Fix upload-result-diff and azure-login pipeline failures (#197) #911
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Continuous integration action for the CodeQL components of this repo. | |
| # This downloads the CodeQL CLI and then builds all the queries in the "windows-drivers" folder. | |
| name: Build and Publish Windows CodeQL queries | |
| on: | |
| # Triggers the workflow on push or pull request events but only for the main and development branches | |
| push: | |
| branches: [ main, development ] | |
| pull_request: | |
| branches: [ main, development ] | |
| # Allow manual scheduling | |
| workflow_dispatch: | |
| env: | |
| CODEQL_VERSION: 2.24.2 | |
| jobs: | |
| build: | |
| runs-on: windows-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Enable long git paths | |
| shell: cmd | |
| run: git config --global core.longpaths true | |
| - name: Clone self (windows-driver-developer-supplemental-tools) | |
| uses: actions/checkout@v4 | |
| with: | |
| path: . | |
| fetch-depth: 0 | |
| - name: CodeQL Download | |
| run: | |
| Invoke-WebRequest -Uri "https://github.com/github/codeql-cli-binaries/releases/download/v${{ env.CODEQL_VERSION }}/codeql-win64.zip" -OutFile codeql-win64.zip; | |
| Expand-Archive -Path codeql-win64.zip -DestinationPath .\codeql-zip -Force; | |
| Move-Item -Path .\codeql-zip\codeql -Destination .\codeql-cli\ | |
| - name: Install CodeQL pack dependencies | |
| shell: cmd | |
| run: | | |
| pushd .\src | |
| ..\codeql-cli\codeql.cmd pack install | |
| popd | |
| - name: codeql version test | |
| run: .\codeql-cli\codeql.exe version | |
| - name: Build must-fix driver suite | |
| shell: cmd | |
| run: .\codeql-cli\codeql.cmd query compile --check-only mustfix.qls | |
| - name: Build recommended driver suite | |
| shell: cmd | |
| run: .\codeql-cli\codeql.cmd query compile --check-only recommended.qls | |
| - name: Build CA ported queries | |
| shell: cmd | |
| run: .\codeql-cli\codeql.cmd query compile --check-only ported_driver_ca_checks.qls | |
| - name: Build all Windows queries | |
| shell: cmd | |
| run: .\codeql-cli\codeql.cmd query compile --check-only .\src | |
| test-query-health: | |
| runs-on: windows-latest | |
| needs: build | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| env: | |
| ACCOUNT_NAME: ${{ secrets.ACCOUNT_NAME }} | |
| SHARE_NAME: ${{ secrets.SHARE_NAME }} | |
| steps: | |
| - name: Enable long git paths | |
| shell: cmd | |
| run: git config --global core.longpaths true | |
| - name: Clone self (windows-driver-developer-supplemental-tools) | |
| uses: actions/checkout@v4 | |
| with: | |
| path: . | |
| fetch-depth: 0 | |
| - name: CodeQL Download | |
| run: | |
| Invoke-WebRequest -Uri "https://github.com/github/codeql-cli-binaries/releases/download/v${{ env.CODEQL_VERSION }}/codeql-win64.zip" -OutFile codeql-win64.zip; | |
| Expand-Archive -Path codeql-win64.zip -DestinationPath .\codeql-zip -Force; | |
| Move-Item -Path .\codeql-zip\codeql -Destination .\codeql-cli\ | |
| - name: Install CodeQL pack dependencies | |
| shell: cmd | |
| run: | | |
| pushd .\src | |
| ..\codeql-cli\codeql.cmd pack install | |
| popd | |
| - name: codeql version test | |
| run: .\codeql-cli\codeql.exe version | |
| - name: Install Nuget Packages | |
| run: nuget restore .\src\drivers\test\packages.config -PackagesDirectory .\packages\ | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.11 | |
| - name: Install Python Packages | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r .\src\drivers\test\requirements.txt | |
| - name: Add msbuild to PATH | |
| uses: microsoft/setup-msbuild@v2 | |
| - name: Azure Login | |
| if: github.event_name != 'pull_request' | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| enable-AzPSSession: true | |
