aaf-mdqt 0.8.7 → 0.8.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +54 -55
- data/aaf-mdqt.gemspec +8 -8
- data/lib/mdqt/version.rb +1 -1
- metadata +17 -18
- data/.github/workflows/codeql-analysis.yml +0 -70
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: e7f884d01697f865d55c804cdcdc6effe83d1f80023de88cd5e557d395a34aba
|
4
|
+
data.tar.gz: a6bc73de15949019ccfae61edb365bd4633db5f77f1c7729126f35ff4fae982a
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f2dd7c004d066083182426d878b421611713c29d847ea483787770e59bfa64c84c6ede5e15d6d8942370f76c66c9c8416126c23bb66ed65d293252370296075d
|
7
|
+
data.tar.gz: 7979f13e2252926ecd6a76e9921cce791ea825b13e555a91fdb3765770667efdb9b97af07794e08ff81caa8069d7ecdae2c56f0146936fd1e21a3efea0b2d285
|
data/README.md
CHANGED
@@ -1,6 +1,8 @@
|
|
1
|
+
# NOTE: forked from <https://github.com/Digital-Identity-Labs/mdqt>
|
2
|
+
|
1
3
|
# MDQT - A Metadata Query Tool
|
2
4
|
|
3
|
-
[![Gem Version](https://badge.fury.io/rb/mdqt.svg)](https://badge.fury.io/rb/
|
5
|
+
[![Gem Version](https://badge.fury.io/rb/aaf-mdqt.svg)](https://badge.fury.io/rb/aaf-mdqt)
|
4
6
|
|
5
7
|
MDQT is small library and commandline tool to query MDQ services for SAML metadata.
|
6
8
|
You could do this with `curl` and `xmlsec1` but it's a little more convenient to use `mdqt` instead.
|
@@ -9,17 +11,16 @@ MDQT also has features for managing local metadata files, to help when running a
|
|
9
11
|
|
10
12
|
MDQ currently provides these features:
|
11
13
|
|
12
|
-
|
13
|
-
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
18
|
-
|
19
|
-
|
20
|
-
|
21
|
-
|
22
|
-
|
14
|
+
- Downloading single entities, lists or aggregates
|
15
|
+
- Signature verification
|
16
|
+
- Validating metadata against SAML2 schema
|
17
|
+
- Saving metadata to disk
|
18
|
+
- Extracting entity IDs from both aggregate and individual metadata files
|
19
|
+
- Renaming metadata files to their entity ID sha1 hashes (for use with LocalDynamicMetadataProvider)
|
20
|
+
- Creating sha1 hash symlinks to metadata files (also for use with Local Dynamic Metadata)
|
21
|
+
- Listing the entity IDs of downloaded metadata files
|
22
|
+
- Showing the full URL of an entity
|
23
|
+
- Caching entity metadata and using Gzip compression
|
23
24
|
|
24
25
|
## MDQ?
|
25
26
|
|
@@ -39,11 +40,11 @@ MDQT is tested on recent MacOS and Linux, and should work with
|
|
39
40
|
|
40
41
|
To install system-wide on your default Ruby, use
|
41
42
|
|
42
|
-
|
43
|
+
sudo gem install mdqt
|
43
44
|
|
44
45
|
If using a per-user Ruby via `rbenv`, `asdf` or similar, you'll need
|
45
46
|
|
46
|
-
|
47
|
+
gem install mdqt
|
47
48
|
|
48
49
|
### As part of a Ruby project
|
49
50
|
|
@@ -55,7 +56,7 @@ gem 'mdqt'
|
|
55
56
|
|
56
57
|
and then execute:
|
57
58
|
|
58
|
-
|
59
|
+
bundle
|
59
60
|
|
60
61
|
### As a Docker container
|
61
62
|
|
@@ -71,39 +72,39 @@ signature. Some MDQ services use unencrypted HTTP connections and rely
|
|
71
72
|
MDQT supports signature verification but requires a Ruby library called
|
72
73
|
Nokogiri to do the hard work. Nokogiri is fast and useful but can sometimes
|
73
74
|
be awkward to install for non-developers (it can sometimes require a C development
|
74
|
-
environment and various XML libraries). In most cases Nokogiri will install
|
75
|
-
automatically, without problems, when you install MDQT, but if you encounter any
|
75
|
+
environment and various XML libraries). In most cases Nokogiri will install
|
76
|
+
automatically, without problems, when you install MDQT, but if you encounter any
|
76
77
|
problems installing Nokogiri the [Installing Nokogiri](http://www.nokogiri.org/tutorials/installing_nokogiri.html) documentation is very helpful.
|
77
78
|
|
78
79
|
## Commandline Usage as an MDQ client
|
79
80
|
|
80
81
|
You can see a list of commandline options by typing:
|
81
82
|
|
82
|
-
|
83
|
+
mdqt help
|
83
84
|
|
84
85
|
To see more information about a command, use the `--help` option after the command or type `help <command>`:
|
85
86
|
|
86
|
-
|
87
|
+
mdqt help get
|
87
88
|
|
88
89
|
### Selecting an MDQ service to access
|
89
90
|
|
90
91
|
You can specify the MDQ service with a commandline option:
|
91
92
|
|
92
|
-
|
93
|
+
mdqt get --service https://mdq.example.com/mdq http://entity.ac.uk/shibboleth
|
93
94
|
|
94
95
|
It's more convenient to set an environment variable to specify a default MDQ
|
95
96
|
service. Set `MDQT_SERVICE` or `MDQ_BASE_URL` to the base URL of your MDQ service.
|
96
97
|
|
97
|
-
|
98
|
-
|
99
|
-
|
98
|
+
export MDQT_SERVICE=https://mdq.example.com/mdq
|
99
|
+
mdqt get http://entity.ac.uk/shibboleth
|
100
|
+
mdqt get http://example.org/service
|
100
101
|
|
101
102
|
Finally, if you don't specify an MDQ service with `--service` or `MDQT_SERVICE` then `mdqt` *might* be
|
102
103
|
able to guess your local NREN's MDQ service. Do not do this in production!
|
103
104
|
|
104
105
|
If an MDQ service is known to MDQT it can be selected using an alias:
|
105
106
|
|
106
|
-
|
107
|
+
mdqt get --service incommon http://entity.edu/shibboleth
|
107
108
|
|
108
109
|
You can see known services and their aliases using `mdqt services`
|
109
110
|
|
@@ -111,20 +112,19 @@ You can see known services and their aliases using `mdqt services`
|
|
111
112
|
|
112
113
|
Downloading entity metadata to STDOUT:
|
113
114
|
|
114
|
-
|
115
|
+
mdqt get https://test-idp.ukfederation.org.uk/idp/shibboleth
|
115
116
|
|
116
117
|
Using the sha1 hashed version of entity IDs requires quotes or escaping in some shells:
|
117
118
|
|
118
|
-
|
119
|
+
mdqt get "{sha1}52e2065fc0d53744e8d4ee2c2f30696ebfc5def9"
|
119
120
|
|
120
|
-
|
121
|
+
mdqt get \{sha1\}52e2065fc0d53744e8d4ee2c2f30696ebfc5def9
|
121
122
|
|
122
|
-
|
123
|
+
mdqt get [sha1]52e2065fc0d53744e8d4ee2c2f30696ebfc5def9
|
123
124
|
|
124
125
|
Requesting all metadata from an MDQ endpoint is done by specifying `--all`:
|
125
126
|
|
126
|
-
|
127
|
-
|
127
|
+
mdqt get --all
|
128
128
|
|
129
129
|
### Caching metadata
|
130
130
|
|
@@ -132,16 +132,15 @@ Caching can be enabled using `--cache`. At the moment the `mdqt` executable
|
|
132
132
|
only supports caching to disk. It will create a cache directory in your temporary
|
133
133
|
directory.
|
134
134
|
|
135
|
-
|
135
|
+
mdqt get --cache --service https://mdq.example.com/mdq http://entity.ac.uk/shibboleth
|
136
136
|
|
137
137
|
Caching is now on by default. To force a single command to *not* use the cache, include `--reset`
|
138
138
|
|
139
|
-
|
139
|
+
mdqt get --reset --service https://mdq.example.com/mdq http://entity.ac.uk/shibboleth
|
140
140
|
|
141
141
|
You can clear the cache by using the `reset` command:
|
142
142
|
|
143
|
-
|
144
|
-
|
143
|
+
mdqt reset
|
145
144
|
|
146
145
|
### Verifying metadata
|
147
146
|
|
@@ -149,22 +148,22 @@ If you have enabled verification by installing `xmldsig` (and have downloaded an
|
|
149
148
|
certificate for your MDQ server) you can require verification by passing
|
150
149
|
they `verify-with` flag with the path of your certificate.
|
151
150
|
|
152
|
-
|
151
|
+
mdqt get --verify-with myfederation.pem https://indiid.net/idp/shibboleth
|
153
152
|
|
154
153
|
It's possible to pass more than one certificate by separating them with commas
|
155
154
|
|
156
|
-
|
155
|
+
mdqt get --verify-with myfederation.pem,previous.pem https://indiid.net/idp/shibboleth
|
157
156
|
|
158
157
|
Basic XML correctness and validation against SAML2 Metadata schema can be enabled with the
|
159
158
|
`--validate` switch:
|
160
159
|
|
161
|
-
|
160
|
+
mdqt get --validate https://indiid.net/idp/shibboleth
|
162
161
|
|
163
162
|
If you need to check metadata that has already been downloaded then try the `check`
|
164
163
|
command:
|
165
164
|
|
166
|
-
|
167
|
-
|
165
|
+
mdqt check metadata.xml # Just validate
|
166
|
+
mdqt check --verify-with myfederation.pem metadata.xml # Verify signature too
|
168
167
|
|
169
168
|
You shouldn't need to *validate* XML from a trusted MDQ service such as one run by a
|
170
169
|
national federation. You should however always *verify* the signature of XML sent over an unencrypyted HTTP connection,
|
@@ -175,11 +174,11 @@ or debugging your own MDQ service.
|
|
175
174
|
|
176
175
|
The simplest way to save metadata is to redirect output from the `get` command:
|
177
176
|
|
178
|
-
|
177
|
+
mdqt get http://entity.ac.uk/shibboleth > metadata.xml
|
179
178
|
|
180
179
|
MDQT also offers the `--save-to` option to write all metadata into a directory
|
181
180
|
|
182
|
-
|
181
|
+
mdqt get http://entity.ac.uk/shibboleth --save-to metadata_directory
|
183
182
|
|
184
183
|
The `--save-to` option requires a directory to be specified. All files will be saved
|
185
184
|
with a name based on their transformed identifier (sha1 hash) such as
|
@@ -194,55 +193,55 @@ For more information about current settings, download results, and so on, add
|
|
194
193
|
|
195
194
|
To convert normal URI entity IDs into MDQ SHA1 hashed transformed identifiers use the `transform` command:
|
196
195
|
|
197
|
-
|
196
|
+
mdqt transform http://example.org/service
|
198
197
|
|
199
198
|
Transforming identifiers that have already been transformed should not re-transform them.
|
200
199
|
|
201
200
|
To see more details of what is being sent and received by a `get` command add the `--explain` flag
|
202
201
|
|
203
|
-
|
202
|
+
mdqt get --explain --service https://mdq.example.com/mdq http://entity.ac.uk/shibboleth
|
204
203
|
|
205
204
|
MDQT will then show a table of sent and received headers which may be useful when debugging servers.
|
206
205
|
|
207
206
|
To extract a list of all entity IDs from a file:
|
208
207
|
|
209
|
-
|
208
|
+
mdqt entities metadata.xml
|
210
209
|
|
211
|
-
|
210
|
+
mdqt entities --sha1 metadata.xml
|
212
211
|
|
213
212
|
To create sha1 symlinks to a metadata file:
|
214
213
|
|
215
|
-
|
214
|
+
mdqt ln example_idp.xml
|
216
215
|
|
217
216
|
To rename a file to its entity ID sha1 has:
|
218
217
|
|
219
|
-
|
218
|
+
mdqt rename example_idp.xml
|
220
219
|
|
221
220
|
To list the entity IDs of files in a directory:
|
222
221
|
|
223
|
-
|
222
|
+
mdqt ls
|
224
223
|
|
225
224
|
To list all entities available at an MDQ service:
|
226
225
|
|
227
|
-
|
226
|
+
mdqt list
|
228
227
|
|
229
228
|
To show the MDQ services known to MDQT, and their aliases:
|
230
229
|
|
231
|
-
|
230
|
+
mdqt services
|
232
231
|
|
233
232
|
To show the full MDQ URL of an entity
|
234
233
|
|
235
|
-
|
234
|
+
mdqt url http://entity.ac.uk/shibboleth
|
236
235
|
|
237
236
|
MDQT can accept input on stdin, allowing composition and pipelining
|
238
237
|
|
239
|
-
|
238
|
+
cat list_of_ids.txt | mdqt url
|
240
239
|
|
241
|
-
|
240
|
+
mdqt list | grep cern.ch | mdqt get --save-to cern_metadata/ --list | mdqt ls
|
242
241
|
|
243
242
|
## Alternatives
|
244
243
|
|
245
|
-
|
244
|
+
- [SAML Library](https://github.com/trscavo/saml-library) is a set of scripts to help with metadata-related tasks, written
|
246
245
|
by Tom Scavo of Internet2. Some of the scripts provide similar functionality to MDQT, and are designed to be piped together.
|
247
246
|
|
248
247
|
## Library Usage
|
@@ -260,7 +259,7 @@ To install this gem onto your local machine, run `bundle exec rake install`.
|
|
260
259
|
|
261
260
|
## Contributing
|
262
261
|
|
263
|
-
Bug reports and pull requests are welcome on GitHub at https://github.com/Digital-Identity-Labs/mdqt
|
262
|
+
Bug reports and pull requests are welcome on GitHub at <https://github.com/Digital-Identity-Labs/mdqt>.
|
264
263
|
This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [Contributor Covenant](http://contributor-covenant.org) code of conduct.
|
265
264
|
|
266
265
|
## License
|
data/aaf-mdqt.gemspec
CHANGED
@@ -23,17 +23,17 @@ Gem::Specification.new do |spec|
|
|
23
23
|
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
24
24
|
spec.require_paths = ["lib"]
|
25
25
|
|
26
|
-
spec.add_dependency 'commander', "~>4
|
27
|
-
spec.add_dependency 'faraday', "~>2
|
28
|
-
spec.add_dependency 'faraday-http-cache', "~>2
|
29
|
-
spec.add_dependency 'faraday-follow_redirects', "~>0.3
|
30
|
-
spec.add_dependency 'httpx', "~>1
|
26
|
+
spec.add_dependency 'commander', "~>4"
|
27
|
+
spec.add_dependency 'faraday', "~>2"
|
28
|
+
spec.add_dependency 'faraday-http-cache', "~>2"
|
29
|
+
spec.add_dependency 'faraday-follow_redirects', "~>0.3"
|
30
|
+
spec.add_dependency 'httpx', "~>1"
|
31
31
|
spec.add_dependency 'activesupport', "~>7"
|
32
|
-
spec.add_dependency 'dalli', "~>3
|
32
|
+
spec.add_dependency 'dalli', "~>3"
|
33
33
|
spec.add_dependency 'pastel', "~>0.8"
|
34
|
-
spec.add_dependency 'terminal-table', "~>3
|
34
|
+
spec.add_dependency 'terminal-table', "~>3"
|
35
35
|
spec.add_dependency 'concurrent-ruby-ext', "~>1"
|
36
|
-
spec.add_dependency 'xmldsig', "~>0.7
|
36
|
+
spec.add_dependency 'xmldsig', "~>0.7"
|
37
37
|
|
38
38
|
# spec.add_development_dependency "bundler", "~>2"
|
39
39
|
# spec.add_development_dependency "rake", ">= 13.1.0"
|
data/lib/mdqt/version.rb
CHANGED
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aaf-mdqt
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.8.
