From 881539c73515a20887eca6faec9732c819c6dbe6 Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Tue, 30 Nov 2021 12:03:03 +0100 Subject: [PATCH 01/20] Add scaffolding for model diff job --- .github/workflows/java-model-diff.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/java-model-diff.yml diff --git a/.github/workflows/java-model-diff.yml b/.github/workflows/java-model-diff.yml new file mode 100644 index 00000000000..882a6a74b73 --- /dev/null +++ b/.github/workflows/java-model-diff.yml @@ -0,0 +1,27 @@ +name: Diff generated Models as Data + +on: + push: + branches: + - main + workflow_dispatch: + inputs: + projects: + description: "The projects to generate models for" + required: true + default: '["netty/netty"]' + pull_request: + branches: + - main + paths: + - "java/ql/src/utils/model-generator/**/*.*" + +jobs: + model-diff: + runs-on: ubuntu-latest + steps: + - name: Clone self (github/codeql) for baseline + uses: actions/checkout@v2 + with: + path: codeql-baseline + ref: ${{ github.base_ref }} From c0a3cd07a5018c2707bd9954a35718fee30e6567 Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Tue, 30 Nov 2021 12:03:51 +0100 Subject: [PATCH 02/20] Add default projects --- .github/workflows/java-model-diff.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/.github/workflows/java-model-diff.yml b/.github/workflows/java-model-diff.yml index 882a6a74b73..7e753660956 100644 --- a/.github/workflows/java-model-diff.yml +++ b/.github/workflows/java-model-diff.yml @@ -19,6 +19,13 @@ on: jobs: model-diff: runs-on: ubuntu-latest + strategy: + matrix: + # large + # ["google/guava", "spring-projects/spring-framework", "apache/poi"] + # others + # ["FasterXML/jackson-core", "FasterXML/jackson-databind", "google/gson", "JodaOrg/joda-time" + slugs: ${{fromJson(github.event.inputs.projects || '["apache/commons-codec", "apache/commons-io", "apache/commons-beanutils", "apache/commons-logging", "apache/commons-fileupload", "apache/commons-lang", "apache/commons-validator", "apache/commons-csv", "apache/dubbo"]' )}} steps: - name: Clone self (github/codeql) for baseline uses: actions/checkout@v2 From 96721286994ab73cc36d5ad25c79adbd79a60bf3 Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Tue, 30 Nov 2021 12:13:27 +0100 Subject: [PATCH 03/20] Download database --- .github/workflows/java-model-diff.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/.github/workflows/java-model-diff.yml b/.github/workflows/java-model-diff.yml index 7e753660956..bee9200a3cb 100644 --- a/.github/workflows/java-model-diff.yml +++ b/.github/workflows/java-model-diff.yml @@ -32,3 +32,21 @@ jobs: with: path: codeql-baseline ref: ${{ github.base_ref }} + - name: Clone self (github/codeql) with new generator + uses: actions/checkout@v2 + with: + path: codeql-head + ref: ${{ github.ref }} + - uses: ./codeql-baseline/.github/actions/fetch-codeql + - name: Download database + env: + SLUG: ${{ matrix.slugs }} + run: | + set -x + mkdir lib-dbs + SHORTNAME=${SLUG//[^a-zA-Z0-9_]/} + projectId=`curl -s https://lgtm.com/api/v1.0/projects/g/$SLUG | jq .id` + curl -L "https://lgtm.com/api/v1.0/snapshots/$projectId/java" -o $SHORTNAME.zip + unzip -q -d $SHORTNAME-db $SHORTNAME.zip + mkdir lib-dbs/$SHORTNAME/ + mv $SHORTNAME-db/`ls -1 $SHORTNAME-db`/* lib-dbs/$SHORTNAME/ From 734422f384dcfd45c4f10619694bee61945198fc Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Tue, 30 Nov 2021 12:13:48 +0100 Subject: [PATCH 04/20] Generate the models for each variant --- .github/workflows/java-model-diff.