Merge branch 'main' into support-remote-config

2020-06-26 13:48:59 +01:00 · 2020-06-26 13:48:59 +01:00 · 9566d8c220
commit 9566d8c220
parent 366d8a32d1 17548064f9
9 changed files with 137 additions and 111 deletions
--- a/src/api-client.ts
+++ b/src/api-client.ts
@ -0,0 +1,11 @@
+import * as core from "@actions/core";
+import * as octokit from "@octokit/rest";
+import consoleLogLevel from "console-log-level";
+
+const githubAPIURL = process.env["GITHUB_API_URL"] || "https://api.github.com";
+export const client = new octokit.Octokit({
+  auth: core.getInput("token"),
+  baseUrl: githubAPIURL,
+  userAgent: "CodeQL Action",
+  log: consoleLogLevel({ level: "debug" })
+});
--- a/src/upload-lib.ts
+++ b/src/upload-lib.ts
@ -1,12 +1,11 @@
 import * as core from '@actions/core';
-import * as http from '@actions/http-client';
-import * as auth from '@actions/http-client/auth';
 import fileUrl from 'file-url';
 import * as fs from 'fs';
 import * as jsonschema from 'jsonschema';
 import * as path from 'path';
 import zlib from 'zlib';

+import * as api from './api-client';
 import * as fingerprints from './fingerprints';
 import * as sharedEnv from './shared-environment';
 import * as util from './util';
@ -45,10 +44,7 @@ async function uploadPayload(payload): Promise<boolean> {
    return true;
  }

-  const githubToken = core.getInput('token');
-  const ph: auth.BearerCredentialHandler = new auth.BearerCredentialHandler(githubToken);
-  const client = new http.HttpClient('Code Scanning : Upload SARIF', [ph]);
-  const url = 'https://api.github.com/repos/' + process.env['GITHUB_REPOSITORY'] + '/code-scanning/analysis';
+  const [owner, repo] = util.getRequiredEnvParam("GITHUB_REPOSITORY").split("/");

  // Make up to 4 attempts to upload, and sleep for these
  // number of seconds between each attempt.
@ -57,21 +53,25 @@ async function uploadPayload(payload): Promise<boolean> {
  const backoffPeriods = [1, 5, 15];

  for (let attempt = 0; attempt <= backoffPeriods.length; attempt++) {
+    const response = await api.client.request("PUT /repos/:owner/:repo/code-scanning/analysis", ({
+      owner: owner,
+      repo: repo,
+      data: payload,
+    }));

-    const res: http.HttpClientResponse = await client.put(url, payload);
-    core.debug('response status: ' + res.message.statusCode);
+    core.debug('response status: ' + response.status);

-    const statusCode = res.message.statusCode;
+    const statusCode = response.status;
    if (statusCode === 202) {
      core.info("Successfully uploaded results");
      return true;
    }

-    const requestID = res.message.headers["x-github-request-id"];
+    const requestID = response.headers["x-github-request-id"];

    // On any other status code that's not 5xx mark the upload as failed
    if (!statusCode || statusCode < 500 || statusCode >= 600) {
-      core.setFailed('Upload failed (' + requestID + '): (' + statusCode + ') ' + await res.readBody());
+      core.setFailed('Upload failed (' + requestID + '): (' + statusCode + ') ' + JSON.stringify(response.data));
      return false;
    }

@ -80,7 +80,7 @@ async function uploadPayload(payload): Promise<boolean> {
      // Log the failure as a warning but don't mark the action as failed yet
      core.warning('Upload attempt (' + (attempt + 1) + ' of ' + (backoffPeriods.length + 1) +
        ') failed (' + requestID + '). Retrying in ' + backoffPeriods[attempt] +
-        ' seconds: (' + statusCode + ') ' + await res.readBody());
+        ' seconds: (' + statusCode + ') ' + JSON.stringify(response.data));
      // Sleep for the backoff period
      await new Promise(r => setTimeout(r, backoffPeriods[attempt] * 1000));
      continue;
@ -89,7 +89,7 @@ async function uploadPayload(payload): Promise<boolean> {
      // If the upload fails with 5xx then we assume it is a temporary problem
      // and not an error that the user has caused or can fix.
      // We avoid marking the job as failed to avoid breaking CI workflows.
-      core.error('Upload failed (' + requestID + '): (' + statusCode + ') ' + await res.readBody());
+      core.error('Upload failed (' + requestID + '): (' + statusCode + ') ' + JSON.stringify(response.data));
      return false;
    }
  }
--- a/src/util.ts
+++ b/src/util.ts
@ -1,13 +1,10 @@
 import * as core from '@actions/core';
 import * as exec from '@actions/exec';
-import * as http from '@actions/http-client';
-import * as auth from '@actions/http-client/auth';
-import * as octokit from '@octokit/rest';
-import consoleLogLevel from 'console-log-level';
 import * as fs from "fs";
 import * as os from 'os';
 import * as path from 'path';

+import * as api from './api-client';
 import * as sharedEnv from './shared-environment';

