codeql-sap-js/.github/workflows/copilot-setup-steps.yml at 85479aa6f7c6b73914c871d229968328d783cb88 · advanced-security/codeql-sap-js · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: "Copilot Setup Steps"

on:
  # Allow manual testing through the repository's "Actions" tab
  workflow_dispatch: {}
  # Automatically run the setup steps when an associated file is changed.
  push:
    branches:
      - main
    paths:
      - .github/workflows/copilot-setup-steps.yml
      - qlt.conf.json
      - extractors/cds/tools/package.json
      - extractors/cds/tools/package-lock.json
      - javascript/frameworks/*/qlpack.yml
  pull_request:
    branches:
      - main
    paths:
      - .github/workflows/copilot-setup-steps.yml
      - qlt.conf.json
      - extractors/cds/tools/package.json
      - extractors/cds/tools/package-lock.json
      - javascript/frameworks/*/qlpack.yml

jobs:
  # The job MUST be called `copilot-setup-steps` or it will not be picked up by Copilot.
  copilot-setup-steps:
    permissions:
      contents: read
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v5

      - name: Install QLT
        id: install-qlt
        uses: advanced-security/codeql-development-toolkit/.github/actions/install-qlt@main
        with:
          qlt-version: 'latest'
          add-to-path: true

      - name: Install CodeQL
        id: install-codeql
        shell: bash
        run: |
          echo "Installing CodeQL using configuration from qlt.conf.json"
          qlt codeql run install
          echo "-----------------------------"

          # Get CodeQL paths from QLT
          CODEQL_HOME=$(qlt codeql get home)
          CODEQL_PATH=$(qlt codeql get path)

          echo "CodeQL Home: $CODEQL_HOME"
          echo "CodeQL Binary: $CODEQL_PATH"

          # Add CodeQL to PATH for subsequent steps
          if [[ -n "$CODEQL_HOME" ]]; then
            echo "$CODEQL_HOME" >> "$GITHUB_PATH"
            echo "✅ Added CodeQL to PATH: $CODEQL_HOME"
          else
            echo "❌ CodeQL home path not found"
            exit 1
          fi

      - name: Verify CLI Tools in PATH
        shell: bash
        run: |
          echo "Verifying CLI tools are available in PATH:"

          if ! command -v qlt >/dev/null 2>&1; then
            echo "❌ qlt not found in PATH"
            exit 1
          fi
          echo "✅ qlt is available: $(which qlt)"

          if ! command -v codeql >/dev/null 2>&1; then
            echo "❌ codeql not found in PATH"
            exit 1
          fi
          echo "✅ codeql is available: $(which codeql)"

      - name: Verify Versions of Tooling
        shell: bash
        run: |
          echo "Checking CodeQL Version:"
          codeql --version

          echo "Checking QLT Version:"
          echo "QLT Home: ${{ steps.install-qlt.outputs.qlt-home }}"
          qlt version

      - name: Install QL Packs
        shell: bash
        run: |
          echo "Installing QL pack dependencies"
          codeql pack install --no-strict-mode javascript/frameworks/cap
          codeql pack install --no-strict-mode javascript/frameworks/ui5
          codeql pack install --no-strict-mode javascript/frameworks/xsjs

      - name: Setup Node.js for CDS Extractor
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'
          cache-dependency-path: extractors/cds/tools/package-lock.json

      - name: Install CDS Extractor Dependencies
        shell: bash
        working-directory: extractors/cds/tools
        run: |
          echo "Installing CDS extractor npm dependencies"
          npm ci

      - name: Build CDS Extractor
        shell: bash
        working-directory: extractors/cds/tools
        run: |
          echo "Building CDS extractor"
          npm run build

      - name: Verify Setup Complete
        shell: bash
        run: |
          echo "✅ Setup complete and verified:"
          echo "  - QLT installed: $(qlt version)"
          echo "  - QLT in PATH: $(which qlt)"
          echo "  - CodeQL installed: $(codeql --version | head -1)"
          echo "  - CodeQL in PATH: $(which codeql)"
          echo "  - Node.js: $(node --version)"
          echo "  - npm: $(npm --version)"
          echo "  - CDS extractor built successfully"