robojerk/codeql-action

Refactor all doc URLs into their own enum

Browse source
This commit is contained in:
Angela P Wen 2024-07-23 14:13:16 +02:00
parent 7cb4b5a421
commit 7ad1090882
18 changed files with 67 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

16
lib/doc-url.js generated Normal file
View file

@ -0,0 +1,16 @@
"use strict";
/**
* URLs to code scanning docs linked to from CodeQL Action logs.
*/
Object.defineProperty(exports, "__esModule", { value: true });
exports.DocUrl = void 0;
var DocUrl;
(function (DocUrl) {
DocUrl["ASSIGNING_PERMISSIONS_TO_JOBS"] = "https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs";
DocUrl["AUTOMATIC_BUILD_FAILED"] = "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed";
DocUrl["DEFINE_ENV_VARIABLES"] = "https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow";
DocUrl["SCANNING_ON_PUSH"] = "https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#scanning-on-push";
DocUrl["SPECIFY_BUILD_STEPS_MANUALLY"] = "https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-specifying-build-steps-manually";
DocUrl["TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS"] = "https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs";
})(DocUrl || (exports.DocUrl = DocUrl = {}));
//# sourceMappingURL=doc-url.js.map

1
lib/doc-url.js.map Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"doc-url.js","sourceRoot":"","sources":["../src/doc-url.ts"],"names":[],"mappings":";AAAA;;GAEG;;;AAEH,IAAY,MAaX;AAbD,WAAY,MAAM;IACd,uHACiF,CAAA;IACjF,gJACiH,CAAA;IACjH,yJAC4H,CAAA;IAC5H,qMAC4K,CAAA;IAC5K,gOAC2L,CAAA;IAC3L,2PAC4M,CAAA;AAChN,CAAC,EAbW,MAAM,sBAAN,MAAM,QAajB"}

5
lib/docs-urls.js generated Normal file
View file

@ -0,0 +1,5 @@
"use strict";
/**
* URLs to code scanning docs linked to from CodeQL Action logs.
*/
//# sourceMappingURL=docs-urls.js.map

1
lib/docs-urls.js.map Normal file
View file

@ -0,0 +1 @@
{"version":3,"file":"docs-urls.js","sourceRoot":"","sources":["../src/docs-urls.ts"],"names":[],"mappings":";AAAA;;GAEG"}

3
lib/fingerprints.js generated
View file

@ -32,6 +32,7 @@ exports.addFingerprints = addFingerprints;
const fs = __importStar(require("fs"));
const path_1 = __importDefault(require("path"));
const long_1 = __importDefault(require("long"));
const doc_url_1 = require("./doc-url");
const tab = "\t".charCodeAt(0);
const space = " ".charCodeAt(0);
const lf = "\n".charCodeAt(0);
@ -238,7 +239,7 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) {
// Compute fingerprints for results in the given sarif file
// and return an updated sarif file contents.
async function addFingerprints(sarif, sourceRoot, logger) {
logger.info("Adding fingerprints to SARIF file. For more information, see https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs");
logger.info(`Adding fingerprints to SARIF file. For more information, see ${doc_url_1.DocUrl.TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS}`);
// Gather together results for the same file and construct
// callbacks to accept hashes for that file and update the location
const callbacksByFile = {};

2
lib/fingerprints.js.map
View file

File diff suppressed because one or more lines are too long

3
lib/status-report.js generated
View file

@ -33,6 +33,7 @@ const os = __importStar(require("os"));
const core = __importStar(require("@actions/core"));
const actions_util_1 = require("./actions-util");
const api_client_1 = require("./api-client");
const doc_url_1 = require("./doc-url");
const environment_1 = require("./environment");
const util_1 = require("./util");
var ActionName;
@ -253,7 +254,7 @@ async function sendStatusReport(statusReport) {
core.warning('Workflows triggered by Dependabot on the "push" event run with read-only access. ' +
"Uploading Code Scanning results requires write access. " +
'To use Code Scanning with Dependabot, please ensure you are using the "pull_request" event for this workflow and avoid triggering on the "push" event for Dependabot branches. ' +
"See https://docs.github.com/en/code-security/secure-coding/configuring-code-scanning#scanning-on-push for more information on how to configure these events.");
`See ${doc_url_1.DocUrl.SCANNING_ON_PUSH} for more information on how to configure these events."`);
}
else {
core.warning(e.message);

2
lib/status-report.js.map
View file

File diff suppressed because one or more lines are too long

3
lib/trap-caching.js generated
View file

@ -33,6 +33,7 @@ const path = __importStar(require("path"));
const actionsCache = __importStar(require("@actions/cache"));
const actionsUtil = __importStar(require("./actions-util"));
const apiClient = __importStar(require("./api-client"));
const doc_url_1 = require("./doc-url");
const feature_flags_1 = require("./feature-flags");
const util_1 = require("./util");
// This constant should be bumped if we make a breaking change
@ -177,7 +178,7 @@ async function cleanupTrapCaches(config, features, logger) {
if ((0, util_1.isHTTPError)(e) && e.status === 403) {
logger.warning("Could not cleanup TRAP caches as the token did not have the required permissions. " +
'To clean up TRAP caches, ensure the token has the "actions:write" permission. ' +
"For more information, see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs");
`For more information, see " + ${doc_url_1.DocUrl.ASSIGNING_PERMISSIONS_TO_JOBS}`);
}
else {
logger.info(`Failed to cleanup TRAP caches, continuing. Details: ${e}`);

2
lib/trap-caching.js.map
View file

File diff suppressed because one or more lines are too long

10
src/autobuild.ts
View file

@ -4,6 +4,7 @@ import { getTemporaryDirectory, getWorkflowEventName } from "./actions-util";
import { getGitHubVersion } from "./api-client";
import { CodeQL, getCodeQL } from "./codeql";
import * as configUtils from "./config-utils";
import { DocUrl } from "./doc-url";
import { EnvVar } from "./environment";
import { Feature, featureConfig, Features } from "./feature-flags";
import { isTracedLanguage, Language } from "./languages";
@ -102,8 +103,7 @@ export async function determineAutobuildLanguages(
.join(
" and ",
)}, you must replace the autobuild step of your workflow with custom build steps. ` +
"For more information, see " +
"https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-the-codeql-workflow-for-compiled-languages#adding-build-steps-for-a-compiled-language",
`For more information, see ${DocUrl.SPECIFY_BUILD_STEPS_MANUALLY}`
);
}
@ -113,8 +113,6 @@ export async function determineAutobuildLanguages(
export async function setupCppAutobuild(codeql: CodeQL, logger: Logger) {
const envVar = featureConfig[Feature.CppDependencyInstallation].envVar;
const featureName = "C++ automatic installation of dependencies";
const envDoc =
"https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow";
const gitHubVersion = await getGitHubVersion();
const repositoryNwo = parseRepositoryNwo(
getRequiredEnvParam("GITHUB_REPOSITORY"),
@ -134,14 +132,14 @@ export async function setupCppAutobuild(codeql: CodeQL, logger: Logger) {
logger.info(
`Disabling ${featureName} as we are on a self-hosted runner.${
getWorkflowEventName() !== "dynamic"
? ` To override this, set the ${envVar} environment variable to 'true' in your workflow (see ${envDoc} for more information).`
? ` To override this, set the ${envVar} environment variable to 'true' in your workflow (see ${DocUrl.DEFINE_ENV_VARIABLES} for more information).`
: ""
}`,
);
core.exportVariable(envVar, "false");
} else {
logger.info(
`Enabling ${featureName}. This can be disabled by setting the ${envVar} environment variable to 'false' (see ${envDoc} for more information).`,
`Enabling ${featureName}. This can be disabled by setting the ${envVar} environment variable to 'false' (see ${DocUrl.DEFINE_ENV_VARIABLES} for more information).`,
);
core.exportVariable(envVar, "true");
}

5
src/cli-errors.ts
View file

@ -1,3 +1,4 @@
import { DocUrl } from "./doc-url";
import { ConfigurationError } from "./util";
/**
@ -27,11 +28,9 @@ export class CommandInvocationError extends Error {
fatalErrors.trim(),
)} See the logs for more details.`;
} else if (autobuildErrors) {
const autobuildHelpLink =
"https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed";
message =
"We were unable to automatically build your code. Please provide manual build steps. " +
`See ${autobuildHelpLink} for more information. ` +
`See ${DocUrl.AUTOMATIC_BUILD_FAILED} for more information. ` +
`Encountered the following error: ${autobuildErrors}`;
} else {
const lastLine = ensureEndsInPeriod(

7
src/codeql.test.ts
View file

@ -16,6 +16,7 @@ import { CommandInvocationError } from "./cli-errors";
import * as codeql from "./codeql";
import { AugmentationProperties, Config } from "./config-utils";
import * as defaults from "./defaults.json";
import { DocUrl } from "./doc-url";
import { Language } from "./languages";
import { getRunnerLogger } from "./logging";
import { ToolsSource } from "./setup-codeql";
@ -909,8 +910,7 @@ test("runTool summarizes autobuilder errors", async (t) => {
instanceOf: util.ConfigurationError,
message:
"We were unable to automatically build your code. Please provide manual build steps. " +
"See https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed " +
"for more information. " +
`See ${DocUrl.AUTOMATIC_BUILD_FAILED} for more information. ` +
"Encountered the following error: Start of the error message\n" +
" Some more context about the error message\n" +
" continued\n" +
@ -937,8 +937,7 @@ test("runTool truncates long autobuilder errors", async (t) => {
instanceOf: util.ConfigurationError,
message:
"We were unable to automatically build your code. Please provide manual build steps. " +
"See https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed " +
"for more information. " +
`See ${DocUrl.AUTOMATIC_BUILD_FAILED} for more information. ` +
"Encountered the following error: " +
`${Array.from({ length: 10 }, (_, i) => `line${i + 1}`).join(
"\n",

5
src/codeql.ts
View file

@ -17,6 +17,7 @@ import {
wrapCliConfigurationError,
} from "./cli-errors";
import { type Config } from "./config-utils";
import { DocUrl } from "./doc-url";
import { EnvVar } from "./environment";
import {
CODEQL_VERSION_FINE_GRAINED_PARALLELISM,
@ -698,9 +699,7 @@ export async function getCodeQLForCmd(
const prefix =
"We were unable to automatically build your code. " +
"Please change the build mode for this language to manual and specify build steps " +
"for your project. See " +
"https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed" +
"for more information.";
`for your project. See ${DocUrl.AUTOMATIC_BUILD_FAILED} for more information.`;
const ErrorConstructor =
e instanceof util.ConfigurationError
? util.ConfigurationError

18
src/doc-url.ts Normal file
View file

@ -0,0 +1,18 @@
/**
* URLs to code scanning docs linked to from CodeQL Action logs.
*/
export enum DocUrl {
ASSIGNING_PERMISSIONS_TO_JOBS =
"https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs",
AUTOMATIC_BUILD_FAILED =
"https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed",
DEFINE_ENV_VARIABLES =
"https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow",
SCANNING_ON_PUSH =
"https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#scanning-on-push",
SPECIFY_BUILD_STEPS_MANUALLY =
"https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-specifying-build-steps-manually",
TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS =
"https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs"
}

3
src/fingerprints.ts
View file

@ -3,6 +3,7 @@ import path from "path";
import Long from "long";
import { DocUrl } from "./doc-url";
import { Logger } from "./logging";
import { SarifFile, SarifResult } from "./util";
@ -260,7 +261,7 @@ export async function addFingerprints(
logger: Logger,
): Promise<SarifFile> {
logger.info(
"Adding fingerprints to SARIF file. For more information, see https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs",
`Adding fingerprints to SARIF file. For more information, see ${DocUrl.TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS}`,
);
// Gather together results for the same file and construct
// callbacks to accept hashes for that file and update the location

3
src/status-report.ts
View file

@ -13,6 +13,7 @@ import {
} from "./actions-util";
import { getAnalysisKey, getApiClient } from "./api-client";
import { type Config } from "./config-utils";
import { DocUrl } from "./doc-url";
import { EnvVar } from "./environment";
import { Logger } from "./logging";
import {
@ -414,7 +415,7 @@ export async function sendStatusReport<S extends StatusReportBase>(
'Workflows triggered by Dependabot on the "push" event run with read-only access. ' +
"Uploading Code Scanning results requires write access. " +
'To use Code Scanning with Dependabot, please ensure you are using the "pull_request" event for this workflow and avoid triggering on the "push" event for Dependabot branches. ' +
"See https://docs.github.com/en/code-security/secure-coding/configuring-code-scanning#scanning-on-push for more information on how to configure these events.",
`See ${DocUrl.SCANNING_ON_PUSH} for more information on how to configure these events."`,
);
} else {
core.warning(e.message);

3
src/trap-caching.ts
View file

@ -7,6 +7,7 @@ import * as actionsUtil from "./actions-util";
import * as apiClient from "./api-client";
import { CodeQL } from "./codeql";
import type { Config } from "./config-utils";
import { DocUrl } from "./doc-url";
import { Feature, FeatureEnablement } from "./feature-flags";
import { Language } from "./languages";
import { Logger } from "./logging";
@ -233,7 +234,7 @@ export async function cleanupTrapCaches(
logger.warning(
"Could not cleanup TRAP caches as the token did not have the required permissions. " +
'To clean up TRAP caches, ensure the token has the "actions:write" permission. ' +
"For more information, see https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs",
`For more information, see " + ${DocUrl.ASSIGNING_PERMISSIONS_TO_JOBS}`,
);
} else {
logger.info(`Failed to cleanup TRAP caches, continuing. Details: ${e}`);