robojerk/codeql-action

Request meta endpoint at the start of execution

Browse source
This commit is contained in:
Robert 2020-11-26 17:54:34 +00:00
parent 8d18e347a7
commit 81a21bfa1e
46 changed files with 348 additions and 259 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/analysis-paths.test.ts
View file

@ -19,6 +19,7 @@ test("emptyPaths", async (t) => {
tempDir: tmpDir,
toolCacheDir: tmpDir,
codeQLCmd: "",
ghesVersion: { type: "dotcom" } as util.GHESVersion,
};
analysisPaths.includeAndExcludeAnalysisPaths(config);
t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);
@ -38,6 +39,7 @@ test("nonEmptyPaths", async (t) => {
tempDir: tmpDir,
toolCacheDir: tmpDir,
codeQLCmd: "",
ghesVersion: { type: "dotcom" } as util.GHESVersion,
};
analysisPaths.includeAndExcludeAnalysisPaths(config);
t.is(process.env["LGTM_INDEX_INCLUDE"], "path1\npath2");
@ -61,6 +63,7 @@ test("exclude temp dir", async (t) => {
tempDir,
toolCacheDir,
codeQLCmd: "",
ghesVersion: { type: "dotcom" } as util.GHESVersion,
};
analysisPaths.includeAndExcludeAnalysisPaths(config);
t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);

1
src/analyze.test.ts
View file

@ -34,6 +34,7 @@ test("status report fields", async (t) => {
tempDir: tmpDir,
toolCacheDir: tmpDir,
codeQLCmd: "",
ghesVersion: { type: "dotcom" } as util.GHESVersion,
};
fs.mkdirSync(util.getCodeQLDatabasePath(config.tempDir, language), {
recursive: true,

1
src/analyze.ts
View file

@ -268,6 +268,7 @@ export async function runAnalyze(
workflowRunID,
checkoutPath,
environment,
config.ghesVersion,
apiDetails,
mode,
logger

19
src/api-client.test.ts
View file

@ -1,19 +0,0 @@
import test from "ava";
import { apiVersionInRange, DisallowedAPIVersionReason } from "./api-client";
test("allowed API versions", async (t) => {
t.is(apiVersionInRange("1.33.0", "1.33", "2.0"), undefined);
t.is(apiVersionInRange("1.33.1", "1.33", "2.0"), undefined);
t.is(apiVersionInRange("1.34.0", "1.33", "2.0"), undefined);
t.is(apiVersionInRange("2.0.0", "1.33", "2.0"), undefined);
t.is(apiVersionInRange("2.0.1", "1.33", "2.0"), undefined);
t.is(
apiVersionInRange("1.32.0", "1.33", "2.0"),
DisallowedAPIVersionReason.ACTION_TOO_NEW
);
t.is(
apiVersionInRange("2.1.0", "1.33", "2.0"),
DisallowedAPIVersionReason.ACTION_TOO_OLD
);
});

