Skip to content

Commit dbafdcc

Browse files
committed
Add action to export code scanning alerts to a SARIF file
1 parent 798f0de commit dbafdcc

File tree

19 files changed

+43366
-0
lines changed

19 files changed

+43366
-0
lines changed

.github/workflows/check-dist.yml

Lines changed: 74 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,74 @@
1+
# In TypeScript actions, `dist/` is a special directory. When you reference
2+
# an action with the `uses:` property, `dist/index.js` is the code that will be
3+
# run. For this project, the `dist/index.js` file is transpiled from other
4+
# source files. This workflow ensures the `dist/` directory contains the
5+
# expected transpiled code.
6+
#
7+
# If this workflow is run from a feature branch, it will act as an additional CI
8+
# check and fail if the checked-in `dist/` directory does not match what is
9+
# expected from the build.
10+
name: Check Transpiled JavaScript
11+
12+
on:
13+
pull_request:
14+
branches:
15+
- main
16+
push:
17+
branches:
18+
- main
19+
20+
permissions:
21+
contents: read
22+
23+
jobs:
24+
check-dist:
25+
name: Check dist/
26+
runs-on: ubuntu-latest
27+
28+
strategy:
29+
matrix:
30+
working-directory:
31+
- code-scanning-export
32+
33+
steps:
34+
- name: Checkout
35+
id: checkout
36+
uses: actions/checkout@v4
37+
38+
- name: Setup Node.js
39+
id: setup-node
40+
uses: actions/setup-node@v4
41+
with:
42+
node-version-file: ${{ matrix.working-directory }}/.node-version
43+
cache: npm
44+
45+
- name: Install Dependencies
46+
id: install
47+
working-directory: ${{ matrix.working-directory }}
48+
run: npm ci
49+
50+
- name: Build dist/ Directory
51+
id: build
52+
working-directory: ${{ matrix.working-directory }}
53+
run: npm run bundle
54+
55+
# This will fail the workflow if the PR wasn't created by Dependabot.
56+
- name: Compare Directories
57+
id: diff
58+
working-directory: ${{ matrix.working-directory }}
59+
run: |
60+
if [ "$(git diff --ignore-space-at-eol --text dist/ | wc -l)" -gt "0" ]; then
61+
echo "Detected uncommitted changes after build. See status below:"
62+
git diff --ignore-space-at-eol --text dist/
63+
exit 1
64+
fi
65+
66+
# If `dist/` was different than expected, and this was not a Dependabot
67+
# PR, upload the expected version as a workflow artifact.
68+
- if: ${{ failure() && steps.diff.outcome == 'failure' }}
69+
name: Upload Artifact
70+
id: upload
71+
uses: actions/upload-artifact@v4
72+
with:
73+
name: ${{ matrix.working-directory }}
74+
path: ${{ matrix.working-directory }}/dist/

.github/workflows/ci.yml

Lines changed: 54 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,54 @@
1+
name: Continuous Integration
2+
3+
on:
4+
pull_request:
5+
branches:
6+
- main
7+
push:
8+
branches:
9+
- main
10+
11+
permissions:
12+
contents: read
13+
14+
jobs:
15+
test-typescript:
16+
name: TypeScript Tests
17+
runs-on: ubuntu-latest
18+
19+
strategy:
20+
matrix:
21+
working-directory:
22+
- code-scanning-export
23+
24+
steps:
25+
- name: Checkout
26+
id: checkout
27+
uses: actions/checkout@v4
28+
29+
- name: Setup Node.js
30+
id: setup-node
31+
uses: actions/setup-node@v4
32+
with:
33+
node-version-file: ${{ matrix.working-directory }}/.node-version
34+
cache: npm
35+
36+
- name: Install Dependencies
37+
id: npm-ci
38+
working-directory: ${{ matrix.working-directory }}
39+
run: npm ci
40+
41+
- name: Check Format
42+
id: npm-format-check
43+
working-directory: ${{ matrix.working-directory }}
44+
run: npm run format:check
45+
46+
- name: Lint
47+
id: npm-lint
48+
working-directory: ${{ matrix.working-directory }}
49+
run: npm run lint
50+
51+
- name: Test
52+
id: npm-ci-test
53+
working-directory: ${{ matrix.working-directory }}
54+
run: npm run ci-test

code-scanning-export/.eslintignore

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
__tests__/
2+
lib/
3+
dist/
4+
node_modules/
5+
coverage/

