Merge branch 'main' into update-supported-enterprise-server-versions
This commit is contained in:
Henry Mercer
GitHub
commit
ab408a875b
232 changed files with 4660 additions and 1821 deletions
5
lib/environment.js
generated
5
lib/environment.js
generated
|
|
@ -43,6 +43,11 @@ var EnvVar;
|
|||
EnvVar["HAS_WARNED_ABOUT_DISK_SPACE"] = "CODEQL_ACTION_HAS_WARNED_ABOUT_DISK_SPACE";
|
||||
/** Whether the init action has been run. */
|
||||
EnvVar["INIT_ACTION_HAS_RUN"] = "CODEQL_ACTION_INIT_HAS_RUN";
|
||||
/**
|
||||
* For MacOS. Result of `csrutil status` to determine whether System Integrity
|
||||
* Protection is enabled.
|
||||
*/
|
||||
EnvVar["IS_SIP_ENABLED"] = "CODEQL_ACTION_IS_SIP_ENABLED";
|
||||
/** UUID representing the current job run. */
|
||||
EnvVar["JOB_RUN_UUID"] = "JOB_RUN_UUID";
|
||||
/** Status for the entire job, submitted to the status report in `init-post` */
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
{"version":3,"file":"environment.js","sourceRoot":"","sources":["../src/environment.ts"],"names":[],"mappings":";;;AAAA;;;;;GAKG;AACH,IAAY,MAqFX;AArFD,WAAY,MAAM;IAChB,2DAA2D;IAC3D,+FAAqF,CAAA;IAErF,6DAA6D;IAC7D,mGAAyF,CAAA;IAEzF;;;OAGG;IACH,4CAAkC,CAAA;IAElC,gEAAgE;IAChE,qEAA2D,CAAA;IAE3D;;;OAGG;IACH,yFAA+E,CAAA;IAE/E;;;OAGG;IACH,yEAA+D,CAAA;IAE/D,gFAAgF;IAChF,6DAAmD,CAAA;IAEnD;;;OAGG;IACH,uEAA6D,CAAA;IAE7D,gEAAgE;IAChE,mEAAyD,CAAA;IAEzD,kFAAkF;IAClF,mFAAyE,CAAA;IAEzE,4CAA4C;IAC5C,4DAAkD,CAAA;IAElD,6CAA6C;IAC7C,uCAA6B,CAAA;IAE7B,+EAA+E;IAC/E,iDAAuC,CAAA;IAEvC,mEAAyD,CAAA;IAEzD;;;OAGG;IACH,2FAAiF,CAAA;IAEjF,mFAAmF;IACnF,6FAAmF,CAAA;IAEnF,qFAAqF;IACrF,+CAAqC,CAAA;IAErC,mEAAyD,CAAA;IAEzD,kEAAkE;IAClE,2CAAiC,CAAA;IAEjC;;;;;;OAMG;IACH,4DAAkD,CAAA;IAElD;;;OAGG;IACH,wDAA8C,CAAA;AAChD,CAAC,EArFW,MAAM,sBAAN,MAAM,QAqFjB"}
|
||||
{"version":3,"file":"environment.js","sourceRoot":"","sources":["../src/environment.ts"],"names":[],"mappings":";;;AAAA;;;;;GAKG;AACH,IAAY,MA2FX;AA3FD,WAAY,MAAM;IAChB,2DAA2D;IAC3D,+FAAqF,CAAA;IAErF,6DAA6D;IAC7D,mGAAyF,CAAA;IAEzF;;;OAGG;IACH,4CAAkC,CAAA;IAElC,gEAAgE;IAChE,qEAA2D,CAAA;IAE3D;;;OAGG;IACH,yFAA+E,CAAA;IAE/E;;;OAGG;IACH,yEAA+D,CAAA;IAE/D,gFAAgF;IAChF,6DAAmD,CAAA;IAEnD;;;OAGG;IACH,uEAA6D,CAAA;IAE7D,gEAAgE;IAChE,mEAAyD,CAAA;IAEzD,kFAAkF;IAClF,mFAAyE,CAAA;IAEzE,4CAA4C;IAC5C,4DAAkD,CAAA;IAElD;;;OAGG;IACH,yDAA+C,CAAA;IAE/C,6CAA6C;IAC7C,uCAA6B,CAAA;IAE7B,+EAA+E;IAC/E,iDAAuC,CAAA;IAEvC,mEAAyD,CAAA;IAEzD;;;OAGG;IACH,2FAAiF,CAAA;IAEjF,mFAAmF;IACnF,6FAAmF,CAAA;IAEnF,qFAAqF;IACrF,+CAAqC,CAAA;IAErC,mEAAyD,CAAA;IAEzD,kEAAkE;IAClE,2CAAiC,CAAA;IAEjC;;;;;;OAMG;IACH,4DAAkD,CAAA;IAElD;;;OAGG;IACH,wDAA8C,CAAA;AAChD,CAAC,EA3FW,MAAM,sBAAN,MAAM,QA2FjB"}
|
||||
13
lib/init-action.js
generated
13
lib/init-action.js
generated
|
|
@ -44,7 +44,7 @@ const tools_features_1 = require("./tools-features");
|
|||
const trap_caching_1 = require("./trap-caching");
|
||||
const util_1 = require("./util");
|
||||
const workflow_1 = require("./workflow");
|
||||
async function sendCompletedStatusReport(startedAt, config, toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger, error) {
