| name: Run CodeQL Analysis |
| description: Run and upload CodeQL Analysis |
| inputs: |
| language: |
| description: "language for codeql analysis" |
| required: true |
| runs: |
| using: "composite" |
| steps: |
| - name: Perform CodeQL Analysis |
| if: ${{ inputs.run-codeql }} |
| uses: github/codeql-action/analyze@v2 |
| with: |
| category: "/language:${{ inputs.language }}" |
| upload: False |
| output: sarif-results |
| - name: filter-sarif |
| if: ${{ inputs.run-codeql }} |
| uses: advanced-security/filter-sarif@v1 |
| with: |
| patterns: | |
| -**/third_party/** |
| -**/scripts/** |
| input: "sarif-results/${{ inputs.language }}.sarif" |
| output: "sarif-results/${{ inputs.language }}.sarif" |
| |
| - name: Upload SARIF |
| if: ${{ inputs.run-codeql }} |
| uses: github/codeql-action/upload-sarif@v2 |
| with: |
| sarif_file: "sarif-results/${{ inputs.language }}.sarif" |
| - name: Upload loc as a Build Artifact |
| if: ${{ inputs.run-codeql }} |
| uses: actions/upload-artifact@v2.2.0 |
| with: |
| name: sarif-results |
| path: sarif-results |
| retention-days: 1 |