robojerk/codeql-action

Merge pull request #834 from github/update-v1.0.25-f44219c9

Browse source 
Merge main into v1
This commit is contained in:
Robert 2021-12-06 15:13:18 +00:00 committed by GitHub
commit 546b30f35a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
36 changed files with 223 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/__debug-artifacts.yml generated vendored
View file

@ -41,6 +41,8 @@ jobs:
uses: ./.github/prepare-test uses: ./.github/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
- name: Initialize dotnet
run: dotnet restore
- uses: ./../action/init - uses: ./../action/init
with: with:
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}

2
.github/workflows/__go-custom-queries.yml generated vendored
View file

@ -44,6 +44,8 @@ jobs:
uses: ./.github/prepare-test uses: ./.github/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
- name: Initialize dotnet
run: dotnet restore
- uses: actions/setup-go@v2 - uses: actions/setup-go@v2
with: with:
go-version: ^1.13.1 go-version: ^1.13.1

2
.github/workflows/__multi-language-autodetect.yml generated vendored
View file

@ -41,6 +41,8 @@ jobs:
uses: ./.github/prepare-test uses: ./.github/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
- name: Initialize dotnet
run: dotnet restore
- uses: ./../action/init - uses: ./../action/init
with: with:
db-location: ${{ runner.temp }}/customDbLocation db-location: ${{ runner.temp }}/customDbLocation

2
.github/workflows/__packaging-config-inputs-js.yml generated vendored
View file

@ -35,6 +35,8 @@ jobs:
uses: ./.github/prepare-test uses: ./.github/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
- name: Initialize dotnet
run: dotnet restore
- uses: ./../action/init - uses: ./../action/init
with: with:
config-file: .github/codeql/codeql-config-packaging3.yml config-file: .github/codeql/codeql-config-packaging3.yml

2
.github/workflows/__packaging-config-js.yml generated vendored
View file

@ -35,6 +35,8 @@ jobs:
uses: ./.github/prepare-test uses: ./.github/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
- name: Initialize dotnet
run: dotnet restore
- uses: ./../action/init - uses: ./../action/init
with: with:
config-file: .github/codeql/codeql-config-packaging.yml config-file: .github/codeql/codeql-config-packaging.yml

2
.github/workflows/__packaging-inputs-js.yml generated vendored
View file

@ -35,6 +35,8 @@ jobs:
uses: ./.github/prepare-test uses: ./.github/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
- name: Initialize dotnet
run: dotnet restore
- uses: ./../action/init - uses: ./../action/init
with: with:
config-file: .github/codeql/codeql-config-packaging2.yml config-file: .github/codeql/codeql-config-packaging2.yml

2
.github/workflows/__remote-config.yml generated vendored
View file

@ -44,6 +44,8 @@ jobs:
uses: ./.github/prepare-test uses: ./.github/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
- name: Initialize dotnet
run: dotnet restore
- uses: ./../action/init - uses: ./../action/init
with: with:
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}

2
.github/workflows/__split-workflow.yml generated vendored
View file

@ -35,6 +35,8 @@ jobs:
uses: ./.github/prepare-test uses: ./.github/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
- name: Initialize dotnet
run: dotnet restore
- uses: ./../action/init - uses: ./../action/init
with: with:
config-file: .github/codeql/codeql-config-packaging3.yml config-file: .github/codeql/codeql-config-packaging3.yml

2
.github/workflows/__test-local-codeql.yml generated vendored
View file

@ -35,6 +35,8 @@ jobs:
uses: ./.github/prepare-test uses: ./.github/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
- name: Initialize dotnet
run: dotnet restore
- name: Fetch a CodeQL bundle - name: Fetch a CodeQL bundle
shell: bash shell: bash
env: env:

2
.github/workflows/__unset-environment.yml generated vendored
View file

@ -41,6 +41,8 @@ jobs:
uses: ./.github/prepare-test uses: ./.github/prepare-test
with: with:
version: ${{ matrix.version }} version: ${{ matrix.version }}
- name: Initialize dotnet
run: dotnet restore
- uses: ./../action/init - uses: ./../action/init
with: with:
db-location: ${{ runner.temp }}/customDbLocation db-location: ${{ runner.temp }}/customDbLocation

9
.github/workflows/pr-checks.yml vendored
View file

@ -163,6 +163,9 @@ jobs:
cd ../action/runner cd ../action/runner
npm install npm install
npm run build-runner npm run build-runner
- name: Initialize dotnet
run: dotnet restore
- name: Run init - name: Run init
run: | run: |
@ -200,6 +203,9 @@ jobs:
cd ../action/runner cd ../action/runner
npm install npm install
npm run build-runner npm run build-runner
- name: Initialize dotnet
run: dotnet restore
- name: Run init - name: Run init
run: | run: |
@ -246,6 +252,9 @@ jobs:
npm install npm install
npm run build-runner npm run build-runner
- name: Initialize dotnet
run: dotnet restore
- name: Run init - name: Run init
run: | run: |
../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }} ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}

4
CHANGELOG.md
View file

@ -1,5 +1,9 @@
# CodeQL Action and CodeQL Runner Changelog # CodeQL Action and CodeQL Runner Changelog
## 1.0.25 - 06 Dec 2021
No user facing changes.
## 1.0.24 - 23 Nov 2021 ## 1.0.24 - 23 Nov 2021
- Update default CodeQL bundle version to 2.7.2. [#827](https://github.com/github/codeql-action/pull/827) - Update default CodeQL bundle version to 2.7.2. [#827](https://github.com/github/codeql-action/pull/827)

35
lib/database-upload.js generated
View file

@ -42,11 +42,13 @@ async function uploadDatabases(repositoryNwo, config, apiDetails, logger) {
return; return;
} }
const client = (0, api_client_1.getApiClient)(apiDetails); const client = (0, api_client_1.getApiClient)(apiDetails);
let useUploadDomain;
try { try {
await client.request("GET /repos/:owner/:repo/code-scanning/codeql/databases", { const response = await client.request("GET /repos/:owner/:repo/code-scanning/codeql/databases", {
owner: repositoryNwo.owner, owner: repositoryNwo.owner,
repo: repositoryNwo.repo, repo: repositoryNwo.repo,
}); });
useUploadDomain = response.data["uploads_domain_enabled"];
} }
catch (e) { catch (e) {
if (util.isHTTPError(e) && e.status === 404) { if (util.isHTTPError(e) && e.status === 404) {
@ -60,15 +62,32 @@ async function uploadDatabases(repositoryNwo, config, apiDetails, logger) {
} }
const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd); const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
for (const language of config.languages) { for (const language of config.languages) {
// Upload the database bundle // Upload the database bundle.
// Although we are uploading arbitrary file contents to the API, it's worth
// noting that it's the API's job to validate that the contents is acceptable.
// This API method is available to anyone with write access to the repo.
const payload = fs.readFileSync(await (0, util_1.bundleDb)(config, language, codeql)); const payload = fs.readFileSync(await (0, util_1.bundleDb)(config, language, codeql));
try { try {
await client.request(`PUT /repos/:owner/:repo/code-scanning/codeql/databases/:language`, { if (useUploadDomain) {
owner: repositoryNwo.owner, await client.request(`POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name`, {
repo: repositoryNwo.repo, owner: repositoryNwo.owner,
language, repo: repositoryNwo.repo,
data: payload, language,
}); name: `${language}-database`,
data: payload,
headers: {
authorization: `token ${apiDetails.auth}`,
},
});
}
else {
await client.request(`PUT /repos/:owner/:repo/code-scanning/codeql/databases/:language`, {
owner: repositoryNwo.owner,
repo: repositoryNwo.repo,
language,
data: payload,
});
}
logger.debug(`Successfully uploaded database for ${language}`); logger.debug(`Successfully uploaded database for ${language}`);
} }
catch (e) { catch (e) {

