robojerk/codeql-action

Merge pull request #1523 from github/henrymercer/fix/cli-version-for-different-bundles

Browse source 
Fix toolcache behavior when downloading bundle from another repo
This commit is contained in:
Henry Mercer 2023-02-06 19:05:45 +00:00 committed by GitHub
commit 927de483f0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 97 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

28
lib/codeql.test.js generated
View file

@ -97,7 +97,7 @@ ava_1.default.beforeEach(() => {
* @returns the download URL for the bundle. This can be passed to the tools parameter of * @returns the download URL for the bundle. This can be passed to the tools parameter of
* `codeql.setupCodeQL`. * `codeql.setupCodeQL`.
*/ */
function mockDownloadApi({ apiDetails = sampleApiDetails, isPinned, tagName, }) { function mockDownloadApi({ apiDetails = sampleApiDetails, isPinned, repo = "github/codeql-action", platformSpecific = true, tagName, }) {
const platform = process.platform === "win32" const platform = process.platform === "win32"
? "win64" ? "win64"
: process.platform === "linux" : process.platform === "linux"
@ -105,7 +105,7 @@ function mockDownloadApi({ apiDetails = sampleApiDetails, isPinned, tagName, })
: "osx64"; : "osx64";
const baseUrl = apiDetails?.url ?? "https://example.com"; const baseUrl = apiDetails?.url ?? "https://example.com";
const relativeUrl = apiDetails const relativeUrl = apiDetails
? `/github/codeql-action/releases/download/${tagName}/codeql-bundle-${platform}.tar.gz` ? `/${repo}/releases/download/${tagName}/codeql-bundle${platformSpecific ? `-${platform}` : ""}.tar.gz`
: `/download/${tagName}/codeql-bundle.tar.gz`; : `/download/${tagName}/codeql-bundle.tar.gz`;
(0, nock_1.default)(baseUrl) (0, nock_1.default)(baseUrl)
.get(relativeUrl) .get(relativeUrl)
@ -372,6 +372,30 @@ for (const isBundleVersionInUrl of [true, false]) {
}); });
}); });
} }
(0, ava_1.default)("bundle URL from another repo is cached as 0.0.0-bundleVersion", async (t) => {
await util.withTmpDir(async (tmpDir) => {
(0, testing_utils_1.setupActionsVars)(tmpDir, tmpDir);
mockApiDetails(sampleApiDetails);
sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
const releasesApiMock = mockReleaseApi({
assetNames: ["cli-version-2.12.2.txt"],
tagName: "codeql-bundle-20230203",
});
mockDownloadApi({
repo: "dsp-testing/codeql-cli-nightlies",
platformSpecific: false,
tagName: "codeql-bundle-20230203",
});
const result = await codeql.setupCodeQL("https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz", sampleApiDetails, tmpDir, util.GitHubVariant.DOTCOM, false, SAMPLE_DEFAULT_CLI_VERSION, (0, logging_1.getRunnerLogger)(true), false);
t.is(result.toolsVersion, "0.0.0-20230203");
t.is(result.toolsSource, init_1.ToolsSource.Download);
t.true(Number.isInteger(result.toolsDownloadDurationMs));
const cachedVersions = toolcache.findAllVersions("CodeQL");
t.is(cachedVersions.length, 1);
t.is(cachedVersions[0], "0.0.0-20230203");
t.false(releasesApiMock.isDone());
});
});
(0, ava_1.default)("getExtraOptions works for explicit paths", (t) => { (0, ava_1.default)("getExtraOptions works for explicit paths", (t) => {
t.deepEqual(codeql.getExtraOptions({}, ["foo"], []), []); t.deepEqual(codeql.getExtraOptions({}, ["foo"], []), []);
t.deepEqual(codeql.getExtraOptions({ foo: [42] }, ["foo"], []), ["42"]); t.deepEqual(codeql.getExtraOptions({ foo: [42] }, ["foo"], []), ["42"]);

