Merge pull request #1523 from github/henrymercer/fix/cli-version-for-different-bundles

Fix toolcache behavior when downloading bundle from another repo
2023-02-06 19:05:45 +00:00 · 2023-02-06 19:05:45 +00:00 · 927de483f0
commit 927de483f0
parent d3962273b3 e4c0a1b24d
6 changed files with 97 additions and 25 deletions
--- a/lib/codeql.test.js
+++ b/lib/codeql.test.js
@ -97,7 +97,7 @@ ava_1.default.beforeEach(() => {
 * @returns the download URL for the bundle. This can be passed to the tools parameter of
 * `codeql.setupCodeQL`.
 */
-function mockDownloadApi({ apiDetails = sampleApiDetails, isPinned, tagName, }) {
+function mockDownloadApi({ apiDetails = sampleApiDetails, isPinned, repo = "github/codeql-action", platformSpecific = true, tagName, }) {
    const platform = process.platform === "win32"
        ? "win64"
        : process.platform === "linux"
@ -105,7 +105,7 @@ function mockDownloadApi({ apiDetails = sampleApiDetails, isPinned, tagName, })
            : "osx64";
    const baseUrl = apiDetails?.url ?? "https://example.com";
    const relativeUrl = apiDetails
-        ? `/github/codeql-action/releases/download/${tagName}/codeql-bundle-${platform}.tar.gz`
+        ? `/${repo}/releases/download/${tagName}/codeql-bundle${platformSpecific ? `-${platform}` : ""}.tar.gz`
        : `/download/${tagName}/codeql-bundle.tar.gz`;
    (0, nock_1.default)(baseUrl)
        .get(relativeUrl)
@ -372,6 +372,30 @@ for (const isBundleVersionInUrl of [true, false]) {
        });
    });
 }
+(0, ava_1.default)("bundle URL from another repo is cached as 0.0.0-bundleVersion", async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        (0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
+        mockApiDetails(sampleApiDetails);
+        sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
+        const releasesApiMock = mockReleaseApi({
+            assetNames: ["cli-version-2.12.2.txt"],
+            tagName: "codeql-bundle-20230203",
+        });
+        mockDownloadApi({
+            repo: "dsp-testing/codeql-cli-nightlies",
+            platformSpecific: false,
+            tagName: "codeql-bundle-20230203",
+        });
+        const result = await codeql.setupCodeQL("https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz", sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, false, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
+        t.is(result.toolsVersion, "0.0.0-20230203");
+        t.is(result.toolsSource, init_1.ToolsSource.Download);
+        t.true(Number.isInteger(result.toolsDownloadDurationMs));
+        const cachedVersions = toolcache.findAllVersions("CodeQL");
+        t.is(cachedVersions.length, 1);
+        t.is(cachedVersions[0], "0.0.0-20230203");
+        t.false(releasesApiMock.isDone());
+    });
+});
 (0, ava_1.default)("getExtraOptions works for explicit paths", (t) => {
    t.deepEqual(codeql.getExtraOptions({}, ["foo"], []), []);
    t.deepEqual(codeql.getExtraOptions({ foo: [42] }, ["foo"], []), ["42"]);
--- a/lib/codeql.test.js.map
+++ b/lib/codeql.test.js.map
--- a/lib/setup-codeql.js
+++ b/lib/setup-codeql.js
@ -491,10 +491,11 @@ async function downloadCodeQL(codeqlURL, maybeBundleVersion, maybeCliVersion, ap
        };
    }
    // Try to compute the CLI version for this bundle
-    const cliVersion = maybeCliVersion ||
-        (variant === util.GitHubVariant.DOTCOM &&
-            (await tryFindCliVersionDotcomOnly(`codeql-bundle-${bundleVersion}`, logger))) ||
-        undefined;
+    if (maybeCliVersion === undefined &&
+        variant === util.GitHubVariant.DOTCOM &&
+        codeqlURL.includes(`/${exports.CODEQL_DEFAULT_ACTION_REPOSITORY}/`)) {
+        maybeCliVersion = await tryFindCliVersionDotcomOnly(`codeql-bundle-${bundleVersion}`, logger);
+    }
    // Include both the CLI version and the bundle version in the toolcache version number. That way
    // if the user requests the same URL again, we can get it from the cache without having to call
    // any of the Releases API.
@ -504,11 +505,11 @@ async function downloadCodeQL(codeqlURL, maybeBundleVersion, maybeCliVersion, ap
    // CLI release. In principle, it should be enough to just check that the CLI version isn't a
    // pre-release, but the version numbers of CodeQL nightlies have the format `x.y.z+<timestamp>`,
    // and we don't want these nightlies to override stable CLI versions in the toolcache.
-    const toolcacheVersion = cliVersion && cliVersion.match(/^[0-9]+\.[0-9]+\.[0-9]+$/)
-        ? `${cliVersion}-${bundleVersion}`
+    const toolcacheVersion = maybeCliVersion?.match(/^[0-9]+\.[0-9]+\.[0-9]+$/)
+        ? `${maybeCliVersion}-${bundleVersion}`
        : convertToSemVer(bundleVersion, logger);
    return {
-        toolsVersion: cliVersion || toolcacheVersion,
+        toolsVersion: maybeCliVersion ?? toolcacheVersion,
        codeqlFolder: await toolcache.cacheDir(codeqlExtracted, "CodeQL", toolcacheVersion),
        toolsDownloadDurationMs,
    };
--- a/lib/setup-codeql.js.map
+++ b/lib/setup-codeql.js.map
--- a/src/codeql.test.ts
+++ b/src/codeql.test.ts
@ -87,10 +87,14 @@ test.beforeEach(() => {
 function mockDownloadApi({
  apiDetails = sampleApiDetails,
  isPinned,
+  repo = "github/codeql-action",
+  platformSpecific = true,
  tagName,
 }: {
  apiDetails?: GitHubApiDetails;
  isPinned?: boolean;
+  repo?: string;
+  platformSpecific?: boolean;
  tagName: string;
 }): string {
  const platform =
@ -102,7 +106,9 @@ function mockDownloadApi({