2
lib/database-upload.js.map
View file

@ -1 +1 @@
{"version":3,"file":"database-upload.js","sourceRoot":"","sources":["../src/database-upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AAEzB,4DAA8C;AAC9C,6CAA8D;AAC9D,qCAAqC;AAIrC,6CAA+B;AAC/B,iCAAkC;AAE3B,KAAK,UAAU,eAAe,CACnC,aAA4B,EAC5B,MAAc,EACd,UAA4B,EAC5B,MAAc;IAEd,IAAI,WAAW,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,KAAK,MAAM,EAAE;QAC9D,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACvE,OAAO;KACR;IAED,iDAAiD;IACjD,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;QAC3D,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACjE,OAAO;KACR;IAED,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,wBAAwB,EAAE,CAAC,EAAE;QACnD,4EAA4E;QAC5E,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC/D,OAAO;KACR;IAED,MAAM,MAAM,GAAG,IAAA,yBAAY,EAAC,UAAU,CAAC,CAAC;IACxC,IAAI;QACF,MAAM,MAAM,CAAC,OAAO,CAClB,wDAAwD,EACxD;YACE,KAAK,EAAE,aAAa,CAAC,KAAK;YAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;SACzB,CACF,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,GAAG,EAAE;YAC3C,MAAM,CAAC,KAAK,CACV,kEAAkE,CACnE,CAAC;SACH;aAAM;YACL,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACf,MAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,EAAE,CAAC,CAAC;SACpE;QACD,OAAO;KACR;IAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,6BAA6B;QAC7B,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,MAAM,IAAA,eAAQ,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QAC1E,IAAI;YACF,MAAM,MAAM,CAAC,OAAO,CAClB,kEAAkE,EAClE;gBACE,KAAK,EAAE,aAAa,CAAC,KAAK;gBAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;gBACxB,QAAQ;gBACR,IAAI,EAAE,OAAO;aACd,CACF,CAAC;YACF,MAAM,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;SAChE;QAAC,OAAO,CAAC,EAAE;YACV,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACf,4CAA4C;YAC5C,MAAM,CAAC,OAAO,CAAC,iCAAiC,QAAQ,KAAK,CAAC,EAAE,CAAC,CAAC;SACnE;KACF;AACH,CAAC;AAjED,0CAiEC"} {"version":3,"file":"database-upload.js","sourceRoot":"","sources":["../src/database-upload.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;AAAA,uCAAyB;AAEzB,4DAA8C;AAC9C,6CAA8D;AAC9D,qCAAqC;AAIrC,6CAA+B;AAC/B,iCAAkC;AAE3B,KAAK,UAAU,eAAe,CACnC,aAA4B,EAC5B,MAAc,EACd,UAA4B,EAC5B,MAAc;IAEd,IAAI,WAAW,CAAC,gBAAgB,CAAC,iBAAiB,CAAC,KAAK,MAAM,EAAE;QAC9D,MAAM,CAAC,KAAK,CAAC,wDAAwD,CAAC,CAAC;QACvE,OAAO;KACR;IAED,iDAAiD;IACjD,IAAI,MAAM,CAAC,aAAa,CAAC,IAAI,KAAK,IAAI,CAAC,aAAa,CAAC,MAAM,EAAE;QAC3D,MAAM,CAAC,KAAK,CAAC,kDAAkD,CAAC,CAAC;QACjE,OAAO;KACR;IAED,IAAI,CAAC,CAAC,MAAM,WAAW,CAAC,wBAAwB,EAAE,CAAC,EAAE;QACnD,4EAA4E;QAC5E,MAAM,CAAC,KAAK,CAAC,gDAAgD,CAAC,CAAC;QAC/D,OAAO;KACR;IAED,MAAM,MAAM,GAAG,IAAA,yBAAY,EAAC,UAAU,CAAC,CAAC;IACxC,IAAI,eAAwB,CAAC;IAC7B,IAAI;QACF,MAAM,QAAQ,GAAG,MAAM,MAAM,CAAC,OAAO,CACnC,wDAAwD,EACxD;YACE,KAAK,EAAE,aAAa,CAAC,KAAK;YAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;SACzB,CACF,CAAC;QACF,eAAe,GAAG,QAAQ,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC;KAC3D;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,MAAM,KAAK,GAAG,EAAE;YAC3C,MAAM,CAAC,KAAK,CACV,kEAAkE,CACnE,CAAC;SACH;aAAM;YACL,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACf,MAAM,CAAC,IAAI,CAAC,kDAAkD,CAAC,EAAE,CAAC,CAAC;SACpE;QACD,OAAO;KACR;IAED,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,8BAA8B;QAC9B,2EAA2E;QAC3E,8EAA8E;QAC9E,wEAAwE;QACxE,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,MAAM,IAAA,eAAQ,EAAC,MAAM,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC,CAAC;QAC1E,IAAI;YACF,IAAI,eAAe,EAAE;gBACnB,MAAM,MAAM,CAAC,OAAO,CAClB,wGAAwG,EACxG;oBACE,KAAK,EAAE,aAAa,CAAC,KAAK;oBAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;oBACxB,QAAQ;oBACR,IAAI,EAAE,GAAG,QAAQ,WAAW;oBAC5B,IAAI,EAAE,OAAO;oBACb,OAAO,EAAE;wBACP,aAAa,EAAE,SAAS,UAAU,CAAC,IAAI,EAAE;qBAC1C;iBACF,CACF,CAAC;aACH;iBAAM;gBACL,MAAM,MAAM,CAAC,OAAO,CAClB,kEAAkE,EAClE;oBACE,KAAK,EAAE,aAAa,CAAC,KAAK;oBAC1B,IAAI,EAAE,aAAa,CAAC,IAAI;oBACxB,QAAQ;oBACR,IAAI,EAAE,OAAO;iBACd,CACF,CAAC;aACH;YACD,MAAM,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;SAChE;QAAC,OAAO,CAAC,EAAE;YACV,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;YACf,4CAA4C;YAC5C,MAAM,CAAC,OAAO,CAAC,iCAAiC,QAAQ,KAAK,CAAC,EAAE,CAAC,CAAC;SACnE;KACF;AACH,CAAC;AAtFD,0CAsFC"}

