Merge branch 'main' into update-bundle/codeql-bundle-v2.19.1

2024-10-04 13:32:24 -07:00 · 2024-10-04 13:32:24 -07:00 · 64871a860c
commit 64871a860c
parent 868284ba01 46d955c51a
21 changed files with 204 additions and 165 deletions
--- a/src/actions-util.test.ts
+++ b/src/actions-util.test.ts
@ -269,50 +269,56 @@ test("isAnalyzingDefaultBranch()", async (t) => {
  });
 });

-test("determineMergeBaseCommitOid non-pullrequest", async (t) => {
+test("determineBaseBranchHeadCommitOid non-pullrequest", async (t) => {
  const infoStub = sinon.stub(core, "info");

  process.env["GITHUB_EVENT_NAME"] = "hucairz";
  process.env["GITHUB_SHA"] = "100912429fab4cb230e66ffb11e738ac5194e73a";
-  const result = await actionsUtil.determineMergeBaseCommitOid(__dirname);
+  const result = await actionsUtil.determineBaseBranchHeadCommitOid(__dirname);
  t.deepEqual(result, undefined);
  t.deepEqual(0, infoStub.callCount);

  infoStub.restore();
 });

-test("determineMergeBaseCommitOid no error", async (t) => {
+test("determineBaseBranchHeadCommitOid not git repository", async (t) => {
  const infoStub = sinon.stub(core, "info");

  process.env["GITHUB_EVENT_NAME"] = "pull_request";
  process.env["GITHUB_SHA"] = "100912429fab4cb230e66ffb11e738ac5194e73a";

  await withTmpDir(async (tmpDir) => {
-    await actionsUtil.determineMergeBaseCommitOid(tmpDir);
+    await actionsUtil.determineBaseBranchHeadCommitOid(tmpDir);
  });

  t.deepEqual(1, infoStub.callCount);
-  t.assert(
-    infoStub.firstCall.args[0].startsWith(
+  t.deepEqual(
+    infoStub.firstCall.args[0],
+    "git call failed. Will calculate the base branch SHA on the server. Error: " +
      "The checkout path provided to the action does not appear to be a git repository.",
-    ),
  );
+
  infoStub.restore();
 });

-test("determineMergeBaseCommitOid other error", async (t) => {
+test("determineBaseBranchHeadCommitOid other error", async (t) => {
  const infoStub = sinon.stub(core, "info");

  process.env["GITHUB_EVENT_NAME"] = "pull_request";
  process.env["GITHUB_SHA"] = "100912429fab4cb230e66ffb11e738ac5194e73a";
-  const result = await actionsUtil.determineMergeBaseCommitOid(
+  const result = await actionsUtil.determineBaseBranchHeadCommitOid(
    path.join(__dirname, "../../i-dont-exist"),
  );
  t.deepEqual(result, undefined);
  t.deepEqual(1, infoStub.callCount);
  t.assert(
    infoStub.firstCall.args[0].startsWith(
-      "Failed to call git to determine merge base.",
+      "git call failed. Will calculate the base branch SHA on the server. Error: ",
+    ),
+  );
+  t.assert(
+    !infoStub.firstCall.args[0].endsWith(
+      "The checkout path provided to the action does not appear to be a git repository.",
    ),
  );

--- a/src/actions-util.ts
+++ b/src/actions-util.ts
@ -49,6 +49,38 @@ export function getTemporaryDirectory(): string {
    : getRequiredEnvParam("RUNNER_TEMP");
 }

+async function runGitCommand(
+  checkoutPath: string | undefined,
+  args: string[],
+  customErrorMessage: string,
+): Promise<string> {
+  let stdout = "";
+  let stderr = "";
+  try {
+    await new toolrunner.ToolRunner(await safeWhich.safeWhich("git"), args, {
+      silent: true,
+      listeners: {
+        stdout: (data) => {
+          stdout += data.toString();
+        },
+        stderr: (data) => {
+          stderr += data.toString();
+        },
+      },
+      cwd: checkoutPath,
+    }).exec();
+    return stdout;
+  } catch (error) {
+    let reason = stderr;
+    if (stderr.includes("not a git repository")) {
+      reason =
+        "The checkout path provided to the action does not appear to be a git repository.";
+    }
+    core.info(`git call failed. ${customErrorMessage} Error: ${reason}`);
+    throw error;
+  }
+}
+
 /**
 * Gets the SHA of the commit that is currently checked out.
 */
@ -63,47 +95,25 @@ export const getCommitOid = async function (
  // the merge commit, which must mean that git is available.
  // Even if this does go wrong, it's not a huge problem for the alerts to
  // reported on the merge commit.
-  let stderr = "";
  try {
-    let commitOid = "";
-    await new toolrunner.ToolRunner(
-      await safeWhich.safeWhich("git"),
+    const stdout = await runGitCommand(
+      checkoutPath,
      ["rev-parse", ref],
-      {
-        silent: true,
-        listeners: {
-          stdout: (data) => {
-            commitOid += data.toString();
-          },
-          stderr: (data) => {
-            stderr += data.toString();
-          },
-        },
-        cwd: checkoutPath,
-      },
-    ).exec();
-    return commitOid.trim();
+      "Continuing with commit SHA from user input or environment.",
+    );
+    return stdout.trim();
  } catch {
-    if (stderr.includes("not a git repository")) {
-      core.info(
-        "Could not determine current commit SHA using git. Continuing with data from user input or environment. " +
-          "The checkout path provided to the action does not appear to be a git repository.",
-      );
-    } else {
-      core.info(
-        `Could not determine current commit SHA using git. Continuing with data from user input or environment. ${stderr}`,
-      );
-    }
-
    return getOptionalInput("sha") || getRequiredEnvParam("GITHUB_SHA");
  }
 };