code-scanning-export/.eslintrc.yml

Lines changed: 82 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,82 @@
1+
env:
2+
node: true
3+
es6: true
4+
jest: true
5+
6+
globals:
7+
Atomics: readonly
8+
SharedArrayBuffer: readonly
9+
10+
ignorePatterns:
11+
- '!.*'
12+
- '**/node_modules/.*'
13+
- '**/dist/.*'
14+
- '**/coverage/.*'
15+
- '*.json'
16+
17+
parser: '@typescript-eslint/parser'
18+
19+
parserOptions:
20+
ecmaVersion: 2023
21+
sourceType: module
22+
project:
23+
- './tsconfig.json'
24+
25+
plugins:
26+
- jest
27+
- '@typescript-eslint'
28+
29+
extends:
30+
- eslint:recommended
31+
- plugin:@typescript-eslint/eslint-recommended
32+
- plugin:@typescript-eslint/recommended
33+
- plugin:github/recommended
34+
- plugin:jest/recommended
35+
36+
rules:
37+
{
38+
'camelcase': 'off',
39+
'eslint-comments/no-use': 'off',
40+
'eslint-comments/no-unused-disable': 'off',
41+
'i18n-text/no-en': 'off',
42+
'import/no-namespace': 'off',
43+
'no-console': 'off',
44+
'no-unused-vars': 'off',
45+
'prettier/prettier': 'error',
46+
'semi': 'off',
47+
'@typescript-eslint/array-type': 'error',
48+
'@typescript-eslint/await-thenable': 'error',
49+
'@typescript-eslint/ban-ts-comment': 'error',
50+
'@typescript-eslint/consistent-type-assertions': 'error',
51+
'@typescript-eslint/explicit-member-accessibility':
52+
['error', { 'accessibility': 'no-public' }],
53+
'@typescript-eslint/explicit-function-return-type':
54+
['error', { 'allowExpressions': true }],
55+
'@typescript-eslint/func-call-spacing': ['error', 'never'],
56+
'@typescript-eslint/no-array-constructor': 'error',
57+
'@typescript-eslint/no-empty-interface': 'error',
58+
'@typescript-eslint/no-explicit-any': 'error',
59+
'@typescript-eslint/no-extraneous-class': 'error',
60+
'@typescript-eslint/no-for-in-array': 'error',
61+
'@typescript-eslint/no-inferrable-types': 'error',
62+
'@typescript-eslint/no-misused-new': 'error',
63+
'@typescript-eslint/no-namespace': 'error',
64+
'@typescript-eslint/no-non-null-assertion': 'warn',
65+
'@typescript-eslint/no-require-imports': 'error',
66+
'@typescript-eslint/no-unnecessary-qualifier': 'error',
67+
'@typescript-eslint/no-unnecessary-type-assertion': 'error',
68+
'@typescript-eslint/no-unused-vars': 'error',
69+
'@typescript-eslint/no-useless-constructor': 'error',
70+
'@typescript-eslint/no-var-requires': 'error',
71+
'@typescript-eslint/prefer-for-of': 'warn',
72+
'@typescript-eslint/prefer-function-type': 'warn',
73+
'@typescript-eslint/prefer-includes': 'error',
74+
'@typescript-eslint/prefer-string-starts-ends-with': 'error',
75+
'@typescript-eslint/promise-function-async': 'error',
76+
'@typescript-eslint/require-array-sort-compare': 'error',
77+
'@typescript-eslint/restrict-plus-operands': 'error',
78+
'@typescript-eslint/semi': ['error', 'never'],
79+
'@typescript-eslint/space-before-function-paren': 'off',
80+
'@typescript-eslint/type-annotation-spacing': 'error',
81+
'@typescript-eslint/unbound-method': 'error'
82+
}

code-scanning-export/.node-version

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
20.6.0

code-scanning-export/.prettierignore

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
dist/
2+
node_modules/
3+
coverage/

code-scanning-export/.prettierrc.json

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
{
2+
"printWidth": 80,
3+
"tabWidth": 2,
4+
"useTabs": false,
5+
"semi": false,
6+
"singleQuote": true,
7+
"quoteProps": "as-needed",
8+
"jsxSingleQuote": false,
9+
"trailingComma": "none",
10+
"bracketSpacing": true,
11+
"bracketSameLine": true,
12+
"arrowParens": "avoid",
13+
"proseWrap": "always",
14+
"htmlWhitespaceSensitivity": "css",
15+
"endOfLine": "lf"
16+
}

0 commit comments

Comments
 (0)