Use workflow token for update-release-branch.py
#108
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Warning: This file is generated automatically, and should not be modified. | |
| # Instead, please modify the template in the pr-checks directory and run: | |
| # (cd pr-checks; pip install [email protected] && python3 sync.py) | |
| # to regenerate this file. | |
| name: PR Check - Job run UUID added to SARIF | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GO111MODULE: auto | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - releases/v* | |
| pull_request: | |
| types: | |
| - opened | |
| - synchronize | |
| - reopened | |
| - ready_for_review | |
| schedule: | |
| - cron: '0 5 * * *' | |
| workflow_dispatch: {} | |
| jobs: | |
| job-run-uuid-sarif: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: ubuntu-latest | |
| version: nightly-latest | |
| name: Job run UUID added to SARIF | |
| permissions: | |
| contents: read | |
| security-events: write | |
| timeout-minutes: 45 | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - name: Setup Python on MacOS | |
| uses: actions/setup-python@v5 | |
| if: >- | |
| runner.os == 'macOS' && ( | |
| matrix.version == 'stable-v2.13.5' || | |
| matrix.version == 'stable-v2.14.6') | |
| with: | |
| python-version: '3.11' | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| - name: Prepare test | |
| id: prepare-test | |
| uses: ./.github/actions/prepare-test | |
| with: | |
| version: ${{ matrix.version }} | |
| use-all-platform-bundle: 'false' | |
| setup-kotlin: 'true' | |
| - uses: ./../action/init | |
| id: init | |
| with: | |
| languages: javascript | |
| tools: ${{ steps.prepare-test.outputs.tools-url }} | |
| - uses: ./../action/analyze | |
| with: | |
| output: ${{ runner.temp }}/results | |
| - name: Upload SARIF | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ${{ matrix.os }}-${{ matrix.version }}.sarif.json | |
| path: ${{ runner.temp }}/results/javascript.sarif | |
| retention-days: 7 | |
| - name: Check results | |
| shell: bash | |
| run: | | |
| cd "$RUNNER_TEMP/results" | |
| actual=$(jq -r '.runs[0].properties.jobRunUuid' javascript.sarif) | |
| if [[ "$actual" != "$JOB_RUN_UUID" ]]; then | |
| echo "Expected SARIF output to contain job run UUID '$JOB_RUN_UUID', but found '$actual'." | |
| exit 1 | |
| else | |
| echo "Found job run UUID '$actual'." | |
| fi | |
| env: | |
| CODEQL_ACTION_TEST_MODE: true |