robojerk/codeql-action

Only show deprecation warning on GHES 3.14+

Browse source
This commit is contained in:
Koen Vlaswinkel 2024-04-26 14:31:43 +02:00
parent 80394dcc32
commit 905f9b0083
3 changed files with 35 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

12
lib/upload-lib.js generated
View file

@ -33,6 +33,7 @@ const zlib_1 = __importDefault(require("zlib"));
const core = __importStar(require("@actions/core"));
const file_url_1 = __importDefault(require("file-url"));
const jsonschema = __importStar(require("jsonschema"));
const semver = __importStar(require("semver"));
const actionsUtil = __importStar(require("./actions-util"));
const actions_util_1 = require("./actions-util");
const api = __importStar(require("./api-client"));
@ -109,10 +110,15 @@ function areAllRunsUnique(sarifObjects) {
}
return true;
}
async function showCombineSarifFilesDeprecationWarning(sarifObjects, features) {
async function showCombineSarifFilesDeprecationWarning(sarifObjects, features, githubVersion) {
if (!(await features.getValue(feature_flags_1.Feature.CombineSarifFilesDeprecationWarning))) {
return false;
}
// Do not show this warning on GHES versions before 3.14.0
if (githubVersion.type === util_1.GitHubVariant.GHES &&
semver.lt(githubVersion.version, "3.14.0")) {
return false;
}
// Only give a deprecation warning when not all runs are unique
return (!areAllRunsUnique(sarifObjects) &&
!process.env.CODEQL_MERGE_SARIF_DEPRECATION_WARNING);
@ -131,7 +137,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo
});
if (!areAllRunsProducedByCodeQL(sarifObjects)) {
logger.debug("Not all SARIF files were produced by CodeQL. Merging files in the action.");
if (await showCombineSarifFilesDeprecationWarning(sarifObjects, features)) {
if (await showCombineSarifFilesDeprecationWarning(sarifObjects, features, gitHubVersion)) {
logger.warning("Uploading multiple SARIF runs with the same category is deprecated and will be removed on June 4, 2025. Please update your workflow to upload a single run per category. For more information, see https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-deprecation-notice");
core.exportVariable("CODEQL_MERGE_SARIF_DEPRECATION_WARNING", "true");
}
@ -162,7 +168,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo
}
if (!(await codeQL.supportsFeature(tools_features_1.ToolsFeature.SarifMergeRunsFromEqualCategory))) {
logger.warning("The CodeQL CLI does not support merging SARIF files. Merging files in the action.");
if (await showCombineSarifFilesDeprecationWarning(sarifObjects, features)) {
if (await showCombineSarifFilesDeprecationWarning(sarifObjects, features, gitHubVersion)) {
logger.warning("Uploading multiple CodeQL runs with the same category is deprecated and will be removed on June 4, 2025. Please update your CodeQL CLI version or update your workflow to set a distinct category for each CodeQL run. For more information, see https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-deprecation-notice");
core.exportVariable("CODEQL_MERGE_SARIF_DEPRECATION_WARNING", "true");
}

2
lib/upload-lib.js.map
View file

File diff suppressed because one or more lines are too long

27
src/upload-lib.ts
View file

@ -6,6 +6,7 @@ import * as core from "@actions/core";
import { OctokitResponse } from "@octokit/types";
import fileUrl from "file-url";
import * as jsonschema from "jsonschema";
import * as semver from "semver";
import * as actionsUtil from "./actions-util";
import { getOptionalInput, getRequiredInput } from "./actions-util";
@ -24,6 +25,7 @@ import * as util from "./util";
import {
ConfigurationError,
getRequiredEnvParam,
GitHubVariant,
GitHubVersion,
SarifFile,
SarifRun,
@ -123,11 +125,20 @@ function areAllRunsUnique(sarifObjects: SarifFile[]): boolean {
async function showCombineSarifFilesDeprecationWarning(
sarifObjects: util.SarifFile[],
features: Features,
githubVersion: GitHubVersion,
) {
if (!(await features.getValue(Feature.CombineSarifFilesDeprecationWarning))) {
return false;
}
// Do not show this warning on GHES versions before 3.14.0
if (
githubVersion.type === GitHubVariant.GHES &&
semver.lt(githubVersion.version, "3.14.0")
) {
return false;
}
// Only give a deprecation warning when not all runs are unique
return (
!areAllRunsUnique(sarifObjects) &&
@ -159,7 +170,13 @@ async function combineSarifFilesUsingCLI(
"Not all SARIF files were produced by CodeQL. Merging files in the action.",
);
if (await showCombineSarifFilesDeprecationWarning(sarifObjects, features)) {
if (
await showCombineSarifFilesDeprecationWarning(
sarifObjects,
features,
gitHubVersion,
)
) {
logger.warning(
"Uploading multiple SARIF runs with the same category is deprecated and will be removed on June 4, 2025. Please update your workflow to upload a single run per category. For more information, see https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-deprecation-notice",
);
@ -216,7 +233,13 @@ async function combineSarifFilesUsingCLI(
"The CodeQL CLI does not support merging SARIF files. Merging files in the action.",
);
if (await showCombineSarifFilesDeprecationWarning(sarifObjects, features)) {
if (
await showCombineSarifFilesDeprecationWarning(
sarifObjects,
features,
gitHubVersion,
)
) {
logger.warning(
"Uploading multiple CodeQL runs with the same category is deprecated and will be removed on June 4, 2025. Please update your CodeQL CLI version or update your workflow to set a distinct category for each CodeQL run. For more information, see https://github.blog/changelog/2024-05-06-code-scanning-will-stop-combining-runs-deprecation-notice",
);