Merge pull request #16 from advanced-security/fix-github-actions

Document GitHub Actions support / Add rust support

Author: felickz

.gitattributes

@@ -0,0 +1,2 @@
+.github/workflows/*.yml linguist-detectable -linguist-vendored
+.github/workflows/*.yaml linguist-detectable -linguist-vendored

CONTRIBUTING.md

@@ -0,0 +1,12 @@
+# Versioning and Releases
+
+## Keeping roll up version tags up to date
+
+Move the dynamic version identifier (ex: `v1`) to match the current SHA. This allows users to adopt a major version number (e.g. `v1`) in their workflows while automatically getting all the minor/patch updates.
+
+To do this just checkout `main` given the latest version, force-create a new annotated tag, and push it:
+
+```
+git tag -fa v1 -m "Updating v1 to 1.2.2"
+git push origin v1 --force
+```

README.md

@@ -94,6 +94,19 @@ Example:
 
 ```
 
+### Actions support
+
+The GitHub API for [List repository languages](https://docs.github.com/en/rest/repos/repos?apiVersion=2022-11-28#list-repository-languages) does not by default include "YAML"/"GitHub Actions". This is particularly useful if your repository contains GitHub Actions workflows that you want to include in CodeQL analysis.
+
+To add support for this to your repo, you must add a `.gitattributes` file with the following contents:
+
+```
+.github/workflows/*.yml linguist-detectable -linguist-vendored
+.github/workflows/*.yaml linguist-detectable -linguist-vendored
+```
+
+These directives tell GitHub's linguist to detect YAML files in the `.github/workflows/` directory as a language and not treat them as vendored code, making them visible in the repository languages API.
+
 ### Swift support
 If you want to include Swift in your CodeQL analysis, you need to ensure that the action runs on a macOS runner. This is because Swift analysis with CodeQL requires a macOS environment. You can achieve this by making the `runs-on` field in your workflow conditional based on the language being analyzed.
 
@@ -123,6 +136,8 @@ This project is licensed under the terms of the MIT open source license. Please
 
 Take a look at [CODEOWNERS](./CODEOWNERS.md) to identify the maintainers.  
 
+Contributions are welcome! If you have an idea for a new feature or improvement, please open an issue or submit a pull request. Maintainers should use the [Contributing Guide](./CONTRIBUTING.md) to control version updates.
+
 ## Support
 
 Got a question or issue?  Open an issue in this repo and tag any of the folks in [CODEOWNERS](./CODEOWNERS.md).

main.py

@@ -6,7 +6,7 @@
 token = sys.argv[1]
 endpoint = sys.argv[2]
 exclude = sys.argv[3]
-codeql_languages = ["actions", "cpp", "csharp", "go", "java", "javascript", "python", "ruby", "typescript", "kotlin", "swift"]
+codeql_languages = ["actions", "cpp", "csharp", "go", "java", "javascript", "python", "ruby", "rust", "typescript", "kotlin", "swift"]
 
 
 # Connect to the languages API and return languages
@@ -29,11 +29,11 @@ def build_languages_list(languages):
             languages[i] = ("javascript")
         if languages[i] == "kotlin":
             languages[i] = ("java")
-        # GitHub Actions
         if languages[i] == "yaml":
             languages[i] = ("actions")
-
+    print("After mapping:", languages)
     intersection = list(set(languages) & set(codeql_languages))
+    print("Intersection:", intersection)
     return intersection
 
 # return a list of objects from language list if they are not in the exclude list