| - name: Download previous results | |
| if: github.event_name != 'pull_request' | |
| uses: azure/powershell@v2 | |
| with: | |
| azPSVersion: latest | |
| inlineScript: | | |
| $context = New-AzStorageContext -StorageAccountName "$env:ACCOUNT_NAME" -UseConnectedAccount -EnableFileBackupRequestIntent | |
| $destination = "azure-detailedfunctiontestresults.xlsx" | |
| Get-AzStorageFileContent -ShareName "$env:SHARE_NAME" -Path "detailedfunctiontestresults.xlsx" -Destination $destination -Context $context | |
| - name: Run test script | |
| shell: pwsh | |
| run: | | |
| $pyArgs = @('src\drivers\test\build_create_analyze_test.py', '--codeql_path', '.\codeql-cli\codeql.exe', '--no_build', '-v') | |
| if ("${{ github.event_name }}" -ne "pull_request") { | |
| $pyArgs += '--compare_results' | |
| } | |
| python @pyArgs | |
| - name: Upload result diff | |
| if: github.event_name != 'pull_request' && hashFiles('diffdetailedfunctiontestresults.xlsx') != '' | |
| uses: azure/powershell@v2 | |
| with: | |
| azPSVersion: latest | |
| inlineScript: | | |
| Update-AzConfig -DisplayBreakingChangeWarning $false | |
| $context = New-AzStorageContext -StorageAccountName "$env:ACCOUNT_NAME" -UseConnectedAccount -EnableFileBackupRequestIntent | |
| Set-AzStorageFileContent -ShareName "$env:SHARE_NAME" -Source "diffdetailedfunctiontestresults.xlsx" -Path "health-diffdetailedfunctiontestresults.xlsx" -Context $context -Force | |
| - name: Fail if result diff detected | |
| if: github.event_name != 'pull_request' && hashFiles('diffdetailedfunctiontestresults.xlsx') != '' | |
| shell: pwsh | |
| run: | | |
| Write-Host "::error::Test results differ from the stored baseline. The diff has been uploaded to Azure Storage as 'health-diffdetailedfunctiontestresults.xlsx'. Please review." | |
| exit 1 | |
| test-codeql-latest-vs-current: | |
| # Tests if the latest codeql version produces the same results as the current version. | |
| runs-on: windows-latest | |
| continue-on-error: true # Allow script to return non-zero exit code | |
| needs: [build,test-query-health] | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| env: | |
| ACCOUNT_NAME: ${{ secrets.ACCOUNT_NAME }} | |
| SHARE_NAME: ${{ secrets.SHARE_NAME }} | |
| steps: | |
| - name: Check Prev Job | |
| if: ${{ needs.test-query-health.result == 'failure' }} | |
| shell: pwsh | |
| run: exit 1 | |
| - name: Enable long git paths | |
| shell: cmd | |
| run: git config --global core.longpaths true | |
| - name: Clone self (windows-driver-developer-supplemental-tools) | |
| uses: actions/checkout@v4 | |
| with: | |
| path: . | |
| fetch-depth: 0 | |
| - name: CodeQL Download | |
| run: | | |
| $latest=(((Invoke-WebRequest -Uri https://github.com/github/codeql-cli-binaries/releases/latest).links.href | Where-Object{$_ -like "/github/codeql-cli-binaries/releases/tag/v*"}[0]) -split "/")[-1] | |
| Invoke-WebRequest -Uri "https://github.com/github/codeql-cli-binaries/releases/download/$latest/codeql-win64.zip" -OutFile codeql-win64.zip | |
| Expand-Archive -Path codeql-win64.zip -DestinationPath .\codeql-zip -Force | |
| Move-Item -Path .\codeql-zip\codeql -Destination .\codeql-cli\ | |
| New-Item LatestVersion -ItemType "Directory" | |
| New-Item LatestVersion/$latest | |
| - name: Install CodeQL pack dependencies | |
| shell: cmd | |
| run: | | |
| pushd .\src | |
| ..\codeql-cli\codeql.cmd pack install | |
| popd | |
| - name: codeql version test | |
| run: .\codeql-cli\codeql.exe version | |
| - name: Install Nuget Packages | |
| run: nuget restore .\src\drivers\test\packages.config -PackagesDirectory .\packages\ | |
| - name: Setup Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: 3.11 | |
| - name: Install Python Packages | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r .\src\drivers\test\requirements.txt | |