42
lib/database-upload.test.js generated
View file

@ -81,19 +81,29 @@ function getRecordingLogger(messages) {
endGroup: () => undefined, endGroup: () => undefined,
}; };
} }
function mockHttpRequests(optInStatusCode, databaseUploadStatusCode) { function mockHttpRequests(optInStatusCode, useUploadDomain, databaseUploadStatusCode) {
// Passing an auth token is required, so we just use a dummy value // Passing an auth token is required, so we just use a dummy value
const client = github.getOctokit("123"); const client = github.getOctokit("123");
const requestSpy = sinon.stub(client, "request"); const requestSpy = sinon.stub(client, "request");
const optInSpy = requestSpy.withArgs("GET /repos/:owner/:repo/code-scanning/codeql/databases"); const optInSpy = requestSpy.withArgs("GET /repos/:owner/:repo/code-scanning/codeql/databases");
if (optInStatusCode < 300) { if (optInStatusCode < 300) {
optInSpy.resolves(undefined); optInSpy.resolves({
status: optInStatusCode,
data: {
useUploadDomain,
},
headers: {},
url: "GET /repos/:owner/:repo/code-scanning/codeql/databases",
});
} }
else { else {
optInSpy.throws(new util_1.HTTPError("some error message", optInStatusCode)); optInSpy.throws(new util_1.HTTPError("some error message", optInStatusCode));
} }
if (databaseUploadStatusCode !== undefined) { if (databaseUploadStatusCode !== undefined) {
const databaseUploadSpy = requestSpy.withArgs("PUT /repos/:owner/:repo/code-scanning/codeql/databases/:language"); const url = useUploadDomain
? "POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name"
: "PUT /repos/:owner/:repo/code-scanning/codeql/databases/:language";
const databaseUploadSpy = requestSpy.withArgs(url);
if (databaseUploadStatusCode < 300) { if (databaseUploadStatusCode < 300) {
databaseUploadSpy.resolves(undefined); databaseUploadSpy.resolves(undefined);
} }
@ -213,7 +223,7 @@ function mockHttpRequests(optInStatusCode, databaseUploadStatusCode) {
.withArgs("upload-database") .withArgs("upload-database")
.returns("true"); .returns("true");
sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true); sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
mockHttpRequests(204, 500); mockHttpRequests(200, false, 500);
(0, codeql_1.setCodeQL)({ (0, codeql_1.setCodeQL)({
async databaseBundle(_, outputFilePath) { async databaseBundle(_, outputFilePath) {
fs.writeFileSync(outputFilePath, ""); fs.writeFileSync(outputFilePath, "");
@ -226,7 +236,7 @@ function mockHttpRequests(optInStatusCode, databaseUploadStatusCode) {
"Failed to upload database for javascript: Error: some error message") !== undefined); "Failed to upload database for javascript: Error: some error message") !== undefined);
}); });
}); });
(0, ava_1.default)("Successfully uploading a database", async (t) => { (0, ava_1.default)("Successfully uploading a database to api.github.com", async (t) => {
await (0, util_1.withTmpDir)(async (tmpDir) => { await (0, util_1.withTmpDir)(async (tmpDir) => {
(0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir); (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
sinon sinon
@ -234,7 +244,27 @@ function mockHttpRequests(optInStatusCode, databaseUploadStatusCode) {
.withArgs("upload-database") .withArgs("upload-database")
.returns("true"); .returns("true");
sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true); sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
mockHttpRequests(204, 201); mockHttpRequests(200, false, 201);
(0, codeql_1.setCodeQL)({
async databaseBundle(_, outputFilePath) {
fs.writeFileSync(outputFilePath, "");
},
});
const loggedMessages = [];
await (0, database_upload_1.uploadDatabases)(testRepoName, getTestConfig(tmpDir), testApiDetails, getRecordingLogger(loggedMessages));
t.assert(loggedMessages.find((v) => v.type === "debug" &&
v.message === "Successfully uploaded database for javascript") !== undefined);
});
});
(0, ava_1.default)("Successfully uploading a database to uploads.github.com", async (t) => {
await (0, util_1.withTmpDir)(async (tmpDir) => {
(0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
sinon
.stub(actionsUtil, "getRequiredInput")
.withArgs("upload-database")
.returns("true");
sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
mockHttpRequests(200, true, 201);
(0, codeql_1.setCodeQL)({ (0, codeql_1.setCodeQL)({
async databaseBundle(_, outputFilePath) { async databaseBundle(_, outputFilePath) {
fs.writeFileSync(outputFilePath, ""); fs.writeFileSync(outputFilePath, "");

