: actions/setup-python@v4
with:
python-version-file: 'swift/.python-version'
- uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
name: Check that python code is properly formatted
with:
extra_args: autopep8 --all-files
- uses: ./.github/actions/fetch-codeql - uses: ./.github/actions/fetch-codeql
- uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507 - uses: pre-commit/action@646c83fcd040023954eafda54b4db0192ce70507
name: Check that QL generated code was checked in name: Check that QL generated code was checked in
@@ -84,22 +69,14 @@ jobs:
extra_args: swift-codegen --all-files extra_args: swift-codegen --all-files
- name: Generate C++ files - name: Generate C++ files
run: | run: |
bazel run //swift/codegen:codegen -- --generate=trap,cpp --cpp-output=$PWD/generated-cpp-files bazel run codegen -- --generate=trap,cpp --cpp-output=$PWD/generated-cpp-files
- uses: actions/upload-artifact@v4 - uses: actions/upload-artifact@v4
with: with:
name: swift-generated-cpp-files name: swift-generated-cpp-files
path: generated-cpp-files/** path: generated-cpp-files/**
database-upgrade-scripts:
if : ${{ github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/fetch-codeql
- uses: ./swift/actions/database-upgrade-scripts
check-no-override: check-no-override:
if : github.event_name == 'pull_request'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v4 - uses: actions/checkout@v4
- shell: bash - name: Check that no override is present in load.bzl
run: bazel test //swift/... --test_tag_filters=override --test_output=errors run: bazel test ... --test_tag_filters=override --test_output=errors

0
swift/.python-version → misc/codegen/.python-version
View File

68
swift/actions/build-and-test/action.yml
View File

@@ -1,68 +0,0 @@
name: Build Swift CodeQL pack
description: Builds the Swift CodeQL pack
runs:
using: composite
steps:
- uses: bazelbuild/setup-bazelisk@v2
- uses: actions/setup-python@v4
with:
python-version-file: 'swift/.python-version'
# FIXME: this is copy-pasted from .github/actions/cache-query-compilation, but we cannot factor it out to a common
# composite action because of https://github.com/actions/runner/issues/2009 (cache fails to save in the post action
# phase because its inputs were lost in the meantime)
# calculate the merge-base with main, in a way that works both on PRs and pushes to main.
- name: Calculate merge-base
shell: bash
if: ${{ github.event_name == 'pull_request' }}
env:
BASE_BRANCH: ${{ github.base_ref }}
run: |
MERGE_BASE=$(git cat-file commit $GITHUB_SHA | grep '^parent ' | head -1 | cut -f 2 -d " ")
echo "merge_base=$MERGE_BASE" >> $GITHUB_ENV
- name: Restore read-only cache (PR)
if: ${{ github.event_name == 'pull_request' }}
uses: actions/cache/restore@v3
with:
path: 'bazel-cache'
key: bazel-pr-${{ github.sha }}
restore-keys: |
bazel-${{ github.base_ref }}-${{ env.merge_base }}
bazel-${{ github.base_ref }}-
bazel-main-
- name: Fill cache (push)
if: ${{ github.event_name != 'pull_request' }}
uses: actions/cache@v3
with:
path: 'bazel-cache'
key: bazel-${{ github.ref_name }}-${{ github.sha }} # just fill on main
restore-keys: | # restore the latest cache if the exact cache is unavailable, to speed up compilation.
bazel-${{ github.ref_name }}-
bazel-main-
- name: Configure bazel
shell: bash
run: |
mkdir -p bazel-cache/{repository,disk}
echo build --repository_cache=bazel-cache/repository --disk_cache=bazel-cache/disk > local.bazelrc
echo test --test_output=errors >> local.bazelrc
- uses: ./swift/actions/share-extractor-pack
- name: Build Swift extractor
shell: bash
run: |
bazel run //swift:install
- name: Run codegen tests
if : ${{ github.event_name == 'pull_request' }}
shell: bash
run: |
bazel test //misc/codegen/...
- name: Run Swift tests
if: ${{ github.event_name == 'pull_request' }}
shell: bash
run: |
bazel test //swift/... --test_tag_filters=-override --test_output=errors
- name: Evict bazel cache
if: ${{ github.event_name != 'pull_request' }}
shell: bash
run: |
du -sh bazel-cache/*
find bazel-cache -atime +0 -type f -delete
du -sh bazel-cache/*

23
swift/actions/database-upgrade-scripts/action.yml
View File

@@ -1,23 +0,0 @@
name: Check Swift database upgrade/downgrade scripts
runs:
using: composite
steps:
- name: Check upgrade scripts
shell: bash
working-directory: swift
run: |
echo > empty.trap
codeql dataset import -S ql/lib/upgrades/initial/swift.dbscheme testdb empty.trap
codeql dataset upgrade testdb --additional-packs ql/lib
diff -q testdb/swift.dbscheme ql/lib/swift.dbscheme
- name: Check downgrade scripts
shell: bash
working-directory: swift
run: |
echo > empty.trap
rm -rf testdb
codeql dataset import -S ql/lib/swift.dbscheme testdb empty.trap
codeql resolve upgrades --format=lines --allow-downgrades --additional-packs downgrades \
--dbscheme=ql/lib/swift.dbscheme --target-dbscheme=downgrades/initial/swift.dbscheme |
xargs -r codeql execute upgrades testdb
diff -q testdb/swift.dbscheme downgrades/initial/swift.dbscheme

35
swift/actions/run-ql-tests/action.yml
View File

@@ -1,35 +0,0 @@
name: Build Swift CodeQL pack
description: Builds the Swift CodeQL pack
inputs:
flags:
description: "Additional `codeql test run` flags"
required: false
default: ""
runs:
using: composite
steps:
- uses: ./swift/actions/share-extractor-pack
- uses: ./.github/actions/fetch-codeql
- id: query-cache
uses: ./.github/actions/cache-query-compilation
with:
key: swift-qltest
- name: Run QL tests
shell: bash
run: |
codeql test run \
--threads=0 \
--ram 50000 \
--search-path "$GITHUB_WORKSPACE" \
--check-databases \
--check-unused-labels \
--check-repeated-labels \
--check-redefined-labels \
--check-use-before-definition \
--consistency-queries "${{ github.workspace }}/swift/ql/consistency-queries" \
--compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" \
${{ inputs.flags }} \
swift/ql/test
env:
GITHUB_TOKEN: ${{ github.token }}
GITHUB_WORKSPACE: ${{ github.workspace }}

11
swift/actions/share-extractor-pack/action.yml
View File

@@ -1,11 +0,0 @@
name: Build Swift CodeQL pack
description: Builds the Swift CodeQL pack
runs:
using: composite
steps:
# not using artifacts because of annoying https://github.com/actions/upload-artifact/issues/38
- name: Mount cache for sharing extractor pack
uses: actions/cache@v3
with:
path: swift/extractor-pack
key: extractor-pack-${{ github.run_id }}-${{ github.run_number }}-${{ runner.os }}