 /**
@ -68,12 +65,7 @@ async function getLanguagesInRepo(): Promise<string[]> {
    let repo = repo_nwo[1];

    core.debug(`GitHub repo ${owner} ${repo}`);
-    let ok = new octokit.Octokit({
-      auth: core.getInput('token'),
-      userAgent: "CodeQL Action",
-      log: consoleLogLevel({ level: "debug" })
-    });
-    const response = await ok.request("GET /repos/:owner/:repo/languages", ({
+    const response = await api.client.request("GET /repos/:owner/:repo/languages", ({
      owner,
      repo
    }));
@ -139,15 +131,27 @@ export async function getLanguages(): Promise<string[]> {
 * Gets the SHA of the commit that is currently checked out.
 */
 export async function getCommitOid(): Promise<string> {
-  let commitOid = '';
-  await exec.exec('git', ['rev-parse', 'HEAD'], {
-    silent: true,
-    listeners: {
-      stdout: (data) => { commitOid += data.toString(); },
-      stderr: (data) => { process.stderr.write(data); }
-    }
-  });
-  return commitOid.trim();
+  // Try to use git to get the current commit SHA. If that fails then
+  // log but otherwise silently fall back to using the SHA from the environment.
+  // The only time these two values will differ is during analysis of a PR when
+  // the workflow has changed the current commit to the head commit instead of
+  // the merge commit, which must mean that git is available.
+  // Even if this does go wrong, it's not a huge problem for the alerts to
+  // reported on the merge commit.
+  try {
+    let commitOid = '';
+    await exec.exec('git', ['rev-parse', 'HEAD'], {
+      silent: true,
+      listeners: {
+        stdout: (data) => { commitOid += data.toString(); },
+        stderr: (data) => { process.stderr.write(data); }
+      }
+    });
+    return commitOid.trim();
+  } catch (e) {
+    core.info("Failed to call git to get current commit. Continuing with data from environment: " + e);
+    return getRequiredEnvParam('GITHUB_SHA');
+  }
 }

 /**
@ -157,22 +161,16 @@ async function getWorkflowPath(): Promise<string> {
  const repo_nwo = getRequiredEnvParam('GITHUB_REPOSITORY').split("/");
  const owner = repo_nwo[0];
  const repo = repo_nwo[1];
-  const run_id = getRequiredEnvParam('GITHUB_RUN_ID');
+  const run_id = Number(getRequiredEnvParam('GITHUB_RUN_ID'));

-  const ok = new octokit.Octokit({
-    auth: core.getInput('token'),
-    userAgent: "CodeQL Action",
-    log: consoleLogLevel({ level: 'debug' })
-  });
-
-  const runsResponse = await ok.request('GET /repos/:owner/:repo/actions/runs/:run_id', {
+  const runsResponse = await api.client.request('GET /repos/:owner/:repo/actions/runs/:run_id', {
    owner,
    repo,
    run_id
  });
  const workflowUrl = runsResponse.data.workflow_url;

-  const workflowResponse = await ok.request('GET ' + workflowUrl);
+  const workflowResponse = await api.client.request('GET ' + workflowUrl);

  return workflowResponse.data.path;
 }
@ -283,7 +281,7 @@ async function createStatusReport(
  if (exception) {
    statusReport.exception = exception;
  }
-  if (status === 'success' || status === 'failure') {
+  if (status === 'success' || status === 'failure' || status === 'aborted') {
    statusReport.completed_at = new Date().toISOString();
  }
  let matrix: string | undefined = core.getInput('matrix');
@ -297,23 +295,21 @@ async function createStatusReport(
 /**
 * Send a status report to the code_scanning/analysis/status endpoint.
 *
- * Returns the status code of the response to the status request, or
- * undefined if the given statusReport is undefined or no response was
- * received.
+ * Returns the status code of the response to the status request.
 */
-async function sendStatusReport(statusReport: StatusReport): Promise<number | undefined> {
+async function sendStatusReport(statusReport: StatusReport): Promise<number> {
  const statusReportJSON = JSON.stringify(statusReport);

  core.debug('Sending status report: ' + statusReportJSON);

-  const githubToken = core.getInput('token');
-  const ph: auth.BearerCredentialHandler = new auth.BearerCredentialHandler(githubToken);
-  const client = new http.HttpClient('Code Scanning : Status Report', [ph]);
-  const url = 'https://api.github.com/repos/' + process.env['GITHUB_REPOSITORY']
-    + '/code-scanning/analysis/status';
-  const res: http.HttpClientResponse = await client.put(url, statusReportJSON);
-
-  return res.message?.statusCode;
+  const nwo = getRequiredEnvParam("GITHUB_REPOSITORY");
+  const [owner, repo] = nwo.split("/");
+  const statusResponse = await api.client.request('PUT /repos/:owner/:repo/code-scanning/analysis/status', {
+    owner: owner,
+    repo: repo,
+    data: statusReportJSON,
+  });
+  return statusResponse.status;
 }

 /**