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/.github/workflows/java-model-diff.yml b/.github/workflows/java-model-diff.yml index bee9200a3cb..0907618798e 100644 --- a/.github/workflows/java-model-diff.yml +++ b/.github/workflows/java-model-diff.yml @@ -50,3 +50,27 @@ jobs: unzip -q -d $SHORTNAME-db $SHORTNAME.zip mkdir lib-dbs/$SHORTNAME/ mv $SHORTNAME-db/`ls -1 $SHORTNAME-db`/* lib-dbs/$SHORTNAME/ + - name: Generate Models (Baseline and HEAD) + run: | + set -x + mkdir tmp-models + MODELS=`pwd`/tmp-models + MODE="baseline" + DATABASES=`pwd`/lib-dbs + + analyzeDatabaseWithCheckout() { + QL_VARIANT=$1 + DATABASE=$2 + cd codeql-$QL_VARIANT + SHORTNAME=`basename $DATABASE` + python java/ql/src/utils/model-generator/GenerateFlowModel.py $DATABASE $MODELS/${SHORTNAME}.qll + mv $MODELS/${SHORTNAME}.qll $MODELS/${SHORTNAME}_${QL_VARIANT}.qll + cd .. + } + + for d in $DATABASES/*/ ; do + ls -1 "$d" + + analyzeDatabaseWithCheckout "baseline" $d + analyzeDatabaseWithCheckout "head" $d + done From 5e69eb491f3658122e921ca57e52619c2ab23088 Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Tue, 30 Nov 2021 12:15:11 +0100 Subject: [PATCH 05/20] Generate diff and archive results --- .github/workflows/java-model-diff.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/.github/workflows/java-model-diff.yml b/.github/workflows/java-model-diff.yml index 0907618798e..954ecdbfa37 100644 --- a/.github/workflows/java-model-diff.yml +++ b/.github/workflows/java-model-diff.yml @@ -74,3 +74,25 @@ jobs: analyzeDatabaseWithCheckout "baseline" $d analyzeDatabaseWithCheckout "head" $d done + - name: Generate Model Diff + run: | + set -x + npm install -g diff2html-cli + MODELS=`pwd`/tmp-models + ls -1 tmp-models/ + for m in $MODELS/*_baseline.qll ; do + t="${m/baseline/"head"}" + basename=`basename $m` + name="diff_${basename/_baseline.qll/""}" + (diff -w -u $m $t | diff2html -i stdin -F $MODELS/$name.html) || true + done + - uses: actions/upload-artifact@v2 + with: + name: models + path: tmp-models/*.qll + retention-days: 20 + - uses: actions/upload-artifact@v2 + with: + name: diffs + path: tmp-models/*.html + retention-days: 20 From d181ee1701b25a8d1a50efecedd557bca47f66e1 Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Tue, 30 Nov 2021 12:17:07 +0100 Subject: [PATCH 06/20] Shorten workflow name This will show up including the job name anyway ``` Models as Data / model-diff (apache/commons-codec) ``` --- .github/workflows/java-model-diff.