robojerk/codeql-action

Merge remote-tracking branch 'upstream/main' into aeisenberg/enable-kotlin-tests

Browse source
This commit is contained in:
Andrew Eisenberg 2024-06-14 13:20:03 -07:00
commit 3f41e06a52
No known key found for this signature in database
964 changed files with 33911 additions and 44091 deletions
Download patch file Download diff file Expand all files Collapse all files

10
.eslintrc.json
View file

@ -41,29 +41,23 @@
"ignoreTemplateLiterals": true "ignoreTemplateLiterals": true
}], }],
"no-async-foreach/no-async-foreach": "error", "no-async-foreach/no-async-foreach": "error",
"no-console": "off",
"no-sequences": "error", "no-sequences": "error",
"no-shadow": "off", "no-shadow": "off",
"@typescript-eslint/no-shadow": ["error"], "@typescript-eslint/no-shadow": "error",
"one-var": ["error", "never"] "one-var": ["error", "never"]
}, },
"overrides": [{ "overrides": [{
// "temporarily downgraded during transition to eslint // "temporarily downgraded during transition to eslint
"files": "**", "files": "**",
"rules": { "rules": {
"@typescript-eslint/ban-types": "off",
"@typescript-eslint/explicit-module-boundary-types": "off",
"@typescript-eslint/no-explicit-any": "off", "@typescript-eslint/no-explicit-any": "off",
"@typescript-eslint/no-unsafe-assignment": "off", "@typescript-eslint/no-unsafe-assignment": "off",
"@typescript-eslint/no-unsafe-call": "off",
"@typescript-eslint/no-unsafe-member-access": "off", "@typescript-eslint/no-unsafe-member-access": "off",
"@typescript-eslint/no-unsafe-return": "off",
"@typescript-eslint/no-var-requires": "off", "@typescript-eslint/no-var-requires": "off",
"@typescript-eslint/prefer-regexp-exec": "off", "@typescript-eslint/prefer-regexp-exec": "off",
"@typescript-eslint/require-await": "off", "@typescript-eslint/require-await": "off",
"@typescript-eslint/restrict-template-expressions": "off", "@typescript-eslint/restrict-template-expressions": "off",
"func-style": "off", "func-style": "off"
"sort-imports": "off"
} }
}], }],
"settings": { "settings": {

11
.github/actions/check-codescanning-config/action.yml vendored
View file

@ -29,7 +29,16 @@ inputs:
tools: tools:
required: true required: true
description: | description: |
The url of codeql to use. The version of CodeQL passed to the `tools` input of the init action.
This can be any of the following:
- A local path to a tarball containing the CodeQL tools, or
- A URL to a GitHub release assets containing the CodeQL tools, or
- A special value `linked` which is forcing the use of the CodeQL tools
that the action has been bundled with.
If not specified, the Action will check in several places until it finds
the CodeQL tools.
runs: runs:
using: composite using: composite

6
.github/actions/prepare-test/action.yml vendored
View file

@ -2,7 +2,7 @@ name: "Prepare test"
description: Performs some preparation to run tests description: Performs some preparation to run tests
inputs: inputs:
version: version:
description: "The version of the CodeQL CLI to use. Can be 'latest', 'default', 'nightly-latest', 'nightly-YYYY-MM-DD', or 'stable-YYYY-MM-DD'." description: "The version of the CodeQL CLI to use. Can be 'linked', 'default', 'nightly-latest', 'nightly-YYYY-MM-DD', or 'stable-YYYY-MM-DD'."
required: true required: true
use-all-platform-bundle: use-all-platform-bundle:
description: "If true, we output a tools URL with codeql-bundle.tar.gz file rather than platform-specific URL" description: "If true, we output a tools URL with codeql-bundle.tar.gz file rather than platform-specific URL"
@ -54,8 +54,8 @@ runs:
elif [[ ${{ inputs.version }} == *"stable"* ]]; then elif [[ ${{ inputs.version }} == *"stable"* ]]; then
version=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'` version=`echo ${{ inputs.version }} | sed -e 's/^.*\-//'`
echo "tools-url=https://github.com/github/codeql-action/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT echo "tools-url=https://github.com/github/codeql-action/releases/download/codeql-bundle-$version/$artifact_name" >> $GITHUB_OUTPUT
elif [[ ${{ inputs.version }} == "latest" ]]; then elif [[ ${{ inputs.version }} == "linked" ]]; then
echo "tools-url=latest" >> $GITHUB_OUTPUT echo "tools-url=linked" >> $GITHUB_OUTPUT
elif [[ ${{ inputs.version }} == "default" ]]; then elif [[ ${{ inputs.version }} == "default" ]]; then
echo "tools-url=" >> $GITHUB_OUTPUT echo "tools-url=" >> $GITHUB_OUTPUT
else else

12
.github/actions/query-filter-test/action.yml vendored
View file

@ -23,7 +23,16 @@ inputs:
tools: tools:
required: true required: true
description: | description: |
The url of codeql to use. The version of CodeQL passed to the `tools` input of the init action.
This can be any of the following:
- A local path to a tarball containing the CodeQL tools, or
- A URL to a GitHub release assets containing the CodeQL tools, or
- A special value `linked` which is forcing the use of the CodeQL tools
that the action has been bundled with.
If not specified, the Action will check in several places until it finds
the CodeQL tools.
runs: runs:
using: composite using: composite
@ -39,7 +48,6 @@ runs:
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
output: ${{ runner.temp }}/results output: ${{ runner.temp }}/results
upload-database: false
upload: never upload: never
env: env:
CODEQL_ACTION_TEST_MODE: "true" CODEQL_ACTION_TEST_MODE: "true"

4
.github/actions/release-initialise/action.yml vendored
View file

@ -18,12 +18,12 @@ runs:
- name: Set up Python - name: Set up Python
uses: actions/setup-python@v5 uses: actions/setup-python@v5
with: with:
python-version: 3.8 python-version: 3.12
- name: Install dependencies - name: Install dependencies
run: | run: |
python -m pip install --upgrade pip python -m pip install --upgrade pip
pip install PyGithub==1.55 requests pip install PyGithub==2.3.0 requests
shell: bash shell: bash
- name: Update git config - name: Update git config

2
.github/actions/setup-swift/action.yml vendored
View file

@ -33,7 +33,7 @@ runs:
fi fi
echo "version=$VERSION" | tee -a $GITHUB_OUTPUT echo "version=$VERSION" | tee -a $GITHUB_OUTPUT
- uses: swift-actions/setup-swift@e1dca7c4a36344146bbc2803f0d538462477bb37 # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test. - uses: redsun82/setup-swift@b2b6f77ab14f6a9b136b520dc53ec8eca27d2b99 # Please update the corresponding SHA in the CLI's CodeQL Action Integration Test.
if: runner.os == 'Linux' && steps.get_swift_version.outputs.version != 'null' if: runner.os == 'Linux' && steps.get_swift_version.outputs.version != 'null'
with: with:
swift-version: "${{ steps.get_swift_version.outputs.version }}" swift-version: "${{ steps.get_swift_version.outputs.version }}"

29
.github/update-release-branch.py vendored
View file

@ -1,5 +1,6 @@
import argparse import argparse
import datetime import datetime
import fileinput
import re import re
from github import Github from github import Github
import json import json
@ -171,6 +172,19 @@ def get_current_version():
with open('package.json', 'r') as f: with open('package.json', 'r') as f:
return json.load(f)['version'] return json.load(f)['version']
# `npm version` doesn't always work because of merge conflicts, so we
# replace the version in package.json textually.
def replace_version_package_json(prev_version, new_version):
prev_line_is_codeql = False
for line in fileinput.input('package.json', inplace = True, encoding='utf-8'):
if prev_line_is_codeql and f'\"version\": \"{prev_version}\"' in line:
print(line.replace(prev_version, new_version), end='')
else:
prev_line_is_codeql = False
print(line, end='')
if '\"name\": \"codeql\",' in line:
prev_line_is_codeql = True
def get_today_string(): def get_today_string():
today = datetime.datetime.today() today = datetime.datetime.today()
return '{:%d %b %Y}'.format(today) return '{:%d %b %Y}'.format(today)
@ -186,16 +200,17 @@ def process_changelog_for_backports(source_branch_major_version, target_branch_m
with open('CHANGELOG.md', 'r') as f: with open('CHANGELOG.md', 'r') as f:
# until we find the first section, just duplicate all lines # until we find the first section, just duplicate all lines
while True: found_first_section = False
while not found_first_section:
line = f.readline() line = f.readline()
if not line: if not line:
raise Exception('Could not find any change sections in CHANGELOG.md') # EOF raise Exception('Could not find any change sections in CHANGELOG.md') # EOF
output += line
if line.startswith('## '): if line.startswith('## '):
line = line.replace(f'## {source_branch_major_version}', f'## {target_branch_major_version}') line = line.replace(f'## {source_branch_major_version}', f'## {target_branch_major_version}')
# we have found the first section, so now handle things differently found_first_section = True
break
output += line
# found_content tracks whether we hit two headings in a row # found_content tracks whether we hit two headings in a row
found_content = False found_content = False
@ -373,9 +388,9 @@ def main():
run_git('commit', '--no-edit') run_git('commit', '--no-edit')
# Migrate the package version number from a vLatest version number to a vOlder version number # Migrate the package version number from a vLatest version number to a vOlder version number
print(f'Setting version number to {version}') print(f'Setting version number to {version} in package.json')
subprocess.check_output(['npm', 'version', version, '--no-git-tag-version']) replace_version_package_json(get_current_version(), version) # We rely on the `Update dependencies` workflow to update package-lock.json
run_git('add', 'package.json', 'package-lock.json') run_git('add', 'package.json')
# Migrate the changelog notes from vLatest version numbers to vOlder version numbers # Migrate the changelog notes from vLatest version numbers to vOlder version numbers
print(f'Migrating changelog notes from v{source_branch_major_version} to v{target_branch_major_version}') print(f'Migrating changelog notes from v{source_branch_major_version} to v{target_branch_major_version}')

85
.github/workflows/__all-platform-bundle.yml generated vendored
View file

@ -10,22 +10,25 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
all-platform-bundle: all-platform-bundle:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: All-platform bundle name: All-platform bundle
permissions: permissions:
contents: read contents: read
@ -33,45 +36,37 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'true'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'true' - id: init
setup-kotlin: true uses: ./../action/init
- name: Set environment variable for Swift enablement with:
if: runner.os != 'Windows' && matrix.version == '20221211' tools: ${{ steps.prepare-test.outputs.tools-url }}
shell: bash - uses: ./../action/.github/actions/setup-swift
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV with:
- id: init codeql-path: ${{ steps.init.outputs.codeql-path }}
uses: ./../action/init - name: Build code
with: shell: bash
tools: ${{ steps.prepare-test.outputs.tools-url }} run: ./build.sh
- uses: ./../action/.github/actions/setup-swift - uses: ./../action/analyze
with:
codeql-path: ${{ steps.init.outputs.codeql-path }}
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
upload-database: false
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

96
.github/workflows/__analyze-ref-input.yml generated vendored
View file

@ -10,26 +10,29 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
analyze-ref-input: analyze-ref-input:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
name: "Analyze: 'ref' and 'sha' from inputs" name: "Analyze: 'ref' and 'sha' from inputs"
permissions: permissions:
contents: read contents: read
@ -37,46 +40,39 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - uses: ./../action/init
setup-kotlin: true with:
- name: Set environment variable for Swift enablement tools: ${{ steps.prepare-test.outputs.tools-url }}
if: runner.os != 'Windows' && matrix.version == '20221211' languages: cpp,csharp,java,javascript,python
shell: bash config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV github.sha }}
- uses: ./../action/init - name: Build code
with: shell: bash
tools: ${{ steps.prepare-test.outputs.tools-url }} run: ./build.sh
languages: cpp,csharp,java,javascript,python - uses: ./../action/analyze
config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ with:
github.sha }} ref: refs/heads/main
- name: Build code sha: 5e235361806c361d4d3f8859e3c897658025a9a2
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
upload-database: false
ref: refs/heads/main
sha: 5e235361806c361d4d3f8859e3c897658025a9a2
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

113
.github/workflows/__autobuild-action.yml generated vendored
View file

@ -10,26 +10,29 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
autobuild-action: autobuild-action:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: macos-latest - os: macos-latest
version: latest version: linked
- os: windows-latest - os: windows-latest
version: latest version: linked
name: autobuild-action name: autobuild-action
permissions: permissions:
contents: read contents: read
@ -37,56 +40,48 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - uses: ./../action/init
setup-kotlin: true with:
- name: Set environment variable for Swift enablement languages: csharp
if: runner.os != 'Windows' && matrix.version == '20221211' tools: ${{ steps.prepare-test.outputs.tools-url }}
shell: bash - uses: ./../action/autobuild
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV env:
- uses: ./../action/init
with:
languages: csharp
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/autobuild
env:
# Explicitly disable the CLR tracer. # Explicitly disable the CLR tracer.
COR_ENABLE_PROFILING: '' COR_ENABLE_PROFILING: ''
COR_PROFILER: '' COR_PROFILER: ''
COR_PROFILER_PATH_64: '' COR_PROFILER_PATH_64: ''
CORECLR_ENABLE_PROFILING: '' CORECLR_ENABLE_PROFILING: ''
CORECLR_PROFILER: '' CORECLR_PROFILER: ''
CORECLR_PROFILER_PATH_64: '' CORECLR_PROFILER_PATH_64: ''
- uses: ./../action/analyze - uses: ./../action/analyze
with: - name: Check database
upload-database: false shell: bash
- name: Check database run: |
shell: bash cd "$RUNNER_TEMP/codeql_databases"
run: | if [[ ! -d csharp ]]; then
cd "$RUNNER_TEMP/codeql_databases" echo "Did not find a C# database"
if [[ ! -d csharp ]]; then exit 1
echo "Did not find a C# database" fi
exit 1
fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

92
.github/workflows/__autobuild-direct-tracing-with-working-dir.yml generated vendored Normal file
View file

@ -0,0 +1,92 @@
# Warning: This file is generated automatically, and should not be modified.
# Instead, please modify the template in the pr-checks directory and run:
# (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
# to regenerate this file.
name: PR Check - Autobuild direct tracing (custom working directory)
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto
on:
push:
branches:
- main
- releases/v*
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {}
jobs:
autobuild-direct-tracing-with-working-dir:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: windows-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
- os: windows-latest
version: nightly-latest
name: Autobuild direct tracing (custom working directory)
permissions:
contents: read
security-events: write
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
uses: actions/setup-python@v5
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Test setup
shell: bash
run: |
# Make sure that Gradle build succeeds in autobuild-dir ...
cp -a ../action/tests/java-repo autobuild-dir
# ... and fails if attempted in the current directory
echo > build.gradle
- uses: ./../action/init
with:
build-mode: autobuild
languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Check that indirect tracing is disabled
shell: bash
run: |
if [[ ! -z "${CODEQL_RUNNER}" ]]; then
echo "Expected indirect tracing to be disabled, but the" \
"CODEQL_RUNNER environment variable is set."
exit 1
fi
- uses: ./../action/autobuild
with:
working-directory: autobuild-dir
- uses: ./../action/analyze
env:
CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true
CODEQL_ACTION_TEST_MODE: true

93
.github/workflows/__autobuild-direct-tracing.yml generated vendored Normal file
View file

@ -0,0 +1,93 @@
# Warning: This file is generated automatically, and should not be modified.
# Instead, please modify the template in the pr-checks directory and run:
# (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
# to regenerate this file.
name: PR Check - Autobuild direct tracing
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto
on:
push:
branches:
- main
- releases/v*
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {}
jobs:
autobuild-direct-tracing:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
- os: windows-latest
version: linked
- os: ubuntu-latest
version: nightly-latest
- os: windows-latest
version: nightly-latest
name: Autobuild direct tracing
permissions:
contents: read
security-events: write
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
uses: actions/setup-python@v5
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Set up Java test repo configuration
shell: bash
run: |
mv * .github ../action/tests/multi-language-repo/
mv ../action/tests/multi-language-repo/.github/workflows .github
mv ../action/tests/java-repo/* .
- uses: ./../action/init
id: init
with:
build-mode: autobuild
db-location: ${{ runner.temp }}/customDbLocation
languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Check that indirect tracing is disabled
shell: bash
run: |
if [[ ! -z "${CODEQL_RUNNER}" ]]; then
echo "Expected indirect tracing to be disabled, but the" \
"CODEQL_RUNNER environment variable is set."
exit 1
fi
- uses: ./../action/analyze
env:
CODEQL_ACTION_AUTOBUILD_BUILD_MODE_DIRECT_TRACING: true
CODEQL_ACTION_TEST_MODE: true

103
.github/workflows/__build-mode-autobuild.yml generated vendored
View file

@ -7,26 +7,28 @@ name: PR Check - Build mode autobuild
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto GO111MODULE: auto
CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
build-mode-autobuild: build-mode-autobuild:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Build mode autobuild name: Build mode autobuild
permissions: permissions:
contents: read contents: read
@ -34,55 +36,50 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Set up Java test repo configuration
run: |
mv * .github ../action/tests/multi-language-repo/
mv ../action/tests/multi-language-repo/.github/workflows .github
mv ../action/tests/java-repo/* .
matrix.version == 'stable-v2.14.6') - uses: ./../action/init
with: id: init
python-version: '3.11' with:
- name: Check out repository build-mode: autobuild
uses: actions/checkout@v4 db-location: ${{ runner.temp }}/customDbLocation
- name: Prepare test languages: java
id: prepare-test tools: ${{ steps.prepare-test.outputs.tools-url }}
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Set up Java test repo configuration
run: |
mv * .github ../action/tests/multi-language-repo/
mv ../action/tests/multi-language-repo/.github/workflows .github
mv ../action/tests/java-repo/* .
- uses: ./../action/init - name: Validate database build mode
id: init run: |
with: metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
build-mode: autobuild build_mode=$(yq eval '.buildMode' "$metadata_path")
db-location: ${{ runner.temp }}/customDbLocation if [[ "$build_mode" != "autobuild" ]]; then
languages: java echo "Expected build mode to be 'autobuild' but was $build_mode"
tools: ${{ steps.prepare-test.outputs.tools-url }} exit 1
fi
- name: Validate database build mode - uses: ./../action/analyze
run: |
metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
build_mode=$(yq eval '.buildMode' "$metadata_path")
if [[ "$build_mode" != "autobuild" ]]; then
echo "Expected build mode to be 'autobuild' but was $build_mode"
exit 1
fi
- uses: ./../action/analyze
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

105
.github/workflows/__build-mode-manual.yml generated vendored
View file

@ -7,26 +7,28 @@ name: PR Check - Build mode manual
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto GO111MODULE: auto
CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
build-mode-manual: build-mode-manual:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Build mode manual name: Build mode manual
permissions: permissions:
contents: read contents: read
@ -34,57 +36,52 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- uses: ./../action/init
id: init
with:
build-mode: manual
db-location: ${{ runner.temp }}/customDbLocation
languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }}
matrix.version == 'stable-v2.14.6') - name: Validate database build mode
with: run: |
python-version: '3.11' metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
- name: Check out repository build_mode=$(yq eval '.buildMode' "$metadata_path")
uses: actions/checkout@v4 if [[ "$build_mode" != "manual" ]]; then
- name: Prepare test echo "Expected build mode to be 'manual' but was $build_mode"
id: prepare-test exit 1
uses: ./.github/actions/prepare-test fi
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init
id: init
with:
build-mode: manual
db-location: ${{ runner.temp }}/customDbLocation
languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Validate database build mode - uses: ./../action/.github/actions/setup-swift
run: | with:
metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml" codeql-path: ${{ steps.init.outputs.codeql-path }}
build_mode=$(yq eval '.buildMode' "$metadata_path")
if [[ "$build_mode" != "manual" ]]; then
echo "Expected build mode to be 'manual' but was $build_mode"
exit 1
fi
- uses: ./../action/.github/actions/setup-swift - name: Build code
with: shell: bash
codeql-path: ${{ steps.init.outputs.codeql-path }} run: ./build.sh
- name: Build code - uses: ./../action/analyze
shell: bash
run: ./build.sh
- uses: ./../action/analyze
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

101
.github/workflows/__build-mode-none.yml generated vendored
View file

@ -7,28 +7,30 @@ name: PR Check - Build mode none
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto GO111MODULE: auto
CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
build-mode-none: build-mode-none:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Build mode none name: Build mode none
permissions: permissions:
contents: read contents: read
@ -36,53 +38,48 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- uses: ./../action/init
id: init
with:
build-mode: none
db-location: ${{ runner.temp }}/customDbLocation
languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }}
matrix.version == 'stable-v2.14.6') - name: Validate database build mode
with: run: |
python-version: '3.11' metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
- name: Check out repository build_mode=$(yq eval '.buildMode' "$metadata_path")
uses: actions/checkout@v4 if [[ "$build_mode" != "none" ]]; then
- name: Prepare test echo "Expected build mode to be 'none' but was $build_mode"
id: prepare-test exit 1
uses: ./.github/actions/prepare-test fi
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init
id: init
with:
build-mode: none
db-location: ${{ runner.temp }}/customDbLocation
languages: java
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Validate database build mode
run: |
metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
build_mode=$(yq eval '.buildMode' "$metadata_path")
if [[ "$build_mode" != "none" ]]; then
echo "Expected build mode to be 'none' but was $build_mode"
exit 1
fi
# The latest nightly supports omitting the autobuild Action when the build mode is specified. # The latest nightly supports omitting the autobuild Action when the build mode is specified.
- uses: ./../action/autobuild - uses: ./../action/autobuild
if: matrix.version != 'nightly-latest' if: matrix.version != 'nightly-latest'
- uses: ./../action/analyze - uses: ./../action/analyze
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

103
.github/workflows/__build-mode-rollback.yml generated vendored
View file

@ -7,26 +7,28 @@ name: PR Check - Build mode rollback
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto GO111MODULE: auto
CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
build-mode-rollback: build-mode-rollback:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Build mode rollback name: Build mode rollback
permissions: permissions:
contents: read contents: read
@ -34,56 +36,51 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Set up Java test repo configuration
run: |
mv * .github ../action/tests/multi-language-repo/
mv ../action/tests/multi-language-repo/.github/workflows .github
mv ../action/tests/java-repo/* .
matrix.version == 'stable-v2.14.6') - uses: ./../action/init
with: id: init
python-version: '3.11' with:
- name: Check out repository build-mode: none
uses: actions/checkout@v4 db-location: ${{ runner.temp }}/customDbLocation
- name: Prepare test languages: java
id: prepare-test tools: ${{ steps.prepare-test.outputs.tools-url }}
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
- name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Set up Java test repo configuration
run: |
mv * .github ../action/tests/multi-language-repo/
mv ../action/tests/multi-language-repo/.github/workflows .github
mv ../action/tests/java-repo/* .
- uses: ./../action/init - name: Validate database build mode
id: init run: |
with: metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
build-mode: none build_mode=$(yq eval '.buildMode' "$metadata_path")
db-location: ${{ runner.temp }}/customDbLocation if [[ "$build_mode" != "autobuild" ]]; then
languages: java echo "Expected build mode to be 'autobuild' but was $build_mode"
tools: ${{ steps.prepare-test.outputs.tools-url }} exit 1
fi
- name: Validate database build mode - uses: ./../action/analyze
run: |
metadata_path="$RUNNER_TEMP/customDbLocation/java/codeql-database.yml"
build_mode=$(yq eval '.buildMode' "$metadata_path")
if [[ "$build_mode" != "autobuild" ]]; then
echo "Expected build mode to be 'autobuild' but was $build_mode"
exit 1
fi
- uses: ./../action/analyze
env: env:
CODEQL_ACTION_DISABLE_JAVA_BUILDLESS: true CODEQL_ACTION_DISABLE_JAVA_BUILDLESS: true
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

81
.github/workflows/__cleanup-db-cluster-dir.yml generated vendored Normal file
View file

@ -0,0 +1,81 @@
# Warning: This file is generated automatically, and should not be modified.
# Instead, please modify the template in the pr-checks directory and run:
# (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
# to regenerate this file.
name: PR Check - Clean up database cluster directory
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto
on:
push:
branches:
- main
- releases/v*
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {}
jobs:
cleanup-db-cluster-dir:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: linked
name: Clean up database cluster directory
permissions:
contents: read
security-events: write
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
uses: actions/setup-python@v5
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Add a file to the database cluster directory
run: |
mkdir -p "${{ runner.temp }}/customDbLocation/javascript"
touch "${{ runner.temp }}/customDbLocation/javascript/a-file-to-clean-up.txt"
- uses: ./../action/init
id: init
with:
build-mode: none
db-location: ${{ runner.temp }}/customDbLocation
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Validate file cleaned up
run: |
if [[ -f "${{ runner.temp }}/customDbLocation/javascript/a-file-to-clean-up.txt" ]]; then
echo "File was not cleaned up"
exit 1
fi
echo "File was cleaned up"
env:
CODEQL_ACTION_TEST_MODE: true

159
.github/workflows/__config-export.yml generated vendored
View file

@ -10,32 +10,35 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
config-export: config-export:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: macos-latest - os: macos-latest
version: latest version: linked
- os: windows-latest - os: windows-latest
version: latest version: linked
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: Config export name: Config export
permissions: permissions:
contents: read contents: read
@ -43,73 +46,67 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- uses: ./../action/init
with:
languages: javascript
queries: security-extended
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
- name: Upload SARIF
uses: actions/upload-artifact@v3
with:
name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
path: ${{ runner.temp }}/results/javascript.sarif
retention-days: 7
- name: Check config properties appear in SARIF
uses: actions/github-script@v7
env:
SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
with:
script: |
const fs = require('fs');
matrix.version == 'stable-v2.14.6') const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
with: const run = sarif.runs[0];
python-version: '3.11' const configSummary = run.properties.codeqlConfigSummary;
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init
with:
languages: javascript
queries: security-extended
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
- name: Upload SARIF
uses: actions/upload-artifact@v3
with:
name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
path: ${{ runner.temp }}/results/javascript.sarif
retention-days: 7
- name: Check config properties appear in SARIF
uses: actions/github-script@v7
env:
SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
with:
script: |
const fs = require('fs');
const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); if (configSummary === undefined) {
const run = sarif.runs[0]; core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
const configSummary = run.properties.codeqlConfigSummary; }
if (configSummary.disableDefaultQueries !== false) {
if (configSummary === undefined) { core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.'); `${JSON.stringify(configSummary.disableDefaultQueries)}.`);
} }
if (configSummary.disableDefaultQueries !== false) { const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }];
core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' + // Use JSON.stringify to deep-equal the arrays.
`${JSON.stringify(configSummary.disableDefaultQueries)}.`); if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
} core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }]; `${JSON.stringify(configSummary.queries)}.`);
// Use JSON.stringify to deep-equal the arrays. }
if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) { core.info('Finished config export tests.');
core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
`${JSON.stringify(configSummary.queries)}.`);
}
core.info('Finished config export tests.');
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

111
.github/workflows/__config-input.yml generated vendored
View file

@ -7,26 +7,28 @@ name: PR Check - Config input
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto GO111MODULE: auto
CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
config-input: config-input:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
name: Config input name: Config input
permissions: permissions:
contents: read contents: read
@ -34,59 +36,54 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Copy queries into workspace
run: |
cp -a ../action/queries .
matrix.version == 'stable-v2.14.6') - uses: ./../action/init
with: with:
python-version: '3.11' tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Check out repository languages: javascript
uses: actions/checkout@v4 build-mode: none
- name: Prepare test config: |
id: prepare-test disable-default-queries: true
uses: ./.github/actions/prepare-test queries:
with: - name: Run custom query
version: ${{ matrix.version }} uses: ./queries/default-setup-environment-variables.ql
use-all-platform-bundle: 'false' paths-ignore:
- name: Set environment variable for Swift enablement - tests
if: runner.os != 'Windows' && matrix.version == '20221211' - lib
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Copy queries into workspace
run: |
cp -a ../action/queries .
- uses: ./../action/init - uses: ./../action/analyze
with: with:
tools: ${{ steps.prepare-test.outputs.tools-url }} output: ${{ runner.temp }}/results
languages: javascript
build-mode: none
config: |
disable-default-queries: true
queries:
- name: Run custom query
uses: ./queries/default-setup-environment-variables.ql
paths-ignore:
- tests
- lib
- uses: ./../action/analyze - name: Check SARIF
with: uses: ./../action/.github/actions/check-sarif
output: ${{ runner.temp }}/results with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
- name: Check SARIF queries-run: javascript/codeql-action/default-setup-env-vars
uses: ./../action/.github/actions/check-sarif queries-not-run: javascript/codeql-action/default-setup-context-properties
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: javascript/codeql-action/default-setup-env-vars
queries-not-run: javascript/codeql-action/default-setup-context-properties
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

107
.github/workflows/__cpp-deptrace-disabled.yml generated vendored
View file

@ -7,30 +7,32 @@ name: 'PR Check - C/C++: disabling autoinstalling dependencies (Linux)'
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto GO111MODULE: auto
CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
cpp-deptrace-disabled: cpp-deptrace-disabled:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: 'C/C++: disabling autoinstalling dependencies (Linux)' name: 'C/C++: disabling autoinstalling dependencies (Linux)'
permissions: permissions:
contents: read contents: read
@ -38,51 +40,46 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - name: Test setup
- name: Set environment variable for Swift enablement shell: bash
if: runner.os != 'Windows' && matrix.version == '20221211' run: |
shell: bash cp -a ../action/tests/cpp-autobuild autobuild-dir
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - uses: ./../action/init
- name: Test setup with:
shell: bash languages: cpp
run: | tools: ${{ steps.prepare-test.outputs.tools-url }}
cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/autobuild
- uses: ./../action/init with:
with: working-directory: autobuild-dir
languages: cpp env:
tools: ${{ steps.prepare-test.outputs.tools-url }} CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false
- uses: ./../action/autobuild - shell: bash
with: run: |
working-directory: autobuild-dir if ls /usr/bin/errno; then
env: echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled."
CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false exit 1
- shell: bash fi
run: |
if ls /usr/bin/errno; then
echo "C/C++ autobuild installed errno, but it should not have since auto-install dependencies is disabled."
exit 1
fi
env: env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

103
.github/workflows/__cpp-deptrace-enabled-on-macos.yml generated vendored
View file

@ -7,26 +7,28 @@ name: 'PR Check - C/C++: autoinstalling dependencies is skipped (macOS)'
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto GO111MODULE: auto
CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
cpp-deptrace-enabled-on-macos: cpp-deptrace-enabled-on-macos:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: 'C/C++: autoinstalling dependencies is skipped (macOS)' name: 'C/C++: autoinstalling dependencies is skipped (macOS)'
permissions: permissions:
contents: read contents: read
@ -34,53 +36,48 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - name: Test setup
- name: Set environment variable for Swift enablement shell: bash
if: runner.os != 'Windows' && matrix.version == '20221211' run: |
shell: bash cp -a ../action/tests/cpp-autobuild autobuild-dir
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - uses: ./../action/init
- name: Test setup with:
shell: bash languages: cpp
run: | tools: ${{ steps.prepare-test.outputs.tools-url }}
cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/autobuild
- uses: ./../action/init with:
with: working-directory: autobuild-dir
languages: cpp env:
tools: ${{ steps.prepare-test.outputs.tools-url }} CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true
- uses: ./../action/autobuild - shell: bash
with: run: |
working-directory: autobuild-dir if ! ls /usr/bin/errno; then
env: echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS"
CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true else
- shell: bash echo "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES should not have had any effect on macOS"
run: | exit 1
if ! ls /usr/bin/errno; then fi
echo "As expected, CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES is a no-op on macOS"
else
echo "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES should not have had any effect on macOS"
exit 1
fi
env: env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

107
.github/workflows/__cpp-deptrace-enabled.yml generated vendored
View file

@ -7,30 +7,32 @@ name: 'PR Check - C/C++: autoinstalling dependencies (Linux)'
env: env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto GO111MODULE: auto
CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
cpp-deptrace-enabled: cpp-deptrace-enabled:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: 'C/C++: autoinstalling dependencies (Linux)' name: 'C/C++: autoinstalling dependencies (Linux)'
permissions: permissions:
contents: read contents: read
@ -38,51 +40,46 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - name: Test setup
- name: Set environment variable for Swift enablement shell: bash
if: runner.os != 'Windows' && matrix.version == '20221211' run: |
shell: bash cp -a ../action/tests/cpp-autobuild autobuild-dir
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - uses: ./../action/init
- name: Test setup with:
shell: bash languages: cpp
run: | tools: ${{ steps.prepare-test.outputs.tools-url }}
cp -a ../action/tests/cpp-autobuild autobuild-dir - uses: ./../action/autobuild
- uses: ./../action/init with:
with: working-directory: autobuild-dir
languages: cpp env:
tools: ${{ steps.prepare-test.outputs.tools-url }} CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true
- uses: ./../action/autobuild - shell: bash
with: run: |
working-directory: autobuild-dir if ! ls /usr/bin/errno; then
env: echo "Did not autoinstall errno"
CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: true exit 1
- shell: bash fi
run: |
if ! ls /usr/bin/errno; then
echo "Did not autoinstall errno"
exit 1
fi
env: env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

243
.github/workflows/__diagnostics-export.yml generated vendored
View file

@ -10,38 +10,41 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
diagnostics-export: diagnostics-export:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20230317 version: stable-20230403
- os: macos-latest - os: macos-12
version: stable-20230317 version: stable-20230403
- os: windows-latest - os: windows-latest
version: stable-20230317 version: stable-20230403
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: macos-latest - os: macos-latest
version: latest version: linked
- os: windows-latest - os: windows-latest
version: latest version: linked
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: Diagnostic export name: Diagnostic export
permissions: permissions:
contents: read contents: read
@ -49,114 +52,108 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- uses: ./../action/init
id: init
with:
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Add test diagnostics
shell: bash
env:
CODEQL_PATH: ${{ steps.init.outputs.codeql-path }}
run: |
for i in {1..2}; do
# Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.6 that
# produces an invalid diagnostic with multiple identical location objects.
"$CODEQL_PATH" database add-diagnostic \
"$RUNNER_TEMP/codeql_databases/javascript" \
--file-path /path/to/file \
--plaintext-message "Plaintext message $i" \
--source-id "lang/diagnostics/example" \
--source-name "Diagnostic name" \
--ready-for-status-page
done
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
- name: Upload SARIF
uses: actions/upload-artifact@v3
with:
name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
path: ${{ runner.temp }}/results/javascript.sarif
retention-days: 7
- name: Check diagnostics appear in SARIF
uses: actions/github-script@v7
env:
SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
with:
script: |
const fs = require('fs');
matrix.version == 'stable-v2.14.6') function checkStatusPageNotification(n) {
with: const expectedMessage = 'Plaintext message 1\n\nCodeQL also found 1 other diagnostic like this. See the workflow log for details.';
python-version: '3.11' if (n.message.text !== expectedMessage) {
- name: Check out repository core.setFailed(`Expected the status page diagnostic to have the message '${expectedMessage}', but found '${n.message.text}'.`);
uses: actions/checkout@v4 }
- name: Prepare test if (n.locations.length !== 1) {
id: prepare-test core.setFailed(`Expected the status page diagnostic to have exactly 1 location, but found ${n.locations.length}.`);
uses: ./.github/actions/prepare-test }
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init
id: init
with:
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Add test diagnostics
shell: bash
env:
CODEQL_PATH: ${{ steps.init.outputs.codeql-path }}
run: |
for i in {1..2}; do
# Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.5 that
# produces an invalid diagnostic with multiple identical location objects.
"$CODEQL_PATH" database add-diagnostic \
"$RUNNER_TEMP/codeql_databases/javascript" \
--file-path /path/to/file \
--plaintext-message "Plaintext message $i" \
--source-id "lang/diagnostics/example" \
--source-name "Diagnostic name" \
--ready-for-status-page
done
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
- name: Upload SARIF
uses: actions/upload-artifact@v3
with:
name: diagnostics-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
path: ${{ runner.temp }}/results/javascript.sarif
retention-days: 7
- name: Check diagnostics appear in SARIF
uses: actions/github-script@v7
env:
SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
with:
script: |
const fs = require('fs');
function checkStatusPageNotification(n) {
const expectedMessage = 'Plaintext message 1\n\nCodeQL also found 1 other diagnostic like this. See the workflow log for details.';
if (n.message.text !== expectedMessage) {
core.setFailed(`Expected the status page diagnostic to have the message '${expectedMessage}', but found '${n.message.text}'.`);
} }
if (n.locations.length !== 1) {
core.setFailed(`Expected the status page diagnostic to have exactly 1 location, but found ${n.locations.length}.`); const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
const run = sarif.runs[0];
const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
const statusPageNotifications = toolExecutionNotifications.filter(n =>
n.descriptor.id === 'lang/diagnostics/example' && n.properties?.visibility?.statusPage
);
if (statusPageNotifications.length !== 1) {
core.setFailed(
'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
`'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
`${statusPageNotifications.length}. All notification reporting descriptors: ` +
`${JSON.stringify(toolExecutionNotifications)}.`
);
} }
} checkStatusPageNotification(statusPageNotifications[0]);
const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); const notifications = run.tool.driver.notifications;
const run = sarif.runs[0]; const diagnosticNotification = notifications.filter(n =>
n.id === 'lang/diagnostics/example' && n.name === 'lang/diagnostics/example' &&
const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications; n.fullDescription.text === 'Diagnostic name'
const statusPageNotifications = toolExecutionNotifications.filter(n =>
n.descriptor.id === 'lang/diagnostics/example' && n.properties?.visibility?.statusPage
);
if (statusPageNotifications.length !== 1) {
core.setFailed(
'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
`'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
`${statusPageNotifications.length}. All notification reporting descriptors: ` +
`${JSON.stringify(toolExecutionNotifications)}.`
); );
} if (diagnosticNotification.length !== 1) {
checkStatusPageNotification(statusPageNotifications[0]); core.setFailed(
'Expected exactly one notification for this diagnostic in the ' +
`'runs[].tool.driver.notifications[]' SARIF property, but found ` +
`${diagnosticNotification.length}. All notifications: ` +
`${JSON.stringify(notifications)}.`
);
}
const notifications = run.tool.driver.notifications; core.info('Finished diagnostic export test');
const diagnosticNotification = notifications.filter(n =>
n.id === 'lang/diagnostics/example' && n.name === 'lang/diagnostics/example' &&
n.fullDescription.text === 'Diagnostic name'
);
if (diagnosticNotification.length !== 1) {
core.setFailed(
'Expected exactly one notification for this diagnostic in the ' +
`'runs[].tool.driver.notifications[]' SARIF property, but found ` +
`${diagnosticNotification.length}. All notifications: ` +
`${JSON.stringify(notifications)}.`
);
}
core.info('Finished diagnostic export test');
env: env:
CODEQL_ACTION_EXPORT_DIAGNOSTICS: true CODEQL_ACTION_EXPORT_DIAGNOSTICS: true
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

147
.github/workflows/__export-file-baseline-information.yml generated vendored
View file

@ -10,26 +10,29 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
export-file-baseline-information: export-file-baseline-information:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: Export file baseline information name: Export file baseline information
permissions: permissions:
contents: read contents: read
@ -37,73 +40,67 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - uses: ./../action/init
setup-kotlin: true id: init
- name: Set environment variable for Swift enablement with:
if: runner.os != 'Windows' && matrix.version == '20221211' languages: javascript
shell: bash tools: ${{ steps.prepare-test.outputs.tools-url }}
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - uses: ./../action/.github/actions/setup-swift
- uses: ./../action/init with:
id: init codeql-path: ${{ steps.init.outputs.codeql-path }}
with: - name: Build code
languages: javascript shell: bash
tools: ${{ steps.prepare-test.outputs.tools-url }} run: ./build.sh
- uses: ./../action/.github/actions/setup-swift - uses: ./../action/analyze
with: with:
codeql-path: ${{ steps.init.outputs.codeql-path }} output: ${{ runner.temp }}/results
- name: Build code - name: Upload SARIF
shell: bash uses: actions/upload-artifact@v3
run: ./build.sh with:
- uses: ./../action/analyze name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json
with: path: ${{ runner.temp }}/results/javascript.sarif
output: ${{ runner.temp }}/results retention-days: 7
- name: Upload SARIF - name: Check results
uses: actions/upload-artifact@v3 shell: bash
with: run: |
name: with-baseline-information-${{ matrix.os }}-${{ matrix.version }}.sarif.json cd "$RUNNER_TEMP/results"
path: ${{ runner.temp }}/results/javascript.sarif expected_baseline_languages="c csharp go java kotlin javascript python ruby"
retention-days: 7 if [[ $RUNNER_OS != "Windows" ]]; then
- name: Check results expected_baseline_languages+=" swift"
shell: bash
run: |
cd "$RUNNER_TEMP/results"
expected_baseline_languages="c csharp go java kotlin javascript python ruby"
if [[ $RUNNER_OS != "Windows" ]]; then
expected_baseline_languages+=" swift"
fi
for lang in ${expected_baseline_languages}; do
rule_name="cli/expected-extracted-files/${lang}"
found_notification=$(jq --arg rule_name "${rule_name}" '[.runs[0].tool.driver.notifications |
select(. != null) | flatten | .[].id] | any(. == $rule_name)' javascript.sarif)
if [[ "${found_notification}" != "true" ]]; then
echo "Expected SARIF output to contain notification '${rule_name}', but found no such notification."
exit 1
else
echo "Found notification '${rule_name}'."
fi fi
done
for lang in ${expected_baseline_languages}; do
rule_name="cli/expected-extracted-files/${lang}"
found_notification=$(jq --arg rule_name "${rule_name}" '[.runs[0].tool.driver.notifications |
select(. != null) | flatten | .[].id] | any(. == $rule_name)' javascript.sarif)
if [[ "${found_notification}" != "true" ]]; then
echo "Expected SARIF output to contain notification '${rule_name}', but found no such notification."
exit 1
else
echo "Found notification '${rule_name}'."
fi
done
env: env:
CODEQL_ACTION_SUBLANGUAGE_FILE_COVERAGE: true CODEQL_ACTION_SUBLANGUAGE_FILE_COVERAGE: true
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

109
.github/workflows/__extractor-ram-threads.yml generated vendored
View file

@ -10,22 +10,25 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
extractor-ram-threads: extractor-ram-threads:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
name: Extractor ram and threads options test name: Extractor ram and threads options test
permissions: permissions:
contents: read contents: read
@ -33,56 +36,50 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - uses: ./../action/init
setup-kotlin: true with:
- name: Set environment variable for Swift enablement languages: java
if: runner.os != 'Windows' && matrix.version == '20221211' ram: 230
shell: bash threads: 1
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - name: Assert Results
- uses: ./../action/init shell: bash
with: run: |
languages: java if [ "${CODEQL_RAM}" != "230" ]; then
ram: 230 echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230"
threads: 1 exit 1
- name: Assert Results fi
shell: bash if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then
run: | echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230"
if [ "${CODEQL_RAM}" != "230" ]; then exit 1
echo "CODEQL_RAM is '${CODEQL_RAM}' instead of 230" fi
exit 1 if [ "${CODEQL_THREADS}" != "1" ]; then
fi echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1"
if [ "${CODEQL_EXTRACTOR_JAVA_RAM}" != "230" ]; then exit 1
echo "CODEQL_EXTRACTOR_JAVA_RAM is '${CODEQL_EXTRACTOR_JAVA_RAM}' instead of 230" fi
exit 1 if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then
fi echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1"
if [ "${CODEQL_THREADS}" != "1" ]; then exit 1
echo "CODEQL_THREADS is '${CODEQL_THREADS}' instead of 1" fi
exit 1
fi
if [ "${CODEQL_EXTRACTOR_JAVA_THREADS}" != "1" ]; then
echo "CODEQL_EXTRACTOR_JAVA_THREADS is '${CODEQL_EXTRACTOR_JAVA_THREADS}' instead of 1"
exit 1
fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

170
.github/workflows/__go-custom-queries.yml generated vendored
View file

@ -10,62 +10,71 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
go-custom-queries: go-custom-queries:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20221211 version: stable-20230403
- os: macos-latest - os: macos-12
version: stable-20221211 version: stable-20230403
- os: windows-latest - os: windows-latest
version: stable-20221211 version: stable-20230403
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20230418 version: stable-v2.13.5
- os: macos-latest - os: macos-12
version: stable-20230418 version: stable-v2.13.5
- os: windows-latest - os: windows-latest
version: stable-20230418 version: stable-v2.13.5
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.13.5 version: stable-v2.14.6
- os: macos-latest - os: macos-12
version: stable-v2.13.5 version: stable-v2.14.6
- os: windows-latest - os: windows-latest
version: stable-v2.13.5 version: stable-v2.14.6
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.14.6 version: stable-v2.15.5
- os: macos-latest - os: macos-latest
version: stable-v2.14.6 version: stable-v2.15.5
- os: windows-latest - os: windows-latest
version: stable-v2.14.6 version: stable-v2.15.5
- os: ubuntu-latest - os: ubuntu-latest
version: default version: stable-v2.16.6
- os: macos-latest - os: macos-latest
version: default version: stable-v2.16.6
- os: windows-latest - os: windows-latest
version: default version: stable-v2.16.6
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: default
- os: macos-latest - os: macos-latest
version: latest version: default
- os: windows-latest - os: windows-latest
version: latest version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: linked
- os: macos-latest - os: macos-latest
version: nightly-latest version: linked
- os: windows-latest - os: windows-latest
version: nightly-latest version: linked
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
- os: windows-latest
version: nightly-latest
name: 'Go: Custom queries' name: 'Go: Custom queries'
permissions: permissions:
contents: read contents: read
@ -73,44 +82,39 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - uses: actions/setup-go@v5
setup-kotlin: true with:
- name: Set environment variable for Swift enablement go-version: '>=1.21.0'
if: runner.os != 'Windows' && matrix.version == '20221211' - uses: ./../action/init
shell: bash with:
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV languages: go
- uses: ./../action/init config-file: ./.github/codeql/custom-queries.yml
with: tools: ${{ steps.prepare-test.outputs.tools-url }}
languages: go - name: Build code
config-file: ./.github/codeql/custom-queries.yml shell: bash
tools: ${{ steps.prepare-test.outputs.tools-url }} run: ./build.sh
- name: Build code - uses: ./../action/analyze
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
upload-database: false
env: env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

135
.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml generated vendored
View file

@ -10,22 +10,25 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
go-indirect-tracing-workaround-diagnostic: go-indirect-tracing-workaround-diagnostic:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.14.6 version: stable-v2.14.6
name: 'Go: diagnostic when Go is changed after init step' name: 'Go: diagnostic when Go is changed after init step'
permissions: permissions:
contents: read contents: read
@ -33,74 +36,68 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - uses: actions/setup-go@v5
setup-kotlin: true with:
- name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/setup-go@v5
with:
# We need a Go version that ships with statically linked binaries on Linux # We need a Go version that ships with statically linked binaries on Linux
go-version: '>=1.21.0' go-version: '>=1.21.0'
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: go languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
# Deliberately change Go after the `init` step # Deliberately change Go after the `init` step
- uses: actions/setup-go@v5 - uses: actions/setup-go@v5
with: with:
go-version: '1.20' go-version: '1.20'
- name: Build code - name: Build code
shell: bash shell: bash
run: go build main.go run: go build main.go
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
output: ${{ runner.temp }}/results output: ${{ runner.temp }}/results
upload-database: false upload-database: false
- name: Check diagnostic appears in SARIF - name: Check diagnostic appears in SARIF
uses: actions/github-script@v7 uses: actions/github-script@v7
env: env:
SARIF_PATH: ${{ runner.temp }}/results/go.sarif SARIF_PATH: ${{ runner.temp }}/results/go.sarif
with: with:
script: | script: |
const fs = require('fs'); const fs = require('fs');
const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8')); const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
const run = sarif.runs[0]; const run = sarif.runs[0];
const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications; const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
const statusPageNotifications = toolExecutionNotifications.filter(n => const statusPageNotifications = toolExecutionNotifications.filter(n =>
n.descriptor.id === 'go/workflow/go-installed-after-codeql-init' && n.properties?.visibility?.statusPage n.descriptor.id === 'go/workflow/go-installed-after-codeql-init' && n.properties?.visibility?.statusPage
);
if (statusPageNotifications.length !== 1) {
core.setFailed(
'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
`'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
`${statusPageNotifications.length}. All notification reporting descriptors: ` +
`${JSON.stringify(toolExecutionNotifications)}.`
); );
} if (statusPageNotifications.length !== 1) {
core.setFailed(
'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
`'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
`${statusPageNotifications.length}. All notification reporting descriptors: ` +
`${JSON.stringify(toolExecutionNotifications)}.`
);
}
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

104
.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml generated vendored Normal file
View file

@ -0,0 +1,104 @@
# Warning: This file is generated automatically, and should not be modified.
# Instead, please modify the template in the pr-checks directory and run:
# (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
# to regenerate this file.
name: 'PR Check - Go: diagnostic when `file` is not installed'
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GO111MODULE: auto
on:
push:
branches:
- main
- releases/v*
pull_request:
types:
- opened
- synchronize
- reopened
- ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {}
jobs:
go-indirect-tracing-workaround-no-file-program:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: stable-v2.14.6
name: 'Go: diagnostic when `file` is not installed'
permissions:
contents: read
security-events: write
timeout-minutes: 45
runs-on: ${{ matrix.os }}
steps:
- name: Setup Python on MacOS
uses: actions/setup-python@v5
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- uses: actions/setup-go@v5
with:
# We need a Go version that ships with statically linked binaries on Linux
go-version: '>=1.21.0'
- name: Remove `file` program
run: |
echo $(which file)
sudo rm -rf $(which file)
echo $(which file)
- uses: ./../action/init
with:
languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code
shell: bash
run: go build main.go
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
- name: Check diagnostic appears in SARIF
uses: actions/github-script@v7
env:
SARIF_PATH: ${{ runner.temp }}/results/go.sarif
with:
script: |
const fs = require('fs');
const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
const run = sarif.runs[0];
const toolExecutionNotifications = run.invocations[0].toolExecutionNotifications;
const statusPageNotifications = toolExecutionNotifications.filter(n =>
n.descriptor.id === 'go/workflow/file-program-unavailable' && n.properties?.visibility?.statusPage
);
if (statusPageNotifications.length !== 1) {
core.setFailed(
'Expected exactly one status page reporting descriptor for this diagnostic in the ' +
`'runs[].invocations[].toolExecutionNotifications[]' SARIF property, but found ` +
`${statusPageNotifications.length}. All notification reporting descriptors: ` +
`${JSON.stringify(toolExecutionNotifications)}.`
);
}
env:
CODEQL_ACTION_TEST_MODE: true

133
.github/workflows/__go-indirect-tracing-workaround.yml generated vendored
View file

@ -10,22 +10,25 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
go-indirect-tracing-workaround: go-indirect-tracing-workaround:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.14.6 version: stable-v2.14.6
name: 'Go: workaround for indirect tracing' name: 'Go: workaround for indirect tracing'
permissions: permissions:
contents: read contents: read
@ -33,72 +36,64 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - uses: actions/setup-go@v5
setup-kotlin: true with:
- name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/setup-go@v5
with:
# We need a Go version that ships with statically linked binaries on Linux # We need a Go version that ships with statically linked binaries on Linux
go-version: '>=1.21.0' go-version: '>=1.21.0'
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: go languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code - name: Build code
shell: bash shell: bash
run: go build main.go run: go build main.go
- uses: ./../action/analyze - uses: ./../action/analyze
with: - shell: bash
upload-database: false run: |
- shell: bash if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then
run: | echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \
if [[ -z "${CODEQL_ACTION_GO_BINARY}" ]]; then "CODEQL_ACTION_GO_BINARY environment variable is not set."
echo "Expected the workaround for indirect tracing of static binaries to trigger, but the" \ exit 1
"CODEQL_ACTION_GO_BINARY environment variable is not set." fi
exit 1 if [[ ! -f "${CODEQL_ACTION_GO_BINARY}" ]]; then
fi echo "CODEQL_ACTION_GO_BINARY is set, but the corresponding script does not exist."
if [[ ! -f "${CODEQL_ACTION_GO_BINARY}" ]]; then exit 1
echo "CODEQL_ACTION_GO_BINARY is set, but the corresponding script does not exist." fi
exit 1
fi
# Once we start running Bash 4.2 in all environments, we can replace the # Once we start running Bash 4.2 in all environments, we can replace the
# `! -z` flag with the more elegant `-v` which confirms that the variable # `! -z` flag with the more elegant `-v` which confirms that the variable
# is actually unset and not potentially set to a blank value. # is actually unset and not potentially set to a blank value.
if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then
echo "Expected the Go autobuilder not to be run, but the" \ echo "Expected the Go autobuilder not to be run, but the" \
"CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set." "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set."
exit 1 exit 1
fi fi
cd "$RUNNER_TEMP/codeql_databases" cd "$RUNNER_TEMP/codeql_databases"
if [[ ! -d go ]]; then if [[ ! -d go ]]; then
echo "Did not find a Go database" echo "Did not find a Go database"
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

163
.github/workflows/__go-tracing-autobuilder.yml generated vendored
View file

@ -10,48 +10,55 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
go-tracing-autobuilder: go-tracing-autobuilder:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20221211 version: stable-20230403
- os: macos-latest - os: macos-12
version: stable-20221211 version: stable-20230403
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20230418 version: stable-v2.13.5
- os: macos-latest - os: macos-12
version: stable-20230418 version: stable-v2.13.5
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.13.5 version: stable-v2.14.6
- os: macos-latest - os: macos-12
version: stable-v2.13.5 version: stable-v2.14.6
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.14.6 version: stable-v2.15.5
- os: macos-latest - os: macos-latest
version: stable-v2.14.6 version: stable-v2.15.5
- os: ubuntu-latest - os: ubuntu-latest
version: default version: stable-v2.16.6
- os: macos-latest - os: macos-latest
version: default version: stable-v2.16.6
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: default
- os: macos-latest - os: macos-latest
version: latest version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: linked
- os: macos-latest - os: macos-latest
version: nightly-latest version: linked
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
name: 'Go: tracing with autobuilder step' name: 'Go: tracing with autobuilder step'
permissions: permissions:
contents: read contents: read
@ -59,59 +66,51 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - uses: actions/setup-go@v5
setup-kotlin: true with:
- name: Set environment variable for Swift enablement go-version: ~1.22.0
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/setup-go@v5
with:
go-version: ~1.22.0
# to avoid potentially misleading autobuilder results where we expect it to download # to avoid potentially misleading autobuilder results where we expect it to download
# dependencies successfully, but they actually come from a warm cache # dependencies successfully, but they actually come from a warm cache
cache: false cache: false
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: go languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/autobuild - uses: ./../action/autobuild
- uses: ./../action/analyze - uses: ./../action/analyze
with: - shell: bash
upload-database: false run: |
- shell: bash if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then
run: | echo "Expected the Go autobuilder to be run, but the" \
if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was not true."
echo "Expected the Go autobuilder to be run, but the" \ exit 1
"CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was not true." fi
exit 1 cd "$RUNNER_TEMP/codeql_databases"
fi if [[ ! -d go ]]; then
cd "$RUNNER_TEMP/codeql_databases" echo "Did not find a Go database"
if [[ ! -d go ]]; then exit 1
echo "Did not find a Go database" fi
exit 1
fi
env: env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

173
.github/workflows/__go-tracing-custom-build-steps.yml generated vendored
View file

@ -10,48 +10,55 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
go-tracing-custom-build-steps: go-tracing-custom-build-steps:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20221211 version: stable-20230403
- os: macos-latest - os: macos-12
version: stable-20221211 version: stable-20230403
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20230418 version: stable-v2.13.5
- os: macos-latest - os: macos-12
version: stable-20230418 version: stable-v2.13.5
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.13.5 version: stable-v2.14.6
- os: macos-latest - os: macos-12
version: stable-v2.13.5 version: stable-v2.14.6
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.14.6 version: stable-v2.15.5
- os: macos-latest - os: macos-latest
version: stable-v2.14.6 version: stable-v2.15.5
- os: ubuntu-latest - os: ubuntu-latest
version: default version: stable-v2.16.6
- os: macos-latest - os: macos-latest
version: default version: stable-v2.16.6
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: default
- os: macos-latest - os: macos-latest
version: latest version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: linked
- os: macos-latest - os: macos-latest
version: nightly-latest version: linked
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
name: 'Go: tracing with custom build steps' name: 'Go: tracing with custom build steps'
permissions: permissions:
contents: read contents: read
@ -59,63 +66,55 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - uses: actions/setup-go@v5
setup-kotlin: true with:
- name: Set environment variable for Swift enablement go-version: ~1.22.0
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/setup-go@v5
with:
go-version: ~1.22.0
# to avoid potentially misleading autobuilder results where we expect it to download # to avoid potentially misleading autobuilder results where we expect it to download
# dependencies successfully, but they actually come from a warm cache # dependencies successfully, but they actually come from a warm cache
cache: false cache: false
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: go languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code - name: Build code
shell: bash shell: bash
run: go build main.go run: go build main.go
- uses: ./../action/analyze - uses: ./../action/analyze
with: - shell: bash
upload-database: false run: |
- shell: bash # Once we start running Bash 4.2 in all environments, we can replace the
run: | # `! -z` flag with the more elegant `-v` which confirms that the variable
# Once we start running Bash 4.2 in all environments, we can replace the # is actually unset and not potentially set to a blank value.
# `! -z` flag with the more elegant `-v` which confirms that the variable if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then
# is actually unset and not potentially set to a blank value. echo "Expected the Go autobuilder not to be run, but the" \
if [[ ! -z "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" ]]; then "CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set."
echo "Expected the Go autobuilder not to be run, but the" \ exit 1
"CODEQL_ACTION_DID_AUTOBUILD_GOLANG environment variable was set." fi
exit 1 cd "$RUNNER_TEMP/codeql_databases"
fi if [[ ! -d go ]]; then
cd "$RUNNER_TEMP/codeql_databases" echo "Did not find a Go database"
if [[ ! -d go ]]; then exit 1
echo "Did not find a Go database" fi
exit 1
fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

151
.github/workflows/__go-tracing-legacy-workflow.yml generated vendored
View file

@ -10,48 +10,55 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
go-tracing-legacy-workflow: go-tracing-legacy-workflow:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20221211 version: stable-20230403
- os: macos-latest - os: macos-12
version: stable-20221211 version: stable-20230403
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20230418 version: stable-v2.13.5
- os: macos-latest - os: macos-12
version: stable-20230418 version: stable-v2.13.5
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.13.5 version: stable-v2.14.6
- os: macos-latest - os: macos-12
version: stable-v2.13.5 version: stable-v2.14.6
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.14.6 version: stable-v2.15.5
- os: macos-latest - os: macos-latest
version: stable-v2.14.6 version: stable-v2.15.5
- os: ubuntu-latest - os: ubuntu-latest
version: default version: stable-v2.16.6
- os: macos-latest - os: macos-latest
version: default version: stable-v2.16.6
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: default
- os: macos-latest - os: macos-latest
version: latest version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: linked
- os: macos-latest - os: macos-latest
version: nightly-latest version: linked
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
name: 'Go: tracing with legacy workflow' name: 'Go: tracing with legacy workflow'
permissions: permissions:
contents: read contents: read
@ -59,53 +66,45 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - uses: actions/setup-go@v5
setup-kotlin: true with:
- name: Set environment variable for Swift enablement go-version: ~1.22.0
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/setup-go@v5
with:
go-version: ~1.22.0
# to avoid potentially misleading autobuilder results where we expect it to download # to avoid potentially misleading autobuilder results where we expect it to download
# dependencies successfully, but they actually come from a warm cache # dependencies successfully, but they actually come from a warm cache
cache: false cache: false
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: go languages: go
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze - uses: ./../action/analyze
with: - shell: bash
upload-database: false run: |
- shell: bash cd "$RUNNER_TEMP/codeql_databases"
run: | if [[ ! -d go ]]; then
cd "$RUNNER_TEMP/codeql_databases" echo "Did not find a Go database"
if [[ ! -d go ]]; then exit 1
echo "Did not find a Go database" fi
exit 1
fi
env: env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

207
.github/workflows/__init-with-registries.yml generated vendored
View file

@ -10,38 +10,41 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
init-with-registries: init-with-registries:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: macos-latest - os: macos-latest
version: latest version: linked
- os: windows-latest - os: windows-latest
version: latest version: linked
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: 'Packaging: Download using registries' name: 'Packaging: Download using registries'
permissions: permissions:
contents: read contents: read
@ -50,95 +53,89 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Init with registries
uses: ./../action/init
with:
db-location: ${{ runner.temp }}/customDbLocation
tools: ${{ steps.prepare-test.outputs.tools-url }}
config-file: ./.github/codeql/codeql-config-registries.yml
languages: javascript
registries: |
- url: "https://ghcr.io/v2/"
packages: "*/*"
token: "${{ secrets.GITHUB_TOKEN }}"
matrix.version == 'stable-v2.14.6') - name: Verify packages installed
with: shell: bash
python-version: '3.11' run: |
- name: Check out repository PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack"
uses: actions/checkout@v4 CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1"
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- name: Init with registries
uses: ./../action/init
with:
db-location: ${{ runner.temp }}/customDbLocation
tools: ${{ steps.prepare-test.outputs.tools-url }}
config-file: ./.github/codeql/codeql-config-registries.yml
languages: javascript
registries: |
- url: "https://ghcr.io/v2/"
packages: "*/*"
token: "${{ secrets.GITHUB_TOKEN }}"
- name: Verify packages installed if [[ -d $PRIVATE_PACK ]]
shell: bash then
run: | echo "$PRIVATE_PACK was installed."
PRIVATE_PACK="$HOME/.codeql/packages/codeql-testing/private-pack" else
CODEQL_PACK1="$HOME/.codeql/packages/codeql-testing/codeql-pack1" echo "::error $PRIVATE_PACK pack was not installed."
exit 1
fi
if [[ -d $PRIVATE_PACK ]] if [[ -d $CODEQL_PACK1 ]]
then then
echo "$PRIVATE_PACK was installed." echo "$CODEQL_PACK1 was installed."
else else
echo "::error $PRIVATE_PACK pack was not installed." echo "::error $CODEQL_PACK1 pack was not installed."
exit 1 exit 1
fi fi
if [[ -d $CODEQL_PACK1 ]] - name: Verify qlconfig.yml file was created
then shell: bash
echo "$CODEQL_PACK1 was installed." run: |
else QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml
echo "::error $CODEQL_PACK1 pack was not installed." echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH"
exit 1 if [[ -f $QLCONFIG_PATH ]]
fi then
echo "qlconfig.yml file was created."
else
echo "::error qlconfig.yml file was not created."
exit 1
fi
- name: Verify qlconfig.yml file was created - name: Verify contents of qlconfig.yml
shell: bash
run: |
QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml
echo "Expected qlconfig.yml file to be created at $QLCONFIG_PATH"
if [[ -f $QLCONFIG_PATH ]]
then
echo "qlconfig.yml file was created."
else
echo "::error qlconfig.yml file was not created."
exit 1
fi
- name: Verify contents of qlconfig.yml
# yq is not available on windows # yq is not available on windows
if: runner.os != 'Windows' if: runner.os != 'Windows'
shell: bash shell: bash
run: | run: |
QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml QLCONFIG_PATH=$RUNNER_TEMP/qlconfig.yml
cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")' cat $QLCONFIG_PATH | yq -e '.registries[] | select(.url == "https://ghcr.io/v2/") | select(.packages == "*/*")'
if [[ $? -eq 0 ]] if [[ $? -eq 0 ]]
then then
echo "Registry was added to qlconfig.yml file." echo "Registry was added to qlconfig.yml file."
else else
echo "::error Registry was not added to qlconfig.yml file." echo "::error Registry was not added to qlconfig.yml file."
echo "Contents of qlconfig.yml file:" echo "Contents of qlconfig.yml file:"
cat $QLCONFIG_PATH cat $QLCONFIG_PATH
exit 1 exit 1
fi fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

113
.github/workflows/__javascript-source-root.yml generated vendored
View file

@ -10,26 +10,29 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
javascript-source-root: javascript-source-root:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Custom source root name: Custom source root
permissions: permissions:
contents: read contents: read
@ -37,55 +40,47 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - name: Move codeql-action
setup-kotlin: true shell: bash
- name: Set environment variable for Swift enablement run: |
if: runner.os != 'Windows' && matrix.version == '20221211' mkdir ../new-source-root
shell: bash mv * ../new-source-root
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - uses: ./../action/init
- name: Move codeql-action with:
shell: bash languages: javascript
run: | source-root: ../new-source-root
mkdir ../new-source-root tools: ${{ steps.prepare-test.outputs.tools-url }}
mv * ../new-source-root - uses: ./../action/analyze
- uses: ./../action/init with:
with: skip-queries: true
languages: javascript - name: Assert database exists
source-root: ../new-source-root shell: bash
tools: ${{ steps.prepare-test.outputs.tools-url }} run: |
- uses: ./../action/analyze cd "$RUNNER_TEMP/codeql_databases"
with: if [[ ! -d javascript ]]; then
upload-database: false echo "Did not find a JavaScript database"
skip-queries: true exit 1
upload: never fi
- name: Assert database exists
shell: bash
run: |
cd "$RUNNER_TEMP/codeql_databases"
if [[ ! -d javascript ]]; then
echo "Did not find a JavaScript database"
exit 1
fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

87
.github/workflows/__language-aliases.yml generated vendored
View file

@ -10,22 +10,25 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
language-aliases: language-aliases:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
name: Language aliases name: Language aliases
permissions: permissions:
contents: read contents: read
@ -33,47 +36,41 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- uses: ./../action/init
with:
languages: C#,java-kotlin,swift,typescript
tools: ${{ steps.prepare-test.outputs.tools-url }}
matrix.version == 'stable-v2.14.6') - name: Check languages
with: run: |
python-version: '3.11' expected_languages="csharp,java,swift,javascript"
- name: Check out repository actual_languages=$(jq -r '.languages | join(",")' "$RUNNER_TEMP"/config)
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init
with:
languages: C#,java-kotlin,swift,typescript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Check languages if [ "$expected_languages" != "$actual_languages" ]; then
run: | echo "Resolved languages did not match expected list. " \
expected_languages="csharp,java,swift,javascript" "Expected languages: $expected_languages. Actual languages: $actual_languages."
actual_languages=$(jq -r '.languages | join(",")' "$RUNNER_TEMP"/config) exit 1
fi
if [ "$expected_languages" != "$actual_languages" ]; then
echo "Resolved languages did not match expected list. " \
"Expected languages: $expected_languages. Actual languages: $actual_languages."
exit 1
fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

229
.github/workflows/__multi-language-autodetect.yml generated vendored
View file

@ -10,48 +10,39 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
multi-language-autodetect: multi-language-autodetect:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: macos-12
version: stable-20221211 version: stable-20230403
- os: macos-latest - os: macos-12
version: stable-20221211 version: stable-v2.13.5
- os: ubuntu-latest - os: macos-12
version: stable-20230418 version: stable-v2.14.6
- os: macos-latest - os: macos-latest
version: stable-20230418 version: stable-v2.15.5
- os: ubuntu-latest - os: macos-latest
version: stable-v2.13.5 version: stable-v2.16.6
- os: macos-latest - os: macos-latest
version: stable-v2.13.5 version: default
- os: ubuntu-latest - os: macos-latest
version: stable-v2.14.6 version: linked
- os: macos-latest - os: macos-latest
version: stable-v2.14.6 version: nightly-latest
- os: ubuntu-latest
version: default
- os: macos-latest
version: default
- os: ubuntu-latest
version: latest
- os: macos-latest
version: latest
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
name: Multi-language repository name: Multi-language repository
permissions: permissions:
contents: read contents: read
@ -59,101 +50,97 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- uses: actions/setup-go@v5
with:
go-version: '>=1.21.0'
matrix.version == 'stable-v2.14.6') - uses: ./../action/init
with: id: init
python-version: '3.11' with:
- name: Check out repository db-location: ${{ runner.temp }}/customDbLocation
uses: actions/checkout@v4 tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init
id: init
with:
db-location: ${{ runner.temp }}/customDbLocation
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/.github/actions/setup-swift - uses: ./../action/.github/actions/setup-swift
with: with:
codeql-path: ${{ steps.init.outputs.codeql-path }} codeql-path: ${{ steps.init.outputs.codeql-path }}
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
id: analysis id: analysis
with: with:
upload-database: false upload-database: false
- name: Check language autodetect for all languages excluding Swift - name: Check language autodetect for all languages excluding Swift
shell: bash shell: bash
run: | run: |
CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }} CPP_DB=${{ fromJson(steps.analysis.outputs.db-locations).cpp }}
if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then if [[ ! -d $CPP_DB ]] || [[ ! $CPP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
echo "Did not create a database for CPP, or created it in the wrong location." echo "Did not create a database for CPP, or created it in the wrong location."
exit 1 exit 1
fi fi
CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }} CSHARP_DB=${{ fromJson(steps.analysis.outputs.db-locations).csharp }}
if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then if [[ ! -d $CSHARP_DB ]] || [[ ! $CSHARP_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
echo "Did not create a database for C Sharp, or created it in the wrong location." echo "Did not create a database for C Sharp, or created it in the wrong location."
exit 1 exit 1
fi fi
GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }} GO_DB=${{ fromJson(steps.analysis.outputs.db-locations).go }}
if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then if [[ ! -d $GO_DB ]] || [[ ! $GO_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
echo "Did not create a database for Go, or created it in the wrong location." echo "Did not create a database for Go, or created it in the wrong location."
exit 1 exit 1
fi fi
JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }} JAVA_DB=${{ fromJson(steps.analysis.outputs.db-locations).java }}
if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then if [[ ! -d $JAVA_DB ]] || [[ ! $JAVA_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
echo "Did not create a database for Java, or created it in the wrong location." echo "Did not create a database for Java, or created it in the wrong location."
exit 1 exit 1
fi fi
JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }} JAVASCRIPT_DB=${{ fromJson(steps.analysis.outputs.db-locations).javascript }}
if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then if [[ ! -d $JAVASCRIPT_DB ]] || [[ ! $JAVASCRIPT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
echo "Did not create a database for Javascript, or created it in the wrong location." echo "Did not create a database for Javascript, or created it in the wrong location."
exit 1 exit 1
fi fi
PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }} PYTHON_DB=${{ fromJson(steps.analysis.outputs.db-locations).python }}
if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then if [[ ! -d $PYTHON_DB ]] || [[ ! $PYTHON_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
echo "Did not create a database for Python, or created it in the wrong location." echo "Did not create a database for Python, or created it in the wrong location."
exit 1 exit 1
fi fi
RUBY_DB=${{ fromJson(steps.analysis.outputs.db-locations).ruby }} RUBY_DB=${{ fromJson(steps.analysis.outputs.db-locations).ruby }}
if [[ ! -d $RUBY_DB ]] || [[ ! $RUBY_DB == ${{ runner.temp }}/customDbLocation/* ]]; then if [[ ! -d $RUBY_DB ]] || [[ ! $RUBY_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
echo "Did not create a database for Ruby, or created it in the wrong location." echo "Did not create a database for Ruby, or created it in the wrong location."
exit 1 exit 1
fi fi
- name: Check language autodetect for Swift - name: Check language autodetect for Swift
if: >- if: runner.os != 'Windows' && matrix.version != 'stable-20230403'
env.CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT == 'true' || shell: bash
(runner.os != 'Windows' && matrix.version == 'nightly-latest') run: |
shell: bash SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }}
run: | if [[ ! -d $SWIFT_DB ]] || [[ ! $SWIFT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then
SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }} echo "Did not create a database for Swift, or created it in the wrong location."
if [[ ! -d $SWIFT_DB ]] || [[ ! $SWIFT_DB == ${{ runner.temp }}/customDbLocation/* ]]; then exit 1
echo "Did not create a database for Swift, or created it in the wrong location." fi
exit 1
fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

159
.github/workflows/__packaging-codescanning-config-inputs-js.yml generated vendored
View file

@ -10,38 +10,41 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
packaging-codescanning-config-inputs-js: packaging-codescanning-config-inputs-js:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: macos-latest - os: macos-latest
version: latest version: linked
- os: windows-latest - os: windows-latest
version: latest version: linked
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: 'Packaging: Config and input passed to the CLI' name: 'Packaging: Config and input passed to the CLI'
permissions: permissions:
contents: read contents: read
@ -49,68 +52,62 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- uses: ./../action/init
with:
config-file: .github/codeql/codeql-config-packaging3.yml
packs: +codeql-testing/codeql-pack1@1.0.0
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
matrix.version == 'stable-v2.14.6') - name: Check results
with: uses: ./../action/.github/actions/check-sarif
python-version: '3.11' with:
- name: Check out repository sarif-file: ${{ runner.temp }}/results/javascript.sarif
uses: actions/checkout@v4 queries-run:
- name: Prepare test javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
id: prepare-test queries-not-run: foo,bar
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init
with:
config-file: .github/codeql/codeql-config-packaging3.yml
packs: +codeql-testing/codeql-pack1@1.0.0
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
- name: Check results - name: Assert Results
uses: ./../action/.github/actions/check-sarif shell: bash
with: run: |
sarif-file: ${{ runner.temp }}/results/javascript.sarif cd "$RUNNER_TEMP/results"
queries-run: # We should have 4 hits from these rules
javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
queries-not-run: foo,bar
- name: Assert Results # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
shell: bash RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
run: | echo "Found matching rules '$RULES'"
cd "$RUNNER_TEMP/results" if [ "$RULES" != "$EXPECTED_RULES" ]; then
# We should have 4 hits from these rules echo "Did not match expected rules '$EXPECTED_RULES'."
EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" exit 1
fi
# use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
echo "Found matching rules '$RULES'"
if [ "$RULES" != "$EXPECTED_RULES" ]; then
echo "Did not match expected rules '$EXPECTED_RULES'."
exit 1
fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

159
.github/workflows/__packaging-config-inputs-js.yml generated vendored
View file

@ -10,38 +10,41 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
packaging-config-inputs-js: packaging-config-inputs-js:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: macos-latest - os: macos-latest
version: latest version: linked
- os: windows-latest - os: windows-latest
version: latest version: linked
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: 'Packaging: Config and input' name: 'Packaging: Config and input'
permissions: permissions:
contents: read contents: read
@ -49,68 +52,62 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- uses: ./../action/init
with:
config-file: .github/codeql/codeql-config-packaging3.yml
packs: +codeql-testing/codeql-pack1@1.0.0
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
matrix.version == 'stable-v2.14.6') - name: Check results
with: uses: ./../action/.github/actions/check-sarif
python-version: '3.11' with:
- name: Check out repository sarif-file: ${{ runner.temp }}/results/javascript.sarif
uses: actions/checkout@v4 queries-run:
- name: Prepare test javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
id: prepare-test queries-not-run: foo,bar
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init
with:
config-file: .github/codeql/codeql-config-packaging3.yml
packs: +codeql-testing/codeql-pack1@1.0.0
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
- name: Check results - name: Assert Results
uses: ./../action/.github/actions/check-sarif shell: bash
with: run: |
sarif-file: ${{ runner.temp }}/results/javascript.sarif cd "$RUNNER_TEMP/results"
queries-run: # We should have 4 hits from these rules
javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
queries-not-run: foo,bar
- name: Assert Results # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
shell: bash RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
run: | echo "Found matching rules '$RULES'"
cd "$RUNNER_TEMP/results" if [ "$RULES" != "$EXPECTED_RULES" ]; then
# We should have 4 hits from these rules echo "Did not match expected rules '$EXPECTED_RULES'."
EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" exit 1
fi
# use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
echo "Found matching rules '$RULES'"
if [ "$RULES" != "$EXPECTED_RULES" ]; then
echo "Did not match expected rules '$EXPECTED_RULES'."
exit 1
fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

157
.github/workflows/__packaging-config-js.yml generated vendored
View file

@ -10,38 +10,41 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
packaging-config-js: packaging-config-js:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: macos-latest - os: macos-latest
version: latest version: linked
- os: windows-latest - os: windows-latest
version: latest version: linked
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: 'Packaging: Config file' name: 'Packaging: Config file'
permissions: permissions:
contents: read contents: read
@ -49,67 +52,61 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- uses: ./../action/init
with:
config-file: .github/codeql/codeql-config-packaging.yml
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
matrix.version == 'stable-v2.14.6') - name: Check results
with: uses: ./../action/.github/actions/check-sarif
python-version: '3.11' with:
- name: Check out repository sarif-file: ${{ runner.temp }}/results/javascript.sarif
uses: actions/checkout@v4 queries-run:
- name: Prepare test javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
id: prepare-test queries-not-run: foo,bar
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init
with:
config-file: .github/codeql/codeql-config-packaging.yml
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
- name: Check results - name: Assert Results
uses: ./../action/.github/actions/check-sarif shell: bash
with: run: |
sarif-file: ${{ runner.temp }}/results/javascript.sarif cd "$RUNNER_TEMP/results"
queries-run: # We should have 4 hits from these rules
javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
queries-not-run: foo,bar
- name: Assert Results # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
shell: bash RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
run: | echo "Found matching rules '$RULES'"
cd "$RUNNER_TEMP/results" if [ "$RULES" != "$EXPECTED_RULES" ]; then
# We should have 4 hits from these rules echo "Did not match expected rules '$EXPECTED_RULES'."
EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" exit 1
fi
# use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
echo "Found matching rules '$RULES'"
if [ "$RULES" != "$EXPECTED_RULES" ]; then
echo "Did not match expected rules '$EXPECTED_RULES'."
exit 1
fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

157
.github/workflows/__packaging-inputs-js.yml generated vendored
View file

@ -10,38 +10,41 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
packaging-inputs-js: packaging-inputs-js:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: macos-latest - os: macos-latest
version: latest version: linked
- os: windows-latest - os: windows-latest
version: latest version: linked
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: 'Packaging: Action input' name: 'Packaging: Action input'
permissions: permissions:
contents: read contents: read
@ -49,67 +52,61 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- uses: ./../action/init
with:
config-file: .github/codeql/codeql-config-packaging2.yml
languages: javascript
packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
matrix.version == 'stable-v2.14.6') - name: Check results
with: uses: ./../action/.github/actions/check-sarif
python-version: '3.11' with:
- name: Check out repository sarif-file: ${{ runner.temp }}/results/javascript.sarif
uses: actions/checkout@v4 queries-run:
- name: Prepare test javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
id: prepare-test queries-not-run: foo,bar
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init
with:
config-file: .github/codeql/codeql-config-packaging2.yml
languages: javascript
packs: codeql-testing/codeql-pack1@1.0.0, codeql-testing/codeql-pack2, codeql-testing/codeql-pack3:other-query.ql
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
- name: Check results - name: Assert Results
uses: ./../action/.github/actions/check-sarif shell: bash
with: run: |
sarif-file: ${{ runner.temp }}/results/javascript.sarif cd "$RUNNER_TEMP/results"
queries-run: # We should have 4 hits from these rules
javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
queries-not-run: foo,bar
- name: Assert Results # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
shell: bash RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
run: | echo "Found matching rules '$RULES'"
cd "$RUNNER_TEMP/results" if [ "$RULES" != "$EXPECTED_RULES" ]; then
# We should have 4 hits from these rules echo "Did not match expected rules '$EXPECTED_RULES'."
EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block" exit 1
fi
# use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
echo "Found matching rules '$RULES'"
if [ "$RULES" != "$EXPECTED_RULES" ]; then
echo "Did not match expected rules '$EXPECTED_RULES'."
exit 1
fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

167
.github/workflows/__remote-config.yml generated vendored
View file

@ -10,62 +10,71 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
remote-config: remote-config:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20221211 version: stable-20230403
- os: macos-latest - os: macos-12
version: stable-20221211 version: stable-20230403
- os: windows-latest - os: windows-latest
version: stable-20221211 version: stable-20230403
- os: ubuntu-latest - os: ubuntu-latest
version: stable-20230418 version: stable-v2.13.5
- os: macos-latest - os: macos-12
version: stable-20230418 version: stable-v2.13.5
- os: windows-latest - os: windows-latest
version: stable-20230418 version: stable-v2.13.5
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.13.5 version: stable-v2.14.6
- os: macos-latest - os: macos-12
version: stable-v2.13.5 version: stable-v2.14.6
- os: windows-latest - os: windows-latest
version: stable-v2.13.5 version: stable-v2.14.6
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.14.6 version: stable-v2.15.5
- os: macos-latest - os: macos-latest
version: stable-v2.14.6 version: stable-v2.15.5
- os: windows-latest - os: windows-latest
version: stable-v2.14.6 version: stable-v2.15.5
- os: ubuntu-latest - os: ubuntu-latest
version: default version: stable-v2.16.6
- os: macos-latest - os: macos-latest
version: default version: stable-v2.16.6
- os: windows-latest - os: windows-latest
version: default version: stable-v2.16.6
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: default
- os: macos-latest - os: macos-latest
version: latest version: default
- os: windows-latest - os: windows-latest
version: latest version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: linked
- os: macos-latest - os: macos-latest
version: nightly-latest version: linked
- os: windows-latest - os: windows-latest
version: nightly-latest version: linked
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
- os: windows-latest
version: nightly-latest
name: Remote config file name: Remote config file
permissions: permissions:
contents: read contents: read
@ -73,42 +82,36 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - uses: ./../action/init
setup-kotlin: true with:
- name: Set environment variable for Swift enablement tools: ${{ steps.prepare-test.outputs.tools-url }}
if: runner.os != 'Windows' && matrix.version == '20221211' languages: cpp,csharp,java,javascript,python
shell: bash config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV github.sha }}
- uses: ./../action/init - name: Build code
with: shell: bash
tools: ${{ steps.prepare-test.outputs.tools-url }} run: ./build.sh
languages: cpp,csharp,java,javascript,python - uses: ./../action/analyze
config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
github.sha }}
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

151
.github/workflows/__resolve-environment-action.yml generated vendored
View file

@ -10,44 +10,47 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
resolve-environment-action: resolve-environment-action:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: stable-v2.13.4 version: stable-v2.13.4
- os: macos-latest - os: macos-12
version: stable-v2.13.4 version: stable-v2.13.4
- os: windows-latest - os: windows-latest
version: stable-v2.13.4 version: stable-v2.13.4
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: macos-latest - os: macos-latest
version: latest version: linked
- os: windows-latest - os: windows-latest
version: latest version: linked
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
- os: windows-latest - os: windows-latest
version: nightly-latest version: nightly-latest
name: Resolve environment name: Resolve environment
permissions: permissions:
contents: read contents: read
@ -55,59 +58,53 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- uses: ./../action/init
with:
languages: ${{ matrix.version == 'stable-v2.13.4' && 'go' || 'go,javascript-typescript'
}}
tools: ${{ steps.prepare-test.outputs.tools-url }}
matrix.version == 'stable-v2.14.6') - name: Resolve environment for Go
with: uses: ./../action/resolve-environment
python-version: '3.11' id: resolve-environment-go
- name: Check out repository with:
uses: actions/checkout@v4 language: go
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init
with:
languages: ${{ matrix.version == 'stable-v2.13.4' && 'go' || 'go,javascript-typescript'
}}
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Resolve environment for Go - name: Fail if Go configuration missing
uses: ./../action/resolve-environment if: (!fromJSON(steps.resolve-environment-go.outputs.environment).configuration.go)
id: resolve-environment-go run: exit 1
with:
language: go
- name: Fail if Go configuration missing - name: Resolve environment for JavaScript/TypeScript
if: (!fromJSON(steps.resolve-environment-go.outputs.environment).configuration.go) if: matrix.version != 'stable-v2.13.4'
run: exit 1 uses: ./../action/resolve-environment
id: resolve-environment-js
with:
language: javascript-typescript
- name: Resolve environment for JavaScript/TypeScript - name: Fail if JavaScript/TypeScript configuration present
if: matrix.version != 'stable-v2.13.4' if: matrix.version != 'stable-v2.13.4' &&
uses: ./../action/resolve-environment fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript
id: resolve-environment-js run: exit 1
with:
language: javascript-typescript
- name: Fail if JavaScript/TypeScript configuration present
if: matrix.version != 'stable-v2.13.4' &&
fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript
run: exit 1
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

101
.github/workflows/__rubocop-multi-language.yml generated vendored
View file

@ -10,22 +10,25 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
rubocop-multi-language: rubocop-multi-language:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
name: RuboCop multi-language name: RuboCop multi-language
permissions: permissions:
contents: read contents: read
@ -33,52 +36,46 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - name: Set up Ruby
setup-kotlin: true uses: ruby/setup-ruby@v1
- name: Set environment variable for Swift enablement with:
if: runner.os != 'Windows' && matrix.version == '20221211' ruby-version: 2.6
shell: bash - name: Install Code Scanning integration
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV shell: bash
- name: Set up Ruby run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install
uses: ruby/setup-ruby@v1 - name: Install dependencies
with: shell: bash
ruby-version: 2.6 run: bundle install
- name: Install Code Scanning integration - name: RuboCop run
shell: bash shell: bash
run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install run: |
- name: Install dependencies bash -c "
shell: bash bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
run: bundle install [[ $? -ne 2 ]]
- name: RuboCop run "
shell: bash - uses: ./../action/upload-sarif
run: | with:
bash -c " sarif_file: rubocop.sarif
bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif
[[ $? -ne 2 ]]
"
- uses: ./../action/upload-sarif
with:
sarif_file: rubocop.sarif
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

113
.github/workflows/__ruby.yml generated vendored
View file

@ -10,32 +10,35 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
ruby: ruby:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: macos-latest - os: macos-latest
version: latest version: linked
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: Ruby analysis name: Ruby analysis
permissions: permissions:
contents: read contents: read
@ -43,48 +46,42 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - uses: ./../action/init
setup-kotlin: true with:
- name: Set environment variable for Swift enablement languages: ruby
if: runner.os != 'Windows' && matrix.version == '20221211' tools: ${{ steps.prepare-test.outputs.tools-url }}
shell: bash - uses: ./../action/analyze
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV id: analysis
- uses: ./../action/init with:
with: upload-database: false
languages: ruby - name: Check database
tools: ${{ steps.prepare-test.outputs.tools-url }} shell: bash
- uses: ./../action/analyze run: |
id: analysis RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}"
with: if [[ ! -d "$RUBY_DB" ]]; then
upload-database: false echo "Did not create a database for Ruby."
- name: Check database exit 1
shell: bash fi
run: |
RUBY_DB="${{ fromJson(steps.analysis.outputs.db-locations).ruby }}"
if [[ ! -d "$RUBY_DB" ]]; then
echo "Did not create a database for Ruby."
exit 1
fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

133
.github/workflows/__scaling-reserved-ram.yml generated vendored
View file

@ -10,48 +10,39 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
scaling-reserved-ram: scaling-reserved-ram:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: macos-12
version: stable-20221211 version: stable-20230403
- os: macos-latest - os: macos-12
version: stable-20221211 version: stable-v2.13.5
- os: ubuntu-latest - os: macos-12
version: stable-20230418 version: stable-v2.14.6
- os: macos-latest - os: macos-latest
version: stable-20230418 version: stable-v2.15.5
- os: ubuntu-latest - os: macos-latest
version: stable-v2.13.5 version: stable-v2.16.6
- os: macos-latest - os: macos-latest
version: stable-v2.13.5 version: default
- os: ubuntu-latest - os: macos-latest
version: stable-v2.14.6 version: linked
- os: macos-latest - os: macos-latest
version: stable-v2.14.6 version: nightly-latest
- os: ubuntu-latest
version: default
- os: macos-latest
version: default
- os: ubuntu-latest
version: latest
- os: macos-latest
version: latest
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
name: Scaling reserved RAM name: Scaling reserved RAM
permissions: permissions:
contents: read contents: read
@ -59,51 +50,49 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- uses: actions/setup-go@v5
with:
go-version: '>=1.21.0'
matrix.version == 'stable-v2.14.6') - uses: ./../action/init
with: id: init
python-version: '3.11' with:
- name: Check out repository db-location: ${{ runner.temp }}/customDbLocation
uses: actions/checkout@v4 tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- name: Set environment variable for Swift enablement
if: runner.os != 'Windows' && matrix.version == '20221211'
shell: bash
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init
id: init
with:
db-location: ${{ runner.temp }}/customDbLocation
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/.github/actions/setup-swift - uses: ./../action/.github/actions/setup-swift
with: with:
codeql-path: ${{ steps.init.outputs.codeql-path }} codeql-path: ${{ steps.init.outputs.codeql-path }}
- name: Build code - name: Build code
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
id: analysis id: analysis
with: with:
upload-database: false upload-database: false
env: env:
CODEQL_ACTION_SCALING_RESERVED_RAM: true CODEQL_ACTION_SCALING_RESERVED_RAM: true
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

157
.github/workflows/__split-workflow.yml generated vendored
View file

@ -10,32 +10,35 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
split-workflow: split-workflow:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: macos-latest - os: macos-latest
version: latest version: linked
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
- os: macos-latest - os: macos-latest
version: nightly-latest version: nightly-latest
name: Split workflow name: Split workflow
permissions: permissions:
contents: read contents: read
@ -43,72 +46,66 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
python-version: '3.11'
- name: Check out repository
uses: actions/checkout@v4
- name: Prepare test
id: prepare-test
uses: ./.github/actions/prepare-test
with:
version: ${{ matrix.version }}
use-all-platform-bundle: 'false'
setup-kotlin: true
- uses: ./../action/init
with:
config-file: .github/codeql/codeql-config-packaging3.yml
packs: +codeql-testing/codeql-pack1@1.0.0
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
skip-queries: true
output: ${{ runner.temp }}/results
upload-database: false
matrix.version == 'stable-v2.14.6') - name: Assert No Results
with: shell: bash
python-version: '3.11' run: |
- name: Check out repository if [ "$(ls -A $RUNNER_TEMP/results)" ]; then
uses: actions/checkout@v4 echo "Expected results directory to be empty after skipping query execution!"
- name: Prepare test exit 1
id: prepare-test fi
uses: ./.github/actions/prepare-test - uses: ./../action/analyze
with: with:
version: ${{ matrix.version }} output: ${{ runner.temp }}/results
use-all-platform-bundle: 'false' upload-database: false
setup-kotlin: true - name: Assert Results
- name: Set environment variable for Swift enablement shell: bash
if: runner.os != 'Windows' && matrix.version == '20221211' run: |
shell: bash cd "$RUNNER_TEMP/results"
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV # We should have 4 hits from these rules
- uses: ./../action/init EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
with:
config-file: .github/codeql/codeql-config-packaging3.yml
packs: +codeql-testing/codeql-pack1@1.0.0
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
skip-queries: true
output: ${{ runner.temp }}/results
upload-database: false
- name: Assert No Results # use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
shell: bash RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
run: | echo "Found matching rules '$RULES'"
if [ "$(ls -A $RUNNER_TEMP/results)" ]; then if [ "$RULES" != "$EXPECTED_RULES" ]; then
echo "Expected results directory to be empty after skipping query execution!" echo "Did not match expected rules '$EXPECTED_RULES'."
exit 1 exit 1
fi fi
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
upload-database: false
- name: Assert Results
shell: bash
run: |
cd "$RUNNER_TEMP/results"
# We should have 4 hits from these rules
EXPECTED_RULES="javascript/example/empty-or-one-block javascript/example/empty-or-one-block javascript/example/other-query-block javascript/example/two-block"
# use tr to replace newlines with spaces and xargs to trim leading and trailing whitespace
RULES="$(cat javascript.sarif | jq -r '.runs[0].results[].ruleId' | sort | tr "\n\r" " " | xargs)"
echo "Found matching rules '$RULES'"
if [ "$RULES" != "$EXPECTED_RULES" ]; then
echo "Did not match expected rules '$EXPECTED_RULES'."
exit 1
fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

91
.github/workflows/__submit-sarif-failure.yml generated vendored
View file

@ -10,26 +10,29 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
submit-sarif-failure: submit-sarif-failure:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Submit SARIF after failure name: Submit SARIF after failure
permissions: permissions:
contents: read contents: read
@ -37,50 +40,44 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - uses: actions/checkout@v4
setup-kotlin: true - uses: ./init
- name: Set environment variable for Swift enablement with:
if: runner.os != 'Windows' && matrix.version == '20221211' languages: javascript
shell: bash - name: Fail
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: actions/checkout@v4
- uses: ./init
with:
languages: javascript
- name: Fail
# We want this job to pass if the Action correctly uploads the SARIF file for # We want this job to pass if the Action correctly uploads the SARIF file for
# the failed run. # the failed run.
# Setting this step to continue on error means that it is marked as completing # Setting this step to continue on error means that it is marked as completing
# successfully, so will not fail the job. # successfully, so will not fail the job.
continue-on-error: true continue-on-error: true
run: exit 1 run: exit 1
- uses: ./analyze - uses: ./analyze
# In a real workflow, this step wouldn't run. Since we used `continue-on-error` # In a real workflow, this step wouldn't run. Since we used `continue-on-error`
# above, we manually disable it with an `if` condition. # above, we manually disable it with an `if` condition.
if: false if: false
with: with:
category: /test-codeql-version:${{ matrix.version }} category: /test-codeql-version:${{ matrix.version }}
env: env:
# Internal-only environment variable used to indicate that the post-init Action # Internal-only environment variable used to indicate that the post-init Action
# should expect to upload a SARIF file for the failed run. # should expect to upload a SARIF file for the failed run.

127
.github/workflows/__swift-custom-build.yml generated vendored
View file

@ -10,32 +10,29 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
swift-custom-build: swift-custom-build:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: macos-latest
version: latest version: linked
- os: macos-latest - os: macos-latest
version: latest version: default
- os: ubuntu-latest - os: macos-latest
version: default version: nightly-latest
- os: macos-latest
version: default
- os: ubuntu-latest
version: nightly-latest
- os: macos-latest
version: nightly-latest
name: Swift analysis using a custom build command name: Swift analysis using a custom build command
permissions: permissions:
contents: read contents: read
@ -43,59 +40,53 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - uses: ./../action/init
setup-kotlin: true id: init
- name: Set environment variable for Swift enablement with:
if: runner.os != 'Windows' && matrix.version == '20221211' languages: swift
shell: bash tools: ${{ steps.prepare-test.outputs.tools-url }}
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - uses: ./../action/.github/actions/setup-swift
- uses: ./../action/init with:
id: init codeql-path: ${{steps.init.outputs.codeql-path}}
with: - name: Check working directory
languages: swift shell: bash
tools: ${{ steps.prepare-test.outputs.tools-url }} run: pwd
- uses: ./../action/.github/actions/setup-swift - name: Build code
with: shell: bash
codeql-path: ${{steps.init.outputs.codeql-path}} run: ./build.sh
- name: Check working directory - uses: ./../action/analyze
shell: bash id: analysis
run: pwd with:
- name: Build code upload-database: false
shell: bash - name: Check database
run: ./build.sh shell: bash
- uses: ./../action/analyze run: |
id: analysis SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}"
with: if [[ ! -d "$SWIFT_DB" ]]; then
upload-database: false echo "Did not create a database for Swift."
- name: Check database exit 1
shell: bash fi
run: |
SWIFT_DB="${{ fromJson(steps.analysis.outputs.db-locations).swift }}"
if [[ ! -d "$SWIFT_DB" ]]; then
echo "Did not create a database for Swift."
exit 1
fi
env: env:
DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false' DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

109
.github/workflows/__test-autobuild-working-dir.yml generated vendored
View file

@ -10,22 +10,25 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
test-autobuild-working-dir: test-autobuild-working-dir:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
name: Autobuild working directory name: Autobuild working directory
permissions: permissions:
contents: read contents: read
@ -33,57 +36,49 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - name: Test setup
setup-kotlin: true shell: bash
- name: Set environment variable for Swift enablement run: |
if: runner.os != 'Windows' && matrix.version == '20221211' # Make sure that Gradle build succeeds in autobuild-dir ...
shell: bash cp -a ../action/tests/java-repo autobuild-dir
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV # ... and fails if attempted in the current directory
- name: Test setup echo > build.gradle
shell: bash - uses: ./../action/init
run: | with:
# Make sure that Gradle build succeeds in autobuild-dir ... languages: java
cp -a ../action/tests/java-repo autobuild-dir tools: ${{ steps.prepare-test.outputs.tools-url }}
# ... and fails if attempted in the current directory - uses: ./../action/autobuild
echo > build.gradle with:
- uses: ./../action/init working-directory: autobuild-dir
with: - uses: ./../action/analyze
languages: java - name: Check database
tools: ${{ steps.prepare-test.outputs.tools-url }} shell: bash
- uses: ./../action/autobuild run: |
with: cd "$RUNNER_TEMP/codeql_databases"
working-directory: autobuild-dir if [[ ! -d java ]]; then
- uses: ./../action/analyze echo "Did not find a Java database"
with: exit 1
upload-database: false fi
- name: Check database
shell: bash
run: |
cd "$RUNNER_TEMP/codeql_databases"
if [[ ! -d java ]]; then
echo "Did not find a Java database"
exit 1
fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

97
.github/workflows/__test-local-codeql.yml generated vendored
View file

@ -10,22 +10,25 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
test-local-codeql: test-local-codeql:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: nightly-latest version: nightly-latest
name: Local CodeQL bundle name: Local CodeQL bundle
permissions: permissions:
contents: read contents: read
@ -33,51 +36,43 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - name: Fetch a CodeQL bundle
setup-kotlin: true shell: bash
- name: Set environment variable for Swift enablement env:
if: runner.os != 'Windows' && matrix.version == '20221211' CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }}
shell: bash run: |
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV wget "$CODEQL_URL"
- name: Fetch a CodeQL bundle - id: init
shell: bash uses: ./../action/init
env: with:
CODEQL_URL: ${{ steps.prepare-test.outputs.tools-url }} tools: ./codeql-bundle-linux64.tar.gz
run: | - uses: ./../action/.github/actions/setup-swift
wget "$CODEQL_URL" with:
- id: init codeql-path: ${{ steps.init.outputs.codeql-path }}
uses: ./../action/init - name: Build code
with: shell: bash
tools: ./codeql-bundle-linux64.tar.gz run: ./build.sh
- uses: ./../action/.github/actions/setup-swift - uses: ./../action/analyze
with:
codeql-path: ${{ steps.init.outputs.codeql-path }}
- name: Build code
shell: bash
run: ./build.sh
- uses: ./../action/analyze
with:
upload-database: false
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

75
.github/workflows/__test-proxy.yml generated vendored
View file

@ -10,22 +10,25 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
test-proxy: test-proxy:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
name: Proxy test name: Proxy test
permissions: permissions:
contents: read contents: read
@ -33,40 +36,32 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: false
use-all-platform-bundle: 'false' - uses: ./../action/init
setup-kotlin: false with:
- name: Set environment variable for Swift enablement languages: javascript
if: runner.os != 'Windows' && matrix.version == '20221211' tools: ${{ steps.prepare-test.outputs.tools-url }}
shell: bash - uses: ./../action/analyze
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV
- uses: ./../action/init
with:
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- uses: ./../action/analyze
with:
upload-database: false
env: env:
https_proxy: http://squid-proxy:3128 https_proxy: http://squid-proxy:3128
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true
@ -77,4 +72,4 @@ jobs:
squid-proxy: squid-proxy:
image: ubuntu/squid:latest image: ubuntu/squid:latest
ports: ports:
- 3128:3128 - 3128:3128

192
.github/workflows/__unset-environment.yml generated vendored
View file

@ -10,34 +10,35 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
unset-environment: unset-environment:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: macos-12
version: stable-20221211 version: stable-v2.14.6
- os: ubuntu-latest - os: macos-latest
version: stable-20230418 version: stable-v2.15.5
- os: ubuntu-latest - os: macos-latest
version: stable-v2.13.5 version: stable-v2.16.6
- os: ubuntu-latest - os: macos-latest
version: stable-v2.14.6 version: linked
- os: ubuntu-latest - os: macos-latest
version: default version: default
- os: ubuntu-latest - os: macos-latest
version: latest version: nightly-latest
- os: ubuntu-latest
version: nightly-latest
name: Test unsetting environment variables name: Test unsetting environment variables
permissions: permissions:
contents: read contents: read
@ -45,85 +46,82 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - uses: ./../action/init
setup-kotlin: true id: init
- name: Set environment variable for Swift enablement with:
if: runner.os != 'Windows' && matrix.version == '20221211' db-location: ${{ runner.temp }}/customDbLocation
shell: bash tools: ${{ steps.prepare-test.outputs.tools-url }}
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV - uses: ./../action/.github/actions/setup-swift
- uses: ./../action/init with:
id: init codeql-path: ${{ steps.init.outputs.codeql-path }}
with: - uses: actions/setup-go@v5
db-location: ${{ runner.temp }}/customDbLocation with:
tools: ${{ steps.prepare-test.outputs.tools-url }} go-version: '>=1.21.0'
- uses: ./../action/.github/actions/setup-swift - name: Build code
with: shell: bash
codeql-path: ${{ steps.init.outputs.codeql-path }} run: env -i PATH="$PATH" HOME="$HOME" ./build.sh
- name: Build code - uses: ./../action/analyze
shell: bash id: analysis
run: env -i PATH="$PATH" HOME="$HOME" ./build.sh with:
- uses: ./../action/analyze upload-database: false
id: analysis - shell: bash
with: run: |
upload-database: false CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}"
- shell: bash if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then
run: | echo "::error::Did not create a database for CPP, or created it in the wrong location." \
CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}" "Expected location was '${RUNNER_TEMP}/customDbLocation/cpp' but actual was '${CPP_DB}'"
if [[ ! -d "$CPP_DB" ]] || [[ ! "$CPP_DB" == "${RUNNER_TEMP}/customDbLocation/cpp" ]]; then exit 1
echo "::error::Did not create a database for CPP, or created it in the wrong location." \ fi
"Expected location was '${RUNNER_TEMP}/customDbLocation/cpp' but actual was '${CPP_DB}'" CSHARP_DB="${{ fromJson(steps.analysis.outputs.db-locations).csharp }}"
exit 1 if [[ ! -d "$CSHARP_DB" ]] || [[ ! "$CSHARP_DB" == "${RUNNER_TEMP}/customDbLocation/csharp" ]]; then
fi echo "::error::Did not create a database for C Sharp, or created it in the wrong location." \
CSHARP_DB="${{ fromJson(steps.analysis.outputs.db-locations).csharp }}" "Expected location was '${RUNNER_TEMP}/customDbLocation/csharp' but actual was '${CSHARP_DB}'"
if [[ ! -d "$CSHARP_DB" ]] || [[ ! "$CSHARP_DB" == "${RUNNER_TEMP}/customDbLocation/csharp" ]]; then exit 1
echo "::error::Did not create a database for C Sharp, or created it in the wrong location." \ fi
"Expected location was '${RUNNER_TEMP}/customDbLocation/csharp' but actual was '${CSHARP_DB}'" GO_DB="${{ fromJson(steps.analysis.outputs.db-locations).go }}"
exit 1 if [[ ! -d "$GO_DB" ]] || [[ ! "$GO_DB" == "${RUNNER_TEMP}/customDbLocation/go" ]]; then
fi echo "::error::Did not create a database for Go, or created it in the wrong location." \
GO_DB="${{ fromJson(steps.analysis.outputs.db-locations).go }}" "Expected location was '${RUNNER_TEMP}/customDbLocation/go' but actual was '${GO_DB}'"
if [[ ! -d "$GO_DB" ]] || [[ ! "$GO_DB" == "${RUNNER_TEMP}/customDbLocation/go" ]]; then exit 1
echo "::error::Did not create a database for Go, or created it in the wrong location." \ fi
"Expected location was '${RUNNER_TEMP}/customDbLocation/go' but actual was '${GO_DB}'" JAVA_DB="${{ fromJson(steps.analysis.outputs.db-locations).java }}"
exit 1 if [[ ! -d "$JAVA_DB" ]] || [[ ! "$JAVA_DB" == "${RUNNER_TEMP}/customDbLocation/java" ]]; then
fi echo "::error::Did not create a database for Java, or created it in the wrong location." \
JAVA_DB="${{ fromJson(steps.analysis.outputs.db-locations).java }}" "Expected location was '${RUNNER_TEMP}/customDbLocation/java' but actual was '${JAVA_DB}'"
if [[ ! -d "$JAVA_DB" ]] || [[ ! "$JAVA_DB" == "${RUNNER_TEMP}/customDbLocation/java" ]]; then exit 1
echo "::error::Did not create a database for Java, or created it in the wrong location." \ fi
"Expected location was '${RUNNER_TEMP}/customDbLocation/java' but actual was '${JAVA_DB}'" JAVASCRIPT_DB="${{ fromJson(steps.analysis.outputs.db-locations).javascript }}"
exit 1 if [[ ! -d "$JAVASCRIPT_DB" ]] || [[ ! "$JAVASCRIPT_DB" == "${RUNNER_TEMP}/customDbLocation/javascript" ]]; then
fi echo "::error::Did not create a database for Javascript, or created it in the wrong location." \
JAVASCRIPT_DB="${{ fromJson(steps.analysis.outputs.db-locations).javascript }}" "Expected location was '${RUNNER_TEMP}/customDbLocation/javascript' but actual was '${JAVASCRIPT_DB}'"
if [[ ! -d "$JAVASCRIPT_DB" ]] || [[ ! "$JAVASCRIPT_DB" == "${RUNNER_TEMP}/customDbLocation/javascript" ]]; then exit 1
echo "::error::Did not create a database for Javascript, or created it in the wrong location." \ fi
"Expected location was '${RUNNER_TEMP}/customDbLocation/javascript' but actual was '${JAVASCRIPT_DB}'" PYTHON_DB="${{ fromJson(steps.analysis.outputs.db-locations).python }}"
exit 1 if [[ ! -d "$PYTHON_DB" ]] || [[ ! "$PYTHON_DB" == "${RUNNER_TEMP}/customDbLocation/python" ]]; then
fi echo "::error::Did not create a database for Python, or created it in the wrong location." \
PYTHON_DB="${{ fromJson(steps.analysis.outputs.db-locations).python }}" "Expected location was '${RUNNER_TEMP}/customDbLocation/python' but actual was '${PYTHON_DB}'"
if [[ ! -d "$PYTHON_DB" ]] || [[ ! "$PYTHON_DB" == "${RUNNER_TEMP}/customDbLocation/python" ]]; then exit 1
echo "::error::Did not create a database for Python, or created it in the wrong location." \ fi
"Expected location was '${RUNNER_TEMP}/customDbLocation/python' but actual was '${PYTHON_DB}'"
exit 1
fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

107
.github/workflows/__upload-ref-sha-input.yml generated vendored
View file

@ -10,26 +10,29 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
upload-ref-sha-input: upload-ref-sha-input:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest
version: default version: default
- os: windows-latest - os: windows-latest
version: default version: default
name: "Upload-sarif: 'ref' and 'sha' from inputs" name: "Upload-sarif: 'ref' and 'sha' from inputs"
permissions: permissions:
contents: read contents: read
@ -37,51 +40,45 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - uses: ./../action/init
setup-kotlin: true with:
- name: Set environment variable for Swift enablement tools: ${{ steps.prepare-test.outputs.tools-url }}
if: runner.os != 'Windows' && matrix.version == '20221211' languages: cpp,csharp,java,javascript,python
shell: bash config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV github.sha }}
- uses: ./../action/init - name: Build code
with: shell: bash
tools: ${{ steps.prepare-test.outputs.tools-url }} run: ./build.sh
languages: cpp,csharp,java,javascript,python # Generate some SARIF we can upload with the upload-sarif step
config-file: ${{ github.repository }}/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ - uses: ./../action/analyze
github.sha }} with:
- name: Build code ref: refs/heads/main
shell: bash sha: 5e235361806c361d4d3f8859e3c897658025a9a2
run: ./build.sh upload: never
- uses: ./../action/analyze - uses: ./../action/upload-sarif
with: with:
upload-database: false ref: refs/heads/main
ref: refs/heads/main sha: 5e235361806c361d4d3f8859e3c897658025a9a2
sha: 5e235361806c361d4d3f8859e3c897658025a9a2
upload: never
- uses: ./../action/upload-sarif
with:
ref: refs/heads/main
sha: 5e235361806c361d4d3f8859e3c897658025a9a2
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

177
.github/workflows/__with-checkout-path.yml generated vendored
View file

@ -10,26 +10,29 @@ env:
on: on:
push: push:
branches: branches:
- main - main
- releases/v* - releases/v*
pull_request: pull_request:
types: types:
- opened - opened
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
with-checkout-path: with-checkout-path:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: macos-latest - os: macos-latest
version: latest version: linked
- os: windows-latest - os: windows-latest
version: latest version: linked
name: Use a custom `checkout_path` name: Use a custom `checkout_path`
permissions: permissions:
contents: read contents: read
@ -37,101 +40,87 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}
steps: steps:
- name: Setup Python on MacOS - name: Setup Python on MacOS
uses: actions/setup-python@v5 uses: actions/setup-python@v5
if: >- if: >-
matrix.os == 'macos-latest' && ( runner.os == 'macOS' && (
matrix.version == 'stable-20221211' || matrix.version == 'stable-20230403' ||
matrix.version == 'stable-20230418' || matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.13.5' || matrix.version == 'stable-v2.14.6')
with:
matrix.version == 'stable-v2.14.6') python-version: '3.11'
with: - name: Check out repository
python-version: '3.11' uses: actions/checkout@v4
- name: Check out repository - name: Prepare test
uses: actions/checkout@v4 id: prepare-test
- name: Prepare test uses: ./.github/actions/prepare-test
id: prepare-test with:
uses: ./.github/actions/prepare-test version: ${{ matrix.version }}
with: use-all-platform-bundle: 'false'
version: ${{ matrix.version }} setup-kotlin: true
use-all-platform-bundle: 'false' - name: Delete original checkout
setup-kotlin: true shell: bash
- name: Set environment variable for Swift enablement run: |
if: runner.os != 'Windows' && matrix.version == '20221211' # delete the original checkout so we don't accidentally use it.
shell: bash # Actions does not support deleting the current working directory, so we
run: echo "CODEQL_ENABLE_EXPERIMENTAL_FEATURES_SWIFT=true" >> $GITHUB_ENV # delete the contents of the directory instead.
- name: Delete original checkout rm -rf ./* .github .git
shell: bash
run: |
# delete the original checkout so we don't accidentally use it.
# Actions does not support deleting the current working directory, so we
# delete the contents of the directory instead.
rm -rf ./* .github .git
# Check out the actions repo again, but at a different location. # Check out the actions repo again, but at a different location.
# choose an arbitrary SHA so that we can later test that the commit_oid is not from main # choose an arbitrary SHA so that we can later test that the commit_oid is not from main
- uses: actions/checkout@v4 - uses: actions/checkout@v4
with: with:
ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 ref: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
path: x/y/z/some-path path: x/y/z/some-path
- uses: ./../action/init - uses: ./../action/init
with: with:
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}
# it's enough to test one compiled language and one interpreted language # it's enough to test one compiled language and one interpreted language
languages: csharp,javascript languages: csharp,javascript
source-root: x/y/z/some-path/tests/multi-language-repo source-root: x/y/z/some-path/tests/multi-language-repo
- name: Build code - name: Build code
shell: bash shell: bash
working-directory: x/y/z/some-path/tests/multi-language-repo working-directory: x/y/z/some-path/tests/multi-language-repo
run: | run: |
./build.sh ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
checkout_path: x/y/z/some-path/tests/multi-language-repo checkout_path: x/y/z/some-path/tests/multi-language-repo
ref: v1.1.0 ref: v1.1.0
sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
upload: never
upload-database: false
- uses: ./../action/upload-sarif - name: Verify SARIF after upload
with: shell: bash
ref: v1.1.0 run: |
sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6 EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6"
checkout_path: x/y/z/some-path/tests/multi-language-repo EXPECTED_REF="v1.1.0"
EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo"
- name: Verify SARIF after upload ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)"
shell: bash ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)"
run: | ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)"
EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6"
EXPECTED_REF="v1.1.0"
EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo"
ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)" if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then
ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)" echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID"
ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)" echo "$RUNNER_TEMP/payload.json"
exit 1
fi
if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then
echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID" echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'"
echo "$RUNNER_TEMP/payload.json" echo "$RUNNER_TEMP/payload.json"
exit 1 exit 1
fi fi
if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then
echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'" echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI"
echo "$RUNNER_TEMP/payload.json" echo "$RUNNER_TEMP/payload.json"
exit 1 exit 1
fi fi
if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then
echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI"
echo "$RUNNER_TEMP/payload.json"
exit 1
fi
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

9
.github/workflows/codeql.yml vendored
View file

@ -41,7 +41,7 @@ jobs:
id: init-latest id: init-latest
uses: ./init uses: ./init
with: with:
tools: latest tools: linked
languages: javascript languages: javascript
- name: Compare default and latest CodeQL bundle versions - name: Compare default and latest CodeQL bundle versions
id: compare id: compare
@ -54,16 +54,16 @@ jobs:
echo "Default CodeQL bundle version is $CODEQL_VERSION_DEFAULT" echo "Default CodeQL bundle version is $CODEQL_VERSION_DEFAULT"
echo "Latest CodeQL bundle version is $CODEQL_VERSION_LATEST" echo "Latest CodeQL bundle version is $CODEQL_VERSION_LATEST"
# If we're running on a pull request, run with both bundles, even if `tools: latest` would # If we're running on a pull request, run with both bundles, even if `tools: linked` would
# be the same as `tools: null`. This allows us to make the job for each of the bundles a # be the same as `tools: null`. This allows us to make the job for each of the bundles a
# required status check. # required status check.
# #
# If we're running on push or schedule, then we can skip running with `tools: latest` when it would be # If we're running on push or schedule, then we can skip running with `tools: linked` when it would be
# the same as running with `tools: null`. # the same as running with `tools: null`.
if [[ "$GITHUB_EVENT_NAME" != "pull_request" && "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then if [[ "$GITHUB_EVENT_NAME" != "pull_request" && "$CODEQL_VERSION_DEFAULT" == "$CODEQL_VERSION_LATEST" ]]; then
VERSIONS_JSON='[null]' VERSIONS_JSON='[null]'
else else
VERSIONS_JSON='[null, "latest"]' VERSIONS_JSON='[null, "linked"]'
fi fi
# Output a JSON-encoded list with the distinct versions to test against. # Output a JSON-encoded list with the distinct versions to test against.
@ -73,6 +73,7 @@ jobs:
build: build:
needs: [check-codeql-versions] needs: [check-codeql-versions]
strategy: strategy:
fail-fast: false
matrix: matrix:
os: [ubuntu-20.04,ubuntu-22.04,windows-2019,windows-2022,macos-11,macos-12,macos-13] os: [ubuntu-20.04,ubuntu-22.04,windows-2019,windows-2022,macos-11,macos-12,macos-13]
tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }} tools: ${{ fromJson(needs.check-codeql-versions.outputs.versions) }}

7
.github/workflows/codescanning-config-cli.yml vendored
View file

@ -15,6 +15,8 @@ on:
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
@ -22,12 +24,13 @@ jobs:
continue-on-error: true continue-on-error: true
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
version: latest version: linked
- os: macos-latest - os: macos-latest
version: latest version: linked
- os: ubuntu-latest - os: ubuntu-latest
version: default version: default
- os: macos-latest - os: macos-latest

4
.github/workflows/debug-artifacts-failure.yml vendored
View file

@ -14,6 +14,8 @@ on:
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
upload-artifacts: upload-artifacts:
@ -32,7 +34,7 @@ jobs:
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: latest version: linked
- uses: actions/setup-go@v5 - uses: actions/setup-go@v5
with: with:
go-version: ^1.13.1 go-version: ^1.13.1

19
.github/workflows/debug-artifacts.yml vendored
View file

@ -13,24 +13,29 @@ on:
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
upload-artifacts: upload-artifacts:
strategy: strategy:
fail-fast: false
matrix: matrix:
version: version:
- stable-20221211 # TODO: Once CLI v2.17.4 is available and the platform is switched back to ubuntu,
- stable-20230418 # stable-20230403, stable-v2.13.5, and stable-v2.14.6 can be added back to this matrix,
- stable-v2.13.5 # and the VERSIONS variable in the bash script below.
- stable-v2.14.6 # Prior to CLI v2.15.1, ARM runners were not supported by the build tracer.
- stable-v2.15.5
- stable-v2.16.6
- default - default
- latest - linked
- nightly-latest - nightly-latest
name: Upload debug artifacts name: Upload debug artifacts
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true
timeout-minutes: 45 timeout-minutes: 45
runs-on: ubuntu-latest runs-on: macos-latest # TODO: Switch back to ubuntu for `nightly-latest` and `linked` once CLI v2.17.4 is available.
steps: steps:
- name: Check out repository - name: Check out repository
uses: actions/checkout@v4 uses: actions/checkout@v4
@ -68,7 +73,7 @@ jobs:
- name: Check expected artifacts exist - name: Check expected artifacts exist
shell: bash shell: bash
run: | run: |
VERSIONS="stable-20221211 stable-20230418 stable-v2.13.5 stable-v2.14.6 default latest nightly-latest" VERSIONS="stable-v2.15.5 stable-v2.16.6 default linked nightly-latest"
LANGUAGES="cpp csharp go java javascript python" LANGUAGES="cpp csharp go java javascript python"
for version in $VERSIONS; do for version in $VERSIONS; do
pushd "./my-debug-artifacts-${version//./}" pushd "./my-debug-artifacts-${version//./}"

6
.github/workflows/expected-queries-runs.yml vendored
View file

@ -11,6 +11,8 @@ on:
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
@ -27,7 +29,7 @@ jobs:
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: latest version: linked
- uses: ./../action/init - uses: ./../action/init
with: with:
languages: javascript languages: javascript
@ -35,8 +37,6 @@ jobs:
- uses: ./../action/analyze - uses: ./../action/analyze
with: with:
output: ${{ runner.temp }}/results output: ${{ runner.temp }}/results
upload-database: false
upload: never
- name: Check Sarif - name: Check Sarif
uses: ./../action/.github/actions/check-sarif uses: ./../action/.github/actions/check-sarif

2
.github/workflows/pr-checks.yml vendored
View file

@ -16,6 +16,7 @@ jobs:
timeout-minutes: 45 timeout-minutes: 45
strategy: strategy:
fail-fast: false
matrix: matrix:
node-types-version: [16.11, current] # run tests on 16.11 while CodeQL Action v2 is still supported node-types-version: [16.11, current] # run tests on 16.11 while CodeQL Action v2 is still supported
@ -89,6 +90,7 @@ jobs:
name: Unit Test name: Unit Test
needs: [check-js, check-node-modules] needs: [check-js, check-node-modules]
strategy: strategy:
fail-fast: false
matrix: matrix:
os: [ubuntu-latest, macos-latest, windows-latest] os: [ubuntu-latest, macos-latest, windows-latest]
runs-on: ${{ matrix.os }} runs-on: ${{ matrix.os }}

174
.github/workflows/python-deps.yml vendored
View file

@ -1,174 +0,0 @@
name: Test Python Package Installation
on:
push:
branches: [main, releases/v*]
pull_request:
# Run checks on reopened draft PRs to support triggering PR checks on draft PRs that were opened
# by other workflows.
types: [opened, synchronize, reopened, ready_for_review]
paths:
# Changes to this workflow.
- '.github/workflows/python-deps.yml'
# Changes to the Python package installation scripts and their tests.
- 'python-setup/**'
# Changes to the default CodeQL bundle version.
- '**/defaults.json'
schedule:
# Weekly on Monday.
- cron: '0 0 * * 1'
workflow_dispatch:
jobs:
test-setup-python-scripts:
timeout-minutes: 45
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-20.04, ubuntu-22.04, macos-latest]
python_deps_type: [pipenv, poetry, requirements, setup_py]
python_version: [3]
env:
PYTHON_DEPS_TYPE: ${{ matrix.python_deps_type }}
PYTHON_VERSION: ${{ matrix.python_version }}
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4
- name: Initialize CodeQL
uses: ./init
id: init
with:
tools: latest
languages: python
setup-python-dependencies: false
- name: Test Auto Package Installation
run: |
set -x
$GITHUB_WORKSPACE/python-setup/install_tools.sh
cd $GITHUB_WORKSPACE/python-setup/tests/${PYTHON_DEPS_TYPE}/requests-${PYTHON_VERSION}
case ${{ matrix.os }} in
ubuntu-20.04*) basePath="/opt";;
ubuntu-22.04*) basePath="/opt";;
macos-latest*) basePath="/Users/runner";;
esac
echo ${basePath}
$GITHUB_WORKSPACE/python-setup/auto_install_packages.py "$(dirname ${{steps.init.outputs.codeql-path}})"
- name: Setup for extractor
run: |
echo $CODEQL_PYTHON
# only run if $CODEQL_PYTHON is set
if [ ! -z $CODEQL_PYTHON ]; then
$GITHUB_WORKSPACE/python-setup/tests/from_python_exe.py $CODEQL_PYTHON;
fi
- name: Verify packages installed
run: |
$GITHUB_WORKSPACE/python-setup/tests/check_requests.sh ${PYTHON_VERSION} 2.31.0
# This one shouldn't fail, but also won't install packages
test-setup-python-scripts-non-standard-location:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-20.04, ubuntu-22.04, macos-latest]
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4
- name: Initialize CodeQL
uses: ./init
id: init
with:
tools: latest
languages: python
setup-python-dependencies: false
- name: Test Auto Package Installation
run: |
set -x
$GITHUB_WORKSPACE/python-setup/install_tools.sh
cd $GITHUB_WORKSPACE/python-setup/tests/requirements/non-standard-location
case ${{ matrix.os }} in
ubuntu-20.04*) basePath="/opt";;
ubuntu-22.04*) basePath="/opt";;
macos-latest*) basePath="/Users/runner";;
esac
echo ${basePath}
$GITHUB_WORKSPACE/python-setup/auto_install_packages.py "$(dirname ${{steps.init.outputs.codeql-path}})"
- name: Setup for extractor
run: |
echo $CODEQL_PYTHON
# only run if $CODEQL_PYTHON is set
if [ ! -z $CODEQL_PYTHON ]; then
$GITHUB_WORKSPACE/python-setup/tests/from_python_exe.py $CODEQL_PYTHON;
fi
- name: Verify packages installed
run: |
test -z $LGTM_INDEX_IMPORT_PATH
test-setup-python-scripts-windows:
runs-on: windows-latest
strategy:
fail-fast: false
matrix:
python_deps_type: [pipenv, poetry, requirements, setup_py]
python_version: [3]
env:
CODEQL_ACTION_TEST_MODE: true
PYTHON_DEPS_TYPE: ${{ matrix.python_deps_type }}
PYTHON_VERSION: ${{ matrix.python_version }}
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4
- uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python_version }}
- name: Initialize CodeQL
id: init
uses: ./init
with:
tools: latest
languages: python
setup-python-dependencies: false
- name: Test Auto Package Installation
env:
CODEQL_PATH: ${{ steps.init.outputs.codeql-path }}
run: |
$cmd = $Env:GITHUB_WORKSPACE + "\\python-setup\\install_tools.ps1"
powershell -File $cmd
cd $Env:GITHUB_WORKSPACE\\python-setup/tests/$Env:PYTHON_DEPS_TYPE/requests-$Env:PYTHON_VERSION
$codeql_dist = (get-item $Env:CODEQL_PATH).Directory.FullName
py -3 $Env:GITHUB_WORKSPACE\\python-setup\\auto_install_packages.py $codeql_dist
- name: Setup for extractor
run: |
echo $Env:CODEQL_PYTHON
py -3 $Env:GITHUB_WORKSPACE\\python-setup\\tests\\from_python_exe.py $Env:CODEQL_PYTHON
- name: Verify packages installed
run: |
$cmd = $Env:GITHUB_WORKSPACE + "\\python-setup\\tests\\check_requests.ps1"
powershell -File $cmd $Env:PYTHON_VERSION 2.31.0

7
.github/workflows/python312-windows.yml vendored
View file

@ -14,6 +14,8 @@ on:
jobs: jobs:
test-setup-python-scripts: test-setup-python-scripts:
env:
CODEQL_ACTION_TEST_MODE: true
timeout-minutes: 45 timeout-minutes: 45
runs-on: windows-latest runs-on: windows-latest
@ -32,11 +34,8 @@ jobs:
- name: Initialize CodeQL - name: Initialize CodeQL
uses: ./../action/init uses: ./../action/init
with: with:
tools: latest tools: linked
languages: python languages: python
- name: Analyze - name: Analyze
uses: ./../action/analyze uses: ./../action/analyze
with:
upload: false
upload-database: false

4
.github/workflows/query-filters.yml vendored
View file

@ -11,6 +11,8 @@ on:
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
@ -25,7 +27,7 @@ jobs:
id: prepare-test id: prepare-test
uses: ./.github/actions/prepare-test uses: ./.github/actions/prepare-test
with: with:
version: latest version: linked
- name: Check SARIF for default queries with Single include, Single exclude - name: Check SARIF for default queries with Single include, Single exclude
uses: ./../action/.github/actions/query-filter-test uses: ./../action/.github/actions/query-filter-test

7
.github/workflows/script/update-node-modules.sh vendored
View file

@ -1,9 +1,12 @@
if [ "$1" != "update" && "$1" != "check-only" ]; then #!/bin/bash
set -eu
if [ "$1" != "update" ] && [ "$1" != "check-only" ]; then
>&2 echo "Failed: Invalid argument. Must be 'update' or 'check-only'" >&2 echo "Failed: Invalid argument. Must be 'update' or 'check-only'"
exit 1 exit 1
fi fi
sudo npm install --force -g npm@9.2.0 npm install --force -g npm@9.2.0
# clean the npm cache to ensure we don't have any files owned by root # clean the npm cache to ensure we don't have any files owned by root
sudo npm cache clean --force sudo npm cache clean --force

5
.github/workflows/test-codeql-bundle-all.yml vendored
View file

@ -13,10 +13,13 @@ on:
- synchronize - synchronize
- reopened - reopened
- ready_for_review - ready_for_review
schedule:
- cron: '0 5 * * *'
workflow_dispatch: {} workflow_dispatch: {}
jobs: jobs:
test-codeql-bundle-all: test-codeql-bundle-all:
strategy: strategy:
fail-fast: false
matrix: matrix:
include: include:
- os: ubuntu-latest - os: ubuntu-latest
@ -47,7 +50,5 @@ jobs:
shell: bash shell: bash
run: ./build.sh run: ./build.sh
- uses: ./../action/analyze - uses: ./../action/analyze
with:
upload-database: false
env: env:
CODEQL_ACTION_TEST_MODE: true CODEQL_ACTION_TEST_MODE: true

2
.github/workflows/update-bundle.yml vendored
View file

@ -54,7 +54,7 @@ jobs:
cli_version=$(jq -r '.cliVersion' src/defaults.json) cli_version=$(jq -r '.cliVersion' src/defaults.json)
pr_url=$(gh pr create \ pr_url=$(gh pr create \
--title "Update default bundle to $cli_version" \ --title "Update default bundle to $cli_version" \
--body "This pull request updates the default CodeQL bundle, as used with \`tools: latest\` and on GHES, to $cli_version." \ --body "This pull request updates the default CodeQL bundle, as used with \`tools: linked\` and on GHES, to $cli_version." \
--assignee "$GITHUB_ACTOR" \ --assignee "$GITHUB_ACTOR" \
--draft \ --draft \
) )

66
CHANGELOG.md
View file

@ -8,6 +8,72 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the
No user facing changes. No user facing changes.
## 3.25.10 - 13 Jun 2024
- Update default CodeQL bundle version to 2.17.5. [#2327](https://github.com/github/codeql-action/pull/2327)
## 3.25.9 - 12 Jun 2024
- Avoid failing database creation if the database folder already exists and contains some unexpected files. Requires CodeQL 2.18.0 or higher. [#2330](https://github.com/github/codeql-action/pull/2330)
- The init Action will attempt to clean up the database cluster directory before creating a new database and at the end of the job. This will help to avoid issues where the database cluster directory is left in an inconsistent state. [#2332](https://github.com/github/codeql-action/pull/2332)
## 3.25.8 - 04 Jun 2024
- Update default CodeQL bundle version to 2.17.4. [#2321](https://github.com/github/codeql-action/pull/2321)
## 3.25.7 - 31 May 2024
- We are rolling out a feature in May/June 2024 that will reduce the Actions cache usage of the Action by keeping only the newest TRAP cache for each language. [#2306](https://github.com/github/codeql-action/pull/2306)
## 3.25.6 - 20 May 2024
- Update default CodeQL bundle version to 2.17.3. [#2295](https://github.com/github/codeql-action/pull/2295)
## 3.25.5 - 13 May 2024
- Add a compatibility matrix of supported CodeQL Action, CodeQL CLI, and GitHub Enterprise Server versions to the [README.md](README.md). [#2273](https://github.com/github/codeql-action/pull/2273)
- Avoid printing out a warning for a missing `on.push` trigger when the CodeQL Action is triggered via a `workflow_call` event. [#2274](https://github.com/github/codeql-action/pull/2274)
- The `tools: latest` input to the `init` Action has been renamed to `tools: linked`. This option specifies that the Action should use the tools shipped at the same time as the Action. The old name will continue to work for backwards compatibility, but we recommend that new workflows use the new name. [#2281](https://github.com/github/codeql-action/pull/2281)
## 3.25.4 - 08 May 2024
- Update default CodeQL bundle version to 2.17.2. [#2270](https://github.com/github/codeql-action/pull/2270)
## 3.25.3 - 25 Apr 2024
- Update default CodeQL bundle version to 2.17.1. [#2247](https://github.com/github/codeql-action/pull/2247)
- Workflows running on `macos-latest` using CodeQL CLI versions before v2.15.1 will need to either upgrade their CLI version to v2.15.1 or newer, or change the platform to an Intel MacOS runner, such as `macos-12`. ARM machines with SIP disabled, including the newest `macos-latest` image, are unsupported for CLI versions before 2.15.1. [#2261](https://github.com/github/codeql-action/pull/2261)
## 3.25.2 - 22 Apr 2024
No user facing changes.
## 3.25.1 - 17 Apr 2024
- We are rolling out a feature in April/May 2024 that improves the reliability and performance of analyzing code when analyzing a compiled language with the `autobuild` [build mode](https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes). [#2235](https://github.com/github/codeql-action/pull/2235)
- Fix a bug where the `init` Action would fail if `--overwrite` was specified in `CODEQL_ACTION_EXTRA_OPTIONS`. [#2245](https://github.com/github/codeql-action/pull/2245)
## 3.25.0 - 15 Apr 2024
- The deprecated feature for extracting dependencies for a Python analysis has been removed. [#2224](https://github.com/github/codeql-action/pull/2224)
As a result, the following inputs and environment variables are now ignored:
- The `setup-python-dependencies` input to the `init` Action
- The `CODEQL_ACTION_DISABLE_PYTHON_DEPENDENCY_INSTALLATION` environment variable
We recommend removing any references to these from your workflows. For more information, see the release notes for CodeQL Action v3.23.0 and v2.23.0.
- Automatically overwrite an existing database if found on the filesystem. [#2229](https://github.com/github/codeql-action/pull/2229)
- Bump the minimum CodeQL bundle version to 2.12.6. [#2232](https://github.com/github/codeql-action/pull/2232)
- A more relevant log message and a diagnostic are now emitted when the `file` program is not installed on a Linux runner, but is required for Go tracing to succeed. [#2234](https://github.com/github/codeql-action/pull/2234)
## 3.24.10 - 05 Apr 2024
- Update default CodeQL bundle version to 2.17.0. [#2219](https://github.com/github/codeql-action/pull/2219)
- Add a deprecation warning for customers using CodeQL version 2.12.5 and earlier. These versions of CodeQL were discontinued on 26 March 2024 alongside GitHub Enterprise Server 3.8, and will be unsupported by CodeQL Action versions 3.25.0 and later and versions 2.25.0 and later. [#2220](https://github.com/github/codeql-action/pull/2220)
- If you are using one of these versions, please update to CodeQL CLI version 2.12.6 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
- Alternatively, if you want to continue using a version of the CodeQL CLI between 2.11.6 and 2.12.5, you can replace `github/codeql-action/*@v3` by `github/codeql-action/*@v3.24.10` and `github/codeql-action/*@v2` by `github/codeql-action/*@v2.24.10` in your code scanning workflow to ensure you continue using this version of the CodeQL Action.
## 3.24.9 - 22 Mar 2024 ## 3.24.9 - 22 Mar 2024
- Update default CodeQL bundle version to 2.16.5. [#2203](https://github.com/github/codeql-action/pull/2203) - Update default CodeQL bundle version to 2.16.5. [#2203](https://github.com/github/codeql-action/pull/2203)

2
CODEOWNERS
View file

@ -1,3 +1 @@
**/* @github/codeql-action-reviewers **/* @github/codeql-action-reviewers
/python-setup/ @github/codeql-python @github/codeql-action-reviewers

2
CONTRIBUTING.md
View file

@ -3,6 +3,7 @@
[fork]: https://github.com/github/codeql-action/fork [fork]: https://github.com/github/codeql-action/fork
[pr]: https://github.com/github/codeql-action/compare [pr]: https://github.com/github/codeql-action/compare
[code-of-conduct]: CODE_OF_CONDUCT.md [code-of-conduct]: CODE_OF_CONDUCT.md
[readme]: README.md#supported-versions-of-the-codeql-cli-and-github-enterprise-server
Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great. Hi there! We're thrilled that you'd like to contribute to this project. Your help is essential for keeping it great.
@ -84,6 +85,7 @@ We typically deprecate a version of CodeQL when the GitHub Enterprise Server (GH
1. Notify users using the old version of CodeQL about the deprecation. 1. Notify users using the old version of CodeQL about the deprecation.
- Update `CODEQL_NEXT_MINIMUM_VERSION`, `GHES_VERSION_MOST_RECENTLY_DEPRECATED`, and `GHES_MOST_RECENT_DEPRECATION_DATE` in `src/codeql.ts` to reflect the new minimum version of CodeQL and the GHES version that has just been deprecated. - Update `CODEQL_NEXT_MINIMUM_VERSION`, `GHES_VERSION_MOST_RECENTLY_DEPRECATED`, and `GHES_MOST_RECENT_DEPRECATION_DATE` in `src/codeql.ts` to reflect the new minimum version of CodeQL and the GHES version that has just been deprecated.
- Add a changelog note announcing the deprecation. - Add a changelog note announcing the deprecation.
- Update the CLI version referenced in the [readme] by adding a new row to the compatibility table.
- Example PR: https://github.com/github/codeql-action/pull/1884 - Example PR: https://github.com/github/codeql-action/pull/1884
1. Release the Action, or wait for the next scheduled release of the Action, then wait at least a week so users have time to see and act on the deprecation warning. 1. Release the Action, or wait for the next scheduled release of the Action, then wait at least a week so users have time to see and act on the deprecation warning.
1. Remove support for the old version of CodeQL. 1. Remove support for the old version of CodeQL.

16
README.md
View file

@ -33,6 +33,22 @@ To provide the best experience to customers using older versions of GitHub Enter
For more information, see "[Code scanning: deprecation of CodeQL Action v2](https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/)." For more information, see "[Code scanning: deprecation of CodeQL Action v2](https://github.blog/changelog/2024-01-12-code-scanning-deprecation-of-codeql-action-v2/)."
## Supported versions of the CodeQL CLI and GitHub Enterprise Server
We typically release new minor versions of the CodeQL Action and CLI when a new minor version of GitHub Enterprise Server (GHES) is released. When a version of GHES is deprecated, the CodeQL Action and CLI releases that shipped with it are deprecated as well.
| Recommended CodeQL Action | Recommended CodeQL CLI Version | GitHub Environment |
|---------|----------|--------------|
| `v3` | default (do not pass a `tools` input) | GitHub.com |
| `3.22.12` | `2.15.5` | Enterprise Server 3.12 |
| `2.22.1` | `2.14.6` | Enterprise Server 3.11 |
| `2.20.3` | `2.13.5` | Enterprise Server 3.10 |
| `2.2.9` | `2.12.5` | Enterprise Server 3.9 |
CodeQL Action `v2` will stop receiving updates when GHES 3.11 is deprecated.
See the full list of GHES release and deprecation dates at [GitHub Enterprise Server releases](https://docs.github.com/en/enterprise-server/admin/all-releases#releases-of-github-enterprise-server).
## Troubleshooting ## Troubleshooting
Read about [troubleshooting code scanning](https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning). Read about [troubleshooting code scanning](https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning).

26
init/action.yml
View file

@ -3,9 +3,19 @@ description: 'Set up CodeQL'
author: 'GitHub' author: 'GitHub'
inputs: inputs:
tools: tools:
description: URL of CodeQL tools description: >-
By default, the Action will use the recommended version of the CodeQL
Bundle to analyze your project. You can override this choice using this
input. One of:
- A local path to a CodeQL Bundle tarball, or
- The URL of a CodeQL Bundle tarball GitHub release asset, or
- A special value `linked` which uses the version of the CodeQL tools
that the Action has been bundled with.
If not specified, the Action will check in several places until it finds
the CodeQL tools.
required: false required: false
# If not specified the Action will check in several places until it finds the CodeQL tools.
languages: languages:
description: >- description: >-
A comma-separated list of CodeQL languages to analyze. A comma-separated list of CodeQL languages to analyze.
@ -21,15 +31,12 @@ inputs:
The build mode that will be used to analyze the language. This input is only available when The build mode that will be used to analyze the language. This input is only available when
analyzing a single CodeQL language per job, for example using a matrix. analyzing a single CodeQL language per job, for example using a matrix.
Available build modes will differ based on the language being analyzed. One of: Available build modes will differ based on the language being analyzed. One of:
- `none`: The database will be created without building the source code. - `none`: The database will be created without building the source code.
Available for all interpreted languages and some compiled languages. Available for all interpreted languages and some compiled languages.
- `autobuild`: The database will be created by attempting to automatically build the source - `autobuild`: The database will be created by attempting to automatically build the source
code. code. Available for all compiled languages.
To use this build mode, ensure that your workflow calls the `autobuild` action
between the `init` and `analyze` steps.
Available for all compiled languages.
- `manual`: The database will be created by building the source code using a manually - `manual`: The database will be created by building the source code using a manually
specified build command. To use this build mode, specify manual build steps in specified build command. To use this build mode, specify manual build steps in
your workflow between the `init` and `analyze` steps. Available for all your workflow between the `init` and `analyze` steps. Available for all
@ -89,9 +96,8 @@ inputs:
description: A token for fetching external config files and queries if they reside in a private repository in the same GitHub instance that is running this action. description: A token for fetching external config files and queries if they reside in a private repository in the same GitHub instance that is running this action.
required: false required: false
setup-python-dependencies: setup-python-dependencies:
description: Try to auto-install your python dependencies description: DEPRECATED. This option is ignored since CodeQL Action no longer installs Python dependencies as of versions 3.25.0 and 2.25.0.
required: true required: false
default: 'true'
source-root: source-root:
description: Path of the root source code directory, relative to $GITHUB_WORKSPACE. description: Path of the root source code directory, relative to $GITHUB_WORKSPACE.
required: false required: false

23
lib/actions-util.js generated
View file

@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
return result; return result;
}; };
Object.defineProperty(exports, "__esModule", { value: true }); Object.defineProperty(exports, "__esModule", { value: true });
exports.getFileType = exports.getWorkflowRunAttempt = exports.getWorkflowRunID = exports.getUploadValue = exports.printDebugLogs = exports.isAnalyzingDefaultBranch = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.getWorkflowEventName = exports.getActionVersion = exports.getRef = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0; exports.isSelfHostedRunner = exports.getFileType = exports.FileCmdNotFoundError = exports.getWorkflowRunAttempt = exports.getWorkflowRunID = exports.getUploadValue = exports.printDebugLogs = exports.isAnalyzingDefaultBranch = exports.getWorkflowEvent = exports.getRelativeScriptPath = exports.isRunningLocalAction = exports.getWorkflowEventName = exports.getActionVersion = exports.getRef = exports.determineMergeBaseCommitOid = exports.getCommitOid = exports.getTemporaryDirectory = exports.getOptionalInput = exports.getRequiredInput = void 0;
const fs = __importStar(require("fs")); const fs = __importStar(require("fs"));
const path = __importStar(require("path")); const path = __importStar(require("path"));
const core = __importStar(require("@actions/core")); const core = __importStar(require("@actions/core"));
@ -275,6 +275,7 @@ function getWorkflowEvent() {
throw new Error(`Unable to read workflow event JSON from ${eventJsonFile}: ${e}`); throw new Error(`Unable to read workflow event JSON from ${eventJsonFile}: ${e}`);
} }
} }
exports.getWorkflowEvent = getWorkflowEvent;
function removeRefsHeadsPrefix(ref) { function removeRefsHeadsPrefix(ref) {
return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref; return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref;
} }
@ -380,6 +381,13 @@ function getWorkflowRunAttempt() {
return workflowRunAttempt; return workflowRunAttempt;
} }
exports.getWorkflowRunAttempt = getWorkflowRunAttempt; exports.getWorkflowRunAttempt = getWorkflowRunAttempt;
class FileCmdNotFoundError extends Error {
constructor(msg) {
super(msg);
this.name = "FileCmdNotFoundError";
}
}
exports.FileCmdNotFoundError = FileCmdNotFoundError;
/** /**
* Tries to obtain the output of the `file` command for the file at the specified path. * Tries to obtain the output of the `file` command for the file at the specified path.
* The output will vary depending on the type of `file`, which operating system we are running on, etc. * The output will vary depending on the type of `file`, which operating system we are running on, etc.
@ -387,11 +395,18 @@ exports.getWorkflowRunAttempt = getWorkflowRunAttempt;
const getFileType = async (filePath) => { const getFileType = async (filePath) => {
let stderr = ""; let stderr = "";
let stdout = ""; let stdout = "";
let fileCmdPath;
try {
fileCmdPath = await safeWhich.safeWhich("file");
}
catch (e) {
throw new FileCmdNotFoundError(`The \`file\` program is required, but does not appear to be installed. Please install it: ${e}`);
}
try { try {
// The `file` command will output information about the type of file pointed at by `filePath`. // The `file` command will output information about the type of file pointed at by `filePath`.
// For binary files, this may include e.g. whether they are static of dynamic binaries. // For binary files, this may include e.g. whether they are static of dynamic binaries.
// The `-L` switch instructs the command to follow symbolic links. // The `-L` switch instructs the command to follow symbolic links.
await new toolrunner.ToolRunner(await safeWhich.safeWhich("file"), ["-L", filePath], { await new toolrunner.ToolRunner(fileCmdPath, ["-L", filePath], {
silent: true, silent: true,
listeners: { listeners: {
stdout: (data) => { stdout: (data) => {
@ -410,4 +425,8 @@ const getFileType = async (filePath) => {
} }
}; };
exports.getFileType = getFileType; exports.getFileType = getFileType;
function isSelfHostedRunner() {
return process.env.RUNNER_ENVIRONMENT === "self-hosted";
}
exports.isSelfHostedRunner = isSelfHostedRunner;
//# sourceMappingURL=actions-util.js.map //# sourceMappingURL=actions-util.js.map

2
lib/actions-util.js.map
View file

File diff suppressed because one or more lines are too long

4
lib/actions-util.test.js generated
View file

@ -227,7 +227,9 @@ const util_1 = require("./util");
const infoStub = sinon.stub(core, "info"); const infoStub = sinon.stub(core, "info");
process.env["GITHUB_EVENT_NAME"] = "pull_request"; process.env["GITHUB_EVENT_NAME"] = "pull_request";
process.env["GITHUB_SHA"] = "100912429fab4cb230e66ffb11e738ac5194e73a"; process.env["GITHUB_SHA"] = "100912429fab4cb230e66ffb11e738ac5194e73a";
await actionsUtil.determineMergeBaseCommitOid(path.join(__dirname, "../..")); await (0, util_1.withTmpDir)(async (tmpDir) => {
await actionsUtil.determineMergeBaseCommitOid(tmpDir);
});
t.deepEqual(1, infoStub.callCount); t.deepEqual(1, infoStub.callCount);
t.assert(infoStub.firstCall.args[0].startsWith("The checkout path provided to the action does not appear to be a git repository.")); t.assert(infoStub.firstCall.args[0].startsWith("The checkout path provided to the action does not appear to be a git repository."));
infoStub.restore(); infoStub.restore();

2
lib/actions-util.test.js.map
View file

File diff suppressed because one or more lines are too long

2
lib/analyze-action-post-helper.js.map
View file

@ -1 +1 @@
{"version":3,"file":"analyze-action-post-helper.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAA2C;AAC3C,uCAA6C;AAEtC,KAAK,UAAU,GAAG,CAAC,wBAAkC;IAC1D,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;IACJ,CAAC;IAED,+CAA+C;IAC/C,IAAI,MAAM,EAAE,SAAS,EAAE,CAAC;QACtB,IAAI,CAAC,IAAI,CACP,oFAAoF,CACrF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,wBAAwB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACpD,CAAC;AACH,CAAC;AAlBD,kBAkBC"} {"version":3,"file":"analyze-action-post-helper.js","sourceRoot":"","sources":["../src/analyze-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,iDAAmD;AACnD,uCAA6C;AAEtC,KAAK,UAAU,GAAG,CACvB,wBAGkB;IAElB,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAElC,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,MAAM,IAAI,KAAK,CACb,2FAA2F,CAC5F,CAAC;IACJ,CAAC;IAED,+CAA+C;IAC/C,IAAI,MAAM,EAAE,SAAS,EAAE,CAAC;QACtB,IAAI,CAAC,IAAI,CACP,oFAAoF,CACrF,CAAC;QACF,MAAM,SAAS,GAAG,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;QACzD,MAAM,wBAAwB,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;IACpD,CAAC;AACH,CAAC;AAvBD,kBAuBC"}

61
lib/analyze-action.js generated
View file

@ -48,24 +48,27 @@ const status_report_1 = require("./status-report");
const trap_caching_1 = require("./trap-caching"); const trap_caching_1 = require("./trap-caching");
const uploadLib = __importStar(require("./upload-lib")); const uploadLib = __importStar(require("./upload-lib"));
const util = __importStar(require("./util")); const util = __importStar(require("./util"));
async function sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger) { async function sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanup, logger) {
const status = (0, status_report_1.getActionsStatus)(error, stats?.analyze_failure_language); const status = (0, status_report_1.getActionsStatus)(error, stats?.analyze_failure_language);
const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, status, startedAt, config, await util.checkDiskUsage(), logger, error?.message, error?.stack); const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, status, startedAt, config, await util.checkDiskUsage(), logger, error?.message, error?.stack);
const report = { if (statusReportBase !== undefined) {
...statusReportBase, const report = {
...(stats || {}), ...statusReportBase,
...(dbCreationTimings || {}), ...(stats || {}),
}; ...(dbCreationTimings || {}),
if (config && didUploadTrapCaches) { ...(trapCacheCleanup || {}),
const trapCacheUploadStatusReport = {
...report,
trap_cache_upload_duration_ms: Math.round(trapCacheUploadTime || 0),
trap_cache_upload_size_bytes: Math.round(await (0, trap_caching_1.getTotalCacheSize)(config.trapCaches, logger)),
}; };
await statusReport.sendStatusReport(trapCacheUploadStatusReport); if (config && didUploadTrapCaches) {
} const trapCacheUploadStatusReport = {
else { ...report,
await statusReport.sendStatusReport(report); trap_cache_upload_duration_ms: Math.round(trapCacheUploadTime || 0),
trap_cache_upload_size_bytes: Math.round(await (0, trap_caching_1.getTotalCacheSize)(config.trapCaches, logger)),
};
await statusReport.sendStatusReport(trapCacheUploadStatusReport);
}
else {
await statusReport.sendStatusReport(report);
}
} }
} }
// `expect-error` should only be set to a non-false value by the CodeQL Action PR checks. // `expect-error` should only be set to a non-false value by the CodeQL Action PR checks.
@ -105,7 +108,7 @@ function doesGoExtractionOutputExist(config) {
* - We approximate whether manual build steps are present by looking at * - We approximate whether manual build steps are present by looking at
* whether any extraction output already exists for Go. * whether any extraction output already exists for Go.
*/ */
async function runAutobuildIfLegacyGoWorkflow(config, logger) { async function runAutobuildIfLegacyGoWorkflow(config, features, logger) {
if (!config.languages.includes(languages_1.Language.go)) { if (!config.languages.includes(languages_1.Language.go)) {
return; return;
} }
@ -132,24 +135,29 @@ async function runAutobuildIfLegacyGoWorkflow(config, logger) {
return; return;
} }
logger.debug("Running Go autobuild because extraction output (TRAP files) for Go code has not been found."); logger.debug("Running Go autobuild because extraction output (TRAP files) for Go code has not been found.");
await (0, autobuild_1.runAutobuild)(languages_1.Language.go, config, logger); await (0, autobuild_1.runAutobuild)(config, languages_1.Language.go, features, logger);
} }
async function run() { async function run() {
const startedAt = new Date(); const startedAt = new Date();
let uploadResult = undefined; let uploadResult = undefined;
let runStats = undefined; let runStats = undefined;
let config = undefined; let config = undefined;
let trapCacheCleanupTelemetry = undefined;
let trapCacheUploadTime = undefined; let trapCacheUploadTime = undefined;
let dbCreationTimings = undefined; let dbCreationTimings = undefined;
let didUploadTrapCaches = false; let didUploadTrapCaches = false;
util.initializeEnvironment(actionsUtil.getActionVersion()); util.initializeEnvironment(actionsUtil.getActionVersion());
const logger = (0, logging_1.getActionsLogger)(); const logger = (0, logging_1.getActionsLogger)();
try { try {
await statusReport.sendStatusReport(await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, "starting", startedAt, config, await util.checkDiskUsage(logger), logger)); const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Analyze, "starting", startedAt, config, await util.checkDiskUsage(logger), logger);
if (statusReportBase !== undefined) {
await statusReport.sendStatusReport(statusReportBase);
}
config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger); config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
if (config === undefined) { if (config === undefined) {
throw new Error("Config file could not be found at expected location. Has the 'init' action been called?"); throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");
} }
const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
if (hasBadExpectErrorInput()) { if (hasBadExpectErrorInput()) {
throw new util.ConfigurationError("`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork."); throw new util.ConfigurationError("`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork.");
} }
@ -162,8 +170,8 @@ async function run() {
const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger); const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
const memory = util.getMemoryFlag(actionsUtil.getOptionalInput("ram") || process.env["CODEQL_RAM"], logger); const memory = util.getMemoryFlag(actionsUtil.getOptionalInput("ram") || process.env["CODEQL_RAM"], logger);
await (0, analyze_1.warnIfGoInstalledAfterInit)(config, logger); await (0, analyze_1.warnIfGoInstalledAfterInit)(config, logger);
await runAutobuildIfLegacyGoWorkflow(config, logger); await runAutobuildIfLegacyGoWorkflow(config, features, logger);
dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, config, logger, features); dbCreationTimings = await (0, analyze_1.runFinalize)(outputDir, threads, memory, codeql, config, features, logger);
if (actionsUtil.getRequiredInput("skip-queries") !== "true") { if (actionsUtil.getRequiredInput("skip-queries") !== "true") {
runStats = await (0, analyze_1.runQueries)(outputDir, memory, util.getAddSnippetsFlag(actionsUtil.getRequiredInput("add-snippets")), threads, actionsUtil.getOptionalInput("category"), config, logger, features); runStats = await (0, analyze_1.runQueries)(outputDir, memory, util.getAddSnippetsFlag(actionsUtil.getRequiredInput("add-snippets")), threads, actionsUtil.getOptionalInput("category"), config, logger, features);
} }
@ -188,9 +196,10 @@ async function run() {
await (0, database_upload_1.uploadDatabases)(repositoryNwo, config, apiDetails, logger); await (0, database_upload_1.uploadDatabases)(repositoryNwo, config, apiDetails, logger);
// Possibly upload the TRAP caches for later re-use // Possibly upload the TRAP caches for later re-use
const trapCacheUploadStartTime = perf_hooks_1.performance.now(); const trapCacheUploadStartTime = perf_hooks_1.performance.now();
const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
didUploadTrapCaches = await (0, trap_caching_1.uploadTrapCaches)(codeql, config, logger); didUploadTrapCaches = await (0, trap_caching_1.uploadTrapCaches)(codeql, config, logger);
trapCacheUploadTime = perf_hooks_1.performance.now() - trapCacheUploadStartTime; trapCacheUploadTime = perf_hooks_1.performance.now() - trapCacheUploadStartTime;
// Clean up TRAP caches
trapCacheCleanupTelemetry = await (0, trap_caching_1.cleanupTrapCaches)(config, features, logger);
// We don't upload results in test mode, so don't wait for processing // We don't upload results in test mode, so don't wait for processing
if (util.isInTestMode()) { if (util.isInTestMode()) {
logger.debug("In test mode. Waiting for processing is disabled."); logger.debug("In test mode. Waiting for processing is disabled.");
@ -213,10 +222,10 @@ async function run() {
} }
if (error instanceof analyze_1.CodeQLAnalysisError) { if (error instanceof analyze_1.CodeQLAnalysisError) {
const stats = { ...error.queriesStatusReport }; const stats = { ...error.queriesStatusReport };
await sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger); await sendStatusReport(startedAt, config, stats, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanupTelemetry, logger);
} }
else { else {
await sendStatusReport(startedAt, config, undefined, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger); await sendStatusReport(startedAt, config, undefined, error, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanupTelemetry, logger);
} }
return; return;
} }
@ -224,13 +233,13 @@ async function run() {
await sendStatusReport(startedAt, config, { await sendStatusReport(startedAt, config, {
...runStats, ...runStats,
...uploadResult.statusReport, ...uploadResult.statusReport,
}, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger); }, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanupTelemetry, logger);
} }
else if (runStats) { else if (runStats) {
await sendStatusReport(startedAt, config, { ...runStats }, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger); await sendStatusReport(startedAt, config, { ...runStats }, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanupTelemetry, logger);
} }
else { else {
await sendStatusReport(startedAt, config, undefined, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, logger); await sendStatusReport(startedAt, config, undefined, undefined, trapCacheUploadTime, dbCreationTimings, didUploadTrapCaches, trapCacheCleanupTelemetry, logger);
} }
} }
exports.runPromise = run(); exports.runPromise = run();

2
lib/analyze-action.js.map
View file

File diff suppressed because one or more lines are too long

80
lib/analyze.js generated
View file

@ -30,13 +30,11 @@ exports.runCleanup = exports.warnIfGoInstalledAfterInit = exports.runFinalize =
const fs = __importStar(require("fs")); const fs = __importStar(require("fs"));
const path = __importStar(require("path")); const path = __importStar(require("path"));
const perf_hooks_1 = require("perf_hooks"); const perf_hooks_1 = require("perf_hooks");
const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
const safe_which_1 = require("@chrisgavin/safe-which"); const safe_which_1 = require("@chrisgavin/safe-which");
const del_1 = __importDefault(require("del")); const del_1 = __importDefault(require("del"));
const yaml = __importStar(require("js-yaml")); const yaml = __importStar(require("js-yaml"));
const autobuild_1 = require("./autobuild"); const autobuild_1 = require("./autobuild");
const codeql_1 = require("./codeql"); const codeql_1 = require("./codeql");
const config_utils_1 = require("./config-utils");
const diagnostics_1 = require("./diagnostics"); const diagnostics_1 = require("./diagnostics");
const environment_1 = require("./environment"); const environment_1 = require("./environment");
const feature_flags_1 = require("./feature-flags"); const feature_flags_1 = require("./feature-flags");
@ -45,6 +43,7 @@ const tools_features_1 = require("./tools-features");
const tracer_config_1 = require("./tracer-config"); const tracer_config_1 = require("./tracer-config");
const upload_lib_1 = require("./upload-lib"); const upload_lib_1 = require("./upload-lib");
const util = __importStar(require("./util")); const util = __importStar(require("./util"));
const util_1 = require("./util");
class CodeQLAnalysisError extends Error { class CodeQLAnalysisError extends Error {
constructor(queriesStatusReport, message) { constructor(queriesStatusReport, message) {
super(message); super(message);
@ -53,35 +52,17 @@ class CodeQLAnalysisError extends Error {
} }
} }
exports.CodeQLAnalysisError = CodeQLAnalysisError; exports.CodeQLAnalysisError = CodeQLAnalysisError;
async function setupPythonExtractor(logger, features, codeql) { async function setupPythonExtractor(logger) {
const codeqlPython = process.env["CODEQL_PYTHON"]; const codeqlPython = process.env["CODEQL_PYTHON"];
if (codeqlPython === undefined || codeqlPython.length === 0) { if (codeqlPython === undefined || codeqlPython.length === 0) {
// If CODEQL_PYTHON is not set, no dependencies were installed, so we don't need to do anything // If CODEQL_PYTHON is not set, no dependencies were installed, so we don't need to do anything
return; return;
} }
if (await (0, feature_flags_1.isPythonDependencyInstallationDisabled)(codeql, features)) { logger.warning("The CODEQL_PYTHON environment variable is no longer supported. Please remove it from your workflow. This environment variable was originally used to specify a Python executable that included the dependencies of your Python code, however Python analysis no longer uses these dependencies." +
logger.warning("We recommend that you remove the CODEQL_PYTHON environment variable from your workflow. This environment variable was originally used to specify a Python executable that included the dependencies of your Python code, however Python analysis no longer uses these dependencies." + "\nIf you used CODEQL_PYTHON to force the version of Python to analyze as, please use CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION instead, such as 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=2.7' or 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=3.11'.");
"\nIf you used CODEQL_PYTHON to force the version of Python to analyze as, please use CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION instead, such as 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=2.7' or 'CODEQL_EXTRACTOR_PYTHON_ANALYSIS_VERSION=3.11'."); return;
return;
}
const scriptsFolder = path.resolve(__dirname, "../python-setup");
let output = "";
const options = {
listeners: {
stdout: (data) => {
output += data.toString();
},
},
};
await new toolrunner.ToolRunner(codeqlPython, [path.join(scriptsFolder, "find_site_packages.py")], options).exec();
logger.info(`Setting LGTM_INDEX_IMPORT_PATH=${output}`);
process.env["LGTM_INDEX_IMPORT_PATH"] = output;
output = "";
await new toolrunner.ToolRunner(codeqlPython, ["-c", "import sys; print(sys.version_info[0])"], options).exec();
logger.info(`Setting LGTM_PYTHON_SETUP_VERSION=${output}`);
process.env["LGTM_PYTHON_SETUP_VERSION"] = output;
} }
async function runExtraction(codeql, config, logger, features) { async function runExtraction(codeql, config, logger) {
for (const language of config.languages) { for (const language of config.languages) {
if (dbIsFinalized(config, language, logger)) { if (dbIsFinalized(config, language, logger)) {
logger.debug(`Database for ${language} has already been finalized, skipping extraction.`); logger.debug(`Database for ${language} has already been finalized, skipping extraction.`);
@ -90,32 +71,15 @@ async function runExtraction(codeql, config, logger, features) {
if (shouldExtractLanguage(config, language)) { if (shouldExtractLanguage(config, language)) {
logger.startGroup(`Extracting ${language}`); logger.startGroup(`Extracting ${language}`);
if (language === languages_1.Language.python) { if (language === languages_1.Language.python) {
await setupPythonExtractor(logger, features, codeql); await setupPythonExtractor(logger);
} }
if (config.buildMode && if (config.buildMode &&
(await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) { (await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) {
if (language === languages_1.Language.cpp && if (language === languages_1.Language.cpp &&
config.buildMode === config_utils_1.BuildMode.Autobuild) { config.buildMode === util_1.BuildMode.Autobuild) {
await (0, autobuild_1.setupCppAutobuild)(codeql, logger); await (0, autobuild_1.setupCppAutobuild)(codeql, logger);
} }
try { await codeql.extractUsingBuildMode(config, language);
await codeql.extractUsingBuildMode(config, language);
}
catch (e) {
if (config.buildMode === config_utils_1.BuildMode.Autobuild) {
const prefix = "We were unable to automatically build your code. " +
"Please change the build mode for this language to manual and specify build steps " +
"for your project. For more information, see " +
"https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed.";
const ErrorConstructor = e instanceof util.ConfigurationError
? util.ConfigurationError
: Error;
throw new ErrorConstructor(`${prefix} ${util.wrapError(e).message}`);
}
else {
throw e;
}
}
} }
else { else {
await codeql.extractScannedLanguage(config, language); await codeql.extractScannedLanguage(config, language);
@ -126,8 +90,8 @@ async function runExtraction(codeql, config, logger, features) {
} }
exports.runExtraction = runExtraction; exports.runExtraction = runExtraction;
function shouldExtractLanguage(config, language) { function shouldExtractLanguage(config, language) {
return (config.buildMode === config_utils_1.BuildMode.None || return (config.buildMode === util_1.BuildMode.None ||
(config.buildMode === config_utils_1.BuildMode.Autobuild && (config.buildMode === util_1.BuildMode.Autobuild &&
process.env[environment_1.EnvVar.AUTOBUILD_DID_COMPLETE_SUCCESSFULLY] !== "true") || process.env[environment_1.EnvVar.AUTOBUILD_DID_COMPLETE_SUCCESSFULLY] !== "true") ||
(!config.buildMode && (0, languages_1.isScannedLanguage)(language))); (!config.buildMode && (0, languages_1.isScannedLanguage)(language)));
} }
@ -143,10 +107,9 @@ function dbIsFinalized(config, language, logger) {
} }
} }
exports.dbIsFinalized = dbIsFinalized; exports.dbIsFinalized = dbIsFinalized;
async function finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger, features) { async function finalizeDatabaseCreation(codeql, config, threadsFlag, memoryFlag, logger) {
const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
const extractionStart = perf_hooks_1.performance.now(); const extractionStart = perf_hooks_1.performance.now();
await runExtraction(codeql, config, logger, features); await runExtraction(codeql, config, logger);
const extractionTime = perf_hooks_1.performance.now() - extractionStart; const extractionTime = perf_hooks_1.performance.now() - extractionStart;
const trapImportStart = perf_hooks_1.performance.now(); const trapImportStart = perf_hooks_1.performance.now();
for (const language of config.languages) { for (const language of config.languages) {
@ -211,7 +174,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
} }
statusReport["event_reports"].push(perQueryAlertCountEventReport); statusReport["event_reports"].push(perQueryAlertCountEventReport);
} }
if (!(await util.codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_ANALYSIS_SUMMARY_V2))) { if (!(await util.codeQlVersionAtLeast(codeql, codeql_1.CODEQL_VERSION_ANALYSIS_SUMMARY_V2))) {
await runPrintLinesOfCode(language); await runPrintLinesOfCode(language);
} }
} }
@ -251,7 +214,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
} }
} }
exports.runQueries = runQueries; exports.runQueries = runQueries;
async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger, features) { async function runFinalize(outputDir, threadsFlag, memoryFlag, codeql, config, features, logger) {
try { try {
await (0, del_1.default)(outputDir, { force: true }); await (0, del_1.default)(outputDir, { force: true });
} }
@ -261,14 +224,11 @@ async function runFinalize(outputDir, threadsFlag, memoryFlag, config, logger, f
} }
} }
await fs.promises.mkdir(outputDir, { recursive: true }); await fs.promises.mkdir(outputDir, { recursive: true });
const timings = await finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger, features); const timings = await finalizeDatabaseCreation(codeql, config, threadsFlag, memoryFlag, logger);
// WARNING: This does not _really_ end tracing, as the tracer will restore its // If we didn't already end tracing in the autobuild Action, end it now.
// critical environment variables and it'll still be active for all processes if (process.env[environment_1.EnvVar.AUTOBUILD_DID_COMPLETE_SUCCESSFULLY] !== "true") {
// launched from this build step. await (0, tracer_config_1.endTracingForCluster)(codeql, config, logger, features);
// However, it will stop tracing for all steps past the codeql-action/analyze }
// step.
// Delete variables as specified by the end-tracing script
await (0, tracer_config_1.endTracingForCluster)(config);
return timings; return timings;
} }
exports.runFinalize = runFinalize; exports.runFinalize = runFinalize;

2
lib/analyze.js.map
View file

File diff suppressed because one or more lines are too long

36
lib/api-client.js generated
View file

@ -26,12 +26,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
return (mod && mod.__esModule) ? mod : { "default": mod }; return (mod && mod.__esModule) ? mod : { "default": mod };
}; };
Object.defineProperty(exports, "__esModule", { value: true }); Object.defineProperty(exports, "__esModule", { value: true });
exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.getWorkflowRelativePath = exports.getGitHubVersion = exports.getGitHubVersionFromApi = exports.getApiClientWithExternalAuth = exports.getApiClient = exports.getApiDetails = exports.DisallowedAPIVersionReason = void 0; exports.wrapApiConfigurationError = exports.deleteActionsCache = exports.listActionsCaches = exports.computeAutomationID = exports.getAutomationID = exports.getAnalysisKey = exports.getWorkflowRelativePath = exports.getGitHubVersion = exports.getGitHubVersionFromApi = exports.getApiClientWithExternalAuth = exports.getApiClient = exports.getApiDetails = exports.DisallowedAPIVersionReason = void 0;
const core = __importStar(require("@actions/core")); const core = __importStar(require("@actions/core"));
const githubUtils = __importStar(require("@actions/github/lib/utils")); const githubUtils = __importStar(require("@actions/github/lib/utils"));
const retry = __importStar(require("@octokit/plugin-retry")); const retry = __importStar(require("@octokit/plugin-retry"));
const console_log_level_1 = __importDefault(require("console-log-level")); const console_log_level_1 = __importDefault(require("console-log-level"));
const actions_util_1 = require("./actions-util"); const actions_util_1 = require("./actions-util");
const repository_1 = require("./repository");
const util_1 = require("./util"); const util_1 = require("./util");
const GITHUB_ENTERPRISE_VERSION_HEADER = "x-github-enterprise-version"; const GITHUB_ENTERPRISE_VERSION_HEADER = "x-github-enterprise-version";
var DisallowedAPIVersionReason; var DisallowedAPIVersionReason;
@ -72,6 +73,7 @@ async function getGitHubVersionFromApi(apiClient, apiDetails) {
} }
// Doesn't strictly have to be the meta endpoint as we're only // Doesn't strictly have to be the meta endpoint as we're only
// using the response headers which are available on every request. // using the response headers which are available on every request.
// eslint-disable-next-line @typescript-eslint/no-unsafe-call
const response = await apiClient.rest.meta.get(); const response = await apiClient.rest.meta.get();
// This happens on dotcom, although we expect to have already returned in that // This happens on dotcom, although we expect to have already returned in that
// case. This can also serve as a fallback in cases we haven't foreseen. // case. This can also serve as a fallback in cases we haven't foreseen.
@ -163,4 +165,36 @@ function computeAutomationID(analysis_key, environment) {
return automationID; return automationID;
} }
exports.computeAutomationID = computeAutomationID; exports.computeAutomationID = computeAutomationID;
/** List all Actions cache entries matching the provided key and ref. */
async function listActionsCaches(key, ref) {
const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
return await getApiClient().paginate("GET /repos/{owner}/{repo}/actions/caches", {
owner: repositoryNwo.owner,
repo: repositoryNwo.repo,
key,
ref,
});
}
exports.listActionsCaches = listActionsCaches;
/** Delete an Actions cache item by its ID. */
async function deleteActionsCache(id) {
const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
await getApiClient().rest.actions.deleteActionsCacheById({
owner: repositoryNwo.owner,
repo: repositoryNwo.repo,
cache_id: id,
});
}
exports.deleteActionsCache = deleteActionsCache;
function wrapApiConfigurationError(e) {
if ((0, util_1.isHTTPError)(e)) {
if (e.message.includes("API rate limit exceeded for site ID installation") ||
e.message.includes("commit not found") ||
/^ref .* not found in this repository$/.test(e.message)) {
return new util_1.ConfigurationError(e.message);
}
}
return e;
}
exports.wrapApiConfigurationError = wrapApiConfigurationError;
//# sourceMappingURL=api-client.js.map //# sourceMappingURL=api-client.js.map

2
lib/api-client.js.map
View file

@ -1 +1 @@
{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AACtC,uEAAyD;AACzD,6DAA+C;AAC/C,0EAAgD;AAEhD,iDAAoE;AACpE,iCAOgB;AAEhB,MAAM,gCAAgC,GAAG,6BAA6B,CAAC;AAEvE,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,+FAAc,CAAA;IACd,+FAAc,CAAA;AAChB,CAAC,EAHW,0BAA0B,0CAA1B,0BAA0B,QAGrC;AAiBD,SAAS,0BAA0B,CACjC,UAAoC,EACpC,EAAE,aAAa,GAAG,KAAK,EAAE,GAAG,EAAE;IAE9B,MAAM,IAAI,GACR,CAAC,aAAa,IAAI,UAAU,CAAC,gBAAgB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,IAAI,eAAe,CACxB,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE;QAClC,OAAO,EAAE,UAAU,CAAC,MAAM;QAC1B,SAAS,EAAE,iBAAiB,IAAA,+BAAgB,GAAE,EAAE;QAChD,GAAG,EAAE,IAAA,2BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAgB,aAAa;IAC3B,OAAO;QACL,IAAI,EAAE,IAAA,+BAAgB,EAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;QAC7C,MAAM,EAAE,IAAA,0BAAmB,EAAC,gBAAgB,CAAC;KAC9C,CAAC;AACJ,CAAC;AAND,sCAMC;AAED,SAAgB,YAAY;IAC1B,OAAO,0BAA0B,CAAC,aAAa,EAAE,CAAC,CAAC;AACrD,CAAC;AAFD,oCAEC;AAED,SAAgB,4BAA4B,CAC1C,UAAoC;IAEpC,OAAO,0BAA0B,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;AACzE,CAAC;AAJD,oEAIC;AAED,IAAI,mBAAmB,GAA8B,SAAS,CAAC;AAExD,KAAK,UAAU,uBAAuB,CAC3C,SAAc,EACd,UAA4B;IAE5B,iEAAiE;IACjE,IAAI,IAAA,qBAAc,EAAC,UAAU,CAAC,GAAG,CAAC,KAAK,wBAAiB,EAAE,CAAC;QACzD,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,8DAA8D;IAC9D,mEAAmE;IACnE,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;IAEjD,8EAA8E;IAC9E,wEAAwE;IACxE,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,UAAU,EAAE,CAAC;IAC5C,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAW,CAAC;IAC7E,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;AAC/C,CAAC;AAzBD,0DAyBC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,gBAAgB;IACpC,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;QACtC,mBAAmB,GAAG,MAAM,uBAAuB,CACjD,YAAY,EAAE,EACd,aAAa,EAAE,CAChB,CAAC;IACJ,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AARD,4CAQC;AAED;;GAEG;AACI,KAAK,UAAU,uBAAuB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrE,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAA,0BAAmB,EAAC,eAAe,CAAC,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,OAAO,CAC1C,yEAAyE,EACzE;QACE,KAAK;QACL,IAAI;QACJ,MAAM;KACP,CACF,CAAC;IACF,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;IAEnD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,OAAO,WAAW,EAAE,CAAC,CAAC;IAEvE,OAAO,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC;AACpC,CAAC;AApBD,0DAoBC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,cAAc;IAClC,MAAM,iBAAiB,GAAG,4BAA4B,CAAC;IAEvD,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACjD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;QAC9B,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,uBAAuB,EAAE,CAAC;IACrD,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAElD,WAAW,GAAG,GAAG,YAAY,IAAI,OAAO,EAAE,CAAC;IAC3C,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;IACpD,OAAO,WAAW,CAAC;AACrB,CAAC;AAdD,wCAcC;AAEM,KAAK,UAAU,eAAe;IACnC,MAAM,YAAY,GAAG,MAAM,cAAc,EAAE,CAAC;IAC5C,MAAM,WAAW,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAE/C,OAAO,mBAAmB,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;AACxD,CAAC;AALD,0CAKC;AAED,SAAgB,mBAAmB,CACjC,YAAoB,EACpB,WAA+B;IAE/B,IAAI,YAAY,GAAG,GAAG,YAAY,GAAG,CAAC;IAEtC,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,uDAAuD;QACvD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YAClD,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjC,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC;YAC7C,CAAC;iBAAM,CAAC;gBACN,qDAAqD;gBACrD,6CAA6C;gBAC7C,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AArBD,kDAqBC"} {"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AACtC,uEAAyD;AACzD,6DAA+C;AAC/C,0EAAgD;AAEhD,iDAAoE;AACpE,6CAAkD;AAClD,iCASgB;AAEhB,MAAM,gCAAgC,GAAG,6BAA6B,CAAC;AAEvE,IAAY,0BAGX;AAHD,WAAY,0BAA0B;IACpC,+FAAc,CAAA;IACd,+FAAc,CAAA;AAChB,CAAC,EAHW,0BAA0B,0CAA1B,0BAA0B,QAGrC;AAiBD,SAAS,0BAA0B,CACjC,UAAoC,EACpC,EAAE,aAAa,GAAG,KAAK,EAAE,GAAG,EAAE;IAE9B,MAAM,IAAI,GACR,CAAC,aAAa,IAAI,UAAU,CAAC,gBAAgB,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC;IACpE,MAAM,eAAe,GAAG,WAAW,CAAC,MAAM,CAAC,MAAM,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;IAC/D,OAAO,IAAI,eAAe,CACxB,WAAW,CAAC,iBAAiB,CAAC,IAAI,EAAE;QAClC,OAAO,EAAE,UAAU,CAAC,MAAM;QAC1B,SAAS,EAAE,iBAAiB,IAAA,+BAAgB,GAAE,EAAE;QAChD,GAAG,EAAE,IAAA,2BAAe,EAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CACH,CAAC;AACJ,CAAC;AAED,SAAgB,aAAa;IAC3B,OAAO;QACL,IAAI,EAAE,IAAA,+BAAgB,EAAC,OAAO,CAAC;QAC/B,GAAG,EAAE,IAAA,0BAAmB,EAAC,mBAAmB,CAAC;QAC7C,MAAM,EAAE,IAAA,0BAAmB,EAAC,gBAAgB,CAAC;KAC9C,CAAC;AACJ,CAAC;AAND,sCAMC;AAED,SAAgB,YAAY;IAC1B,OAAO,0BAA0B,CAAC,aAAa,EAAE,CAAC,CAAC;AACrD,CAAC;AAFD,oCAEC;AAED,SAAgB,4BAA4B,CAC1C,UAAoC;IAEpC,OAAO,0BAA0B,CAAC,UAAU,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC,CAAC;AACzE,CAAC;AAJD,oEAIC;AAED,IAAI,mBAAmB,GAA8B,SAAS,CAAC;AAExD,KAAK,UAAU,uBAAuB,CAC3C,SAAc,EACd,UAA4B;IAE5B,iEAAiE;IACjE,IAAI,IAAA,qBAAc,EAAC,UAAU,CAAC,GAAG,CAAC,KAAK,wBAAiB,EAAE,CAAC;QACzD,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,8DAA8D;IAC9D,mEAAmE;IACnE,6DAA6D;IAC7D,MAAM,QAAQ,GAAG,MAAM,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,CAAC;IAEjD,8EAA8E;IAC9E,wEAAwE;IACxE,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,MAAM,EAAE,CAAC;IACxC,CAAC;IAED,IAAI,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAC,KAAK,SAAS,EAAE,CAAC;QACrE,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,UAAU,EAAE,CAAC;IAC5C,CAAC;IAED,MAAM,OAAO,GAAG,QAAQ,CAAC,OAAO,CAAC,gCAAgC,CAAW,CAAC;IAC7E,OAAO,EAAE,IAAI,EAAE,oBAAa,CAAC,IAAI,EAAE,OAAO,EAAE,CAAC;AAC/C,CAAC;AA1BD,0DA0BC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,gBAAgB;IACpC,IAAI,mBAAmB,KAAK,SAAS,EAAE,CAAC;QACtC,mBAAmB,GAAG,MAAM,uBAAuB,CACjD,YAAY,EAAE,EACd,aAAa,EAAE,CAChB,CAAC;IACJ,CAAC;IACD,OAAO,mBAAmB,CAAC;AAC7B,CAAC;AARD,4CAQC;AAED;;GAEG;AACI,KAAK,UAAU,uBAAuB;IAC3C,MAAM,QAAQ,GAAG,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACrE,MAAM,KAAK,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IAC1B,MAAM,IAAI,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;IACzB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAA,0BAAmB,EAAC,eAAe,CAAC,CAAC,CAAC;IAE5D,MAAM,SAAS,GAAG,YAAY,EAAE,CAAC;IACjC,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,OAAO,CAC1C,yEAAyE,EACzE;QACE,KAAK;QACL,IAAI;QACJ,MAAM;KACP,CACF,CAAC;IACF,MAAM,WAAW,GAAG,YAAY,CAAC,IAAI,CAAC,YAAY,CAAC;IAEnD,MAAM,gBAAgB,GAAG,MAAM,SAAS,CAAC,OAAO,CAAC,OAAO,WAAW,EAAE,CAAC,CAAC;IAEvE,OAAO,gBAAgB,CAAC,IAAI,CAAC,IAAc,CAAC;AAC9C,CAAC;AApBD,0DAoBC;AAED;;;;;;GAMG;AACI,KAAK,UAAU,cAAc;IAClC,MAAM,iBAAiB,GAAG,4BAA4B,CAAC;IAEvD,IAAI,WAAW,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,CAAC;IACjD,IAAI,WAAW,KAAK,SAAS,EAAE,CAAC;QAC9B,OAAO,WAAW,CAAC;IACrB,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,uBAAuB,EAAE,CAAC;IACrD,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAElD,WAAW,GAAG,GAAG,YAAY,IAAI,OAAO,EAAE,CAAC;IAC3C,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,WAAW,CAAC,CAAC;IACpD,OAAO,WAAW,CAAC;AACrB,CAAC;AAdD,wCAcC;AAEM,KAAK,UAAU,eAAe;IACnC,MAAM,YAAY,GAAG,MAAM,cAAc,EAAE,CAAC;IAC5C,MAAM,WAAW,GAAG,IAAA,+BAAgB,EAAC,QAAQ,CAAC,CAAC;IAE/C,OAAO,mBAAmB,CAAC,YAAY,EAAE,WAAW,CAAC,CAAC;AACxD,CAAC;AALD,0CAKC;AAED,SAAgB,mBAAmB,CACjC,YAAoB,EACpB,WAA+B;IAE/B,IAAI,YAAY,GAAG,GAAG,YAAY,GAAG,CAAC;IAEtC,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,CAAC;IAC7C,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;QACzB,uDAAuD;QACvD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC;YAClD,IAAI,OAAO,KAAK,CAAC,CAAC,CAAC,KAAK,QAAQ,EAAE,CAAC;gBACjC,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC;YAC7C,CAAC;iBAAM,CAAC;gBACN,qDAAqD;gBACrD,6CAA6C;gBAC7C,YAAY,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,IAAI,CAAC;YAClC,CAAC;QACH,CAAC;IACH,CAAC;IAED,OAAO,YAAY,CAAC;AACtB,CAAC;AArBD,kDAqBC;AASD,wEAAwE;AACjE,KAAK,UAAU,iBAAiB,CACrC,GAAW,EACX,GAAW;IAEX,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IAEF,OAAO,MAAM,YAAY,EAAE,CAAC,QAAQ,CAClC,0CAA0C,EAC1C;QACE,KAAK,EAAE,aAAa,CAAC,KAAK;QAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;QACxB,GAAG;QACH,GAAG;KACJ,CACF,CAAC;AACJ,CAAC;AAjBD,8CAiBC;AAED,8CAA8C;AACvC,KAAK,UAAU,kBAAkB,CAAC,EAAU;IACjD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IAEF,MAAM,YAAY,EAAE,CAAC,IAAI,CAAC,OAAO,CAAC,sBAAsB,CAAC;QACvD,KAAK,EAAE,aAAa,CAAC,KAAK;QAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;QACxB,QAAQ,EAAE,EAAE;KACb,CAAC,CAAC;AACL,CAAC;AAVD,gDAUC;AAED,SAAgB,yBAAyB,CAAC,CAAU;IAClD,IAAI,IAAA,kBAAW,EAAC,CAAC,CAAC,EAAE,CAAC;QACnB,IACE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,kDAAkD,CAAC;YACtE,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,kBAAkB,CAAC;YACtC,uCAAuC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,EACvD,CAAC;YACD,OAAO,IAAI,yBAAkB,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAC3C,CAAC;IACH,CAAC;IACD,OAAO,CAAC,CAAC;AACX,CAAC;AAXD,8DAWC"}

2
lib/api-compatibility.json
View file

@ -1 +1 @@
{ "maximumVersion": "3.13", "minimumVersion": "3.8" } { "maximumVersion": "3.14", "minimumVersion": "3.9" }

29
lib/autobuild-action.js generated
View file

@ -30,19 +30,24 @@ const autobuild_1 = require("./autobuild");
const codeql_1 = require("./codeql"); const codeql_1 = require("./codeql");
const config_utils_1 = require("./config-utils"); const config_utils_1 = require("./config-utils");
const environment_1 = require("./environment"); const environment_1 = require("./environment");
const feature_flags_1 = require("./feature-flags");
const logging_1 = require("./logging"); const logging_1 = require("./logging");
const repository_1 = require("./repository");
const status_report_1 = require("./status-report"); const status_report_1 = require("./status-report");
const tracer_config_1 = require("./tracer-config");
const util_1 = require("./util"); const util_1 = require("./util");
async function sendCompletedStatusReport(config, logger, startedAt, allLanguages, failingLanguage, cause) { async function sendCompletedStatusReport(config, logger, startedAt, allLanguages, failingLanguage, cause) {
(0, util_1.initializeEnvironment)((0, actions_util_1.getActionVersion)()); (0, util_1.initializeEnvironment)((0, actions_util_1.getActionVersion)());
const status = (0, status_report_1.getActionsStatus)(cause, failingLanguage); const status = (0, status_report_1.getActionsStatus)(cause, failingLanguage);
const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Autobuild, status, startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger, cause?.message, cause?.stack); const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Autobuild, status, startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger, cause?.message, cause?.stack);
const statusReport = { if (statusReportBase !== undefined) {
...statusReportBase, const statusReport = {
autobuild_languages: allLanguages.join(","), ...statusReportBase,
autobuild_failure: failingLanguage, autobuild_languages: allLanguages.join(","),
}; autobuild_failure: failingLanguage,
await (0, status_report_1.sendStatusReport)(statusReport); };
await (0, status_report_1.sendStatusReport)(statusReport);
}
} }
async function run() { async function run() {
const startedAt = new Date(); const startedAt = new Date();
@ -51,10 +56,15 @@ async function run() {
let currentLanguage; let currentLanguage;
let languages; let languages;
try { try {
await (0, status_report_1.sendStatusReport)(await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Autobuild, "starting", startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger)); const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Autobuild, "starting", startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger);
if (statusReportBase !== undefined) {
await (0, status_report_1.sendStatusReport)(statusReportBase);
}
const gitHubVersion = await (0, api_client_1.getGitHubVersion)(); const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
(0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger); (0, util_1.checkGitHubVersionInRange)(gitHubVersion, logger);
(0, util_1.checkActionVersion)((0, actions_util_1.getActionVersion)(), gitHubVersion); (0, util_1.checkActionVersion)((0, actions_util_1.getActionVersion)(), gitHubVersion);
const repositoryNwo = (0, repository_1.parseRepositoryNwo)((0, util_1.getRequiredEnvParam)("GITHUB_REPOSITORY"));
const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, (0, actions_util_1.getTemporaryDirectory)(), logger);
config = await (0, config_utils_1.getConfig)((0, actions_util_1.getTemporaryDirectory)(), logger); config = await (0, config_utils_1.getConfig)((0, actions_util_1.getTemporaryDirectory)(), logger);
if (config === undefined) { if (config === undefined) {
throw new Error("Config file could not be found at expected location. Has the 'init' action been called?"); throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");
@ -69,9 +79,12 @@ async function run() {
} }
for (const language of languages) { for (const language of languages) {
currentLanguage = language; currentLanguage = language;
await (0, autobuild_1.runAutobuild)(language, config, logger); await (0, autobuild_1.runAutobuild)(config, language, features, logger);
} }
} }
// End tracing early to avoid tracing analyze. This improves the performance and reliability of
// the analyze step.
await (0, tracer_config_1.endTracingForCluster)(codeql, config, logger, features);
} }
catch (unwrappedError) { catch (unwrappedError) {
const error = (0, util_1.wrapError)(unwrappedError); const error = (0, util_1.wrapError)(unwrappedError);

2
lib/autobuild-action.js.map
View file

@ -1 +1 @@
{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,qCAAqC;AACrC,iDAAmD;AACnD,+CAAuC;AAEvC,uCAAqD;AACrD,mDAMyB;AACzB,iCAMgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAA0B,EAC1B,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,MAAM,EACN,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;AACvC,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,eAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,IAAA,gCAAgB,EACpB,MAAM,IAAA,sCAAsB,EAC1B,0BAAU,CAAC,SAAS,EACpB,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CACF,CAAC;QAEF,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjD,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;YAC/C,CAAC;QACH,CAAC;IACH,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,mCAAmC,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,yBAAyB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"} {"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAIwB;AACxB,6CAAgD;AAChD,2CAAwE;AACxE,qCAAqC;AACrC,iDAAmD;AACnD,+CAAuC;AACvC,mDAA2C;AAE3C,uCAAqD;AACrD,6CAAkD;AAClD,mDAMyB;AACzB,mDAAuD;AACvD,iCAOgB;AAShB,KAAK,UAAU,yBAAyB,CACtC,MAA0B,EAC1B,MAAc,EACd,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;IAEb,IAAA,4BAAqB,EAAC,IAAA,+BAAgB,GAAE,CAAC,CAAC;IAE1C,MAAM,MAAM,GAAG,IAAA,gCAAgB,EAAC,KAAK,EAAE,eAAe,CAAC,CAAC;IACxD,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,MAAM,EACN,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,EACN,KAAK,EAAE,OAAO,EACd,KAAK,EAAE,KAAK,CACb,CAAC;IACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;QACnC,MAAM,YAAY,GAA0B;YAC1C,GAAG,gBAAgB;YACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;YAC3C,iBAAiB,EAAE,eAAe;SACnC,CAAC;QACF,MAAM,IAAA,gCAAgB,EAAC,YAAY,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,IAAA,0BAAgB,GAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,eAAqC,CAAC;IAC1C,IAAI,SAAiC,CAAC;IACtC,IAAI,CAAC;QACH,MAAM,gBAAgB,GAAG,MAAM,IAAA,sCAAsB,EACnD,0BAAU,CAAC,SAAS,EACpB,UAAU,EACV,SAAS,EACT,MAAM,EACN,MAAM,IAAA,qBAAc,EAAC,MAAM,CAAC,EAC5B,MAAM,CACP,CAAC;QACF,IAAI,gBAAgB,KAAK,SAAS,EAAE,CAAC;YACnC,MAAM,IAAA,gCAAgB,EAAC,gBAAgB,CAAC,CAAC;QAC3C,CAAC;QAED,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;QAC/C,IAAA,gCAAyB,EAAC,aAAa,EAAE,MAAM,CAAC,CAAC;QACjD,IAAA,yBAAkB,EAAC,IAAA,+BAAgB,GAAE,EAAE,aAAa,CAAC,CAAC;QAEtD,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;QAEF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;QAEF,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,IAAA,oCAAqB,GAAE,EAAE,MAAM,CAAC,CAAC;QAC1D,IAAI,MAAM,KAAK,SAAS,EAAE,CAAC;YACzB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;QACJ,CAAC;QAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAEjD,SAAS,GAAG,MAAM,IAAA,uCAA2B,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;QACtE,IAAI,SAAS,KAAK,SAAS,EAAE,CAAC;YAC5B,MAAM,gBAAgB,GAAG,IAAA,+BAAgB,EAAC,mBAAmB,CAAC,CAAC;YAC/D,IAAI,gBAAgB,EAAE,CAAC;gBACrB,MAAM,CAAC,IAAI,CACT,6CAA6C,gBAAgB,EAAE,CAChE,CAAC;gBACF,OAAO,CAAC,KAAK,CAAC,gBAAgB,CAAC,CAAC;YAClC,CAAC;YACD,KAAK,MAAM,QAAQ,IAAI,SAAS,EAAE,CAAC;gBACjC,eAAe,GAAG,QAAQ,CAAC;gBAC3B,MAAM,IAAA,wBAAY,EAAC,MAAM,EAAE,QAAQ,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;YACzD,CAAC;QACH,CAAC;QAED,+FAA+F;QAC/F,oBAAoB;QACpB,MAAM,IAAA,oCAAoB,EAAC,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC/D,CAAC;IAAC,OAAO,cAAc,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,IAAA,gBAAS,EAAC,cAAc,CAAC,CAAC;QACxC,IAAI,CAAC,SAAS,CACZ,kIAAkI,KAAK,CAAC,OAAO,EAAE,CAClJ,CAAC;QACF,MAAM,yBAAyB,CAC7B,MAAM,EACN,MAAM,EACN,SAAS,EACT,SAAS,IAAI,EAAE,EACf,eAAe,EACf,KAAK,CACN,CAAC;QACF,OAAO;IACT,CAAC;IAED,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,mCAAmC,EAAE,MAAM,CAAC,CAAC;IAExE,MAAM,yBAAyB,CAAC,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,SAAS,IAAI,EAAE,CAAC,CAAC;AAC9E,CAAC;AAED,KAAK,UAAU,UAAU;IACvB,IAAI,CAAC;QACH,MAAM,GAAG,EAAE,CAAC;IACd,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,CAAC,SAAS,CAAC,4BAA4B,IAAA,gBAAS,EAAC,KAAK,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;IACzE,CAAC;AACH,CAAC;AAED,KAAK,UAAU,EAAE,CAAC"}

15
lib/autobuild.js generated
View file

@ -28,7 +28,6 @@ const core = __importStar(require("@actions/core"));
const actions_util_1 = require("./actions-util"); const actions_util_1 = require("./actions-util");
const api_client_1 = require("./api-client"); const api_client_1 = require("./api-client");
const codeql_1 = require("./codeql"); const codeql_1 = require("./codeql");
const config_utils_1 = require("./config-utils");
const environment_1 = require("./environment"); const environment_1 = require("./environment");
const feature_flags_1 = require("./feature-flags"); const feature_flags_1 = require("./feature-flags");
const languages_1 = require("./languages"); const languages_1 = require("./languages");
@ -36,9 +35,9 @@ const repository_1 = require("./repository");
const tools_features_1 = require("./tools-features"); const tools_features_1 = require("./tools-features");
const util_1 = require("./util"); const util_1 = require("./util");
async function determineAutobuildLanguages(codeql, config, logger) { async function determineAutobuildLanguages(codeql, config, logger) {
if ((config.buildMode === config_utils_1.BuildMode.None && if ((config.buildMode === util_1.BuildMode.None &&
(await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) || (await codeql.supportsFeature(tools_features_1.ToolsFeature.TraceCommandUseBuildMode))) ||
config.buildMode === config_utils_1.BuildMode.Manual) { config.buildMode === util_1.BuildMode.Manual) {
logger.info(`Using ${config.buildMode} build mode, nothing to autobuild.`); logger.info(`Using ${config.buildMode} build mode, nothing to autobuild.`);
return undefined; return undefined;
} }
@ -135,13 +134,19 @@ async function setupCppAutobuild(codeql, logger) {
} }
} }
exports.setupCppAutobuild = setupCppAutobuild; exports.setupCppAutobuild = setupCppAutobuild;
async function runAutobuild(language, config, logger) { async function runAutobuild(config, language, features, logger) {
logger.startGroup(`Attempting to automatically build ${language} code`); logger.startGroup(`Attempting to automatically build ${language} code`);
const codeQL = await (0, codeql_1.getCodeQL)(config.codeQLCmd); const codeQL = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
if (language === languages_1.Language.cpp) { if (language === languages_1.Language.cpp) {
await setupCppAutobuild(codeQL, logger); await setupCppAutobuild(codeQL, logger);
} }
await codeQL.runAutobuild(language, config.debugMode); if (config.buildMode &&
(await features.getValue(feature_flags_1.Feature.AutobuildDirectTracing, codeQL))) {
await codeQL.extractUsingBuildMode(config, language);
}
else {
await codeQL.runAutobuild(config, language);
}
if (language === languages_1.Language.go) { if (language === languages_1.Language.go) {
core.exportVariable(environment_1.EnvVar.DID_AUTOBUILD_GOLANG, "true"); core.exportVariable(environment_1.EnvVar.DID_AUTOBUILD_GOLANG, "true");
} }

2
lib/autobuild.js.map
View file

@ -1 +1 @@
{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,iDAA2C;AAC3C,+CAAuC;AACvC,mDAAmE;AACnE,2CAAyD;AAEzD,6CAAkD;AAClD,qDAAgD;AAChD,iCAA6C;AAEtC,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAA0B,EAC1B,MAAc;IAEd,IACE,CAAC,MAAM,CAAC,SAAS,KAAK,wBAAS,CAAC,IAAI;QAClC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,SAAS,KAAK,wBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,SAAS,oCAAoC,CAAC,CAAC;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,4BAA4B;YAC5B,0NAA0N,CAC7N,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAhGD,kEAgGC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,MAAM,GACV,wHAAwH,CAAC;IAC3H,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,MAAM,IAAI;gBACzG,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,MAAM,IAAI,CAC1H,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAvCD,8CAuCC;AAEM,KAAK,UAAU,YAAY,CAChC,QAAkB,EAClB,MAA0B,EAC1B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,EAAE,MAAM,CAAC,SAAS,CAAC,CAAC;IACtD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAfD,oCAeC"} {"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,iDAA6E;AAC7E,6CAAgD;AAChD,qCAA6C;AAE7C,+CAAuC;AACvC,mDAKyB;AACzB,2CAAyD;AAEzD,6CAAkD;AAClD,qDAAgD;AAChD,iCAAwD;AAEjD,KAAK,UAAU,2BAA2B,CAC/C,MAAc,EACd,MAA0B,EAC1B,MAAc;IAEd,IACE,CAAC,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,IAAI;QAClC,CAAC,MAAM,MAAM,CAAC,eAAe,CAAC,6BAAY,CAAC,wBAAwB,CAAC,CAAC,CAAC;QACxE,MAAM,CAAC,SAAS,KAAK,gBAAS,CAAC,MAAM,EACrC,CAAC;QACD,MAAM,CAAC,IAAI,CAAC,SAAS,MAAM,CAAC,SAAS,oCAAoC,CAAC,CAAC;QAC3E,OAAO,SAAS,CAAC;IACnB,CAAC;IAED,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CACvD,IAAA,4BAAgB,EAAC,CAAC,CAAC,CACpB,CAAC;IAEF,IAAI,CAAC,kBAAkB,EAAE,CAAC;QACxB,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;OA0BG;IACH,MAAM,2BAA2B,GAAG,kBAAkB,CAAC,MAAM,CAC3D,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,KAAK,oBAAQ,CAAC,EAAE,CACzB,CAAC;IAEF,MAAM,SAAS,GAAe,EAAE,CAAC;IACjC,yEAAyE;IACzE,UAAU;IACV,IAAI,2BAA2B,CAAC,CAAC,CAAC,KAAK,SAAS,EAAE,CAAC;QACjD,SAAS,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC,CAAC,CAAC,CAAC;IACjD,CAAC;IACD,uEAAuE;IACvE,wCAAwC;IACxC,IAAI,kBAAkB,CAAC,MAAM,KAAK,2BAA2B,CAAC,MAAM,EAAE,CAAC;QACrE,SAAS,CAAC,IAAI,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9B,CAAC;IAED,MAAM,CAAC,KAAK,CAAC,kBAAkB,SAAS,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAE3D,2EAA2E;IAC3E,4EAA4E;IAC5E,2CAA2C;IAC3C,uEAAuE;IACvE,2EAA2E;IAC3E,uEAAuE;IACvE,yCAAyC;IACzC,IAAI,2BAA2B,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;QAC3C,MAAM,CAAC,OAAO,CACZ,oCAAoC,SAAS,CAAC,IAAI,CAChD,OAAO,CACR,8BAA8B,2BAA2B;aACvD,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CACH,OAAO,CACR,kFAAkF;YACnF,4BAA4B;YAC5B,0NAA0N,CAC7N,CAAC;IACJ,CAAC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAhGD,kEAgGC;AAEM,KAAK,UAAU,iBAAiB,CAAC,MAAc,EAAE,MAAc;IACpE,MAAM,MAAM,GAAG,6BAAa,CAAC,uBAAO,CAAC,yBAAyB,CAAC,CAAC,MAAM,CAAC;IACvE,MAAM,WAAW,GAAG,4CAA4C,CAAC;IACjE,MAAM,MAAM,GACV,wHAAwH,CAAC;IAC3H,MAAM,aAAa,GAAG,MAAM,IAAA,6BAAgB,GAAE,CAAC;IAC/C,MAAM,aAAa,GAAG,IAAA,+BAAkB,EACtC,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,CACzC,CAAC;IACF,MAAM,QAAQ,GAAG,IAAI,wBAAQ,CAC3B,aAAa,EACb,aAAa,EACb,IAAA,oCAAqB,GAAE,EACvB,MAAM,CACP,CAAC;IACF,IAAI,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,yBAAyB,EAAE,MAAM,CAAC,EAAE,CAAC;QACvE,yEAAyE;QACzE,IACE,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,KAAK,aAAa;YACnD,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,KAAK,MAAM,EAC9B,CAAC;YACD,MAAM,CAAC,IAAI,CACT,aAAa,WAAW,sCACtB,IAAA,mCAAoB,GAAE,KAAK,SAAS;gBAClC,CAAC,CAAC,8BAA8B,MAAM,yDAAyD,MAAM,IAAI;gBACzG,CAAC,CAAC,EACN,EAAE,CACH,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QACvC,CAAC;aAAM,CAAC;YACN,MAAM,CAAC,IAAI,CACT,YAAY,WAAW,yCAAyC,MAAM,yCAAyC,MAAM,IAAI,CAC1H,CAAC;YACF,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;SAAM,CAAC;QACN,MAAM,CAAC,IAAI,CAAC,aAAa,WAAW,GAAG,CAAC,CAAC;QACzC,IAAI,CAAC,cAAc,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACvC,CAAC;AACH,CAAC;AAvCD,8CAuCC;AAEM,KAAK,UAAU,YAAY,CAChC,MAA0B,EAC1B,QAAkB,EAClB,QAA2B,EAC3B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,GAAG,EAAE,CAAC;QAC9B,MAAM,iBAAiB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAC1C,CAAC;IACD,IACE,MAAM,CAAC,SAAS;QAChB,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,sBAAsB,EAAE,MAAM,CAAC,CAAC,EACjE,CAAC;QACD,MAAM,MAAM,CAAC,qBAAqB,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IACvD,CAAC;SAAM,CAAC;QACN,MAAM,MAAM,CAAC,YAAY,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;IAC9C,CAAC;IACD,IAAI,QAAQ,KAAK,oBAAQ,CAAC,EAAE,EAAE,CAAC;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAM,CAAC,oBAAoB,EAAE,MAAM,CAAC,CAAC;IAC3D,CAAC;IACD,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AAvBD,oCAuBC"}

67
lib/cli-errors.js generated
View file

@ -2,7 +2,6 @@
Object.defineProperty(exports, "__esModule", { value: true }); Object.defineProperty(exports, "__esModule", { value: true });
exports.wrapCliConfigurationError = exports.getCliConfigCategoryIfExists = exports.cliErrorsConfig = exports.CliConfigErrorCategory = exports.CommandInvocationError = void 0; exports.wrapCliConfigurationError = exports.getCliConfigCategoryIfExists = exports.cliErrorsConfig = exports.CliConfigErrorCategory = exports.CommandInvocationError = void 0;
const util_1 = require("./util"); const util_1 = require("./util");
const NO_SOURCE_CODE_SEEN_DOCS_LINK = "https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build";
/** /**
* A class of Error that we can classify as an error stemming from a CLI * A class of Error that we can classify as an error stemming from a CLI
* invocation, with associated exit code, stderr,etc. * invocation, with associated exit code, stderr,etc.
@ -117,9 +116,11 @@ function ensureEndsInPeriod(text) {
/** Error messages from the CLI that we consider configuration errors and handle specially. */ /** Error messages from the CLI that we consider configuration errors and handle specially. */
var CliConfigErrorCategory; var CliConfigErrorCategory;
(function (CliConfigErrorCategory) { (function (CliConfigErrorCategory) {
CliConfigErrorCategory["ExternalRepositoryCloneFailed"] = "ExternalRepositoryCloneFailed";
CliConfigErrorCategory["GradleBuildFailed"] = "GradleBuildFailed"; CliConfigErrorCategory["GradleBuildFailed"] = "GradleBuildFailed";
CliConfigErrorCategory["IncompatibleWithActionVersion"] = "IncompatibleWithActionVersion"; CliConfigErrorCategory["IncompatibleWithActionVersion"] = "IncompatibleWithActionVersion";
CliConfigErrorCategory["InitCalledTwice"] = "InitCalledTwice"; CliConfigErrorCategory["InitCalledTwice"] = "InitCalledTwice";
CliConfigErrorCategory["InvalidConfigFile"] = "InvalidConfigFile";
CliConfigErrorCategory["InvalidSourceRoot"] = "InvalidSourceRoot"; CliConfigErrorCategory["InvalidSourceRoot"] = "InvalidSourceRoot";
CliConfigErrorCategory["MavenBuildFailed"] = "MavenBuildFailed"; CliConfigErrorCategory["MavenBuildFailed"] = "MavenBuildFailed";
CliConfigErrorCategory["NoBuildCommandAutodetected"] = "NoBuildCommandAutodetected"; CliConfigErrorCategory["NoBuildCommandAutodetected"] = "NoBuildCommandAutodetected";
@ -127,13 +128,22 @@ var CliConfigErrorCategory;
CliConfigErrorCategory["NoSourceCodeSeen"] = "NoSourceCodeSeen"; CliConfigErrorCategory["NoSourceCodeSeen"] = "NoSourceCodeSeen";
CliConfigErrorCategory["NoSupportedBuildCommandSucceeded"] = "NoSupportedBuildCommandSucceeded"; CliConfigErrorCategory["NoSupportedBuildCommandSucceeded"] = "NoSupportedBuildCommandSucceeded";
CliConfigErrorCategory["NoSupportedBuildSystemDetected"] = "NoSupportedBuildSystemDetected"; CliConfigErrorCategory["NoSupportedBuildSystemDetected"] = "NoSupportedBuildSystemDetected";
CliConfigErrorCategory["OutOfMemoryOrDisk"] = "OutOfMemoryOrDisk";
CliConfigErrorCategory["PackCannotBeFound"] = "PackCannotBeFound";
CliConfigErrorCategory["PackMissingAuth"] = "PackMissingAuth";
CliConfigErrorCategory["SwiftBuildFailed"] = "SwiftBuildFailed"; CliConfigErrorCategory["SwiftBuildFailed"] = "SwiftBuildFailed";
CliConfigErrorCategory["UnsupportedBuildMode"] = "UnsupportedBuildMode";
})(CliConfigErrorCategory || (exports.CliConfigErrorCategory = CliConfigErrorCategory = {})); })(CliConfigErrorCategory || (exports.CliConfigErrorCategory = CliConfigErrorCategory = {}));
/** /**
* All of our caught CLI error messages that we handle specially: ie. if we * All of our caught CLI error messages that we handle specially: ie. if we
* would like to categorize an error as a configuration error or not. * would like to categorize an error as a configuration error or not.
*/ */
exports.cliErrorsConfig = { exports.cliErrorsConfig = {
[CliConfigErrorCategory.ExternalRepositoryCloneFailed]: {
cliErrorMessageCandidates: [
new RegExp("Failed to clone external Git repository"),
],
},
[CliConfigErrorCategory.GradleBuildFailed]: { [CliConfigErrorCategory.GradleBuildFailed]: {
cliErrorMessageCandidates: [ cliErrorMessageCandidates: [
new RegExp("[autobuild] FAILURE: Build failed with an exception."), new RegExp("[autobuild] FAILURE: Build failed with an exception."),
@ -151,6 +161,12 @@ exports.cliErrorsConfig = {
], ],
additionalErrorMessageToAppend: `Is the "init" action called twice in the same job?`, additionalErrorMessageToAppend: `Is the "init" action called twice in the same job?`,
}, },
[CliConfigErrorCategory.InvalidConfigFile]: {
cliErrorMessageCandidates: [
new RegExp("Config file .* is not valid"),
new RegExp("The supplied config file is empty"),
],
},
// Expected source location for database creation does not exist // Expected source location for database creation does not exist
[CliConfigErrorCategory.InvalidSourceRoot]: { [CliConfigErrorCategory.InvalidSourceRoot]: {
cliErrorMessageCandidates: [new RegExp("Invalid source root")], cliErrorMessageCandidates: [new RegExp("Invalid source root")],
@ -177,15 +193,6 @@ exports.cliErrorsConfig = {
cliErrorMessageCandidates: [ cliErrorMessageCandidates: [
new RegExp("CodeQL detected code written in .* but could not process any of it"), new RegExp("CodeQL detected code written in .* but could not process any of it"),
new RegExp("CodeQL did not detect any code written in languages supported by CodeQL"), new RegExp("CodeQL did not detect any code written in languages supported by CodeQL"),
/**
* Earlier versions of the JavaScript extractor (pre-CodeQL 2.12.0) extract externs even if no
* source code was found. This means that we don't get the no code found error from
* `codeql database finalize`. To ensure users get a good error message, we detect this manually
* here, and upon detection override the error message.
*
* This can be removed once support for CodeQL 2.11.6 is removed.
*/
new RegExp("No JavaScript or TypeScript code found"),
], ],
}, },
[CliConfigErrorCategory.NoSupportedBuildCommandSucceeded]: { [CliConfigErrorCategory.NoSupportedBuildCommandSucceeded]: {
@ -198,11 +205,35 @@ exports.cliErrorsConfig = {
new RegExp("No supported build system detected"), new RegExp("No supported build system detected"),
], ],
}, },
[CliConfigErrorCategory.OutOfMemoryOrDisk]: {
cliErrorMessageCandidates: [
new RegExp("CodeQL is out of memory."),
new RegExp("out of disk"),
new RegExp("No space left on device"),
],
additionalErrorMessageToAppend: "For more information, see https://gh.io/troubleshooting-code-scanning/out-of-disk-or-memory",
},
[CliConfigErrorCategory.PackCannotBeFound]: {
cliErrorMessageCandidates: [
new RegExp("Query pack .* cannot be found\\. Check the spelling of the pack\\."),
],
},
[CliConfigErrorCategory.PackMissingAuth]: {
cliErrorMessageCandidates: [
new RegExp("GitHub Container registry .* 403 Forbidden"),
new RegExp("Do you need to specify a token to authenticate to the registry?"),
],
},
[CliConfigErrorCategory.SwiftBuildFailed]: { [CliConfigErrorCategory.SwiftBuildFailed]: {
cliErrorMessageCandidates: [ cliErrorMessageCandidates: [
new RegExp("\\[autobuilder/build\\] \\[build-command-failed\\] `autobuild` failed to run the build command"), new RegExp("\\[autobuilder/build\\] \\[build-command-failed\\] `autobuild` failed to run the build command"),
], ],
}, },
[CliConfigErrorCategory.UnsupportedBuildMode]: {
cliErrorMessageCandidates: [
new RegExp("does not support the .* build mode. Please try using one of the following build modes instead"),
],
},
}; };
/** /**
* Check if the given CLI error or exit code, if applicable, apply to any known * Check if the given CLI error or exit code, if applicable, apply to any known
@ -226,17 +257,6 @@ function getCliConfigCategoryIfExists(cliError) {
return undefined; return undefined;
} }
exports.getCliConfigCategoryIfExists = getCliConfigCategoryIfExists; exports.getCliConfigCategoryIfExists = getCliConfigCategoryIfExists;
/**
* Prepend a clearer error message with the docs link if the error message does not already
* include it. Can be removed once support for CodeQL 2.11.6 is removed; at that point, all runs
* should already include the doc link.
*/
function prependDocsLinkIfApplicable(cliErrorMessage) {
if (!cliErrorMessage.includes(NO_SOURCE_CODE_SEEN_DOCS_LINK)) {
return `No code found during the build. Please see: ${NO_SOURCE_CODE_SEEN_DOCS_LINK}. Detailed error: ${cliErrorMessage}`;
}
return cliErrorMessage;
}
/** /**
* Changes an error received from the CLI to a ConfigurationError with optionally an extra * Changes an error received from the CLI to a ConfigurationError with optionally an extra
* error message appended, if it exists in a known set of configuration errors. Otherwise, * error message appended, if it exists in a known set of configuration errors. Otherwise,
@ -251,11 +271,6 @@ function wrapCliConfigurationError(cliError) {
return cliError; return cliError;
} }
let errorMessageBuilder = cliError.message; let errorMessageBuilder = cliError.message;
// Can be removed once support for CodeQL 2.11.6 is removed; at that point, all runs should
// already include the doc link.
if (cliConfigErrorCategory === CliConfigErrorCategory.NoSourceCodeSeen) {
errorMessageBuilder = prependDocsLinkIfApplicable(errorMessageBuilder);
}
const additionalErrorMessageToAppend = exports.cliErrorsConfig[cliConfigErrorCategory].additionalErrorMessageToAppend; const additionalErrorMessageToAppend = exports.cliErrorsConfig[cliConfigErrorCategory].additionalErrorMessageToAppend;
if (additionalErrorMessageToAppend !== undefined) { if (additionalErrorMessageToAppend !== undefined) {
errorMessageBuilder = `${errorMessageBuilder} ${additionalErrorMessageToAppend}`; errorMessageBuilder = `${errorMessageBuilder} ${additionalErrorMessageToAppend}`;

2
lib/cli-errors.js.map
View file

File diff suppressed because one or more lines are too long

181
lib/codeql.js generated
View file

@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
return result; return result;
}; };
Object.defineProperty(exports, "__esModule", { value: true }); Object.defineProperty(exports, "__esModule", { value: true });
exports.getGeneratedCodeScanningConfigPath = exports.getTrapCachingExtractorConfigArgsForLang = exports.getTrapCachingExtractorConfigArgs = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = void 0; exports.getGeneratedCodeScanningConfigPath = exports.getTrapCachingExtractorConfigArgsForLang = exports.getTrapCachingExtractorConfigArgs = exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = void 0;
const fs = __importStar(require("fs")); const fs = __importStar(require("fs"));
const path = __importStar(require("path")); const path = __importStar(require("path"));
const core = __importStar(require("@actions/core")); const core = __importStar(require("@actions/core"));
@ -34,9 +34,9 @@ const actions_util_1 = require("./actions-util");
const cli_errors_1 = require("./cli-errors"); const cli_errors_1 = require("./cli-errors");
const environment_1 = require("./environment"); const environment_1 = require("./environment");
const feature_flags_1 = require("./feature-flags"); const feature_flags_1 = require("./feature-flags");
const languages_1 = require("./languages");
const setupCodeql = __importStar(require("./setup-codeql")); const setupCodeql = __importStar(require("./setup-codeql"));
const tools_features_1 = require("./tools-features"); const tools_features_1 = require("./tools-features");
const tracer_config_1 = require("./tracer-config");
const util = __importStar(require("./util")); const util = __importStar(require("./util"));
const util_1 = require("./util"); const util_1 = require("./util");
/** /**
@ -52,19 +52,19 @@ let cachedCodeQL = undefined;
* The version flags below can be used to conditionally enable certain features * The version flags below can be used to conditionally enable certain features
* on versions newer than this. * on versions newer than this.
*/ */
const CODEQL_MINIMUM_VERSION = "2.11.6"; const CODEQL_MINIMUM_VERSION = "2.12.6";
/** /**
* This version will shortly become the oldest version of CodeQL that the Action will run with. * This version will shortly become the oldest version of CodeQL that the Action will run with.
*/ */
const CODEQL_NEXT_MINIMUM_VERSION = "2.11.6"; const CODEQL_NEXT_MINIMUM_VERSION = "2.12.6";
/** /**
* This is the version of GHES that was most recently deprecated. * This is the version of GHES that was most recently deprecated.
*/ */
const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.7"; const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.8";
/** /**
* This is the deprecation date for the version of GHES that was most recently deprecated. * This is the deprecation date for the version of GHES that was most recently deprecated.
*/ */
const GHES_MOST_RECENT_DEPRECATION_DATE = "2023-11-08"; const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-03-26";
/** The CLI verbosity level to use for extraction in debug mode. */ /** The CLI verbosity level to use for extraction in debug mode. */
const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
/* /*
@ -74,20 +74,6 @@ const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
* For convenience, please keep these in descending order. Once a version * For convenience, please keep these in descending order. Once a version
* flag is older than the oldest supported version above, it may be removed. * flag is older than the oldest supported version above, it may be removed.
*/ */
/**
* Versions 2.12.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for
* each language.
*/
exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
/**
* Versions 2.12.3+ of the CodeQL CLI support exporting configuration information from a code
* scanning config file to SARIF.
*/
exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = "2.12.3";
/**
* Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`.
*/
exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = "2.12.4";
/** /**
* Versions 2.13.1+ of the CodeQL CLI fix a bug where diagnostics export could produce invalid SARIF. * Versions 2.13.1+ of the CodeQL CLI fix a bug where diagnostics export could produce invalid SARIF.
*/ */
@ -268,9 +254,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
async supportsFeature(feature) { async supportsFeature(feature) {
return (0, tools_features_1.isSupportedToolsFeature)(await this.getVersion(), feature); return (0, tools_features_1.isSupportedToolsFeature)(await this.getVersion(), feature);
}, },
async databaseInitCluster(config, sourceRoot, processName, qlconfigFile, logger) { async databaseInitCluster(config, sourceRoot, processName, qlconfigFile, features, logger) {
const extraArgs = config.languages.map((language) => `--language=${language}`); const extraArgs = config.languages.map((language) => `--language=${language}`);
if (config.languages.filter((l) => (0, languages_1.isTracedLanguage)(l)).length > 0) { if (await (0, tracer_config_1.shouldEnableIndirectTracing)(codeql, config, features)) {
extraArgs.push("--begin-tracing"); extraArgs.push("--begin-tracing");
extraArgs.push(...(await getTrapCachingExtractorConfigArgs(config))); extraArgs.push(...(await getTrapCachingExtractorConfigArgs(config)));
extraArgs.push(`--trace-process-name=${processName}`); extraArgs.push(`--trace-process-name=${processName}`);
@ -285,45 +271,40 @@ async function getCodeQLForCmd(cmd, checkVersion) {
(await this.supportsFeature(tools_features_1.ToolsFeature.BuildModeOption))) { (await this.supportsFeature(tools_features_1.ToolsFeature.BuildModeOption))) {
extraArgs.push(`--build-mode=${config.buildMode}`); extraArgs.push(`--build-mode=${config.buildMode}`);
} }
if (qlconfigFile !== undefined && if (qlconfigFile !== undefined) {
(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_INIT_WITH_QLCONFIG))) {
extraArgs.push(`--qlconfig-file=${qlconfigFile}`); extraArgs.push(`--qlconfig-file=${qlconfigFile}`);
} }
if (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG)) { if (await util.codeQlVersionAtLeast(this, exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG)) {
extraArgs.push("--calculate-language-specific-baseline"); extraArgs.push("--calculate-language-specific-baseline");
} }
if (await isSublanguageFileCoverageEnabled(config, this)) { if (await isSublanguageFileCoverageEnabled(config, this)) {
extraArgs.push("--sublanguage-file-coverage"); extraArgs.push("--sublanguage-file-coverage");
} }
else if (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE)) { else if (await util.codeQlVersionAtLeast(this, exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE)) {
extraArgs.push("--no-sublanguage-file-coverage"); extraArgs.push("--no-sublanguage-file-coverage");
} }
const overwriteFlag = (0, tools_features_1.isSupportedToolsFeature)(await this.getVersion(), tools_features_1.ToolsFeature.ForceOverwrite)
? "--force-overwrite"
: "--overwrite";
await runTool(cmd, [ await runTool(cmd, [
"database", "database",
"init", "init",
overwriteFlag,
"--db-cluster", "--db-cluster",
config.dbLocation, config.dbLocation,
`--source-root=${sourceRoot}`, `--source-root=${sourceRoot}`,
...(await getLanguageAliasingArguments(this)), ...(await getLanguageAliasingArguments(this)),
...extraArgs, ...extraArgs,
...getExtraOptionsFromEnv(["database", "init"]), ...getExtraOptionsFromEnv(["database", "init"], {
ignoringOptions: ["--overwrite"],
}),
], { stdin: externalRepositoryToken }); ], { stdin: externalRepositoryToken });
}, },
async runAutobuild(language, enableDebugLogging) { async runAutobuild(config, language) {
applyAutobuildAzurePipelinesTimeoutFix();
const autobuildCmd = path.join(await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh"); const autobuildCmd = path.join(await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh");
// Update JAVA_TOOL_OPTIONS to contain '-Dhttp.keepAlive=false'
// This is because of an issue with Azure pipelines timing out connections after 4 minutes
// and Maven not properly handling closed connections
// Otherwise long build processes will timeout when pulling down Java packages
// https://developercommunity.visualstudio.com/content/problem/292284/maven-hosted-agent-connection-timeout.html
const javaToolOptions = process.env["JAVA_TOOL_OPTIONS"] || "";
process.env["JAVA_TOOL_OPTIONS"] = [
...javaToolOptions.split(/\s+/),
"-Dhttp.keepAlive=false",
"-Dmaven.wagon.http.pool=false",
].join(" ");
// Bump the verbosity of the autobuild command if we're in debug mode // Bump the verbosity of the autobuild command if we're in debug mode
if (enableDebugLogging) { if (config.debugMode) {
process.env[environment_1.EnvVar.CLI_VERBOSITY] = process.env[environment_1.EnvVar.CLI_VERBOSITY] =
process.env[environment_1.EnvVar.CLI_VERBOSITY] || EXTRACTION_DEBUG_MODE_VERBOSITY; process.env[environment_1.EnvVar.CLI_VERBOSITY] || EXTRACTION_DEBUG_MODE_VERBOSITY;
} }
@ -354,15 +335,37 @@ async function getCodeQLForCmd(cmd, checkVersion) {
]); ]);
}, },
async extractUsingBuildMode(config, language) { async extractUsingBuildMode(config, language) {
await runTool(cmd, [ if (config.buildMode === util_1.BuildMode.Autobuild) {
"database", applyAutobuildAzurePipelinesTimeoutFix();
"trace-command", }
"--use-build-mode", try {
...(await getTrapCachingExtractorConfigArgsForLang(config, language)), await runTool(cmd, [
...getExtractionVerbosityArguments(config.debugMode), "database",
...getExtraOptionsFromEnv(["database", "trace-command"]), "trace-command",
util.getCodeQLDatabasePath(config, language), "--use-build-mode",
]); "--working-dir",
process.cwd(),
...(await getTrapCachingExtractorConfigArgsForLang(config, language)),
...getExtractionVerbosityArguments(config.debugMode),
...getExtraOptionsFromEnv(["database", "trace-command"]),
util.getCodeQLDatabasePath(config, language),
]);
}
catch (e) {
if (config.buildMode === util_1.BuildMode.Autobuild) {
const prefix = "We were unable to automatically build your code. " +
"Please change the build mode for this language to manual and specify build steps " +
"for your project. For more information, see " +
"https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed.";
const ErrorConstructor = e instanceof util.ConfigurationError
? util.ConfigurationError
: Error;
throw new ErrorConstructor(`${prefix} ${util.wrapError(e).message}`);
}
else {
throw e;
}
}
}, },
async finalizeDatabase(databasePath, threadsFlag, memoryFlag, enableDebugLogging) { async finalizeDatabase(databasePath, threadsFlag, memoryFlag, enableDebugLogging) {
const args = [ const args = [
@ -453,14 +456,14 @@ async function getCodeQLForCmd(cmd, checkVersion) {
"run-queries", "run-queries",
...flags, ...flags,
databasePath, databasePath,
"--expect-discarded-cache",
"--min-disk-free=1024", // Try to leave at least 1GB free "--min-disk-free=1024", // Try to leave at least 1GB free
"-v", "-v",
...getExtraOptionsFromEnv(["database", "run-queries"]), ...getExtraOptionsFromEnv(["database", "run-queries"], {
ignoringOptions: ["--expect-discarded-cache"],
}),
]; ];
if (await util.supportExpectDiscardedCache(this)) { if (await util.codeQlVersionAtLeast(this, feature_flags_1.CODEQL_VERSION_FINE_GRAINED_PARALLELISM)) {
codeqlArgs.push("--expect-discarded-cache");
}
if (await util.codeQlVersionAbove(this, feature_flags_1.CODEQL_VERSION_FINE_GRAINED_PARALLELISM)) {
codeqlArgs.push("--intra-layer-parallelism"); codeqlArgs.push("--intra-layer-parallelism");
} }
await runTool(cmd, codeqlArgs); await runTool(cmd, codeqlArgs);
@ -483,7 +486,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
"--print-diagnostics-summary", "--print-diagnostics-summary",
"--print-metrics-summary", "--print-metrics-summary",
"--sarif-add-baseline-file-info", "--sarif-add-baseline-file-info",
...(await getCodeScanningConfigExportArguments(config, this)), `--sarif-codescanning-config=${getGeneratedCodeScanningConfigPath(config)}`,
"--sarif-group-rules-by-pack", "--sarif-group-rules-by-pack",
...(await getCodeScanningQueryHelpArguments(this)), ...(await getCodeScanningQueryHelpArguments(this)),
...getExtraOptionsFromEnv(["database", "interpret-results"]), ...getExtraOptionsFromEnv(["database", "interpret-results"]),
@ -494,26 +497,19 @@ async function getCodeQLForCmd(cmd, checkVersion) {
if (await isSublanguageFileCoverageEnabled(config, this)) { if (await isSublanguageFileCoverageEnabled(config, this)) {
codeqlArgs.push("--sublanguage-file-coverage"); codeqlArgs.push("--sublanguage-file-coverage");
} }
else if (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE)) { else if (await util.codeQlVersionAtLeast(this, exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE)) {
codeqlArgs.push("--no-sublanguage-file-coverage"); codeqlArgs.push("--no-sublanguage-file-coverage");
} }
if (shouldExportDiagnostics) { if (shouldExportDiagnostics) {
codeqlArgs.push("--sarif-include-diagnostics"); codeqlArgs.push("--sarif-include-diagnostics");
} }
else if (await util.codeQlVersionAbove(this, "2.12.4")) { else {
codeqlArgs.push("--no-sarif-include-diagnostics"); codeqlArgs.push("--no-sarif-include-diagnostics");
} }
if ( if ((await util.codeQlVersionAtLeast(this, exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2)) &&
// Analysis summary v2 links to the status page, so check the GHES version we're running on !(0, tools_features_1.isSupportedToolsFeature)(await this.getVersion(), tools_features_1.ToolsFeature.AnalysisSummaryV2IsDefault)) {
// supports the status page.
(config.gitHubVersion.type !== util.GitHubVariant.GHES ||
semver.gte(config.gitHubVersion.version, "3.9.0")) &&
(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2))) {
codeqlArgs.push("--new-analysis-summary"); codeqlArgs.push("--new-analysis-summary");
} }
else if (await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2)) {
codeqlArgs.push("--no-new-analysis-summary");
}
codeqlArgs.push(databasePath); codeqlArgs.push(databasePath);
if (querySuitePaths) { if (querySuitePaths) {
codeqlArgs.push(...querySuitePaths); codeqlArgs.push(...querySuitePaths);
@ -633,7 +629,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
"export", "export",
"--format=sarif-latest", "--format=sarif-latest",
`--output=${sarifFile}`, `--output=${sarifFile}`,
...(await getCodeScanningConfigExportArguments(config, this)), `--sarif-codescanning-config=${getGeneratedCodeScanningConfigPath(config)}`,
...getExtraOptionsFromEnv(["diagnostics", "export"]), ...getExtraOptionsFromEnv(["diagnostics", "export"]),
]; ];
if (automationDetailsId !== undefined) { if (automationDetailsId !== undefined) {
@ -691,12 +687,12 @@ async function getCodeQLForCmd(cmd, checkVersion) {
// would call getVersion(), so the CLI version would be cached as soon as the // would call getVersion(), so the CLI version would be cached as soon as the
// CodeQL object is created. // CodeQL object is created.
if (checkVersion && if (checkVersion &&
!(await util.codeQlVersionAbove(codeql, CODEQL_MINIMUM_VERSION))) { !(await util.codeQlVersionAtLeast(codeql, CODEQL_MINIMUM_VERSION))) {
throw new util.ConfigurationError(`Expected a CodeQL CLI with version at least ${CODEQL_MINIMUM_VERSION} but got version ${(await codeql.getVersion()).version}`); throw new util.ConfigurationError(`Expected a CodeQL CLI with version at least ${CODEQL_MINIMUM_VERSION} but got version ${(await codeql.getVersion()).version}`);
} }
else if (checkVersion && else if (checkVersion &&
process.env[environment_1.EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING] !== "true" && process.env[environment_1.EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING] !== "true" &&
!(await util.codeQlVersionAbove(codeql, CODEQL_NEXT_MINIMUM_VERSION))) { !(await util.codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION))) {
const result = await codeql.getVersion(); const result = await codeql.getVersion();
core.warning(`CodeQL CLI version ${result.version} was discontinued on ` + core.warning(`CodeQL CLI version ${result.version} was discontinued on ` +
`${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ` + `${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ` +
@ -706,8 +702,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
"version of the CLI using the 'tools' input to the 'init' Action, you can remove this " + "version of the CLI using the 'tools' input to the 'init' Action, you can remove this " +
"input to use the default version.\n\n" + "input to use the default version.\n\n" +
"Alternatively, if you want to continue using CodeQL CLI version " + "Alternatively, if you want to continue using CodeQL CLI version " +
`${result.version}, you can replace 'github/codeql-action/*@v3' by ` + `${result.version}, you can replace 'github/codeql-action/*@v${(0, actions_util_1.getActionVersion)().split(".")[0]}' by 'github/codeql-action/*@v${(0, actions_util_1.getActionVersion)()}' in your code scanning workflow to ` +
`'github/codeql-action/*@v${(0, actions_util_1.getActionVersion)()}' in your code scanning workflow to ` +
"continue using this version of the CodeQL Action."); "continue using this version of the CodeQL Action.");
core.exportVariable(environment_1.EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING, "true"); core.exportVariable(environment_1.EnvVar.SUPPRESS_DEPRECATED_SOON_WARNING, "true");
} }
@ -716,10 +711,13 @@ async function getCodeQLForCmd(cmd, checkVersion) {
exports.getCodeQLForCmd = getCodeQLForCmd; exports.getCodeQLForCmd = getCodeQLForCmd;
/** /**
* Gets the options for `path` of `options` as an array of extra option strings. * Gets the options for `path` of `options` as an array of extra option strings.
*
* @param ignoringOptions Options that should be ignored, for example because they have already
* been passed and it is an error to pass them more than once.
*/ */
function getExtraOptionsFromEnv(paths) { function getExtraOptionsFromEnv(paths, { ignoringOptions } = {}) {
const options = util.getExtraOptionsEnvParam(); const options = util.getExtraOptionsEnvParam();
return getExtraOptions(options, paths, []); return getExtraOptions(options, paths, []).filter((option) => !ignoringOptions?.includes(option));
} }
/** /**
* Gets `options` as an array of extra option strings. * Gets `options` as an array of extra option strings.
@ -859,20 +857,6 @@ async function generateCodeScanningConfig(config, logger) {
function cloneObject(obj) { function cloneObject(obj) {
return JSON.parse(JSON.stringify(obj)); return JSON.parse(JSON.stringify(obj));
} }
/**
* Gets arguments for passing the code scanning configuration file to interpretation commands like
* `codeql database interpret-results` and `codeql database export-diagnostics`.
*
* Returns an empty list if a code scanning configuration file was not generated by the CLI.
*/
async function getCodeScanningConfigExportArguments(config, codeql) {
const codeScanningConfigPath = getGeneratedCodeScanningConfigPath(config);
if (fs.existsSync(codeScanningConfigPath) &&
(await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG))) {
return ["--sarif-codescanning-config", codeScanningConfigPath];
}
return [];
}
// This constant sets the size of each TRAP cache in megabytes. // This constant sets the size of each TRAP cache in megabytes.
const TRAP_CACHE_SIZE_MB = 1024; const TRAP_CACHE_SIZE_MB = 1024;
async function getTrapCachingExtractorConfigArgs(config) { async function getTrapCachingExtractorConfigArgs(config) {
@ -904,10 +888,10 @@ function getGeneratedCodeScanningConfigPath(config) {
} }
exports.getGeneratedCodeScanningConfigPath = getGeneratedCodeScanningConfigPath; exports.getGeneratedCodeScanningConfigPath = getGeneratedCodeScanningConfigPath;
async function isDiagnosticsExportInvalidSarifFixed(codeql) { async function isDiagnosticsExportInvalidSarifFixed(codeql) {
return await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED); return await util.codeQlVersionAtLeast(codeql, exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED);
} }
async function getLanguageAliasingArguments(codeql) { async function getLanguageAliasingArguments(codeql) {
if (await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_LANGUAGE_ALIASING)) { if (await util.codeQlVersionAtLeast(codeql, exports.CODEQL_VERSION_LANGUAGE_ALIASING)) {
return ["--extractor-include-aliases"]; return ["--extractor-include-aliases"];
} }
return []; return [];
@ -917,10 +901,10 @@ async function isSublanguageFileCoverageEnabled(config, codeql) {
// Sub-language file coverage is first supported in GHES 3.12. // Sub-language file coverage is first supported in GHES 3.12.
(config.gitHubVersion.type !== util.GitHubVariant.GHES || (config.gitHubVersion.type !== util.GitHubVariant.GHES ||
semver.gte(config.gitHubVersion.version, "3.12.0")) && semver.gte(config.gitHubVersion.version, "3.12.0")) &&
(await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE))); (await util.codeQlVersionAtLeast(codeql, exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE)));
} }
async function getCodeScanningQueryHelpArguments(codeql) { async function getCodeScanningQueryHelpArguments(codeql) {
if (await util.codeQlVersionAbove(codeql, CODEQL_VERSION_INCLUDE_QUERY_HELP)) { if (await util.codeQlVersionAtLeast(codeql, CODEQL_VERSION_INCLUDE_QUERY_HELP)) {
return ["--sarif-include-query-help=always"]; return ["--sarif-include-query-help=always"];
} }
return ["--sarif-add-query-help"]; return ["--sarif-add-query-help"];
@ -930,4 +914,19 @@ function getExtractionVerbosityArguments(enableDebugLogging) {
? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`]
: []; : [];
} }
/**
* Updates the `JAVA_TOOL_OPTIONS` environment variable to resolve an issue with Azure Pipelines
* timing out connections after 4 minutes and Maven not properly handling closed connections.
*
* Without the fix, long build processes will timeout when pulling down Java packages
* https://developercommunity.visualstudio.com/content/problem/292284/maven-hosted-agent-connection-timeout.html
*/
function applyAutobuildAzurePipelinesTimeoutFix() {
const javaToolOptions = process.env["JAVA_TOOL_OPTIONS"] || "";
process.env["JAVA_TOOL_OPTIONS"] = [
...javaToolOptions.split(/\s+/),
"-Dhttp.keepAlive=false",
"-Dmaven.wagon.http.pool=false",
].join(" ");
}
//# sourceMappingURL=codeql.js.map //# sourceMappingURL=codeql.js.map

