-
Notifications
You must be signed in to change notification settings - Fork 0
202 lines (184 loc) · 8.72 KB
/
public-analyze-code-graph.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
# This is the public version of the code graph analysis workflow that can be used by other projects.
name: Code Graph Analysis
on:
workflow_call:
inputs:
analysis-name:
description: >
The name of the project to analyze.
Example: MyProject-1.0.0
required: true
type: string
artifacts-upload-name:
description: >
The name of the artifacts uploaded with 'actions/upload-artifact'
containing the content of the 'artifacts' directory for the analysis.
Use it to analyze Java JARs, WARs, EARs, etc.
required: false
type: string
default: ''
sources-upload-name:
description: >
The name of the sources uploaded with 'actions/upload-artifact'
containing the content of the 'source' directory for the analysis.
Also supports sub-folders for multiple source code bases.
Please use 'include-hidden-files: true' if you also want to upload the git history.
required: false
type: string
default: ''
ref:
description: >
The branch, tag or SHA of the code-graph-analysis-pipeline to checkout.
Default: "main"
required: false
type: string
default: ''
analysis-arguments:
description: >
The arguments to pass to the analysis script.
Default: '--profile Neo4j-latest-low-memory'
required: false
type: string
default: '--profile Neo4j-latest-low-memory'
typescript-scan-heap-memory:
description: >
The heap memory size in MB to use for the TypeScript code scans (default=4096).
This value is only used for the TypeScript code scans and is ignored for other scans.
required: false
type: string
default: '4096'
retention-days:
description: >
The number of days to keep the uploaded artifacts.
Default: 5
required: false
type: number
default: 5
outputs:
uploaded-analysis-results:
description: >
The name of the artifact uploaded with 'actions/upload-artifact'
containing all analysis results.
value: ${{ jobs.analyze-code-graph.outputs.uploaded-analysis-results-artifact-name }}
jobs:
analyze-code-graph:
runs-on: ubuntu-22.04
outputs:
uploaded-analysis-results-artifact-name: ${{ steps.set-analysis-results-artifact-name.outputs.uploaded-analysis-results-artifact-name }}
strategy:
matrix:
include:
- os: ubuntu-22.04
java: 21
python: 3.12
miniforge: 24.9.0-0
steps:
- name: Assure that either artifacts-upload-name or sources-upload-name is set
if: inputs.artifacts-upload-name == '' && inputs.sources-upload-name == ''
run: echo "Please specify either the input parameter 'artifacts-upload-name' or 'sources-upload-name'."; exit 1
- name: Assemble ENVIRONMENT_INFO
run: echo "ENVIRONMENT_INFO=-java-${{ matrix.java }}-python-${{ matrix.python }}-miniforge-${{ matrix.miniforge }}" >> $GITHUB_ENV
- name: (Code Analysis Setup) Checkout code-graph-analysis-pipeline
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
repository: JohT/code-graph-analysis-pipeline
ref: ${{ inputs.ref }}
persist-credentials: false
- name: (Java Setup) Java Development Kit (JDK) ${{ matrix.java }}
uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4
with:
distribution: "temurin"
java-version: ${{ matrix.java }}
# "Setup Python" can be skipped if jupyter notebook analysis-results aren't needed
- name: (Python Setup) Use version ${{ matrix.python }} with Conda package manager Miniforge
id: prepare-conda-environment
uses: conda-incubator/setup-miniconda@505e6394dae86d6a5c7fbb6e3fb8938e3e863830 # v3
with:
python-version: ${{ matrix.python }}
miniforge-version: ${{ matrix.miniforge }}
activate-environment: codegraph
environment-file: ./jupyter/environment.yml
auto-activate-base: false
show-channel-urls: true
- name: (Python Setup) Conda environment info
shell: bash -el {0}
