Updating output #52

Workflow file for this run

	# For most projects, this workflow file will not need changing; you simply need
	# to commit it to your repository.
	#
	# You may wish to alter this file to override the set of languages analyzed,
	# or to provide custom queries or build logic.
	#
	# ****** NOTE ******
	# We have attempted to detect the languages in your repository. Please check
	# the `language` matrix defined below to confirm you have the correct set of
	# supported CodeQL languages.
	#
	name: "CodeQL"

	on:
	push:
	branches: [ "km/adding_code_ql" ]
	pull_request:
	branches: [ "main" ]
	schedule:
	- cron: '32 5 * * 4'

	jobs:
	analyze:
	name: Analyze (csharp)

	runs-on: 'ubuntu-latest'
	timeout-minutes: 360
	permissions:
	# required for all workflows
	security-events: write

	# required to fetch internal or private CodeQL packs
	packages: read

	# only required for workflows in private repositories
	actions: read
	contents: read

	steps:
	- name: Checkout repository
	uses: actions/checkout@v4

	- uses: microsoft/azure-orbital-space-sdk-github-actions/composite-actions/initialize@main
	with:
	GIT_HUB_USER_NAME: ${{ secrets.GIT_HUB_USER_NAME }}
	GIT_HUB_USER_TOKEN: ${{ secrets.GIT_HUB_USER_TOKEN }}
	SETUP_REPO_URL: ${{ secrets.SETUP_REPO_URL }}

	- name: Stand up Devcontainer
	shell: bash
	run: \|
	devcontainer up --workspace-folder ${PWD} \
	--workspace-mount-consistency cached \
	--id-label devcontainer.local_folder=${PWD} \
	--default-user-env-probe loginInteractiveShell \
	--build-no-cache \
	--remove-existing-container \
	--mount type=volume,source=vscode,target=/vscode,external=true \
	--update-remote-user-uid-default on \
	--mount-workspace-git-root true
	echo $?

	- name: install-codeql
	shell: bash
	run: \|
	CONTAINER_NAME="hostsvc-link"

	# Determine the latest release version of CodeQL CLI
	docker exec $CONTAINER_NAME bash -c "curl -s https://api.github.com/repos/github/codeql-cli-binaries/releases/latest \| grep 'tag_name' \| awk '{print substr(\$2, 2, length(\$2)-3)}'" > latest_release.txt
	LATEST_RELEASE=$(<latest_release.txt)

	# Define the download URL and target directory
	DOWNLOAD_URL="https://github.com/github/codeql-cli-binaries/releases/download/${LATEST_RELEASE}/codeql-linux64.zip"
	TARGET_DIR="/root/codeql" # Adjust the target directory as per the container's file system
	ZIP_FILE="$TARGET_DIR/codeql.zip"

	# Create target directory if it doesn't exist
	docker exec $CONTAINER_NAME bash -c "mkdir -p $TARGET_DIR"

	# Download the latest release of CodeQL CLI
	echo "Downloading CodeQL CLI ${LATEST_RELEASE}..."
	docker exec $CONTAINER_NAME bash -c "curl -L '$DOWNLOAD_URL' -o '$ZIP_FILE'"

	# Extract the downloaded zip file
	echo "Extracting CodeQL CLI..."
	docker exec $CONTAINER_NAME bash -c "unzip -o '$ZIP_FILE' -d '$TARGET_DIR'"

	# Clean up the zip file
	docker exec $CONTAINER_NAME bash -c "rm '$ZIP_FILE'"

	# Find the correct path to the codeql executable and update the PATH or use it directly in subsequent commands
	# This step is crucial and might need adjustment based on the actual structure of the CodeQL CLI zip file
	# Assuming codeql is in /root/codeql/codeql after extraction
	EXECUTABLE_PATH="/root/codeql/codeql/codeql"

	# Optionally, update the PATH in a way that's guaranteed to work for non-interactive shells
	docker exec $CONTAINER_NAME bash -c "echo 'export PATH=\$PATH:$EXECUTABLE_PATH' > /etc/profile.d/codeql.sh"

	echo "CodeQL CLI installation completed."

	- name: restore-projects
	shell: bash
	run: \|
	container_name="hostsvc-link"
	database_name="hostsvc-link-src"
	cs_proj_name="/workspaces/hostsvc-link/src/hostsvc-link.csproj"
	source_directory="/workspaces/hostsvc-link/src"

	echo "Init database..."
	docker exec $container_name bash -c "bash /root/codeql/codeql/codeql database init $database_name -s $source_directory --language=csharp --overwrite"
	echo ""

	echo "Download qlpacks..."
	docker exec $container_name bash -c "bash /root/codeql/codeql/codeql pack download codeql/[email protected]"
	docker exec $container_name bash -c "bash /root/codeql/codeql/codeql pack download codeql/[email protected]"
	docker exec $container_name bash -c "bash /root/codeql/codeql/codeql pack download codeql/[email protected]"
	docker exec $container_name bash -c "bash /root/codeql/codeql/codeql pack download codeql/[email protected]"
	docker exec $container_name bash -c "bash /root/codeql/codeql/codeql pack download codeql/[email protected]"
	docker exec $container_name bash -c "bash /root/codeql/codeql/codeql pack download githubsecuritylab/codeql-csharp-queries"

	echo ""

	echo "Trace commands dotnet clean..."
	docker exec $container_name bash -c "bash /root/codeql/codeql/codeql database trace-command $database_name dotnet clean $cs_proj_name"
	echo ""

	echo "Trace commands dotnet restore..."
	docker exec $container_name bash -c "bash /root/codeql/codeql/codeql database trace-command $database_name dotnet restore $cs_proj_name"
	echo ""

	echo "Trace commands dotnet build..."
	docker exec $container_name bash -c "bash /root/codeql/codeql/codeql database trace-command $database_name dotnet build $cs_proj_name"
	echo ""

	echo "Database finalize..."
	docker exec $container_name bash -c "bash /root/codeql/codeql/codeql database finalize $database_name"
	echo ""

	echo "Resolve qlpacks..."
	docker exec $container_name bash -c "bash /root/codeql/codeql/codeql resolve qlpacks"
	echo ""

	echo "Database Query..."
	docker exec $container_name bash -c "bash /root/codeql/codeql/codeql database analyze $database_name codeql/csharp-queries codeql/csharp-solorigate-queries githubsecuritylab/codeql-csharp-queries --format=sarif-latest --output=/var/spacedev/tmp/analysis-results.csv"

	- name: Upload analysis results
	uses: actions/upload-artifact@v2
	with:
	name: codeql-analysis-results
	path: /var/spacedev/tmp/analysis-results.csv

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Updating output #52

Workflow file

Updating output #52

Jobs

Run details

Workflow file for this run