| - name: Add msbuild to PATH | |
| uses: microsoft/setup-msbuild@v2 | |
| - name: Azure Login | |
| if: github.event_name != 'pull_request' | |
| uses: azure/login@v2 | |
| with: | |
| client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
| tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
| subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
| enable-AzPSSession: true | |
| - name: Download previous results | |
| if: github.event_name != 'pull_request' | |
| uses: azure/powershell@v2 | |
| with: | |
| azPSVersion: latest | |
| inlineScript: | | |
| $context = New-AzStorageContext -StorageAccountName "$env:ACCOUNT_NAME" -UseConnectedAccount -EnableFileBackupRequestIntent | |
| $destination = "azure-detailedfunctiontestresults.xlsx" | |
| Get-AzStorageFileContent -ShareName "$env:SHARE_NAME" -Path "detailedfunctiontestresults.xlsx" -Destination $destination -Context $context | |
| - name: Run test script | |
| shell: pwsh | |
| run: | | |
| $pyArgs = @('src\drivers\test\build_create_analyze_test.py', '--codeql_path', '.\codeql-cli\codeql.exe', '--no_build', '-v') | |
| if ("${{ github.event_name }}" -ne "pull_request") { | |
| $pyArgs += '--compare_results' | |
| } | |
| python @pyArgs | |
| - name: Upload result diff | |
| if: github.event_name != 'pull_request' && hashFiles('diffdetailedfunctiontestresults.xlsx') != '' | |
| uses: azure/powershell@v2 | |
| with: | |
| azPSVersion: latest | |
| inlineScript: | | |
| $context = New-AzStorageContext -StorageAccountName "$env:ACCOUNT_NAME" -UseConnectedAccount -EnableFileBackupRequestIntent | |
| Set-AzStorageFileContent -ShareName "$env:SHARE_NAME" -Source "diffdetailedfunctiontestresults.xlsx" -Path "version-diffdetailedfunctiontestresults.xlsx" -Context $context -Force | |
| - name: Fail if result diff detected | |
| if: github.event_name != 'pull_request' && hashFiles('diffdetailedfunctiontestresults.xlsx') != '' | |
| shell: pwsh | |
| run: | | |
| Write-Host "::error::Test results from latest CodeQL version differ from the stored baseline. The diff has been uploaded to Azure Storage as 'version-diffdetailedfunctiontestresults.xlsx'. Please review." | |
| exit 1 | |
| - name: Save Latest Version | |
| if: ${{ hashFiles('diffdetailedfunctiontestresults.xlsx') == '' }} # Only if there were no differences | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: latest-codeql-results | |
| path: | | |
| LatestVersion\* | |
| test-pack-version-update: | |
| runs-on: windows-latest | |
| needs: build | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Enable long git paths | |
| shell: cmd | |
| run: git config --global core.longpaths true | |
| - name: Clone self (windows-driver-developer-supplemental-tools) | |
| uses: actions/checkout@v4 | |
| with: | |
| path: . | |
| fetch-depth: 0 | |
| - name: Check for changes to qlpack | |
| shell: pwsh | |
| run: | |
| $qlpack_diff = git diff HEAD~1:src/qlpack.yml src/qlpack.yml; | |
| $rec_diff = git diff HEAD~1:src/windows-driver-suites/recommended.qls src/windows-driver-suites/recommended.qls; | |
| $mf_diff = git diff HEAD~1:src/windows-driver-suites/mustfix.qls src/windows-driver-suites/mustfix.qls; | |
| if (!$qlpack_diff -and ($rec_diff -or $mf_diff)) { "Query suite file updated without updating qlpack version"; exit 2 } | |
| $last_qlpack_commit = git log -n 1 --pretty=format:%H -- src/qlpack.yml; | |
| $qlpack_changes =git show $last_qlpack_commit -- .\src\qlpack.yml; | |
| $last_mf_commit = git log -n 1 --pretty=format:%H -- src/windows-driver-suites/mustfix.qls; | |
| $last_rec_commit = git log -n 1 --pretty=format:%H -- src/windows-driver-suites/recommended.qls; | |
| $commits_since_qlpack_change = [int](git rev-list --count HEAD...$last_qlpack_commit); | |