|
||||
async function sendCompletedStatusReport(startedAt, config, configFile, toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger, error) {
|
||||
const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Init, (0, status_report_1.getActionsStatus)(error), startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger, error?.message, error?.stack);
|
||||
if (statusReportBase === undefined) {
|
||||
return;
|
||||
|
|
@ -104,6 +104,7 @@ async function sendCompletedStatusReport(startedAt, config, toolsDownloadStatusR
|
|||
// Append fields that are dependent on `config`
|
||||
const initWithConfigStatusReport = {
|
||||
...initStatusReport,
|
||||
config_file: configFile ?? "",
|
||||
disable_default_queries: disableDefaultQueries,
|
||||
paths,
|
||||
paths_ignore: pathsIgnore,
|
||||
|
|
@ -149,6 +150,7 @@ async function run() {
|
|||
logger.info(`Job run UUID is ${jobRunUuid}.`);
|
||||
core.exportVariable(environment_1.EnvVar.JOB_RUN_UUID, jobRunUuid);
|
||||
core.exportVariable(environment_1.EnvVar.INIT_ACTION_HAS_RUN, "true");
|
||||
const configFile = (0, actions_util_1.getOptionalInput)("config-file");
|
||||
try {
|
||||
const statusReportBase = await (0, status_report_1.createStatusReportBase)(status_report_1.ActionName.Init, "starting", startedAt, config, await (0, util_1.checkDiskUsage)(logger), logger);
|
||||
if (statusReportBase !== undefined) {
|
||||
|
|
@ -171,7 +173,7 @@ async function run() {
|
|||
queriesInput: (0, actions_util_1.getOptionalInput)("queries"),
|
||||
packsInput: (0, actions_util_1.getOptionalInput)("packs"),
|
||||
buildModeInput: (0, actions_util_1.getOptionalInput)("build-mode"),
|
||||
configFile: (0, actions_util_1.getOptionalInput)("config-file"),
|
||||
configFile,
|
||||
dbLocation: (0, actions_util_1.getOptionalInput)("db-location"),
|
||||
configInput: (0, actions_util_1.getOptionalInput)("config"),
|
||||
trapCachingEnabled: getTrapCachingEnabled(),
|
||||
|
|
@ -329,7 +331,7 @@ async function run() {
|
|||
if (!(await (0, util_1.codeQlVersionAtLeast)(codeql, "2.15.1")) &&
|
||||
process.platform === "darwin" &&
|
||||
(process.arch === "arm" || process.arch === "arm64") &&
|
||||
!(await (0, util_1.isSipEnabled)(logger))) {
|
||||
!(await (0, util_1.checkSipEnablement)(logger))) {
|
||||
logger.warning("CodeQL versions 2.15.0 and lower are not supported on MacOS ARM machines with System Integrity Protection (SIP) disabled.");
|
||||
}
|
||||
// From 2.16.0 the default for the python extractor is to not perform any
|
||||
|
|
@ -368,13 +370,14 @@ async function run() {
|
|||
catch (unwrappedError) {
|
||||
const error = (0, util_1.wrapError)(unwrappedError);
|
||||
core.setFailed(error.message);
|
||||
await sendCompletedStatusReport(startedAt, config, toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger, error);
|
||||
await sendCompletedStatusReport(startedAt, config, undefined, // We only report config info on success.
