robojerk/codeql-action

Merge branch 'main' into henrymercer/controlled-switchover

Browse source
This commit is contained in:
Henry Mercer 2023-01-16 10:10:15 +00:00
commit 115587a52c
7 changed files with 45 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -14,6 +14,7 @@
- **Advanced users only**: Workflows that interact directly with the GitHub Actions runner image tool cache to find CodeQL (for example via the `@actions/tool-cache` npm package or direct access to the filesystem) should take into account the following internal layout changes: - **Advanced users only**: Workflows that interact directly with the GitHub Actions runner image tool cache to find CodeQL (for example via the `@actions/tool-cache` npm package or direct access to the filesystem) should take into account the following internal layout changes:
- Previously, the tool cache was pre-populated with _one_ recent version of CodeQL. Now, it is pre-populated with _two_ recent versions of CodeQL. - Previously, the tool cache was pre-populated with _one_ recent version of CodeQL. Now, it is pre-populated with _two_ recent versions of CodeQL.
- Previously, the CodeQL tools were located within the tool cache under a directory named after the release date, e.g. CodeQL 2.11.6 was located under `CodeQL/0.0.0-20221211/x64/codeql`. Now, the CodeQL tools are located under a directory named after the CodeQL CLI version number and release date, e.g. CodeQL 2.11.6 is now located under `CodeQL/2.11.6-20221211/x64/codeql`. - Previously, the CodeQL tools were located within the tool cache under a directory named after the release date, e.g. CodeQL 2.11.6 was located under `CodeQL/0.0.0-20221211/x64/codeql`. Now, the CodeQL tools are located under a directory named after the CodeQL CLI version number and release date, e.g. CodeQL 2.11.6 is now located under `CodeQL/2.11.6-20221211/x64/codeql`.
- Python automatic dependency installation will no longer fail for projects using Poetry that specify `virtualenvs.options.no-pip = true` in their `poetry.toml`. [#1431](https://github.com/github/codeql-action/pull/1431).
## 2.1.38 - 12 Jan 2023 ## 2.1.38 - 12 Jan 2023

6
lib/analyze.js generated
View file

@ -50,6 +50,7 @@ async function setupPythonExtractor(logger) {
// If CODEQL_PYTHON is not set, no dependencies were installed, so we don't need to do anything // If CODEQL_PYTHON is not set, no dependencies were installed, so we don't need to do anything
return; return;
} }
const scriptsFolder = path.resolve(__dirname, "../python-setup");
let output = ""; let output = "";
const options = { const options = {
listeners: { listeners: {
@ -58,10 +59,7 @@ async function setupPythonExtractor(logger) {
}, },
}, },
}; };
await new toolrunner.ToolRunner(codeqlPython, [ await new toolrunner.ToolRunner(codeqlPython, [path.join(scriptsFolder, "find_site_packages.py")], options).exec();
"-c",
"import os; import pip; print(os.path.dirname(os.path.dirname(pip.__file__)))",
], options).exec();
logger.info(`Setting LGTM_INDEX_IMPORT_PATH=${output}`); logger.info(`Setting LGTM_INDEX_IMPORT_PATH=${output}`);
process.env["LGTM_INDEX_IMPORT_PATH"] = output; process.env["LGTM_INDEX_IMPORT_PATH"] = output;
output = ""; output = "";

2
lib/analyze.js.map
View file

File diff suppressed because one or more lines are too long

34
python-setup/find_site_packages.py Normal file
View file

@ -0,0 +1,34 @@
"""
Print the path to the site-packages directory for the current Python environment.
"""
from __future__ import print_function
try:
import pip
import os
print(os.path.dirname(os.path.dirname(pip.__file__)))
except ImportError:
import sys
print("DEBUG: could not import pip", file=sys.stderr)
# if you use poetry with `virtualenvs.options.no-pip = true` you might end up with a
# virtualenv without pip, so the above trick doesn't actually work. See
# https://python-poetry.org/docs/configuration/#virtualenvsoptionsno-pip
#
# A possible option is to install `pip` into the virtualenv created by poetry
# (`poetry add pip`), but it turns out that doesn't always work :( for the test
# poetry/requests-3, I was not allowed to install pip! So I did not pursue this
# option further.
#
# Instead, testing `site.getsitepackages()` contains has the right path, whereas
# `site.getusersitepackages()` is about the system python (very confusing).
#
# We can't use the environment variable POETRY_VIRTUALENVS_OPTIONS_NO_PIP because it
# does not work, see https://github.com/python-poetry/poetry/issues/5906
import site
if sys.platform.startswith("win32"):
# On windows, the last entry of `site.getsitepackages()` has the right path
print(site.getsitepackages()[-1])
else:
# on unix, the first entry of `site.getsitepackages()` has the right path
print(site.getsitepackages()[0])

3
python-setup/tests/from_python_exe.py
View file

@ -9,8 +9,7 @@ def get_details(path_to_python_exe: str) -> Tuple[str, str]:
import_path = subprocess.check_output( import_path = subprocess.check_output(
[ [
path_to_python_exe, path_to_python_exe,
"-c", os.path.join(os.path.dirname(__file__), "..", "find_site_packages.py")
"import os; import pip; print(os.path.dirname(os.path.dirname(pip.__file__)))",
], ],
stdin=subprocess.DEVNULL, stdin=subprocess.DEVNULL,
) )

3
python-setup/tests/poetry/requests-3/poetry.toml
View file

@ -1,2 +1,5 @@
[virtualenvs] [virtualenvs]
in-project = true in-project = true
[virtualenvs.options]
no-pip = true

7
src/analyze.ts
View file

@ -88,6 +88,8 @@ async function setupPythonExtractor(logger: Logger) {
return; return;
} }
const scriptsFolder = path.resolve(__dirname, "../python-setup");
let output = ""; let output = "";
const options = { const options = {
listeners: { listeners: {
@ -99,10 +101,7 @@ async function setupPythonExtractor(logger: Logger) {
await new toolrunner.ToolRunner( await new toolrunner.ToolRunner(
codeqlPython, codeqlPython,
[ [path.join(scriptsFolder, "find_site_packages.py")],
"-c",
"import os; import pip; print(os.path.dirname(os.path.dirname(pip.__file__)))",
],
options options
).exec(); ).exec();
logger.info(`Setting LGTM_INDEX_IMPORT_PATH=${output}`); logger.info(`Setting LGTM_INDEX_IMPORT_PATH=${output}`);