  const baseUrl = apiDetails?.url ?? "https://example.com";
  const relativeUrl = apiDetails
-    ? `/github/codeql-action/releases/download/${tagName}/codeql-bundle-${platform}.tar.gz`
+    ? `/${repo}/releases/download/${tagName}/codeql-bundle${
+        platformSpecific ? `-${platform}` : ""
+      }.tar.gz`
    : `/download/${tagName}/codeql-bundle.tar.gz`;

  nock(baseUrl)
@ -546,6 +552,45 @@ for (const isBundleVersionInUrl of [true, false]) {
  });
 }

+test("bundle URL from another repo is cached as 0.0.0-bundleVersion", async (t) => {
+  await util.withTmpDir(async (tmpDir) => {
+    setupActionsVars(tmpDir, tmpDir);
+
+    mockApiDetails(sampleApiDetails);
+    sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
+    const releasesApiMock = mockReleaseApi({
+      assetNames: ["cli-version-2.12.2.txt"],
+      tagName: "codeql-bundle-20230203",
+    });
+    mockDownloadApi({
+      repo: "dsp-testing/codeql-cli-nightlies",
+      platformSpecific: false,
+      tagName: "codeql-bundle-20230203",
+    });
+
+    const result = await codeql.setupCodeQL(
+      "https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz",
+      sampleApiDetails,
+      tmpDir,
+      util.GitHubVariant.DOTCOM,
+      false,
+      SAMPLE_DEFAULT_CLI_VERSION,
+      getRunnerLogger(true),
+      false
+    );
+
+    t.is(result.toolsVersion, "0.0.0-20230203");
+    t.is(result.toolsSource, ToolsSource.Download);
+    t.true(Number.isInteger(result.toolsDownloadDurationMs));
+
+    const cachedVersions = toolcache.findAllVersions("CodeQL");
+    t.is(cachedVersions.length, 1);
+    t.is(cachedVersions[0], "0.0.0-20230203");
+
+    t.false(releasesApiMock.isDone());
+  });
+});
+
 test("getExtraOptions works for explicit paths", (t) => {
  t.deepEqual(codeql.getExtraOptions({}, ["foo"], []), []);

--- a/src/setup-codeql.ts
+++ b/src/setup-codeql.ts
@ -663,14 +663,17 @@ export async function downloadCodeQL(
  }

  // Try to compute the CLI version for this bundle
-  const cliVersion: string | undefined =
-    maybeCliVersion ||
-    (variant === util.GitHubVariant.DOTCOM &&
-      (await tryFindCliVersionDotcomOnly(
-        `codeql-bundle-${bundleVersion}`,
-        logger
-      ))) ||
-    undefined;
+  if (
+    maybeCliVersion === undefined &&
+    variant === util.GitHubVariant.DOTCOM &&
+    codeqlURL.includes(`/${CODEQL_DEFAULT_ACTION_REPOSITORY}/`)
+  ) {
+    maybeCliVersion = await tryFindCliVersionDotcomOnly(
+      `codeql-bundle-${bundleVersion}`,
+      logger
+    );
+  }
+
  // Include both the CLI version and the bundle version in the toolcache version number. That way
  // if the user requests the same URL again, we can get it from the cache without having to call
  // any of the Releases API.
@ -680,12 +683,11 @@ export async function downloadCodeQL(
  // CLI release. In principle, it should be enough to just check that the CLI version isn't a
  // pre-release, but the version numbers of CodeQL nightlies have the format `x.y.z+<timestamp>`,
  // and we don't want these nightlies to override stable CLI versions in the toolcache.
-  const toolcacheVersion =
-    cliVersion && cliVersion.match(/^[0-9]+\.[0-9]+\.[0-9]+$/)
-      ? `${cliVersion}-${bundleVersion}`
-      : convertToSemVer(bundleVersion, logger);
+  const toolcacheVersion = maybeCliVersion?.match(/^[0-9]+\.[0-9]+\.[0-9]+$/)
+    ? `${maybeCliVersion}-${bundleVersion}`
+    : convertToSemVer(bundleVersion, logger);
  return {
-    toolsVersion: cliVersion || toolcacheVersion,
+    toolsVersion: maybeCliVersion ?? toolcacheVersion,
    codeqlFolder: await toolcache.cacheDir(
      codeqlExtracted,
      "CodeQL",