robojerk/codeql-action

Merge pull request #2743 from github/update-v3.28.7-797fb30ed

Browse source 
Merge main into releases/v3
This commit is contained in:
Marco Gario 2025-01-29 14:03:15 +01:00 committed by GitHub
commit 6e54559041
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
11 changed files with 37 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -2,6 +2,10 @@
See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
## 3.28.7 - 29 Jan 2025
No user facing changes.
## 3.28.6 - 27 Jan 2025 ## 3.28.6 - 27 Jan 2025
- Re-enable debug artifact upload for CLI versions 2.20.3 or greater. [#2726](https://github.com/github/codeql-action/pull/2726) - Re-enable debug artifact upload for CLI versions 2.20.3 or greater. [#2726](https://github.com/github/codeql-action/pull/2726)

8
lib/analyze-action.js generated
View file

@ -160,6 +160,14 @@ async function run() {
let dbCreationTimings = undefined; let dbCreationTimings = undefined;
let didUploadTrapCaches = false; let didUploadTrapCaches = false;
util.initializeEnvironment(actionsUtil.getActionVersion()); util.initializeEnvironment(actionsUtil.getActionVersion());
// Unset the CODEQL_PROXY_* environment variables, as they are not needed
// and can cause issues with the CodeQL CLI
// Check for CODEQL_PROXY_HOST: and if it is empty but set, unset it
if (process.env.CODEQL_PROXY_HOST === "") {
delete process.env.CODEQL_PROXY_HOST;
delete process.env.CODEQL_PROXY_PORT;
delete process.env.CODEQL_PROXY_CA_CERTIFICATE;
}
// Make inputs accessible in the `post` step, details at // Make inputs accessible in the `post` step, details at
// https://github.com/github/codeql-action/issues/2553 // https://github.com/github/codeql-action/issues/2553
actionsUtil.persistInputs(); actionsUtil.persistInputs();

2
lib/analyze-action.js.map
View file

File diff suppressed because one or more lines are too long

18
lib/start-proxy-action.js generated
View file

@ -45,7 +45,6 @@ const util = __importStar(require("./util"));
const UPDATEJOB_PROXY = "update-job-proxy"; const UPDATEJOB_PROXY = "update-job-proxy";
const UPDATEJOB_PROXY_VERSION = "v2.0.20241023203727"; const UPDATEJOB_PROXY_VERSION = "v2.0.20241023203727";
const UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.18.1/"; const UPDATEJOB_PROXY_URL_PREFIX = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.18.1/";
const PROXY_USER = "proxy_user";
const KEY_SIZE = 2048; const KEY_SIZE = 2048;
const KEY_EXPIRY_YEARS = 2; const KEY_EXPIRY_YEARS = 2;
const CERT_SUBJECT = [ const CERT_SUBJECT = [
@ -100,15 +99,17 @@ async function runWrapper() {
core.saveState("proxy-log-file", proxyLogFilePath); core.saveState("proxy-log-file", proxyLogFilePath);
// Get the configuration options // Get the configuration options
const credentials = (0, start_proxy_1.getCredentials)(logger, actionsUtil.getOptionalInput("registry_secrets"), actionsUtil.getOptionalInput("registries_credentials"), actionsUtil.getOptionalInput("language")); const credentials = (0, start_proxy_1.getCredentials)(logger, actionsUtil.getOptionalInput("registry_secrets"), actionsUtil.getOptionalInput("registries_credentials"), actionsUtil.getOptionalInput("language"));
if (credentials.length === 0) {
logger.info("No credentials found, skipping proxy setup.");
return;
}
logger.info(`Credentials loaded for the following registries:\n ${credentials logger.info(`Credentials loaded for the following registries:\n ${credentials
.map((c) => credentialToStr(c)) .map((c) => credentialToStr(c))
.join("\n")}`); .join("\n")}`);
const ca = generateCertificateAuthority(); const ca = generateCertificateAuthority();
const proxyAuth = getProxyAuth();
const proxyConfig = { const proxyConfig = {
all_credentials: credentials, all_credentials: credentials,
ca, ca,
proxy_auth: proxyAuth,
}; };
// Start the Proxy // Start the Proxy
const proxyBin = await getProxyBinaryPath(); const proxyBin = await getProxyBinaryPath();
@ -165,17 +166,6 @@ async function startProxy(binPath, config, logFilePath, logger) {
core.setFailed(`start-proxy action failed: ${util.getErrorMessage(error)}`); core.setFailed(`start-proxy action failed: ${util.getErrorMessage(error)}`);
} }
} }
// getProxyAuth returns the authentication information for the proxy itself.
function getProxyAuth() {
const proxy_password = actionsUtil.getOptionalInput("proxy_password");
if (proxy_password) {
return {
username: PROXY_USER,
password: proxy_password,
};
}
return;
}
async function getProxyBinaryPath() { async function getProxyBinaryPath() {
const proxyFileName = process.platform === "win32" ? `${UPDATEJOB_PROXY}.exe` : UPDATEJOB_PROXY; const proxyFileName = process.platform === "win32" ? `${UPDATEJOB_PROXY}.exe` : UPDATEJOB_PROXY;
const platform = process.platform === "win32" const platform = process.platform === "win32"

2
lib/start-proxy-action.js.map
View file

File diff suppressed because one or more lines are too long

2
node_modules/.package-lock.json generated vendored
View file

@ -1,6 +1,6 @@
{ {
"name": "codeql", "name": "codeql",
"version": "3.28.6", "version": "3.28.7",
"lockfileVersion": 3, "lockfileVersion": 3,
"requires": true, "requires": true,
"packages": { "packages": {

4
package-lock.json generated
View file

@ -1,12 +1,12 @@
{ {
"name": "codeql", "name": "codeql",
"version": "3.28.6", "version": "3.28.7",
"lockfileVersion": 3, "lockfileVersion": 3,
"requires": true, "requires": true,
"packages": { "packages": {
"": { "": {
"name": "codeql", "name": "codeql",
"version": "3.28.6", "version": "3.28.7",
"license": "MIT", "license": "MIT",
"dependencies": { "dependencies": {
"@actions/artifact": "^2.1.9", "@actions/artifact": "^2.1.9",

2
package.json
View file

@ -1,6 +1,6 @@
{ {
"name": "codeql", "name": "codeql",
"version": "3.28.6", "version": "3.28.7",
"private": true, "private": true,
"description": "CodeQL action", "description": "CodeQL action",
"scripts": { "scripts": {

9
src/analyze-action.ts
View file

@ -202,6 +202,15 @@ async function run() {
let didUploadTrapCaches = false; let didUploadTrapCaches = false;
util.initializeEnvironment(actionsUtil.getActionVersion()); util.initializeEnvironment(actionsUtil.getActionVersion());
// Unset the CODEQL_PROXY_* environment variables, as they are not needed
// and can cause issues with the CodeQL CLI
// Check for CODEQL_PROXY_HOST: and if it is empty but set, unset it
if (process.env.CODEQL_PROXY_HOST === "") {
delete process.env.CODEQL_PROXY_HOST;
delete process.env.CODEQL_PROXY_PORT;
delete process.env.CODEQL_PROXY_CA_CERTIFICATE;
}
// Make inputs accessible in the `post` step, details at // Make inputs accessible in the `post` step, details at
// https://github.com/github/codeql-action/issues/2553 // https://github.com/github/codeql-action/issues/2553
actionsUtil.persistInputs(); actionsUtil.persistInputs();

21
src/start-proxy-action.ts
View file

@ -14,7 +14,6 @@ const UPDATEJOB_PROXY = "update-job-proxy";
const UPDATEJOB_PROXY_VERSION = "v2.0.20241023203727"; const UPDATEJOB_PROXY_VERSION = "v2.0.20241023203727";
const UPDATEJOB_PROXY_URL_PREFIX = const UPDATEJOB_PROXY_URL_PREFIX =
"https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.18.1/"; "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.18.1/";
const PROXY_USER = "proxy_user";
const KEY_SIZE = 2048; const KEY_SIZE = 2048;
const KEY_EXPIRY_YEARS = 2; const KEY_EXPIRY_YEARS = 2;
@ -100,6 +99,12 @@ async function runWrapper() {
actionsUtil.getOptionalInput("registries_credentials"), actionsUtil.getOptionalInput("registries_credentials"),
actionsUtil.getOptionalInput("language"), actionsUtil.getOptionalInput("language"),
); );
if (credentials.length === 0) {
logger.info("No credentials found, skipping proxy setup.");
return;
}
logger.info( logger.info(
`Credentials loaded for the following registries:\n ${credentials `Credentials loaded for the following registries:\n ${credentials
.map((c) => credentialToStr(c)) .map((c) => credentialToStr(c))
@ -107,12 +112,10 @@ async function runWrapper() {
); );
const ca = generateCertificateAuthority(); const ca = generateCertificateAuthority();
const proxyAuth = getProxyAuth();
const proxyConfig: ProxyConfig = { const proxyConfig: ProxyConfig = {
all_credentials: credentials, all_credentials: credentials,
ca, ca,
proxy_auth: proxyAuth,
}; };
// Start the Proxy // Start the Proxy
@ -181,18 +184,6 @@ async function startProxy(
} }
} }
// getProxyAuth returns the authentication information for the proxy itself.
function getProxyAuth(): BasicAuthCredentials | undefined {
const proxy_password = actionsUtil.getOptionalInput("proxy_password");
if (proxy_password) {
return {
username: PROXY_USER,
password: proxy_password,
};
}
return;
}
async function getProxyBinaryPath(): Promise<string> { async function getProxyBinaryPath(): Promise<string> {
const proxyFileName = const proxyFileName =
process.platform === "win32" ? `${UPDATEJOB_PROXY}.exe` : UPDATEJOB_PROXY; process.platform === "win32" ? `${UPDATEJOB_PROXY}.exe` : UPDATEJOB_PROXY;

3
start-proxy/action.yml
View file

@ -9,9 +9,6 @@ inputs:
registries_credentials: registries_credentials:
description: Base64 encoded JSON configuration for the URLs and credentials of the package registries description: Base64 encoded JSON configuration for the URLs and credentials of the package registries
required: false required: false
proxy_password:
required: false
description: The password of the proxy
token: token:
description: GitHub token to use for authenticating with this instance of GitHub, used to upload debug artifacts. description: GitHub token to use for authenticating with this instance of GitHub, used to upload debug artifacts.
default: ${{ github.token }} default: ${{ github.token }}