avoid sending status reports on enterprise
This commit is contained in:
Robert Brignull
parent
e8896a906a
commit
368c14c502
6 changed files with 60 additions and 21 deletions
14
lib/codeql.js
generated
14
lib/codeql.js
generated
|
|
@ -35,11 +35,7 @@ let cachedCodeQL = undefined;
|
|||
const CODEQL_ACTION_CMD = "CODEQL_ACTION_CMD";
|
||||
const CODEQL_BUNDLE_VERSION = "codeql-bundle-20200630";
|
||||
const CODEQL_BUNDLE_NAME = "codeql-bundle.tar.gz";
|
||||
const GITHUB_DOTCOM_API_URL = "https://api.github.com";
|
||||
const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
|
||||
function getInstanceAPIURL() {
|
||||
return process.env["GITHUB_API_URL"] || GITHUB_DOTCOM_API_URL;
|
||||
}
|
||||
function getCodeQLActionRepository() {
|
||||
// Actions do not know their own repository name,
|
||||
// so we currently use this hack to find the name based on where our files are.
|
||||
|
|
@ -59,11 +55,11 @@ async function getCodeQLBundleDownloadURL() {
|
|||
const codeQLActionRepository = getCodeQLActionRepository();
|
||||
const potentialDownloadSources = [
|
||||
// This GitHub instance, and this Action.
|
||||
[getInstanceAPIURL(), codeQLActionRepository],
|
||||
[util.getInstanceAPIURL(), codeQLActionRepository],
|
||||
// This GitHub instance, and the canonical Action.
|
||||
[getInstanceAPIURL(), CODEQL_DEFAULT_ACTION_REPOSITORY],
|
||||
[util.getInstanceAPIURL(), CODEQL_DEFAULT_ACTION_REPOSITORY],
|
||||
// GitHub.com, and the canonical Action.
|
||||
[GITHUB_DOTCOM_API_URL, CODEQL_DEFAULT_ACTION_REPOSITORY],
|
||||
[util.GITHUB_DOTCOM_API_URL, CODEQL_DEFAULT_ACTION_REPOSITORY],
|
||||
];
|
||||
// We now filter out any duplicates.
|
||||
// Duplicates will happen either because the GitHub instance is GitHub.com, or because the Action is not a fork.
|
||||
|
|
@ -71,7 +67,7 @@ async function getCodeQLBundleDownloadURL() {
|
|||
for (let downloadSource of uniqueDownloadSources) {
|
||||
let [apiURL, repository] = downloadSource;
|
||||
// If we've reached the final case, short-circuit the API check since we know the bundle exists and is public.
|
||||
if (apiURL === GITHUB_DOTCOM_API_URL && repository === CODEQL_DEFAULT_ACTION_REPOSITORY) {
|
||||
if (apiURL === util.GITHUB_DOTCOM_API_URL && repository === CODEQL_DEFAULT_ACTION_REPOSITORY) {
|
||||
break;
|
||||
}
|
||||
let [repositoryOwner, repositoryName] = repository.split("/");
|
||||
|
|
@ -126,7 +122,7 @@ async function setupCodeQL() {
|
|||
// We only want to provide an authorization header if we are downloading
|
||||
// from the same GitHub instance the Action is running on.
|
||||
// This avoids leaking Enterprise tokens to dotcom.
|
||||
if (codeqlURL.startsWith(getInstanceAPIURL() + "/")) {
|
||||
if (codeqlURL.startsWith(util.getInstanceAPIURL() + "/")) {
|
||||
core.debug('Downloading CodeQL bundle with token.');
|
||||
let token = core.getInput('token', { required: true });
|
||||
headers.authorization = `token ${token}`;
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue