4747
4848 tar -zxf extractor-iac.tar.gz
4949
50+ chmod +x extractor-pack/tools/*.sh
51+ chmod +x extractor-pack/tools/**/*
52+
5053 - uses : dtolnay/rust-toolchain@4305c38b25d97ef35a8ad1f985ccf2d2242004f2 # stable
5154 if : steps.extractor-changes.outputs.src == 'true'
5255
@@ -69,79 +72,80 @@ jobs:
6972 run : |
7073 ./scripts/run-tests.sh "ql/test/${{ matrix.test-folders }}"
7174
72- scanning :
73- runs-on : ubuntu-latest
74- needs : [tests]
75-
76- strategy :
77- matrix :
78- project : ["hashicorp/terraform-guides", "akamai/terraform-examples", "aws-samples/aws-sam-terraform-examples"]
79-
80- steps :
81- - name : " Checkout"
82- uses : actions/checkout@v5
83- with :
84- submodules : true
85-
86- - name : " Checkout"
87- uses : actions/checkout@v5
88- with :
89- repository : ${{ matrix.project }}
90- path : project
91-
92- - name : " Check for changes"
93- uses : dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
94- id : extractor-changes
95- with :
96- filters : |
97- src:
98- - 'extractor/**'
99- - 'rust-toolchain.toml'
100- - 'Cargo.*'
101-
102- - name : " Download Extracter"
103- if : steps.extractor-changes.outputs.src == 'false'
104- env :
105- GH_TOKEN : ${{ github.token }}
106- run : |
107- set -e
108- gh release list -L 1 -R "advanced-security/codeql-extractor-iac"
109-
110- gh release download \
111- -R "advanced-security/codeql-extractor-iac" \
112- --clobber \
113- --pattern 'extractor-iac.tar.gz'
114-
115- tar -zxf extractor-iac.tar.gz
116-
117- - uses : dtolnay/rust-toolchain@4305c38b25d97ef35a8ad1f985ccf2d2242004f2 # stable
118- if : steps.extractor-changes.outputs.src == 'true'
119-
120- - name : " Build Extractor"
121- if : steps.extractor-changes.outputs.src == 'true'
122- env :
123- GH_TOKEN : ${{ github.token }}
124- run : |
125- set -e
126- gh extensions install github/gh-codeql
127- gh codeql set-version latest
128-
129- ./scripts/create-extractor-pack.sh
130-
131- gh codeql resolve languages --format=json --search-path ./extractor-pack
132-
133- - name : " Run CodeQL Analysis"
134- env :
135- GH_TOKEN : ${{ github.token }}
136- PROJECT_REPO : ${{ matrix.project }}
137- run : |
138- set -e
139- gh extensions install github/gh-codeql
140- gh codeql set-version latest
141-
142- gh codeql database create iac-db --language=iac --source-root=./project --search-path ./extractor-pack
143-
144- gh codeql database analyze iac-db "advanced-security/iac-queries" --format=sarifv2.1.0 --output="iac-${PROJECT_REPO}.sarif"
75+ # scanning:
76+ # runs-on: ubuntu-latest
77+ # needs: [tests]
78+
79+ # strategy:
80+ # matrix:
81+ # # project: ["hashicorp/terraform-guides", "akamai/terraform-examples", "aws-samples/aws-sam-terraform-examples"]
82+ # project: []
83+
84+ # steps:
85+ # - name: "Checkout"
86+ # uses: actions/checkout@v5
87+ # with:
88+ # submodules: true
89+
90+ # - name: "Checkout"
91+ # uses: actions/checkout@v5
92+ # with:
93+ # repository: ${{ matrix.project }}
94+ # path: project
95+
96+ # - name: "Check for changes"
97+ # uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
98+ # id: extractor-changes
99+ # with:
100+ # filters: |
101+ # src:
102+ # - 'extractor/**'
103+ # - 'rust-toolchain.toml'
104+ # - 'Cargo.*'
105+
106+ # - name: "Download Extracter"
107+ # if: steps.extractor-changes.outputs.src == 'false'
108+ # env:
109+ # GH_TOKEN: ${{ github.token }}
110+ # run: |
111+ # set -e
112+ # gh release list -L 1 -R "advanced-security/codeql-extractor-iac"
113+
114+ # gh release download \
115+ # -R "advanced-security/codeql-extractor-iac" \
116+ # --clobber \
117+ # --pattern 'extractor-iac.tar.gz'
118+
119+ # tar -zxf extractor-iac.tar.gz
120+
121+ # - uses: dtolnay/rust-toolchain@4305c38b25d97ef35a8ad1f985ccf2d2242004f2 # stable
122+ # if: steps.extractor-changes.outputs.src == 'true'
123+
124+ # - name: "Build Extractor"
125+ # if: steps.extractor-changes.outputs.src == 'true'
126+ # env:
127+ # GH_TOKEN: ${{ github.token }}
128+ # run: |
129+ # set -e
130+ # gh extensions install github/gh-codeql
131+ # gh codeql set-version latest
132+
133+ # ./scripts/create-extractor-pack.sh
134+
135+ # gh codeql resolve languages --format=json --search-path ./extractor-pack
136+
137+ # - name: "Run CodeQL Analysis"
138+ # env:
139+ # GH_TOKEN: ${{ github.token }}
140+ # PROJECT_REPO: ${{ matrix.project }}
141+ # run: |
142+ # set -e
143+ # gh extensions install github/gh-codeql
144+ # gh codeql set-version latest
145+
146+ # gh codeql database create --language=iac --source-root=./project --search-path ./extractor-pack iac-db
147+
148+ # gh codeql database analyze --search-path ./extractor-pack --format sarif-latest --output="iac-${PROJECT_REPO}.sarif" iac-db ./ql/src
145149
146150
147151 docs :
0 commit comments