Skip to content

Adding packs

Adding packs #43

Workflow file for this run

# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
push:
branches: [ "km/adding_code_ql" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '32 5 * * 4'
jobs:
analyze:
name: Analyze (csharp)
runs-on: 'ubuntu-latest'
timeout-minutes: 360
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
- uses: microsoft/azure-orbital-space-sdk-github-actions/composite-actions/initialize@main
with:
GIT_HUB_USER_NAME: ${{ secrets.GIT_HUB_USER_NAME }}
GIT_HUB_USER_TOKEN: ${{ secrets.GIT_HUB_USER_TOKEN }}
SETUP_REPO_URL: ${{ secrets.SETUP_REPO_URL }}
- name: Stand up Devcontainer
shell: bash
run: |
devcontainer up --workspace-folder ${PWD} \
--workspace-mount-consistency cached \
--id-label devcontainer.local_folder=${PWD} \
--default-user-env-probe loginInteractiveShell \
--build-no-cache \
--remove-existing-container \
--mount type=volume,source=vscode,target=/vscode,external=true \
--update-remote-user-uid-default on \
--mount-workspace-git-root true
echo $?
- name: install-codeql
shell: bash
run: |
CONTAINER_NAME="hostsvc-link"
# Determine the latest release version of CodeQL CLI
docker exec $CONTAINER_NAME bash -c "curl -s https://api.github.com/repos/github/codeql-cli-binaries/releases/latest | grep 'tag_name' | awk '{print substr(\$2, 2, length(\$2)-3)}'" > latest_release.txt
LATEST_RELEASE=$(<latest_release.txt)
# Define the download URL and target directory
DOWNLOAD_URL="https://github.com/github/codeql-cli-binaries/releases/download/${LATEST_RELEASE}/codeql-linux64.zip"
TARGET_DIR="/root/codeql" # Adjust the target directory as per the container's file system
ZIP_FILE="$TARGET_DIR/codeql.zip"
# Create target directory if it doesn't exist
docker exec $CONTAINER_NAME bash -c "mkdir -p $TARGET_DIR"
# Download the latest release of CodeQL CLI
echo "Downloading CodeQL CLI ${LATEST_RELEASE}..."
docker exec $CONTAINER_NAME bash -c "curl -L '$DOWNLOAD_URL' -o '$ZIP_FILE'"
# Extract the downloaded zip file
echo "Extracting CodeQL CLI..."
docker exec $CONTAINER_NAME bash -c "unzip -o '$ZIP_FILE' -d '$TARGET_DIR'"
# Clean up the zip file
docker exec $CONTAINER_NAME bash -c "rm '$ZIP_FILE'"
# Find the correct path to the codeql executable and update the PATH or use it directly in subsequent commands
# This step is crucial and might need adjustment based on the actual structure of the CodeQL CLI zip file
# Assuming codeql is in /root/codeql/codeql after extraction
EXECUTABLE_PATH="/root/codeql/codeql/codeql"
# Optionally, update the PATH in a way that's guaranteed to work for non-interactive shells
docker exec $CONTAINER_NAME bash -c "echo 'export PATH=\$PATH:$EXECUTABLE_PATH' > /etc/profile.d/codeql.sh"
echo "CodeQL CLI installation completed."
- name: restore-projects
shell: bash
run: |
container_name="hostsvc-link"
database_name="hostsvc-link-src"
cs_proj_name="/workspaces/hostsvc-link/src/hostsvc-link.csproj"
source_directory="/workspaces/hostsvc-link/src"
echo "Init database..."
docker exec $container_name bash -c "bash /root/codeql/codeql/codeql database init $database_name -s $source_directory --language=csharp --overwrite"
echo ""
echo "Download qlpacks..."
docker exec $container_name bash -c "bash /root/codeql/codeql/codeql pack download codeql/csharp-queries@1.0.2"
docker exec $container_name bash -c "bash /root/codeql/codeql/codeql pack install codeql/csharp-queries@1.0.2"
docker exec $container_name bash -c "bash /root/codeql/codeql/codeql pack download codeql/threat-models@1.0.2"
docker exec $container_name bash -c "bash /root/codeql/codeql/codeql pack install codeql/threat-models@1.0.2"
docker exec $container_name bash -c "bash /root/codeql/codeql/codeql pack download codeql/csharp-solorigate-queries@1.0.1"
docker exec $container_name bash -c "bash /root/codeql/codeql/codeql pack install codeql/csharp-solorigate-queries@1.0.1"
docker exec $container_name bash -c "bash /root/codeql/codeql/codeql pack download codeql/csharp-solorigate-all@1.0.1"
docker exec $container_name bash -c "bash /root/codeql/codeql/codeql pack install codeql/csharp-solorigate-all@1.0.1"
docker exec $container_name bash -c "bash /root/codeql/codeql/codeql pack download codeql/csharp-upgrades@0.0.7"
docker exec $container_name bash -c "bash /root/codeql/codeql/codeql pack install codeql/csharp-upgrades@0.0.7"
echo ""
echo "Trace commands dotnet clean..."
docker exec $container_name bash -c "bash /root/codeql/codeql/codeql database trace-command $database_name dotnet clean $cs_proj_name"
echo ""
echo "Trace commands dotnet restore..."
docker exec $container_name bash -c "bash /root/codeql/codeql/codeql database trace-command $database_name dotnet restore $cs_proj_name"
echo ""
echo "Trace commands dotnet build..."
docker exec $container_name bash -c "bash /root/codeql/codeql/codeql database trace-command $database_name dotnet build $cs_proj_name"
echo ""
echo "Database finalize..."
docker exec $container_name bash -c "bash /root/codeql/codeql/codeql database finalize $database_name"
echo ""
echo "Resolve qlpacks..."
docker exec $container_name bash -c "bash /root/codeql/codeql/codeql resolve qlpacks"
echo ""
echo "Database Query..."
docker exec $container_name bash -c "bash /root/codeql/codeql/codeql database analyze $database_name codeql/csharp-queries --format=sarif --output=/var/spacedev/tmp/analysis-results.sarif"
- name: Upload analysis results
uses: actions/upload-artifact@v2
with:
name: codeql-analysis-results
path: /var/spacedev/tmp/analysis-results.sarif