|
||||
toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger, error);
|
||||
return;
|
||||
}
|
||||
finally {
|
||||
(0, diagnostics_1.logUnwrittenDiagnostics)();
|
||||
}
|
||||
await sendCompletedStatusReport(startedAt, config, toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger);
|
||||
await sendCompletedStatusReport(startedAt, config, configFile, toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger);
|
||||
}
|
||||
function getTrapCachingEnabled() {
|
||||
// If the workflow specified something always respect that
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
18
lib/util.js
generated
18
lib/util.js
generated
|
|
@ -67,7 +67,7 @@ exports.prettyPrintPack = prettyPrintPack;
|
|||
exports.checkDiskUsage = checkDiskUsage;
|
||||
exports.checkActionVersion = checkActionVersion;
|
||||
exports.cloneObject = cloneObject;
|
||||
exports.isSipEnabled = isSipEnabled;
|
||||
exports.checkSipEnablement = checkSipEnablement;
|
||||
const fs = __importStar(require("fs"));
|
||||
const os = __importStar(require("os"));
|
||||
const path = __importStar(require("path"));
|
||||
|
|
@ -795,7 +795,7 @@ async function checkDiskUsage(logger) {
|
|||
// We avoid running the `df` binary under the hood for macOS ARM runners with SIP disabled.
|
||||
if (process.platform === "darwin" &&
|
||||
(process.arch === "arm" || process.arch === "arm64") &&
|
||||
!(await isSipEnabled(logger))) {
|
||||
!(await checkSipEnablement(logger))) {
|
||||
return undefined;
|
||||
}
|
||||
const diskUsage = await (0, check_disk_space_1.default)(getRequiredEnvParam("GITHUB_WORKSPACE"));
|
||||
|
|
@ -868,16 +868,24 @@ var BuildMode;
|
|||
function cloneObject(obj) {
|
||||
return JSON.parse(JSON.stringify(obj));
|
||||
}
|
||||
// For MacOS runners: runs `csrutil status` to determine whether System
|
||||
// Integrity Protection is enabled.
|
||||
async function isSipEnabled(logger) {
|
||||
// The first time this function is called, it runs `csrutil status` to determine
|
||||
// whether System Integrity Protection is enabled; and saves the result in an
|
||||
// environment variable. Afterwards, simply return the value of the environment
|
||||
// variable.
|
||||
async function checkSipEnablement(logger) {
|
||||
if (process.env[environment_1.EnvVar.IS_SIP_ENABLED] !== undefined &&
|
||||
["true", "false"].includes(process.env[environment_1.EnvVar.IS_SIP_ENABLED])) {
|
||||
return process.env[environment_1.EnvVar.IS_SIP_ENABLED] === "true";
|
||||
}
|
||||
try {
|
||||
const sipStatusOutput = await exec.getExecOutput("csrutil status");
|
||||
if (sipStatusOutput.exitCode === 0) {
|
||||
if (sipStatusOutput.stdout.includes("System Integrity Protection status: enabled.")) {
|
||||
core.exportVariable(environment_1.EnvVar.IS_SIP_ENABLED, "true");
|
||||
return true;
|
||||
}
|
||||
if (sipStatusOutput.stdout.includes("System Integrity Protection status: disabled.")) {
|
||||
core.exportVariable(environment_1.EnvVar.IS_SIP_ENABLED, "false");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
Loading…
Add table
Add a link
Reference in a new issue