init

Author: leftrightleft

.gitignore

@@ -0,0 +1 @@
+venv/

Dockerfile

@@ -0,0 +1,8 @@
+FROM python:3.10-slim-buster
+
+COPY . /
+
+RUN pip install -r requirements.txt
+
+# Code file to execute when the docker container starts up (`entrypoint.sh`)
+ENTRYPOINT ["/entrypoint.sh"]

README.md

@@ -0,0 +1,63 @@
+# set-codeql-languages
+
+This action reads the languages API for your repository and sets the CodeQL supported languages as the job matrix for your Actions run.
+
+## Why use this action?
+
+The default Actions workflow for CodeQL auto-populates the job matrix with your repo's supported CodeQL languages.  However, as new code is added to a repository, that language matrix is not updated.  You need to manually add those languages to the matrix definition to have CodeQL scan them.  
+
+This action reads the repository languages API and adds all supported languages to the job matrix.  No additional configuration is required.
+
+## How to use this action
+
+Call this action before defining the CodeQL analyze job strategy, then set the matrix to the output from the action: `${{ fromJSON(needs.create-matrix.outputs.matrix) }}`
+
+**Example**
+```
+name: "CodeQL"
+
+on: workflow_dispatch
+
+jobs:
+  create-matrix:
+    name: Set CodeQL Languages
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.languages }}
+    steps:
+      - name: Get languages from repo
+        id: get-languages
+        uses: leftrightleft/set-codeql-languages@main
+        with:
+          access-token: ${{ secrets.GITHUB_TOKEN }}
+          endpoint: ${{ github.event.repository.languages_url }}
+          
+  analyze:
+    needs: create-matrix
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    strategy:
+      fail-fast: false
+      matrix: 
+        language: ${{ fromJSON(needs.create-matrix.outputs.matrix) }} # Set output from create-matrix job
+        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: ${{ matrix.language }}
+
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

action.yml

@@ -0,0 +1,21 @@
+# action.yml
+name: 'Set CodeQL Languages'
+description: 'Auto-populate the Actions matrix definition to include languages for CodeQL'
+inputs:
+  access-token:  
+    description: 'github token'
+    required: true
+  endpoint:
+    description: 'languages API endpoint'
+    required: true
+outputs:
+  languages:
+    description: 'List of languages that will set the job matrix'
+runs:
+  using: 'docker'
+  image: 'Dockerfile'
+  args:
+   - ${{ inputs.access-token }}
+   - ${{ inputs.endpoint }}
+   - ${{ inputs.codeql-languages }}
+

entrypoint.sh

@@ -0,0 +1,4 @@
+#!/bin/sh -l
+
+# kick off the command
+python /main.py $1 $2 $3

main.py

@@ -0,0 +1,44 @@
+import os
+import requests
+import json
+import sys
+
+token = sys.argv[1]
+endpoint = sys.argv[2]
+codeql_languages = ["cpp", "csharp", "go", "java", "javascript", "python", "ruby"]
+
+
+# Connect to the languages API and return languages
+def get_languages():
+    headers = {'Authorization': 'Bearer ' + token, 'Accept': 'application/vnd.github.v3+json'}
+    response = requests.get(endpoint, headers=headers)
+    return response.json()
+
+# Find the intersection of the languages returned by the API and the languages supported by CodeQL
+def build_languages_list(languages):
+    languages = [language.lower() for language in languages.keys()]
+    for i in range(len(languages)):
+        if languages[i] == "c#":
+            languages[i] = ("csharp")
+        if languages[i] == "c++":
+            languages[i] = ("cpp")
+
+    intersection = list(set(languages) & set(codeql_languages))
+    return intersection
+
+# Set the output of the action
+def set_action_output(output_name, value) :
+    if "GITHUB_OUTPUT" in os.environ :
+        with open(os.environ["GITHUB_OUTPUT"], "a") as f :
+            print("{0}={1}".format(output_name, value), file=f)
+    print("{0}={1}".format(output_name, value))
+
+def main():
+    languages = get_languages()
+    output = build_languages_list(languages)
+    set_action_output("languages", json.dumps(output))
+
+if __name__ == '__main__':
+    main()
+
+

requirements.txt

@@ -0,0 +1,5 @@
+certifi==2022.9.24
+charset-normalizer==2.1.1
+idna==3.4
+requests==2.28.1
+urllib3==1.26.12