Python: Promote Template Injection query from experimental #25479
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Compile all queries using the latest stable CodeQL CLI" | |
on: | |
push: | |
branches: # makes sure the cache gets populated - running on the branches people tend to merge into. | |
- main | |
- "rc/*" | |
- "codeql-cli-*" | |
pull_request: | |
permissions: | |
contents: read | |
jobs: | |
compile-queries: | |
if: github.repository_owner == 'github' | |
runs-on: ubuntu-latest-xl | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup CodeQL | |
uses: ./.github/actions/fetch-codeql | |
with: | |
channel: 'release' | |
- name: Cache compilation cache | |
id: query-cache | |
uses: ./.github/actions/cache-query-compilation | |
with: | |
key: all-queries | |
- name: check formatting | |
run: find shared */ql -type f \( -name "*.qll" -o -name "*.ql" \) -print0 | xargs -0 -n 3000 -P 10 codeql query format -q --check-only | |
- name: compile queries - check-only | |
# run with --check-only if running in a PR (github.sha != main) | |
if : ${{ github.event_name == 'pull_request' }} | |
shell: bash | |
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --check-only --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500 | |
- name: compile queries - full | |
# do full compile if running on main - this populates the cache | |
if : ${{ github.event_name != 'pull_request' }} | |
shell: bash | |
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}" --compilation-cache-size=500 |