ci: add codeql quality profile input (#74348)

* ci: add codeql quality profile input * ci: gate codeql quality profiles * ci: ignore spec files in codeql shard
2026-05-06 16:20:43 +00:00 · 2026-04-29 22:39:54 +08:00
parent 587b537b47
commit 7108414009
3 changed files with 26 additions and 0 deletions
--- a/.github/workflows/codeql-critical-quality.yml
+++ b/.github/workflows/codeql-critical-quality.yml
@@ -2,6 +2,15 @@ name: CodeQL Critical Quality

 on:
  workflow_dispatch:
+    inputs:
+      profile:
+        description: CodeQL quality profile to run
+        required: false
+        default: all
+        type: choice
+        options:
+          - all
+          - plugin-sdk-package-contract
  schedule:
    - cron: "30 6 * * *"

@@ -20,6 +29,7 @@ permissions:
 jobs:
  core-auth-secrets:
    name: Critical Quality (core-auth-secrets)
+    if: ${{ github.event_name != 'workflow_dispatch' || inputs.profile == 'all' }}
    runs-on: blacksmith-4vcpu-ubuntu-2404
    timeout-minutes: 25
    steps:
@@ -41,6 +51,7 @@ jobs:

  config-boundary:
    name: Critical Quality (config-boundary)
+    if: ${{ github.event_name != 'workflow_dispatch' || inputs.profile == 'all' }}
    runs-on: blacksmith-4vcpu-ubuntu-2404
    timeout-minutes: 25
    steps:
@@ -62,6 +73,7 @@ jobs:

  gateway-runtime-boundary:
    name: Critical Quality (gateway-runtime-boundary)
+    if: ${{ github.event_name != 'workflow_dispatch' || inputs.profile == 'all' }}
    runs-on: blacksmith-4vcpu-ubuntu-2404
    timeout-minutes: 25
    steps:
@@ -83,6 +95,7 @@ jobs:

  channel-runtime-boundary:
    name: Critical Quality (channel-runtime-boundary)
+    if: ${{ github.event_name != 'workflow_dispatch' || inputs.profile == 'all' }}
    runs-on: blacksmith-4vcpu-ubuntu-2404
    timeout-minutes: 25
    steps:
@@ -104,6 +117,7 @@ jobs:

  agent-runtime-boundary:
    name: Critical Quality (agent-runtime-boundary)
+    if: ${{ github.event_name != 'workflow_dispatch' || inputs.profile == 'all' }}
    runs-on: blacksmith-4vcpu-ubuntu-2404
    timeout-minutes: 25
    steps:
@@ -125,6 +139,7 @@ jobs:

  mcp-process-runtime-boundary:
    name: Critical Quality (mcp-process-runtime-boundary)
+    if: ${{ github.event_name != 'workflow_dispatch' || inputs.profile == 'all' }}
    runs-on: blacksmith-4vcpu-ubuntu-2404
    timeout-minutes: 25
    steps:
@@ -146,6 +161,7 @@ jobs:

  memory-runtime-boundary:
    name: Critical Quality (memory-runtime-boundary)
+    if: ${{ github.event_name != 'workflow_dispatch' || inputs.profile == 'all' }}
    runs-on: blacksmith-4vcpu-ubuntu-2404
    timeout-minutes: 25
    steps:
@@ -167,6 +183,7 @@ jobs:

  ui-control-plane:
    name: Critical Quality (ui-control-plane)
+    if: ${{ github.event_name != 'workflow_dispatch' || inputs.profile == 'all' }}
    runs-on: blacksmith-4vcpu-ubuntu-2404
    timeout-minutes: 25
    steps:
@@ -188,6 +205,7 @@ jobs:

  web-media-runtime-boundary:
    name: Critical Quality (web-media-runtime-boundary)
+    if: ${{ github.event_name != 'workflow_dispatch' || inputs.profile == 'all' }}
    runs-on: blacksmith-4vcpu-ubuntu-2404
    timeout-minutes: 25
    steps:
@@ -209,6 +227,7 @@ jobs:

  plugin-boundary:
    name: Critical Quality (plugin-boundary)
+    if: ${{ github.event_name != 'workflow_dispatch' || inputs.profile == 'all' }}
    runs-on: blacksmith-4vcpu-ubuntu-2404
    timeout-minutes: 25
    steps:
@@ -230,6 +249,7 @@ jobs:

  plugin-sdk-package-contract:
    name: Critical Quality (plugin-sdk-package-contract)
+    if: ${{ github.event_name != 'workflow_dispatch' || inputs.profile == 'all' || inputs.profile == 'plugin-sdk-package-contract' }}
    runs-on: blacksmith-4vcpu-ubuntu-2404
    timeout-minutes: 25
    steps: