From 4252b8b706bf6b857be1ad270d1efdca8ef1ac50 Mon Sep 17 00:00:00 2001 From: Mart G <46025304+martgil@users.noreply.github.com> Date: Tue, 28 May 2024 02:14:05 +0800 Subject: [PATCH] #5681 Replace OSSAR with ESLint workflow (#5735) * Delete ossary-analysis.yml * Add ESLint GitHub workflow * Install ESLint version 8.57.0 * Install eslint-formatter-sarif version 3.1.0 * Fix syntax error * Use upload-sarif version 3 * Use existing npm script "test_eslint" * Update "Run ESLint" commands * Temporary hotfix: add eslint-sarif-formatter.js * Temporary hotfix: use modified version of @microsoft/eslint-formatter-sarif * Add debug code * Add write permission on actions tab * Add write permissions to contents * Add debug code: check file writing capability * Add debug code: add continue-on-error * Fix typo * Add debug code: add alternative output writing method * Add debug code: read eslint-results.sarif * Add debug code: try other file writing method * Add debug code: add more debug code * Install utf8 module * Add reported missing node module * cleanup * Specify pull requests on master branch * cleanup * Add write permissions on contents * cleanup * cleanup * Replace reduce() with for...of * PR review: add SARIF_ESLINT_IGNORE_SUPPRESSED parameter for eslint sarif formatter * PR review: Add test_eslint_ci for ESLint test * Cleanup * Install eslint-formatter-sarif --------- Co-authored-by: martgil --- .github/workflows/eslint.yml | 52 ++++++++++++++++++++++++ .github/workflows/ossar-analysis.yml | 61 ---------------------------- package.json | 1 + 3 files changed, 53 insertions(+), 61 deletions(-) create mode 100644 .github/workflows/eslint.yml delete mode 100644 .github/workflows/ossar-analysis.yml diff --git a/.github/workflows/eslint.yml b/.github/workflows/eslint.yml new file mode 100644 index 00000000000..35b5f7cac45 --- /dev/null +++ b/.github/workflows/eslint.yml @@ -0,0 +1,52 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# ESLint is a tool for identifying and reporting on patterns +# found in ECMAScript/JavaScript code. +# More details at https://github.com/eslint/eslint +# and https://eslint.org + +name: ESLint + +on: + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + +jobs: + eslint: + name: Run eslint scanning + runs-on: ubuntu-latest + permissions: + contents: read + security-events: write + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + steps: + - name: Checkout code + uses: actions/checkout@v4 + # We must fetch at least the immediate parents so that if this is + # a pull request then we can checkout the head. + with: + fetch-depth: 2 + + # If this run was triggered by a pull request event, then checkout + # the head of the pull request instead of the merge commit. + - run: git checkout HEAD^2 + if: ${{ github.event_name == 'pull_request' }} + + - name: Install ESLint + run: | + npm install @microsoft/eslint-formatter-sarif@3.1.0 + npm ci --ignore-scripts + + - name: Run ESLint + run: SARIF_ESLINT_IGNORE_SUPPRESSED=true npm run test_eslint_ci + continue-on-error: true + + - name: Upload analysis results to GitHub + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: eslint-results.sarif + wait-for-processing: true \ No newline at end of file diff --git a/.github/workflows/ossar-analysis.yml b/.github/workflows/ossar-analysis.yml deleted file mode 100644 index 5a519561571..00000000000 --- a/.github/workflows/ossar-analysis.yml +++ /dev/null @@ -1,61 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. -# They are provided by a third-party and are governed by -# separate terms of service, privacy policy, and support -# documentation. - -# This workflow integrates a collection of open source static analysis tools -# with GitHub code scanning. For documentation, or to provide feedback, visit -# https://github.com/github/ossar-action -name: OSSAR - -on: - push: - branches: [ "master" ] - pull_request: - branches: - -permissions: - contents: read - -jobs: - OSSAR-Scan: - # OSSAR runs on windows-latest. - # ubuntu-latest and macos-latest support coming soon - permissions: - contents: read # for actions/checkout to fetch code - security-events: write # for github/codeql-action/upload-sarif to upload SARIF results - actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status - runs-on: ubuntu-latest - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - # We must fetch at least the immediate parents so that if this is - # a pull request then we can checkout the head. - fetch-depth: 2 - - # If this run was triggered by a pull request event, then checkout - # the head of the pull request instead of the merge commit. - - run: git checkout HEAD^2 - if: ${{ github.event_name == 'pull_request' }} - # Ensure a compatible version of dotnet is installed. - # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201. - # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action. - # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped. - # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action: - # - name: Install .NET - # uses: actions/setup-dotnet@v2 - # with: - # dotnet-version: '3.1.x' - - # Run open source static analysis tools - - name: Run OSSAR - uses: github/ossar-action@v2.0.0 - id: ossar - - # Upload results to the Security tab - - name: Upload OSSAR results - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: ${{ steps.ossar.outputs.sarifFile }} diff --git a/package.json b/package.json index 66296976452..3f12dbb9ee2 100644 --- a/package.json +++ b/package.json @@ -77,6 +77,7 @@ "test_local_chrome_consumer_mock_headless": "xvfb-run npm run test_local_chrome_consumer_mock", "test_stylelint": "stylelint extension/css/cryptup.css extension/css/settings.css extension/css/webmail.css && stylelint extension/**/*.htm --custom-syntax postcss-html", "test_eslint": "eslint --ext ts extension test tooling", + "test_eslint_ci": "npm run test_eslint -- --format @microsoft/eslint-formatter-sarif --output-file eslint-results.sarif", "test_patterns": "node build/test/test/source/patterns.js", "test_async_stack": "node build/test/test/source/async-stack.js", "test_buf": "npx ava --timeout=3m --verbose --concurrency=10 build/test/test/source/buf.js",