80
src/api-client.ts
View file

@ -1,16 +1,10 @@
import * as path from "path";
import { exportVariable } from "@actions/core";
import * as githubUtils from "@actions/github/lib/utils";
import * as retry from "@octokit/plugin-retry";
import { OctokitResponse } from "@octokit/types";
import consoleLogLevel from "console-log-level";
import * as semver from "semver";
import { getRequiredEnvParam, getRequiredInput } from "./actions-util";
import * as apiCompatibility from "./api-compatibility.json";
import { Logger, getActionsLogger } from "./logging";
import { isLocalRun, Mode } from "./util";
import { isLocalRun } from "./util";
export enum DisallowedAPIVersionReason {
ACTION_TOO_OLD,
@ -22,66 +16,14 @@ export interface GitHubApiDetails {
url: string;
}
const GITHUB_ENTERPRISE_VERSION_HEADER = "x-github-enterprise-version";
const CODEQL_ACTION_WARNED_ABOUT_VERSION_ENV_VAR =
"CODEQL_ACTION_WARNED_ABOUT_VERSION";
let hasBeenWarnedAboutVersion = false;
export const getApiClient = function (
apiDetails: GitHubApiDetails,
mode: Mode,
logger: Logger,
allowLocalRun = false,
possibleFailureExpected = false
allowLocalRun = false
) {
if (isLocalRun() && !allowLocalRun) {
throw new Error("Invalid API call in local run");
}
const customOctokit = githubUtils.GitHub.plugin(retry.retry, (octokit, _) => {
octokit.hook.after("request", (response: OctokitResponse<any>, __) => {
if (response.status < 400 && !possibleFailureExpected) {
if (hasBeenWarnedAboutVersion) {
return;
}
}
if (
response.headers[GITHUB_ENTERPRISE_VERSION_HEADER] === undefined ||
process.env[CODEQL_ACTION_WARNED_ABOUT_VERSION_ENV_VAR] === undefined
) {
return;
}
const installedVersion = response.headers[
GITHUB_ENTERPRISE_VERSION_HEADER
] as string;
const disallowedAPIVersionReason = apiVersionInRange(
installedVersion,
apiCompatibility.minimumVersion,
apiCompatibility.maximumVersion
);
const toolName = mode === "actions" ? "Action" : "Runner";
if (
disallowedAPIVersionReason === DisallowedAPIVersionReason.ACTION_TOO_OLD
) {
logger.warning(
`The CodeQL ${toolName} version you are using is too old to be compatible with GitHub Enterprise ${installedVersion}. If you experience issues, please upgrade to a more recent version of the CodeQL ${toolName}.`
);
}
if (
disallowedAPIVersionReason === DisallowedAPIVersionReason.ACTION_TOO_NEW
) {
logger.warning(
`GitHub Enterprise ${installedVersion} is too old to be compatible with this version of the CodeQL ${toolName}. If you experience issues, please upgrade to a more recent version of GitHub Enterprise or use an older version of the CodeQL ${toolName}.`
);
}
hasBeenWarnedAboutVersion = true;
if (mode === "actions") {
exportVariable(CODEQL_ACTION_WARNED_ABOUT_VERSION_ENV_VAR, true);
}
});
});
return new customOctokit(
return new githubUtils.GitHub(
githubUtils.getOctokitOptions(apiDetails.auth, {
baseUrl: getApiUrl(apiDetails.url),
userAgent: "CodeQL Action",
@ -113,19 +55,5 @@ export function getActionsApiClient(allowLocalRun = false) {
url: getRequiredEnvParam("GITHUB_SERVER_URL"),
};
return getApiClient(apiDetails, "actions", getActionsLogger(), allowLocalRun);
}
export function apiVersionInRange(
version: string,
minimumVersion: string,
maximumVersion: string
): DisallowedAPIVersionReason | undefined {
if (!semver.satisfies(version, `>=${minimumVersion}`)) {
return DisallowedAPIVersionReason.ACTION_TOO_NEW;
}
if (!semver.satisfies(version, `<=${maximumVersion}`)) {
return DisallowedAPIVersionReason.ACTION_TOO_OLD;
}
return undefined;
return getApiClient(apiDetails, allowLocalRun);
}

2
src/codeql.ts
View file

@ -191,7 +191,7 @@ async function getCodeQLBundleDownloadURL(
const [repositoryOwner, repositoryName] = repository.split("/");
try {
const release = await api
.getApiClient(apiDetails, mode, logger, false, true)
.getApiClient(apiDetails)
.repos.getReleaseByTag({
owner: repositoryOwner,
repo: repositoryName,

