wasm-micro-runtime/.github/workflows/codeql_fail_on_error.py

#!/usr/bin/env python3

import json
import sys

# Return whether SARIF file contains error-level results
def codeql_sarif_contain_error(filename):
    with open(filename, 'r') as f:
        s = json.load(f)

    for run in s.get('runs', []):
        rules_metadata = run['tool']['driver']['rules']
        if not rules_metadata:
            rules_metadata = run['tool']['extensions'][0]['rules']

        for res in run.get('results', []):
            if 'ruleIndex' in res:
                rule_index = res['ruleIndex']
            elif 'rule' in res and 'index' in res['rule']:
                rule_index = res['rule']['index']
            else:
                continue
            try:
                rule_level = rules_metadata[rule_index]['defaultConfiguration']['level']
            except IndexError as e:
                print(e, rule_index, len(rules_metadata))
            else:
                if rule_level == 'error':
                    return True
    return False

if __name__ == "__main__":
    if codeql_sarif_contain_error(sys.argv[1]):
        sys.exit(1)