Support rust analysis

This is supposed to enable rust analysis for the staff ship only.
2025-02-19 15:56:52 +01:00 · 2025-02-19 15:56:52 +01:00 · a7b17782a9
commit a7b17782a9
parent d99c7e8e5b
16 changed files with 186 additions and 13 deletions
--- a/.github/workflows/__packaging-codescanning-config-inputs-js.yml
+++ b/.github/workflows/__packaging-codescanning-config-inputs-js.yml
@ -79,8 +79,7 @@ jobs:
        uses: ./../action/.github/actions/check-sarif
        with:
          sarif-file: ${{ runner.temp }}/results/javascript.sarif
-          queries-run:
-            javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
+          queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
          queries-not-run: foo,bar

      - name: Assert Results
--- a/.github/workflows/__packaging-config-inputs-js.yml
+++ b/.github/workflows/__packaging-config-inputs-js.yml
@ -79,8 +79,7 @@ jobs:
        uses: ./../action/.github/actions/check-sarif
        with:
          sarif-file: ${{ runner.temp }}/results/javascript.sarif
-          queries-run:
-            javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
+          queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
          queries-not-run: foo,bar

      - name: Assert Results
--- a/.github/workflows/__packaging-config-js.yml
+++ b/.github/workflows/__packaging-config-js.yml
@ -78,8 +78,7 @@ jobs:
        uses: ./../action/.github/actions/check-sarif
        with:
          sarif-file: ${{ runner.temp }}/results/javascript.sarif
-          queries-run:
-            javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
+          queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
          queries-not-run: foo,bar

      - name: Assert Results
--- a/.github/workflows/__packaging-inputs-js.yml
+++ b/.github/workflows/__packaging-inputs-js.yml
@ -78,8 +78,7 @@ jobs:
        uses: ./../action/.github/actions/check-sarif
        with:
          sarif-file: ${{ runner.temp }}/results/javascript.sarif
-          queries-run:
-            javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
+          queries-run: javascript/example/empty-or-one-block,javascript/example/empty-or-one-block,javascript/example/other-query-block,javascript/example/two-block
          queries-not-run: foo,bar

      - name: Assert Results
--- a/.github/workflows/__resolve-environment-action.yml
+++ b/.github/workflows/__resolve-environment-action.yml
@ -83,8 +83,7 @@ jobs:
          language: javascript-typescript

      - name: Fail if JavaScript/TypeScript configuration present
-        if:
-          fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript
+        if: fromJSON(steps.resolve-environment-js.outputs.environment).configuration.javascript
        run: exit 1
    env:
      CODEQL_ACTION_TEST_MODE: true
--- a/.github/workflows/__rust.yml
+++ b/.github/workflows/__rust.yml
@ -0,0 +1,71 @@
+# Warning: This file is generated automatically, and should not be modified.
+# Instead, please modify the template in the pr-checks directory and run:
+#     (cd pr-checks; pip install ruamel.yaml@0.17.31 && python3 sync.py)
+# to regenerate this file.
+
+name: PR Check - Rust analysis
+env:
+  GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+  GO111MODULE: auto
+on:
+  push:
+    branches:
+      - main
+      - releases/v*
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - ready_for_review
+  schedule:
+    - cron: '0 5 * * *'
+  workflow_dispatch: {}
+jobs:
+  rust:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest
+            version: linked
+          - os: ubuntu-latest
+            version: default
+          - os: ubuntu-latest
+            version: nightly-latest
+    name: Rust analysis
+    permissions:
+      contents: read
+      security-events: read
+    timeout-minutes: 45
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+      - name: Prepare test
+        id: prepare-test
+        uses: ./.github/actions/prepare-test
+        with:
+          version: ${{ matrix.version }}
+          use-all-platform-bundle: 'false'
+          setup-kotlin: 'true'
+      - uses: ./../action/init
+        with:
+          languages: rust
+          tools: ${{ steps.prepare-test.outputs.tools-url }}
+        env:
+          CODEQL_ACTION_RUST_ANALYSIS: true
+      - uses: ./../action/analyze
+        id: analysis
+        with:
+          upload-database: false
+      - name: Check database
+        shell: bash
+        run: |
+          RUST_DB="${{ fromJson(steps.analysis.outputs.db-locations).rust }}"
+          if [[ ! -d "$RUST_DB" ]]; then
+            echo "Did not create a database for Rust."
+            exit 1
+          fi
+    env:
+      CODEQL_ACTION_TEST_MODE: true
--- a/lib/feature-flags.js
+++ b/lib/feature-flags.js
@ -68,6 +68,7 @@ var Feature;
    Feature["ExtractToToolcache"] = "extract_to_toolcache";
    Feature["PythonDefaultIsToNotExtractStdlib"] = "python_default_is_to_not_extract_stdlib";
    Feature["QaTelemetryEnabled"] = "qa_telemetry_enabled";
+    Feature["RustAnalysis"] = "rust_analysis";
    Feature["ZstdBundleStreamingExtraction"] = "zstd_bundle_streaming_extraction";
 })(Feature || (exports.Feature = Feature = {}));
 exports.featureConfig = {
@ -132,6 +133,11 @@ exports.featureConfig = {
        minimumVersion: undefined,
        toolsFeature: tools_features_1.ToolsFeature.PythonDefaultIsToNotExtractStdlib,
    },
+    [Feature.RustAnalysis]: {
+        defaultValue: false,
+        envVar: "CODEQL_ACTION_RUST_ANALYSIS",
+        minimumVersion: "2.19.3",
+    },
    [Feature.QaTelemetryEnabled]: {
        defaultValue: false,
        envVar: "CODEQL_ACTION_QA_TELEMETRY",
--- a/lib/feature-flags.js.map
+++ b/lib/feature-flags.js.map
--- a/lib/init-action.js
+++ b/lib/init-action.js
@ -345,6 +345,29 @@ async function run() {
            logger.info(`Setting C++ build-mode: none to ${value}`);
            core.exportVariable(bmnVar, value);
        }
+        // Set CODEQL_ENABLE_EXPERIMENTAL_FEATURES for rust
+        if (config.languages.includes(languages_1.Language.rust)) {
+            const feat = feature_flags_1.Feature.RustAnalysis;
+            const minVer = feature_flags_1.featureConfig[feat].minimumVersion;
+            if (!(await (0, util_1.codeQlVersionAtLeast)(codeql, minVer))) {
+                logger.error(`Experimental rust analysis requires CodeQL version ${minVer} or higher`);
+            }
+            else {
+                const envVar = feature_flags_1.featureConfig[feat].envVar;
+                const expVar = "CODEQL_ENABLE_EXPERIMENTAL_FEATURES";
+                if (process.env[envVar] === "true" ||
+                    (await features.getValue(feat, codeql))) {
+                    core.exportVariable(expVar, "true");
+                }
+                if (process.env[expVar] === "true") {
+                    logger.info("Experimental rust analysis enabled");
+                }
+                else {
+                    logger.error("Experimental rust analysis requested but not enabled. " +
+                        "You must set the CODEQL_ENABLE_EXPERIMENTAL_FEATURES environment variable to true");
+                }
+            }
+        }
        // Restore dependency cache(s), if they exist.
        if ((0, caching_utils_1.shouldRestoreCache)(config.dependencyCachingEnabled)) {
            await (0, dependency_caching_1.downloadDependencyCaches)(config.languages, logger);
--- a/lib/init-action.js.map
+++ b/lib/init-action.js.map
--- a/pr-checks/checks/rust.yml
+++ b/pr-checks/checks/rust.yml
@ -0,0 +1,23 @@
+name: "Rust analysis"
+description: "Tests creation of a Rust database"
+versions: ["linked", "default", "nightly-latest"]
+operatingSystems: ["ubuntu"]
+steps:
+  - uses: ./../action/init
+    with:
+      languages: rust
+      tools: ${{ steps.prepare-test.outputs.tools-url }}
+    env:
+      CODEQL_ACTION_RUST_ANALYSIS: true
+  - uses: ./../action/analyze
+    id: analysis
+    with:
+      upload-database: false
+  - name: Check database
+    shell: bash
+    run: |
+      RUST_DB="${{ fromJson(steps.analysis.outputs.db-locations).rust }}"
+      if [[ ! -d "$RUST_DB" ]]; then
+        echo "Did not create a database for Rust."
+        exit 1
+      fi
--- a/src/feature-flags.ts
+++ b/src/feature-flags.ts
@ -53,6 +53,7 @@ export enum Feature {
  ExtractToToolcache = "extract_to_toolcache",
  PythonDefaultIsToNotExtractStdlib = "python_default_is_to_not_extract_stdlib",
  QaTelemetryEnabled = "qa_telemetry_enabled",
+  RustAnalysis = "rust_analysis",
  ZstdBundleStreamingExtraction = "zstd_bundle_streaming_extraction",
 }