run: |
conda info
conda list
conda config --show-sources
conda config --show
- name: (Code Analysis Setup) Setup Cache Analysis Downloads
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4
with:
path: ./temp/downloads
key:
${{ runner.os }}-${{ hashFiles('**/*.sh') }}
- name: (Code Analysis Setup) Generate Neo4j Initial Password
id: generate-neo4j-initial-password
run: |
generated_password=$( LC_ALL=C tr -dc '[:graph:]' </dev/urandom | head -c 12; echo )
echo "::add-mask::$generated_password"
echo "neo4j-initial-password=$generated_password" >> "$GITHUB_OUTPUT"
- name: (Code Analysis Setup) Initialize Analysis
env:
NEO4J_INITIAL_PASSWORD: ${{ steps.generate-neo4j-initial-password.outputs.neo4j-initial-password }}
run: ./init.sh ${{ inputs.analysis-name }}
- name: (Code Analysis Setup) Download sources for analysis
if: inputs.sources-upload-name != ''
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with:
name: ${{ inputs.sources-upload-name }}
path: temp/${{ inputs.analysis-name }}/source/${{ inputs.analysis-name }}
- name: (Code Analysis Setup) Download artifacts for analysis
if: inputs.artifacts-upload-name != ''
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
with:
name: ${{ inputs.artifacts-upload-name }}
path: temp/${{ inputs.analysis-name }}/artifacts
- name: (Debug) Log folder structure of temp directory
if: runner.debug == '1'
working-directory: temp
run: |
ls -R | grep ":$" | sed -e 's/:$//' -e 's/[^-][^\/]*\//--/g' -e 's/^/ /' -e 's/-/|/'
- name: (Code Analysis) Analyze ${{ inputs.analysis-name }}
working-directory: temp/${{ inputs.analysis-name }}
# Shell type can be skipped if jupyter notebook analysis-results (and therefore conda) aren't needed
shell: bash -el {0}
env:
NEO4J_INITIAL_PASSWORD: ${{ steps.generate-neo4j-initial-password.outputs.neo4j-initial-password }}
ENABLE_JUPYTER_NOTEBOOK_PDF_GENERATION: "true"
IMPORT_GIT_LOG_DATA_IF_SOURCE_IS_PRESENT: "" # Options: "none", "aggregated", "full". default = "plugin" or ""
PREPARE_CONDA_ENVIRONMENT: "false" # Had already been done in step with id "prepare-conda-environment".
run: |
TYPESCRIPT_SCAN_HEAP_MEMORY=${{ inputs.typescript-scan-heap-memory }} ./../../scripts/analysis/analyze.sh ${{ inputs.analysis-arguments }}
- name: Set artifact name for uploaded analysis results
id: set-analysis-results-artifact-name
run: echo "uploaded-analysis-results-artifact-name=code-analysis-results-${{ env.ENVIRONMENT_INFO }}" >> $GITHUB_OUTPUT
# Upload successful analysis-results in case they are needed for troubleshooting
- name: (Code Analysis Results) Archive successful analysis-results
if: success()
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4
with:
name: ${{ steps.set-analysis-results-artifact-name.outputs.uploaded-analysis-results-artifact-name }}
path: ./temp/${{ inputs.analysis-name }}/reports/*
if-no-files-found: error
retention-days: ${{ inputs.retention-days }}
# Upload logs and unfinished analysis-results in case of an error for troubleshooting
- name: (Code Analysis Results) Archive failed run with logs and unfinished analysis-results
if: failure()
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4
with:
name: code-analysis-logs-${{ env.ENVIRONMENT_INFO }}
path: |
./temp/**/runtime/*
./temp/**/reports/*
# Upload Database Export
# Only possible after an export with "./../../scripts/analysis/analyze.sh --report DatabaseCsvExport"
# Won't be done here because of performance and security concerns
#- name: Archive exported database
# uses: actions/upload-artifact@v3
# with:
# name: typescript-code-analysis-database-export-${{ matrix.java }}-python-${{ matrix.python }}-miniforge-${{ matrix.miniforge }}
# path: ./temp/**/import
# if-no-files-found: error
# retention-days: 5