File tree 1 file changed +47
-1
lines changed
1 file changed +47
-1
lines changed Original file line number Diff line number Diff line change 3838 # only required for workflows in private repositories
3939 actions : read
4040 contents : read
41- pull-requests : read
4241
4342 strategy :
4443 fail-fast : false
9695 with :
9796 category : " /language:${{matrix.language}}"
9897 output : sarif-results
98+
99+ check_codeql_status :
100+ if : $( github.event_name == 'pull_request' )
101+ name : Check CodeQL Status
102+ needs : analyze
103+ permissions :
104+ contents : read
105+ checks : read
106+ pull-requests : read
107+ runs-on : ' ubuntu-latest'
108+ steps :
109+ - name : Authenticate gh CLI
110+ run : |
111+ gh auth login --with-token <<< "$"
112+
113+ name : Check CodeQL status
114+ run : |
115+ response=$(gh api graphql -f query='
116+ {
117+ repository(owner: "$", name: "$") {
118+ pullRequest(number: $) {
119+ commits(last: 1) {
120+ nodes {
121+ commit {
122+ checkSuites(first: 1, filterBy: {checkName: "CodeQL"}) {
123+ nodes {
124+ checkRuns(first: 1) {
125+ nodes {
126+ name
127+ status
128+ conclusion
129+ }
130+ }
131+ }
132+ }
133+ }
134+ }
135+ }
136+ }
137+ }
138+ }
139+ ')
140+ conclusion=$(echo $response | jq -r '.data.repository.pullRequest.commits.nodes[0].commit.checkSuites.nodes[0].checkRuns.nodes[0].conclusion')
141+ if [ "$conclusion" != "SUCCESS" ]; then
142+ echo "CodeQL check failed"
143+ exit 1
144+ fi
You can’t perform that action at this time.
0 commit comments