mirror of
https://github.com/github/codeql.git
synced 2026-01-06 19:20:25 +01:00
52 lines
1.8 KiB
YAML
52 lines
1.8 KiB
YAML
name: "codeql-actions"
|
|
description: "CodeQL Pack for GitHub Actions and Workflows"
|
|
|
|
inputs:
|
|
token:
|
|
description: GitHub Token
|
|
default: ${{ github.token }}
|
|
source-root:
|
|
description: "Path of the root source code directory, relative to $GITHUB_WORKSPACE."
|
|
default: ${{ github.workspace }}
|
|
sarif-output:
|
|
description: "SARIF File Output"
|
|
default: "codeql-actions.sarif"
|
|
suite:
|
|
description: "CodeQL Suite to run"
|
|
default: "actions-code-scanning"
|
|
packs:
|
|
description: >-
|
|
Comma-separated list of packs to run. Reference a pack in the format `scope/name[@version]`. If `version` is not
|
|
specified, then the latest version of the pack is used. By default, this overrides the same setting in a
|
|
configuration file; prefix with "+" to use both sets of packs.
|
|
required: false
|
|
|
|
runs:
|
|
using: 'composite'
|
|
steps:
|
|
- name: extpack contents
|
|
shell: bash
|
|
if: inputs.packs
|
|
env:
|
|
EXTPACK_PATH: /home/runner/.codeql/packages/local/workflow-models/0.0.1
|
|
EXTPACK_NAME: local/workflow-models
|
|
run: |
|
|
echo "##[group] Workflow Models"
|
|
if [ -f $EXTPACK_PATH/models.yml ]; then cat $EXTPACK_PATH/models.yml; fi
|
|
echo "##[endgroup]"
|
|
echo "##[group] QLPack"
|
|
if [ -f $EXTPACK_PATH/codeql-pack.yml ]; then cat $EXTPACK_PATH/codeql-pack.yml; fi
|
|
echo "##[endgroup]"
|
|
|
|
- name: Scan workflows
|
|
shell: bash
|
|
env:
|
|
GITHUB_TOKEN: ${{ inputs.token }}
|
|
GH_TOKEN: ${{ inputs.token }}
|
|
INPUT_SOURCE-ROOT: ${{ inputs.source-root }}
|
|
INPUT_SARIF-OUTPUT: ${{ inputs.sarif-output }}
|
|
INPUT_SUITE: ${{ inputs.suite }}
|
|
INPUT_PACKS: ${{ inputs.packs }}
|
|
run: |
|
|
node ${{ github.action_path }}/.github/action/dist/index.js
|