robojerk/codeql-action

Merge branch 'main' into update-bundle/codeql-bundle-v2.19.3

Browse source
This commit is contained in:
Chuan-kai Lin 2024-11-07 08:38:42 -08:00 committed by GitHub
commit 4e033f0e26
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
67 changed files with 99 additions and 80 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/environment.js generated
View file

@ -44,7 +44,7 @@ var EnvVar;
/** Whether the init action has been run. */
EnvVar["INIT_ACTION_HAS_RUN"] = "CODEQL_ACTION_INIT_HAS_RUN";
/**
* For MacOS. Result of `csrutil status` to determine whether System Integrity
* For macOS. Result of `csrutil status` to determine whether System Integrity
* Protection is enabled.
*/
EnvVar["IS_SIP_ENABLED"] = "CODEQL_ACTION_IS_SIP_ENABLED";

4
lib/init-action.js generated
View file

@ -330,13 +330,13 @@ async function run() {
if ((0, caching_utils_1.shouldRestoreCache)(config.dependencyCachingEnabled)) {
await (0, dependency_caching_1.downloadDependencyCaches)(config.languages, logger);
}
// For CLI versions <2.15.1, build tracing caused errors in MacOS ARM machines with
// For CLI versions <2.15.1, build tracing caused errors in macOS ARM machines with
// System Integrity Protection (SIP) disabled.
if (!(await (0, util_1.codeQlVersionAtLeast)(codeql, "2.15.1")) &&
process.platform === "darwin" &&
(process.arch === "arm" || process.arch === "arm64") &&
!(await (0, util_1.checkSipEnablement)(logger))) {
logger.warning("CodeQL versions 2.15.0 and lower are not supported on MacOS ARM machines with System Integrity Protection (SIP) disabled.");
logger.warning("CodeQL versions 2.15.0 and lower are not supported on macOS ARM machines with System Integrity Protection (SIP) disabled.");
}
// From 2.16.0 the default for the python extractor is to not perform any
// dependency extraction. For versions before that, you needed to set this flag to

2
lib/tracer-config.js generated
View file

@ -92,7 +92,7 @@ async function getCombinedTracerConfig(codeql, config) {
// If the CLI doesn't yet support setting the CODEQL_RUNNER environment variable to
// the runner executable path, we set it here in the Action.
if (!(await codeql.supportsFeature(tools_features_1.ToolsFeature.SetsCodeqlRunnerEnvVar))) {
// On MacOS when System Integrity Protection is enabled, it's necessary to prefix
// On macOS when System Integrity Protection is enabled, it's necessary to prefix
// the build command with the runner executable for indirect tracing, so we expose
// it here via the CODEQL_RUNNER environment variable.
// The executable also exists and works for other platforms so we unconditionally