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/java-model-diff.yml b/.github/workflows/java-model-diff.yml index 954ecdbfa37..d97a46108d8 100644 --- a/.github/workflows/java-model-diff.yml +++ b/.github/workflows/java-model-diff.yml @@ -1,4 +1,4 @@ -name: Diff generated Models as Data +name: Models as Data on: push: From 38debc0b64023c15c0eefbe7e222b5c1dcb831e1 Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Mon, 6 Dec 2021 11:21:15 +0100 Subject: [PATCH 07/20] Remove push trigger --- .github/workflows/java-model-diff.yml | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/.github/workflows/java-model-diff.yml b/.github/workflows/java-model-diff.yml index d97a46108d8..f092f6bbd65 100644 --- a/.github/workflows/java-model-diff.yml +++ b/.github/workflows/java-model-diff.yml @@ -1,9 +1,6 @@ name: Models as Data on: - push: - branches: - - main workflow_dispatch: inputs: projects: @@ -25,7 +22,7 @@ jobs: # ["google/guava", "spring-projects/spring-framework", "apache/poi"] # others # ["FasterXML/jackson-core", "FasterXML/jackson-databind", "google/gson", "JodaOrg/joda-time" - slugs: ${{fromJson(github.event.inputs.projects || '["apache/commons-codec", "apache/commons-io", "apache/commons-beanutils", "apache/commons-logging", "apache/commons-fileupload", "apache/commons-lang", "apache/commons-validator", "apache/commons-csv", "apache/dubbo"]' )}} + slug: ${{fromJson(github.event.inputs.projects || '["apache/commons-codec", "apache/commons-io", "apache/commons-beanutils", "apache/commons-logging", "apache/commons-fileupload", "apache/commons-lang", "apache/commons-validator", "apache/commons-csv", "apache/dubbo"]' )}} steps: - name: Clone self (github/codeql) for baseline uses: actions/checkout@v2 @@ -39,13 +36,11 @@ jobs: ref: ${{ github.ref }} - uses: ./codeql-baseline/.github/actions/fetch-codeql - name: Download database - env: - SLUG: ${{ matrix.slugs }} run: | set -x mkdir lib-dbs SHORTNAME=${SLUG//[^a-zA-Z0-9_]/} - projectId=`curl -s https://lgtm.com/api/v1.0/projects/g/$SLUG | jq .id` + projectId=`curl -s https://lgtm.com/api/v1.0/projects/g/${matrix.slugs}} | jq .id` curl -L "https://lgtm.com/api/v1.0/snapshots/$projectId/java" -o $SHORTNAME.zip unzip -q -d $SHORTNAME-db $SHORTNAME.zip mkdir lib-dbs/$SHORTNAME/ @@ -74,10 +69,12 @@ jobs: analyzeDatabaseWithCheckout "baseline" $d analyzeDatabaseWithCheckout "head" $d done + - name: Install diff2html + run: | + npm install -g diff2html-cli - name: Generate Model Diff run: | set -x - npm install -g diff2html-cli MODELS=`pwd`/tmp-models ls -1 tmp-models/ for m in $MODELS/*_baseline.qll ; do From 657c576186ddadf3defb7276f78f75a2360f7a1a Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Mon, 6 Dec 2021 11:30:14 +0100 Subject: [PATCH 08/20] Skip diffs if same branch --- .github/workflows/java-model-diff.yml | 26 +++++++++++++++++--------- 1 file changed, 17 insertions(+), 9 deletions(-) diff --git a/.github/workflows/java-model-diff.yml b/.github/workflows/java-model-diff.yml index f092f6bbd65..c27f286154e 100644 --- a/.github/workflows/java-model-diff.yml +++ b/.github/workflows/java-model-diff.yml @@ -67,7 +67,10 @@ jobs: ls -1 "$d" analyzeDatabaseWithCheckout "baseline" $d - analyzeDatabaseWithCheckout "head" $d + if [[ "$s1" != "$s2" ]] + then + analyzeDatabaseWithCheckout "head" $d + fi done - name: Install diff2html run: | @@ -75,14 +78,19 @@ jobs: - name: Generate Model Diff run: | set -x - MODELS=`pwd`/tmp-models - ls -1 tmp-models/ - for m in $MODELS/*_baseline.qll ; do - t="${m/baseline/"head"}" - basename=`basename $m` - name="diff_${basename/_baseline.qll/""}" - (diff -w -u $m $t | diff2html -i stdin -F $MODELS/$name.html) || true - done + if [[ "$s1" == "$s2" ]] + then + echo "Skipping diff generation as github.base_ref and github.ref are the same" + else + MODELS=`pwd`/tmp-models + ls -1 tmp-models/ + for m in $MODELS/*_baseline.qll ; do + t="${m/baseline/"head"}" + basename=`basename $m` + name="diff_${basename/_baseline.qll/""}" + (diff -w -u $m $t | diff2html -i stdin -F $MODELS/$name.html) || true + done + fi - uses: actions/upload-artifact@v2 with: name: models From 557cb0a09e7fdb64915f3a872414c4d4db24dd47 Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Mon, 6 Dec 2021 11:42:03 +0100 Subject: [PATCH 09/20] Add job name --- .github/workflows/java-model-diff.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/java-model-diff.yml b/.github/workflows/java-model-diff.yml index c27f286154e..164a7719f57 100644 --- a/.github/workflows/java-model-diff.yml +++ b/.github/workflows/java-model-diff.yml @@ -15,6 +15,7 @@ on: jobs: model-diff: + name: Model Difference runs-on: ubuntu-latest strategy: matrix: From 49d2fbfb5fd23315aa3db32c59d21a3ea240cdbe Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Tue, 11 Jan 2022 11:47:28 +0100 Subject: [PATCH 10/20] Fixed slug references and PR skips --- .github/workflows/java-model-diff.yml | 38 +++++++++++++-------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/.github/workflows/java-model-diff.yml b/.github/workflows/java-model-diff.yml index 164a7719f57..93548e1aa5b 100644 --- a/.github/workflows/java-model-diff.yml +++ b/.github/workflows/java-model-diff.yml @@ -17,6 +17,7 @@ jobs: model-diff: name: Model Difference runs-on: ubuntu-latest + if: github.repository == 'github/codeql' strategy: matrix: # large @@ -27,6 +28,7 @@ jobs: steps: - name: Clone self (github/codeql) for baseline uses: actions/checkout@v2 + if: github.event.pull_request with: path: codeql-baseline ref: ${{ github.base_ref }} @@ -37,15 +39,17 @@ jobs: ref: ${{ github.ref }} - uses: ./codeql-baseline/.github/actions/fetch-codeql - name: Download database + env: + SLUG: ${{ matrix.slug }} run: | set -x mkdir lib-dbs SHORTNAME=${SLUG//[^a-zA-Z0-9_]/} - projectId=`curl -s https://lgtm.com/api/v1.0/projects/g/${matrix.slugs}} | jq .id` - curl -L "https://lgtm.com/api/v1.0/snapshots/$projectId/java" -o $SHORTNAME.zip - unzip -q -d $SHORTNAME-db $SHORTNAME.zip - mkdir lib-dbs/$SHORTNAME/ - mv $SHORTNAME-db/`ls -1 $SHORTNAME-db`/* lib-dbs/$SHORTNAME/ + projectId=`curl -s https://lgtm.com/api/v1.0/projects/g/${SLUG}} | jq .id` + curl -L "https://lgtm.com/api/v1.0/snapshots/$projectId/java" -o "$SHORTNAME.zip" + unzip -q -d $"SHORTNAME-db" "$SHORTNAME.zip" + mkdir "lib-dbs/$SHORTNAME/" + mv "$SHORTNAME-db/"`ls -1 "$SHORTNAME-db"`/* "lib-dbs/$SHORTNAME/" - name: Generate Models (Baseline and HEAD) run: | set -x @@ -68,7 +72,7 @@ jobs: ls -1 "$d" analyzeDatabaseWithCheckout "baseline" $d - if [[ "$s1" != "$s2" ]] + if [[ "$GITHUB_EVENT_NAME" == "pull_request" ]] then analyzeDatabaseWithCheckout "head" $d fi @@ -77,21 +81,17 @@ jobs: run: | npm install -g diff2html-cli - name: Generate Model Diff + if: github.event.pull_request run: | set -x - if [[ "$s1" == "$s2" ]] - then - echo "Skipping diff generation as github.base_ref and github.ref are the same" - else - MODELS=`pwd`/tmp-models - ls -1 tmp-models/ - for m in $MODELS/*_baseline.qll ; do - t="${m/baseline/"head"}" - basename=`basename $m` - name="diff_${basename/_baseline.qll/""}" - (diff -w -u $m $t | diff2html -i stdin -F $MODELS/$name.html) || true - done - fi + MODELS=`pwd`/tmp-models + ls -1 tmp-models/ + for m in $MODELS/*_baseline.qll ; do + t="${m/baseline/"head"}" + basename=`basename $m` + name="diff_${basename/_baseline.qll/""}" + (diff -w -u $m $t | diff2html -i stdin -F $MODELS/$name.html) || true + done - uses: actions/upload-artifact@v2 with: name: models From 426f3117d66ae1cdebd8445c65fba2cc1027bc4b Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Tue, 11 Jan 2022 15:58:21 +0100 Subject: [PATCH 11/20] Clarify model names and escape variables --- .github/workflows/java-model-diff.yml | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/.github/workflows/java-model-diff.yml b/.github/workflows/java-model-diff.yml index 93548e1aa5b..30ae0bba652 100644 --- a/.github/workflows/java-model-diff.yml +++ b/.github/workflows/java-model-diff.yml @@ -26,18 +26,18 @@ jobs: # ["FasterXML/jackson-core", "FasterXML/jackson-databind", "google/gson", "JodaOrg/joda-time" slug: ${{fromJson(github.event.inputs.projects || '["apache/commons-codec", "apache/commons-io", "apache/commons-beanutils", "apache/commons-logging", "apache/commons-fileupload", "apache/commons-lang", "apache/commons-validator", "apache/commons-csv", "apache/dubbo"]' )}} steps: - - name: Clone self (github/codeql) for baseline + - name: Clone self (github/codeql) for prhead uses: actions/checkout@v2 if: github.event.pull_request with: - path: codeql-baseline + path: codeql-prhead ref: ${{ github.base_ref }} - - name: Clone self (github/codeql) with new generator + - name: Clone self (github/codeql) with main uses: actions/checkout@v2 with: path: codeql-head ref: ${{ github.ref }} - - uses: ./codeql-baseline/.github/actions/fetch-codeql + - uses: ./codeql-head/.github/actions/fetch-codeql - name: Download database env: SLUG: ${{ matrix.slug }} @@ -45,17 +45,16 @@ jobs: set -x mkdir lib-dbs SHORTNAME=${SLUG//[^a-zA-Z0-9_]/} - projectId=`curl -s https://lgtm.com/api/v1.0/projects/g/${SLUG}} | jq .id` + projectId=`curl -s https://lgtm.com/api/v1.0/projects/g/${SLUG} | jq .id` curl -L "https://lgtm.com/api/v1.0/snapshots/$projectId/java" -o "$SHORTNAME.zip" - unzip -q -d $"SHORTNAME-db" "$SHORTNAME.zip" + unzip -q -d "$SHORTNAME-db" "$SHORTNAME.zip" mkdir "lib-dbs/$SHORTNAME/" mv "$SHORTNAME-db/"`ls -1 "$SHORTNAME-db"`/* "lib-dbs/$SHORTNAME/" - - name: Generate Models (Baseline and HEAD) + - name: Generate Models (PR and HEAD) run: | set -x mkdir tmp-models MODELS=`pwd`/tmp-models - MODE="baseline" DATABASES=`pwd`/lib-dbs analyzeDatabaseWithCheckout() { @@ -71,10 +70,10 @@ jobs: for d in $DATABASES/*/ ; do ls -1 "$d" - analyzeDatabaseWithCheckout "baseline" $d + analyzeDatabaseWithCheckout "head" $d if [[ "$GITHUB_EVENT_NAME" == "pull_request" ]] then - analyzeDatabaseWithCheckout "head" $d + analyzeDatabaseWithCheckout "prhead" $d fi done - name: Install diff2html @@ -86,10 +85,10 @@ jobs: set -x MODELS=`pwd`/tmp-models ls -1 tmp-models/ - for m in $MODELS/*_baseline.qll ; do - t="${m/baseline/"head"}" + for m in $MODELS/*_prhead.qll ; do + t="${m/prhead/"head"}" basename=`basename $m` - name="diff_${basename/_baseline.qll/""}" + name="diff_${basename/_prhead.qll/""}" (diff -w -u $m $t | diff2html -i stdin -F $MODELS/$name.html) || true done - uses: actions/upload-artifact@v2 From 4aa0002e97fb76ac90ecbcfd7feaffe1693432cf Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Thu, 27 Jan 2022 11:43:25 +0100 Subject: [PATCH 12/20] Rename workflow --- .github/workflows/{java-model-diff.yml => mad_modelDiff.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{java-model-diff.yml => mad_modelDiff.yml} (100%) diff --git a/.github/workflows/java-model-diff.yml b/.github/workflows/mad_modelDiff.yml similarity index 100% rename from .github/workflows/java-model-diff.yml rename to .github/workflows/mad_modelDiff.yml From 66b9974dd44d17ea75640904f71db2b6f5dc606b Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Thu, 27 Jan 2022 12:00:29 +0100 Subject: [PATCH 13/20] Simplify naming pattern --- .github/workflows/mad_modelDiff.yml | 38 +++++++++++++++++------------ 1 file changed, 22 insertions(+), 16 deletions(-) diff --git a/.github/workflows/mad_modelDiff.yml b/.github/workflows/mad_modelDiff.yml index 30ae0bba652..bb197262f89 100644 --- a/.github/workflows/mad_modelDiff.yml +++ b/.github/workflows/mad_modelDiff.yml @@ -12,6 +12,10 @@ on: - main paths: - "java/ql/src/utils/model-generator/**/*.*" + - ".github/workflows/mad_modelDiff.yml" + +permissions: + contents: read jobs: model-diff: @@ -26,18 +30,20 @@ jobs: # ["FasterXML/jackson-core", "FasterXML/jackson-databind", "google/gson", "JodaOrg/joda-time" slug: ${{fromJson(github.event.inputs.projects || '["apache/commons-codec", "apache/commons-io", "apache/commons-beanutils", "apache/commons-logging", "apache/commons-fileupload", "apache/commons-lang", "apache/commons-validator", "apache/commons-csv", "apache/dubbo"]' )}} steps: - - name: Clone self (github/codeql) for prhead + - name: Clone github/codeql from PR uses: actions/checkout@v2 if: github.event.pull_request with: - path: codeql-prhead - ref: ${{ github.base_ref }} - - name: Clone self (github/codeql) with main + repository: github/codeql + path: codeql-pr + ref: ${{ github.sha }} + - name: Clone github/codeql from main uses: actions/checkout@v2 with: - path: codeql-head - ref: ${{ github.ref }} - - uses: ./codeql-head/.github/actions/fetch-codeql + repository: github/codeql + path: codeql-main + ref: main + - uses: ./codeql-main/.github/actions/fetch-codeql - name: Download database env: SLUG: ${{ matrix.slug }} @@ -47,10 +53,10 @@ jobs: SHORTNAME=${SLUG//[^a-zA-Z0-9_]/} projectId=`curl -s https://lgtm.com/api/v1.0/projects/g/${SLUG} | jq .id` curl -L "https://lgtm.com/api/v1.0/snapshots/$projectId/java" -o "$SHORTNAME.zip" - unzip -q -d "$SHORTNAME-db" "$SHORTNAME.zip" + unzip -q -d "${SHORTNAME}-db" "${SHORTNAME}.zip" mkdir "lib-dbs/$SHORTNAME/" - mv "$SHORTNAME-db/"`ls -1 "$SHORTNAME-db"`/* "lib-dbs/$SHORTNAME/" - - name: Generate Models (PR and HEAD) + mv "${SHORTNAME}-db/"$(ls -1 "${SHORTNAME}"-db)/* "lib-dbs/${SHORTNAME}/" + - name: Generate Models (PR and main) run: | set -x mkdir tmp-models @@ -63,17 +69,17 @@ jobs: cd codeql-$QL_VARIANT SHORTNAME=`basename $DATABASE` python java/ql/src/utils/model-generator/GenerateFlowModel.py $DATABASE $MODELS/${SHORTNAME}.qll - mv $MODELS/${SHORTNAME}.qll $MODELS/${SHORTNAME}_${QL_VARIANT}.qll + mv $MODELS/${SHORTNAME}.qll $MODELS/${SHORTNAME}Generated_${QL_VARIANT}.qll cd .. } for d in $DATABASES/*/ ; do ls -1 "$d" - analyzeDatabaseWithCheckout "head" $d + analyzeDatabaseWithCheckout "main" $d if [[ "$GITHUB_EVENT_NAME" == "pull_request" ]] then - analyzeDatabaseWithCheckout "prhead" $d + analyzeDatabaseWithCheckout "pr" $d fi done - name: Install diff2html @@ -85,10 +91,10 @@ jobs: set -x MODELS=`pwd`/tmp-models ls -1 tmp-models/ - for m in $MODELS/*_prhead.qll ; do - t="${m/prhead/"head"}" + for m in $MODELS/*_main.qll ; do + t="${m/main/"pr"}" basename=`basename $m` - name="diff_${basename/_prhead.qll/""}" + name="diff_${basename/_main.qll/""}" (diff -w -u $m $t | diff2html -i stdin -F $MODELS/$name.html) || true done - uses: actions/upload-artifact@v2 From b9c3e6a052b8bb2c456d1f42a98e07f734fa9c92 Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Thu, 27 Jan 2022 12:01:47 +0100 Subject: [PATCH 14/20] Enable on my repo --- .github/workflows/mad_modelDiff.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/mad_modelDiff.yml b/.github/workflows/mad_modelDiff.yml index bb197262f89..eb03a606f50 100644 --- a/.github/workflows/mad_modelDiff.yml +++ b/.github/workflows/mad_modelDiff.yml @@ -21,7 +21,7 @@ jobs: model-diff: name: Model Difference runs-on: ubuntu-latest - if: github.repository == 'github/codeql' + if: github.repository == 'github/codeql' || github.repository == 'bmuskalla/codeql' strategy: matrix: # large From 10aa7a798201b082c7cf9760b2f4dc2d2b0adee7 Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Thu, 27 Jan 2022 12:02:42 +0100 Subject: [PATCH 15/20] Better name --- .github/workflows/mad_modelDiff.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/mad_modelDiff.yml b/.github/workflows/mad_modelDiff.yml index eb03a606f50..29c8166808c 100644 --- a/.github/workflows/mad_modelDiff.yml +++ b/.github/workflows/mad_modelDiff.yml @@ -1,4 +1,4 @@ -name: Models as Data +name: Models as Data - Diff on: workflow_dispatch: From 3646ae09954698b80825590e92226a143698a872 Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Thu, 27 Jan 2022 12:08:57 +0100 Subject: [PATCH 16/20] Skip diff install if not needed --- .github/workflows/mad_modelDiff.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/mad_modelDiff.yml b/.github/workflows/mad_modelDiff.yml index 29c8166808c..d7f484aaab8 100644 --- a/.github/workflows/mad_modelDiff.yml +++ b/.github/workflows/mad_modelDiff.yml @@ -83,6 +83,7 @@ jobs: fi done - name: Install diff2html + if: github.event.pull_request run: | npm install -g diff2html-cli - name: Generate Model Diff From e5acc6b54b8b6e64d1e51d6b708370282ad79954 Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Thu, 27 Jan 2022 12:15:10 +0100 Subject: [PATCH 17/20] use default sha for pr --- .github/workflows/mad_modelDiff.