Add actions extractor

2024-11-07 14:31:14 -05:00 · 2024-11-07 14:31:14 -05:00 · 8b4526fbb9
commit 8b4526fbb9
parent 5ac2ddd6fc
4 changed files with 126 additions and 0 deletions
--- a/actions-extractor/codeql-extractor.yml
+++ b/actions-extractor/codeql-extractor.yml
@ -0,0 +1,44 @@
 name: "actions"
 aliases: []
 display_name: "GitHub Actions"
 version: 0.0.1
 column_kind: "utf16"
 unicode_newlines: true
 build_modes:
  - none
 file_coverage_languages: []
 github_api_languages: []
 scc_languages: []
 file_types:
  - name: workflow
    display_name: GitHub Actions workflow files
    extensions:
      - .yml
      - .yaml
 forwarded_extractor_name: javascript
 options:
  trap:
    title: TRAP options
    description: Options about how the extractor handles TRAP files
    type: object
    visibility: 3
    properties:
      cache:
        title: TRAP cache options
        description: Options about how the extractor handles its TRAP cache
        type: object
        properties:
          dir:
            title: TRAP cache directory
            description: The directory of the TRAP cache to use
            type: string
          bound:
            title: TRAP cache bound
            description: A soft limit (in MB) on the size of the TRAP cache
            type: string
            pattern: "[0-9]+"
          write:
            title: TRAP cache writeable
            description: Whether to write to the TRAP cache as well as reading it
            type: string
            pattern: "(true|TRUE|false|FALSE)"
--- a/actions-extractor/tools/autobuild-impl.ps1
+++ b/actions-extractor/tools/autobuild-impl.ps1
@ -0,0 +1,40 @@
 if (($null -ne $env:LGTM_INDEX_INCLUDE) -or ($null -ne $env:LGTM_INDEX_EXCLUDE) -or ($null -ne $env:LGTM_INDEX_FILTERS)) {
    Write-Output 'Path filters set. Passing them through to the JavaScript extractor.' 
 } else {
    Write-Output 'No path filters set. Using the default filters.'
    $DefaultPathFilters = @(
        'exclude:**/*',
        'include:.github/workflows/**/*.yml',
        'include:.github/workflows/**/*.yaml',
        'include:**/action.yml',
        'include:**/action.yaml'
    )
    $env:LGTM_INDEX_FILTERS = $DefaultPathFilters -join "`n"
 }
 # Find the JavaScript extractor directory via `codeql resolve extractor`.
 $CodeQL = Join-Path $env:CODEQL_DIST 'codeql.exe'
 $env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT = &$CodeQL resolve extractor --language javascript
 if ($LASTEXITCODE -ne 0) {
    throw 'Failed to resolve JavaScript extractor.'
 }
 Write-Output "Found JavaScript extractor at '${env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}'."
 # Run the JavaScript autobuilder.
 $JavaScriptAutoBuild = Join-Path $env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT 'tools\autobuild.cmd'
 Write-Output "Running JavaScript autobuilder at '${JavaScriptAutoBuild}'."
 # Copy the values of the Actions extractor environment variables to the JavaScript extractor environment variables.
 $env:CODEQL_EXTRACTOR_JAVASCRIPT_DIAGNOSTIC_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_DIAGNOSTIC_DIR
 $env:CODEQL_EXTRACTOR_JAVASCRIPT_LOG_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_LOG_DIR
 $env:CODEQL_EXTRACTOR_JAVASCRIPT_SCRATCH_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_SCRATCH_DIR
 $env:CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_SOURCE_ARCHIVE_DIR
 $env:CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR
 $env:CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE = $env:CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE
 &$JavaScriptAutoBuild
 if ($LASTEXITCODE -ne 0) {
    throw "JavaScript autobuilder failed."
 }
--- a/actions-extractor/tools/autobuild.cmd
+++ b/actions-extractor/tools/autobuild.cmd
@ -0,0 +1,3 @@
@echo off
 rem All of the work is done in the PowerShell script
 powershell.exe %~dp0autobuild-impl.ps1
--- a/actions-extractor/tools/autobuild.sh
+++ b/actions-extractor/tools/autobuild.sh
@ -0,0 +1,39 @@
 #!/bin/sh
 set -eu
 DEFAULT_PATH_FILTERS=$(cat << END
 exclude:**/*
 include:.github/workflows/**/*.yml
 include:.github/workflows/**/*.yaml
 include:**/action.yml
 include:**/action.yaml
 END
 )
 if [ -n "${LGTM_INDEX_INCLUDE:-}" ] || [ -n "${LGTM_INDEX_EXCLUDE:-}" ] || [ -n "${LGTM_INDEX_FILTERS:-}" ] ; then
    echo "Path filters set. Passing them through to the JavaScript extractor."
 else
    echo "No path filters set. Using the default filters."
    LGTM_INDEX_FILTERS="${DEFAULT_PATH_FILTERS}"
    export LGTM_INDEX_FILTERS
 fi
 # Find the JavaScript extractor directory via `codeql resolve extractor`.
 CODEQL_EXTRACTOR_JAVASCRIPT_ROOT="$($CODEQL_DIST/codeql resolve extractor --language javascript)"
 export CODEQL_EXTRACTOR_JAVASCRIPT_ROOT
 echo "Found JavaScript extractor at '${CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}'."
 # Run the JavaScript autobuilder
 JAVASCRIPT_AUTO_BUILD="${CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}/tools/autobuild.sh"
 echo "Running JavaScript autobuilder at '${JAVASCRIPT_AUTO_BUILD}'."
 # Copy the values of the Actions extractor environment variables to the JavaScript extractor environment variables.
 env CODEQL_EXTRACTOR_JAVASCRIPT_DIAGNOSTIC_DIR="${CODEQL_EXTRACTOR_ACTIONS_DIAGNOSTIC_DIR}" \
    CODEQL_EXTRACTOR_JAVASCRIPT_LOG_DIR="${CODEQL_EXTRACTOR_ACTIONS_LOG_DIR}" \
    CODEQL_EXTRACTOR_JAVASCRIPT_SCRATCH_DIR="${CODEQL_EXTRACTOR_ACTIONS_SCRATCH_DIR}" \
    CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR="${CODEQL_EXTRACTOR_ACTIONS_SOURCE_ARCHIVE_DIR}" \
    CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR="${CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR}" \
    CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE="${CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE}" \
    ${JAVASCRIPT_AUTO_BUILD}