diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 13e6cf14..b52c647e 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -89,9 +89,9 @@ jobs: path: ${{ steps.step1.outputs.sarif-output }} retention-days: 5 - - name: Fail if an error is found + - name: Fail if a warning is found run: | - ./.github/workflows/fail_on_error.py \ + ./.github/workflows/fail_on_warning.py \ ${{ steps.step1.outputs.sarif-output }}/cpp.sarif scan-build: @@ -125,6 +125,6 @@ jobs: category: "scan-build" sarif_file: build/sarif/merged.sarif - - name: Fail if an error is found + - name: Fail if a warning is found run: | - ./.github/workflows/fail_on_error.py build/sarif/merged.sarif \ No newline at end of file + ./.github/workflows/fail_on_warning.py build/sarif/merged.sarif \ No newline at end of file diff --git a/.github/workflows/fail_on_error.py b/.github/workflows/fail_on_warning.py similarity index 71% rename from .github/workflows/fail_on_error.py rename to .github/workflows/fail_on_warning.py index 29791742..99ccac78 100755 --- a/.github/workflows/fail_on_error.py +++ b/.github/workflows/fail_on_warning.py @@ -20,13 +20,18 @@ def codeql_sarif_contain_error(filename): rule_index = res['rule']['index'] else: continue + try: rule_level = rules_metadata[rule_index]['defaultConfiguration']['level'] except IndexError as e: - print(e, rule_index, len(rules_metadata)) - else: - if rule_level == 'error': - return True + # According to the SARIF schema (https://www.schemastore.org/schemas/json/sarif-2.1.0-rtm.6.json), + # the defalt level is "warning" if not specified. + rule_level = 'warning' + + if rule_level == 'error': + return True + elif rule_level == 'warning': + return True return False if __name__ == "__main__":