robojerk/codeql-action

Improve logging around authorization headers

Browse source
This commit is contained in:
Henry Mercer 2023-01-06 12:28:54 +00:00
parent 5eba74a3c9
commit b2b478264a
3 changed files with 12 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

10
lib/codeql.js generated
View file

@ -267,13 +267,15 @@ async function downloadCodeQL(codeqlURL, semanticVersion, apiDetails, tempDir, l
// from the same GitHub instance the Action is running on. // from the same GitHub instance the Action is running on.
// This avoids leaking Enterprise tokens to dotcom. // This avoids leaking Enterprise tokens to dotcom.
// We also don't want to send an authorization header if there's already a token provided in the URL. // We also don't want to send an authorization header if there's already a token provided in the URL.
if (codeqlURL.startsWith(`${apiDetails.url}/`) && if (searchParams.has("token")) {
!searchParams.has("token")) { logger.debug("CodeQL tools URL contains an authorization token.");
logger.debug("Downloading CodeQL bundle with token."); }
else if (codeqlURL.startsWith(`${apiDetails.url}/`)) {
logger.debug("Providing an authorization token to download CodeQL tools.");
headers.authorization = `token ${apiDetails.auth}`; headers.authorization = `token ${apiDetails.auth}`;
} }
else { else {
logger.debug("Downloading CodeQL bundle without token."); logger.debug("Downloading CodeQL tools without an authorization token.");
} }
logger.info(`Downloading CodeQL tools from ${codeqlURL}. This may take a while.`); logger.info(`Downloading CodeQL tools from ${codeqlURL}. This may take a while.`);
const dest = path.join(tempDir, (0, uuid_1.v4)()); const dest = path.join(tempDir, (0, uuid_1.v4)());

2
lib/codeql.js.map
View file

File diff suppressed because one or more lines are too long

11
src/codeql.ts
View file

@ -514,14 +514,13 @@ async function downloadCodeQL(
// from the same GitHub instance the Action is running on. // from the same GitHub instance the Action is running on.
// This avoids leaking Enterprise tokens to dotcom. // This avoids leaking Enterprise tokens to dotcom.
// We also don't want to send an authorization header if there's already a token provided in the URL. // We also don't want to send an authorization header if there's already a token provided in the URL.
if ( if (searchParams.has("token")) {
codeqlURL.startsWith(`${apiDetails.url}/`) && logger.debug("CodeQL tools URL contains an authorization token.");
!searchParams.has("token") } else if (codeqlURL.startsWith(`${apiDetails.url}/`)) {
) { logger.debug("Providing an authorization token to download CodeQL tools.");
logger.debug("Downloading CodeQL bundle with token.");
headers.authorization = `token ${apiDetails.auth}`; headers.authorization = `token ${apiDetails.auth}`;
} else { } else {
logger.debug("Downloading CodeQL bundle without token."); logger.debug("Downloading CodeQL tools without an authorization token.");
} }
logger.info( logger.info(
`Downloading CodeQL tools from ${codeqlURL}. This may take a while.` `Downloading CodeQL tools from ${codeqlURL}. This may take a while.`