Skip to content

Commit ad5c608

Browse files
henrymercerhenrymercer
authored
Merge pull request #2463 from github/henrymercer/job-uuid-in-sarif
 Add job run UUID to SARIF output
2 parents 3b0aa30 + 90cf3d2 commit ad5c608

File tree

8 files changed

+138
-2
lines changed

8 files changed

+138
-2
lines changed

.github/workflows/__job-run-uuid-sarif.yml

Lines changed: 84 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/codeql.js

Lines changed: 8 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/codeql.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/tools-features.js

Lines changed: 1 addition & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

lib/tools-features.js.map

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

pr-checks/checks/job-run-uuid-sarif.yml

Lines changed: 30 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,30 @@
1+
name: "Job run UUID added to SARIF"
2+
description: "Tests that the job run UUID is added to the SARIF output"
3+
operatingSystems: ["ubuntu"]
4+
versions: ["nightly-latest"]
5+
steps:
6+
- uses: ./../action/init
7+
id: init
8+
with:
9+
languages: javascript
10+
tools: ${{ steps.prepare-test.outputs.tools-url }}
11+
- uses: ./../action/analyze
12+
with:
13+
output: "${{ runner.temp }}/results"
14+
- name: Upload SARIF
15+
uses: actions/upload-artifact@v3
16+
with:
17+
name: ${{ matrix.os }}-${{ matrix.version }}.sarif.json
18+
path: "${{ runner.temp }}/results/javascript.sarif"
19+
retention-days: 7
20+
- name: Check results
21+
shell: bash
22+
run: |
23+
cd "$RUNNER_TEMP/results"
24+
actual=$(jq -r '.runs[0].properties.jobRunUuid' javascript.sarif)
25+
if [[ "$actual" != "$JOB_RUN_UUID" ]]; then
26+
echo "Expected SARIF output to contain job run UUID '$JOB_RUN_UUID', but found '$actual'."
27+
exit 1
28+
else
29+
echo "Found job run UUID '$actual'."
30+
fi

src/codeql.ts

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -870,6 +870,7 @@ export async function getCodeQLForCmd(
870870
)}`,
871871
"--sarif-group-rules-by-pack",
872872
...(await getCodeScanningQueryHelpArguments(this)),
873+
...(await getJobRunUuidSarifOptions(this)),
873874
...getExtraOptionsFromEnv(["database", "interpret-results"]),
874875
];
875876
if (automationDetailsId !== undefined) {
@@ -1423,3 +1424,14 @@ function applyAutobuildAzurePipelinesTimeoutFix() {
14231424
"-Dmaven.wagon.http.pool=false",
14241425
].join(" ");
14251426
}
1427+
1428+
async function getJobRunUuidSarifOptions(codeql: CodeQL) {
1429+
const jobRunUuid = process.env[EnvVar.JOB_RUN_UUID];
1430+
1431+
return jobRunUuid &&
1432+
(await codeql.supportsFeature(
1433+
ToolsFeature.DatabaseInterpretResultsSupportsSarifRunProperty,
1434+
))
1435+
? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`]
1436+
: [];
1437+
}

src/tools-features.ts

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@ import type { VersionInfo } from "./codeql";
33
export enum ToolsFeature {
44
AnalysisSummaryV2IsDefault = "analysisSummaryV2Default",
55
BuildModeOption = "buildModeOption",
6+
DatabaseInterpretResultsSupportsSarifRunProperty = "databaseInterpretResultsSupportsSarifRunProperty",
67
IndirectTracingSupportsStaticBinaries = "indirectTracingSupportsStaticBinaries",
78
InformsAboutUnsupportedPathFilters = "informsAboutUnsupportedPathFilters",
89
SetsCodeqlRunnerEnvVar = "setsCodeqlRunnerEnvVar",

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy