From 7045fe5961f762a2655157cf8cb19f9ef6c61dba Mon Sep 17 00:00:00 2001 From: Roman Semenov Date: Mon, 7 Oct 2024 02:31:05 +0400 Subject: [PATCH 1/4] remove artifacts from ignore --- .github/codeql/codeql-config.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml index c039562810ad..d157a4af6ef4 100644 --- a/.github/codeql/codeql-config.yml +++ b/.github/codeql/codeql-config.yml @@ -1,8 +1,6 @@ name: "DevExtreme CodeQL config" paths-ignore: - - "artifacts/**" - - "themebuilder-scss/dist/**" - "/js/bundles/dx.custom.js" - "/js/localization/default_messages.js" - "/js/localization/cldr-data/**" From e34810fafbbfcf2fa644b5f19d9d06002671600b Mon Sep 17 00:00:00 2001 From: Roman Semenov Date: Mon, 7 Oct 2024 02:40:04 +0400 Subject: [PATCH 2/4] separate scheduler and run --- .github/workflows/codeql.yml | 13 ++++-------- .github/workflows/codeql_scheduler.yml | 28 ++++++++++++++++++++++++++ 2 files changed, 32 insertions(+), 9 deletions(-) create mode 100644 .github/workflows/codeql_scheduler.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index a386c7d5e933..1039388fd0b1 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,8 +1,6 @@ name: 'CodeQL' on: - schedule: - - cron: '0 1 * * *' workflow_dispatch: jobs: @@ -17,7 +15,6 @@ jobs: strategy: fail-fast: false matrix: - branch: [ '22_2', '23_1', '23_2', '24_1', '24_2' ] language: [ 'csharp', 'javascript' ] # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support @@ -25,12 +22,10 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 - with: - ref: ${{ matrix.branch }} - name: Get head SHA id: get-head-sha - run: echo "SHA=$(git rev-parse origin/${{ matrix.branch }})" >> "$GITHUB_OUTPUT" + run: echo "SHA=$(git rev-parse origin/${{ github.ref_name }})" >> "$GITHUB_OUTPUT" # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL @@ -46,7 +41,7 @@ jobs: uses: github/codeql-action/analyze@v3 with: category: "/language:${{matrix.language}}" - ref: refs/heads/${{ matrix.branch }} + ref: refs/heads/${{ github.ref_name }} sha: ${{ steps.get-head-sha.outputs.SHA }} fetch: @@ -80,8 +75,8 @@ jobs: id: notify-cache with: path: notify.json - key: ${{ runner.os }}-${{ matrix.branch }}-${{ matrix.language }}-${{ steps.get-date.outputs.date }} - restore-keys: ${{ runner.os }}-${{ matrix.branch }}-${{ matrix.language }} + key: ${{ runner.os }}-${{ github.ref_name }}-${{ matrix.language }}-${{ steps.get-date.outputs.date }} + restore-keys: ${{ runner.os }}-${{ github.ref_name }}-${{ matrix.language }} - name: Teams Notification uses: DevExpress/github-actions/send-teams-notification@v1 diff --git a/.github/workflows/codeql_scheduler.yml b/.github/workflows/codeql_scheduler.yml new file mode 100644 index 000000000000..6f2be295e3f6 --- /dev/null +++ b/.github/workflows/codeql_scheduler.yml @@ -0,0 +1,28 @@ +name: CodeQL (scheduler) + +on: + schedule: + - cron: '0 1 * * *' + workflow_dispatch: + +jobs: + publish: + runs-on: ubuntu-latest + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + strategy: + matrix: + branch: [ '22_2', '23_1', '23_2', '24_1', '24_2' ] + + name: Run CodeQL workflow + steps: + - name: Get sources + uses: actions/checkout@v4 + with: + sparse-checkout: | + README.md + sparse-checkout-cone-mode: false + + - name: Run CodeQL (${{ matrix.branch }}) + run: | + gh workflow run codeql.yml --ref ${{ matrix.branch }} From 3124200ac6251f2c3aaf98fdb0be97d380b8358d Mon Sep 17 00:00:00 2001 From: Roman Semenov Date: Mon, 7 Oct 2024 03:07:21 +0400 Subject: [PATCH 3/4] split js