2
lib/database-upload.test.js.map
View file

File diff suppressed because one or more lines are too long

10
lib/util.js generated
View file

@ -486,9 +486,15 @@ exports.codeQlVersionAbove = codeQlVersionAbove;
async function bundleDb(config, language, codeql) { async function bundleDb(config, language, codeql) {
const databasePath = getCodeQLDatabasePath(config, language); const databasePath = getCodeQLDatabasePath(config, language);
const databaseBundlePath = path.resolve(config.dbLocation, `${databasePath}.zip`); const databaseBundlePath = path.resolve(config.dbLocation, `${databasePath}.zip`);
if (!fs.existsSync(databaseBundlePath)) { // For a tiny bit of added safety, delete the file if it exists.
await codeql.databaseBundle(databasePath, databaseBundlePath); // The file is probably from an earlier call to this function, either
// as part of this action step or a previous one, but it could also be
// from somewhere else or someone trying to make the action upload a
// non-database file.
if (fs.existsSync(databaseBundlePath)) {
fs.rmSync(databaseBundlePath, { recursive: true });
} }
await codeql.databaseBundle(databasePath, databaseBundlePath);
return databaseBundlePath; return databaseBundlePath;
} }
exports.bundleDb = bundleDb; exports.bundleDb = bundleDb;

2
lib/util.js.map
View file

File diff suppressed because one or more lines are too long

2
node_modules/.package-lock.json generated vendored
View file

@ -1,6 +1,6 @@
{ {
"name": "codeql", "name": "codeql",
"version": "1.0.24", "version": "1.0.25",
"lockfileVersion": 2, "lockfileVersion": 2,
"requires": true, "requires": true,
"packages": { "packages": {

4
package-lock.json generated
View file

@ -1,12 +1,12 @@
{ {
"name": "codeql", "name": "codeql",
"version": "1.0.24", "version": "1.0.25",
"lockfileVersion": 2, "lockfileVersion": 2,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "codeql", "name": "codeql",
"version": "1.0.24", "version": "1.0.25",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@actions/artifact": "^0.5.2", "@actions/artifact": "^0.5.2",

2
package.json
View file

@ -1,6 +1,6 @@
{ {
"name": "codeql", "name": "codeql",
"version": "1.0.24", "version": "1.0.25",
"private": true, "private": true,
"description": "CodeQL action", "description": "CodeQL action",
"scripts": { "scripts": {

2
pr-checks/checks/debug-artifacts.yml
View file

@ -2,6 +2,8 @@ name: "Debug artifact upload"
description: "Checks that debugging artifacts are correctly uploaded" description: "Checks that debugging artifacts are correctly uploaded"
os: ["ubuntu-latest", "macos-latest"] os: ["ubuntu-latest", "macos-latest"]
steps: steps:
- name: Initialize dotnet
run: dotnet restore
- uses: ./../action/init - uses: ./../action/init
with: with:
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}

