From b0af11dc7fd600808ac8e171511bc0e19390f147 Mon Sep 17 00:00:00 2001 From: coveros-phil <114023548+coveros-phil@users.noreply.github.com> Date: Sun, 20 Nov 2022 14:08:57 -0500 Subject: [PATCH] Language support for CodeQL enablement (#88) * Added functionality to support automatically detecting the language of a repo when enabling codeQL. This allows for selecting a specific yml file based on the primary language of the repo. Also if there is no primary language or a language not supported by codeQL it will not enable code scanning * PR comments: - reduce query scope - include artifact upload by default * Update codeql-analysis-cpp.yml * Update codeql-analysis-csharp.yml * Update codeql-analysis-go.yml * Update codeql-analysis-java.yml * Update codeql-analysis-javascript.yml * Update codeql-analysis-python.yml * Update codeql-analysis-ruby.yml * Prettier formatting of files * Trigger Build * update workflows to latest start workflows * final touches Co-authored-by: Philip LaFrance Co-authored-by: Nick Liffen --- .eslintrc | 18 ++--- ...s-standard.yml => codeql-analysis-cpp.yml} | 38 +++++----- bin/workflows/codeql-analysis-csharp.yml | 71 +++++++++++++++++++ bin/workflows/codeql-analysis-go.yml | 36 +++++----- bin/workflows/codeql-analysis-java.yml | 36 +++++----- bin/workflows/codeql-analysis-javascript.yml | 37 ++++------ bin/workflows/codeql-analysis-python.yml | 37 ++++------ bin/workflows/codeql-analysis-ruby.yml | 37 ++++------ src/utils/commitFile.ts | 12 +++- src/utils/getcodeQLLanguage.ts | 38 ++++++++++ src/utils/paginateQuery.ts | 4 +- src/utils/worker.ts | 7 +- types/common/index.d.ts | 4 +- 13 files changed, 237 insertions(+), 138 deletions(-) rename bin/workflows/{codeql-analysis-standard.yml => codeql-analysis-cpp.yml} (59%) create mode 100644 bin/workflows/codeql-analysis-csharp.yml create mode 100644 src/utils/getcodeQLLanguage.ts diff --git a/.eslintrc b/.eslintrc index 220e354..79bd6ef 100644 --- a/.eslintrc +++ b/.eslintrc @@ -1,10 +1,10 @@ { - "root": true, - "parser": "@typescript-eslint/parser", - "plugins": ["@typescript-eslint"], - "extends": [ - "eslint:recommended", - "plugin:@typescript-eslint/eslint-recommended", - "plugin:@typescript-eslint/recommended" - ] - } \ No newline at end of file + "root": true, + "parser": "@typescript-eslint/parser", + "plugins": ["@typescript-eslint"], + "extends": [ + "eslint:recommended", + "plugin:@typescript-eslint/eslint-recommended", + "plugin:@typescript-eslint/recommended" + ] +} diff --git a/bin/workflows/codeql-analysis-standard.yml b/bin/workflows/codeql-analysis-cpp.yml similarity index 59% rename from bin/workflows/codeql-analysis-standard.yml rename to bin/workflows/codeql-analysis-cpp.yml index 75e24e6..6439d4e 100644 --- a/bin/workflows/codeql-analysis-standard.yml +++ b/bin/workflows/codeql-analysis-cpp.yml @@ -4,17 +4,21 @@ # You may wish to alter this file to override the set of languages analyzed, # or to provide custom queries or build logic. # - +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# name: "CodeQL" on: push: - branches: [main] + branches: ["master", "main"] pull_request: # The branches below must be a subset of the branches above - branches: [main] + branches: ["master", "main"] schedule: - - cron: "34 14 * * 0" + - cron: "27 4 * * 5" jobs: analyze: @@ -28,9 +32,9 @@ jobs: strategy: fail-fast: false matrix: - language: ["javascript"] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more about CodeQL language support at https://git.io/codeql-language-support + language: ["cpp"] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - name: Checkout repository @@ -41,27 +45,27 @@ jobs: uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} - queries: +security-extended + queries: security-extended # security-and-quality # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild uses: github/codeql-action/autobuild@v2 # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - #- run: | - # make bootstrap - # make release + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/bin/workflows/codeql-analysis-csharp.yml b/bin/workflows/codeql-analysis-csharp.yml new file mode 100644 index 0000000..35ea6fb --- /dev/null +++ b/bin/workflows/codeql-analysis-csharp.yml @@ -0,0 +1,71 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL" + +on: + push: + branches: ["master", "main"] + pull_request: + # The branches below must be a subset of the branches above + branches: ["master", "main"] + schedule: + - cron: "27 4 * * 5" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ["csharp"] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + queries: security-extended # security-and-quality + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/bin/workflows/codeql-analysis-go.yml b/bin/workflows/codeql-analysis-go.yml index 57d6146..33acbbd 100644 --- a/bin/workflows/codeql-analysis-go.yml +++ b/bin/workflows/codeql-analysis-go.yml @@ -4,17 +4,21 @@ # You may wish to alter this file to override the set of languages analyzed, # or to provide custom queries or build logic. # - +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# name: "CodeQL" on: push: - branches: [main] + branches: ["master", "main"] pull_request: # The branches below must be a subset of the branches above - branches: [main] + branches: ["master", "main"] schedule: - - cron: "28 5 * * 3" + - cron: "27 4 * * 5" jobs: analyze: @@ -29,8 +33,8 @@ jobs: fail-fast: false matrix: language: ["go"] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more about CodeQL language support at https://git.io/codeql-language-support + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - name: Checkout repository @@ -41,27 +45,27 @@ jobs: uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} - queries: +security-extended + queries: security-extended # security-and-quality # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild uses: github/codeql-action/autobuild@v2 # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - #- run: | - # make bootstrap - # make release + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/bin/workflows/codeql-analysis-java.yml b/bin/workflows/codeql-analysis-java.yml index 3bab849..f5f00cb 100644 --- a/bin/workflows/codeql-analysis-java.yml +++ b/bin/workflows/codeql-analysis-java.yml @@ -4,17 +4,21 @@ # You may wish to alter this file to override the set of languages analyzed, # or to provide custom queries or build logic. # - +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# name: "CodeQL" on: push: - branches: [main] + branches: ["master", "main"] pull_request: # The branches below must be a subset of the branches above - branches: [main] + branches: ["master", "main"] schedule: - - cron: "28 5 * * 3" + - cron: "27 4 * * 5" jobs: analyze: @@ -29,8 +33,8 @@ jobs: fail-fast: false matrix: language: ["java"] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more about CodeQL language support at https://git.io/codeql-language-support + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - name: Checkout repository @@ -41,27 +45,27 @@ jobs: uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} - queries: +security-extended + queries: security-extended # security-and-quality # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). # If this step fails, then you should remove it and run the build manually (see below) - name: Autobuild uses: github/codeql-action/autobuild@v2 # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - #- run: | - # make bootstrap - # make release + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/bin/workflows/codeql-analysis-javascript.yml b/bin/workflows/codeql-analysis-javascript.yml index 75e24e6..f72a1a4 100644 --- a/bin/workflows/codeql-analysis-javascript.yml +++ b/bin/workflows/codeql-analysis-javascript.yml @@ -4,17 +4,21 @@ # You may wish to alter this file to override the set of languages analyzed, # or to provide custom queries or build logic. # - +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# name: "CodeQL" on: push: - branches: [main] + branches: ["master", "main"] pull_request: # The branches below must be a subset of the branches above - branches: [main] + branches: ["master", "main"] schedule: - - cron: "34 14 * * 0" + - cron: "27 4 * * 5" jobs: analyze: @@ -29,8 +33,8 @@ jobs: fail-fast: false matrix: language: ["javascript"] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more about CodeQL language support at https://git.io/codeql-language-support + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - name: Checkout repository @@ -41,27 +45,12 @@ jobs: uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} - queries: +security-extended + queries: security-extended # security-and-quality # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/bin/workflows/codeql-analysis-python.yml b/bin/workflows/codeql-analysis-python.yml index 82effcb..6d9950e 100644 --- a/bin/workflows/codeql-analysis-python.yml +++ b/bin/workflows/codeql-analysis-python.yml @@ -4,17 +4,21 @@ # You may wish to alter this file to override the set of languages analyzed, # or to provide custom queries or build logic. # - +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# name: "CodeQL" on: push: - branches: [main] + branches: ["master", "main"] pull_request: # The branches below must be a subset of the branches above - branches: [main] + branches: ["master", "main"] schedule: - - cron: "15 12 * * 3" + - cron: "27 4 * * 5" jobs: analyze: @@ -29,8 +33,8 @@ jobs: fail-fast: false matrix: language: ["python"] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more about CodeQL language support at https://git.io/codeql-language-support + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - name: Checkout repository @@ -41,27 +45,12 @@ jobs: uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} - queries: +security-extended + queries: security-extended # security-and-quality # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/bin/workflows/codeql-analysis-ruby.yml b/bin/workflows/codeql-analysis-ruby.yml index f28805f..4782fe2 100644 --- a/bin/workflows/codeql-analysis-ruby.yml +++ b/bin/workflows/codeql-analysis-ruby.yml @@ -4,17 +4,21 @@ # You may wish to alter this file to override the set of languages analyzed, # or to provide custom queries or build logic. # - +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# name: "CodeQL" on: push: - branches: [main] + branches: ["master", "main"] pull_request: # The branches below must be a subset of the branches above - branches: [main] + branches: ["master", "main"] schedule: - - cron: "28 5 * * 3" + - cron: "27 4 * * 5" jobs: analyze: @@ -29,8 +33,8 @@ jobs: fail-fast: false matrix: language: ["ruby"] - # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] - # Learn more about CodeQL language support at https://git.io/codeql-language-support + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support steps: - name: Checkout repository @@ -41,27 +45,12 @@ jobs: uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} - queries: +security-extended + queries: security-extended # security-and-quality # If you wish to specify custom queries, you can do so here or in a config file. # By default, queries listed here will override any specified in a config file. # Prefix the list here with "+" to use these queries and those in the config file. - # queries: ./path/to/local/query, your-org/your-repo/queries@main - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 https://git.io/JvXDl - - # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines - # and modify them (or add more) to build your code if your project - # uses a compiled language - - #- run: | - # make bootstrap - # make release - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 + with: + category: "/language:${{matrix.language}}" diff --git a/src/utils/commitFile.ts b/src/utils/commitFile.ts index ee4e233..a78690a 100644 --- a/src/utils/commitFile.ts +++ b/src/utils/commitFile.ts @@ -27,6 +27,7 @@ if (platform !== "win32" && platform !== "darwin" && platform !