robojerk/codeql-action

Merge branch 'main' into dependabot/npm_and_yarn/npm-7954a73ad2

Browse source
This commit is contained in:
Henry Mercer 2024-08-06 14:02:21 +01:00
commit 68ba39bacf
88 changed files with 171 additions and 631 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.github/workflows/__all-platform-bundle.yml generated vendored
View file

@ -41,8 +41,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__analyze-ref-input.yml generated vendored
View file

@ -45,8 +45,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__autobuild-action.yml generated vendored
View file

@ -45,8 +45,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__autobuild-direct-tracing-with-working-dir.yml generated vendored
View file

@ -47,8 +47,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__autobuild-direct-tracing.yml generated vendored
View file

@ -47,8 +47,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__build-mode-autobuild.yml generated vendored
View file

@ -41,8 +41,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__build-mode-manual.yml generated vendored
View file

@ -41,8 +41,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__build-mode-none.yml generated vendored
View file

@ -43,8 +43,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__build-mode-rollback.yml generated vendored
View file

@ -41,8 +41,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__cleanup-db-cluster-dir.yml generated vendored
View file

@ -41,8 +41,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__config-export.yml generated vendored
View file

@ -51,8 +51,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__config-input.yml generated vendored
View file

@ -41,8 +41,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__cpp-deptrace-disabled.yml generated vendored
View file

@ -45,8 +45,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__cpp-deptrace-enabled-on-macos.yml generated vendored
View file

@ -41,8 +41,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__cpp-deptrace-enabled.yml generated vendored
View file

@ -45,8 +45,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

28
.github/workflows/__diagnostics-export.yml generated vendored
View file

@ -27,12 +27,6 @@ jobs:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: stable-20230403
- os: macos-12
version: stable-20230403
- os: windows-latest
version: stable-20230403
- os: ubuntu-latest
version: linked
- os: macos-latest
@ -57,8 +51,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')
@ -83,17 +75,13 @@ jobs:
env:
CODEQL_PATH: ${{ steps.init.outputs.codeql-path }}
run: |
for i in {1..2}; do
# Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.6 that
# produces an invalid diagnostic with multiple identical location objects.
"$CODEQL_PATH" database add-diagnostic \
"$RUNNER_TEMP/codeql_databases/javascript" \
--file-path /path/to/file \
--plaintext-message "Plaintext message $i" \
--source-id "lang/diagnostics/example" \
--source-name "Diagnostic name" \
--ready-for-status-page
done
"$CODEQL_PATH" database add-diagnostic \
"$RUNNER_TEMP/codeql_databases/javascript" \
--file-path /path/to/file \
--plaintext-message "Plaintext message" \
--source-id "lang/diagnostics/example" \
--source-name "Diagnostic name" \
--ready-for-status-page
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results
@ -113,7 +101,7 @@ jobs:
const fs = require('fs');
function checkStatusPageNotification(n) {
const expectedMessage = 'Plaintext message 1\n\nCodeQL also found 1 other diagnostic like this. See the workflow log for details.';
const expectedMessage = 'Plaintext message';
if (n.message.text !== expectedMessage) {
core.setFailed(`Expected the status page diagnostic to have the message '${expectedMessage}', but found '${n.message.text}'.`);
}

2
.github/workflows/__export-file-baseline-information.yml generated vendored
View file

@ -45,8 +45,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__extractor-ram-threads.yml generated vendored
View file

@ -41,8 +41,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

14
.github/workflows/__go-custom-queries.yml generated vendored
View file

@ -27,12 +27,6 @@ jobs:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: stable-20230403
- os: macos-12
version: stable-20230403
- os: windows-latest
version: stable-20230403
- os: ubuntu-latest
version: stable-v2.13.5
- os: macos-12
@ -57,6 +51,12 @@ jobs:
version: stable-v2.16.6
- os: windows-latest
version: stable-v2.16.6
- os: ubuntu-latest
version: stable-v2.17.6
- os: macos-latest
version: stable-v2.17.6
- os: windows-latest
version: stable-v2.17.6
- os: ubuntu-latest
version: default
- os: macos-latest
@ -87,8 +87,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__go-indirect-tracing-workaround-diagnostic.yml generated vendored
View file

@ -41,8 +41,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__go-indirect-tracing-workaround-no-file-program.yml generated vendored
View file

@ -41,8 +41,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__go-indirect-tracing-workaround.yml generated vendored
View file

@ -41,8 +41,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

10
.github/workflows/__go-tracing-autobuilder.yml generated vendored
View file

@ -27,10 +27,6 @@ jobs:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: stable-20230403
- os: macos-12
version: stable-20230403
- os: ubuntu-latest
version: stable-v2.13.5
- os: macos-12
@ -47,6 +43,10 @@ jobs:
version: stable-v2.16.6
- os: macos-latest
version: stable-v2.16.6
- os: ubuntu-latest
version: stable-v2.17.6
- os: macos-latest
version: stable-v2.17.6
- os: ubuntu-latest
version: default
- os: macos-latest
@ -71,8 +71,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

10
.github/workflows/__go-tracing-custom-build-steps.yml generated vendored
View file

@ -27,10 +27,6 @@ jobs:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: stable-20230403
- os: macos-12
version: stable-20230403
- os: ubuntu-latest
version: stable-v2.13.5
- os: macos-12
@ -47,6 +43,10 @@ jobs:
version: stable-v2.16.6
- os: macos-latest
version: stable-v2.16.6
- os: ubuntu-latest
version: stable-v2.17.6
- os: macos-latest
version: stable-v2.17.6
- os: ubuntu-latest
version: default
- os: macos-latest
@ -71,8 +71,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

10
.github/workflows/__go-tracing-legacy-workflow.yml generated vendored
View file

@ -27,10 +27,6 @@ jobs:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: stable-20230403
- os: macos-12
version: stable-20230403
- os: ubuntu-latest
version: stable-v2.13.5
- os: macos-12
@ -47,6 +43,10 @@ jobs:
version: stable-v2.16.6
- os: macos-latest
version: stable-v2.16.6
- os: ubuntu-latest
version: stable-v2.17.6
- os: macos-latest
version: stable-v2.17.6
- os: ubuntu-latest
version: default
- os: macos-latest
@ -71,8 +71,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__init-with-registries.yml generated vendored
View file

@ -58,8 +58,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__javascript-source-root.yml generated vendored
View file

@ -45,8 +45,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__language-aliases.yml generated vendored
View file

@ -41,8 +41,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

12
.github/workflows/__multi-language-autodetect.yml generated vendored
View file

@ -27,10 +27,6 @@ jobs:
fail-fast: false
matrix:
include:
- os: macos-12
version: stable-20230403
- os: ubuntu-latest
version: stable-20230403
- os: macos-12
version: stable-v2.13.5
- os: ubuntu-latest
@ -47,6 +43,10 @@ jobs:
version: stable-v2.16.6
- os: ubuntu-latest
version: stable-v2.16.6
- os: macos-latest
version: stable-v2.17.6
- os: ubuntu-latest
version: stable-v2.17.6
- os: macos-latest
version: default
- os: ubuntu-latest
@ -71,8 +71,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')
@ -154,7 +152,7 @@ jobs:
fi
- name: Check language autodetect for Swift on MacOS
if: runner.os == 'macOS' && matrix.version != 'stable-20230403'
if: runner.os == 'macOS'
shell: bash
run: |
SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }}

2
.github/workflows/__packaging-codescanning-config-inputs-js.yml generated vendored
View file

@ -57,8 +57,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__packaging-config-inputs-js.yml generated vendored
View file

@ -57,8 +57,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__packaging-config-js.yml generated vendored
View file

@ -57,8 +57,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__packaging-inputs-js.yml generated vendored
View file

@ -57,8 +57,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

14
.github/workflows/__remote-config.yml generated vendored
View file

@ -27,12 +27,6 @@ jobs:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: stable-20230403
- os: macos-12
version: stable-20230403
- os: windows-latest
version: stable-20230403
- os: ubuntu-latest
version: stable-v2.13.5
- os: macos-12
@ -57,6 +51,12 @@ jobs:
version: stable-v2.16.6
- os: windows-latest
version: stable-v2.16.6
- os: ubuntu-latest
version: stable-v2.17.6
- os: macos-latest
version: stable-v2.17.6
- os: windows-latest
version: stable-v2.17.6
- os: ubuntu-latest
version: default
- os: macos-latest
@ -87,8 +87,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

14
.github/workflows/__resolve-environment-action.yml generated vendored
View file

@ -28,11 +28,11 @@ jobs:
matrix:
include:
- os: ubuntu-latest
version: stable-v2.13.4
version: stable-v2.13.5
- os: macos-12
version: stable-v2.13.4
version: stable-v2.13.5
- os: windows-latest
version: stable-v2.13.4
version: stable-v2.13.5
- os: ubuntu-latest
version: default
- os: macos-latest
@ -63,8 +63,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')
@ -81,7 +79,7 @@ jobs:
setup-kotlin: 'true'
- uses: ./../action/init
with:
languages: ${{ matrix.version == 'stable-v2.13.4' && 'go' || 'go,javascript-typescript'
languages: ${{ matrix.version == 'stable-v2.13.5' && 'go' || 'go,javascript-typescript'
}}
tools: ${{ steps.prepare-test.outputs.tools-url }}
@ -96,14 +94,14 @@ jobs:
run: exit 1
- name: Resolve environment for JavaScript/TypeScript
if: matrix.version != 'stable-v2.13.4'
if: matrix.version != 'stable-v2.13.5'
uses: ./../action/resolve-environment
id: resolve-environment-js
with:
language: javascript-typescript
- name: Fail if JavaScript/TypeScript configuration present
if: matrix.version != 'stable-v2.13.4' &&
if: matrix.version != 'stable-v2.13.5' &&
fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript
run: exit 1
env:

