Allow pull requests, and report correct commit oid and ref

2020-05-07 14:28:46 +01:00 · 2020-05-07 14:28:46 +01:00 · da1e237d1e
commit da1e237d1e
parent 8b71cf3e5f
9 changed files with 97 additions and 36 deletions
--- a/src/upload-lib.ts
+++ b/src/upload-lib.ts
@ -136,7 +136,7 @@ async function uploadFiles(sarifFiles: string[]): Promise<boolean> {
        }
        core.exportVariable(sentinelEnvVar, sentinelEnvVar);

-        const commitOid = util.getRequiredEnvParam('GITHUB_SHA');
+        const commitOid = await util.getCommitOid();
        const workflowRunIDStr = util.getRequiredEnvParam('GITHUB_RUN_ID');
        const ref = util.getRef();
        const analysisKey = await util.getAnalysisKey();
--- a/src/util.ts
+++ b/src/util.ts
@ -1,4 +1,5 @@
 import * as core from '@actions/core';
+import * as exec from '@actions/exec';
 import * as http from '@actions/http-client';
 import * as auth from '@actions/http-client/auth';
 import * as octokit from '@octokit/rest';
@ -25,13 +26,6 @@ export function should_abort(actionName: string, requireInitActionHasRun: boolea
        return true;
    }

-    // Should abort if called on a merge commit for a pull request.
-    if (ref.startsWith('refs/pull/')) {
-        core.warning('The CodeQL ' + actionName + ' action is intended for workflows triggered on `push` events, '
-            + 'but the current workflow is running on a pull request. Aborting.');
-        return true;
-    }
-
    // If the init action is required, then check the it completed successfully.
    if (requireInitActionHasRun && process.env[sharedEnv.CODEQL_ACTION_INIT_COMPLETED] === undefined) {
        core.setFailed('The CodeQL ' + actionName + ' action cannot be used unless the CodeQL init action is run first. Aborting.');
@ -152,6 +146,21 @@ export async function getLanguages(): Promise<string[]> {
    return languages;
 }

+/**
+ * Gets the SHA of the commit that is currently checked out.
+ */
+export async function getCommitOid(): Promise<string> {
+    let commitOid = '';
+    await exec.exec('git', ['rev-parse', 'HEAD'], {
+        silent: true,
+        listeners: {
+            stdout: (data) => { commitOid += data.toString(); },
+            stderr: (data) => { process.stderr.write(data); }
+        }
+    });
+    return commitOid.trim();
+}
+
 /**
 * Get the path of the currently executing workflow.
 */
@ -204,8 +213,20 @@ export async function getAnalysisKey(): Promise<string> {
 * Get the ref currently being analyzed.
 */
 export function getRef(): string {
-    // it's in the form "refs/heads/master"
-    return getRequiredEnvParam('GITHUB_REF');
+    // Will be in the form "refs/heads/master" on a push event
+    // or in the form "refs/pull/N/merge" on a pull_request event
+    const ref = getRequiredEnvParam('GITHUB_REF');
+
+    // For pull request refs we want to convert from the 'merge' ref
+    // to the 'head' ref, as that is what we want to analyse.
+    // There should have been some code earlier in the workflow to do
+    // the checkout, but we have no way of verifying that here.
+    const pull_ref_regex = /refs\/pull\/(\d+)\/merge/;
+    if (pull_ref_regex.test(ref)) {
+        return ref.replace(pull_ref_regex, 'refs/pull/$1/head');
+    } else {
+        return ref;
+    }
 }

 interface StatusReport {