2
pr-checks/checks/go-custom-queries.yml
View file

@ -1,6 +1,8 @@
name: "Go: Custom queries" name: "Go: Custom queries"
description: "Checks that Go works in conjunction with a config file specifying custom queries" description: "Checks that Go works in conjunction with a config file specifying custom queries"
steps: steps:
- name: Initialize dotnet
run: dotnet restore
- uses: actions/setup-go@v2 - uses: actions/setup-go@v2
with: with:
go-version: "^1.13.1" go-version: "^1.13.1"

2
pr-checks/checks/multi-language-autodetect.yml
View file

@ -2,6 +2,8 @@ name: "Multi-language repository"
description: "An end-to-end integration test of a multi-language repository using automatic language detection" description: "An end-to-end integration test of a multi-language repository using automatic language detection"
os: ["ubuntu-latest", "macos-latest"] os: ["ubuntu-latest", "macos-latest"]
steps: steps:
- name: Initialize dotnet
run: dotnet restore
- uses: ./../action/init - uses: ./../action/init
with: with:
db-location: "${{ runner.temp }}/customDbLocation" db-location: "${{ runner.temp }}/customDbLocation"

2
pr-checks/checks/packaging-config-inputs-js.yml
View file

@ -3,6 +3,8 @@ description: "Checks that specifying packages using a combination of a config fi
versions: ["nightly-20210831"] # This CLI version is known to work with package used in this test versions: ["nightly-20210831"] # This CLI version is known to work with package used in this test
os: ["ubuntu-latest", "macos-latest"] os: ["ubuntu-latest", "macos-latest"]
steps: steps:
- name: Initialize dotnet
run: dotnet restore
- uses: ./../action/init - uses: ./../action/init
with: with:
config-file: ".github/codeql/codeql-config-packaging3.yml" config-file: ".github/codeql/codeql-config-packaging3.yml"

2
pr-checks/checks/packaging-config-js.yml
View file

@ -3,6 +3,8 @@ description: "Checks that specifying packages using only a config file works"
versions: ["nightly-20210831"] # This CLI version is known to work with package used in this test versions: ["nightly-20210831"] # This CLI version is known to work with package used in this test
os: ["ubuntu-latest", "macos-latest"] os: ["ubuntu-latest", "macos-latest"]
steps: steps:
- name: Initialize dotnet
run: dotnet restore
- uses: ./../action/init - uses: ./../action/init
with: with:
config-file: ".github/codeql/codeql-config-packaging.yml" config-file: ".github/codeql/codeql-config-packaging.yml"

2
pr-checks/checks/packaging-inputs-js.yml
View file

@ -3,6 +3,8 @@ description: "Checks that specifying packages using the input to the Action work
versions: ["nightly-20210831"] # This CLI version is known to work with package used in this test versions: ["nightly-20210831"] # This CLI version is known to work with package used in this test
os: ["ubuntu-latest", "macos-latest"] os: ["ubuntu-latest", "macos-latest"]
steps: steps:
- name: Initialize dotnet
run: dotnet restore
- uses: ./../action/init - uses: ./../action/init
with: with:
config-file: ".github/codeql/codeql-config-packaging2.yml" config-file: ".github/codeql/codeql-config-packaging2.yml"

2
pr-checks/checks/remote-config.yml
View file

@ -1,6 +1,8 @@
name: "Remote config file" name: "Remote config file"
description: "Checks that specifying packages using only a config file works" description: "Checks that specifying packages using only a config file works"
steps: steps:
- name: Initialize dotnet
run: dotnet restore
- uses: ./../action/init - uses: ./../action/init
with: with:
tools: ${{ steps.prepare-test.outputs.tools-url }} tools: ${{ steps.prepare-test.outputs.tools-url }}

2
pr-checks/checks/split-workflow.yml
View file

@ -3,6 +3,8 @@ description: "Tests a split-up workflow in which we first build a database and l
versions: ["nightly-20210831"] # This CLI version is known to work with package used in this test versions: ["nightly-20210831"] # This CLI version is known to work with package used in this test
os: ["ubuntu-latest", "macos-latest"] os: ["ubuntu-latest", "macos-latest"]
steps: steps:
- name: Initialize dotnet
run: dotnet restore
- uses: ./../action/init - uses: ./../action/init
with: with:
config-file: ".github/codeql/codeql-config-packaging3.yml" config-file: ".github/codeql/codeql-config-packaging3.yml"