2
.github/workflows/__rubocop-multi-language.yml generated vendored
View file

@ -41,8 +41,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__ruby.yml generated vendored
View file

@ -51,8 +51,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__split-workflow.yml generated vendored
View file

@ -51,8 +51,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__submit-sarif-failure.yml generated vendored
View file

@ -45,8 +45,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__swift-autobuild.yml generated vendored
View file

@ -41,8 +41,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__swift-custom-build.yml generated vendored
View file

@ -45,8 +45,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__test-autobuild-working-dir.yml generated vendored
View file

@ -41,8 +41,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__test-local-codeql.yml generated vendored
View file

@ -41,8 +41,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__test-proxy.yml generated vendored
View file

@ -41,8 +41,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

6
.github/workflows/__unset-environment.yml generated vendored
View file

@ -27,8 +27,6 @@ jobs:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
version: stable-20230403
- os: ubuntu-latest
version: stable-v2.13.5
- os: ubuntu-latest
@ -37,6 +35,8 @@ jobs:
version: stable-v2.15.5
- os: ubuntu-latest
version: stable-v2.16.6
- os: ubuntu-latest
version: stable-v2.17.6
- os: ubuntu-latest
version: default
- os: ubuntu-latest
@ -55,8 +55,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__upload-ref-sha-input.yml generated vendored
View file

@ -45,8 +45,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

2
.github/workflows/__with-checkout-path.yml generated vendored
View file

@ -45,8 +45,6 @@ jobs:
if: >-
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')

5
.github/workflows/debug-artifacts.yml vendored
View file

@ -22,10 +22,11 @@ jobs:
fail-fast: false
matrix:
version:
- stable-20230403
- stable-v2.13.5
- stable-v2.14.6
- stable-v2.15.5
- stable-v2.16.6
- stable-v2.17.6
- default
- linked
- nightly-latest
@ -70,7 +71,7 @@ jobs:
- name: Check expected artifacts exist
shell: bash
run: |
VERSIONS="stable-20230403 stable-v2.13.5 stable-v2.14.6 stable-v2.15.5 default linked nightly-latest"
VERSIONS="stable-v2.13.5 stable-v2.14.6 stable-v2.15.5 stable-v2.16.6 stable-v2.17.6 default linked nightly-latest"
LANGUAGES="cpp csharp go java javascript python"
for version in $VERSIONS; do
pushd "./my-debug-artifacts-${version//./}"

3
.github/workflows/script/update-required-checks.sh vendored
View file

@ -28,7 +28,8 @@ fi
echo "Getting checks for $GITHUB_SHA"
# Ignore any checks with "https://", CodeQL, LGTM, and Update checks.
CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"
# Also ignore the non-matrixed "Unit Tests" job that only runs on pushes to protected branches.
CHECKS="$(gh api repos/github/codeql-action/commits/"${GITHUB_SHA}"/check-runs --paginate | jq --slurp --compact-output --raw-output '[.[].check_runs | .[].name | select(contains("https://") or . == "CodeQL" or . == "Dependabot" or . == "check-expected-release-files" or . == "Unit Tests" or contains("Update") or contains("update") or contains("test-setup-python-scripts") | not)] | unique | sort')"
echo "$CHECKS" | jq

1
CHANGELOG.md
View file

@ -7,6 +7,7 @@ Note that the only difference between `v2` and `v3` of the CodeQL Action is the
## [UNRELEASED]
- _Deprecation:_ Swift analysis on Ubuntu runner images is no longer supported. Please migrate to a macOS runner if this affects you. [#2403](https://github.com/github/codeql-action/pull/2403)
- Bump the minimum CodeQL bundle version to 2.13.5. [#2408](https://github.com/github/codeql-action/pull/2408)
## 3.25.15 - 26 Jul 2024

1
README.md
View file

@ -44,7 +44,6 @@ We typically release new minor versions of the CodeQL Action and CLI when a new
| `3.22.12` | `2.15.5` | Enterprise Server 3.12 |
| `2.22.1` | `2.14.6` | Enterprise Server 3.11 |
| `2.20.3` | `2.13.5` | Enterprise Server 3.10 |
| `2.2.9` | `2.12.5` | Enterprise Server 3.9 |
CodeQL Action `v2` will stop receiving updates when GHES 3.11 is deprecated.

2
lib/analyze.js generated
View file

@ -192,7 +192,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
return statusReport;
async function runInterpretResults(language, queries, sarifFile, enableDebugLogging) {
const databasePath = util.getCodeQLDatabasePath(config, language);
return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", automationDetailsId, config, features, logger);
return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", automationDetailsId, config, features);
}
/** Get an object with all queries and their counts parsed from a SARIF file path. */
function getPerQueryAlertCounts(sarifPath, log) {

2
lib/analyze.js.map
View file

File diff suppressed because one or more lines are too long

42
lib/codeql.js generated
View file

@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = void 0;
exports.CODEQL_VERSION_SUBLANGUAGE_FILE_COVERAGE = exports.CODEQL_VERSION_ANALYSIS_SUMMARY_V2 = exports.CODEQL_VERSION_LANGUAGE_ALIASING = exports.CODEQL_VERSION_LANGUAGE_BASELINE_CONFIG = void 0;
exports.setupCodeQL = setupCodeQL;
exports.getCodeQL = getCodeQL;
exports.setCodeQL = setCodeQL;
@ -63,7 +63,7 @@ let cachedCodeQL = undefined;
* The version flags below can be used to conditionally enable certain features
* on versions newer than this.
*/
const CODEQL_MINIMUM_VERSION = "2.12.6";
const CODEQL_MINIMUM_VERSION = "2.13.5";
/**
* This version will shortly become the oldest version of CodeQL that the Action will run with.
*/
@ -85,14 +85,6 @@ const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
* For convenience, please keep these in descending order. Once a version
* flag is older than the oldest supported version above, it may be removed.
*/
/**
* Versions 2.13.1+ of the CodeQL CLI fix a bug where diagnostics export could produce invalid SARIF.
*/
exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = "2.13.1";
/**
* Versions 2.13.4+ of the CodeQL CLI support the `resolve build-environment` command.
*/
exports.CODEQL_VERSION_RESOLVE_ENVIRONMENT = "2.13.4";
/**
* Versions 2.14.2+ of the CodeQL CLI support language-specific baseline configuration.
*/
@ -473,20 +465,15 @@ async function getCodeQLForCmd(cmd, checkVersion) {
}
await runTool(cmd, codeqlArgs);
},
async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features, logger) {
async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features) {
const shouldExportDiagnostics = await features.getValue(feature_flags_1.Feature.ExportDiagnosticsEnabled, this);
const shouldWorkaroundInvalidNotifications = shouldExportDiagnostics &&
!(await isDiagnosticsExportInvalidSarifFixed(this));
const codeqlOutputFile = shouldWorkaroundInvalidNotifications
? path.join(config.tempDir, "codeql-intermediate-results.sarif")
: sarifFile;
const codeqlArgs = [
"database",
"interpret-results",
threadsFlag,
"--format=sarif-latest",
verbosityFlag,
`--output=${codeqlOutputFile}`,
`--output=${sarifFile}`,
addSnippetsFlag,
"--print-diagnostics-summary",
"--print-metrics-summary",
@ -521,13 +508,9 @@ async function getCodeQLForCmd(cmd, checkVersion) {
}
// Capture the stdout, which contains the analysis summary. Don't stream it to the Actions
// logs to avoid printing it twice.
const analysisSummary = await runTool(cmd, codeqlArgs, {
return await runTool(cmd, codeqlArgs, {
noStreamStdout: true,
});
if (shouldWorkaroundInvalidNotifications) {
util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
}
return analysisSummary;
},
async databasePrintBaseline(databasePath) {
const codeqlArgs = [
@ -603,18 +586,14 @@ async function getCodeQLForCmd(cmd, checkVersion) {
];
await new toolrunner.ToolRunner(cmd, args).exec();
},
async databaseExportDiagnostics(databasePath, sarifFile, automationDetailsId, tempDir, logger) {
const shouldWorkaroundInvalidNotifications = !(await isDiagnosticsExportInvalidSarifFixed(this));
const codeqlOutputFile = shouldWorkaroundInvalidNotifications
? path.join(tempDir, "codeql-intermediate-results.sarif")
: sarifFile;
async databaseExportDiagnostics(databasePath, sarifFile, automationDetailsId) {
const args = [
"database",
"export-diagnostics",
`${databasePath}`,
"--db-cluster", // Database is always a cluster for CodeQL versions that support diagnostics.
"--format=sarif-latest",
`--output=${codeqlOutputFile}`,
`--output=${sarifFile}`,
"--sarif-include-diagnostics", // ExportDiagnosticsEnabled is always true if this command is run.
"-vvv",
...getExtraOptionsFromEnv(["diagnostics", "export"]),
@ -623,10 +602,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
args.push("--sarif-category", automationDetailsId);
}
await new toolrunner.ToolRunner(cmd, args).exec();
if (shouldWorkaroundInvalidNotifications) {
// Fix invalid notifications in the SARIF file output by CodeQL.
util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
}
},
async diagnosticsExport(sarifFile, automationDetailsId, config) {
const args = [
@ -887,9 +862,6 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) {
function getGeneratedCodeScanningConfigPath(config) {
return path.resolve(config.tempDir, "user-config.yaml");
}
async function isDiagnosticsExportInvalidSarifFixed(codeql) {
return await util.codeQlVersionAtLeast(codeql, exports.CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED);
}
async function getLanguageAliasingArguments(codeql) {
if (await util.codeQlVersionAtLeast(codeql, exports.CODEQL_VERSION_LANGUAGE_ALIASING)) {
return ["--extractor-include-aliases"];

