Merge pull request #1496 from github/henrymercer/no-cache-nightlies

Increase strictness of tool caching threshold to avoid caching nightlies
2023-01-20 17:57:55 +00:00 · 2023-01-20 17:57:55 +00:00 · 421a1b344f
commit 421a1b344f
parent 6456115682 54f4ea7a62
6 changed files with 22 additions and 10 deletions
--- a/lib/codeql.test.js
+++ b/lib/codeql.test.js
@ -184,6 +184,10 @@ const EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES = [
        cliVersion: "2.10.0-pre",
        expectedToolcacheVersion: "0.0.0-20200610",
    },
+    {
+        cliVersion: "2.10.0+202006100101",
+        expectedToolcacheVersion: "0.0.0-20200610",
+    },
 ];
 for (const { cliVersion, expectedToolcacheVersion, } of EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES) {
    (0, ava_1.default)(`caches an explicitly requested bundle containing CLI ${cliVersion} as ${expectedToolcacheVersion}`, async (t) => {
--- a/lib/codeql.test.js.map
+++ b/lib/codeql.test.js.map
--- a/lib/setup-codeql.js
+++ b/lib/setup-codeql.js
@ -428,10 +428,12 @@ async function downloadCodeQL(codeqlURL, maybeCliVersion, apiDetails, variant, t
    // if the user requests the same URL again, we can get it from the cache without having to call
    // any of the Releases API.
    //
-    // Special case: If the CLI version is a pre-release, then cache the bundle as
-    // `0.0.0-<bundleVersion>` to avoid the bundle being interpreted as containing a stable CLI
-    // release.
-    const toolcacheVersion = cliVersion && !cliVersion.includes("-")
+    // Special case: If the CLI version is a pre-release or contains build metadata, then cache the
+    // bundle as `0.0.0-<bundleVersion>` to avoid the bundle being interpreted as containing a stable
+    // CLI release. In principle, it should be enough to just check that the CLI version isn't a
+    // pre-release, but the version numbers of CodeQL nightlies have the format `x.y.z+<timestamp>`,
+    // and we don't want these nightlies to override stable CLI versions in the toolcache.
+    const toolcacheVersion = cliVersion && cliVersion.match(/^[0-9]+\.[0-9]+\.[0-9]+$/)
        ? `${cliVersion}-${bundleVersion}`
        : convertToSemVer(bundleVersion, logger);
    return {
--- a/lib/setup-codeql.js.map
+++ b/lib/setup-codeql.js.map
--- a/src/codeql.test.ts
+++ b/src/codeql.test.ts
@ -248,6 +248,10 @@ const EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES = [
    cliVersion: "2.10.0-pre",
    expectedToolcacheVersion: "0.0.0-20200610",
  },
+  {
+    cliVersion: "2.10.0+202006100101",
+    expectedToolcacheVersion: "0.0.0-20200610",
+  },
 ];

 for (const {
--- a/src/setup-codeql.ts
+++ b/src/setup-codeql.ts
@ -565,11 +565,13 @@ export async function downloadCodeQL(
  // if the user requests the same URL again, we can get it from the cache without having to call
  // any of the Releases API.
  //
-  // Special case: If the CLI version is a pre-release, then cache the bundle as
-  // `0.0.0-<bundleVersion>` to avoid the bundle being interpreted as containing a stable CLI
-  // release.
+  // Special case: If the CLI version is a pre-release or contains build metadata, then cache the
+  // bundle as `0.0.0-<bundleVersion>` to avoid the bundle being interpreted as containing a stable
+  // CLI release. In principle, it should be enough to just check that the CLI version isn't a
+  // pre-release, but the version numbers of CodeQL nightlies have the format `x.y.z+<timestamp>`,
+  // and we don't want these nightlies to override stable CLI versions in the toolcache.
  const toolcacheVersion =
-    cliVersion && !cliVersion.includes("-")
+    cliVersion && cliVersion.match(/^[0-9]+\.[0-9]+\.[0-9]+$/)
      ? `${cliVersion}-${bundleVersion}`
      : convertToSemVer(bundleVersion, logger);
  return {