== "linux") { export const commitFileMac = async ( owner: string, repo: string, + primaryLanguage: string, refs: string, authToken: string ): Promise => { @@ -43,10 +44,15 @@ export const commitFileMac = async ( const { env: { LANGUAGE_TO_CHECK: language }, } = process; + let codeQLLanguage = language; + if (!codeQLLanguage && primaryLanguage != "no-language") { + codeQLLanguage = primaryLanguage; + } + if (!codeQLLanguage) { + return { status: 500, message: "no language on repo" }; + } - const fileName = language - ? `codeql-analysis-${language}.yml` - : "codeql-analysis-standard.yml"; + const fileName = `codeql-analysis-${codeQLLanguage}.yml`; try { gitCommands = generalCommands( diff --git a/src/utils/getcodeQLLanguage.ts b/src/utils/getcodeQLLanguage.ts new file mode 100644 index 0000000..e1c82a7 --- /dev/null +++ b/src/utils/getcodeQLLanguage.ts @@ -0,0 +1,38 @@ +/** + * Get the CodeQL language that corresponds to the primary language for the repo. + * Any language that does not match a currently supported language in CodeQL will return no-language + * @param primaryLanguage + * @returns the CodeQL mapped language + */ +export const getcodeQLLanguage = (primaryLanguage: string): string => { + const formattedLanguage = primaryLanguage.toLocaleLowerCase(); + let codeQLLang = ""; + switch (formattedLanguage) { + case "javascript": + codeQLLang = "javascript"; + break; + case "java": + codeQLLang = "java"; + break; + case "go": + codeQLLang = "go"; + break; + case "python": + codeQLLang = "python"; + break; + case "c++": + codeQLLang = "cpp"; + break; + case "c#": + codeQLLang = "csharp"; + break; + case "ruby": + codeQLLang = "ruby"; + break; + default: + codeQLLang = "no-language"; + break; + } + + return codeQLLang; +}; diff --git a/src/utils/paginateQuery.ts b/src/utils/paginateQuery.ts index f535a0b..f9a777e 100644 --- a/src/utils/paginateQuery.ts +++ b/src/utils/paginateQuery.ts @@ -11,6 +11,7 @@ import { import { filterAsync } from "./filterAsync"; import { error, inform } from "./globals"; +import { getcodeQLLanguage } from "./getcodeQLLanguage"; const performRepositoryQuery = async ( client: Octokit, @@ -103,6 +104,7 @@ const getRepositoryInOrganizationPaginate = async ( enableSecretScanning: enable.includes("secretscanning") as boolean, enableCodeScanning: enable.includes("codescanning") as boolean, enablePushProtection: enable.includes("pushprotection") as boolean, + primaryLanguage: getcodeQLLanguage(element.primaryLanguage?.name || ""), createIssue: process.env.CREATE_ISSUE === "true" ? true : (false as boolean), repo: element.nameWithOwner, @@ -136,7 +138,7 @@ export const paginateQuery = async ( slug, graphQuery ); - return data; + return data.filter(({ primaryLanguage: pl }) => pl !== "no-language"); } catch (err) { error(err); throw err; diff --git a/src/utils/worker.ts b/src/utils/worker.ts index b9ea319..f35b56c 100644 --- a/src/utils/worker.ts +++ b/src/utils/worker.ts @@ -62,6 +62,7 @@ export const worker = async (): Promise => { enableDependabotUpdates, enableSecretScanning, enablePushProtection, + primaryLanguage, createIssue, enableCodeScanning, } = repos[orgIndex].repos[repoIndex]; @@ -93,8 +94,8 @@ export const worker = async (): Promise => { ) : null; - // Kick off the process for enabling Code Scanning - if (enableCodeScanning) { + // Kick off the process for enabling Code Scanning only if it is set to be enabled AND the primary language for the repo exists. If it doesn't exist that means CodeQL doesn't support it. + if (enableCodeScanning && primaryLanguage != "no-language") { // First, let's check and see if CodeQL has already ran on that repository. If it has, we don't need to do anything. const codeQLAlreadyRan = await checkIfCodeQLHasAlreadyRanOnRepo( owner, @@ -119,7 +120,7 @@ export const worker = async (): Promise => { ); const ref = await createBranch(defaultBranchSHA, owner, repo, client); const authToken = (await generateAuth()) as string; - await commitFileMac(owner, repo, ref, authToken); + await commitFileMac(owner, repo, primaryLanguage, ref, authToken); const pullRequestURL = await createPullRequest( defaultBranch, ref, diff --git a/types/common/index.d.ts b/types/common/index.d.ts index 910910b..25e14cb 100644 --- a/types/common/index.d.ts +++ b/types/common/index.d.ts @@ -7,6 +7,7 @@ export type reposFile = { enableCodeScanning: boolean; enablePushProtection: boolean; createIssue: boolean; + primaryLanguage: string; repo: string; }[]; }[]; @@ -33,8 +34,9 @@ export type usersWriteAdminRepos = { enableDependabotUpdates: boolean; enableSecretScanning: boolean; enableCodeScanning: boolean; - createIssue: boolean; enablePushProtection: boolean; + createIssue: boolean; + primaryLanguage: string; repo: string; };