2
lib/codeql.test.js.map
View file

File diff suppressed because one or more lines are too long

15
lib/setup-codeql.js generated
View file

@ -491,10 +491,11 @@ async function downloadCodeQL(codeqlURL, maybeBundleVersion, maybeCliVersion, ap
}; };
} }
// Try to compute the CLI version for this bundle // Try to compute the CLI version for this bundle
const cliVersion = maybeCliVersion || if (maybeCliVersion === undefined &&
(variant === util.GitHubVariant.DOTCOM && variant === util.GitHubVariant.DOTCOM &&
(await tryFindCliVersionDotcomOnly(`codeql-bundle-${bundleVersion}`, logger))) || codeqlURL.includes(`/${exports.CODEQL_DEFAULT_ACTION_REPOSITORY}/`)) {
undefined; maybeCliVersion = await tryFindCliVersionDotcomOnly(`codeql-bundle-${bundleVersion}`, logger);
}
// Include both the CLI version and the bundle version in the toolcache version number. That way // Include both the CLI version and the bundle version in the toolcache version number. That way
// if the user requests the same URL again, we can get it from the cache without having to call // if the user requests the same URL again, we can get it from the cache without having to call
// any of the Releases API. // any of the Releases API.
@ -504,11 +505,11 @@ async function downloadCodeQL(codeqlURL, maybeBundleVersion, maybeCliVersion, ap
// CLI release. In principle, it should be enough to just check that the CLI version isn't a // CLI release. In principle, it should be enough to just check that the CLI version isn't a
// pre-release, but the version numbers of CodeQL nightlies have the format `x.y.z+<timestamp>`, // pre-release, but the version numbers of CodeQL nightlies have the format `x.y.z+<timestamp>`,
// and we don't want these nightlies to override stable CLI versions in the toolcache. // and we don't want these nightlies to override stable CLI versions in the toolcache.
const toolcacheVersion = cliVersion && cliVersion.match(/^[0-9]+\.[0-9]+\.[0-9]+$/) const toolcacheVersion = maybeCliVersion?.match(/^[0-9]+\.[0-9]+\.[0-9]+$/)
? `${cliVersion}-${bundleVersion}` ? `${maybeCliVersion}-${bundleVersion}`
: convertToSemVer(bundleVersion, logger); : convertToSemVer(bundleVersion, logger);
return { return {
toolsVersion: cliVersion || toolcacheVersion, toolsVersion: maybeCliVersion ?? toolcacheVersion,
codeqlFolder: await toolcache.cacheDir(codeqlExtracted, "CodeQL", toolcacheVersion), codeqlFolder: await toolcache.cacheDir(codeqlExtracted, "CodeQL", toolcacheVersion),
toolsDownloadDurationMs, toolsDownloadDurationMs,
}; };

