Merge pull request #128 from github/enterprise_status_reports

Avoid sending status reports on enterprise

lib/codeql.js

@@ -35,11 +35,7 @@ let cachedCodeQL = undefined;
 const CODEQL_ACTION_CMD = "CODEQL_ACTION_CMD";
 const CODEQL_BUNDLE_VERSION = "codeql-bundle-20200630";
 const CODEQL_BUNDLE_NAME = "codeql-bundle.tar.gz";
-const GITHUB_DOTCOM_API_URL = "https://api.github.com";
 const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
-function getInstanceAPIURL() {
-    return process.env["GITHUB_API_URL"] || GITHUB_DOTCOM_API_URL;
-}
 function getCodeQLActionRepository() {
     // Actions do not know their own repository name,
     // so we currently use this hack to find the name based on where our files are.
@@ -59,11 +55,11 @@ async function getCodeQLBundleDownloadURL() {
     const codeQLActionRepository = getCodeQLActionRepository();
     const potentialDownloadSources = [
         // This GitHub instance, and this Action.
-        [getInstanceAPIURL(), codeQLActionRepository],
+        [util.getInstanceAPIURL(), codeQLActionRepository],
         // This GitHub instance, and the canonical Action.
-        [getInstanceAPIURL(), CODEQL_DEFAULT_ACTION_REPOSITORY],
+        [util.getInstanceAPIURL(), CODEQL_DEFAULT_ACTION_REPOSITORY],
         // GitHub.com, and the canonical Action.
-        [GITHUB_DOTCOM_API_URL, CODEQL_DEFAULT_ACTION_REPOSITORY],
+        [util.GITHUB_DOTCOM_API_URL, CODEQL_DEFAULT_ACTION_REPOSITORY],
     ];
     // We now filter out any duplicates.
     // Duplicates will happen either because the GitHub instance is GitHub.com, or because the Action is not a fork.
@@ -71,7 +67,7 @@ async function getCodeQLBundleDownloadURL() {
     for (let downloadSource of uniqueDownloadSources) {
         let [apiURL, repository] = downloadSource;
         // If we've reached the final case, short-circuit the API check since we know the bundle exists and is public.
-        if (apiURL === GITHUB_DOTCOM_API_URL && repository === CODEQL_DEFAULT_ACTION_REPOSITORY) {
+        if (apiURL === util.GITHUB_DOTCOM_API_URL && repository === CODEQL_DEFAULT_ACTION_REPOSITORY) {
             break;
         }
         let [repositoryOwner, repositoryName] = repository.split("/");
@@ -126,7 +122,7 @@ async function setupCodeQL() {
             // We only want to provide an authorization header if we are downloading
             // from the same GitHub instance the Action is running on.
             // This avoids leaking Enterprise tokens to dotcom.
-            if (codeqlURL.startsWith(getInstanceAPIURL() + "/")) {
+            if (codeqlURL.startsWith(util.getInstanceAPIURL() + "/")) {
                 core.debug('Downloading CodeQL bundle with token.');
                 let token = core.getInput('token', { required: true });
                 headers.authorization = `token ${token}`;

lib/util.js

@@ -14,6 +14,25 @@ const os = __importStar(require("os"));
 const path = __importStar(require("path"));
 const api = __importStar(require("./api-client"));
 const sharedEnv = __importStar(require("./shared-environment"));
+/**
+ * The API URL for github.com.
+ */
+exports.GITHUB_DOTCOM_API_URL = "https://api.github.com";
+/**
+ * Get the API URL for the GitHub instance we are connected to.
+ * May be for github.com or for an enterprise instance.
+ */
+function getInstanceAPIURL() {
+    return process.env["GITHUB_API_URL"] || exports.GITHUB_DOTCOM_API_URL;
+}
+exports.getInstanceAPIURL = getInstanceAPIURL;
+/**
+ * Are we running against a GitHub Enterpise instance, as opposed to github.com.
+ */
+function isEnterprise() {
+    return getInstanceAPIURL() !== exports.GITHUB_DOTCOM_API_URL;
+}
+exports.isEnterprise = isEnterprise;
 /**
  * Should the current action be aborted?
  *
@@ -198,6 +217,10 @@ exports.createStatusReportBase = createStatusReportBase;
  * Returns whether sending the status report was successful of not.
  */
 async function sendStatusReport(statusReport, ignoreFailures) {
+    if (isEnterprise()) {
+        core.debug("Not sending status report to GitHub Enterprise");
+        return true;
+    }
     const statusReportJSON = JSON.stringify(statusReport);
     core.debug('Sending status report: ' + statusReportJSON);
     const nwo = getRequiredEnvParam("GITHUB_REPOSITORY");

src/codeql.ts

@@ -83,13 +83,8 @@ const CODEQL_ACTION_CMD = "CODEQL_ACTION_CMD";
 
 const CODEQL_BUNDLE_VERSION = "codeql-bundle-20200630";
 const CODEQL_BUNDLE_NAME = "codeql-bundle.tar.gz";
-const GITHUB_DOTCOM_API_URL = "https://api.github.com";
 const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
 
