Feature flag to disable python dependency installation

2023-05-09 10:13:30 +02:00 · 2023-05-09 10:13:30 +02:00 · 0ccdbf8cd5
commit 0ccdbf8cd5
parent 95cfca769b
9 changed files with 91 additions and 15 deletions
--- a/lib/analyze.js
+++ b/lib/analyze.js
@ -53,6 +53,15 @@ async function setupPythonExtractor(logger) {
        // If CODEQL_PYTHON is not set, no dependencies were installed, so we don't need to do anything
        return;
    }
+    // CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION is the internal environment
+    // variable used by the python extractor. This is set in init-action.ts only if the
+    // feature-flag is enabled.
+    if ((process.env["CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION"] || "")
+        .length > 0) {
+        logger.warning("Library extraction is disabled now. Please remove your logic that sets the CODEQL_PYTHON environment variable." +
+            "\nIf you used CODEQL_PYTHON to force the version of Python to analyze as, please use CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION instead, such as CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=2.7 or CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=3.11.");
+        return;
+    }
    const scriptsFolder = path.resolve(__dirname, "../python-setup");
    let output = "";
    const options = {
--- a/lib/analyze.js.map
+++ b/lib/analyze.js.map
--- a/lib/feature-flags.js
+++ b/lib/feature-flags.js
@ -40,6 +40,7 @@ var Feature;
    Feature["ExportDiagnosticsEnabled"] = "export_diagnostics_enabled";
    Feature["MlPoweredQueriesEnabled"] = "ml_powered_queries_enabled";
    Feature["UploadFailedSarifEnabled"] = "upload_failed_sarif_enabled";
+    Feature["DisablePythonDependencyInstallation"] = "disable_python_dependency_installation";
 })(Feature = exports.Feature || (exports.Feature = {}));
 exports.featureConfig = {
    [Feature.DisableKotlinAnalysisEnabled]: {
@ -72,6 +73,16 @@ exports.featureConfig = {
        minimumVersion: "2.11.3",
        defaultValue: true,
    },
+    [Feature.DisablePythonDependencyInstallation]: {
+        envVar: "CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION",
+        // Although the python extractor only started supporting not extracting installed
+        // dependencies in 2.13.1, the init-action can still benefit from not installing
+        // dependencies no matter what codeql version we are using, so therefore the
+        // minimumVersion is set to 'undefined'. This means that with an old CodeQL version,
+        // packages available with current python3 installation might get extracted.
+        minimumVersion: undefined,
+        defaultValue: false,
+    },
 };
 exports.FEATURE_FLAGS_FILE_NAME = "cached-feature-flags.json";
 /**
--- a/lib/feature-flags.js.map
+++ b/lib/feature-flags.js.map
--- a/lib/init-action.js
+++ b/lib/init-action.js
@ -136,12 +136,17 @@ async function run() {
        (0, actions_util_1.getOptionalInput)("debug") === "true" || core.isDebug(), (0, actions_util_1.getOptionalInput)("debug-artifact-name") || util_1.DEFAULT_DEBUG_ARTIFACT_NAME, (0, actions_util_1.getOptionalInput)("debug-database-name") || util_1.DEFAULT_DEBUG_DATABASE_NAME, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), codeql, (0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), gitHubVersion, apiDetails, features, logger);
        if (config.languages.includes(languages_1.Language.python) &&
            (0, actions_util_1.getRequiredInput)("setup-python-dependencies") === "true") {
-            try {
-                await (0, init_1.installPythonDeps)(codeql, logger);
+            if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallation, codeql)) {
+                logger.info("Skipping python dependency installation");
            }
-            catch (unwrappedError) {
-                const error = (0, util_1.wrapError)(unwrappedError);
-                logger.warning(`${error.message} You can call this action with 'setup-python-dependencies: false' to disable this process`);
+            else {
+                try {
+                    await (0, init_1.installPythonDeps)(codeql, logger);
+                }
+                catch (unwrappedError) {
+                    const error = (0, util_1.wrapError)(unwrappedError);
+                    logger.warning(`${error.message} You can call this action with 'setup-python-dependencies: false' to disable this process`);
+                }
            }
        }
    }
@ -170,6 +175,10 @@ async function run() {
        if (await features.getValue(feature_flags_1.Feature.DisableKotlinAnalysisEnabled)) {
            core.exportVariable("CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN", "true");
        }
+        // Disable Python dependency extraction if feature flag set
+        if (await features.getValue(feature_flags_1.Feature.DisablePythonDependencyInstallation, codeql)) {
+            core.exportVariable("CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION", "true");
+        }
        const sourceRoot = path.resolve((0, util_1.getRequiredEnvParam)("GITHUB_WORKSPACE"), (0, actions_util_1.getOptionalInput)("source-root") || "");
        const tracerConfig = await (0, init_1.runInit)(codeql, config, sourceRoot, "Runner.Worker.exe", registriesInput, features, apiDetails, logger);
        if (tracerConfig !== undefined) {
--- a/lib/init-action.js.map
+++ b/lib/init-action.js.map