[WIP] Add packs and queries from input

This commit adds the packs and queries from the actions input to the
config file used by the CodeQL CLI.

When the `+` is used, the input is combined with the config and when it
is not used, the input overrides the config.

Fixes

Fix

Author: aeisenberg

.github/check-codescanning-config/action.yml

@@ -0,0 +1,59 @@
+name: Check Code-Scanning Config
+description: |
+    Checks the code scanning configuration file generated by the
+    action to ensure it contains the expected contents
+inputs:
+  languages:
+    required: false
+    description: The languages field passed to the init action.
+
+  packs:
+    required: false
+    description: The packs field passed to the init action.
+
+  queries:
+    required: false
+    description: The queries field passed to the init action.
+
+  config-file:
+    required: false
+    description: |
+      The location of the config file to use. If empty,
+      then no config file is used.
+
+  expected-config-file-contents:
+    required: true
+    description: |
+      A JSON string containing the exact contents of the config file.
+
+  tools:
+    required: true
+    description: |
+      The url of codeql to use.
+
+runs:
+  using: composite
+  steps:
+    - uses: ./../action/init
+      with:
+        languages: ${{ inputs.languages }}
+        config-file: ${{ inputs.config-file }}
+        queries: ${{ inputs.queries }}
+        packs: ${{ inputs.packs }}
+        tools: ${{ inputs.tools }}
+        db-location: ${{ runner.temp }}/codescanning-config-cli-test
+
+    - name: Install dependencies
+      shell: bash
+      run: npm i -g ts-node js-yaml
+
+    - name: Check config
+      working-directory: ${{ github.action_path }}
+      shell: bash
+      run: ts-node ./index.ts "${{ runner.temp }}/user-config.yaml" "${{ inputs.expected-config-file-contents }}"
+
+    - name: Clean up
+      shell: bash
+      run: |
+        rm -rf ${{ runner.temp }}/codescanning-config-cli-test
+        rm -rf ${{ runner.temp }}/user-config.yaml

.github/check-codescanning-config/index.ts

@@ -0,0 +1,25 @@
+
+import * as core from '@actions/core'
+import * as yaml from 'js-yaml'
+import * as fs from 'fs'
+import * as assert from 'assert'
+
+const rawActualConfig = fs.readFileSync(process.argv[2], 'utf8')
+core.startGroup('Actual generated user config')
+core.info(rawActualConfig)
+core.endGroup()
+
+const actualConfig = yaml.load(rawActualConfig)
+
+const rawExpectedConfig = process.argv[3]
+core.startGroup('Expected generated user config')
+core.info(rawExpectedConfig)
+core.endGroup()
+
+const expectedConfig = rawExpectedConfig ? JSON.parse(rawExpectedConfig) : undefined;
+
+assert.deepStrictEqual(
+  actualConfig,
+  expectedConfig,
+  'Expected configuration does not match actual configuration'
+);

.github/query-filter-test/action.yml

@@ -49,4 +49,4 @@ runs:
         queries-not-run: ${{ inputs.queries-not-run}}
     - name: Cleanup after test
       shell: bash
-      run: rm -rf "$RUNNER_TEMP/results" "$RUNNER_TEMP//query-filter-test"
+      run: rm -rf "$RUNNER_TEMP/results" "$RUNNER_TEMP/query-filter-test"

.github/workflows/__ml-powered-queries.yml

@@ -0,0 +1,176 @@
+# Tests that the generated code scanning config file contains the expected contents
+
+name: Code-Scanning config CLI tests
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  CODEQL_PASS_CONFIG_TO_CLI: true
+
+on:
+  push:
+    branches:
+    - main
+    - releases/v1
+    - releases/v2
+  pull_request:
+    types:
+    - opened
+    - synchronize
+    - reopened
+    - ready_for_review
+  workflow_dispatch: {}
+
+jobs:
+  code-scanning-config-tests:
+    # Code-Scanning config not created because environment variable is not set
+    name: Code Scanning Configuration tests
+    timeout-minutes: 45
+    runs-on: ubuntu-latest
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+    - name: Prepare test
+      id: prepare-test
+      uses: ./.github/prepare-test
+      with:
+        version: latest
+
+    - name: Empty file
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: "{}"
+        languages: javascript
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Packs from input
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "packs": [" dsp-testing/[email protected]", "dsp-testing/codeql-pack2" ]
+          }
+        languages: javascript
+        packs: dsp-testing/[email protected], dsp-testing/codeql-pack2
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Packs from input with +
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "packs": ["dsp-testing/[email protected]", "dsp-testing/codeql-pack2" ]
+          }
+        languages: javascript
+        packs: + dsp-testing/[email protected], dsp-testing/codeql-pack2
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Queries from input
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }]
+          }
+        languages: javascript
+        queries: ./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Queries from input with +
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }]
+          }
+        languages: javascript
+        queries: + ./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Queries and packs from input with +
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }],
+            "packs": ["dsp-testing/[email protected]", "dsp-testing/codeql-pack2" ]
+          }
+        languages: javascript
+        queries: + ./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql
+        packs: + dsp-testing/[email protected], dsp-testing/codeql-pack2
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Queries and packs from config
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }],
+            "packs": {
+              "javascript": ["dsp-testing/[email protected]", "dsp-testing/codeql-pack2" ]
+            }
+          }
+        languages: javascript
+        queries: + ./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql
+        packs: + dsp-testing/[email protected], dsp-testing/codeql-pack2
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Queries and packs from config overriden by input
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "queries": [{ "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" }],
+            "packs": ["codeql/javascript-queries"]
+          }
+        languages: javascript
+        queries: ./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql
+        packs: codeql/javascript-queries
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Queries and packs from config merging with input
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "queries": [
+              { "uses": "./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql" },
+              { "uses": "./codeql-qlpacks/complex-javascript-qlpack/foo2/show_ifs.ql" }
+            ],
+            "packs": {
+              "javascript": ["dsp-testing/[email protected]", "dsp-testing/codeql-pack2", "codeql/javascript-queries" ]
+            }
+          }
+        languages: javascript
+        queries: + ./codeql-qlpacks/complex-javascript-qlpack/show_ifs.ql
+        packs: + codeql/javascript-queries
+        config-file: tests/multi-language-repo/.github/codeql/queries-and-packs-config.yml
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Multi-language packs from config
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "packs": {
+              "javascript": ["dsp-testing/[email protected]", "dsp-testing/codeql-pack2", "codeql/javascript-queries" ],
+              "ruby": ["codeql/i-dont-exist", "codeql/hucairz"]
+            }
+          }
+        languages: javascript
+        config-file: tests/multi-language-repo/.github/codeql/multi-language-packs-config copy.yml
+        tools: ${{ steps.prepare-test.outputs.tools-url }}
+
+    - name: Other config properties
+      uses: ./../action/.github/check-codescanning-config
+      with:
+        expected-config-file-contents: |
+          {
+            "name": "Config using all properties",
+            "packs": ["codeql/javascript-queries" ],
+            "disable-default-queries": true,
+            "paths-ignore": ["xxx"],
+            "paths": ["yyy"]
+          }
+        languages: javascript
+        packs: + codeql/javascript-queries
+        config-file: tests/multi-language-repo/.github/codeql/other-config-properties.yml
+        tools: ${{ steps.prepare-test.outputs.tools-url }}