Actions: Add file coverage information for status page #20371
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| from File f | ||
| where exists(f.getRelativePath()) | ||
| select f, "" |
Check warning
Code scanning / CodeQL
Consistent alert message Warning
There was a problem hiding this comment.
Pull Request Overview
This PR adds file coverage information for the Actions extractor to support the code scanning status page. The implementation includes baseline configuration for identifying Actions-related files and a diagnostic query to list successfully extracted files.
Key changes:
- Added a diagnostic query to list extracted files for coverage reporting
- Created baseline configuration scripts and JSON to define Actions file patterns
- Updated extractor configuration to include YAML as an SCC language
Reviewed Changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| actions/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql | New diagnostic query to list all extracted files for coverage information |
| actions/extractor/tools/configure-baseline.sh | Shell script to output baseline configuration for Unix systems |
| actions/extractor/tools/configure-baseline.cmd | Batch script to output baseline configuration for Windows systems |
| actions/extractor/tools/baseline-config.json | JSON configuration defining file patterns for Actions workflows and action files |
| actions/extractor/codeql-extractor.yml | Updated to include YAML as an SCC language for file coverage |
| actions/ql/integration-tests/query-suite/*.expected | Updated test expectations to include the new diagnostic query |
| scc_languages: | ||
| - YAML |
There was a problem hiding this comment.
I can see that this is now consistent with other languages. What effect does adding this have?
There was a problem hiding this comment.
This tells scc to pick up files marked as YAML when CodeQL scans for the baseline set of files. These are then further filtered down by the configure baseline script.
| @@ -8,7 +8,8 @@ build_modes: | |||
| - none | |||
| file_coverage_languages: [] | |||
| github_api_languages: [] | |||
There was a problem hiding this comment.
Is it worth putting a comment here that actions isn't its own language as far as linguist/the API is concerned and therefore not listed?
Add a baseline configuration and successfully extracted files query for the Actions extractor. This will populate file coverage information about Actions on the code scanning status page.
The baseline configuration depends on CLI changes that will be released in v2.23.1.