-function getInstanceAPIURL(): string {
-  return process.env["GITHUB_API_URL"] || GITHUB_DOTCOM_API_URL;
-}
-
 function getCodeQLActionRepository(): string {
   // Actions do not know their own repository name,
   // so we currently use this hack to find the name based on where our files are.
@@ -110,11 +105,11 @@ async function getCodeQLBundleDownloadURL(): Promise<string> {
   const codeQLActionRepository = getCodeQLActionRepository();
   const potentialDownloadSources = [
     // This GitHub instance, and this Action.
-    [getInstanceAPIURL(), codeQLActionRepository],
+    [util.getInstanceAPIURL(), codeQLActionRepository],
     // This GitHub instance, and the canonical Action.
-    [getInstanceAPIURL(), CODEQL_DEFAULT_ACTION_REPOSITORY],
+    [util.getInstanceAPIURL(), CODEQL_DEFAULT_ACTION_REPOSITORY],
     // GitHub.com, and the canonical Action.
-    [GITHUB_DOTCOM_API_URL, CODEQL_DEFAULT_ACTION_REPOSITORY],
+    [util.GITHUB_DOTCOM_API_URL, CODEQL_DEFAULT_ACTION_REPOSITORY],
   ];
   // We now filter out any duplicates.
   // Duplicates will happen either because the GitHub instance is GitHub.com, or because the Action is not a fork.
@@ -122,7 +117,7 @@ async function getCodeQLBundleDownloadURL(): Promise<string> {
   for (let downloadSource of uniqueDownloadSources) {
     let [apiURL, repository] = downloadSource;
     // If we've reached the final case, short-circuit the API check since we know the bundle exists and is public.
-    if (apiURL === GITHUB_DOTCOM_API_URL && repository === CODEQL_DEFAULT_ACTION_REPOSITORY) {
+    if (apiURL === util.GITHUB_DOTCOM_API_URL && repository === CODEQL_DEFAULT_ACTION_REPOSITORY) {
       break;
     }
     let [repositoryOwner, repositoryName] = repository.split("/");
@@ -181,7 +176,7 @@ export async function setupCodeQL(): Promise<CodeQL> {
       // We only want to provide an authorization header if we are downloading
       // from the same GitHub instance the Action is running on.
       // This avoids leaking Enterprise tokens to dotcom.
-      if (codeqlURL.startsWith(getInstanceAPIURL() + "/")) {
+      if (codeqlURL.startsWith(util.getInstanceAPIURL() + "/")) {
         core.debug('Downloading CodeQL bundle with token.');
         let token = core.getInput('token', { required: true });
         headers.authorization = `token ${token}`;

src/util.ts

@@ -7,6 +7,26 @@ import * as path from 'path';
 import * as api from './api-client';
 import * as sharedEnv from './shared-environment';
 
+/**
+ * The API URL for github.com.
+ */
+export const GITHUB_DOTCOM_API_URL = "https://api.github.com";
+
+/**
+ * Get the API URL for the GitHub instance we are connected to.
+ * May be for github.com or for an enterprise instance.
+ */
+export function getInstanceAPIURL(): string {
+  return process.env["GITHUB_API_URL"] || GITHUB_DOTCOM_API_URL;
+}
+
+/**
+ * Are we running against a GitHub Enterpise instance, as opposed to github.com.
+ */
+export function isEnterprise(): boolean {
+  return getInstanceAPIURL() !== GITHUB_DOTCOM_API_URL;
+}
+
 /**
  * Should the current action be aborted?
  *
@@ -248,6 +268,11 @@ export async function sendStatusReport<S extends StatusReportBase>(
   statusReport: S,
   ignoreFailures?: boolean): Promise<boolean> {
 
+  if (isEnterprise()) {
+    core.debug("Not sending status report to GitHub Enterprise");
+    return true;
+  }
+
   const statusReportJSON = JSON.stringify(statusReport);
 
   core.debug('Sending status report: ' + statusReportJSON);