address comments

lib/cli.js

@@ -35,7 +35,7 @@ function parseGithubApiUrl(inputUrl) {
 program
     .command('upload')
     .description('Uploads a SARIF file, or all SARIF files from a directory, to code scanning')
-    .requiredOption('--sarif-file <file>', 'SARIF file to upload')
+    .requiredOption('--sarif-file <file>', 'SARIF file to upload; can also be a directory for uploading multiple')
     .requiredOption('--repository <repository>', 'Repository name')
     .requiredOption('--commit <commit>', 'SHA of commit that was analyzed')
     .requiredOption('--ref <ref>', 'Name of ref that was analyzed')

lib/cli.js.map

@@ -1 +1 @@
-{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;;;;;;;;AAAA,yCAAoC;AACpC,2CAA6B;AAE7B,uCAAyC;AACzC,6CAAkD;AAClD,yDAA2C;AAE3C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAC9B,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AAYzB,SAAS,iBAAiB,CAAC,QAAgB;IACzC,IAAI;QACF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;QAE9B,kDAAkD;QAClD,0CAA0C;QAC1C,IAAI,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE;YACtE,OAAO,wBAAwB,CAAC;SACjC;QAED,gDAAgD;QAChD,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE;YAC1C,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;SACrD;QAED,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;KAEvB;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,IAAI,KAAK,CAAC,IAAI,QAAQ,sBAAsB,CAAC,CAAC;KACrD;AACH,CAAC;AAED,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,6EAA6E,CAAC;KAC1F,cAAc,CAAC,qBAAqB,EAAE,sBAAsB,CAAC;KAC7D,cAAc,CAAC,2BAA2B,EAAE,iBAAiB,CAAC;KAC9D,cAAc,CAAC,mBAAmB,EAAE,iCAAiC,CAAC;KACtE,cAAc,CAAC,aAAa,EAAE,+BAA+B,CAAC;KAC9D,cAAc,CAAC,oBAAoB,EAAE,wBAAwB,CAAC;KAC9D,cAAc,CAAC,sBAAsB,EAAE,qFAAqF,CAAC;KAC7H,MAAM,CAAC,wBAAwB,EAAE,oDAAoD,CAAC;KACtF,MAAM,CAAC,KAAK,EAAE,GAAe,EAAE,EAAE;IAChC,MAAM,MAAM,GAAG,sBAAY,EAAE,CAAC;IAC9B,IAAI;QACF,MAAM,UAAU,CAAC,MAAM,CACrB,GAAG,CAAC,SAAS,EACb,+BAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,EAClC,GAAG,CAAC,MAAM,EACV,GAAG,CAAC,GAAG,EACP,SAAS,EACT,SAAS,EACT,SAAS,EACT,GAAG,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,EAAE,EACjC,SAAS,EACT,GAAG,CAAC,UAAU,EACd,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,EAChC,KAAK,EACL,MAAM,CAAC,CAAC;KACX;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QAC9B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;KACjB;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC"}
+{"version":3,"file":"cli.js","sourceRoot":"","sources":["../src/cli.ts"],"names":[],"mappings":";;;;;;;;;AAAA,yCAAoC;AACpC,2CAA6B;AAE7B,uCAAyC;AACzC,6CAAkD;AAClD,yDAA2C;AAE3C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAC9B,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AAYzB,SAAS,iBAAiB,CAAC,QAAgB;IACzC,IAAI;QACF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;QAE9B,kDAAkD;QAClD,0CAA0C;QAC1C,IAAI,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE;YACtE,OAAO,wBAAwB,CAAC;SACjC;QAED,gDAAgD;QAChD,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE;YAC1C,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;SACrD;QAED,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;KAEvB;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,IAAI,KAAK,CAAC,IAAI,QAAQ,sBAAsB,CAAC,CAAC;KACrD;AACH,CAAC;AAED,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,6EAA6E,CAAC;KAC1F,cAAc,CAAC,qBAAqB,EAAE,sEAAsE,CAAC;KAC7G,cAAc,CAAC,2BAA2B,EAAE,iBAAiB,CAAC;KAC9D,cAAc,CAAC,mBAAmB,EAAE,iCAAiC,CAAC;KACtE,cAAc,CAAC,aAAa,EAAE,+BAA+B,CAAC;KAC9D,cAAc,CAAC,oBAAoB,EAAE,wBAAwB,CAAC;KAC9D,cAAc,CAAC,sBAAsB,EAAE,qFAAqF,CAAC;KAC7H,MAAM,CAAC,wBAAwB,EAAE,oDAAoD,CAAC;KACtF,MAAM,CAAC,KAAK,EAAE,GAAe,EAAE,EAAE;IAChC,MAAM,MAAM,GAAG,sBAAY,EAAE,CAAC;IAC9B,IAAI;QACF,MAAM,UAAU,CAAC,MAAM,CACrB,GAAG,CAAC,SAAS,EACb,+BAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,EAClC,GAAG,CAAC,MAAM,EACV,GAAG,CAAC,GAAG,EACP,SAAS,EACT,SAAS,EACT,SAAS,EACT,GAAG,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,EAAE,EACjC,SAAS,EACT,GAAG,CAAC,UAAU,EACd,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,EAChC,KAAK,EACL,MAAM,CAAC,CAAC;KACX;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QAC9B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;KACjB;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC"}

lib/upload-lib.js

@@ -1,7 +1,4 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 var __importStar = (this && this.__importStar) || function (mod) {
     if (mod && mod.__esModule) return mod;
     var result = {};
@@ -9,7 +6,11 @@ var __importStar = (this && this.__importStar) || function (mod) {
     result["default"] = mod;
     return result;
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
+const core = __importStar(require("@actions/core"));
 const file_url_1 = __importDefault(require("file-url"));
 const fs = __importStar(require("fs"));
 const jsonschema = __importStar(require("jsonschema"));
@@ -17,6 +18,7 @@ const path = __importStar(require("path"));
 const zlib_1 = __importDefault(require("zlib"));
 const api = __importStar(require("./api-client"));
 const fingerprints = __importStar(require("./fingerprints"));
+const sharedEnv = __importStar(require("./shared-environment"));
 const util = __importStar(require("./util"));
 // Takes a list of paths to sarif files and combines them together,
 // returning the contents of the combined sarif file.
@@ -98,19 +100,19 @@ async function uploadPayload(payload, repositoryNwo, githubAuth, githubApiUrl, m
 // Uploads a single sarif file or a directory of sarif files
 // depending on what the path happens to refer to.
 // Returns true iff the upload occurred and succeeded
-async function upload(sarifFile, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, githubAuth, githubApiUrl, mode, logger) {
+async function upload(sarifPath, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, githubAuth, githubApiUrl, mode, logger) {
     const sarifFiles = [];
-    if (fs.lstatSync(sarifFile).isDirectory()) {
-        fs.readdirSync(sarifFile)
+    if (fs.lstatSync(sarifPath).isDirectory()) {
+        fs.readdirSync(sarifPath)
             .filter(f => f.endsWith(".sarif"))
-            .map(f => path.resolve(sarifFile, f))
+            .map(f => path.resolve(sarifPath, f))
             .forEach(f => sarifFiles.push(f));
         if (sarifFiles.length === 0) {
-            throw new Error("No SARIF files found to upload in \"" + sarifFile + "\".");
+            throw new Error("No SARIF files found to upload in \"" + sarifPath + "\".");
         }
     }
     else {
-        sarifFiles.push(sarifFile);
+        sarifFiles.push(sarifPath);
     }
     return await uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, githubAuth, githubApiUrl, mode, logger);
 }
@@ -148,6 +150,14 @@ exports.validateSarifFileSchema = validateSarifFileSchema;
 // Returns true iff the upload occurred and succeeded
 async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, githubAuth, githubApiUrl, mode, logger) {
     logger.info("Uploading sarif files: " + JSON.stringify(sarifFiles));
+    if (mode === 'actions') {
+        // This check only works on actions as env vars don't persist between calls to the CLI
+        const sentinelEnvVar = "CODEQL_UPLOAD_SARIF";
+        if (process.env[sentinelEnvVar]) {
+            throw new Error("Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job");
+        }
+        core.exportVariable(sentinelEnvVar, sentinelEnvVar);
+    }
     // Validate that the files we were asked to upload are all valid SARIF files
     for (const file of sarifFiles) {
         validateSarifFileSchema(file, logger);
@@ -168,6 +178,7 @@ async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKe
             "workflow_run_id": workflowRunID,
             "checkout_uri": checkoutURI,
             "environment": environment,
+            "started_at": process.env[sharedEnv.CODEQL_WORKFLOW_STARTED_AT],
             "tool_names": toolNames,
         });
     }
@@ -182,11 +193,11 @@ async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKe
     }
     // Log some useful debug info about the info
     const rawUploadSizeBytes = sarifPayload.length;
-    console.debug("Raw upload size: " + rawUploadSizeBytes + " bytes");
+    logger.debug("Raw upload size: " + rawUploadSizeBytes + " bytes");
     const zippedUploadSizeBytes = zipped_sarif.length;
-    console.debug("Base64 zipped upload size: " + zippedUploadSizeBytes + " bytes");
+    logger.debug("Base64 zipped upload size: " + zippedUploadSizeBytes + " bytes");
     const numResultInSarif = countResultsInSarif(sarifPayload);
-    console.debug("Number of results in upload: " + numResultInSarif);
+    logger.debug("Number of results in upload: " + numResultInSarif);
     // Make the upload
     await uploadPayload(payload, repositoryNwo, githubAuth, githubApiUrl, mode, logger);
     return {

package.json

@@ -24,7 +24,7 @@
     "@actions/github": "^2.2.0",
     "@actions/http-client": "^1.0.8",
     "@actions/tool-cache": "^1.5.5",
-    "commander": "6.0.0",
+    "commander": "^6.0.0",
     "console-log-level": "^1.4.1",
     "file-url": "^3.0.0",
     "fs": "0.0.1-security",
@@ -54,9 +54,9 @@
     "sinon": "^9.0.2",
     "tslint": "^6.1.0",
     "tslint-eslint-rules": "^5.4.0",
-    "ts-loader": "8.0.2",
+    "ts-loader": "^8.0.2",
     "typescript": "^3.7.5",
-    "webpack": "4.44.1",
-    "webpack-cli": "3.3.12"
+    "webpack": "^4.44.1",
+    "webpack-cli": "^3.3.12"
   }
 }

src/cli.ts

@@ -43,7 +43,7 @@ function parseGithubApiUrl(inputUrl: string): string {
 program
   .command('upload')
   .description('Uploads a SARIF file, or all SARIF files from a directory, to code scanning')
-  .requiredOption('--sarif-file <file>', 'SARIF file to upload')
+  .requiredOption('--sarif-file <file>', 'SARIF file to upload; can also be a directory for uploading multiple')
   .requiredOption('--repository <repository>', 'Repository name')
   .requiredOption('--commit <commit>', 'SHA of commit that was analyzed')
   .requiredOption('--ref <ref>', 'Name of ref that was analyzed')

src/upload-lib.ts

@@ -1,3 +1,4 @@
+import * as core from '@actions/core';
 import fileUrl from 'file-url';
 import * as fs from 'fs';
 import * as jsonschema from 'jsonschema';
@@ -8,6 +9,7 @@ import * as api from './api-client';
 import * as fingerprints from './fingerprints';
 import { Logger } from './logging';
 import { RepositoryNwo } from './repository';
+import * as sharedEnv from './shared-environment';
 import * as util from './util';
 
 type UploadMode = 'actions' | 'cli';
@@ -122,7 +124,7 @@ export interface UploadStatusReport {
 // depending on what the path happens to refer to.
 // Returns true iff the upload occurred and succeeded
 export async function upload(
-  sarifFile: string,
+  sarifPath: string,
   repositoryNwo: RepositoryNwo,
   commitOid: string,
   ref: string,
@@ -137,16 +139,16 @@ export async function upload(
   logger: Logger): Promise<UploadStatusReport> {
 
   const sarifFiles: string[] = [];
-  if (fs.lstatSync(sarifFile).isDirectory()) {
-    fs.readdirSync(sarifFile)
+  if (fs.lstatSync(sarifPath).isDirectory()) {
+    fs.readdirSync(sarifPath)
       .filter(f => f.endsWith(".sarif"))
-      .map(f => path.resolve(sarifFile, f))
+      .map(f => path.resolve(sarifPath, f))
       .forEach(f => sarifFiles.push(f));
     if (sarifFiles.length === 0) {
-      throw new Error("No SARIF files found to upload in \"" + sarifFile + "\".");
+      throw new Error("No SARIF files found to upload in \"" + sarifPath + "\".");
     }
   } else {
-    sarifFiles.push(sarifFile);
+    sarifFiles.push(sarifPath);
   }
 
   return await uploadFiles(
@@ -215,6 +217,15 @@ async function uploadFiles(
 
   logger.info("Uploading sarif files: " + JSON.stringify(sarifFiles));
 
+  if (mode === 'actions') {
+    // This check only works on actions as env vars don't persist between calls to the CLI
+    const sentinelEnvVar = "CODEQL_UPLOAD_SARIF";
+    if (process.env[sentinelEnvVar]) {
+      throw new Error("Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job");
+    }
+    core.exportVariable(sentinelEnvVar, sentinelEnvVar);
+  }
+
   // Validate that the files we were asked to upload are all valid SARIF files
   for (const file of sarifFiles) {
     validateSarifFileSchema(file, logger);
@@ -239,6 +250,7 @@ async function uploadFiles(
       "workflow_run_id": workflowRunID,
       "checkout_uri": checkoutURI,
       "environment": environment,
+      "started_at": process.env[sharedEnv.CODEQL_WORKFLOW_STARTED_AT],
       "tool_names": toolNames,
     });
   } else {
@@ -253,11 +265,11 @@ async function uploadFiles(
 
   // Log some useful debug info about the info
   const rawUploadSizeBytes = sarifPayload.length;
-  console.debug("Raw upload size: " + rawUploadSizeBytes + " bytes");
+  logger.debug("Raw upload size: " + rawUploadSizeBytes + " bytes");
   const zippedUploadSizeBytes = zipped_sarif.length;
-  console.debug("Base64 zipped upload size: " + zippedUploadSizeBytes + " bytes");
+  logger.debug("Base64 zipped upload size: " + zippedUploadSizeBytes + " bytes");
   const numResultInSarif = countResultsInSarif(sarifPayload);
-  console.debug("Number of results in upload: " + numResultInSarif);
+  logger.debug("Number of results in upload: " + numResultInSarif);
 
   // Make the upload
   await uploadPayload(payload, repositoryNwo, githubAuth, githubApiUrl, mode, logger);

webpack.config.js

@@ -16,11 +16,10 @@ module.exports = {
     extensions: [ '.ts', '.js' ],
   },
   output: {
-    filename: 'cli.js',
+    filename: 'code-scanning-cli.js',
     path: path.resolve(__dirname, 'cli'),
   },
   optimization: {
-		// We no not want to minimize our code.
 		minimize: false
 	},
 };