2
lib/codeql.js.map
View file

File diff suppressed because one or more lines are too long

62
lib/codeql.test.js generated
View file

@ -141,35 +141,26 @@ function mockApiDetails(apiDetails) {
});
const EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES = [
{
cliVersion: "2.10.0",
expectedToolcacheVersion: "2.10.0-20200610",
tagName: "codeql-bundle-2.17.6",
expectedToolcacheVersion: "2.17.6",
},
{
cliVersion: "2.10.0-pre",
expectedToolcacheVersion: "0.0.0-20200610",
},
{
cliVersion: "2.10.0+202006100101",
expectedToolcacheVersion: "0.0.0-20200610",
tagName: "codeql-bundle-20240805",
expectedToolcacheVersion: "0.0.0-20240805",
},
];
for (const { cliVersion, expectedToolcacheVersion, } of EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES) {
(0, ava_1.default)(`caches an explicitly requested bundle containing CLI ${cliVersion} as ${expectedToolcacheVersion}`, async (t) => {
for (const { tagName, expectedToolcacheVersion, } of EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES) {
(0, ava_1.default)(`caches explicitly requested bundle ${tagName} as ${expectedToolcacheVersion}`, async (t) => {
await util.withTmpDir(async (tmpDir) => {
(0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
mockApiDetails(testing_utils_1.SAMPLE_DOTCOM_API_DETAILS);
sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
const releaseApiMock = mockReleaseApi({
assetNames: [`cli-version-${cliVersion}.txt`],
tagName: "codeql-bundle-20200610",
});
const url = (0, testing_utils_1.mockBundleDownloadApi)({
tagName: "codeql-bundle-20200610",
tagName,
});
const result = await codeql.setupCodeQL(url, testing_utils_1.SAMPLE_DOTCOM_API_DETAILS, tmpDir, util.GitHubVariant.DOTCOM, testing_utils_1.SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
t.assert(releaseApiMock.isDone(), "Releases API should have been called");
t.assert(toolcache.find("CodeQL", expectedToolcacheVersion));
t.deepEqual(result.toolsVersion, cliVersion);
t.deepEqual(result.toolsVersion, expectedToolcacheVersion);
t.is(result.toolsSource, setup_codeql_1.ToolsSource.Download);
t.assert(Number.isInteger(result.toolsDownloadDurationMs));
});
@ -263,7 +254,7 @@ for (const toolcacheVersion of [
mockApiDetails(testing_utils_1.SAMPLE_DOTCOM_API_DETAILS);
sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
const releasesApiMock = mockReleaseApi({
assetNames: ["cli-version-2.12.6.txt"],
assetNames: ["cli-version-2.13.5.txt"],
tagName: "codeql-bundle-20230203",
});
(0, testing_utils_1.mockBundleDownloadApi)({
@ -451,7 +442,7 @@ const injectedConfigMacro = ava_1.default.macro({
await util.withTmpDir(async (tempDir) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, "/path/to/qlconfig.yml", (0, logging_1.getRunnerLogger)(true));
const args = runnerConstructorStub.firstCall.args[1];
// should have used a config file
@ -466,7 +457,7 @@ const injectedConfigMacro = ava_1.default.macro({
await util.withTmpDir(async (tempDir) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
await codeqlObject.databaseInitCluster({ ...stubConfig, tempDir }, "", undefined, undefined, // undefined qlconfigFile
(0, logging_1.getRunnerLogger)(true));
const args = runnerConstructorStub.firstCall.args[1];
@ -497,7 +488,7 @@ const NEW_ANALYSIS_SUMMARY_TEST_CASES = [
codeqlVersion: (0, testing_utils_1.makeVersionInfo)("2.15.0"),
githubVersion: {
type: util.GitHubVariant.GHES,
version: "3.9.0",
version: "3.10.0",
},
flagPassed: true,
negativeFlagPassed: false,
@ -522,25 +513,12 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
sinon.stub(codeqlObject, "getVersion").resolves(codeqlVersion);
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", Object.assign({}, stubConfig, { gitHubVersion: githubVersion }), (0, testing_utils_1.createFeatures)([]), (0, logging_1.getRunnerLogger)(true));
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", Object.assign({}, stubConfig, { gitHubVersion: githubVersion }), (0, testing_utils_1.createFeatures)([]));
const actualArgs = runnerConstructorStub.firstCall.args[1];
t.is(actualArgs.includes("--new-analysis-summary"), flagPassed, `--new-analysis-summary should${flagPassed ? "" : "n't"} be passed`);
t.is(actualArgs.includes("--no-new-analysis-summary"), negativeFlagPassed, `--no-new-analysis-summary should${negativeFlagPassed ? "" : "n't"} be passed`);
});
}
(0, ava_1.default)("database finalize does not override no code found error on CodeQL 2.12.6", async (t) => {
const cliMessage = "CodeQL did not detect any code written in languages supported by CodeQL. Review our troubleshooting guide at " +
"https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build.";
stubToolRunnerConstructor(32, cliMessage);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {
message: 'Encountered a fatal error while running "codeql-for-testing database finalize --finalize-dataset --threads=2 --ram=2048 db". ' +
`Exit code was 32 and last log line was: ${cliMessage} See the logs for more details.`,
});
});
(0, ava_1.default)("runTool summarizes several fatal errors", async (t) => {
const heapError = "A fatal error occurred: Evaluator heap must be at least 384.00 MiB";
const datasetImportError = "A fatal error occurred: Dataset import for /home/runner/work/_temp/codeql_databases/javascript/db-javascript failed with code 2";
@ -548,7 +526,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
`${heapError}\n${datasetImportError}.`;
stubToolRunnerConstructor(32, cliStderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {
@ -570,7 +548,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
`;
stubToolRunnerConstructor(1, stderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
@ -588,7 +566,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
const stderr = Array.from({ length: 20 }, (_, i) => `[2019-09-18 12:00:00] [autobuild] [ERROR] line${i + 1}`).join("\n");
stubToolRunnerConstructor(1, stderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
@ -608,13 +586,13 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
Severe disk cache trouble (corruption or out of space) at /home/runner/work/_temp/codeql_databases/go/db-go/default/cache/pages/28/33.pack: Failed to write item to disk`;
stubToolRunnerConstructor(1, stderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(async () => await codeqlObject.databaseRunQueries(stubConfig.dbLocation, []), {
instanceOf: cli_errors_1.CommandInvocationError,
message: `Encountered a fatal error while running "codeql-for-testing database run-queries --expect-discarded-cache --min-disk-free=1024 -v". Exit code was 1 and error was: Oops! A fatal internal error occurred. Details:
message: `Encountered a fatal error while running "codeql-for-testing database run-queries --expect-discarded-cache --min-disk-free=1024 -v --intra-layer-parallelism". Exit code was 1 and error was: Oops! A fatal internal error occurred. Details:
com.semmle.util.exception.CatastrophicError: An error occurred while evaluating ControlFlowGraph::ControlFlow::Root.isRootOf/1#dispred#f610e6ed/2@86282cc8
Severe disk cache trouble (corruption or out of space) at /home/runner/work/_temp/codeql_databases/go/db-go/default/cache/pages/28/33.pack: Failed to write item to disk. See the logs for more details.`,
});
@ -623,7 +601,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
const cliStderr = "line1\nline2\nline3\nline4\nline5";
stubToolRunnerConstructor(32, cliStderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(async () => await codeqlObject.finalizeDatabase("db", "--threads=2", "--ram=2048", false), {
@ -635,7 +613,7 @@ for (const { codeqlVersion, flagPassed, githubVersion, negativeFlagPassed, } of
(0, ava_1.default)("Avoids duplicating --overwrite flag if specified in CODEQL_ACTION_EXTRA_OPTIONS", async (t) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
process.env["CODEQL_ACTION_EXTRA_OPTIONS"] =

2
lib/codeql.test.js.map
View file

File diff suppressed because one or more lines are too long

11
lib/feature-flags.js generated
View file

@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
return result;
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.Features = exports.FEATURE_FLAGS_FILE_NAME = exports.featureConfig = exports.Feature = exports.CODEQL_VERSION_FINE_GRAINED_PARALLELISM = exports.CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED = void 0;
exports.Features = exports.FEATURE_FLAGS_FILE_NAME = exports.featureConfig = exports.Feature = exports.CODEQL_VERSION_FINE_GRAINED_PARALLELISM = void 0;
const fs = __importStar(require("fs"));
const path = __importStar(require("path"));
const semver = __importStar(require("semver"));
@ -32,10 +32,6 @@ const defaults = __importStar(require("./defaults.json"));
const util = __importStar(require("./util"));
const DEFAULT_VERSION_FEATURE_FLAG_PREFIX = "default_codeql_version_";
const DEFAULT_VERSION_FEATURE_FLAG_SUFFIX = "_enabled";
/**
* Versions 2.13.4+ of the CodeQL CLI have an associated CodeQL Bundle release that is semantically versioned.
*/
exports.CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED = "2.13.4";
/**
* Evaluator fine-grained parallelism (aka intra-layer parallelism) is only safe to enable in 2.15.1 onwards.
* (Some earlier versions recognize the command-line flag, but they contain a bug which makes it unsafe to use).
@ -213,10 +209,7 @@ class GitHubFeatureFlags {
const response = await this.getAllFeatures();
const enabledFeatureFlagCliVersions = Object.entries(response)
.map(([f, isEnabled]) => isEnabled ? this.getCliVersionFromFeatureFlag(f) : undefined)
.filter((f) => f !== undefined &&
// Only consider versions that have semantically versioned bundles.
semver.gte(f, exports.CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED))
.map((f) => f);
.filter((f) => f !== undefined);
if (enabledFeatureFlagCliVersions.length === 0) {
// We expect at least one default CLI version to be enabled on Dotcom at any time. However if
// the feature flags are misconfigured, rather than crashing, we fall back to the CLI version

