Avoid warning on workflow_call triggers

Typically, we warn when there is no `push` trigger in the
workflow file that triggered this run. However, when this
action is triggered by a `workflow_call` event, we assume
there is a custom process for triggering the action and we
don't want to warn in this case.

Author: aeisenberg

CHANGELOG.md

@@ -7,6 +7,7 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the
 ## [UNRELEASED]
 
 - Update default CodeQL bundle version to 2.17.2. [#2270](https://github.com/github/codeql-action/pull/2270)
+- Avoid printing out a warning for a missing `on.push` trigger when the CodeQL Action is triggered via a `workflow_call` event. [#2274](https://github.com/github/codeql-action/pull/2274)
 
 ## 3.25.3 - 25 Apr 2024
 
@@ -30,7 +31,7 @@ No user facing changes.
 
   - The `setup-python-dependencies` input to the `init` Action
   - The `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION` environment variable
-  
+
   We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.
 - Automatically overwrite an existing database if found on the filesystem. [#2229](https://github.com/github/codeql-action/pull/2229)
 - Bump the minimum CodeQL bundle version to 2.12.6. [#2232](https://github.com/github/codeql-action/pull/2232)

lib/workflow.js

@@ -643,6 +643,44 @@ test("getWorkflowErrors() should not report an error if PRs are totally unconfig
   );
 });
 
+test("getWorkflowErrors() should not report a warning if there is a workflow_call trigger", async (t) => {
+  const errors = await getWorkflowErrors(
+    yaml.load(`
+    name: "CodeQL"
+    on:
+      workflow_call:
+    `) as Workflow,
+    await getCodeQLForTesting(),
+  );
+
+  t.deepEqual(...errorCodes(errors, []));
+});
+
+test("getWorkflowErrors() should not report a warning if there is a workflow_call trigger as a string", async (t) => {
+  const errors = await getWorkflowErrors(
+    yaml.load(`
+    name: "CodeQL"
+    on: workflow_call
+    `) as Workflow,
+    await getCodeQLForTesting(),
+  );
+
+  t.deepEqual(...errorCodes(errors, []));
+});
+
+test("getWorkflowErrors() should not report a warning if there is a workflow_call trigger as an array", async (t) => {
+  const errors = await getWorkflowErrors(
+    yaml.load(`
+    name: "CodeQL"
+    on:
+      - workflow_call
+    `) as Workflow,
+    await getCodeQLForTesting(),
+  );
+
+  t.deepEqual(...errorCodes(errors, []));
+});
+
 test("getCategoryInputOrThrow returns category for simple workflow with category", (t) => {
   process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
   t.is(

lib/workflow.js.map

@@ -3,6 +3,7 @@ import * as path from "path";
 import zlib from "zlib";
 
 import * as core from "@actions/core";
+import * as github from "@actions/github";
 import * as yaml from "js-yaml";
 
 import * as api from "./api-client";
@@ -193,37 +194,35 @@ export async function getWorkflowErrors(
     }
   }
 
-  let missingPush = false;
+  // If there is no push trigger, we will not be able to analyze the default branch.
+  // So add a warning to the user to add a push trigger.
+  // If there is a workflow_call trigger, we don't need a push trigger since we assume
+  // that the workflow_call trigger is called from a workflow that has a push trigger.
+  const hasPushTrigger = hasWorkflowTrigger("push", doc);
+  const hasPullRequestTrigger = hasWorkflowTrigger("pull_request", doc);
+  const hasWorkflowCallTrigger = hasWorkflowTrigger("workflow_call", doc);
 
-  if (doc.on === undefined) {
-    // this is not a valid config
-  } else if (typeof doc.on === "string") {
-    if (doc.on === "pull_request") {
-      missingPush = true;
-    }
-  } else if (Array.isArray(doc.on)) {
-    const hasPush = doc.on.includes("push");
-    const hasPullRequest = doc.on.includes("pull_request");
-    if (hasPullRequest && !hasPush) {
-      missingPush = true;
-    }
-  } else if (isObject(doc.on)) {
-    const hasPush = Object.prototype.hasOwnProperty.call(doc.on, "push");
-    const hasPullRequest = Object.prototype.hasOwnProperty.call(
-      doc.on,
-      "pull_request",
-    );
+  if (hasPullRequestTrigger && !hasPushTrigger && !hasWorkflowCallTrigger) {
+    errors.push(WorkflowErrors.MissingPushHook);
+  }
 
-    if (!hasPush && hasPullRequest) {
-      missingPush = true;
-    }
+  return errors;
+}
+
+function hasWorkflowTrigger(triggerName: string, doc: Workflow): boolean {
+  if (!doc.on) {
+    return false;
   }
 
-  if (missingPush) {
-    errors.push(WorkflowErrors.MissingPushHook);
+  if (typeof doc.on === "string") {
+    return doc.on === triggerName;
   }
 
-  return errors;
+  if (Array.isArray(doc.on)) {
+    return doc.on.includes(triggerName);
+  }
+
+  return Object.prototype.hasOwnProperty.call(doc.on, triggerName);
 }
 
 export async function validateWorkflow(