Allow Code Quality only analysis by mbg · Pull Request #3064 · github/codeql-action (original) (raw)

This is a first stab at enabling Code Quality analysis to be able to run on its own, while also maintaining the ability for it to run in addition to a Code Scanning analysis.

Fundamentally, this means that there are two separate ways in which Code Quality analysis can run:

1. The existing "add-on" implementation, where the database is initialised for Code Scanning, and we inject the code-quality suite into the run-queries call. The Code Quality SARIF is then generated by an extra call to interpret-results.
2. The new "standalone" implementation, where the database is initialised for Code Quality by disabling default queries and configuring the database with code-quality queries.

43d9bc8 and 5d95d46 implement the bulk of the changes needed for the "add-on" implementation that result from needing to check whether Code Quality is enabled in addition to or instead of Code Scanning.

1746aed implements the bulk of the changes needed for the "standalone" implementation. Concretely, this checks whether Code Quality is enabled on its own, and then mutates the configuration as necessary.

Probably best reviewed commit-by-commit.

Risk assessment

For internal use only. Please select the risk level of this change:

• High risk: Changes are not fully under feature flags, have limited visibility and/or cannot be tested outside of production.

Merge / deployment checklist

• Confirm this change is backwards compatible with existing workflows.
• Consider adding a changelog entry for this change.
• Confirm the readme and docs have been updated if necessary.