robojerk/codeql-action

Supply authorization parameter to toolcache.downloadTool()

Browse source 
Previously we supplied the authorization information via the 'headers'
parameter. This works fine, except in some cases when the request is
retried.
This commit is contained in:
Arthur Baars 2023-02-03 14:55:56 +01:00
parent 0b2a40fa4a
commit 2fed02cbe2
3 changed files with 7 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
lib/setup-codeql.js generated
View file

@ -411,12 +411,13 @@ async function downloadCodeQL(codeqlURL, maybeCliVersion, apiDetails, variant, t
// from the same GitHub instance the Action is running on.
// This avoids leaking Enterprise tokens to dotcom.
// We also don't want to send an authorization header if there's already a token provided in the URL.
let authorization = undefined;
if (searchParams.has("token")) {
logger.debug("CodeQL tools URL contains an authorization token.");
}
else if (codeqlURL.startsWith(`${apiDetails.url}/`)) {
logger.debug("Providing an authorization token to download CodeQL tools.");
headers.authorization = `token ${apiDetails.auth}`;
authorization = `token ${apiDetails.auth}`;
}
else {
logger.debug("Downloading CodeQL tools without an authorization token.");
@ -425,7 +426,7 @@ async function downloadCodeQL(codeqlURL, maybeCliVersion, apiDetails, variant, t
const dest = path.join(tempDir, (0, uuid_1.v4)());
const finalHeaders = Object.assign({ "User-Agent": "CodeQL Action" }, headers);
const toolsDownloadStart = perf_hooks_1.performance.now();
const codeqlPath = await toolcache.downloadTool(codeqlURL, dest, undefined, finalHeaders);
const codeqlPath = await toolcache.downloadTool(codeqlURL, dest, authorization, finalHeaders);
const toolsDownloadDurationMs = Math.round(perf_hooks_1.performance.now() - toolsDownloadStart);
logger.debug(`CodeQL bundle download to ${codeqlPath} complete.`);
const codeqlExtracted = await toolcache.extractTar(codeqlPath);

2
lib/setup-codeql.js.map
View file

File diff suppressed because one or more lines are too long

5
src/setup-codeql.ts
View file

@ -543,11 +543,12 @@ export async function downloadCodeQL(
// from the same GitHub instance the Action is running on.
// This avoids leaking Enterprise tokens to dotcom.
// We also don't want to send an authorization header if there's already a token provided in the URL.
let authorization: string | undefined = undefined;
if (searchParams.has("token")) {
logger.debug("CodeQL tools URL contains an authorization token.");
} else if (codeqlURL.startsWith(`${apiDetails.url}/`)) {
logger.debug("Providing an authorization token to download CodeQL tools.");
headers.authorization = `token ${apiDetails.auth}`;
authorization = `token ${apiDetails.auth}`;
} else {
logger.debug("Downloading CodeQL tools without an authorization token.");
}
@ -565,7 +566,7 @@ export async function downloadCodeQL(
const codeqlPath = await toolcache.downloadTool(
codeqlURL,
dest,
undefined,
authorization,
finalHeaders
);
const toolsDownloadDurationMs = Math.round(