and cs --- .github/workflows/codeql.yml | 54 ++++++++++++++++++++++++++---------- 1 file changed, 40 insertions(+), 14 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1039388fd0b1..91755bc07a74 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -4,20 +4,46 @@ on: workflow_dispatch: jobs: - analyze: - name: Analyze + analyze-javascript: + name: Analyze JavaScript runs-on: ubuntu-latest permissions: actions: read contents: read security-events: write - strategy: - fail-fast: false - matrix: - language: [ 'csharp', 'javascript' ] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Get head SHA + id: get-head-sha + run: echo "SHA=$(git rev-parse origin/${{ github.ref_name }})" >> "$GITHUB_OUTPUT" + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: javascript + config-file: ./.github/codeql/codeql-config.yml + + - name: Autobuild + uses: github/codeql-action/autobuild@v3 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:javascript" + ref: refs/heads/${{ github.ref_name }} + sha: ${{ steps.get-head-sha.outputs.SHA }} + + analyze-csharp: + name: Analyze C# + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write steps: - name: Checkout repository @@ -31,7 +57,7 @@ jobs: - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: - languages: ${{ matrix.language }} + languages: csharp config-file: ./.github/codeql/codeql-config.yml - name: Autobuild @@ -40,14 +66,14 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: - category: "/language:${{matrix.language}}" + category: "/language:csharp" ref: refs/heads/${{ github.ref_name }} sha: ${{ steps.get-head-sha.outputs.SHA }} fetch: runs-on: devextreme-shr2 name: Fetch analysis - needs: [ analyze ] + needs: [ analyze-javascript, analyze-csharp ] steps: - name: Get Latest Analysis info @@ -63,7 +89,7 @@ jobs: notify: runs-on: devextreme-shr2 name: Send notifications - needs: [ analyze, fetch ] + needs: [ fetch ] steps: - name: Get Date @@ -75,8 +101,8 @@ jobs: id: notify-cache with: path: notify.json - key: ${{ runner.os }}-${{ github.ref_name }}-${{ matrix.language }}-${{ steps.get-date.outputs.date }} - restore-keys: ${{ runner.os }}-${{ github.ref_name }}-${{ matrix.language }} + key: ${{ runner.os }}-${{ steps.get-date.outputs.date }} + restore-keys: ${{ runner.os }} - name: Teams Notification uses: DevExpress/github-actions/send-teams-notification@v1 From 13348a2ca4170eb5d4c08aa2f7fdd72d66632214 Mon Sep 17 00:00:00 2001 From: Roman Semenov Date: Mon, 7 Oct 2024 03:09:47 +0400 Subject: [PATCH 4/4] add building --- .github/workflows/codeql.yml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 91755bc07a74..40d12b8fbdaf 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -16,6 +16,39 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 + - name: Use Node.js + uses: actions/setup-node@v4 + with: + node-version: '20' + + - uses: pnpm/action-setup@v3 + with: + version: 9 + run_install: false + + - name: Get pnpm store directory + shell: bash + run: | + echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV + + - uses: actions/cache@v4 + name: Setup pnpm cache + with: + path: | + ${{ env.STORE_PATH }} + .nx/cache + key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} + restore-keys: | + ${{ runner.os }}-pnpm-store + + - name: Install dependencies + run: | + corepack enable + pnpm install + + - name: Build npm packages + run: pnpm run all:build + - name: Get head SHA id: get-head-sha run: echo "SHA=$(git rev-parse origin/${{ github.ref_name }})" >> "$GITHUB_OUTPUT"