| $commits_since_mf_change = [int](git rev-list --count HEAD...$last_mf_commit); | |
| $commits_since_rec_change = [int](git rev-list --count HEAD...$last_rec_commit); | |
| if ($commits_since_qlpack_change -gt $commits_since_mf_change) { "Mustfix query suite file modified without updating version"; exit 3 }; | |
| if ($commits_since_qlpack_change -gt $commits_since_rec_change) {"Recommended query suite file modified without updating version"; exit 4 }; | |
| if($qlpack_changes -contains "version"){ | |
| try{$old_qlpack_version = [version]($qlpack_changes -match "-version").Substring(10);} catch {"Changed qlpack.yml without updating version"; exit 5 } | |
| try{$new_qlpack_version = [version]($qlpack_changes -match "\+version").Substring(10);} catch {"Changed qlpack.yml without updating version"; exit 6 } | |
| if ($new_qlpack_version -gt $old_qlpack_version) { exit 0 } else { "qlpack.yml version not incremented. Previously updated to version $old_qlpack_version, current version $new_qlpack_version"; exit 7 } | |
| } | |
| test-create-dvl: | |
| runs-on: windows-latest | |
| needs: build | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Enable long git paths | |
| shell: cmd | |
| run: git config --global core.longpaths true | |
| - name: Clone self (windows-driver-developer-supplemental-tools) | |
| uses: actions/checkout@v4 | |
| with: | |
| path: . | |
| fetch-depth: 0 | |
| - name: CodeQL Download | |
| run: | |
| Invoke-WebRequest -Uri "https://github.com/github/codeql-cli-binaries/releases/download/v${{ env.CODEQL_VERSION }}/codeql-win64.zip" -OutFile codeql-win64.zip; | |
| Expand-Archive -Path codeql-win64.zip -DestinationPath .\codeql-zip -Force; | |
| Move-Item -Path .\codeql-zip\codeql -Destination .\codeql-cli\ | |
| - name: Install CodeQL pack dependencies | |
| shell: cmd | |
| run: | | |
| pushd .\src | |
| ..\codeql-cli\codeql.cmd pack install | |
| popd | |
| - name: Add msbuild to PATH | |
| uses: microsoft/setup-msbuild@v2 | |
| - name: Install Nuget Packages | |
| run: nuget restore .\src\drivers\test\packages.config -PackagesDirectory .\packages\ | |
| - name: Test DVL | |
| run: src\drivers\test\dvl_tests\dvl_tests.ps1 | |
| - name: Archive code coverage results | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: dvl-outputs | |
| path: | | |
| clean_results\*.* | |
| mustfix_results\*.* | |
| publish: | |
| runs-on: windows-latest | |
| continue-on-error: true | |
| needs: [build, test-pack-version-update, test-query-health] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Enable long git paths | |
| shell: cmd | |
| run: git config --global core.longpaths true | |
| - name: Clone self (windows-driver-developer-supplemental-tools) | |
| uses: actions/checkout@v4 | |
| with: | |
| path: . | |
| fetch-depth: 0 | |
| - name: CodeQL Download | |
| run: | |
| Invoke-WebRequest -Uri "https://github.com/github/codeql-cli-binaries/releases/download/v${{ env.CODEQL_VERSION }}/codeql-win64.zip" -OutFile codeql-win64.zip; | |
| Expand-Archive -Path codeql-win64.zip -DestinationPath .\codeql-zip -Force; | |
| Move-Item -Path .\codeql-zip\codeql -Destination .\codeql-cli\ | |
| - name: Install CodeQL pack dependencies | |
| shell: cmd | |
| run: | | |
| pushd .\src | |
| ..\codeql-cli\codeql.cmd pack install | |
| popd | |
| - name: Publish New CodeQL Pack | |
| shell: pwsh | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | |
| $build = git rev-parse --short HEAD; | |
| $version =( Select-String .\src\qlpack.yml -Pattern "version").line; | |
| $new_ver = "$version-alpha+$build"; | |
| (Get-Content .\src\qlpack.yml).Replace($version, $new_ver) | Set-Content .\src\qlpack.yml; | |
| .\codeql-cli\codeql.cmd pack publish --allow-prerelease ./src; |