Skip to content
Back to pull request #19965

[branch-out] Quarantine Flaky Tests - 2025-10-19 #19716

Sign in to view logs

[branch-out] Quarantine Flaky Tests - 2025-10-19

[branch-out] Quarantine Flaky Tests - 2025-10-19 #19716

Workflow file for this run

.github/workflows/codeql.yml at 3b67d30
name: "CodeQL Advanced"
on:
push:
branches:
- develop
- release/*
merge_group:
pull_request:
schedule:
- cron: "22 22 * * 2"
jobs:
analyze:
name: Analyze (${{ matrix.language }})
needs: [ runner-config ]
runs-on: ${{ matrix.runs-on || 'ubuntu-latest' }}
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
strategy:
fail-fast: false
matrix:
include:
- language: actions
build-mode: none
- language: go
build-mode: manual
runs-on: ${{ needs.runner-config.outputs.go-runner }}
- language: javascript-typescript
build-mode: none
codeql-config: |
paths-ignore:
- 'core/web/assets'
- '**/node_modules/**'
- language: python
build-mode: none
steps:
- name: Enable S3 Cache for Self-Hosted Runners
# these env vars are set (and exposed) when it is a self-hosted runner with extras=s3-cache
if: ${{ env.RUNS_ON_INSTANCE_ID != '' && env.ACTIONS_CACHE_URL != '' }}
uses: runs-on/action@66d4449b717b5462159659523d1241051ff470b9 # v1
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Go
if: matrix.language == 'go'
uses: ./.github/actions/setup-go
with:
restore-build-cache-only: ${{ github.event_name != 'push' }}
build-cache-version: "codeql"
- name: Touching core/web/assets/index.html
if: matrix.language == 'go'
run: mkdir -p core/web/assets && touch core/web/assets/index.html
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
config: ${{ matrix.codeql-config || '' }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
- name: Build go code manually
if: matrix.language == 'go'
run: |
echo "::group::Builing all go code (go build ./...)"
go build ./...
echo "::endgroup::"
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"
runner-config:
name: Runner Config
runs-on: ubuntu-latest
permissions:
pull-requests: read
contents: read
env:
SH_GO_RUNNER: runs-on=${{ github.run_id }}/cpu=32/ram=64/family=c6i/spot=false/extras=s3-cache+tmpfs
GH_GO_RUNNER: ubuntu24.04-8cores-32GB
outputs:
go-runner: ${{ steps.go-codeql.outputs.go-runner }}
steps:
- name: Get PR Labels
id: pr-labels
uses: smartcontractkit/.github/actions/get-pr-labels@get-pr-labels/v1
with:
check-label: "runs-on-opt-out"
- name: Select runners for go codeql
id: go-codeql
shell: bash
env:
OPT_OUT: ${{ steps.pr-labels.outputs.check-label-found || 'false' }}
run: |
if [[ "$OPT_OUT" == "true" ]]; then
echo "Opt-out is true for current run. Using gh-hosted runner for Go codeql."
echo "go-runner=${GH_GO_RUNNER}" | tee -a $GITHUB_OUTPUT
exit 0
fi
echo "Opt-out is false for current run. Using self-hosted runner for Go codeql."
echo "go-is-self-hosted=true" | tee -a $GITHUB_OUTPUT
echo "go-runner=${SH_GO_RUNNER}" | tee -a $GITHUB_OUTPUT