robojerk/codeql-action

Merge pull request #1516 from aibaars/auth-parameter

Browse source 
Supply authorization parameter to toolcache.downloadTool()
This commit is contained in:
Arthur Baars 2023-02-03 20:02:59 +01:00 committed by GitHub
commit b95df0b2e7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 7 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

5
lib/setup-codeql.js generated
View file

@ -411,12 +411,13 @@ async function downloadCodeQL(codeqlURL, maybeCliVersion, apiDetails, variant, t
// from the same GitHub instance the Action is running on. // from the same GitHub instance the Action is running on.
// This avoids leaking Enterprise tokens to dotcom. // This avoids leaking Enterprise tokens to dotcom.
// We also don't want to send an authorization header if there's already a token provided in the URL. // We also don't want to send an authorization header if there's already a token provided in the URL.
let authorization = undefined;
if (searchParams.has("token")) { if (searchParams.has("token")) {
logger.debug("CodeQL tools URL contains an authorization token."); logger.debug("CodeQL tools URL contains an authorization token.");
} }
else if (codeqlURL.startsWith(`${apiDetails.url}/`)) { else if (codeqlURL.startsWith(`${apiDetails.url}/`)) {
logger.debug("Providing an authorization token to download CodeQL tools."); logger.debug("Providing an authorization token to download CodeQL tools.");
headers.authorization = `token ${apiDetails.auth}`; authorization = `token ${apiDetails.auth}`;
} }
else { else {
logger.debug("Downloading CodeQL tools without an authorization token."); logger.debug("Downloading CodeQL tools without an authorization token.");
@ -425,7 +426,7 @@ async function downloadCodeQL(codeqlURL, maybeCliVersion, apiDetails, variant, t
const dest = path.join(tempDir, (0, uuid_1.v4)()); const dest = path.join(tempDir, (0, uuid_1.v4)());
const finalHeaders = Object.assign({ "User-Agent": "CodeQL Action" }, headers); const finalHeaders = Object.assign({ "User-Agent": "CodeQL Action" }, headers);
const toolsDownloadStart = perf_hooks_1.performance.now(); const toolsDownloadStart = perf_hooks_1.performance.now();
const codeqlPath = await toolcache.downloadTool(codeqlURL, dest, undefined, finalHeaders); const codeqlPath = await toolcache.downloadTool(codeqlURL, dest, authorization, finalHeaders);
const toolsDownloadDurationMs = Math.round(perf_hooks_1.performance.now() - toolsDownloadStart); const toolsDownloadDurationMs = Math.round(perf_hooks_1.performance.now() - toolsDownloadStart);
logger.debug(`CodeQL bundle download to ${codeqlPath} complete.`); logger.debug(`CodeQL bundle download to ${codeqlPath} complete.`);
const codeqlExtracted = await toolcache.extractTar(codeqlPath); const codeqlExtracted = await toolcache.extractTar(codeqlPath);

2
lib/setup-codeql.js.map
View file

File diff suppressed because one or more lines are too long

5
src/setup-codeql.ts
View file

@ -543,11 +543,12 @@ export async function downloadCodeQL(
// from the same GitHub instance the Action is running on. // from the same GitHub instance the Action is running on.
// This avoids leaking Enterprise tokens to dotcom. // This avoids leaking Enterprise tokens to dotcom.
// We also don't want to send an authorization header if there's already a token provided in the URL. // We also don't want to send an authorization header if there's already a token provided in the URL.
let authorization: string | undefined = undefined;
if (searchParams.has("token")) { if (searchParams.has("token")) {
logger.debug("CodeQL tools URL contains an authorization token."); logger.debug("CodeQL tools URL contains an authorization token.");
} else if (codeqlURL.startsWith(`${apiDetails.url}/`)) { } else if (codeqlURL.startsWith(`${apiDetails.url}/`)) {
logger.debug("Providing an authorization token to download CodeQL tools."); logger.debug("Providing an authorization token to download CodeQL tools.");
headers.authorization = `token ${apiDetails.auth}`; authorization = `token ${apiDetails.auth}`;
} else { } else {
logger.debug("Downloading CodeQL tools without an authorization token."); logger.debug("Downloading CodeQL tools without an authorization token.");
} }
@ -565,7 +566,7 @@ export async function downloadCodeQL(
const codeqlPath = await toolcache.downloadTool( const codeqlPath = await toolcache.downloadTool(
codeqlURL, codeqlURL,
dest, dest,
undefined, authorization,
finalHeaders finalHeaders
); );
const toolsDownloadDurationMs = Math.round( const toolsDownloadDurationMs = Math.round(