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/mad_modelDiff.yml b/.github/workflows/mad_modelDiff.yml index d7f484aaab8..30b345f71fa 100644 --- a/.github/workflows/mad_modelDiff.yml +++ b/.github/workflows/mad_modelDiff.yml @@ -36,7 +36,6 @@ jobs: with: repository: github/codeql path: codeql-pr - ref: ${{ github.sha }} - name: Clone github/codeql from main uses: actions/checkout@v2 with: From 1cfb088634dd46439d91621b967c79c0033f6ec9 Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Thu, 27 Jan 2022 12:22:17 +0100 Subject: [PATCH 18/20] rely on defaults --- .github/workflows/mad_modelDiff.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/mad_modelDiff.yml b/.github/workflows/mad_modelDiff.yml index 30b345f71fa..0c2d359db01 100644 --- a/.github/workflows/mad_modelDiff.yml +++ b/.github/workflows/mad_modelDiff.yml @@ -34,12 +34,10 @@ jobs: uses: actions/checkout@v2 if: github.event.pull_request with: - repository: github/codeql path: codeql-pr - name: Clone github/codeql from main uses: actions/checkout@v2 with: - repository: github/codeql path: codeql-main ref: main - uses: ./codeql-main/.github/actions/fetch-codeql From 39a853b5e466805e2b202adfce14fd22ba79f069 Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Thu, 27 Jan 2022 12:27:37 +0100 Subject: [PATCH 19/20] Remove unused models --- .github/workflows/mad_modelDiff.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/mad_modelDiff.yml b/.github/workflows/mad_modelDiff.yml index 0c2d359db01..54ddb0e0175 100644 --- a/.github/workflows/mad_modelDiff.yml +++ b/.github/workflows/mad_modelDiff.yml @@ -24,10 +24,6 @@ jobs: if: github.repository == 'github/codeql' || github.repository == 'bmuskalla/codeql' strategy: matrix: - # large - # ["google/guava", "spring-projects/spring-framework", "apache/poi"] - # others - # ["FasterXML/jackson-core", "FasterXML/jackson-databind", "google/gson", "JodaOrg/joda-time" slug: ${{fromJson(github.event.inputs.projects || '["apache/commons-codec", "apache/commons-io", "apache/commons-beanutils", "apache/commons-logging", "apache/commons-fileupload", "apache/commons-lang", "apache/commons-validator", "apache/commons-csv", "apache/dubbo"]' )}} steps: - name: Clone github/codeql from PR From 5c9c83d331f6c232019d42ebe4f880352d168232 Mon Sep 17 00:00:00 2001 From: Benjamin Muskalla Date: Thu, 27 Jan 2022 14:24:41 +0100 Subject: [PATCH 20/20] Revert "Enable on my repo" This reverts commit b9c3e6a052b8bb2c456d1f42a98e07f734fa9c92. --- .github/workflows/mad_modelDiff.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/mad_modelDiff.yml b/.github/workflows/mad_modelDiff.yml index 54ddb0e0175..a4b9169b44e 100644 --- a/.github/workflows/mad_modelDiff.yml +++ b/.github/workflows/mad_modelDiff.yml @@ -21,7 +21,7 @@ jobs: model-diff: name: Model Difference runs-on: ubuntu-latest - if: github.repository == 'github/codeql' || github.repository == 'bmuskalla/codeql' + if: github.repository == 'github/codeql' strategy: matrix: slug: ${{fromJson(github.event.inputs.projects || '["apache/commons-codec", "apache/commons-io", "apache/commons-beanutils", "apache/commons-logging", "apache/commons-fileupload", "apache/commons-lang", "apache/commons-validator", "apache/commons-csv", "apache/dubbo"]' )}}