Allow the codeql-action to run packages

This commit adds a `packs` option to the codeql-config.yml file. Users can specify a list of ql packs to include in the analysis. For a single language analysis, the packs property looks like this: ```yaml packs: - pack-scope/pack-name1@1.2.3 - pack-scope/pack-name2 # no explicit version means download the latest ``` For multi-language analysis, you must key the packs block by lanaguage: ```yaml packs: cpp: - pack-scope/pack-name1@1.2.3 - pack-scope/pack-name2 java: - pack-scope/pack-name3@1.2.3 - pack-scope/pack-name4 ``` This implementation adds a new analysis run (alongside custom and builtin runs). The unit tests indicate that the correct commands are being run, but I have not actually tried this with a real CLI. Also, convert `instanceof Array` to `Array.isArray` since that is sightly better in some situations. See: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/isArray#instanceof_vs_isarray
2021-06-03 09:32:44 -07:00 · 2021-06-03 09:32:44 -07:00 · 86a804f9a7
commit 86a804f9a7
parent cbdf0df97b
22 changed files with 940 additions and 45 deletions
--- a/lib/codeql.js
+++ b/lib/codeql.js
@ -286,6 +286,7 @@ function setCodeQL(partialCodeql) {
        resolveLanguages: resolveFunction(partialCodeql, "resolveLanguages"),
        resolveQueries: resolveFunction(partialCodeql, "resolveQueries"),
        databaseAnalyze: resolveFunction(partialCodeql, "databaseAnalyze"),
+        packDownload: resolveFunction(partialCodeql, "packDownload"),
    };
    return cachedCodeQL;
 }
@ -498,8 +499,38 @@ function getCodeQLForCmd(cmd) {
            }).exec();
            return output;
        },
+        // Download specified packs into the package cache. If the specified
+        // package and version already exists (e.g., from a previous analysis run),
+        // then it is not downloaded again (unless the extra option `--force` is
+        // specified).
+        async packDownload(packs) {
+            const args = [
+                "pack",
+                "download",
+                "-v",
+                ...getExtraOptionsFromEnv(["pack", "download"]),
+                ...packs.map(packWithVersionToString),
+            ];
+            let output = "";
+            await new toolrunner.ToolRunner(cmd, args, {
+                listeners: {
+                    stdout: (data) => {
+                        output += data.toString("utf8");
+                    },
+                },
+            }).exec();
+            try {
+                return JSON.parse(output);
+            }
+            catch (e) {
+                throw new Error(`Attempted to download specified packs but got error ${e}.`);
+            }
+        },
    };
 }
+function packWithVersionToString(pack) {
+    return pack.version ? `${pack.packName}@${pack.version}` : pack.packName;
+}
 /**
 * Gets the options for `path` of `options` as an array of extra option strings.
 */