2
lib/feature-flags.js.map
View file

File diff suppressed because one or more lines are too long

17
lib/feature-flags.test.js generated
View file

@ -256,7 +256,7 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
});
});
});
(0, ava_1.default)("includes tag name when feature flags enable version greater than v2.13.4", async (t) => {
(0, ava_1.default)("includes tag name", async (t) => {
await (0, util_1.withTmpDir)(async (tmpDir) => {
const features = setUpFeatureFlagTests(tmpDir);
const expectedFeatureEnablement = initializeFeatures(true);
@ -283,21 +283,6 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
});
});
});
(0, ava_1.default)(`selects CLI from defaults.json on Dotcom when default version feature flags are unsupported`, async (t) => {
await (0, util_1.withTmpDir)(async (tmpDir) => {
const features = setUpFeatureFlagTests(tmpDir);
const expectedFeatureEnablement = initializeFeatures(true);
// Doesn't have a semantically versioned bundle
expectedFeatureEnablement["default_codeql_version_2_13_3_enabled"] = true;
(0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
const defaultCliVersion = await features.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM);
t.deepEqual(defaultCliVersion, {
cliVersion: defaults.cliVersion,
tagName: defaults.bundleVersion,
toolsFeatureFlagsValid: false,
});
});
});
(0, ava_1.default)("ignores invalid version numbers in default version feature flags", async (t) => {
await (0, util_1.withTmpDir)(async (tmpDir) => {
const loggedMessages = [];

2
lib/feature-flags.test.js.map
View file

File diff suppressed because one or more lines are too long

2
lib/init-action-post-helper.js generated
View file

@ -74,7 +74,7 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
}
else {
// We call 'database export-diagnostics' to find any per-database diagnostics.
await codeql.databaseExportDiagnostics(databasePath, sarifFile, category, config.tempDir, logger);
await codeql.databaseExportDiagnostics(databasePath, sarifFile, category);
}
logger.info(`Uploading failed SARIF file ${sarifFile}`);
const uploadResult = await uploadLib.uploadFiles(sarifFile, checkoutPath, category, features, logger);

2
lib/init-action-post-helper.js.map
View file

File diff suppressed because one or more lines are too long

4
lib/init-action-post-helper.test.js generated
View file

@ -315,7 +315,7 @@ async function testFailedSarifUpload(t, actionsWorkflow, { category, databaseExi
.returns(JSON.stringify(matrix));
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeql, "getCodeQL").resolves(codeqlObject);
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves((0, testing_utils_1.makeVersionInfo)("2.17.6"));
const databaseExportDiagnosticsStub = sinon.stub(codeqlObject, "databaseExportDiagnostics");
const diagnosticsExportStub = sinon.stub(codeqlObject, "diagnosticsExport");
sinon.stub(workflow, "getWorkflow").resolves(actionsWorkflow);
@ -337,7 +337,7 @@ async function testFailedSarifUpload(t, actionsWorkflow, { category, databaseExi
zipped_upload_size_bytes: 10,
});
if (databaseExists && exportDiagnosticsEnabled) {
t.true(databaseExportDiagnosticsStub.calledOnceWith(config.dbLocation, sinon.match.string, category, sinon.match.any, sinon.match.any), `Actual args were: ${databaseExportDiagnosticsStub.args}`);
t.true(databaseExportDiagnosticsStub.calledOnceWith(config.dbLocation, sinon.match.string, category), `Actual args were: ${databaseExportDiagnosticsStub.args}`);
}
else {
t.true(diagnosticsExportStub.calledOnceWith(sinon.match.string, category, config), `Actual args were: ${diagnosticsExportStub.args}`);

2
lib/init-action-post-helper.test.js.map
View file

File diff suppressed because one or more lines are too long

10
lib/init-action.js generated
View file

@ -255,8 +255,7 @@ async function run() {
core.exportVariable("CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN", "true");
}
const kotlinLimitVar = "CODEQL_EXTRACTOR_KOTLIN_OVERRIDE_MAXIMUM_VERSION_LIMIT";
if ((await (0, util_1.codeQlVersionAtLeast)(codeql, "2.13.4")) &&
!(await (0, util_1.codeQlVersionAtLeast)(codeql, "2.14.4"))) {
if (!(await (0, util_1.codeQlVersionAtLeast)(codeql, "2.14.4"))) {
core.exportVariable(kotlinLimitVar, "1.9.20");
}
if (config.languages.includes(languages_1.Language.java) &&
@ -297,7 +296,7 @@ async function run() {
}
// From 2.16.0 the default for the python extractor is to not perform any
// dependency extraction. For versions before that, you needed to set this flag to
// enable this behavior (supported since 2.13.1).
// enable this behavior.
if (await (0, util_1.codeQlVersionAtLeast)(codeql, "2.17.1")) {
// disabled by default, no warning
}
@ -305,11 +304,8 @@ async function run() {
// disabled by default, prints warning if environment variable is not set
core.exportVariable("CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION", "true");
}
else if (await (0, util_1.codeQlVersionAtLeast)(codeql, "2.13.1")) {
core.exportVariable("CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION", "true");
}
else {
logger.warning(`CodeQL Action versions 3.25.0 and later, and versions 2.25.0 and later no longer install Python dependencies. We recommend upgrading to at least CodeQL Bundle 2.16.0 to avoid any potential problems due to this (you are currently using ${(await codeql.getVersion()).version}). Alternatively, we recommend downgrading the CodeQL Action to version 3.24.10 (for customers using GitHub.com or GitHub Enterprise Server v3.12 or later) or 2.24.10 (for customers using GitHub Enterprise Server v3.11 or earlier).`);
core.exportVariable("CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION", "true");
}
if ((0, actions_util_1.getOptionalInput)("setup-python-dependencies") !== undefined) {
logger.warning("The setup-python-dependencies input is deprecated and no longer has any effect. We recommend removing any references from your workflows. See https://github.blog/changelog/2024-01-23-codeql-2-16-python-dependency-installation-disabled-new-queries-and-bug-fixes/ for more information.");

2
lib/init-action.js.map
View file

File diff suppressed because one or more lines are too long

15
lib/resolve-environment.js generated
View file

@ -40,19 +40,10 @@ async function runResolveBuildEnvironment(cmd, logger, workingDir, languageInput
}
language = parsedLanguage;
}
let result = {};
// If the CodeQL version in use does not support the `resolve build-environment`
// command, just return an empty configuration. Otherwise invoke the CLI.
if (!(await util.codeQlVersionAtLeast(codeql, codeql_1.CODEQL_VERSION_RESOLVE_ENVIRONMENT))) {
logger.warning("Unsupported CodeQL CLI version for `resolve build-environment` command, " +
"returning an empty configuration.");
}
else {
if (workingDir !== undefined) {
logger.info(`Using ${workingDir} as the working directory.`);
}
result = await codeql.resolveBuildEnvironment(workingDir, language);
if (workingDir !== undefined) {
logger.info(`Using ${workingDir} as the working directory.`);
}
const result = await codeql.resolveBuildEnvironment(workingDir, language);
logger.endGroup();
return result;
}