43
src/config-utils.test.ts
View file

@ -20,6 +20,8 @@ const sampleApiDetails = {
url: "https://github.example.com",
};
const ghesVersion = { type: "dotcom" } as util.GHESVersion;
// Returns the filepath of the newly-created file
function createConfigFile(inputFileContents: string, tmpDir: string): string {
const configFilePath = path.join(tmpDir, "input");
@ -81,8 +83,8 @@ test("load empty config", async (t) => {
tmpDir,
codeQL,
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
logger
);
@ -96,8 +98,8 @@ test("load empty config", async (t) => {
tmpDir,
codeQL,
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
logger
)
);
@ -133,8 +135,8 @@ test("loading config saves config", async (t) => {
tmpDir,
codeQL,
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
logger
);
@ -159,8 +161,8 @@ test("load input outside of workspace", async (t) => {
tmpDir,
getCachedCodeQL(),
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
getRunnerLogger(true)
);
throw new Error("initConfig did not throw error");
@ -192,8 +194,8 @@ test("load non-local input with invalid repo syntax", async (t) => {
tmpDir,
getCachedCodeQL(),
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
getRunnerLogger(true)
);
throw new Error("initConfig did not throw error");
@ -226,8 +228,8 @@ test("load non-existent input", async (t) => {
tmpDir,
getCachedCodeQL(),
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
getRunnerLogger(true)
);
throw new Error("initConfig did not throw error");
@ -296,6 +298,7 @@ test("load non-empty input", async (t) => {
tempDir: tmpDir,
toolCacheDir: tmpDir,
codeQLCmd: codeQL.getPath(),
ghesVersion,
};
const languages = "javascript";
@ -310,8 +313,8 @@ test("load non-empty input", async (t) => {
tmpDir,
codeQL,
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
getRunnerLogger(true)
);
@ -371,8 +374,8 @@ test("Default queries are used", async (t) => {
tmpDir,
codeQL,
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
getRunnerLogger(true)
);
@ -440,8 +443,8 @@ test("Queries can be specified in config file", async (t) => {
tmpDir,
codeQL,
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
getRunnerLogger(true)
);
@ -503,8 +506,8 @@ test("Queries from config file can be overridden in workflow file", async (t) =>
tmpDir,
codeQL,
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
getRunnerLogger(true)
);
@ -564,8 +567,8 @@ test("Queries in workflow file can be used in tandem with the 'disable default q
tmpDir,
codeQL,
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
getRunnerLogger(true)
);
@ -615,8 +618,8 @@ test("Multiple queries can be specified in workflow file, no config file require
tmpDir,
codeQL,
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
getRunnerLogger(true)
);
@ -684,8 +687,8 @@ test("Queries in workflow file can be added to the set of queries without overri
tmpDir,
codeQL,
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
getRunnerLogger(true)
);
@ -746,8 +749,8 @@ test("Invalid queries in workflow file handled correctly", async (t) => {
tmpDir,
codeQL,
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
getRunnerLogger(true)
);
t.fail("initConfig did not throw error");
@ -808,8 +811,8 @@ test("API client used when reading remote config", async (t) => {
tmpDir,
codeQL,
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
getRunnerLogger(true)
);
t.assert(spyGetContents.called);
@ -832,8 +835,8 @@ test("Remote config handles the case where a directory is provided", async (t) =
tmpDir,
getCachedCodeQL(),
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
getRunnerLogger(true)
);
throw new Error("initConfig did not throw error");
@ -864,8 +867,8 @@ test("Invalid format of remote config handled correctly", async (t) => {
tmpDir,
getCachedCodeQL(),
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
getRunnerLogger(true)
);
throw new Error("initConfig did not throw error");
@ -892,8 +895,8 @@ test("No detected languages", async (t) => {
tmpDir,
getCachedCodeQL(),
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
getRunnerLogger(true)
);
throw new Error("initConfig did not throw error");
@ -917,8 +920,8 @@ test("Unknown languages", async (t) => {
tmpDir,
getCachedCodeQL(),
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
getRunnerLogger(true)
);
throw new Error("initConfig did not throw error");
@ -963,8 +966,8 @@ function doInvalidInputTest(
tmpDir,
codeQL,
tmpDir,
ghesVersion,
sampleApiDetails,
"runner",
getRunnerLogger(true)
);
throw new Error("initConfig did not throw error");

35
src/config-utils.ts
View file

@ -9,7 +9,7 @@ import * as externalQueries from "./external-queries";
import { Language, parseLanguage } from "./languages";
import { Logger } from "./logging";
import { RepositoryNwo } from "./repository";
import { Mode } from "./util";
import { GHESVersion } from "./util";
// Property names from the user-supplied config file.
const NAME_PROPERTY = "name";
@ -93,6 +93,11 @@ export interface Config {
* Path of the CodeQL executable.
*/
codeQLCmd: string;
/**
* Version of GHES that we have determined that we are talking to, or undefined
* if talking to github.com.
*/
ghesVersion: GHESVersion;
}
/**
@ -592,12 +597,11 @@ export function getUnknownLanguagesError(languages: string[]): string {
async function getLanguagesInRepo(
repository: RepositoryNwo,
apiDetails: api.GitHubApiDetails,
mode: Mode,
logger: Logger
): Promise<Language[]> {
logger.debug(`GitHub repo ${repository.owner} ${repository.repo}`);
const response = await api
.getApiClient(apiDetails, mode, logger, true)
.getApiClient(apiDetails, true)
.repos.listLanguages({
owner: repository.owner,
repo: repository.repo,
@ -633,7 +637,6 @@ async function getLanguages(
languagesInput: string | undefined,
repository: RepositoryNwo,
apiDetails: api.GitHubApiDetails,
mode: Mode,
logger: Logger
): Promise<Language[]> {
// Obtain from action input 'languages' if set
@ -645,7 +648,7 @@ async function getLanguages(
if (languages.length === 0) {
// Obtain languages as all languages in the repo that can be analysed
languages = await getLanguagesInRepo(repository, apiDetails, mode, logger);
languages = await getLanguagesInRepo(repository, apiDetails, logger);
logger.info(
`Automatically detected languages: ${JSON.stringify(languages)}`
);
@ -726,15 +729,14 @@ export async function getDefaultConfig(
toolCacheDir: string,
codeQL: CodeQL,
checkoutPath: string,
ghesVersion: GHESVersion,
apiDetails: api.GitHubApiDetails,
mode: Mode,
logger: Logger
): Promise<Config> {
const languages = await getLanguages(
languagesInput,
repository,
apiDetails,
mode,
logger
);
const queries: Queries = {};
@ -761,6 +763,7 @@ export async function getDefaultConfig(
tempDir,
toolCacheDir,
codeQLCmd: codeQL.getPath(),
ghesVersion,
};
}
@ -776,8 +779,8 @@ async function loadConfig(
toolCacheDir: string,
codeQL: CodeQL,
checkoutPath: string,
ghesVersion: GHESVersion,
apiDetails: api.GitHubApiDetails,
mode: Mode,
logger: Logger
): Promise<Config> {
let parsedYAML: UserConfig;
@ -787,7 +790,7 @@ async function loadConfig(
configFile = path.resolve(checkoutPath, configFile);
parsedYAML = getLocalConfig(configFile, checkoutPath);
} else {
parsedYAML = await getRemoteConfig(configFile, apiDetails, mode, logger);
parsedYAML = await getRemoteConfig(configFile, apiDetails);
}
// Validate that the 'name' property is syntactically correct,
@ -805,7 +808,6 @@ async function loadConfig(
languagesInput,
repository,
apiDetails,
mode,
logger
);
@ -925,6 +927,7 @@ async function loadConfig(
tempDir,
toolCacheDir,
codeQLCmd: codeQL.getPath(),
ghesVersion,
};
}
@ -943,8 +946,8 @@ export async function initConfig(
toolCacheDir: string,
codeQL: CodeQL,
checkoutPath: string,
ghesVersion: GHESVersion,
apiDetails: api.GitHubApiDetails,
mode: Mode,
logger: Logger
): Promise<Config> {
let config: Config;
@ -960,8 +963,8 @@ export async function initConfig(
toolCacheDir,
codeQL,
checkoutPath,
ghesVersion,
apiDetails,
mode,
logger
);
} else {
@ -974,8 +977,8 @@ export async function initConfig(
toolCacheDir,
codeQL,
checkoutPath,
ghesVersion,
apiDetails,
mode,
logger
);
}
@ -1010,9 +1013,7 @@ function getLocalConfig(configFile: string, checkoutPath: string): UserConfig {
async function getRemoteConfig(
configFile: string,
apiDetails: api.GitHubApiDetails,
mode: Mode,
logger: Logger
apiDetails: api.GitHubApiDetails
): Promise<UserConfig> {
// retrieve the various parts of the config location, and ensure they're present
const format = new RegExp(
@ -1025,7 +1026,7 @@ async function getRemoteConfig(
}
const response = await api
.getApiClient(apiDetails, mode, logger, true)
.getApiClient(apiDetails, true)
.repos.getContent({
owner: pieces.groups.owner,
repo: pieces.groups.repo,

18
src/init-action.ts
View file

@ -13,6 +13,7 @@ import {
import { Language } from "./languages";
import { getActionsLogger } from "./logging";
import { parseRepositoryNwo } from "./repository";
import { checkGHESVersionInRange, getGHESVersion } from "./util";
interface InitSuccessStatusReport extends actionsUtil.StatusReportBase {
// Comma-separated list of languages that analysis was run for
@ -93,6 +94,16 @@ async function run() {
let codeql: CodeQL;
let toolsVersion: string;
const apiDetails = {
auth: actionsUtil.getRequiredInput("token"),
url: actionsUtil.getRequiredEnvParam("GITHUB_SERVER_URL"),
};
const ghesVersion = await getGHESVersion(apiDetails);
if (ghesVersion !== undefined) {
checkGHESVersionInRange(ghesVersion, "actions", logger);
}
try {
actionsUtil.prepareLocalRunEnvironment();
@ -115,11 +126,6 @@ async function run() {
return;
}
const apiDetails = {
auth: actionsUtil.getRequiredInput("token"),
url: actionsUtil.getRequiredEnvParam("GITHUB_SERVER_URL"),
};
const initCodeQLResult = await initCodeQL(
actionsUtil.getOptionalInput("tools"),
apiDetails,
@ -140,8 +146,8 @@ async function run() {
actionsUtil.getRequiredEnvParam("RUNNER_TOOL_CACHE"),
codeql,
actionsUtil.getRequiredEnvParam("GITHUB_WORKSPACE"),
ghesVersion,
apiDetails,
"actions",
logger
);

4
src/init.ts
View file

@ -44,8 +44,8 @@ export async function initConfig(
toolCacheDir: string,
codeQL: CodeQL,
checkoutPath: string,
ghesVersion: util.GHESVersion,
apiDetails: GitHubApiDetails,
mode: util.Mode,
logger: Logger
): Promise<configUtils.Config> {
logger.startGroup("Load language configuration");
@ -58,8 +58,8 @@ export async function initConfig(
toolCacheDir,
codeQL,
checkoutPath,
ghesVersion,
apiDetails,
mode,
logger
);
analysisPaths.printPathFiltersWarning(config, logger);

11
src/runner.ts
View file

@ -14,7 +14,9 @@ import { getRunnerLogger } from "./logging";
import { parseRepositoryNwo } from "./repository";
import * as upload_lib from "./upload-lib";
import {
checkGHESVersionInRange,
getAddSnippetsFlag,
getGHESVersion,
getMemoryFlag,
getThreadsFlag,
parseGithubUrl,
@ -151,6 +153,11 @@ program
url: parseGithubUrl(cmd.githubUrl),
};
const ghesVersion = await getGHESVersion(apiDetails);
if (ghesVersion !== undefined) {
checkGHESVersionInRange(ghesVersion, "runner", logger);
}
let codeql: CodeQL;
if (cmd.codeqlPath !== undefined) {
codeql = getCodeQL(cmd.codeqlPath);
@ -176,8 +183,8 @@ program
toolsDir,
codeql,
cmd.checkoutPath || process.cwd(),
ghesVersion,
apiDetails,
"runner",
logger
);
@ -440,6 +447,7 @@ program
url: parseGithubUrl(cmd.githubUrl),
};
try {
const ghesVersion = await getGHESVersion(apiDetails);
await upload_lib.upload(
cmd.sarifFile,
parseRepositoryNwo(cmd.repository),
@ -450,6 +458,7 @@ program
undefined,
cmd.checkoutPath || process.cwd(),
undefined,
ghesVersion,
apiDetails,
"runner",
logger

1
src/tracer-config.test.ts
View file

@ -26,6 +26,7 @@ function getTestConfig(tmpDir: string): configUtils.Config {
tempDir: tmpDir,
toolCacheDir: tmpDir,
codeQLCmd: "",
ghesVersion: { type: "dotcom" } as util.GHESVersion,
};
}

14
src/upload-lib.ts
View file

@ -5,6 +5,7 @@ import zlib from "zlib";
import * as core from "@actions/core";
import fileUrl from "file-url";
import * as jsonschema from "jsonschema";
import * as semver from "semver";
import * as api from "./api-client";
import * as fingerprints from "./fingerprints";
@ -55,7 +56,7 @@ async function uploadPayload(
return;
}
const client = api.getApiClient(apiDetails, mode, logger);
const client = api.getApiClient(apiDetails);
const reqURL =
mode === "actions"
@ -93,6 +94,7 @@ export async function upload(
workflowRunID: number | undefined,
checkoutPath: string,
environment: string | undefined,
ghesVersion: util.GHESVersion,
apiDetails: api.GitHubApiDetails,
mode: util.Mode,
logger: Logger
@ -126,6 +128,7 @@ export async function upload(
workflowRunID,
checkoutPath,
environment,
ghesVersion,
apiDetails,
mode,
logger
@ -179,6 +182,7 @@ async function uploadFiles(
workflowRunID: number | undefined,
checkoutPath: string,
environment: string | undefined,
ghesVersion: util.GHESVersion,
apiDetails: api.GitHubApiDetails,
mode: util.Mode,
logger: Logger
@ -215,7 +219,7 @@ async function uploadFiles(
let payload: string;
if (mode === "actions") {
payload = JSON.stringify({
const payloadObj = {
commit_oid: commitOid,
ref,
analysis_key: analysisKey,
@ -226,7 +230,11 @@ async function uploadFiles(
environment,
started_at: process.env[sharedEnv.CODEQL_WORKFLOW_STARTED_AT],
tool_names: toolNames,
});
};
if (ghesVersion.type !== "ghes" || semver.satisfies(ghesVersion.version, `>=3.0`)) {
// add base_ref / base_sha
}
payload = JSON.stringify(payloadObj);
} else {
payload = JSON.stringify({
commit_sha: commitOid,

4
src/upload-sarif-action.ts
View file

@ -4,6 +4,7 @@ import * as actionsUtil from "./actions-util";
import { getActionsLogger } from "./logging";
import { parseRepositoryNwo } from "./repository";
import * as upload_lib from "./upload-lib";
import { getGHESVersion } from "./util";
interface UploadSarifStatusReport
extends actionsUtil.StatusReportBase,
@ -45,6 +46,8 @@ async function run() {
url: actionsUtil.getRequiredEnvParam("GITHUB_SERVER_URL"),
};
const ghesVersion = await getGHESVersion(apiDetails);
const uploadStats = await upload_lib.upload(
actionsUtil.getRequiredInput("sarif_file"),
parseRepositoryNwo(actionsUtil.getRequiredEnvParam("GITHUB_REPOSITORY")),
@ -55,6 +58,7 @@ async function run() {
actionsUtil.getWorkflowRunID(),
actionsUtil.getRequiredInput("checkout_path"),
actionsUtil.getRequiredInput("matrix"),
ghesVersion,
apiDetails,
"actions",
getActionsLogger()

16
src/util.test.ts
View file

@ -179,3 +179,19 @@ test("parseGithubUrl", (t) => {
message: '"http:///::::433" is not a valid URL',
});
});
test("allowed API versions", async (t) => {
t.is(util.apiVersionInRange("1.33.0", "1.33", "2.0"), undefined);
t.is(util.apiVersionInRange("1.33.1", "1.33", "2.0"), undefined);
t.is(util.apiVersionInRange("1.34.0", "1.33", "2.0"), undefined);
t.is(util.apiVersionInRange("2.0.0", "1.33", "2.0"), undefined);
t.is(util.apiVersionInRange("2.0.1", "1.33", "2.0"), undefined);
t.is(
util.apiVersionInRange("1.32.0", "1.33", "2.0"),
util.DisallowedAPIVersionReason.ACTION_TOO_NEW
);
t.is(
util.apiVersionInRange("2.1.0", "1.33", "2.0"),
util.DisallowedAPIVersionReason.ACTION_TOO_OLD
);
});

83
src/util.ts
View file

@ -2,8 +2,13 @@ import * as fs from "fs";
import * as os from "os";
import * as path from "path";
import * as core from "@actions/core";
import * as semver from "semver";
import * as apiCompatibility from "./api-compatibility.json";
import { Language } from "./languages";
import { Logger } from "./logging";
import { getApiClient, GitHubApiDetails } from "./api-client";
/**
* Are we running on actions, or not.
@ -208,3 +213,81 @@ export function parseGithubUrl(inputUrl: string): string {
return url.toString();
}
const GITHUB_ENTERPRISE_VERSION_HEADER = "x-github-enterprise-version";
const CODEQL_ACTION_WARNED_ABOUT_VERSION_ENV_VAR =
"CODEQL_ACTION_WARNED_ABOUT_VERSION";
let hasBeenWarnedAboutVersion = false;
export type GHESVersion = { type: "dotcom" } | { type: "ghes"; version: string };
export async function getGHESVersion(apiDetails: GitHubApiDetails): Promise<GHESVersion> {
// Doesn't strictly have to be the meta endpoint as we're only
// using the response headers which are available on every request.
const apiClient = getApiClient(apiDetails);
const response = await apiClient.meta.get();
// This happens on dotcom
if (
response.headers[GITHUB_ENTERPRISE_VERSION_HEADER] === undefined
) {
return { type: "dotcom" };
}
const version = response.headers[
GITHUB_ENTERPRISE_VERSION_HEADER
] as string;
return { type: "ghes", version };
}
export function checkGHESVersionInRange(version: GHESVersion, mode: Mode, logger: Logger) {
if (hasBeenWarnedAboutVersion || version.type !== "ghes") {
return;
}
const disallowedAPIVersionReason = apiVersionInRange(
version.version,
apiCompatibility.minimumVersion,
apiCompatibility.maximumVersion
);
const toolName = mode === "actions" ? "Action" : "Runner";
if (
disallowedAPIVersionReason === DisallowedAPIVersionReason.ACTION_TOO_OLD
) {
logger.warning(
`The CodeQL ${toolName} version you are using is too old to be compatible with GitHub Enterprise ${version}. If you experience issues, please upgrade to a more recent version of the CodeQL ${toolName}.`
);
}
if (
disallowedAPIVersionReason === DisallowedAPIVersionReason.ACTION_TOO_NEW
) {
logger.warning(
`GitHub Enterprise ${version} is too old to be compatible with this version of the CodeQL ${toolName}. If you experience issues, please upgrade to a more recent version of GitHub Enterprise or use an older version of the CodeQL ${toolName}.`
);
}
hasBeenWarnedAboutVersion = true;
if (mode === "actions") {
core.exportVariable(CODEQL_ACTION_WARNED_ABOUT_VERSION_ENV_VAR, true);
}
}
export enum DisallowedAPIVersionReason {
ACTION_TOO_OLD,
ACTION_TOO_NEW,
}
export function apiVersionInRange(
version: string,
minimumVersion: string,
maximumVersion: string
): DisallowedAPIVersionReason | undefined {
if (!semver.satisfies(version, `>=${minimumVersion}`)) {
return DisallowedAPIVersionReason.ACTION_TOO_NEW;
}
if (!semver.satisfies(version, `<=${maximumVersion}`)) {
return DisallowedAPIVersionReason.ACTION_TOO_OLD;
}
return undefined;
}