Use version information to construct payload

lib/upload-lib.js

@@ -66,7 +66,7 @@ async function uploadPayload(payload, repositoryNwo, apiDetails, mode, logger) {
 // Uploads a single sarif file or a directory of sarif files
 // depending on what the path happens to refer to.
 // Returns true iff the upload occurred and succeeded
-async function upload(sarifPath, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, ghesVersion, apiDetails, mode, logger) {
+async function upload(sarifPath, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, gitHubVersion, apiDetails, mode, logger) {
     const sarifFiles = [];
     if (!fs.existsSync(sarifPath)) {
         throw new Error(`Path does not exist: ${sarifPath}`);
@@ -86,7 +86,7 @@ async function upload(sarifPath, repositoryNwo, commitOid, ref, analysisKey, ana
     else {
         sarifFiles.push(sarifPath);
     }
-    return await uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, ghesVersion, apiDetails, mode, logger);
+    return await uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, gitHubVersion, apiDetails, mode, logger);
 }
 exports.upload = upload;
 // Counts the number of results in the given SARIF file
@@ -118,9 +118,50 @@ function validateSarifFileSchema(sarifFilePath, logger) {
     }
 }
 exports.validateSarifFileSchema = validateSarifFileSchema;
+// buildPayload constructs a map ready to be uploaded to the API from the given
+// parameters, respecting the current mode and target GitHub instance version.
+function buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, workflowRunID, checkoutURI, environment, toolNames, gitHubVersion, mode) {
+    if (mode === "actions") {
+        const payloadObj = {
+            commit_oid: commitOid,
+            ref,
+            analysis_key: analysisKey,
+            analysis_name: analysisName,
+            sarif: zippedSarif,
+            workflow_run_id: workflowRunID,
+            checkout_uri: checkoutURI,
+            environment,
+            started_at: process.env[sharedEnv.CODEQL_WORKFLOW_STARTED_AT],
+            tool_names: toolNames,
+            base_ref: undefined,
+            base_sha: undefined,
+        };
+        // This behaviour can be made the default when support for GHES 3.0 is discontinued.
+        if (gitHubVersion.type === "dotcom" ||
+            semver.satisfies(gitHubVersion.version, `>=3.1`)) {
+            if (process.env.GITHUB_EVENT_NAME === "pull_request" &&
+                process.env.GITHUB_EVENT_PATH) {
+                const githubEvent = JSON.parse(fs.readFileSync(process.env.GITHUB_EVENT_PATH, "utf8"));
+                payloadObj.base_ref = githubEvent.pull_request.base.ref;
+                payloadObj.base_sha = githubEvent.pull_request.base.sha;
+            }
+        }
+        return payloadObj;
+    }
+    else {
+        return {
+            commit_sha: commitOid,
+            ref,
+            sarif: zippedSarif,
+            checkout_uri: checkoutURI,
+            tool_name: toolNames[0],
+        };
+    }
+}
+exports.buildPayload = buildPayload;
 // Uploads the given set of sarif files.
 // Returns true iff the upload occurred and succeeded
-async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, ghesVersion, apiDetails, mode, logger) {
+async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, gitHubVersion, apiDetails, mode, logger) {
     logger.info(`Uploading sarif files: ${JSON.stringify(sarifFiles)}`);
     if (mode === "actions") {
         // This check only works on actions as env vars don't persist between calls to the runner
@@ -136,41 +177,14 @@ async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKe
     }
     let sarifPayload = combineSarifFiles(sarifFiles);
     sarifPayload = fingerprints.addFingerprints(sarifPayload, checkoutPath, logger);
-    const zipped_sarif = zlib_1.default.gzipSync(sarifPayload).toString("base64");
+    const zippedSarif = zlib_1.default.gzipSync(sarifPayload).toString("base64");
     const checkoutURI = file_url_1.default(checkoutPath);
     const toolNames = util.getToolNames(sarifPayload);
-    let payload;
-    if (mode === "actions") {
-        const payloadObj = {
-            commit_oid: commitOid,
-            ref,
-            analysis_key: analysisKey,
-            analysis_name: analysisName,
-            sarif: zipped_sarif,
-            workflow_run_id: workflowRunID,
-            checkout_uri: checkoutURI,
-            environment,
-            started_at: process.env[sharedEnv.CODEQL_WORKFLOW_STARTED_AT],
-            tool_names: toolNames,
-        };
-        if (ghesVersion.type !== "ghes" || semver.satisfies(ghesVersion.version, `>=3.0`)) {
-            // add base_ref / base_sha
-        }
-        payload = JSON.stringify(payloadObj);
-    }
-    else {
-        payload = JSON.stringify({
-            commit_sha: commitOid,
-            ref,
-            sarif: zipped_sarif,
-            checkout_uri: checkoutURI,
-            tool_name: toolNames[0],
-        });
-    }
+    const payload = buildPayload(commitOid, ref, analysisKey, analysisName, zippedSarif, workflowRunID, checkoutURI, environment, toolNames, gitHubVersion, mode);
     // Log some useful debug info about the info
     const rawUploadSizeBytes = sarifPayload.length;
     logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`);
-    const zippedUploadSizeBytes = zipped_sarif.length;
+    const zippedUploadSizeBytes = zippedSarif.length;
     logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`);
     const numResultInSarif = countResultsInSarif(sarifPayload);
     logger.debug(`Number of results in upload: ${numResultInSarif}`);