Merge branch 'main' into henrymercer/bypass-toolcache-feature-flag

2022-08-17 11:39:33 +01:00 · 2022-08-17 11:39:33 +01:00 · 416ad3d847
commit 416ad3d847
parent e1cd41a365 8bc36d5f46
13 changed files with 98 additions and 18 deletions
--- a/src/actions-util.ts
+++ b/src/actions-util.ts
@ -8,6 +8,7 @@ import * as safeWhich from "@chrisgavin/safe-which";
 import * as yaml from "js-yaml";

 import * as api from "./api-client";
+import { CODEQL_DEFAULT_ACTION_REPOSITORY } from "./codeql";
 import { Config } from "./config-utils";
 import * as sharedEnv from "./shared-environment";
 import {
@ -900,3 +901,17 @@ export async function printDebugLogs(config: Config) {
    walkLogFiles(logsDirectory);
  }
 }
+
+// Returns whether workflow kicked off by codeql-action repo itself,
+// or a fork of it.
+export function isAnalyzingCodeQLActionRepoOrFork(): boolean {
+  const codeQLActionRepoUrl = `https://api.github.com/repos/${CODEQL_DEFAULT_ACTION_REPOSITORY}`;
+  const repo = getWorkflowEvent()?.repository;
+  if (repo?.url === codeQLActionRepoUrl) {
+    return true;
+  }
+  if (repo?.fork && repo?.parent?.url === codeQLActionRepoUrl) {
+    return true;
+  }
+  return false;
+}
--- a/src/analyze-action.ts
+++ b/src/analyze-action.ts
@ -83,6 +83,15 @@ export async function sendStatusReport(
  }
 }

+// `expect-error` should only be set to any value by the
+// codeql-action repo or a fork of it.
+function hasBadExpectErrorInput(): boolean {
+  return (
+    actionsUtil.getOptionalInput("expect-error") !== "false" &&
+    !actionsUtil.isAnalyzingCodeQLActionRepoOrFork()
+  );
+}
+
 async function run() {
  const startedAt = new Date();
  let uploadResult: UploadResult | undefined = undefined;
@ -112,6 +121,13 @@ async function run() {
        "Config file could not be found at expected location. Has the 'init' action been called?"
      );
    }
+
+    if (hasBadExpectErrorInput()) {
+      throw new Error(
+        "`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork."
+      );
+    }
+
    await util.enrichEnvironment(
      util.Mode.actions,
      await getCodeQL(config.codeQLCmd)
@ -206,10 +222,22 @@ async function run() {
        getActionsLogger()
      );
    }
+    // If we did not throw an error yet here, but we expect one, throw it.
+    if (actionsUtil.getOptionalInput("expect-error") === "true") {
+      core.setFailed(
+        `expect-error input was set to true but no error was thrown.`
+      );
+    }
  } catch (origError) {
    const error =
      origError instanceof Error ? origError : new Error(String(origError));
-    core.setFailed(error.message);
+    if (
+      actionsUtil.getOptionalInput("expect-error") !== "true" ||
+      hasBadExpectErrorInput()
+    ) {
+      core.setFailed(error.message);
+    }
+
    console.log(error);

    if (error instanceof CodeQLAnalysisError) {
--- a/src/api-compatibility.json
+++ b/src/api-compatibility.json
@ -1 +1 @@
-{"maximumVersion": "3.6", "minimumVersion": "3.2"}
+{"maximumVersion": "3.7", "minimumVersion": "3.2"}
--- a/src/codeql.ts
+++ b/src/codeql.ts
@ -222,7 +222,7 @@ interface PackDownloadItem {
 let cachedCodeQL: CodeQL | undefined = undefined;

 const CODEQL_BUNDLE_VERSION = defaults.bundleVersion;
-const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
+export const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";

 /**
 * The oldest version of CodeQL that the Action will run with. This should be