Skip to content

Commit

Permalink
Merge branch 'main' into lcartey/contracts
Browse files Browse the repository at this point in the history
  • Loading branch information
@lcartey
lcartey committed Jan 5, 2025
2 parents 6b8ba85 + ce5b364 commit f1e6f50
Show file tree
Hide file tree
Showing 1,577 changed files with 19,976 additions and 4,283 deletions.
49 changes: 49 additions & 0 deletions .github/actions/check-permissions/action.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
name: Check current actor permissions
description: |
Checks whether the current actor has the specified permssions
inputs:
minimum-permission:
description: |
The minimum required permission. One of: read, write, admin
required: true
outputs:
has-permission:
description: "Whether the actor had the minimum required permission"
value: ${{ steps.check-permission.outputs.has-permission }}

runs:
using: composite
steps:
- uses: actions/github-script@v7
id: check-permission
env:
INPUT_MINIMUM-PERMISSION: ${{ inputs.minimum-permission }}
with:
script: |
// Valid permissions are none, read, write, admin (legacy base permissions)
const permissionsRanking = ["none", "read", "write", "admin"];
// Note: core.getInput doesn't work by default in a composite action - in this case
// it would try to fetch the input to the github-script instead of the action
// itself. Instead, we set the appropriate magic env var with the actions input.
// See: https://github.com/actions/runner/issues/665
const minimumPermission = core.getInput('minimum-permission');
if (!permissionsRanking.includes(minimumPermission)) {
core.setFailed(`Invalid minimum permission: ${minimumPermission}`);
return;
}
const { data : { permission : actorPermission } } = await github.rest.repos.getCollaboratorPermissionLevel({
owner: context.repo.owner,
repo: context.repo.repo,
username: context.actor
});
// Confirm whether the actor permission is at least the selected permission
const hasPermission = permissionsRanking.indexOf(minimumPermission) <= permissionsRanking.indexOf(actorPermission) ? "1" : "";
core.setOutput('has-permission', hasPermission);
if (!hasPermission) {
core.info(`Current actor (${context.actor}) does not have the minimum required permission '${minimumPermission}' (has '${actorPermission}')`);
} else {
core.info(`Current actor (${context.actor}) has the minimum required permission '${minimumPermission}' (has '${actorPermission}')`);
}
8 changes: 8 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
version: 2
updates:

- package-ecosystem: "github-actions"
directory: "/"
schedule:
# Check for updates to GitHub Actions every week
interval: "weekly"
44 changes: 33 additions & 11 deletions .github/workflows/code-scanning-pack-gen.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,6 @@ on:
- main
- next
- "rc/**"

push:
branches:
- main
Expand Down Expand Up @@ -47,7 +46,7 @@ jobs:

- name: Cache CodeQL
id: cache-codeql
uses: actions/cache@v2.1.3
uses: actions/cache@v4
with:
path: ${{ github.workspace }}/codeql_home
key: codeql-home-${{ matrix.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library }}
Expand All @@ -69,15 +68,17 @@ jobs:
- name: Determine ref for external help files
id: determine-ref
run: |
if [[ $GITHUB_EVENT_NAME == "pull_request" || $GITHUB_EVENT_NAME == "merge_group" ]]; then
echo "EXTERNAL_HELP_REF=$GITHUB_HEAD_REF" >> "$GITHUB_ENV"
if [[ $GITHUB_EVENT_NAME == "pull_request" ]]; then
EXTERNAL_HELP_REF="${{ github.event.pull_request.base.ref }}"
elif [[ $GITHUB_EVENT_NAME == "merge_group" ]]; then
EXTERNAL_HELP_REF="${{ github.event.merge_group.base_ref }}"
else
echo "EXTERNAL_HELP_REF=$GITHUB_REF" >> "$GITHUB_ENV"
EXTERNAL_HELP_REF="$GITHUB_REF"
fi
echo "EXTERNAL_HELP_REF=$EXTERNAL_HELP_REF" >> "$GITHUB_ENV"
echo "Using ref $EXTERNAL_HELP_REF for external help files."
- name: Checkout external help files
continue-on-error: true
id: checkout-external-help-files
uses: actions/checkout@v4
with:
Expand All @@ -98,15 +99,36 @@ jobs:
CODEQL_HOME: ${{ github.workspace }}/codeql_home
run: |
PATH=$PATH:$CODEQL_HOME/codeql
codeql query compile --precompile --threads 0 cpp
codeql query compile --precompile --threads 0 c
# Precompile all queries, and use a compilation cache larger than default
# to ensure we cache all the queries for later steps
codeql query compile --precompile --threads 0 --compilation-cache-size=1024 cpp c
cd ..
zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/schemas
zip -r codeql-coding-standards/code-scanning-cpp-query-pack.zip codeql-coding-standards/c/ codeql-coding-standards/cpp/ codeql-coding-standards/.codeqlmanifest.json codeql-coding-standards/supported_codeql_configs.json codeql-coding-standards/scripts/configuration codeql-coding-standards/scripts/reports codeql-coding-standards/scripts/shared codeql-coding-standards/scripts/guideline_recategorization codeql-coding-standards/schemas
- name: Upload GHAS Query Pack
uses: actions/upload-artifact@v2
uses: actions/upload-artifact@v4
with:
name: code-scanning-cpp-query-pack.zip
path: code-scanning-cpp-query-pack.zip

- name: Create qlpack bundles
env:
CODEQL_HOME: ${{ github.workspace }}/codeql_home
run: |
PATH=$PATH:$CODEQL_HOME/codeql
codeql pack bundle --output=common-cpp-coding-standards.tgz cpp/common/src
codeql pack bundle --output=common-c-coding-standards.tgz c/common/src
codeql pack bundle --output=misra-c-coding-standards.tgz c/misra/src
codeql pack bundle --output=cert-c-coding-standards.tgz c/cert/src
codeql pack bundle --output=cert-cpp-coding-standards.tgz cpp/cert/src
codeql pack bundle --output=autosar-cpp-coding-standards.tgz cpp/autosar/src
codeql pack bundle --output=misra-cpp-coding-standards.tgz cpp/misra/src
codeql pack bundle --output=report-coding-standards.tgz cpp/report/src
- name: Upload qlpack bundles
uses: actions/upload-artifact@v4
with:
name: coding-standards-codeql-packs
path: '*-coding-standards.tgz'
15 changes: 11 additions & 4 deletions .github/workflows/codeql_unit_tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ jobs:
uses: actions/checkout@v4

- name: Install Python
uses: actions/setup-python@v4
uses: actions/setup-python@v5
with:
python-version: "3.9"

Expand All @@ -57,7 +57,7 @@ jobs:

- name: Cache CodeQL
id: cache-codeql
uses: actions/cache@v3
uses: actions/cache@v4
with:
# A list of files, directories, and wildcard patterns to cache and restore
path: ${{github.workspace}}/codeql_home
Expand Down Expand Up @@ -151,7 +151,7 @@ jobs:
file.close()
- name: Upload test results
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.language }}-test-results-${{ runner.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library_ident }}
path: |
Expand All @@ -160,11 +160,18 @@ jobs:

validate-test-results:
name: Validate test results
if: ${{ always() }}
needs: run-test-suites
runs-on: ubuntu-22.04
steps:
- name: Check if run-test-suites job failed to complete, if so fail
if: ${{ needs.run-test-suites.result == 'failure' }}
uses: actions/github-script@v7
with:
script: |
core.setFailed('Test run job failed')
- name: Collect test results
uses: actions/download-artifact@v3
uses: actions/download-artifact@v4

- name: Validate test results
run: |
Expand Down
39 changes: 0 additions & 39 deletions .github/workflows/dispatch-matrix-check.yml
View file

This file was deleted.

59 changes: 31 additions & 28 deletions .github/workflows/dispatch-matrix-test-on-comment.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,42 +3,45 @@ name: 🤖 Run Matrix Check (On Comment)
on:
issue_comment:
types: [created]
branches:
- main
- "rc/**"
- next


jobs:
dispatch-matrix-check:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Test Variables
shell: pwsh
run: |
Write-Host "Running as: ${{github.actor}}"
$actor = "${{github.actor}}"
$acl = @("jsinglet","mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "kraiouchkine")
if(-not ($actor -in $acl)){
throw "Refusing to run workflow for user not in acl."
}
- name: Dispatch Matrix Testing Job
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') }}
uses: peter-evans/repository-dispatch@v2
- name: Check permission
id: check-write-permission
uses: ./.github/actions/check-permissions
with:
token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
repository: github/codeql-coding-standards-release-engineering
event-type: matrix-test
client-payload: '{"pr": "${{ github.event.issue.number }}"}'
minimum-permission: "write"

- uses: actions/github-script@v6
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') }}
- name: Generate token
id: generate-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.AUTOMATION_APP_ID }}
private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
repositories: "codeql-coding-standards-release-engineering"

- name: Invoke matrix testing job
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}
env:
ISSUE_NR: ${{ github.event.issue.number }}
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
run: |
jq -n \
--arg issue_nr "$ISSUE_NR" \
'{"issue-nr": $issue_nr}' \
| \
gh workflow run pr-compiler-validation.yml \
--json \
-R github/codeql-coding-standards-release-engineering
- uses: actions/github-script@v7
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-matrix') && steps.check-write-permission.outputs.has-permission }}
with:
script: |
github.rest.issues.createComment({
Expand Down
60 changes: 32 additions & 28 deletions .github/workflows/dispatch-release-performance-check.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,46 +3,50 @@ name: 🏁 Run Release Performance Check
on:
issue_comment:
types: [created]
branches:
- main
- "rc/**"
- next

jobs:
dispatch-matrix-check:
runs-on: ubuntu-22.04
steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Test Variables
shell: pwsh
run: |
Write-Host "Running as: ${{github.actor}}"
$actor = "${{github.actor}}"
$acl = @("jsinglet","mbaluda", "lcartey", "rvermeulen", "ravikprasad", "jeongsoolee09", "hohn", "knewbury01", "kraiouchkine")
if(-not ($actor -in $acl)){
throw "Refusing to run workflow for user not in acl."
}
- name: Dispatch Performance Testing Job
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') }}
uses: peter-evans/repository-dispatch@v2
- name: Check permission
id: check-write-permission
uses: ./.github/actions/check-permissions
with:
token: ${{ secrets.RELEASE_ENGINEERING_TOKEN }}
repository: github/codeql-coding-standards-release-engineering
event-type: performance-test
client-payload: '{"pr": "${{ github.event.issue.number }}"}'

minimum-permission: "write"

- uses: actions/github-script@v6
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') }}
- name: Generate token
id: generate-token
uses: actions/create-github-app-token@v1
with:
app-id: ${{ vars.AUTOMATION_APP_ID }}
private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
owner: ${{ github.repository_owner }}
repositories: "codeql-coding-standards-release-engineering"

- name: Invoke performance test
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}
env:
ISSUE_NR: ${{ github.event.issue.number }}
GH_TOKEN: ${{ steps.generate-token.outputs.token }}
run: |
jq -n \
--arg issue_nr "$ISSUE_NR" \
'{"issue-nr": $issue_nr}' \
| \
gh workflow run pr-performance-testing.yml \
--json \
-R github/codeql-coding-standards-release-engineering
- uses: actions/github-script@v7
if: ${{ github.event.issue.pull_request && contains(github.event.comment.body, '/test-performance') && steps.check-write-permission.outputs.has-permission }}
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: '🏁 Beep Boop! Performance testing for this PR has been initiated. Please check back later for results. Note that the query package generation step must complete before testing will start so it might be a minute. <br><br> :bulb: If you do not hear back from me please check my status! **I will report even if I fail!**'
})
})
Loading

0 comments on commit f1e6f50

Please sign in to comment.