Update Go path documentation in analyze Action

2023-10-13 10:14:22 +01:00 · 2023-10-13 10:14:22 +01:00 · 632d58cb60
commit 632d58cb60
parent 82ba90b1d9
3 changed files with 21 additions and 17 deletions
--- a/lib/analyze-action.js
+++ b/lib/analyze-action.js
@ -161,16 +161,18 @@ async function run() {
        const gitHubVersion = await (0, api_client_1.getGitHubVersion)();
        const features = new feature_flags_1.Features(gitHubVersion, repositoryNwo, actionsUtil.getTemporaryDirectory(), logger);
        const memory = util.getMemoryFlag(actionsUtil.getOptionalInput("ram") || process.env["CODEQL_RAM"], logger);
-        // Check that `which go` still points at the wrapper script we installed in the `init` Action,
-        // if the corresponding environment variable is set. This is to ensure that there isn't a step
-        // in the workflow after the `init` step which installs a different version of Go and takes
-        // precedence in the PATH, thus potentially circumventing our workaround that allows tracing to work.
-        const goWrapperPath = process.env[environment_1.EnvVar.GO_BINARY_LOCATION];
+        // Check that `which go` still points at the same path it did when the `init` Action ran to ensure that no steps
+        // in-between performed any setup. We encourage users to perform all setup tasks before initializing CodeQL so that
+        // the setup tasks do not interfere with our analysis.
+        // Furthermore, if we installed a wrapper script in the `init` Action, we need to ensure that there isn't a step
+        // in the workflow after the `init` step which installs a different version of Go and takes precedence in the PATH,
+        // thus potentially circumventing our workaround that allows tracing to work.
+        const goInitPath = process.env[environment_1.EnvVar.GO_BINARY_LOCATION];
        if (process.env[environment_1.EnvVar.DID_AUTOBUILD_GOLANG] !== "true" &&
-            goWrapperPath !== undefined) {
+            goInitPath !== undefined) {
            const goBinaryPath = await (0, safe_which_1.safeWhich)("go");
-            if (goWrapperPath !== goBinaryPath) {
-                core.warning(`Expected \`which go\` to return ${goWrapperPath}, but got ${goBinaryPath}: please ensure that the correct version of Go is installed before the \`codeql-action/init\` Action is used.`);
+            if (goInitPath !== goBinaryPath) {
+                core.warning(`Expected \`which go\` to return ${goInitPath}, but got ${goBinaryPath}: please ensure that the correct version of Go is installed before the \`codeql-action/init\` Action is used.`);
                (0, diagnostics_1.addDiagnostic)(config, languages_1.Language.go, (0, diagnostics_1.makeDiagnostic)("go/workflow/go-installed-after-codeql-init", "Go was installed after the `codeql-action/init` Action was run", {
                    markdownMessage: "To avoid interfering with the CodeQL analysis, perform all installation steps before calling the `github/codeql-action/init` Action.",
                    visibility: {
--- a/lib/analyze-action.js.map
+++ b/lib/analyze-action.js.map
--- a/src/analyze-action.ts
+++ b/src/analyze-action.ts
@ -233,21 +233,23 @@ async function run() {
      logger,
    );

-    // Check that `which go` still points at the wrapper script we installed in the `init` Action,
-    // if the corresponding environment variable is set. This is to ensure that there isn't a step
-    // in the workflow after the `init` step which installs a different version of Go and takes
-    // precedence in the PATH, thus potentially circumventing our workaround that allows tracing to work.
-    const goWrapperPath = process.env[EnvVar.GO_BINARY_LOCATION];
+    // Check that `which go` still points at the same path it did when the `init` Action ran to ensure that no steps
+    // in-between performed any setup. We encourage users to perform all setup tasks before initializing CodeQL so that
+    // the setup tasks do not interfere with our analysis.
+    // Furthermore, if we installed a wrapper script in the `init` Action, we need to ensure that there isn't a step
+    // in the workflow after the `init` step which installs a different version of Go and takes precedence in the PATH,
+    // thus potentially circumventing our workaround that allows tracing to work.
+    const goInitPath = process.env[EnvVar.GO_BINARY_LOCATION];

    if (
      process.env[EnvVar.DID_AUTOBUILD_GOLANG] !== "true" &&
-      goWrapperPath !== undefined
+      goInitPath !== undefined
    ) {
      const goBinaryPath = await safeWhich("go");

-      if (goWrapperPath !== goBinaryPath) {
+      if (goInitPath !== goBinaryPath) {
        core.warning(
-          `Expected \`which go\` to return ${goWrapperPath}, but got ${goBinaryPath}: please ensure that the correct version of Go is installed before the \`codeql-action/init\` Action is used.`,
+          `Expected \`which go\` to return ${goInitPath}, but got ${goBinaryPath}: please ensure that the correct version of Go is installed before the \`codeql-action/init\` Action is used.`,
        );

        addDiagnostic(