 /**
- * If the action was triggered by a pull request, determine the commit sha of the merge base.
- * Returns undefined if run by other triggers or the merge base cannot be determined.
+ * If the action was triggered by a pull request, determine the commit sha at
+ * the head of the base branch, using the merge commit that this workflow analyzes.
+ * Returns undefined if run by other triggers or the base branch commit cannot be
+ * determined.
 */
-export const determineMergeBaseCommitOid = async function (
+export const determineBaseBranchHeadCommitOid = async function (
  checkoutPathOverride?: string,
 ): Promise<string | undefined> {
  if (getWorkflowEventName() !== "pull_request") {
@ -113,37 +123,29 @@ export const determineMergeBaseCommitOid = async function (
  const mergeSha = getRequiredEnvParam("GITHUB_SHA");
  const checkoutPath =
    checkoutPathOverride ?? getOptionalInput("checkout_path");
-  let stderr = "";

  try {
    let commitOid = "";
    let baseOid = "";
    let headOid = "";

-    await new toolrunner.ToolRunner(
-      await safeWhich.safeWhich("git"),
+    const stdout = await runGitCommand(
+      checkoutPath,
      ["show", "-s", "--format=raw", mergeSha],
-      {
-        silent: true,
-        listeners: {
-          stdline: (data) => {
-            if (data.startsWith("commit ") && commitOid === "") {
-              commitOid = data.substring(7);
-            } else if (data.startsWith("parent ")) {
-              if (baseOid === "") {
-                baseOid = data.substring(7);
-              } else if (headOid === "") {
-                headOid = data.substring(7);
-              }
-            }
-          },
-          stderr: (data) => {
-            stderr += data.toString();
-          },
-        },
-        cwd: checkoutPath,
-      },
-    ).exec();
+      "Will calculate the base branch SHA on the server.",
+    );
+
+    for (const data of stdout.split("\n")) {
+      if (data.startsWith("commit ") && commitOid === "") {
+        commitOid = data.substring(7);
+      } else if (data.startsWith("parent ")) {
+        if (baseOid === "") {
+          baseOid = data.substring(7);
+        } else if (headOid === "") {
+          headOid = data.substring(7);
+        }
+      }
+    }

    // Let's confirm our assumptions: We had a merge commit and the parsed parent data looks correct
    if (
@ -155,17 +157,6 @@ export const determineMergeBaseCommitOid = async function (
    }
    return undefined;
  } catch {
-    if (stderr.includes("not a git repository")) {
-      core.info(
-        "The checkout path provided to the action does not appear to be a git repository. " +
-          "Will calculate the merge base on the server.",
-      );
-    } else {
-      core.info(
-        `Failed to call git to determine merge base. Will calculate the merge base on ` +
-          `the server. Reason: ${stderr}`,
-      );
-    }
    return undefined;
  }
 };
--- a/src/api-compatibility.json
+++ b/src/api-compatibility.json
@ -1 +1 @@
-{"maximumVersion": "3.15", "minimumVersion": "3.10"}
+{"maximumVersion": "3.15", "minimumVersion": "3.11"}
--- a/src/codeql.ts
+++ b/src/codeql.ts
@ -279,17 +279,17 @@ const CODEQL_MINIMUM_VERSION = "2.13.5";
 /**
 * This version will shortly become the oldest version of CodeQL that the Action will run with.
 */
-const CODEQL_NEXT_MINIMUM_VERSION = "2.13.5";
+const CODEQL_NEXT_MINIMUM_VERSION = "2.14.6";

 /**
 * This is the version of GHES that was most recently deprecated.
 */
-const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.9";
+const GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.10";

 /**
 * This is the deprecation date for the version of GHES that was most recently deprecated.
 */
-const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-07-09";
+const GHES_MOST_RECENT_DEPRECATION_DATE = "2024-09-24";

 /** The CLI verbosity level to use for extraction in debug mode. */
 const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
--- a/src/upload-lib.ts
+++ b/src/upload-lib.ts
@ -609,7 +609,7 @@ export async function uploadFiles(
    checkoutURI,
    environment,
    toolNames,
-    await actionsUtil.determineMergeBaseCommitOid(),
+    await actionsUtil.determineBaseBranchHeadCommitOid(),
  );

  // Log some useful debug info about the info