|
4
|
+
version: 0.8.8
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Pete Birkinshaw
|
@@ -17,70 +17,70 @@ dependencies:
|
|
17
17
|
requirements:
|
18
18
|
- - "~>"
|
19
19
|
- !ruby/object:Gem::Version
|
20
|
-
version: '4
|
20
|
+
version: '4'
|
21
21
|
type: :runtime
|
22
22
|
prerelease: false
|
23
23
|
version_requirements: !ruby/object:Gem::Requirement
|
24
24
|
requirements:
|
25
25
|
- - "~>"
|
26
26
|
- !ruby/object:Gem::Version
|
27
|
-
version: '4
|
27
|
+
version: '4'
|
28
28
|
- !ruby/object:Gem::Dependency
|
29
29
|
name: faraday
|
30
30
|
requirement: !ruby/object:Gem::Requirement
|
31
31
|
requirements:
|
32
32
|
- - "~>"
|
33
33
|
- !ruby/object:Gem::Version
|
34
|
-
version: 2
|
34
|
+
version: '2'
|
35
35
|
type: :runtime
|
36
36
|
prerelease: false
|
37
37
|
version_requirements: !ruby/object:Gem::Requirement
|
38
38
|
requirements:
|
39
39
|
- - "~>"
|
40
40
|
- !ruby/object:Gem::Version
|
41
|
-
version: 2
|
41
|
+
version: '2'
|
42
42
|
- !ruby/object:Gem::Dependency
|
43
43
|
name: faraday-http-cache
|
44
44
|
requirement: !ruby/object:Gem::Requirement
|
45
45
|
requirements:
|
46
46
|
- - "~>"
|
47
47
|
- !ruby/object:Gem::Version
|
48
|
-
version: 2
|
48
|
+
version: '2'
|
49
49
|
type: :runtime
|
50
50
|
prerelease: false
|
51
51
|
version_requirements: !ruby/object:Gem::Requirement
|
52
52
|
requirements:
|
53
53
|
- - "~>"
|
54
54
|
- !ruby/object:Gem::Version
|
55
|
-
version: 2
|
55
|
+
version: '2'
|
56
56
|
- !ruby/object:Gem::Dependency
|
57
57
|
name: faraday-follow_redirects
|
58
58
|
requirement: !ruby/object:Gem::Requirement
|
59
59
|
requirements:
|
60
60
|
- - "~>"
|
61
61
|
- !ruby/object:Gem::Version
|
62
|
-
version: 0.3
|
62
|
+
version: '0.3'
|
63
63
|
type: :runtime
|
64
64
|
prerelease: false
|
65
65
|
version_requirements: !ruby/object:Gem::Requirement
|
66
66
|
requirements:
|
67
67
|
- - "~>"
|
68
68
|
- !ruby/object:Gem::Version
|
69
|
-
version: 0.3
|
69
|
+
version: '0.3'
|
70
70
|
- !ruby/object:Gem::Dependency
|
71
71
|
name: httpx
|
72
72
|
requirement: !ruby/object:Gem::Requirement
|
73
73
|
requirements:
|
74
74
|
- - "~>"
|
75
75
|
- !ruby/object:Gem::Version
|
76
|
-
version: 1
|
76
|
+
version: '1'
|
77
77
|
type: :runtime
|
78
78
|
prerelease: false
|
79
79
|
version_requirements: !ruby/object:Gem::Requirement
|
80
80
|
requirements:
|
81
81
|
- - "~>"
|
82
82
|
- !ruby/object:Gem::Version
|
83
|
-
version: 1
|
83
|
+
version: '1'
|
84
84
|
- !ruby/object:Gem::Dependency
|
85
85
|
name: activesupport
|
86
86
|
requirement: !ruby/object:Gem::Requirement
|
@@ -101,14 +101,14 @@ dependencies:
|
|
101
101
|
requirements:
|
102
102
|
- - "~>"
|
103
103
|
- !ruby/object:Gem::Version
|
104
|
-
version: '3
|
104
|
+
version: '3'
|
105
105
|
type: :runtime
|
106
106
|
prerelease: false
|
107
107
|
version_requirements: !ruby/object:Gem::Requirement
|
108
108
|
requirements:
|
109
109
|
- - "~>"
|
110
110
|
- !ruby/object:Gem::Version
|
111
|
-
version: '3
|
111
|
+
version: '3'
|
112
112
|
- !ruby/object:Gem::Dependency
|
113
113
|
name: pastel
|
114
114
|
requirement: !ruby/object:Gem::Requirement
|
@@ -129,14 +129,14 @@ dependencies:
|
|
129
129
|
requirements:
|
130
130
|
- - "~>"
|
131
131
|
- !ruby/object:Gem::Version
|
132
|
-
version: '3
|
132
|
+
version: '3'
|
133
133
|
type: :runtime
|
134
134
|
prerelease: false
|
135
135
|
version_requirements: !ruby/object:Gem::Requirement
|
136
136
|
requirements:
|
137
137
|
- - "~>"
|
138
138
|
- !ruby/object:Gem::Version
|
139
|
-
version: '3
|
139
|
+
version: '3'
|
140
140
|
- !ruby/object:Gem::Dependency
|
141
141
|
name: concurrent-ruby-ext
|
142
142
|
requirement: !ruby/object:Gem::Requirement
|
@@ -157,14 +157,14 @@ dependencies:
|
|
157
157
|
requirements:
|
158
158
|
- - "~>"
|
159
159
|
- !ruby/object:Gem::Version
|
160
|
-
version: 0.7
|
160
|
+
version: '0.7'
|
161
161
|
type: :runtime
|
162
162
|
prerelease: false
|
163
163
|
version_requirements: !ruby/object:Gem::Requirement
|
164
164
|
requirements:
|
165
165
|
- - "~>"
|
166
166
|
- !ruby/object:Gem::Version
|
167
|
-
version: 0.7
|
167
|
+
version: '0.7'
|
168
168
|
- !ruby/object:Gem::Dependency
|
169
169
|
name: rspec
|
170
170
|
requirement: !ruby/object:Gem::Requirement
|
@@ -242,7 +242,6 @@ executables:
|
|
242
242
|
extensions: []
|
243
243
|
extra_rdoc_files: []
|
244
244
|
files:
|
245
|
-
- ".github/workflows/codeql-analysis.yml"
|
246
245
|
- ".github/workflows/ruby.yml"
|
247
246
|
- ".gitignore"
|
248
247
|
- ".rspec"
|
@@ -1,70 +0,0 @@
|
|
1
|
-
# For most projects, this workflow file will not need changing; you simply need
|
2
|
-
# to commit it to your repository.
|
3
|
-
#
|
4
|
-
# You may wish to alter this file to override the set of languages analyzed,
|
5
|
-
# or to provide custom queries or build logic.
|
6
|
-
#
|
7
|
-
# ******** NOTE ********
|
8
|
-
# We have attempted to detect the languages in your repository. Please check
|
9
|
-
# the `language` matrix defined below to confirm you have the correct set of
|
10
|
-
# supported CodeQL languages.
|
11
|
-
#
|
12
|
-
name: "CodeQL"
|
13
|
-
|
14
|
-
on:
|
15
|
-
push:
|
16
|
-
branches: [ master ]
|
17
|
-
pull_request:
|
18
|
-
# The branches below must be a subset of the branches above
|
19
|
-
branches: [ master ]
|
20
|
-
schedule:
|
21
|
-
- cron: '17 4 * * 0'
|
22
|
-
|
23
|
-
jobs:
|
24
|
-
analyze:
|
25
|
-
name: Analyze
|
26
|
-
runs-on: ubuntu-latest
|
27
|
-
permissions:
|
28
|
-
actions: read
|
29
|
-
contents: read
|
30
|
-
security-events: write
|
31
|
-
|
32
|
-
strategy:
|
33
|
-
fail-fast: false
|
34
|
-
matrix:
|
35
|
-
language: [ 'ruby' ]
|
36
|
-
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
|
37
|
-
# Learn more about CodeQL language support at https://git.io/codeql-language-support
|
38
|
-
|
39
|
-
steps:
|
40
|
-
- name: Checkout repository
|
41
|
-
uses: actions/checkout@v2
|
42
|
-
|
43
|
-
# Initializes the CodeQL tools for scanning.
|
44
|
-
- name: Initialize CodeQL
|
45
|
-
uses: github/codeql-action/init@v1
|
46
|
-
with:
|
47
|
-
languages: ${{ matrix.language }}
|
48
|
-
# If you wish to specify custom queries, you can do so here or in a config file.
|
49
|
-
# By default, queries listed here will override any specified in a config file.
|
50
|
-
# Prefix the list here with "+" to use these queries and those in the config file.
|
51
|
-
# queries: ./path/to/local/query, your-org/your-repo/queries@main
|
52
|
-
|
53
|
-
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
54
|
-
# If this step fails, then you should remove it and run the build manually (see below)
|
55
|
-
- name: Autobuild
|
56
|
-
uses: github/codeql-action/autobuild@v1
|
57
|
-
|
58
|
-
# ℹ️ Command-line programs to run using the OS shell.
|
59
|
-
# 📚 https://git.io/JvXDl
|
60
|
-
|
61
|
-
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
|
62
|
-
# and modify them (or add more) to build your code if your project
|
63
|
-
# uses a compiled language
|
64
|
-
|
65
|
-
#- run: |
|
66
|
-
# make bootstrap
|
67
|
-
# make release
|
68
|
-
|
69
|
-
- name: Perform CodeQL Analysis
|
70
|
-
uses: github/codeql-action/analyze@v1
|