Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add documentation for the tools option in the various workflow files #2284

Merged
merged 3 commits into from
May 13, 2024
Merged

Add documentation for the tools option in the various workflow files #2284

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
6182f33
Add documentation for the tools option in the various workflow files
NlightNFotis May 10, 2024
eb4969f
Clarify wording
NlightNFotis May 10, 2024
4f59156
Improve wording on internal workflows and add clarification for tools…
NlightNFotis May 13, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 9 additions & 1 deletion .github/actions/check-codescanning-config/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,15 @@ inputs:
tools:
required: true
description: |
The url of codeql to use.
The version of the CodeQL tools to use. This can be any of the following:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an action used internally for testing only. Maybe better to change this to:

Suggested change
The version of the CodeQL tools to use. This can be any of the following:
The version of CodeQL passed to the `tools` input of the init action.


- A local path to a tarball containing the CodeQL tools, or
- A URL to a GitHub release assets containing the CodeQL tools, or
- A special value `linked` which is forcing the use of the CodeQL tools
that the action has been bundled with.

If not specified, the Action will check in several places until it finds
the CodeQL tools.

runs:
using: composite
Expand Down
10 changes: 9 additions & 1 deletion .github/actions/query-filter-test/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,15 @@ inputs:
tools:
required: true
description: |
The url of codeql to use.
The version of the CodeQL tools to use. This can be any of the following:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same comment as above.


- A local path to a tarball containing the CodeQL tools, or
- A URL to a GitHub release assets containing the CodeQL tools, or
- A special value `linked` which is forcing the use of the CodeQL tools
that the action has been bundled with.

If not specified, the Action will check in several places until it finds
the CodeQL tools.

runs:
using: composite
Expand Down
11 changes: 9 additions & 2 deletions init/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,16 @@ description: 'Set up CodeQL'
author: 'GitHub'
inputs:
tools:
description: URL of CodeQL tools
description: >-
By default, the Action will use the recommended version of the CodeQL
Bundle to analyze your project. You can override this choice using this
input. One of:

- A local path to a CodeQL Bundle tarball, or
- The URL of a CodeQL Bundle tarball GitHub release asset, or
- A special value `linked` which uses the version of the CodeQL tools
that the Action has been bundled with.
required: false
# If not specified the Action will check in several places until it finds the CodeQL tools.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think keeping this line and removing the # is useful. At some point, but not here, we should document exactly which places are checked.

Copy link
Contributor

@henrymercer henrymercer May 13, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "check in several places" comment feels more about implementation under the hood than what the input actually means, and in fact applies even if you do specify an input. For instance, if you specify a URL we will try to extract the CodeQL version from the URL and use the toolcache if we can find a matching version. Overall, I'd prefer to remove this in favour of saying we'll use the recommended version if you don't specify an input, but I don't feel that strongly about it.

languages:
description: >-
A comma-separated list of CodeQL languages to analyze.
Expand Down
Loading