Adds check on inputs and compiled files

2022-01-25 22:37:02 -05:00 · 2022-01-25 22:37:02 -05:00 · 1eaaf07b91
commit 1eaaf07b91
parent 5916f9896d
10 changed files with 111 additions and 15 deletions
--- a/lib/actions-util.js
+++ b/lib/actions-util.js
@ -51,10 +51,10 @@ exports.getRequiredInput = getRequiredInput;
 * This allows us to get stronger type checking of required/optional inputs
 * and make behaviour more consistent between actions and the runner.
 */
-function getOptionalInput(name) {
+const getOptionalInput = function (name) {
    const value = core.getInput(name);
    return value.length > 0 ? value : undefined;
-}
+};
 exports.getOptionalInput = getOptionalInput;
 function getTemporaryDirectory() {
    const value = process.env["CODEQL_ACTION_TEMP"];
@ -97,9 +97,9 @@ const getCommitOid = async function (ref = "HEAD") {
        return commitOid.trim();
    }
    catch (e) {
-        core.info(`Failed to call git to get current commit. Continuing with data from environment: ${e}`);
+        core.info(`Failed to call git to get current commit. Continuing with data from environment or input: ${e}`);
        core.info(e.stack || "NO STACK");
-        return (0, util_1.getRequiredEnvParam)("GITHUB_SHA");
+        return (0, exports.getOptionalInput)("sha") || (0, util_1.getRequiredEnvParam)("GITHUB_SHA");
    }
 };
 exports.getCommitOid = getCommitOid;
@ -373,8 +373,21 @@ exports.computeAutomationID = computeAutomationID;
 async function getRef() {
    // Will be in the form "refs/heads/master" on a push event
    // or in the form "refs/pull/N/merge" on a pull_request event
-    const ref = (0, util_1.getRequiredEnvParam)("GITHUB_REF");
-    const sha = (0, util_1.getRequiredEnvParam)("GITHUB_SHA");
+    const refInput = (0, exports.getOptionalInput)("ref");
+    const shaInput = (0, exports.getOptionalInput)("sha");
+    const hasRefInput = !!refInput;
+    const hasShaInput = !!shaInput;
+    // If one of 'ref' or 'sha' are provided, both are required
+    if ((hasRefInput || hasShaInput) && !(hasRefInput && hasShaInput)) {
+        throw new Error("Both 'ref' and 'sha' are required if one of them is provided.");
+    }
+    const ref = refInput || (0, util_1.getRequiredEnvParam)("GITHUB_REF");
+    const sha = shaInput || (0, util_1.getRequiredEnvParam)("GITHUB_SHA");
+    // If the ref is a user-provided input, we have to skip logic
+    // and assume that it is really where they want to upload the results.
+    if (refInput) {
+        return refInput;
+    }
    // For pull request refs we want to detect whether the workflow
    // has run `git checkout HEAD^2` to analyze the 'head' ref rather
    // than the 'merge' ref. If so, we want to convert the ref that
@ -412,7 +425,7 @@ exports.getRef = getRef;
 * @param exception Exception (only supply if status is 'failure')
 */
 async function createStatusReportBase(actionName, status, actionStartedAt, cause, exception) {
-    const commitOid = process.env["GITHUB_SHA"] || "";
+    const commitOid = (0, exports.getOptionalInput)("sha") || process.env["GITHUB_SHA"] || "";
    const ref = await getRef();
    const workflowRunIDStr = process.env["GITHUB_RUN_ID"];
    let workflowRunID = -1;
--- a/lib/actions-util.js.map
+++ b/lib/actions-util.js.map
--- a/lib/actions-util.test.js
+++ b/lib/actions-util.test.js
@ -71,6 +71,43 @@ function errorCodes(actual, expected) {
    t.deepEqual(actualRef, "refs/pull/1/head");
    callback.restore();
 });
+(0, ava_1.default)("getRef() returns ref provided as an input and ignores current HEAD", async (t) => {
+    const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
+    getAdditionalInputStub.withArgs("ref").resolves("refs/pull/2/merge");
+    getAdditionalInputStub.withArgs("sha").resolves("b".repeat(40));
+    // These values are be ignored
+    process.env["GITHUB_REF"] = "refs/pull/1/merge";
+    process.env["GITHUB_SHA"] = "a".repeat(40);
+    const callback = sinon.stub(actionsutil, "getCommitOid");
+    callback.withArgs("refs/pull/1/merge").resolves("b".repeat(40));
+    callback.withArgs("HEAD").resolves("b".repeat(40));
+    const actualRef = await actionsutil.getRef();
+    t.deepEqual(actualRef, "refs/pull/2/merge");
+    callback.restore();
+    getAdditionalInputStub.restore();
+});
+(0, ava_1.default)("getRef() throws an error if only `ref` is provided as an input", async (t) => {
+    const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
+    getAdditionalInputStub.withArgs("ref").resolves("refs/pull/1/merge");
+    await t.throwsAsync(async () => {
+        await actionsutil.getRef();
+    }, {
+        instanceOf: Error,
+        message: "Both 'ref' and 'sha' are required if one of them is provided.",
+    });
+    getAdditionalInputStub.restore();
+});
+(0, ava_1.default)("getRef() throws an error if only `sha` is provided as an input", async (t) => {
+    const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
+    getAdditionalInputStub.withArgs("sha").resolves("a".repeat(40));
+    await t.throwsAsync(async () => {
+        await actionsutil.getRef();
+    }, {
+        instanceOf: Error,
+        message: "Both 'ref' and 'sha' are required if one of them is provided.",
+    });
+    getAdditionalInputStub.restore();
+});
 (0, ava_1.default)("computeAutomationID()", async (t) => {
    let actualAutomationID = actionsutil.computeAutomationID(".github/workflows/codeql-analysis.yml:analyze", '{"language": "javascript", "os": "linux"}');
    t.deepEqual(actualAutomationID, ".github/workflows/codeql-analysis.yml:analyze/language:javascript/os:linux/");
--- a/lib/actions-util.test.js.map
+++ b/lib/actions-util.test.js.map
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@ -109,6 +109,7 @@ async function run() {
        core.setOutput("db-locations", dbLocations);
        if (runStats && actionsUtil.getRequiredInput("upload") === "true") {
            uploadResult = await upload_lib.uploadFromActions(outputDir, config.gitHubVersion, apiDetails, logger);
+            core.setOutput('sarif-id', uploadResult.sarifID);
        }
        else {
            logger.info("Not uploading results");
--- a/lib/analyze-action.js.map
+++ b/lib/analyze-action.js.map
--- a/lib/upload-sarif-action.js
+++ b/lib/upload-sarif-action.js
@ -48,6 +48,7 @@ async function run() {
        };
        const gitHubVersion = await (0, util_1.getGitHubVersion)(apiDetails);
        const uploadResult = await upload_lib.uploadFromActions(actionsUtil.getRequiredInput("sarif_file"), gitHubVersion, apiDetails, (0, logging_1.getActionsLogger)());
+        core.setOutput('sarif-id', uploadResult.sarifID);
        if (actionsUtil.getRequiredInput("wait-for-processing") === "true") {
            await upload_lib.waitForProcessing((0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY")), uploadResult.sarifID, apiDetails, (0, logging_1.getActionsLogger)());
        }
--- a/lib/upload-sarif-action.js.map
+++ b/lib/upload-sarif-action.js.map
@ -1 +1 @@
-{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,uCAA6C;AAC7C,6CAAkD;AAClD,yDAA2C;AAC3C,iCAKgB;AAEhB,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAMvC,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C;IAE1C,MAAM,gBAAgB,GAAG,MAAM,WAAW,CAAC,sBAAsB,CAC/D,cAAc,EACd,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IACE,CAAC,CAAC,MAAM,WAAW,CAAC,gBAAgB,CAClC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,UAAU,EACV,SAAS,CACV,CACF,CAAC,EACF;QACA,OAAO;KACR;IAED,IAAI;QACF,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE,WAAW,CAAC,gBAAgB,CAAC,OAAO,CAAC;YAC3C,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;SAC9C,CAAC;QAEF,MAAM,aAAa,GAAG,MAAM,IAAA,uBAAgB,EAAC,UAAU,CAAC,CAAC;QAEzD,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,aAAa,EACb,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;QACF,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE;YAClE,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;SACH;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;KACrE;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,KAAK,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,WAAW,CAAC,gBAAgB,CAChC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,SAAS,EACT,SAAS,EACT,OAAO,EACP,KAAK,CACN,CACF,CAAC;QACF,OAAO;KACR;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,sCAAsC,KAAK,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
+{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,uCAA6C;AAC7C,6CAAkD;AAClD,yDAA2C;AAC3C,iCAKgB;AAEhB,8CAA8C;AAC9C,MAAM,GAAG,GAAG,OAAO,CAAC,iBAAiB,CAAC,CAAC;AAMvC,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C;IAE1C,MAAM,gBAAgB,GAAG,MAAM,WAAW,CAAC,sBAAsB,CAC/D,cAAc,EACd,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AACnD,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,IAAA,4BAAqB,EAAC,WAAI,CAAC,OAAO,EAAE,GAAG,CAAC,OAAO,CAAC,CAAC;IACjD,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IACE,CAAC,CAAC,MAAM,WAAW,CAAC,gBAAgB,CAClC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,UAAU,EACV,SAAS,CACV,CACF,CAAC,EACF;QACA,OAAO;KACR;IAED,IAAI;QACF,MAAM,UAAU,GAAG;YACjB,IAAI,EAAE,WAAW,CAAC,gBAAgB,CAAC,OAAO,CAAC;YAC3C,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;SAC9C,CAAC;QAEF,MAAM,aAAa,GAAG,MAAM,IAAA,uBAAgB,EAAC,UAAU,CAAC,CAAC;QAEzD,MAAM,YAAY,GAAG,MAAM,UAAU,CAAC,iBAAiB,CACrD,WAAW,CAAC,gBAAgB,CAAC,YAAY,CAAC,EAC1C,aAAa,EACb,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;QACF,IAAI,CAAC,SAAS,CAAC,UAAU,EAAE,YAAY,CAAC,OAAO,CAAC,CAAC;QACjD,IAAI,WAAW,CAAC,gBAAgB,CAAC,qBAAqB,CAAC,KAAK,MAAM,EAAE;YAClE,MAAM,UAAU,CAAC,iBAAiB,CAChC,IAAA,+BAAkB,EAAC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,EAC5D,YAAY,CAAC,OAAO,EACpB,UAAU,EACV,IAAA,0BAAgB,GAAE,CACnB,CAAC;SACH;QACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,YAAY,CAAC,YAAY,CAAC,CAAC;KACrE;IAAC,OAAO,KAAK,EAAE;QACd,MAAM,OAAO,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACvE,MAAM,KAAK,GAAG,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QACnE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QACxB,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,WAAW,CAAC,gBAAgB,CAChC,MAAM,WAAW,CAAC,sBAAsB,CACtC,cAAc,EACd,SAAS,EACT,SAAS,EACT,OAAO,EACP,KAAK,CACN,CACF,CAAC;QACF,OAAO;KACR;AACH,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI;QACF,MAAM,GAAG,EAAE,CAAC;KACb;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,sCAAsC,KAAK,EAAE,CAAC,CAAC;QAC9D,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;KACpB;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}
--- a/src/actions-util.test.ts
+++ b/src/actions-util.test.ts
@ -79,8 +79,41 @@ test("getRef() returns ref provided as an input and ignores current HEAD", async
  callback.withArgs("HEAD").resolves("b".repeat(40));

