Initial commit

Author: anaarmas

.gitattributes

@@ -0,0 +1 @@
+lib/*.js linguist-generated=true

.github/codeql/codeql-config.yml

@@ -0,0 +1,4 @@
+me: "CodeQL config"
+queries: 
+  - name: Run custom queries
+    uses: ./queries

.github/pull_request_template.md

@@ -0,0 +1,10 @@
+### Merge / deployment checklist
+
+- Run test builds as necessary. Can be on this repository or [elsewhere](https://github.com/github/turbo-scan/#testing-changes-to-codeql-action) as needed in order to test the change.
+  - [ ] CodeQL using init/finish actions
+  - [ ] 3rd party tool using upload action
+- [ ] Confirm this change is backwards compatible with existing workflows.
+- [ ] Confirm the [readme](https://github.com/github/codeql-action/blob/master/README.md) and [sarif-demo](https://github.com/Anthophila/sarif-demo) have been updated if necessary.
+
+### Rollout plan for codeql-action
+https://github.com/github/dsp-code-scanning/blob/master/docs/code-scanning-action-rollout-plan.md

.github/workflows/codeql.yml

@@ -0,0 +1,15 @@
+name: "CodeQL action"
+
+on: [push]
+
+jobs:
+  build:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v1
+    - uses: ./codeql/init
+      with:
+       config-file: ./.github/codeql/codeql-config.yml
+    - uses: ./codeql/finish

.github/workflows/integration-testing.yml

@@ -0,0 +1,36 @@
+name: "Integration Testing"
+
+on: [push]
+
+# Adding new repositories to be integration tested
+# 0) Repo needs to be set up with the codeql action working (e.g. have a CODEQL_SSH_KEY as a secret)
+#    https://github.com/github/dsp-code-scanning/issues/312#issuecomment-577631601
+# 1) Add the `codeql-testuser` to the repository with WRITE permissions (Important!)
+# 2) Put a copy of the workflow as `.github/workflows/integration-test.yml` in the target repo. You can find a copy of the workflow here: https://raw.githubusercontent.com/Anthophila/amazon-cognito-js-copy/master/.github/workflows/integration-test.ym
+# 3) Copy and paste the block below filling in the repo owner/name
+# curl -X POST \
+#           -H "Authorization: Bearer ${{ secrets.CODEQL_TESTING_TOKEN }}" \
+#           -H "Accept: application/vnd.github.everest-preview+json" \
+#           https://api.github.com/repos/OWNER/NAME/dispatches \
+#           -d '{"event_type":"codeql-integration","client_payload": {"sha": "${{ github.sha }}"}}'
+
+# add another job that creates a new check suite using the API, send check suite id in our payload
+
+jobs:
+  dispatch-events:
+    if: github.event.repository.full_name == 'github/codeql-action'
+    runs-on: ubuntu-latest
+    steps:
+    - name: Send repository dispatch events
+      run: |
+        curl -X POST \
+          -H "Authorization: Bearer ${{ secrets.CODEQL_TESTING_TOKEN }}" \
+          -H "Accept: application/vnd.github.everest-preview+json" \
+          https://api.github.com/repos/Anthophila/amazon-cognito-js-copy/dispatches \
+          -d '{"event_type":"codeql-integration","client_payload": {"sha": "${{ github.sha }}"}}'
+
+        curl -X POST \
+          -H "Authorization: Bearer ${{ secrets.CODEQL_TESTING_TOKEN }}" \
+          -H "Accept: application/vnd.github.everest-preview+json" \
+          https://api.github.com/repos/Anthophila/electron-test-action/dispatches \
+          -d '{"event_type":"codeql-integration","client_payload": {"sha": "${{ github.sha }}"}}'

.github/workflows/js-uptodate-check.yml

@@ -0,0 +1,27 @@
+name: "Check generated JavaScript"
+
+on: [pull_request]
+
+jobs:
+  check-js:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v1
+    - name: Check generated JavaScript
+      run: |
+        # Sanity check that repo is clean to start with
+        if [ ! -z "$(git status --porcelain)" ]; then
+          # If we get a fail here then this workflow needs attention...
+          >&2 echo "Failed: Repo should be clean before testing!"
+          exit 1
+        fi
+        # Generate the JavaScript files
+        npm run-script build
+        # Check that repo is still clean
+        if [ ! -z "$(git status --porcelain)" ]; then
+          # If we get a fail here then the PR needs attention
+          >&2 echo "Failed: JavaScript files are not up to date. Run 'npm run-script build' to update"
+          exit 1
+        fi
+        echo "Success: JavaScript files are up to date"

.github/workflows/mirror.yml

@@ -0,0 +1,32 @@
+# Mirror changes to this repo to Anthophila/codeql-action
+# whenever a PR is merged into master.
+name: "Mirror to Anthophila/codeql-action"
+
+# TODO change to trigger when master branch pushed/PR-merged
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  mirror:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v1
+    - name: Mirror
+      run: |
+        # Only run if running on private repo
+        if [ "${{ github.event.repository.full_name }}" == "github/codeql-action" ]; then
+          # setup deploy key
+          mkdir -p ~/.ssh
+          echo "${{ secrets.DEPLOY_KEY }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          # add public repo as remote and push to it
+          git checkout master
+          git remote add public git@github.com:Anthophila/codeql-action.git
+          git push public master
+        else
+          echo "This workflow should only run on github/codeql-action"
+        fi

.github/workflows/npm-test.yml

@@ -0,0 +1,12 @@
+name: "npm run-script test"
+
+on: [push]
+
+jobs:
+  npm-test:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v1
+    - name: npm run-script test
+      run: npm run-script test

.github/workflows/ts-lint.yml

@@ -0,0 +1,12 @@
+name: "TSLint"
+
+on: [push]
+
+jobs:
+  tslint:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v1
+    - name: tslint
+      run: npm run-script lint

CODE_OF_CONDUCT.md

@@ -0,0 +1,76 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, sex characteristics, gender identity and expression,
+level of experience, education, socio-economic status, nationality, personal
+appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+  advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies within all project spaces, and it also applies when
+an individual is representing the project or its community in public spaces.
+Examples of representing a project or community include using an official
+project e-mail address, posting via an official social media account, or acting
+as an appointed representative at an online or offline event. Representation of
+a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at opensource@github.com. All
+complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at https://www.contributor-covenant.org/version/1/4/code-of-conduct.html
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see
+https://www.contributor-covenant.org/faq