name: Check framework coverage changes on: pull_request: paths: - ".github/workflows/csv-coverage-pr-comment.yml" - ".github/workflows/csv-coverage-pr-artifacts.yml" - ".github/actions/fetch-codeql/action.yml" - "*/ql/src/**/*.ql" - "*/ql/src/**/*.qll" - "*/ql/lib/**/*.ql" - "*/ql/lib/**/*.qll" - "*/ql/lib/ext/**/*.yml" - "misc/scripts/library-coverage/*.py" # input data files - "*/documentation/library-coverage/cwe-sink.csv" - "*/documentation/library-coverage/frameworks.csv" branches: - main - "rc/*" permissions: contents: read pull-requests: read jobs: generate: name: Generate framework coverage artifacts runs-on: ubuntu-latest steps: - name: Dump GitHub context env: GITHUB_CONTEXT: ${{ toJSON(github.event) }} run: echo "$GITHUB_CONTEXT" - name: Clone self (github/codeql) - MERGE uses: actions/checkout@v4 with: path: merge - name: Clone self (github/codeql) - BASE uses: actions/checkout@v4 with: fetch-depth: 2 path: base - run: | git checkout HEAD^1 git log -1 --format='%H' working-directory: base - name: Set up Python 3.8 uses: actions/setup-python@v4 with: python-version: 3.8 - name: Download CodeQL CLI uses: ./merge/.github/actions/fetch-codeql - name: Generate CSV files on merge commit of the PR run: | echo "Running generator on merge" python merge/misc/scripts/library-coverage/generate-report.py ci merge merge mkdir out_merge cp framework-coverage-*.csv out_merge/ cp framework-coverage-*.rst out_merge/ - name: Generate CSV files on base commit of the PR run: | echo "Running generator on base" python base/misc/scripts/library-coverage/generate-report.py ci base base mkdir out_base cp framework-coverage-*.csv out_base/ cp framework-coverage-*.rst out_base/ - name: Generate diff of coverage reports run: | python base/misc/scripts/library-coverage/compare-folders.py out_base out_merge comparison.md - name: Upload CSV package list uses: actions/upload-artifact@v3 with: name: csv-framework-coverage-merge path: | out_merge/framework-coverage-*.csv out_merge/framework-coverage-*.rst - name: Upload CSV package list uses: actions/upload-artifact@v3 with: name: csv-framework-coverage-base path: | out_base/framework-coverage-*.csv out_base/framework-coverage-*.rst - name: Upload comparison results uses: actions/upload-artifact@v3 with: name: comparison path: | comparison.md - name: Save PR number run: | mkdir -p pr echo ${PR_NUMBER} > pr/NR env: PR_NUMBER: ${{ github.event.pull_request.number }} - name: Upload PR number uses: actions/upload-artifact@v3 with: name: pr path: pr/ - name: Save comment ID (if it exists) run: | # Find the latest comment starting with COMMENT_PREFIX COMMENT_PREFIX=":warning: The head of this PR and the base branch were compared for differences in the framework coverage reports." COMMENT_ID=$(gh api "repos/${GITHUB_REPOSITORY}/issues/${PR_NUMBER}/comments" --paginate | jq --arg prefix "${COMMENT_PREFIX}" 'map(select(.body|startswith($prefix)) | .id) | max // empty') if [[ -z ${COMMENT_ID} ]] then echo "Comment not found. Not uploading 'comment/ID' artifact." else mkdir -p comment echo ${COMMENT_ID} > comment/ID fi env: GITHUB_TOKEN: ${{ github.token }} PR_NUMBER: ${{ github.event.pull_request.number }} - name: Upload comment ID (if it exists) uses: actions/upload-artifact@v3 with: name: comment path: comment/ if-no-files-found: ignore