@ -148,6 +149,11 @@ export const featureConfig: Record<
    minimumVersion: undefined,
    toolsFeature: ToolsFeature.PythonDefaultIsToNotExtractStdlib,
  },
+  [Feature.RustAnalysis]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_RUST_ANALYSIS",
+    minimumVersion: "2.19.3",
+  },
  [Feature.QaTelemetryEnabled]: {
    defaultValue: false,
    envVar: "CODEQL_ACTION_QA_TELEMETRY",
--- a/src/init-action.ts
+++ b/src/init-action.ts
@ -30,7 +30,7 @@ import {
  makeDiagnostic,
 } from "./diagnostics";
 import { EnvVar } from "./environment";
-import { Feature, Features } from "./feature-flags";
+import { Feature, featureConfig, Features } from "./feature-flags";
 import {
  checkInstallPython311,
  cleanupDatabaseClusterDirectory,
@ -576,6 +576,34 @@ async function run() {
      core.exportVariable(bmnVar, value);
    }

+    // Set CODEQL_ENABLE_EXPERIMENTAL_FEATURES for rust
+    if (config.languages.includes(Language.rust)) {
+      const feat = Feature.RustAnalysis;
+      const minVer = featureConfig[feat].minimumVersion as string;
+      if (!(await codeQlVersionAtLeast(codeql, minVer))) {
+        logger.error(
+          `Experimental rust analysis requires CodeQL version ${minVer} or higher`,
+        );
+      } else {
+        const envVar = featureConfig[feat].envVar;
+        const expVar = "CODEQL_ENABLE_EXPERIMENTAL_FEATURES";
+        if (
+          process.env[envVar] === "true" ||
+          (await features.getValue(feat, codeql))
+        ) {
+          core.exportVariable(expVar, "true");
+        }
+        if (process.env[expVar] === "true") {
+          logger.info("Experimental rust analysis enabled");
+        } else {
+          logger.error(
+            "Experimental rust analysis requested but not enabled. " +
+              "You must set the CODEQL_ENABLE_EXPERIMENTAL_FEATURES environment variable to true",
+          );
+        }
+      }
+    }
+
    // Restore dependency cache(s), if they exist.
    if (shouldRestoreCache(config.dependencyCachingEnabled)) {
      await downloadDependencyCaches(config.languages, logger);
--- a/tests/multi-language-repo/Cargo.lock
+++ b/tests/multi-language-repo/Cargo.lock
@ -0,0 +1,7 @@
+# This file is automatically @generated by Cargo.
+# It is not intended for manual editing.
+version = 4
+
+[[package]]
+name = "test"
+version = "0.0.1"
--- a/tests/multi-language-repo/Cargo.toml
+++ b/tests/multi-language-repo/Cargo.toml
@ -0,0 +1,8 @@
+[package]
+name = "test"
+version = "0.0.1"
+edition = "2021"
+[[bin]]
+name = "main"
+path = "main.rs"
+
--- a/tests/multi-language-repo/main.rs
+++ b/tests/multi-language-repo/main.rs
@ -0,0 +1,6 @@
+fn main() {
+  if true {
+    println!("Hello world!")
+  }
+}
+