robojerk/codeql-action

Add specific error for lacking actions:write permission

Browse source
This commit is contained in:
Henry Mercer 2024-05-22 12:13:20 +01:00
parent 610e72285f
commit 59af9fc5ab
3 changed files with 28 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

28
lib/trap-caching.js generated
View file

@ -29,7 +29,6 @@ const path = __importStar(require("path"));
const actionsCache = __importStar(require("@actions/cache"));
const actionsUtil = __importStar(require("./actions-util"));
const apiClient = __importStar(require("./api-client"));
const diagnostics_1 = require("./diagnostics");
const util_1 = require("./util");
// This constant should be bumped if we make a breaking change
// to how the CodeQL Action stores or retrieves the TRAP cache,
@ -141,10 +140,10 @@ async function cleanupTrapCaches(config, logger) {
if (config.trapCaches[language]) {
const cachesToRemove = await getTrapCachesForLanguage(language, logger);
// Dates returned by the API are in ISO 8601 format, so we can sort them lexicographically
cachesToRemove.sort((a, b) => b.created_at.localeCompare(a.created_at));
cachesToRemove.sort((a, b) => a.created_at.localeCompare(b.created_at));
// Keep the most recent cache
logger.debug(`Keeping newest TRAP cache (${JSON.stringify(cachesToRemove[0])})`);
cachesToRemove.pop();
const mostRecentCache = cachesToRemove.pop();
logger.debug(`Keeping most recent TRAP cache (${JSON.stringify(mostRecentCache)})`);
for (const cache of cachesToRemove) {
logger.debug(`Deleting old TRAP cache (${JSON.stringify(cache)})`);
await apiClient.deleteActionsCache(cache.id);
@ -152,22 +151,19 @@ async function cleanupTrapCaches(config, logger) {
const totalBytesCleanedUp = cachesToRemove.reduce((acc, item) => acc + item.size_in_bytes, 0);
const totalMegabytesCleanedUp = (totalBytesCleanedUp /
(1024 * 1024)).toFixed(2);
const message = `Cleaned up ${totalMegabytesCleanedUp} MiB of old TRAP caches for ${language}.`;
logger.info(message);
(0, diagnostics_1.addDiagnostic)(config, language, (0, diagnostics_1.makeDiagnostic)("codeql-action/trap-caching/cleanup", "TRAP caching cleanup statistics", {
attributes: {
totalBytesCleanedUp,
},
plaintextMessage: message,
visibility: {
telemetry: true,
},
}));
logger.info(`Cleaned up ${totalMegabytesCleanedUp} MiB of old TRAP caches for ${language}.`);
}
}
}
catch (e) {
logger.info(`Failed to cleanup trap caches, continuing. Details: ${e}`);
if ((0, util_1.isHTTPError)(e) && e.status === 403) {
logger.warning("Could not cleanup TRAP caches as the token did not have the required permissions. " +
'To clean up TRAP caches, ensure the token has the "actions:write" permission. ' +
"For more information, see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs");
}
else {
logger.info(`Failed to cleanup TRAP caches, continuing. Details: ${e}`);
}
}
}
exports.cleanupTrapCaches = cleanupTrapCaches;

2
lib/trap-caching.js.map
View file

File diff suppressed because one or more lines are too long

39
src/trap-caching.ts
View file

@ -7,10 +7,9 @@ import * as actionsUtil from "./actions-util";
import * as apiClient from "./api-client";
import { CodeQL } from "./codeql";
import type { Config } from "./config-utils";
import { addDiagnostic, makeDiagnostic } from "./diagnostics";
import { Language } from "./languages";
import { Logger } from "./logging";
import { tryGetFolderBytes, withTimeout } from "./util";
import { isHTTPError, tryGetFolderBytes, withTimeout } from "./util";
// This constant should be bumped if we make a breaking change
// to how the CodeQL Action stores or retrieves the TRAP cache,
@ -170,12 +169,12 @@ export async function cleanupTrapCaches(config: Config, logger: Logger) {
if (config.trapCaches[language]) {
const cachesToRemove = await getTrapCachesForLanguage(language, logger);
// Dates returned by the API are in ISO 8601 format, so we can sort them lexicographically
cachesToRemove.sort((a, b) => b.created_at.localeCompare(a.created_at));
cachesToRemove.sort((a, b) => a.created_at.localeCompare(b.created_at));
// Keep the most recent cache
const mostRecentCache = cachesToRemove.pop();
logger.debug(
`Keeping newest TRAP cache (${JSON.stringify(cachesToRemove[0])})`,
`Keeping most recent TRAP cache (${JSON.stringify(mostRecentCache)})`,
);
cachesToRemove.pop();
for (const cache of cachesToRemove) {
logger.debug(`Deleting old TRAP cache (${JSON.stringify(cache)})`);
await apiClient.deleteActionsCache(cache.id);
@ -188,29 +187,21 @@ export async function cleanupTrapCaches(config: Config, logger: Logger) {
totalBytesCleanedUp /
(1024 * 1024)
).toFixed(2);
const message = `Cleaned up ${totalMegabytesCleanedUp} MiB of old TRAP caches for ${language}.`;
logger.info(message);
addDiagnostic(
config,
language,
makeDiagnostic(
"codeql-action/trap-caching/cleanup",
"TRAP caching cleanup statistics",
{
attributes: {
totalBytesCleanedUp,
},
plaintextMessage: message,
visibility: {
telemetry: true,
},
},
),
logger.info(
`Cleaned up ${totalMegabytesCleanedUp} MiB of old TRAP caches for ${language}.`,
);
}
}
} catch (e) {
logger.info(`Failed to cleanup trap caches, continuing. Details: ${e}`);
if (isHTTPError(e) && e.status === 403) {
logger.warning(
"Could not cleanup TRAP caches as the token did not have the required permissions. " +
'To clean up TRAP caches, ensure the token has the "actions:write" permission. ' +
"For more information, see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs",
);
} else {
logger.info(`Failed to cleanup TRAP caches, continuing. Details: ${e}`);
}
}
}