robojerk/codeql-action

When downloading the CodeQL bundle, only use the GitHub AE endpoint on GitHub AE, and check it first.

Browse source
This commit is contained in:
Chris Gavin 2021-03-07 09:27:19 +00:00
parent bde489c632
commit bb51ece0b4
No known key found for this signature in database
GPG key ID: 07F950B80C27E4DA
15 changed files with 191 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

49
lib/codeql.js generated
View file

@ -69,7 +69,7 @@ function getCodeQLActionRepository(mode, logger) {
const relativeScriptPathParts = actions_util_1.getRelativeScriptPath().split(path.sep);
return `${relativeScriptPathParts[0]}/${relativeScriptPathParts[1]}`;
}
async function getCodeQLBundleDownloadURL(apiDetails, mode, logger) {
async function getCodeQLBundleDownloadURL(apiDetails, mode, variant, logger) {
const codeQLActionRepository = getCodeQLActionRepository(mode, logger);
const potentialDownloadSources = [
// This GitHub instance, and this Action.
@ -85,6 +85,30 @@ async function getCodeQLBundleDownloadURL(apiDetails, mode, logger) {
return !self.slice(0, index).some((other) => fast_deep_equal_1.default(source, other));
});
const codeQLBundleName = getCodeQLBundleName();
if (variant === util.GitHubVariant.GHAE) {
try {
const release = await api
.getApiClient(apiDetails)
.request("GET /enterprise/code-scanning/codeql-bundle/find/{tag}", {
tag: CODEQL_BUNDLE_VERSION,
});
const assetID = release.data.assets[codeQLBundleName];
if (assetID !== undefined) {
const download = await api
.getApiClient(apiDetails)
.request("GET /enterprise/code-scanning/codeql-bundle/download/{asset_id}", { asset_id: assetID });
const downloadURL = download.data.url;
logger.info(`Found CodeQL bundle at GitHub AE endpoint with URL ${downloadURL}.`);
return downloadURL;
}
else {
logger.info(`Attempted to fetch bundle from GitHub AE endpoint but the bundle ${codeQLBundleName} was not found in the assets ${JSON.stringify(release.data.assets)}.`);
}
}
catch (e) {
logger.info(`Attempted to fetch bundle from GitHub AE endpoint but got error ${e}.`);
}
}
for (const downloadSource of uniqueDownloadSources) {
const [apiURL, repository] = downloadSource;
// If we've reached the final case, short-circuit the API check since we know the bundle exists and is public.
@ -110,25 +134,6 @@ async function getCodeQLBundleDownloadURL(apiDetails, mode, logger) {
logger.info(`Looked for CodeQL bundle in ${downloadSource[1]} on ${downloadSource[0]} but got error ${e}.`);
}
}
try {
const release = await api
.getApiClient(apiDetails)
.request("GET /enterprise/code-scanning/codeql-bundle/find/{tag}", {
tag: CODEQL_BUNDLE_VERSION,
});
const assetID = release.data.assets[codeQLBundleName];
if (assetID !== undefined) {
const download = await api
.getApiClient(apiDetails)
.request("GET /enterprise/code-scanning/codeql-bundle/download/{asset_id}", { asset_id: assetID });
const downloadURL = download.data.url;
logger.info(`Found CodeQL bundle at GitHub AE endpoint with URL ${downloadURL}.`);
return downloadURL;
}
}
catch (e) {
logger.info(`Attempted to fetch bundle from GitHub AE endpoint but got error ${e}.`);
}
return `https://github.com/${CODEQL_DEFAULT_ACTION_REPOSITORY}/releases/download/${CODEQL_BUNDLE_VERSION}/${codeQLBundleName}`;
}
// We have to download CodeQL manually because the toolcache doesn't support Accept headers.
@ -146,7 +151,7 @@ async function toolcacheDownloadTool(url, headers, tempDir, logger) {
await pipeline(response.message, fs.createWriteStream(dest));
return dest;
}
async function setupCodeQL(codeqlURL, apiDetails, tempDir, toolsDir, mode, logger) {
async function setupCodeQL(codeqlURL, apiDetails, tempDir, toolsDir, mode, variant, logger) {
// Setting these two env vars makes the toolcache code safe to use outside,
// of actions but this is obviously not a great thing we're doing and it would
// be better to write our own implementation to use outside of actions.
@ -181,7 +186,7 @@ async function setupCodeQL(codeqlURL, apiDetails, tempDir, toolsDir, mode, logge
}
else {
if (!codeqlURL) {
codeqlURL = await getCodeQLBundleDownloadURL(apiDetails, mode, logger);
codeqlURL = await getCodeQLBundleDownloadURL(apiDetails, mode, variant, logger);
}
const parsedCodeQLURL = new URL(codeqlURL);
const parsedQueryString = query_string_1.default.parse(parsedCodeQLURL.search);