2
lib/codeql.js.map
View file

File diff suppressed because one or more lines are too long

129
lib/codeql.test.js generated
View file

@ -44,6 +44,7 @@ const languages_1 = require("./languages");
const logging_1 = require("./logging"); const logging_1 = require("./logging");
const setup_codeql_1 = require("./setup-codeql"); const setup_codeql_1 = require("./setup-codeql");
const testing_utils_1 = require("./testing-utils"); const testing_utils_1 = require("./testing-utils");
const tools_features_1 = require("./tools-features");
const util = __importStar(require("./util")); const util = __importStar(require("./util"));
const util_1 = require("./util"); const util_1 = require("./util");
(0, testing_utils_1.setupTests)(ava_1.default); (0, testing_utils_1.setupTests)(ava_1.default);
@ -261,7 +262,7 @@ for (const toolcacheVersion of [
mockApiDetails(testing_utils_1.SAMPLE_DOTCOM_API_DETAILS); mockApiDetails(testing_utils_1.SAMPLE_DOTCOM_API_DETAILS);
sinon.stub(actionsUtil, "isRunningLocalAction").returns(true); sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
const releasesApiMock = mockReleaseApi({ const releasesApiMock = mockReleaseApi({
assetNames: ["cli-version-2.12.2.txt"], assetNames: ["cli-version-2.12.6.txt"],
tagName: "codeql-bundle-20230203", tagName: "codeql-bundle-20230203",
}); });
(0, testing_utils_1.mockBundleDownloadApi)({ (0, testing_utils_1.mockBundleDownloadApi)({
@ -314,7 +315,7 @@ const injectedConfigMacro = ava_1.default.macro({
tempDir, tempDir,
augmentationProperties, augmentationProperties,
}; };
await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, undefined, (0, logging_1.getRunnerLogger)(true)); await codeqlObject.databaseInitCluster(thisStubConfig, "", undefined, undefined, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
const args = runnerConstructorStub.firstCall.args[1]; const args = runnerConstructorStub.firstCall.args[1];
// should have used an config file // should have used an config file
const configArg = args.find((arg) => arg.startsWith("--codescanning-config=")); const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
@ -449,10 +450,8 @@ const injectedConfigMacro = ava_1.default.macro({
await util.withTmpDir(async (tempDir) => { await util.withTmpDir(async (tempDir) => {
const runnerConstructorStub = stubToolRunnerConstructor(); const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting(); const codeqlObject = await codeql.getCodeQLForTesting();
sinon sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
.stub(codeqlObject, "getVersion") await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
.resolves((0, testing_utils_1.makeVersionInfo)(codeql.CODEQL_VERSION_INIT_WITH_QLCONFIG));
await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
const args = runnerConstructorStub.firstCall.args[1]; const args = runnerConstructorStub.firstCall.args[1];
// should have used a config file // should have used a config file
const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config=")); const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
@ -462,30 +461,13 @@ const injectedConfigMacro = ava_1.default.macro({
t.truthy(hasQlconfigArg, "Should have injected a codescanning config"); t.truthy(hasQlconfigArg, "Should have injected a codescanning config");
}); });
}); });
(0, ava_1.default)("passes a code scanning config BUT NOT a qlconfig to the CLI for CodeQL v2.12.2", async (t) => {
await util.withTmpDir(async (tempDir) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.2"));
await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
const args = runnerConstructorStub.firstCall.args[1];
// should have used a config file
const hasCodeScanningConfigArg = args.some((arg) => arg.startsWith("--codescanning-config="));
t.true(hasCodeScanningConfigArg, "Should have injected a codescanning config");
// should not have passed a qlconfig file
const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig-file="));
t.false(hasQlconfigArg, "should NOT have injected a qlconfig");
});
});
(0, ava_1.default)("does not pass a qlconfig to the CLI when it is undefined", async (t) => { (0, ava_1.default)("does not pass a qlconfig to the CLI when it is undefined", async (t) => {
await util.withTmpDir(async (tempDir) => { await util.withTmpDir(async (tempDir) => {
const runnerConstructorStub = stubToolRunnerConstructor(); const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting(); const codeqlObject = await codeql.getCodeQLForTesting();
sinon sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
.stub(codeqlObject, "getVersion")
.resolves((0, testing_utils_1.makeVersionInfo)(codeql.CODEQL_VERSION_INIT_WITH_QLCONFIG));
await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, undefined, // undefined qlconfigFile await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, undefined, // undefined qlconfigFile
(0, logging_1.getRunnerLogger)(true)); (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
const args = runnerConstructorStub.firstCall.args[1]; const args = runnerConstructorStub.firstCall.args[1];
const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig-file=")); const hasQlconfigArg = args.some((arg) => arg.startsWith("--qlconfig-file="));
t.false(hasQlconfigArg, "should NOT have injected a qlconfig"); t.false(hasQlconfigArg, "should NOT have injected a qlconfig");
@ -493,7 +475,17 @@ const injectedConfigMacro = ava_1.default.macro({
}); });
const NEW_ANALYSIS_SUMMARY_TEST_CASES = [ const NEW_ANALYSIS_SUMMARY_TEST_CASES = [
{ {
codeqlVersion: "2.15.0", codeqlVersion: (0, testing_utils_1.makeVersionInfo)("2.15.0", {
[tools_features_1.ToolsFeature.AnalysisSummaryV2IsDefault]: true,
}),
githubVersion: {
type: util.GitHubVariant.DOTCOM,
},
flagPassed: false,
negativeFlagPassed: false,
},
{
codeqlVersion: (0, testing_utils_1.makeVersionInfo)("2.15.0"),
githubVersion: { githubVersion: {
type: util.GitHubVariant.DOTCOM, type: util.GitHubVariant.DOTCOM,
}, },
@ -501,7 +493,7 @@ const NEW_ANALYSIS_SUMMARY_TEST_CASES = [
negativeFlagPassed: false, negativeFlagPassed: false,
}, },
{ {
codeqlVersion: "2.15.0", codeqlVersion: (0, testing_utils_1.makeVersionInfo)("2.15.0"),
githubVersion: { githubVersion: {
type: util.GitHubVariant.GHES, type: util.GitHubVariant.GHES,
version: "3.9.0", version: "3.9.0",
@ -510,16 +502,7 @@ const NEW_ANALYSIS_SUMMARY_TEST_CASES = [
negativeFlagPassed: false, negativeFlagPassed: false,
}, },
{ {
codeqlVersion: "2.15.0", codeqlVersion: (0, testing_utils_1.makeVersionInfo)("2.14.6"),
githubVersion: {
type: util.GitHubVariant.GHES,
version: "3.8.6",
},
flagPassed: false,
negativeFlagPassed: true,
},
{
codeqlVersion: "2.14.6",
githubVersion: { githubVersion: {
type: util.GitHubVariant.DOTCOM, type: util.GitHubVariant.DOTCOM,
}, },
@ -532,52 +515,24 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
? "--new-analysis-summary" ? "--new-analysis-summary"
: negativeFlagPassed : negativeFlagPassed
? "--no-new-analysis-summary" ? "--no-new-analysis-summary"
: "nothing"} for CodeQL CLI v${codeqlVersion} and ${util.GitHubVariant[githubVersion.type]} ${githubVersion.version ? ` ${githubVersion.version}` : ""}`, async (t) => { : "nothing"} for CodeQL version ${JSON.stringify(codeqlVersion)} and ${util.GitHubVariant[githubVersion.type]} ${githubVersion.version ? ` ${githubVersion.version}` : ""}`, async (t) => {
const runnerConstructorStub = stubToolRunnerConstructor(); const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting(); const codeqlObject = await codeql.getCodeQLForTesting();
sinon sinon.stub(codeqlObject, "getVersion").resolves(codeqlVersion);
.stub(codeqlObject, "getVersion")
.resolves((0, testing_utils_1.makeVersionInfo)(codeqlVersion));
// safeWhich throws because of the test CodeQL object. // safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves(""); sinon.stub(safeWhich, "safeWhich").resolves("");
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", Object.assign({}, stubConfig, { gitHubVersion: githubVersion }), (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true)); await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", Object.assign({}, stubConfig, { gitHubVersion: githubVersion }), (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
t.is(runnerConstructorStub.firstCall.args[1].includes("--new-analysis-summary"), flagPassed, `--new-analysis-summary should${flagPassed ? "" : "n't"} be passed`); const actualArgs = runnerConstructorStub.firstCall.args[1];
t.is(runnerConstructorStub.firstCall.args[1].includes("--no-new-analysis-summary"), negativeFlagPassed, `--no-new-analysis-summary should${negativeFlagPassed ? "" : "n't"} be passed`); t.is(actualArgs.includes("--new-analysis-summary"), flagPassed, `--new-analysis-summary should${flagPassed ? "" : "n't"} be passed`);
t.is(actualArgs.includes("--no-new-analysis-summary"), negativeFlagPassed, `--no-new-analysis-summary should${negativeFlagPassed ? "" : "n't"} be passed`);
}); });
} }
(0, ava_1.default)("database finalize recognises JavaScript no code found error on CodeQL 2.11.6", async (t) => { (0, ava_1.default)("database finalize does not override no code found error on CodeQL 2.12.6", async (t) => {
stubToolRunnerConstructor(1, `2020-09-07T17:39:53.9050522Z [2020-09-07 17:39:53] [build] Done extracting /opt/hostedtoolcache/CodeQL/0.0.0-20200630/x64/codeql/javascript/tools/data/externs/web/ie_vml.js (3 ms)
2020-09-07T17:39:53.9051849Z [2020-09-07 17:39:53] [build-err] No JavaScript or TypeScript code found.
2020-09-07T17:39:53.9052444Z [2020-09-07 17:39:53] [build-err] No JavaScript or TypeScript code found.
2020-09-07T17:39:53.9251124Z [2020-09-07 17:39:53] [ERROR] Spawned process exited abnormally (code 255; tried to run: [/opt/hostedtoolcache/CodeQL/0.0.0-20200630/x64/codeql/javascript/tools/autobuild.sh])`);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.11.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("", "", "", false), {
instanceOf: util.ConfigurationError,
message: new RegExp("No code found during the build\\. Please see: " +
"https://gh\\.io/troubleshooting-code-scanning/no-source-code-seen-during-build\\."),
});
});
(0, ava_1.default)("database finalize overrides no code found error on CodeQL 2.11.6", async (t) => {
stubToolRunnerConstructor(32);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.11.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("", "", "", false), {
instanceOf: util.ConfigurationError,
message: new RegExp("No code found during the build\\. Please see: " +
"https://gh\\.io/troubleshooting-code-scanning/no-source-code-seen-during-build\\."),
});
});
(0, ava_1.default)("database finalize does not override no code found error on CodeQL 2.12.4", async (t) => {
const cliMessage = "CodeQL did not detect any code written in languages supported by CodeQL. Review our troubleshooting guide at " + const cliMessage = "CodeQL did not detect any code written in languages supported by CodeQL. Review our troubleshooting guide at " +
"https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build."; "https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build.";
stubToolRunnerConstructor(32, cliMessage); stubToolRunnerConstructor(32, cliMessage);
const codeqlObject = await codeql.getCodeQLForTesting(); const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.4")); sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
// safeWhich throws because of the test CodeQL object. // safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves(""); sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), { await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {
@ -592,7 +547,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
`${heapError}\n${datasetImportError}.`; `${heapError}\n${datasetImportError}.`;
stubToolRunnerConstructor(32, cliStderr); stubToolRunnerConstructor(32, cliStderr);
const codeqlObject = await codeql.getCodeQLForTesting(); const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.4")); sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
// safeWhich throws because of the test CodeQL object. // safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves(""); sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), { await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {
@ -614,11 +569,11 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
`; `;
stubToolRunnerConstructor(1, stderr); stubToolRunnerConstructor(1, stderr);
const codeqlObject = await codeql.getCodeQLForTesting(); const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.4")); sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor"); sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
// safeWhich throws because of the test CodeQL object. // safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves(""); sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(async () => await codeqlObject.runAutobuild(languages_1.Language.java, false), { await t.throwsAsync(async () => await codeqlObject.runAutobuild(stubConfig, languages_1.Language.java), {
instanceOf: cli_errors_1.CommandInvocationError, instanceOf: cli_errors_1.CommandInvocationError,
message: "We were unable to automatically build your code. Please provide manual build steps. " + message: "We were unable to automatically build your code. Please provide manual build steps. " +
"For more information, see " + "For more information, see " +
@ -633,11 +588,11 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
const stderr = Array.from({ length: 20 }, (_, i) => `[2019-09-18 12:00:00] [autobuild] [ERROR] line${i + 1}`).join("\n"); const stderr = Array.from({ length: 20 }, (_, i) => `[2019-09-18 12:00:00] [autobuild] [ERROR] line${i + 1}`).join("\n");
stubToolRunnerConstructor(1, stderr); stubToolRunnerConstructor(1, stderr);
const codeqlObject = await codeql.getCodeQLForTesting(); const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.4")); sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor"); sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
// safeWhich throws because of the test CodeQL object. // safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves(""); sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(async () => await codeqlObject.runAutobuild(languages_1.Language.java, false), { await t.throwsAsync(async () => await codeqlObject.runAutobuild(stubConfig, languages_1.Language.java), {
instanceOf: cli_errors_1.CommandInvocationError, instanceOf: cli_errors_1.CommandInvocationError,
message: "We were unable to automatically build your code. Please provide manual build steps. " + message: "We were unable to automatically build your code. Please provide manual build steps. " +
"For more information, see " + "For more information, see " +
@ -650,7 +605,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
const cliStderr = "line1\nline2\nline3\nline4\nline5"; const cliStderr = "line1\nline2\nline3\nline4\nline5";
stubToolRunnerConstructor(32, cliStderr); stubToolRunnerConstructor(32, cliStderr);
const codeqlObject = await codeql.getCodeQLForTesting(); const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.4")); sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
// safeWhich throws because of the test CodeQL object. // safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves(""); sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), { await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {
@ -659,6 +614,24 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
"Exit code was 32 and last log line was: line5\\. See the logs for more details\\."), "Exit code was 32 and last log line was: line5\\. See the logs for more details\\."),
}); });
}); });
(0, ava_1.default)("Avoids duplicating --overwrite flag if specified in CODEQL_ACTION_EXTRA_OPTIONS", async (t) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
process.env["CODEQL_ACTION_EXTRA_OPTIONS"] =
'{ "database": { "init": ["--overwrite"] } }';
await codeqlObject.databaseInitCluster(stubConfig, "sourceRoot", undefined, undefined, (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(false));
t.true(runnerConstructorStub.calledOnce);
const args = runnerConstructorStub.firstCall.args[1];
t.is(args.filter((option) => option === "--overwrite").length, 1, "--overwrite should only be passed once");
// Clean up
const configArg = args.find((arg) => arg.startsWith("--codescanning-config="));
t.truthy(configArg, "Should have injected a codescanning config");
const configFile = configArg.split("=")[1];
await (0, del_1.default)(configFile, { force: true });
});
function stubToolRunnerConstructor(exitCode = 0, stderr) { function stubToolRunnerConstructor(exitCode = 0, stderr) {
const runnerObjectStub = sinon.createStubInstance(toolrunner.ToolRunner); const runnerObjectStub = sinon.createStubInstance(toolrunner.ToolRunner);
const runnerConstructorStub = sinon.stub(toolrunner, "ToolRunner"); const runnerConstructorStub = sinon.stub(toolrunner, "ToolRunner");

2
lib/codeql.test.js.map
View file

File diff suppressed because one or more lines are too long

21
lib/config-utils.js generated
View file

@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
return result; return result;
}; };
Object.defineProperty(exports, "__esModule", { value: true }); Object.defineProperty(exports, "__esModule", { value: true });
exports.parseBuildModeInput = exports.wrapEnvironment = exports.generateRegistries = exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.validatePackSpecification = exports.parsePacksSpecification = exports.parsePacksFromInput = exports.calculateAugmentation = exports.getDefaultConfig = exports.getRawLanguages = exports.getLanguageAliases = exports.getLanguages = exports.getLanguagesInRepo = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getPacksStrInvalid = exports.defaultAugmentationProperties = exports.BuildMode = void 0; exports.parseBuildModeInput = exports.wrapEnvironment = exports.generateRegistries = exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.validatePackSpecification = exports.parsePacksSpecification = exports.parsePacksFromInput = exports.calculateAugmentation = exports.getDefaultConfig = exports.getRawLanguages = exports.getLanguageAliases = exports.getLanguages = exports.getLanguagesInRepo = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getPacksStrInvalid = exports.defaultAugmentationProperties = void 0;
const fs = __importStar(require("fs")); const fs = __importStar(require("fs"));
const path = __importStar(require("path")); const path = __importStar(require("path"));
const perf_hooks_1 = require("perf_hooks"); const perf_hooks_1 = require("perf_hooks");
@ -37,12 +37,6 @@ const trap_caching_1 = require("./trap-caching");
const util_1 = require("./util"); const util_1 = require("./util");
// Property names from the user-supplied config file. // Property names from the user-supplied config file.
const PACKS_PROPERTY = "packs"; const PACKS_PROPERTY = "packs";
var BuildMode;
(function (BuildMode) {
BuildMode["None"] = "none";
BuildMode["Autobuild"] = "autobuild";
BuildMode["Manual"] = "manual";
})(BuildMode || (exports.BuildMode = BuildMode = {}));
/** /**
* The default, empty augmentation properties. This is most useful * The default, empty augmentation properties. This is most useful
* for tests. * for tests.
@ -182,7 +176,7 @@ exports.getLanguages = getLanguages;
* version of the CLI. * version of the CLI.
*/ */
async function getLanguageAliases(codeql) { async function getLanguageAliases(codeql) {
if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_LANGUAGE_ALIASING)) { if (await (0, util_1.codeQlVersionAtLeast)(codeql, codeql_1.CODEQL_VERSION_LANGUAGE_ALIASING)) {
return (await codeql.betterResolveLanguages()).aliases; return (await codeql.betterResolveLanguages()).aliases;
} }
return undefined; return undefined;
@ -677,13 +671,18 @@ async function parseBuildModeInput(input, languages, features, logger) {
if (input === undefined) { if (input === undefined) {
return undefined; return undefined;
} }
if (!Object.values(BuildMode).includes(input)) { if (!Object.values(util_1.BuildMode).includes(input)) {
throw new util_1.ConfigurationError(`Invalid build mode: '${input}'. Supported build modes are: ${Object.values(BuildMode).join(", ")}.`); throw new util_1.ConfigurationError(`Invalid build mode: '${input}'. Supported build modes are: ${Object.values(util_1.BuildMode).join(", ")}.`);
}
if (languages.includes(languages_1.Language.csharp) &&
(await features.getValue(feature_flags_1.Feature.DisableCsharpBuildless))) {
logger.warning("Scanning C# code without a build is temporarily unavailable. Falling back to 'autobuild' build mode.");
return util_1.BuildMode.Autobuild;
} }
if (languages.includes(languages_1.Language.java) && if (languages.includes(languages_1.Language.java) &&
(await features.getValue(feature_flags_1.Feature.DisableJavaBuildlessEnabled))) { (await features.getValue(feature_flags_1.Feature.DisableJavaBuildlessEnabled))) {
logger.warning("Scanning Java code without a build is temporarily unavailable. Falling back to 'autobuild' build mode."); logger.warning("Scanning Java code without a build is temporarily unavailable. Falling back to 'autobuild' build mode.");
return BuildMode.Autobuild; return util_1.BuildMode.Autobuild;
} }
return input; return input;
} }

2
lib/config-utils.js.map
View file

File diff suppressed because one or more lines are too long

62
lib/config-utils.test.js generated
View file

@ -35,7 +35,6 @@ const sinon = __importStar(require("sinon"));
const api = __importStar(require("./api-client")); const api = __importStar(require("./api-client"));
const codeql_1 = require("./codeql"); const codeql_1 = require("./codeql");
const configUtils = __importStar(require("./config-utils")); const configUtils = __importStar(require("./config-utils"));
const config_utils_1 = require("./config-utils");
const feature_flags_1 = require("./feature-flags"); const feature_flags_1 = require("./feature-flags");
const languages_1 = require("./languages"); const languages_1 = require("./languages");
const logging_1 = require("./logging"); const logging_1 = require("./logging");
@ -269,7 +268,7 @@ function mockListLanguages(languages) {
// And the config we expect it to parse to // And the config we expect it to parse to
const expectedConfig = { const expectedConfig = {
languages: [languages_1.Language.javascript], languages: [languages_1.Language.javascript],
buildMode: config_utils_1.BuildMode.None, buildMode: util_1.BuildMode.None,
originalUserInput: { originalUserInput: {
name: "my config", name: "my config",
"disable-default-queries": true, "disable-default-queries": true,
@ -765,27 +764,40 @@ const mockRepositoryNwo = (0, repository_1.parseRepositoryNwo)("owner/repo");
t.deepEqual(mockRequest.called, args.expectedApiCall); t.deepEqual(mockRequest.called, args.expectedApiCall);
}); });
}); });
(0, ava_1.default)("Build mode not overridden when disable Java buildless feature flag disabled", async (t) => { for (const { displayName, language, feature } of [
const messages = []; {
const buildMode = await configUtils.parseBuildModeInput("none", [languages_1.Language.java], (0, testing_utils_1.createFeatures)([]), (0, testing_utils_1.getRecordingLogger)(messages)); displayName: "Java",
t.is(buildMode, config_utils_1.BuildMode.None); language: languages_1.Language.java,
t.deepEqual(messages, []); feature: feature_flags_1.Feature.DisableJavaBuildlessEnabled,
}); },
(0, ava_1.default)("Build mode not overridden for other languages", async (t) => { {
const messages = []; displayName: "C#",
const buildMode = await configUtils.parseBuildModeInput("none", [languages_1.Language.python], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableJavaBuildlessEnabled]), (0, testing_utils_1.getRecordingLogger)(messages)); language: languages_1.Language.csharp,
t.is(buildMode, config_utils_1.BuildMode.None); feature: feature_flags_1.Feature.DisableCsharpBuildless,
t.deepEqual(messages, []); },
}); ]) {
(0, ava_1.default)("Build mode overridden when analyzing Java and disable Java buildless feature flag enabled", async (t) => { (0, ava_1.default)(`Build mode not overridden when disable ${displayName} buildless feature flag disabled`, async (t) => {
const messages = []; const messages = [];
const buildMode = await configUtils.parseBuildModeInput("none", [languages_1.Language.java], (0, testing_utils_1.createFeatures)([feature_flags_1.Feature.DisableJavaBuildlessEnabled]), (0, testing_utils_1.getRecordingLogger)(messages)); const buildMode = await configUtils.parseBuildModeInput("none", [language], (0, testing_utils_1.createFeatures)([]), (0, testing_utils_1.getRecordingLogger)(messages));
t.is(buildMode, config_utils_1.BuildMode.Autobuild); t.is(buildMode, util_1.BuildMode.None);
t.deepEqual(messages, [ t.deepEqual(messages, []);
{ });
message: "Scanning Java code without a build is temporarily unavailable. Falling back to 'autobuild' build mode.", (0, ava_1.default)(`Build mode not overridden for other languages when disable ${displayName} buildless feature flag enabled`, async (t) => {
type: "warning", const messages = [];
}, const buildMode = await configUtils.parseBuildModeInput("none", [languages_1.Language.python], (0, testing_utils_1.createFeatures)([feature]), (0, testing_utils_1.getRecordingLogger)(messages));
]); t.is(buildMode, util_1.BuildMode.None);
}); t.deepEqual(messages, []);
});
(0, ava_1.default)(`Build mode overridden when analyzing ${displayName} and disable ${displayName} buildless feature flag enabled`, async (t) => {
const messages = [];
const buildMode = await configUtils.parseBuildModeInput("none", [language], (0, testing_utils_1.createFeatures)([feature]), (0, testing_utils_1.getRecordingLogger)(messages));
t.is(buildMode, util_1.BuildMode.Autobuild);
t.deepEqual(messages, [
{
message: `Scanning ${displayName} code without a build is temporarily unavailable. Falling back to 'autobuild' build mode.`,
type: "warning",
},
]);
});
}
//# sourceMappingURL=config-utils.test.js.map //# sourceMappingURL=config-utils.test.js.map

2
lib/config-utils.test.js.map
View file

File diff suppressed because one or more lines are too long

21
lib/database-upload.js generated
View file

@ -35,9 +35,14 @@ async function uploadDatabases(repositoryNwo, config, apiDetails, logger) {
logger.debug("Database upload disabled in workflow. Skipping upload."); logger.debug("Database upload disabled in workflow. Skipping upload.");
return; return;
} }
if (util.isInTestMode()) {
logger.debug("In test mode. Skipping database upload.");
return;
}
// Do nothing when not running against github.com // Do nothing when not running against github.com
if (config.gitHubVersion.type !== util.GitHubVariant.DOTCOM) { if (config.gitHubVersion.type !== util.GitHubVariant.DOTCOM &&
logger.debug("Not running against github.com. Skipping upload."); config.gitHubVersion.type !== util.GitHubVariant.GHE_DOTCOM) {
logger.debug("Not running against github.com or GHEC-DR. Skipping upload.");
return; return;
} }
if (!(await actionsUtil.isAnalyzingDefaultBranch())) { if (!(await actionsUtil.isAnalyzingDefaultBranch())) {
@ -47,6 +52,14 @@ async function uploadDatabases(repositoryNwo, config, apiDetails, logger) {
} }
const client = (0, api_client_1.getApiClient)(); const client = (0, api_client_1.getApiClient)();
const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd); const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
const uploadsUrl = new URL((0, util_1.parseGitHubUrl)(apiDetails.url));
uploadsUrl.hostname = `uploads.${uploadsUrl.hostname}`;
// Octokit expects the baseUrl to not have a trailing slash,
// but it is included by default in a URL.
let uploadsBaseUrl = uploadsUrl.toString();
if (uploadsBaseUrl.endsWith("/")) {
uploadsBaseUrl = uploadsBaseUrl.slice(0, -1);
}
for (const language of config.languages) { for (const language of config.languages) {
try { try {
// Upload the database bundle. // Upload the database bundle.
@ -58,7 +71,8 @@ async function uploadDatabases(repositoryNwo, config, apiDetails, logger) {
const bundledDbReadStream = fs.createReadStream(bundledDb); const bundledDbReadStream = fs.createReadStream(bundledDb);
const commitOid = await actionsUtil.getCommitOid(actionsUtil.getRequiredInput("checkout_path")); const commitOid = await actionsUtil.getCommitOid(actionsUtil.getRequiredInput("checkout_path"));
try { try {
await client.request(`POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name&commit_oid=:commit_oid`, { await client.request(`POST /repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name&commit_oid=:commit_oid`, {
baseUrl: uploadsBaseUrl,
owner: repositoryNwo.owner, owner: repositoryNwo.owner,
repo: repositoryNwo.repo, repo: repositoryNwo.repo,
language, language,
@ -78,7 +92,6 @@ async function uploadDatabases(repositoryNwo, config, apiDetails, logger) {
} }
} }
catch (e) { catch (e) {
console.log(e);
// Log a warning but don't fail the workflow // Log a warning but don't fail the workflow
logger.warning(`Failed to upload database for ${language}: ${e}`); logger.warning(`Failed to upload database for ${language}: ${e}`);
} }

2
lib/database-upload.js.map
View file

@ -1 +1 @@
{"version":3,"file":"database-upload.js","sourceRoot":"","sources":["../src/database-upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AAEzB,4DAA8C;AAC9C,6CAA8D;AAC9D,qCAAqC;AAIrC,6CAA+B;AAC/B,iCAAkC;AAE3B,KAAK,UAAU,eAAe,CACnC,aAA4B,EAC5B,MAAc,EACd,UAA4B,EAC5B,MAAc;IAEd,IAAI,WAAW,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,KAAK,MAAM,EAAE,CAAC;QAC/D,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACvE,OAAO;IACT,CAAC;IAED,iDAAiD;IACjD,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE,CAAC;QAC5D,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACjE,OAAO;IACT,CAAC;IAED,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,wBAAwB,EAAE,CAAC,EAAE,CAAC;QACpD,4EAA4E;QAC5E,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC/D,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,yBAAY,GAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEjD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,IAAI,CAAC;YACH,8BAA8B;YAC9B,2EAA2E;YAC3E,8EAA8E;YAC9E,wEAAwE;YACxE,MAAM,SAAS,GAAG,MAAM,IAAA,eAAQ,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YACrE,MAAM,aAAa,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC;YAClD,MAAM,mBAAmB,GAAG,EAAE,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;YAC3D,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,YAAY,CAC9C,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAC9C,CAAC;YACF,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,OAAO,CAClB,+HAA+H,EAC/H;oBACE,KAAK,EAAE,aAAa,CAAC,KAAK;oBAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;oBACxB,QAAQ;oBACR,IAAI,EAAE,GAAG,QAAQ,WAAW;oBAC5B,UAAU,EAAE,SAAS;oBACrB,IAAI,EAAE,mBAAmB;oBACzB,OAAO,EAAE;wBACP,aAAa,EAAE,SAAS,UAAU,CAAC,IAAI,EAAE;wBACzC,cAAc,EAAE,iBAAiB;wBACjC,gBAAgB,EAAE,aAAa;qBAChC;iBACF,CACF,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;YACjE,CAAC;oBAAS,CAAC;gBACT,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAC9B,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACf,4CAA4C;YAC5C,MAAM,CAAC,OAAO,CAAC,iCAAiC,QAAQ,KAAK,CAAC,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;AACH,CAAC;AAjED,0CAiEC"} {"version":3,"file":"database-upload.js","sourceRoot":"","sources":["../src/database-upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AAEzB,4DAA8C;AAC9C,6CAA8D;AAC9D,qCAAqC;AAIrC,6CAA+B;AAC/B,iCAAkD;AAE3C,KAAK,UAAU,eAAe,CACnC,aAA4B,EAC5B,MAAc,EACd,UAA4B,EAC5B,MAAc;IAEd,IAAI,WAAW,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,KAAK,MAAM,EAAE,CAAC;QAC/D,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACvE,OAAO;IACT,CAAC;IAED,IAAI,IAAI,CAAC,YAAY,EAAE,EAAE,CAAC;QACxB,MAAM,CAAC,KAAK,CAAC,yCAAyC,CAAC,CAAC;QACxD,OAAO;IACT,CAAC;IAED,iDAAiD;IACjD,IACE,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM;QACvD,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,UAAU,EAC3D,CAAC;QACD,MAAM,CAAC,KAAK,CAAC,6DAA6D,CAAC,CAAC;QAC5E,OAAO;IACT,CAAC;IAED,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,wBAAwB,EAAE,CAAC,EAAE,CAAC;QACpD,4EAA4E;QAC5E,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC/D,OAAO;IACT,CAAC;IAED,MAAM,MAAM,GAAG,IAAA,yBAAY,GAAE,CAAC;IAC9B,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAEjD,MAAM,UAAU,GAAG,IAAI,GAAG,CAAC,IAAA,qBAAc,EAAC,UAAU,CAAC,GAAG,CAAC,CAAC,CAAC;IAC3D,UAAU,CAAC,QAAQ,GAAG,WAAW,UAAU,CAAC,QAAQ,EAAE,CAAC;IAEvD,4DAA4D;IAC5D,0CAA0C;IAC1C,IAAI,cAAc,GAAG,UAAU,CAAC,QAAQ,EAAE,CAAC;IAC3C,IAAI,cAAc,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE,CAAC;QACjC,cAAc,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,CAAC;IAC/C,CAAC;IAED,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACxC,IAAI,CAAC;YACH,8BAA8B;YAC9B,2EAA2E;YAC3E,8EAA8E;YAC9E,wEAAwE;YACxE,MAAM,SAAS,GAAG,MAAM,IAAA,eAAQ,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;YACrE,MAAM,aAAa,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,IAAI,CAAC;YAClD,MAAM,mBAAmB,GAAG,EAAE,CAAC,gBAAgB,CAAC,SAAS,CAAC,CAAC;YAC3D,MAAM,SAAS,GAAG,MAAM,WAAW,CAAC,YAAY,CAC9C,WAAW,CAAC,gBAAgB,CAAC,eAAe,CAAC,CAC9C,CAAC;YACF,IAAI,CAAC;gBACH,MAAM,MAAM,CAAC,OAAO,CAClB,qGAAqG,EACrG;oBACE,OAAO,EAAE,cAAc;oBACvB,KAAK,EAAE,aAAa,CAAC,KAAK;oBAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;oBACxB,QAAQ;oBACR,IAAI,EAAE,GAAG,QAAQ,WAAW;oBAC5B,UAAU,EAAE,SAAS;oBACrB,IAAI,EAAE,mBAAmB;oBACzB,OAAO,EAAE;wBACP,aAAa,EAAE,SAAS,UAAU,CAAC,IAAI,EAAE;wBACzC,cAAc,EAAE,iBAAiB;wBACjC,gBAAgB,EAAE,aAAa;qBAChC;iBACF,CACF,CAAC;gBACF,MAAM,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;YACjE,CAAC;oBAAS,CAAC;gBACT,mBAAmB,CAAC,KAAK,EAAE,CAAC;YAC9B,CAAC;QACH,CAAC;QAAC,OAAO,CAAC,EAAE,CAAC;YACX,4CAA4C;YAC5C,MAAM,CAAC,OAAO,CAAC,iCAAiC,QAAQ,KAAK,CAAC,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;AACH,CAAC;AAnFD,0CAmFC"}

19
lib/database-upload.test.js generated
View file

@ -57,7 +57,7 @@ async function mockHttpRequests(databaseUploadStatusCode) {
// Passing an auth token is required, so we just use a dummy value // Passing an auth token is required, so we just use a dummy value
const client = github.getOctokit("123"); const client = github.getOctokit("123");
const requestSpy = sinon.stub(client, "request"); const requestSpy = sinon.stub(client, "request");
const url = "POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name&commit_oid=:commit_oid"; const url = "POST /repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name&commit_oid=:commit_oid";
const databaseUploadSpy = requestSpy.withArgs(url); const databaseUploadSpy = requestSpy.withArgs(url);
if (databaseUploadStatusCode < 300) { if (databaseUploadStatusCode < 300) {
databaseUploadSpy.resolves(undefined); databaseUploadSpy.resolves(undefined);
@ -66,6 +66,7 @@ async function mockHttpRequests(databaseUploadStatusCode) {
databaseUploadSpy.throws(new util_1.HTTPError("some error message", databaseUploadStatusCode)); databaseUploadSpy.throws(new util_1.HTTPError("some error message", databaseUploadStatusCode));
} }
sinon.stub(apiClient, "getApiClient").value(() => client); sinon.stub(apiClient, "getApiClient").value(() => client);
return databaseUploadSpy;
} }
(0, ava_1.default)("Abort database upload if 'upload-database' input set to false", async (t) => { (0, ava_1.default)("Abort database upload if 'upload-database' input set to false", async (t) => {
await (0, util_1.withTmpDir)(async (tmpDir) => { await (0, util_1.withTmpDir)(async (tmpDir) => {
@ -95,7 +96,8 @@ async function mockHttpRequests(databaseUploadStatusCode) {
const loggedMessages = []; const loggedMessages = [];
await (0, database_upload_1.uploadDatabases)(testRepoName, config, testApiDetails, (0, testing_utils_1.getRecordingLogger)(loggedMessages)); await (0, database_upload_1.uploadDatabases)(testRepoName, config, testApiDetails, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
t.assert(loggedMessages.find((v) => v.type === "debug" && t.assert(loggedMessages.find((v) => v.type === "debug" &&
v.message === "Not running against github.com. Skipping upload.") !== undefined); v.message ===
"Not running against github.com or GHEC-DR. Skipping upload.") !== undefined);
}); });
}); });
(0, ava_1.default)("Abort database upload if not analyzing default branch", async (t) => { (0, ava_1.default)("Abort database upload if not analyzing default branch", async (t) => {
@ -133,7 +135,7 @@ async function mockHttpRequests(databaseUploadStatusCode) {
"Failed to upload database for javascript: Error: some error message") !== undefined); "Failed to upload database for javascript: Error: some error message") !== undefined);
}); });
}); });
(0, ava_1.default)("Successfully uploading a database to api.github.com", async (t) => { (0, ava_1.default)("Successfully uploading a database to github.com", async (t) => {
await (0, util_1.withTmpDir)(async (tmpDir) => { await (0, util_1.withTmpDir)(async (tmpDir) => {
(0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir); (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
sinon sinon
@ -153,7 +155,7 @@ async function mockHttpRequests(databaseUploadStatusCode) {
v.message === "Successfully uploaded database for javascript") !== undefined); v.message === "Successfully uploaded database for javascript") !== undefined);
}); });
}); });
(0, ava_1.default)("Successfully uploading a database to uploads.github.com", async (t) => { (0, ava_1.default)("Successfully uploading a database to GHEC-DR", async (t) => {
await (0, util_1.withTmpDir)(async (tmpDir) => { await (0, util_1.withTmpDir)(async (tmpDir) => {
(0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir); (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
sinon sinon
@ -161,16 +163,21 @@ async function mockHttpRequests(databaseUploadStatusCode) {
.withArgs("upload-database") .withArgs("upload-database")
.returns("true"); .returns("true");
sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true); sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
await mockHttpRequests(201); const databaseUploadSpy = await mockHttpRequests(201);
(0, codeql_1.setCodeQL)({ (0, codeql_1.setCodeQL)({
async databaseBundle(_, outputFilePath) { async databaseBundle(_, outputFilePath) {
fs.writeFileSync(outputFilePath, ""); fs.writeFileSync(outputFilePath, "");
}, },
}); });
const loggedMessages = []; const loggedMessages = [];
await (0, database_upload_1.uploadDatabases)(testRepoName, getTestConfig(tmpDir), testApiDetails, (0, testing_utils_1.getRecordingLogger)(loggedMessages)); await (0, database_upload_1.uploadDatabases)(testRepoName, getTestConfig(tmpDir), {
auth: "1234",
url: "https://tenant.ghe.com",
apiURL: undefined,
}, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
t.assert(loggedMessages.find((v) => v.type === "debug" && t.assert(loggedMessages.find((v) => v.type === "debug" &&
v.message === "Successfully uploaded database for javascript") !== undefined); v.message === "Successfully uploaded database for javascript") !== undefined);
t.assert(databaseUploadSpy.calledOnceWith(sinon.match.string, sinon.match.has("baseUrl", "https://uploads.tenant.ghe.com")));
}); });
}); });
//# sourceMappingURL=database-upload.test.js.map //# sourceMappingURL=database-upload.test.js.map

Some files were not shown because too many files have changed in this diff Show more