robojerk/codeql-action

Use the checkout_path for getting the commit oid

Browse source 
This commit also adds a new integration check to verify this.

When running in test mode, payloads will not be uploaded. Instead, they
will be saved to disk so that they can be inspected later.
This commit is contained in:
Andrew Eisenberg 2022-02-28 11:56:11 -08:00
parent 117a67b074
commit a92e8775d8
9 changed files with 284 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

20
src/actions-util.ts
View file

@ -60,7 +60,10 @@ export function getToolCacheDirectory(): string {
/**
* Gets the SHA of the commit that is currently checked out.
*/
export const getCommitOid = async function (ref = "HEAD"): Promise<string> {
export const getCommitOid = async function (
checkoutPath: string,
ref = "HEAD"
): Promise<string> {
// Try to use git to get the current commit SHA. If that fails then
// log but otherwise silently fall back to using the SHA from the environment.
// The only time these two values will differ is during analysis of a PR when
@ -83,6 +86,7 @@ export const getCommitOid = async function (ref = "HEAD"): Promise<string> {
process.stderr.write(data);
},
},
cwd: checkoutPath,
}
).exec();
return commitOid.trim();
@ -107,6 +111,7 @@ export const determineMergeBaseCommitOid = async function (): Promise<
}
const mergeSha = getRequiredEnvParam("GITHUB_SHA");
const checkoutPath = getRequiredInput("checkout_path");
try {
let commitOid = "";
@ -134,6 +139,7 @@ export const determineMergeBaseCommitOid = async function (): Promise<
process.stderr.write(data);
},
},
cwd: checkoutPath,
}
).exec();
@ -498,6 +504,10 @@ export async function getRef(): Promise<string> {
// or in the form "refs/pull/N/merge" on a pull_request event
const refInput = getOptionalInput("ref");
const shaInput = getOptionalInput("sha");
const checkoutPath =
getOptionalInput("checkout_path") ||
getOptionalInput("source-root") ||
getRequiredEnvParam("GITHUB_WORKSPACE");
const hasRefInput = !!refInput;
const hasShaInput = !!shaInput;
@ -526,7 +536,7 @@ export async function getRef(): Promise<string> {
return ref;
}
const head = await getCommitOid("HEAD");
const head = await getCommitOid(checkoutPath, "HEAD");
// in actions/checkout@v2 we can check if git rev-parse HEAD == GITHUB_SHA
// in actions/checkout@v1 this may not be true as it checks out the repository
@ -535,8 +545,10 @@ export async function getRef(): Promise<string> {
// git git-parse GITHUB_REF == git rev-parse HEAD instead.
const hasChangedRef =
sha !== head &&
(await getCommitOid(ref.replace(/^refs\/pull\//, "refs/remotes/pull/"))) !==
head;
(await getCommitOid(
checkoutPath,
ref.replace(/^refs\/pull\//, "refs/remotes/pull/")
)) !== head;
if (hasChangedRef) {
const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head");

14
src/upload-lib.ts
View file

@ -100,7 +100,15 @@ async function uploadPayload(
// If in test mode we don't want to upload the results
const testMode = process.env["TEST_MODE"] === "true" || false;
if (testMode) {
logger.debug("In test mode. Results are not uploaded.");
const payloadSaveFile = path.join(
actionsUtil.getTemporaryDirectory(),
"payload.json"
);
logger.info(
`In test mode. Results are not uploaded. Saving to ${payloadSaveFile}`
);
logger.info(`Payload: ${JSON.stringify(payload, null, 2)}`);
fs.writeFileSync(payloadSaveFile, JSON.stringify(payload, null, 2));
return;
}
@ -165,7 +173,9 @@ export async function uploadFromActions(
return await uploadFiles(
getSarifFilePaths(sarifPath),
parseRepositoryNwo(util.getRequiredEnvParam("GITHUB_REPOSITORY")),
await actionsUtil.getCommitOid(),
await actionsUtil.getCommitOid(
actionsUtil.getRequiredInput("checkout_path")
),
await actionsUtil.getRef(),
await actionsUtil.getAnalysisKey(),
actionsUtil.getOptionalInput("category"),