2
lib/resolve-environment.js.map
View file

@ -1 +1 @@
{"version":3,"file":"resolve-environment.js","sourceRoot":"","sources":["../src/resolve-environment.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AASA,gEAmDC;AA5DD,qCAIkB;AAClB,2CAA4C;AAE5C,6CAA+B;AAExB,KAAK,UAAU,0BAA0B,CAC9C,GAAW,EACX,MAAc,EACd,UAA8B,EAC9B,aAAqB;IAErB,MAAM,CAAC,UAAU,CACf,+CAA+C,aAAa,EAAE,CAC/D,CAAC;IAEF,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,GAAG,CAAC,CAAC;IAEpC,IAAI,QAAQ,GAAG,aAAa,CAAC;IAC7B,6FAA6F;IAC7F,mFAAmF;IACnF,IACE,CAAC,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,MAAM,EAAE,yCAAgC,CAAC,CAAC,EAC5E,CAAC;QACD,MAAM,cAAc,GAAG,IAAA,yBAAa,EAAC,aAAa,CAAC,EAAE,QAAQ,EAAE,CAAC;QAChE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YACjC,MAAM,IAAI,IAAI,CAAC,kBAAkB,CAC/B,mCAAmC,aAAa,IAAI,CACrD,CAAC;QACJ,CAAC;QACD,QAAQ,GAAG,cAAc,CAAC;IAC5B,CAAC;IAED,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,gFAAgF;IAChF,yEAAyE;IACzE,IACE,CAAC,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAC/B,MAAM,EACN,2CAAkC,CACnC,CAAC,EACF,CAAC;QACD,MAAM,CAAC,OAAO,CACZ,0EAA0E;YACxE,mCAAmC,CACtC,CAAC;IACJ,CAAC;SAAM,CAAC;QACN,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;YAC7B,MAAM,CAAC,IAAI,CAAC,SAAS,UAAU,4BAA4B,CAAC,CAAC;QAC/D,CAAC;QAED,MAAM,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACtE,CAAC;IAED,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC"}
{"version":3,"file":"resolve-environment.js","sourceRoot":"","sources":["../src/resolve-environment.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;AAKA,gEAmCC;AAxCD,qCAAuE;AACvE,2CAA4C;AAE5C,6CAA+B;AAExB,KAAK,UAAU,0BAA0B,CAC9C,GAAW,EACX,MAAc,EACd,UAA8B,EAC9B,aAAqB;IAErB,MAAM,CAAC,UAAU,CACf,+CAA+C,aAAa,EAAE,CAC/D,CAAC;IAEF,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,GAAG,CAAC,CAAC;IAEpC,IAAI,QAAQ,GAAG,aAAa,CAAC;IAC7B,6FAA6F;IAC7F,mFAAmF;IACnF,IACE,CAAC,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,MAAM,EAAE,yCAAgC,CAAC,CAAC,EAC5E,CAAC;QACD,MAAM,cAAc,GAAG,IAAA,yBAAa,EAAC,aAAa,CAAC,EAAE,QAAQ,EAAE,CAAC;QAChE,IAAI,cAAc,KAAK,SAAS,EAAE,CAAC;YACjC,MAAM,IAAI,IAAI,CAAC,kBAAkB,CAC/B,mCAAmC,aAAa,IAAI,CACrD,CAAC;QACJ,CAAC;QACD,QAAQ,GAAG,cAAc,CAAC;IAC5B,CAAC;IAED,IAAI,UAAU,KAAK,SAAS,EAAE,CAAC;QAC7B,MAAM,CAAC,IAAI,CAAC,SAAS,UAAU,4BAA4B,CAAC,CAAC;IAC/D,CAAC;IAED,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,uBAAuB,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IAE1E,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC"}

55
lib/setup-codeql.js generated
View file

@ -28,7 +28,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
Object.defineProperty(exports, "__esModule", { value: true });
exports.downloadCodeQL = exports.CODEQL_DEFAULT_ACTION_REPOSITORY = exports.ToolsSource = void 0;
exports.getCodeQLActionRepository = getCodeQLActionRepository;
exports.tryFindCliVersionDotcomOnly = tryFindCliVersionDotcomOnly;
exports.tryGetBundleVersionFromUrl = tryGetBundleVersionFromUrl;
exports.convertToSemVer = convertToSemVer;
exports.getCodeQLSource = getCodeQLSource;
@ -49,7 +48,6 @@ const api = __importStar(require("./api-client"));
// creation scripts. Ensure that any changes to the format of this file are compatible with both of
// these dependents.
const defaults = __importStar(require("./defaults.json"));
const feature_flags_1 = require("./feature-flags");
const util = __importStar(require("./util"));
const util_1 = require("./util");
var ToolsSource;
@ -87,38 +85,6 @@ function getCodeQLActionRepository(logger) {
}
return util.getRequiredEnvParam("GITHUB_ACTION_REPOSITORY");
}
function tryGetCodeQLCliVersionForRelease(release, logger) {
const cliVersionsFromMarkerFiles = release.assets
.map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1])
.filter((v) => v)
.map((v) => v);
if (cliVersionsFromMarkerFiles.length > 1) {
logger.warning(`Ignoring release ${release.tag_name} with multiple CLI version marker files.`);
return undefined;
}
else if (cliVersionsFromMarkerFiles.length === 0) {
logger.debug(`Failed to find the CodeQL CLI version for release ${release.tag_name}.`);
return undefined;
}
return cliVersionsFromMarkerFiles[0];
}
async function tryFindCliVersionDotcomOnly(tagName, logger) {
try {
logger.debug(`Fetching the GitHub Release for the CodeQL bundle tagged ${tagName}.`);
const apiClient = api.getApiClient();
const codeQLActionRepository = getCodeQLActionRepository(logger);
const release = await apiClient.rest.repos.getReleaseByTag({
owner: codeQLActionRepository.split("/")[0],
repo: codeQLActionRepository.split("/")[1],
tag: tagName,
});
return tryGetCodeQLCliVersionForRelease(release.data, logger);
}
catch (e) {
logger.debug(`Failed to find the CLI version for the CodeQL bundle tagged ${tagName}. ${(0, util_1.wrapError)(e).message}`);
return undefined;
}
}
async function getCodeQLBundleDownloadURL(tagName, apiDetails, logger) {
const codeQLActionRepository = getCodeQLActionRepository(logger);
const potentialDownloadSources = [
@ -400,7 +366,7 @@ async function tryGetFallbackToolcacheVersion(cliVersion, tagName, logger) {
}
// Exported using `export const` for testing purposes. Specifically, we want to
// be able to stub this function and have other functions in this file use that stub.
const downloadCodeQL = async function (codeqlURL, maybeBundleVersion, maybeCliVersion, apiDetails, variant, tempDir, logger) {
const downloadCodeQL = async function (codeqlURL, maybeBundleVersion, maybeCliVersion, apiDetails, tempDir, logger) {
const parsedCodeQLURL = new URL(codeqlURL);
const searchParams = new URLSearchParams(parsedCodeQLURL.search);
const headers = {
@ -445,12 +411,6 @@ const downloadCodeQL = async function (codeqlURL, maybeBundleVersion, maybeCliVe
toolsDownloadDurationMs,
};
}
// Try to compute the CLI version for this bundle
if (maybeCliVersion === undefined &&
variant === util.GitHubVariant.DOTCOM &&
codeqlURL.includes(`/${exports.CODEQL_DEFAULT_ACTION_REPOSITORY}/`)) {
maybeCliVersion = await tryFindCliVersionDotcomOnly(`codeql-bundle-${bundleVersion}`, logger);
}
logger.debug("Caching CodeQL bundle.");
const toolcacheVersion = getCanonicalToolcacheVersion(maybeCliVersion, bundleVersion, logger);
const toolcachedBundlePath = await toolcache.cacheDir(extractedBundlePath, "CodeQL", toolcacheVersion);
@ -490,14 +450,9 @@ function getCanonicalToolcacheVersion(cliVersion, bundleVersion, logger) {
if (!cliVersion?.match(/^[0-9]+\.[0-9]+\.[0-9]+$/)) {
return convertToSemVer(bundleVersion, logger);
}
// If the bundle is semantically versioned, it can be looked up based on just the CLI version
// number, so version it in the toolcache using just the CLI version number.
if (semver.gte(cliVersion, feature_flags_1.CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED)) {
return cliVersion;
}
// Include both the CLI version and the bundle version in the toolcache version number. That way
// we can find the bundle in the toolcache based on either the CLI version or the bundle version.
return `${cliVersion}-${bundleVersion}`;
// Bundles are now semantically versioned and can be looked up based on just the CLI version
// number, so we can version them in the toolcache using just the CLI version number.
return cliVersion;
}
/**
* Obtains the CodeQL bundle, installs it in the toolcache if appropriate, and extracts it.
@ -529,7 +484,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau
toolsSource = ToolsSource.Toolcache;
break;
case "download": {
const result = await (0, exports.downloadCodeQL)(source.codeqlURL, source.bundleVersion, source.cliVersion, apiDetails, variant, tempDir, logger);
const result = await (0, exports.downloadCodeQL)(source.codeqlURL, source.bundleVersion, source.cliVersion, apiDetails, tempDir, logger);
toolsVersion = result.toolsVersion;
codeqlFolder = result.codeqlFolder;
toolsDownloadDurationMs = result.toolsDownloadDurationMs;

2
lib/setup-codeql.js.map
View file

File diff suppressed because one or more lines are too long

2
node_modules/.package-lock.json generated vendored
View file

@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "3.25.16",
"version": "3.26.0",
"lockfileVersion": 3,
"requires": true,
"packages": {

4
package-lock.json generated
View file

@ -1,12 +1,12 @@
{
"name": "codeql",
"version": "3.25.16",
"version": "3.26.0",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "codeql",
"version": "3.25.16",
"version": "3.26.0",
"license": "MIT",
"dependencies": {
"@actions/artifact": "^1.1.2",

2
package.json
View file

@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "3.25.16",
"version": "3.26.0",
"private": true,
"description": "CodeQL action",
"scripts": {

24
pr-checks/checks/diagnostics-export.yml
View file

@ -1,8 +1,6 @@
name: "Diagnostic export"
description: "Tests that manually added diagnostics are correctly exported to SARIF."
# Test on 2.12.6 (which requires a workaround in the Action), the latest release, and the latest
# nightly.
versions: ["stable-20230403", "linked", "nightly-latest"]
versions: ["linked", "nightly-latest"]
env:
CODEQL_ACTION_EXPORT_DIAGNOSTICS: true
steps:
@ -16,17 +14,13 @@ steps:
env:
CODEQL_PATH: ${{ steps.init.outputs.codeql-path }}
run: |
for i in {1..2}; do
# Use the same location twice to test the workaround for the bug in CodeQL CLI 2.12.6 that
# produces an invalid diagnostic with multiple identical location objects.
"$CODEQL_PATH" database add-diagnostic \
"$RUNNER_TEMP/codeql_databases/javascript" \
--file-path /path/to/file \
--plaintext-message "Plaintext message $i" \
--source-id "lang/diagnostics/example" \
--source-name "Diagnostic name" \
--ready-for-status-page
done
"$CODEQL_PATH" database add-diagnostic \
"$RUNNER_TEMP/codeql_databases/javascript" \
--file-path /path/to/file \
--plaintext-message "Plaintext message" \
--source-id "lang/diagnostics/example" \
--source-name "Diagnostic name" \
--ready-for-status-page
- uses: ./../action/analyze
with:
output: "${{ runner.temp }}/results"
@ -46,7 +40,7 @@ steps:
const fs = require('fs');
function checkStatusPageNotification(n) {
const expectedMessage = 'Plaintext message 1\n\nCodeQL also found 1 other diagnostic like this. See the workflow log for details.';
const expectedMessage = 'Plaintext message';
if (n.message.text !== expectedMessage) {
core.setFailed(`Expected the status page diagnostic to have the message '${expectedMessage}', but found '${n.message.text}'.`);
}

2
pr-checks/checks/multi-language-autodetect.yml
View file

@ -68,7 +68,7 @@ steps:
fi
- name: Check language autodetect for Swift on MacOS
if: runner.os == 'macOS' && matrix.version != 'stable-20230403'
if: runner.os == 'macOS'
shell: bash
run: |
SWIFT_DB=${{ fromJson(steps.analysis.outputs.db-locations).swift }}

8
pr-checks/checks/resolve-environment-action.yml
View file

@ -1,10 +1,10 @@
name: "Resolve environment"
description: "Tests that the resolve-environment action works for Go and JavaScript/TypeScript"
versions: ["stable-v2.13.4", "default", "linked", "nightly-latest"]
versions: ["stable-v2.13.5", "default", "linked", "nightly-latest"]
steps:
- uses: ./../action/init
with:
languages: ${{ matrix.version == 'stable-v2.13.4' && 'go' || 'go,javascript-typescript' }}
languages: ${{ matrix.version == 'stable-v2.13.5' && 'go' || 'go,javascript-typescript' }}
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Resolve environment for Go
@ -18,12 +18,12 @@ steps:
run: exit 1
- name: Resolve environment for JavaScript/TypeScript
if: matrix.version != 'stable-v2.13.4'
if: matrix.version != 'stable-v2.13.5'
uses: ./../action/resolve-environment
id: resolve-environment-js
with:
language: javascript-typescript
- name: Fail if JavaScript/TypeScript configuration present
if: matrix.version != 'stable-v2.13.4' && fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript
if: matrix.version != 'stable-v2.13.5' && fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript
run: exit 1

15
pr-checks/sync.py
View file

@ -7,16 +7,16 @@ import textwrap
# The default set of CodeQL Bundle versions to use for the PR checks.
defaultTestVersions = [
# The oldest supported CodeQL version: 2.12.6. If bumping, update `CODEQL_MINIMUM_VERSION` in `codeql.ts`
"stable-20230403",
# The last CodeQL release in the 2.13 series: 2.13.5.
# The oldest supported CodeQL version. If bumping, update `CODEQL_MINIMUM_VERSION` in `codeql.ts`
"stable-v2.13.5",
# The last CodeQL release in the 2.14 series: 2.14.6.
# The last CodeQL release in the 2.14 series.
"stable-v2.14.6",
# The last CodeQL release in the 2.15 series: 2.15.5.
# The last CodeQL release in the 2.15 series.
"stable-v2.15.5",
# The last CodeQL release in the 2.16 series: 2.16.6.
# The last CodeQL release in the 2.16 series.
"stable-v2.16.6",
# The last CodeQL release in the 2.17 series.
"stable-v2.17.6",
# The default version of CodeQL for Dotcom, as determined by feature flags.
"default",
# The version of CodeQL shipped with the Action in `defaults.json`. During the release process
@ -78,7 +78,7 @@ for file in (this_dir / 'checks').glob('*.yml'):
# Prior to CLI v2.15.1, ARM runners were not supported by the build tracer.
# "macos-latest" is now an ARM runner, so we run tests on the old CLIs on Intel runners instead.
if version in ["stable-20230403", "stable-v2.13.4", "stable-v2.13.5", "stable-v2.14.6"] and runnerImage == "macos-latest":
if version in ["stable-v2.13.5", "stable-v2.14.6"] and runnerImage == "macos-latest":
matrix.append({
'os': "macos-12",
'version': version
@ -101,7 +101,6 @@ for file in (this_dir / 'checks').glob('*.yml'):
# of the generated workflow.
'if': FoldedScalarString(textwrap.dedent('''
runner.os == 'macOS' && (
matrix.version == 'stable-20230403' ||
matrix.version == 'stable-v2.13.5' ||
matrix.version == 'stable-v2.14.6')
''').strip()),

1
src/analyze.ts
View file

@ -339,7 +339,6 @@ export async function runQueries(
automationDetailsId,
config,
features,
logger,
);
}

74
src/codeql.test.ts
View file

@ -197,36 +197,28 @@ test("downloads an explicitly requested bundle even if a different version is ca
const EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES = [
{
cliVersion: "2.10.0",
expectedToolcacheVersion: "2.10.0-20200610",
tagName: "codeql-bundle-2.17.6",
expectedToolcacheVersion: "2.17.6",
},
{
cliVersion: "2.10.0-pre",
expectedToolcacheVersion: "0.0.0-20200610",
},
{
cliVersion: "2.10.0+202006100101",
expectedToolcacheVersion: "0.0.0-20200610",
tagName: "codeql-bundle-20240805",
expectedToolcacheVersion: "0.0.0-20240805",
},
];
for (const {
cliVersion,
tagName,
expectedToolcacheVersion,
} of EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES) {
test(`caches an explicitly requested bundle containing CLI ${cliVersion} as ${expectedToolcacheVersion}`, async (t) => {
test(`caches explicitly requested bundle ${tagName} as ${expectedToolcacheVersion}`, async (t) => {
await util.withTmpDir(async (tmpDir) => {
setupActionsVars(tmpDir, tmpDir);
mockApiDetails(SAMPLE_DOTCOM_API_DETAILS);
sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
const releaseApiMock = mockReleaseApi({
assetNames: [`cli-version-${cliVersion}.txt`],
tagName: "codeql-bundle-20200610",
});
const url = mockBundleDownloadApi({
tagName: "codeql-bundle-20200610",
tagName,
});
const result = await codeql.setupCodeQL(
@ -238,9 +230,8 @@ for (const {
getRunnerLogger(true),
false,
);
t.assert(releaseApiMock.isDone(), "Releases API should have been called");
t.assert(toolcache.find("CodeQL", expectedToolcacheVersion));
t.deepEqual(result.toolsVersion, cliVersion);
t.deepEqual(result.toolsVersion, expectedToolcacheVersion);
t.is(result.toolsSource, ToolsSource.Download);
t.assert(Number.isInteger(result.toolsDownloadDurationMs));
});
@ -386,7 +377,7 @@ test("bundle URL from another repo is cached as 0.0.0-bundleVersion", async (t)
mockApiDetails(SAMPLE_DOTCOM_API_DETAILS);
sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
const releasesApiMock = mockReleaseApi({
assetNames: ["cli-version-2.12.6.txt"],
assetNames: ["cli-version-2.13.5.txt"],
tagName: "codeql-bundle-20230203",
});
mockBundleDownloadApi({
@ -689,7 +680,7 @@ test("passes a code scanning config AND qlconfig to the CLI", async (t: Executio
await util.withTmpDir(async (tempDir) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.17.6"));
await codeqlObject.databaseInitCluster(
{ ...stubConfig, tempDir },
@ -718,7 +709,7 @@ test("does not pass a qlconfig to the CLI when it is undefined", async (t: Execu
await util.withTmpDir(async (tempDir) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.17.6"));
await codeqlObject.databaseInitCluster(
{ ...stubConfig, tempDir },
@ -759,7 +750,7 @@ const NEW_ANALYSIS_SUMMARY_TEST_CASES = [
codeqlVersion: makeVersionInfo("2.15.0"),
githubVersion: {
type: util.GitHubVariant.GHES,
version: "3.9.0",
version: "3.10.0",
},
flagPassed: true,
negativeFlagPassed: false,
@ -804,7 +795,6 @@ for (const {
"",
Object.assign({}, stubConfig, { gitHubVersion: githubVersion }),
createFeatures([]),
getRunnerLogger(true),
);
const actualArgs = runnerConstructorStub.firstCall.args[1] as string[];
t.is(
@ -822,32 +812,6 @@ for (const {
});
}
test("database finalize does not override no code found error on CodeQL 2.12.6", async (t) => {
const cliMessage =
"CodeQL did not detect any code written in languages supported by CodeQL. Review our troubleshooting guide at " +
"https://gh.io/troubleshooting-code-scanning/no-source-code-seen-during-build.";
stubToolRunnerConstructor(32, cliMessage);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
await t.throwsAsync(
async () =>
await codeqlObject.finalizeDatabase(
"db",
"--threads=2",
"--ram=2048",
false,
),
{
message:
'Encountered a fatal error while running "codeql-for-testing database finalize --finalize-dataset --threads=2 --ram=2048 db". ' +
`Exit code was 32 and last log line was: ${cliMessage} See the logs for more details.`,
},
);
});
test("runTool summarizes several fatal errors", async (t) => {
const heapError =
"A fatal error occurred: Evaluator heap must be at least 384.00 MiB";
@ -858,7 +822,7 @@ test("runTool summarizes several fatal errors", async (t) => {
`${heapError}\n${datasetImportError}.`;
stubToolRunnerConstructor(32, cliStderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.17.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
@ -899,7 +863,7 @@ test("runTool summarizes autobuilder errors", async (t) => {
`;
stubToolRunnerConstructor(1, stderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.17.6"));
sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
@ -926,7 +890,7 @@ test("runTool truncates long autobuilder errors", async (t) => {
).join("\n");
stubToolRunnerConstructor(1, stderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.17.6"));
sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
@ -954,7 +918,7 @@ test("runTool recognizes fatal internal errors", async (t) => {
Severe disk cache trouble (corruption or out of space) at /home/runner/work/_temp/codeql_databases/go/db-go/default/cache/pages/28/33.pack: Failed to write item to disk`;
stubToolRunnerConstructor(1, stderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.17.6"));
sinon.stub(codeqlObject, "resolveExtractor").resolves("/path/to/extractor");
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
@ -964,7 +928,7 @@ test("runTool recognizes fatal internal errors", async (t) => {
await codeqlObject.databaseRunQueries(stubConfig.dbLocation, []),
{
instanceOf: CommandInvocationError,
message: `Encountered a fatal error while running "codeql-for-testing database run-queries --expect-discarded-cache --min-disk-free=1024 -v". Exit code was 1 and error was: Oops! A fatal internal error occurred. Details:
message: `Encountered a fatal error while running "codeql-for-testing database run-queries --expect-discarded-cache --min-disk-free=1024 -v --intra-layer-parallelism". Exit code was 1 and error was: Oops! A fatal internal error occurred. Details:
com.semmle.util.exception.CatastrophicError: An error occurred while evaluating ControlFlowGraph::ControlFlow::Root.isRootOf/1#dispred#f610e6ed/2@86282cc8
Severe disk cache trouble (corruption or out of space) at /home/runner/work/_temp/codeql_databases/go/db-go/default/cache/pages/28/33.pack: Failed to write item to disk. See the logs for more details.`,
},
@ -975,7 +939,7 @@ test("runTool outputs last line of stderr if fatal error could not be found", as
const cliStderr = "line1\nline2\nline3\nline4\nline5";
stubToolRunnerConstructor(32, cliStderr);
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.17.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");
@ -1000,7 +964,7 @@ test("runTool outputs last line of stderr if fatal error could not be found", as
test("Avoids duplicating --overwrite flag if specified in CODEQL_ACTION_EXTRA_OPTIONS", async (t) => {
const runnerConstructorStub = stubToolRunnerConstructor();
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.17.6"));
// safeWhich throws because of the test CodeQL object.
sinon.stub(safeWhich, "safeWhich").resolves("");

55
src/codeql.ts
View file

@ -168,7 +168,6 @@ export interface CodeQL {
automationDetailsId: string | undefined,
config: Config,
features: FeatureEnablement,
logger: Logger,
): Promise<string>;
/**
* Run 'codeql database print-baseline'.
@ -184,8 +183,6 @@ export interface CodeQL {
databasePath: string,
sarifFile: string,
automationDetailsId: string | undefined,
tempDir: string,
logger: Logger,
): Promise<void>;
/**
* Run 'codeql diagnostics export'.
@ -277,7 +274,7 @@ let cachedCodeQL: CodeQL | undefined = undefined;
* The version flags below can be used to conditionally enable certain features
* on versions newer than this.
*/
const CODEQL_MINIMUM_VERSION = "2.12.6";
const CODEQL_MINIMUM_VERSION = "2.13.5";
/**
* This version will shortly become the oldest version of CodeQL that the Action will run with.
@ -305,16 +302,6 @@ const EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
* flag is older than the oldest supported version above, it may be removed.
*/
/**
* Versions 2.13.1+ of the CodeQL CLI fix a bug where diagnostics export could produce invalid SARIF.
*/
export const CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED = "2.13.1";
/**
* Versions 2.13.4+ of the CodeQL CLI support the `resolve build-environment` command.
*/
export const CODEQL_VERSION_RESOLVE_ENVIRONMENT = "2.13.4";
/**
* Versions 2.14.2+ of the CodeQL CLI support language-specific baseline configuration.
*/
@ -846,25 +833,18 @@ export async function getCodeQLForCmd(
automationDetailsId: string | undefined,
config: Config,
features: FeatureEnablement,
logger: Logger,
): Promise<string> {
const shouldExportDiagnostics = await features.getValue(
Feature.ExportDiagnosticsEnabled,
this,
);
const shouldWorkaroundInvalidNotifications =
shouldExportDiagnostics &&
!(await isDiagnosticsExportInvalidSarifFixed(this));
const codeqlOutputFile = shouldWorkaroundInvalidNotifications
? path.join(config.tempDir, "codeql-intermediate-results.sarif")
: sarifFile;
const codeqlArgs = [
"database",
"interpret-results",
threadsFlag,
"--format=sarif-latest",
verbosityFlag,
`--output=${codeqlOutputFile}`,
`--output=${sarifFile}`,
addSnippetsFlag,
"--print-diagnostics-summary",
"--print-metrics-summary",
@ -912,15 +892,9 @@ export async function getCodeQLForCmd(
}
// Capture the stdout, which contains the analysis summary. Don't stream it to the Actions
// logs to avoid printing it twice.
const analysisSummary = await runTool(cmd, codeqlArgs, {
return await runTool(cmd, codeqlArgs, {
noStreamStdout: true,
});
if (shouldWorkaroundInvalidNotifications) {
util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
}
return analysisSummary;
},
async databasePrintBaseline(databasePath: string): Promise<string> {
const codeqlArgs = [
@ -1016,21 +990,14 @@ export async function getCodeQLForCmd(
databasePath: string,
sarifFile: string,
automationDetailsId: string | undefined,
tempDir: string,
logger: Logger,
): Promise<void> {
const shouldWorkaroundInvalidNotifications =
!(await isDiagnosticsExportInvalidSarifFixed(this));
const codeqlOutputFile = shouldWorkaroundInvalidNotifications
? path.join(tempDir, "codeql-intermediate-results.sarif")
: sarifFile;
const args = [
"database",
"export-diagnostics",
`${databasePath}`,
"--db-cluster", // Database is always a cluster for CodeQL versions that support diagnostics.
"--format=sarif-latest",
`--output=${codeqlOutputFile}`,
`--output=${sarifFile}`,
"--sarif-include-diagnostics", // ExportDiagnosticsEnabled is always true if this command is run.
"-vvv",
...getExtraOptionsFromEnv(["diagnostics", "export"]),
@ -1039,11 +1006,6 @@ export async function getCodeQLForCmd(
args.push("--sarif-category", automationDetailsId);
}
await new toolrunner.ToolRunner(cmd, args).exec();
if (shouldWorkaroundInvalidNotifications) {
// Fix invalid notifications in the SARIF file output by CodeQL.
util.fixInvalidNotificationsInFile(codeqlOutputFile, sarifFile, logger);
}
},
async diagnosticsExport(
sarifFile: string,
@ -1385,15 +1347,6 @@ export function getGeneratedCodeScanningConfigPath(config: Config): string {
return path.resolve(config.tempDir, "user-config.yaml");
}
async function isDiagnosticsExportInvalidSarifFixed(
codeql: CodeQL,
): Promise<boolean> {
return await util.codeQlVersionAtLeast(
codeql,
CODEQL_VERSION_DIAGNOSTICS_EXPORT_FIXED,
);
}
async function getLanguageAliasingArguments(codeql: CodeQL): Promise<string[]> {
if (
await util.codeQlVersionAtLeast(codeql, CODEQL_VERSION_LANGUAGE_ALIASING)

21
src/feature-flags.test.ts
View file

@ -404,7 +404,7 @@ test("selects CLI v2.20.1 on Dotcom when feature flags enable v2.20.0 and v2.20.
});
});
test("includes tag name when feature flags enable version greater than v2.13.4", async (t) => {
test("includes tag name", async (t) => {
await withTmpDir(async (tmpDir) => {
const features = setUpFeatureFlagTests(tmpDir);
const expectedFeatureEnablement = initializeFeatures(true);
@ -439,25 +439,6 @@ test(`selects CLI from defaults.json on Dotcom when no default version feature f
});
});
test(`selects CLI from defaults.json on Dotcom when default version feature flags are unsupported`, async (t) => {
await withTmpDir(async (tmpDir) => {
const features = setUpFeatureFlagTests(tmpDir);
const expectedFeatureEnablement = initializeFeatures(true);
// Doesn't have a semantically versioned bundle
expectedFeatureEnablement["default_codeql_version_2_13_3_enabled"] = true;
mockFeatureFlagApiEndpoint(200, expectedFeatureEnablement);
const defaultCliVersion = await features.getDefaultCliVersion(
GitHubVariant.DOTCOM,
);
t.deepEqual(defaultCliVersion, {
cliVersion: defaults.cliVersion,
tagName: defaults.bundleVersion,
toolsFeatureFlagsValid: false,
});
});
});
test("ignores invalid version numbers in default version feature flags", async (t) => {
await withTmpDir(async (tmpDir) => {
const loggedMessages = [];

13
src/feature-flags.ts
View file

@ -14,11 +14,6 @@ import * as util from "./util";
const DEFAULT_VERSION_FEATURE_FLAG_PREFIX = "default_codeql_version_";
const DEFAULT_VERSION_FEATURE_FLAG_SUFFIX = "_enabled";
/**
* Versions 2.13.4+ of the CodeQL CLI have an associated CodeQL Bundle release that is semantically versioned.
*/
export const CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED = "2.13.4";
/**
* Evaluator fine-grained parallelism (aka intra-layer parallelism) is only safe to enable in 2.15.1 onwards.
* (Some earlier versions recognize the command-line flag, but they contain a bug which makes it unsafe to use).
@ -323,13 +318,7 @@ class GitHubFeatureFlags {
.map(([f, isEnabled]) =>
isEnabled ? this.getCliVersionFromFeatureFlag(f) : undefined,
)
.filter(
(f) =>
f !== undefined &&
// Only consider versions that have semantically versioned bundles.
semver.gte(f, CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED),
)
.map((f) => f as string);
.filter((f): f is string => f !== undefined);
if (enabledFeatureFlagCliVersions.length === 0) {
// We expect at least one default CLI version to be enabled on Dotcom at any time. However if

4
src/init-action-post-helper.test.ts
View file

@ -359,7 +359,7 @@ async function testFailedSarifUpload(
const codeqlObject = await codeql.getCodeQLForTesting();
sinon.stub(codeql, "getCodeQL").resolves(codeqlObject);
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.12.6"));
sinon.stub(codeqlObject, "getVersion").resolves(makeVersionInfo("2.17.6"));
const databaseExportDiagnosticsStub = sinon.stub(
codeqlObject,
"databaseExportDiagnostics",
@ -398,8 +398,6 @@ async function testFailedSarifUpload(
config.dbLocation,
sinon.match.string,
category,
sinon.match.any,
sinon.match.any,
),
`Actual args were: ${databaseExportDiagnosticsStub.args}`,
);

8
src/init-action-post-helper.ts
View file

@ -94,13 +94,7 @@ async function maybeUploadFailedSarif(
await codeql.diagnosticsExport(sarifFile, category, config);
} else {
// We call 'database export-diagnostics' to find any per-database diagnostics.
await codeql.databaseExportDiagnostics(
databasePath,
sarifFile,
category,
config.tempDir,
logger,
);
await codeql.databaseExportDiagnostics(databasePath, sarifFile, category);
}
logger.info(`Uploading failed SARIF file ${sarifFile}`);

15
src/init-action.ts
View file

@ -443,10 +443,7 @@ async function run() {
const kotlinLimitVar =
"CODEQL_EXTRACTOR_KOTLIN_OVERRIDE_MAXIMUM_VERSION_LIMIT";
if (
(await codeQlVersionAtLeast(codeql, "2.13.4")) &&
!(await codeQlVersionAtLeast(codeql, "2.14.4"))
) {
if (!(await codeQlVersionAtLeast(codeql, "2.14.4"))) {
core.exportVariable(kotlinLimitVar, "1.9.20");
}
@ -500,7 +497,7 @@ async function run() {
// From 2.16.0 the default for the python extractor is to not perform any
// dependency extraction. For versions before that, you needed to set this flag to
// enable this behavior (supported since 2.13.1).
// enable this behavior.
if (await codeQlVersionAtLeast(codeql, "2.17.1")) {
// disabled by default, no warning
@ -510,17 +507,11 @@ async function run() {
"CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION",
"true",
);
} else if (await codeQlVersionAtLeast(codeql, "2.13.1")) {
} else {
core.exportVariable(
"CODEQL_EXTRACTOR_PYTHON_DISABLE_LIBRARY_EXTRACTION",
"true",
);
} else {
logger.warning(
`CodeQL Action versions 3.25.0 and later, and versions 2.25.0 and later no longer install Python dependencies. We recommend upgrading to at least CodeQL Bundle 2.16.0 to avoid any potential problems due to this (you are currently using ${
(await codeql.getVersion()).version
}). Alternatively, we recommend downgrading the CodeQL Action to version 3.24.10 (for customers using GitHub.com or GitHub Enterprise Server v3.12 or later) or 2.24.10 (for customers using GitHub Enterprise Server v3.11 or earlier).`,
);
}
if (getOptionalInput("setup-python-dependencies") !== undefined) {

30
src/resolve-environment.ts
View file

@ -1,8 +1,4 @@
import {
CODEQL_VERSION_LANGUAGE_ALIASING,
CODEQL_VERSION_RESOLVE_ENVIRONMENT,
getCodeQL,
} from "./codeql";
import { CODEQL_VERSION_LANGUAGE_ALIASING, getCodeQL } from "./codeql";
import { parseLanguage } from "./languages";
import { Logger } from "./logging";
import * as util from "./util";
@ -34,28 +30,12 @@ export async function runResolveBuildEnvironment(
language = parsedLanguage;
}
let result = {};
// If the CodeQL version in use does not support the `resolve build-environment`
// command, just return an empty configuration. Otherwise invoke the CLI.
if (
!(await util.codeQlVersionAtLeast(
codeql,
CODEQL_VERSION_RESOLVE_ENVIRONMENT,
))
) {
logger.warning(
"Unsupported CodeQL CLI version for `resolve build-environment` command, " +
"returning an empty configuration.",
);
} else {
if (workingDir !== undefined) {
logger.info(`Using ${workingDir} as the working directory.`);
}
result = await codeql.resolveBuildEnvironment(workingDir, language);
if (workingDir !== undefined) {
logger.info(`Using ${workingDir} as the working directory.`);
}
const result = await codeql.resolveBuildEnvironment(workingDir, language);
logger.endGroup();
return result;
}

80
src/setup-codeql.ts
View file

@ -15,13 +15,10 @@ import * as api from "./api-client";
// creation scripts. Ensure that any changes to the format of this file are compatible with both of
// these dependents.
import * as defaults from "./defaults.json";
import {
CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED,
CodeQLDefaultVersionInfo,
} from "./feature-flags";
import { CodeQLDefaultVersionInfo } from "./feature-flags";
import { Logger } from "./logging";
import * as util from "./util";
import { isGoodVersion, wrapError } from "./util";
import { isGoodVersion } from "./util";
export enum ToolsSource {
Unknown = "UNKNOWN",
@ -62,54 +59,6 @@ export function getCodeQLActionRepository(logger: Logger): string {
return util.getRequiredEnvParam("GITHUB_ACTION_REPOSITORY");
}
function tryGetCodeQLCliVersionForRelease(
release,
logger: Logger,
): string | undefined {
const cliVersionsFromMarkerFiles = (release.assets as Array<{ name: string }>)
.map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1])
.filter((v) => v)
.map((v) => v as string);
if (cliVersionsFromMarkerFiles.length > 1) {
logger.warning(
`Ignoring release ${release.tag_name} with multiple CLI version marker files.`,
);
return undefined;
} else if (cliVersionsFromMarkerFiles.length === 0) {
logger.debug(
`Failed to find the CodeQL CLI version for release ${release.tag_name}.`,
);
return undefined;
}
return cliVersionsFromMarkerFiles[0];
}
export async function tryFindCliVersionDotcomOnly(
tagName: string,
logger: Logger,
): Promise<string | undefined> {
try {
logger.debug(
`Fetching the GitHub Release for the CodeQL bundle tagged ${tagName}.`,
);
const apiClient = api.getApiClient();
const codeQLActionRepository = getCodeQLActionRepository(logger);
const release = await apiClient.rest.repos.getReleaseByTag({
owner: codeQLActionRepository.split("/")[0],
repo: codeQLActionRepository.split("/")[1],
tag: tagName,
});
return tryGetCodeQLCliVersionForRelease(release.data, logger);
} catch (e) {
logger.debug(
`Failed to find the CLI version for the CodeQL bundle tagged ${tagName}. ${
wrapError(e).message
}`,
);
return undefined;
}
}
async function getCodeQLBundleDownloadURL(
tagName: string,
apiDetails: api.GitHubApiDetails,
@ -519,7 +468,6 @@ export const downloadCodeQL = async function (
maybeBundleVersion: string | undefined,
maybeCliVersion: string | undefined,
apiDetails: api.GitHubApiDetails,
variant: util.GitHubVariant,
tempDir: string,
logger: Logger,
): Promise<{
@ -597,18 +545,6 @@ export const downloadCodeQL = async function (
};
}
// Try to compute the CLI version for this bundle
if (
maybeCliVersion === undefined &&
variant === util.GitHubVariant.DOTCOM &&
codeqlURL.includes(`/${CODEQL_DEFAULT_ACTION_REPOSITORY}/`)
) {
maybeCliVersion = await tryFindCliVersionDotcomOnly(
`codeql-bundle-${bundleVersion}`,
logger,
);
}
logger.debug("Caching CodeQL bundle.");
const toolcacheVersion = getCanonicalToolcacheVersion(
maybeCliVersion,
@ -669,14 +605,9 @@ function getCanonicalToolcacheVersion(
if (!cliVersion?.match(/^[0-9]+\.[0-9]+\.[0-9]+$/)) {
return convertToSemVer(bundleVersion, logger);
}
// If the bundle is semantically versioned, it can be looked up based on just the CLI version
// number, so version it in the toolcache using just the CLI version number.
if (semver.gte(cliVersion, CODEQL_VERSION_BUNDLE_SEMANTICALLY_VERSIONED)) {
return cliVersion;
}
// Include both the CLI version and the bundle version in the toolcache version number. That way
// we can find the bundle in the toolcache based on either the CLI version or the bundle version.
return `${cliVersion}-${bundleVersion}`;
// Bundles are now semantically versioned and can be looked up based on just the CLI version
// number, so we can version them in the toolcache using just the CLI version number.
return cliVersion;
}
/**
@ -733,7 +664,6 @@ export async function setupCodeQLBundle(
source.bundleVersion,
source.cliVersion,
apiDetails,
variant,
tempDir,
logger,
);