From 32f5bba0395a5e3a5c6bbb485deee81397cde011 Mon Sep 17 00:00:00 2001 From: Saumya-R Date: Wed, 18 Mar 2026 12:23:25 +0530 Subject: [PATCH 1/2] adding a comment to test --- scripts/generate_rust_analyzer_support.sh | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/scripts/generate_rust_analyzer_support.sh b/scripts/generate_rust_analyzer_support.sh index 23998bb4cec..5014d236858 100755 --- a/scripts/generate_rust_analyzer_support.sh +++ b/scripts/generate_rust_analyzer_support.sh @@ -1,6 +1,8 @@ #!/bin/bash -set -e +set -e # Manual targets are not take into account, must be set explicitly -bazel run @rules_rust//tools/rust_analyzer:gen_rust_project -- "@//feature_showcase/..." "@//feature_integration_tests/rust_test_scenarios:rust_test_scenarios" \ No newline at end of file +bazel run @rules_rust//tools/rust_analyzer:gen_rust_project -- "@//feature_showcase/..." "@//feature_integration_tests/rust_test_scenarios:rust_test_scenarios" + +# will add filters here From c89bc953ea030258cbe7bb9686a6148f9fec51d6 Mon Sep 17 00:00:00 2001 From: Saumya Rai Date: Wed, 18 Mar 2026 12:49:44 +0530 Subject: [PATCH 2/2] Enhance SARIF processing with error handling Added error handling and jq dependency check for SARIF processing. Signed-off-by: Saumya Rai --- .../workflows/codeql-multiple-repo-scan.yml | 66 +++++++++++++++---- 1 file changed, 52 insertions(+), 14 deletions(-) diff --git a/.github/workflows/codeql-multiple-repo-scan.yml b/.github/workflows/codeql-multiple-repo-scan.yml index 35f45d63875..df78c1ce976 100644 --- a/.github/workflows/codeql-multiple-repo-scan.yml +++ b/.github/workflows/codeql-multiple-repo-scan.yml @@ -174,24 +174,62 @@ jobs: run: | RECATEGORIZE_SCRIPT="codeql-coding-standards-repo/scripts/guideline_recategorization/recategorize.py" CODING_STANDARDS_CONFIG="./.github/codeql/coding-standards.yml" - + CODING_STANDARDS_SCHEMA="codeql-coding-standards-repo/schemas/coding-standards-schema-1.0.0.json" SARIF_SCHEMA="codeql-coding-standards-repo/schemas/sarif-schema-2.1.0.json" - - - SARIF_FILE="sarif-results/cpp.sarif" - + + SARIF_FILE="sarif-results/cpp.sarif" + mkdir -p sarif-results-recategorized echo "Processing $SARIF_FILE for recategorization..." + python3 "$RECATEGORIZE_SCRIPT" \ - --coding-standards-schema-file "$CODING_STANDARDS_SCHEMA" \ - --sarif-schema-file "$SARIF_SCHEMA" \ - "$CODING_STANDARDS_CONFIG" \ - "$SARIF_FILE" \ - "sarif-results-recategorized/$(basename "$SARIF_FILE")" - - rm "$SARIF_FILE" - mv "sarif-results-recategorized/$(basename "$SARIF_FILE")" "$SARIF_FILE" + --coding-standards-schema-file "$CODING_STANDARDS_SCHEMA" \ + --sarif-schema-file "$SARIF_SCHEMA" \ + "$CODING_STANDARDS_CONFIG" \ + "$SARIF_FILE" \ + "sarif-results-recategorized/$(basename "$SARIF_FILE")" + + PY_EXIT=$? + if [ $PY_EXIT -ne 0 ]; then + echo "Recategorization failed (exit code $PY_EXIT). SARIF file not updated." >&2 + exit $PY_EXIT + fi + + # Replace original SARIF file + rm -f "$SARIF_FILE" + mv "sarif-results-recategorized/$(basename "$SARIF_FILE")" "$SARIF_FILE" + + # Ensure jq is available + if ! command -v jq >/dev/null 2>&1; then + echo "Error: jq is required but not installed. Please install jq and rerun this script." >&2 + exit 1 + fi + + # Filter SARIF to entries with paths matching repos/ + echo "Filtering SARIF results to only include entries with paths matching (^|/)repos/ ..." + + jq ' + (.runs) |= map( + .results |= map( + select( + (.locations // [] | length > 0) + and + ((.locations[0].physicalLocation.artifactLocation.uri // "") | test("(^|/)repos/")) + ) + ) + ) + ' "$SARIF_FILE" > "${SARIF_FILE}.filtered" + + if [ $? -eq 0 ]; then + mv "${SARIF_FILE}.filtered" "$SARIF_FILE" + else + echo "jq filtering failed. SARIF file was not modified." >&2 + rm -f "${SARIF_FILE}.filtered" + exit 1 + fi + + - name: Generate HTML Report from SARIF run: | @@ -209,4 +247,4 @@ jobs: uses: actions/upload-artifact@v4 with: name: codeql-html-report - path: codeql-report.html \ No newline at end of file + path: codeql-report.html