2
pr-checks/checks/test-local-codeql.yml
View file

@ -3,6 +3,8 @@ description: "Tests using a CodeQL bundle from a local file rather than a URL"
versions: ["nightly-latest"] versions: ["nightly-latest"]
os: ["ubuntu-latest"] os: ["ubuntu-latest"]
steps: steps:
- name: Initialize dotnet
run: dotnet restore
- name: Fetch a CodeQL bundle - name: Fetch a CodeQL bundle
shell: bash shell: bash
env: env:

2
pr-checks/checks/unset-environment.yml
View file

@ -2,6 +2,8 @@ name: "Test unsetting environment variables"
description: "An end-to-end integration test that unsets some environment variables" description: "An end-to-end integration test that unsets some environment variables"
os: ["ubuntu-latest"] os: ["ubuntu-latest"]
steps: steps:
- name: Initialize dotnet
run: dotnet restore
- uses: ./../action/init - uses: ./../action/init
with: with:
db-location: "${{ runner.temp }}/customDbLocation" db-location: "${{ runner.temp }}/customDbLocation"

2
runner/package-lock.json generated
View file

@ -1,6 +1,6 @@
{ {
"name": "codeql-runner", "name": "codeql-runner",
"version": "1.0.24", "version": "1.0.25",
"lockfileVersion": 1, "lockfileVersion": 1,
"requires": true, "requires": true,
"dependencies": { "dependencies": {

2
runner/package.json
View file

@ -1,6 +1,6 @@
{ {
"name": "codeql-runner", "name": "codeql-runner",
"version": "1.0.24", "version": "1.0.25",
"private": true, "private": true,
"description": "CodeQL runner", "description": "CodeQL runner",
"scripts": { "scripts": {

57
src/database-upload.test.ts
View file

@ -82,6 +82,7 @@ function getRecordingLogger(messages: LoggedMessage[]): Logger {
function mockHttpRequests( function mockHttpRequests(
optInStatusCode: number, optInStatusCode: number,
useUploadDomain?: boolean,
databaseUploadStatusCode?: number databaseUploadStatusCode?: number
) { ) {
// Passing an auth token is required, so we just use a dummy value // Passing an auth token is required, so we just use a dummy value
@ -93,15 +94,23 @@ function mockHttpRequests(
"GET /repos/:owner/:repo/code-scanning/codeql/databases" "GET /repos/:owner/:repo/code-scanning/codeql/databases"
); );
if (optInStatusCode < 300) { if (optInStatusCode < 300) {
optInSpy.resolves(undefined); optInSpy.resolves({
status: optInStatusCode,
data: {
useUploadDomain,
},
headers: {},
url: "GET /repos/:owner/:repo/code-scanning/codeql/databases",
});
} else { } else {
optInSpy.throws(new HTTPError("some error message", optInStatusCode)); optInSpy.throws(new HTTPError("some error message", optInStatusCode));
} }
if (databaseUploadStatusCode !== undefined) { if (databaseUploadStatusCode !== undefined) {
const databaseUploadSpy = requestSpy.withArgs( const url = useUploadDomain
"PUT /repos/:owner/:repo/code-scanning/codeql/databases/:language" ? "POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name"
); : "PUT /repos/:owner/:repo/code-scanning/codeql/databases/:language";
const databaseUploadSpy = requestSpy.withArgs(url);
if (databaseUploadStatusCode < 300) { if (databaseUploadStatusCode < 300) {
databaseUploadSpy.resolves(undefined); databaseUploadSpy.resolves(undefined);
} else { } else {
@ -303,7 +312,7 @@ test("Don't crash if uploading a database fails", async (t) => {
.returns("true"); .returns("true");
sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true); sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
mockHttpRequests(204, 500); mockHttpRequests(200, false, 500);
setCodeQL({ setCodeQL({
async databaseBundle(_: string, outputFilePath: string) { async databaseBundle(_: string, outputFilePath: string) {
@ -329,7 +338,7 @@ test("Don't crash if uploading a database fails", async (t) => {
}); });
}); });
test("Successfully uploading a database", async (t) => { test("Successfully uploading a database to api.github.com", async (t) => {
await withTmpDir(async (tmpDir) => { await withTmpDir(async (tmpDir) => {
setupActionsVars(tmpDir, tmpDir); setupActionsVars(tmpDir, tmpDir);
sinon sinon
@ -338,7 +347,41 @@ test("Successfully uploading a database", async (t) => {
.returns("true"); .returns("true");
sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true); sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
mockHttpRequests(204, 201); mockHttpRequests(200, false, 201);
setCodeQL({
async databaseBundle(_: string, outputFilePath: string) {
fs.writeFileSync(outputFilePath, "");
},
});
const loggedMessages = [] as LoggedMessage[];
await uploadDatabases(
testRepoName,
getTestConfig(tmpDir),
testApiDetails,
getRecordingLogger(loggedMessages)
);
t.assert(
loggedMessages.find(
(v) =>
v.type === "debug" &&
v.message === "Successfully uploaded database for javascript"
) !== undefined
);
});
});
test("Successfully uploading a database to uploads.github.com", async (t) => {
await withTmpDir(async (tmpDir) => {
setupActionsVars(tmpDir, tmpDir);
sinon
.stub(actionsUtil, "getRequiredInput")
.withArgs("upload-database")
.returns("true");
sinon.stub(actionsUtil, "isAnalyzingDefaultBranch").resolves(true);
mockHttpRequests(200, true, 201);
setCodeQL({ setCodeQL({
async databaseBundle(_: string, outputFilePath: string) { async databaseBundle(_: string, outputFilePath: string) {