  const actualRef = await actionsutil.getRef();
-  t.deepEqual(actualRef, "refs/pull/2/head");
+  t.deepEqual(actualRef, "refs/pull/2/merge");
  callback.restore();
+  getAdditionalInputStub.restore();
+});
+
+test("getRef() throws an error if only `ref` is provided as an input", async (t) => {
+  const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
+  getAdditionalInputStub.withArgs("ref").resolves("refs/pull/1/merge");
+
+  await t.throwsAsync(
+    async () => {
+      await actionsutil.getRef();
+    },
+    {
+      instanceOf: Error,
+      message: "Both 'ref' and 'sha' are required if one of them is provided.",
+    }
+  );
+  getAdditionalInputStub.restore();
+});
+
+test("getRef() throws an error if only `sha` is provided as an input", async (t) => {
+  const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
+  getAdditionalInputStub.withArgs("sha").resolves("a".repeat(40));
+
+  await t.throwsAsync(
+    async () => {
+      await actionsutil.getRef();
+    },
+    {
+      instanceOf: Error,
+      message: "Both 'ref' and 'sha' are required if one of them is provided.",
+    }
+  );
+  getAdditionalInputStub.restore();
 });

 test("computeAutomationID()", async (t) => {
--- a/src/actions-util.ts
+++ b/src/actions-util.ts
@ -33,10 +33,10 @@ export function getRequiredInput(name: string): string {
 * This allows us to get stronger type checking of required/optional inputs
 * and make behaviour more consistent between actions and the runner.
 */
-export function getOptionalInput(name: string): string | undefined {
+export const getOptionalInput = function (name: string): string | undefined {
  const value = core.getInput(name);
  return value.length > 0 ? value : undefined;
-}
+};

 export function getTemporaryDirectory(): string {
  const value = process.env["CODEQL_ACTION_TEMP"];
@ -432,8 +432,19 @@ export async function getRef(): Promise<string> {
  // Will be in the form "refs/heads/master" on a push event
  // or in the form "refs/pull/N/merge" on a pull_request event
  const refInput = getOptionalInput("ref");
+  const shaInput = getOptionalInput("sha");
+
+  const hasRefInput = !!refInput;
+  const hasShaInput = !!shaInput;
+  // If one of 'ref' or 'sha' are provided, both are required
+  if ((hasRefInput || hasShaInput) && !(hasRefInput && hasShaInput)) {
+    throw new Error(
+      "Both 'ref' and 'sha' are required if one of them is provided."
+    );
+  }
+
  const ref = refInput || getRequiredEnvParam("GITHUB_REF");
-  const sha = getOptionalInput("sha") || getRequiredEnvParam("GITHUB_SHA");
+  const sha = shaInput || getRequiredEnvParam("GITHUB_SHA");

  // If the ref is a user-provided input, we have to skip logic
  // and assume that it is really where they want to upload the results.