2
lib/setup-codeql.js.map
View file

File diff suppressed because one or more lines are too long

47
src/codeql.test.ts
View file

@ -87,10 +87,14 @@ test.beforeEach(() => {
function mockDownloadApi({ function mockDownloadApi({
apiDetails = sampleApiDetails, apiDetails = sampleApiDetails,
isPinned, isPinned,
repo = "github/codeql-action",
platformSpecific = true,
tagName, tagName,
}: { }: {
apiDetails?: GitHubApiDetails; apiDetails?: GitHubApiDetails;
isPinned?: boolean; isPinned?: boolean;
repo?: string;
platformSpecific?: boolean;
tagName: string; tagName: string;
}): string { }): string {
const platform = const platform =
@ -102,7 +106,9 @@ function mockDownloadApi({
const baseUrl = apiDetails?.url ?? "https://example.com"; const baseUrl = apiDetails?.url ?? "https://example.com";
const relativeUrl = apiDetails const relativeUrl = apiDetails
? `/github/codeql-action/releases/download/${tagName}/codeql-bundle-${platform}.tar.gz` ? `/${repo}/releases/download/${tagName}/codeql-bundle${
platformSpecific ? `-${platform}` : ""
}.tar.gz`
: `/download/${tagName}/codeql-bundle.tar.gz`; : `/download/${tagName}/codeql-bundle.tar.gz`;
nock(baseUrl) nock(baseUrl)
@ -546,6 +552,45 @@ for (const isBundleVersionInUrl of [true, false]) {
}); });
} }
test("bundle URL from another repo is cached as 0.0.0-bundleVersion", async (t) => {
await util.withTmpDir(async (tmpDir) => {
setupActionsVars(tmpDir, tmpDir);
mockApiDetails(sampleApiDetails);
sinon.stub(actionsUtil, "isRunningLocalAction").returns(true);
const releasesApiMock = mockReleaseApi({
assetNames: ["cli-version-2.12.2.txt"],
tagName: "codeql-bundle-20230203",
});
mockDownloadApi({
repo: "dsp-testing/codeql-cli-nightlies",
platformSpecific: false,
tagName: "codeql-bundle-20230203",
});
const result = await codeql.setupCodeQL(
"https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20230203/codeql-bundle.tar.gz",
sampleApiDetails,
tmpDir,
util.GitHubVariant.DOTCOM,
false,
SAMPLE_DEFAULT_CLI_VERSION,
getRunnerLogger(true),
false
);
t.is(result.toolsVersion, "0.0.0-20230203");
t.is(result.toolsSource, ToolsSource.Download);
t.true(Number.isInteger(result.toolsDownloadDurationMs));
const cachedVersions = toolcache.findAllVersions("CodeQL");
t.is(cachedVersions.length, 1);
t.is(cachedVersions[0], "0.0.0-20230203");
t.false(releasesApiMock.isDone());
});
});
test("getExtraOptions works for explicit paths", (t) => { test("getExtraOptions works for explicit paths", (t) => {
t.deepEqual(codeql.getExtraOptions({}, ["foo"], []), []); t.deepEqual(codeql.getExtraOptions({}, ["foo"], []), []);

28
src/setup-codeql.ts
View file

@ -663,14 +663,17 @@ export async function downloadCodeQL(
} }
// Try to compute the CLI version for this bundle // Try to compute the CLI version for this bundle
const cliVersion: string | undefined = if (
maybeCliVersion || maybeCliVersion === undefined &&
(variant === util.GitHubVariant.DOTCOM && variant === util.GitHubVariant.DOTCOM &&
(await tryFindCliVersionDotcomOnly( codeqlURL.includes(`/${CODEQL_DEFAULT_ACTION_REPOSITORY}/`)
`codeql-bundle-${bundleVersion}`, ) {
logger maybeCliVersion = await tryFindCliVersionDotcomOnly(
))) || `codeql-bundle-${bundleVersion}`,
undefined; logger
);
}
// Include both the CLI version and the bundle version in the toolcache version number. That way // Include both the CLI version and the bundle version in the toolcache version number. That way
// if the user requests the same URL again, we can get it from the cache without having to call // if the user requests the same URL again, we can get it from the cache without having to call
// any of the Releases API. // any of the Releases API.
@ -680,12 +683,11 @@ export async function downloadCodeQL(
// CLI release. In principle, it should be enough to just check that the CLI version isn't a // CLI release. In principle, it should be enough to just check that the CLI version isn't a
// pre-release, but the version numbers of CodeQL nightlies have the format `x.y.z+<timestamp>`, // pre-release, but the version numbers of CodeQL nightlies have the format `x.y.z+<timestamp>`,
// and we don't want these nightlies to override stable CLI versions in the toolcache. // and we don't want these nightlies to override stable CLI versions in the toolcache.
const toolcacheVersion = const toolcacheVersion = maybeCliVersion?.match(/^[0-9]+\.[0-9]+\.[0-9]+$/)
cliVersion && cliVersion.match(/^[0-9]+\.[0-9]+\.[0-9]+$/) ? `${maybeCliVersion}-${bundleVersion}`
? `${cliVersion}-${bundleVersion}` : convertToSemVer(bundleVersion, logger);
: convertToSemVer(bundleVersion, logger);
return { return {
toolsVersion: cliVersion || toolcacheVersion, toolsVersion: maybeCliVersion ?? toolcacheVersion,
codeqlFolder: await toolcache.cacheDir( codeqlFolder: await toolcache.cacheDir(
codeqlExtracted, codeqlExtracted,
"CodeQL", "CodeQL",