43
src/database-upload.ts
View file

@ -33,14 +33,16 @@ export async function uploadDatabases(
} }
const client = getApiClient(apiDetails); const client = getApiClient(apiDetails);
let useUploadDomain: boolean;
try { try {
await client.request( const response = await client.request(
"GET /repos/:owner/:repo/code-scanning/codeql/databases", "GET /repos/:owner/:repo/code-scanning/codeql/databases",
{ {
owner: repositoryNwo.owner, owner: repositoryNwo.owner,
repo: repositoryNwo.repo, repo: repositoryNwo.repo,
} }
); );
useUploadDomain = response.data["uploads_domain_enabled"];
} catch (e) { } catch (e) {
if (util.isHTTPError(e) && e.status === 404) { if (util.isHTTPError(e) && e.status === 404) {
logger.debug( logger.debug(
@ -55,18 +57,37 @@ export async function uploadDatabases(
const codeql = await getCodeQL(config.codeQLCmd); const codeql = await getCodeQL(config.codeQLCmd);
for (const language of config.languages) { for (const language of config.languages) {
// Upload the database bundle // Upload the database bundle.
// Although we are uploading arbitrary file contents to the API, it's worth
// noting that it's the API's job to validate that the contents is acceptable.
// This API method is available to anyone with write access to the repo.
const payload = fs.readFileSync(await bundleDb(config, language, codeql)); const payload = fs.readFileSync(await bundleDb(config, language, codeql));
try { try {
await client.request( if (useUploadDomain) {
`PUT /repos/:owner/:repo/code-scanning/codeql/databases/:language`, await client.request(
{ `POST https://uploads.github.com/repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name`,
owner: repositoryNwo.owner, {
repo: repositoryNwo.repo, owner: repositoryNwo.owner,
language, repo: repositoryNwo.repo,
data: payload, language,
} name: `${language}-database`,
); data: payload,
headers: {
authorization: `token ${apiDetails.auth}`,
},
}
);
} else {
await client.request(
`PUT /repos/:owner/:repo/code-scanning/codeql/databases/:language`,
{
owner: repositoryNwo.owner,
repo: repositoryNwo.repo,
language,
data: payload,
}
);
}
logger.debug(`Successfully uploaded database for ${language}`); logger.debug(`Successfully uploaded database for ${language}`);
} catch (e) { } catch (e) {
console.log(e); console.log(e);

10
src/util.ts
View file

@ -559,9 +559,15 @@ export async function bundleDb(
config.dbLocation, config.dbLocation,
`${databasePath}.zip` `${databasePath}.zip`
); );
if (!fs.existsSync(databaseBundlePath)) { // For a tiny bit of added safety, delete the file if it exists.
await codeql.databaseBundle(databasePath, databaseBundlePath); // The file is probably from an earlier call to this function, either
// as part of this action step or a previous one, but it could also be
// from somewhere else or someone trying to make the action upload a
// non-database file.
if (fs.existsSync(databaseBundlePath)) {
fs.rmSync(databaseBundlePath, { recursive: true });
} }
await codeql.databaseBundle(databasePath, databaseBundlePath);
return databaseBundlePath; return databaseBundlePath;
} }