Merge pull request #1565 from github/henrymercer/diagnostics-code-scanning-config
Export configuration information to SARIF
This commit is contained in:
Henry Mercer
GitHub
commit
ec298233c1
32 changed files with 482 additions and 222 deletions
90
.github/workflows/__config-export.yml
generated
vendored
Normal file
90
.github/workflows/__config-export.yml
generated
vendored
Normal file
|
|
@ -0,0 +1,90 @@
|
|||
# Warning: This file is generated automatically, and should not be modified.
|
||||
# Instead, please modify the template in the pr-checks directory and run:
|
||||
# pip install ruamel.yaml && python3 sync.py
|
||||
# to regenerate this file.
|
||||
|
||||
name: PR Check - Config export
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
GO111MODULE: auto
|
||||
CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN: 'true'
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
- releases/v2
|
||||
pull_request:
|
||||
types:
|
||||
- opened
|
||||
- synchronize
|
||||
- reopened
|
||||
- ready_for_review
|
||||
workflow_dispatch: {}
|
||||
jobs:
|
||||
config-export:
|
||||
strategy:
|
||||
matrix:
|
||||
include:
|
||||
- os: ubuntu-latest
|
||||
version: latest
|
||||
- os: macos-latest
|
||||
version: latest
|
||||
- os: windows-latest
|
||||
version: latest
|
||||
name: Config export
|
||||
timeout-minutes: 45
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- name: Check out repository
|
||||
uses: actions/checkout@v3
|
||||
- name: Prepare test
|
||||
id: prepare-test
|
||||
uses: ./.github/prepare-test
|
||||
with:
|
||||
version: ${{ matrix.version }}
|
||||
- uses: ./../action/init
|
||||
with:
|
||||
languages: javascript
|
||||
queries: security-extended
|
||||
tools: ${{ steps.prepare-test.outputs.tools-url }}
|
||||
- uses: ./../action/analyze
|
||||
with:
|
||||
output: ${{ runner.temp }}/results
|
||||
upload-database: false
|
||||
- name: Upload SARIF
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
|
||||
path: ${{ runner.temp }}/results/javascript.sarif
|
||||
retention-days: 7
|
||||
- name: Check config properties appear in SARIF
|
||||
uses: actions/github-script@v6
|
||||
env:
|
||||
SARIF_PATH: ${{ runner.temp }}/results/javascript.sarif
|
||||
with:
|
||||
script: |
|
||||
const fs = require('fs');
|
||||
const path = require('path');
|
||||
|
||||
const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
|
||||
const run = sarif.runs[0];
|
||||
const configSummary = run.properties.codeqlConfigSummary;
|
||||
|
||||
if (configSummary === undefined) {
|
||||
core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
|
||||
}
|
||||
if (configSummary.disableDefaultQueries !== false) {
|
||||
core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
|
||||
`${JSON.stringify(configSummary.disableDefaultQueries)}.`);
|
||||
}
|
||||
const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }];
|
||||
// Use JSON.stringify to deep-equal the arrays.
|
||||
if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
|
||||
core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
|
||||
`${JSON.stringify(configSummary.queries)}.`);
|
||||
}
|
||||
core.info('Finished config export tests.');
|
||||
env:
|
||||
CODEQL_ACTION_EXPORT_CODE_SCANNING_CONFIG: true
|
||||
CODEQL_PASS_CONFIG_TO_CLI: true
|
||||
CODEQL_ACTION_TEST_MODE: true
|
||||
8
lib/analyze.js
generated
8
lib/analyze.js
generated
|
|
@ -123,17 +123,17 @@ async function finalizeDatabaseCreation(config, threadsFlag, memoryFlag, logger)
|
|||
};
|
||||
}
|
||||
// Runs queries and creates sarif files in the given folder
|
||||
async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, automationDetailsId, config, logger, featureEnablement) {
|
||||
async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, automationDetailsId, config, logger, features) {
|
||||
const statusReport = {};
|
||||
const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
|
||||
const queryFlags = [memoryFlag, threadsFlag];
|
||||
await util.logCodeScanningConfigInCli(codeql, featureEnablement, logger);
|
||||
await util.logCodeScanningConfigInCli(codeql, features, logger);
|
||||
for (const language of config.languages) {
|
||||
const queries = config.queries[language];
|
||||
const queryFilters = validateQueryFilters(config.originalUserInput["query-filters"]);
|
||||
const packsWithVersion = config.packs[language] || [];
|
||||
try {
|
||||
if (await util.useCodeScanningConfigInCli(codeql, featureEnablement)) {
|
||||
if (await util.useCodeScanningConfigInCli(codeql, features)) {
|
||||
// If we are using the code scanning config in the CLI,
|
||||
// much of the work needed to generate the query suites
|
||||
// is done in the CLI. We just need to make a single
|
||||
|
|
@ -218,7 +218,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
|
|||
return statusReport;
|
||||
async function runInterpretResults(language, queries, sarifFile, enableDebugLogging) {
|
||||
const databasePath = util.getCodeQLDatabasePath(config, language);
|
||||
return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", automationDetailsId);
|
||||
return await codeql.databaseInterpretResults(databasePath, queries, sarifFile, addSnippetsFlag, threadsFlag, enableDebugLogging ? "-vv" : "-v", automationDetailsId, config, features);
|
||||
}
|
||||
async function runPrintLinesOfCode(language) {
|
||||
const databasePath = util.getCodeQLDatabasePath(config, language);
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
39
lib/codeql.js
generated
39
lib/codeql.js
generated
|
|
@ -23,13 +23,15 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|||
return result;
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
|
||||
exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
|
||||
const fs = __importStar(require("fs"));
|
||||
const path = __importStar(require("path"));
|
||||
const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
|
||||
const yaml = __importStar(require("js-yaml"));
|
||||
const actions_util_1 = require("./actions-util");
|
||||
const config_utils_1 = require("./config-utils");
|
||||
const error_matcher_1 = require("./error-matcher");
|
||||
const feature_flags_1 = require("./feature-flags");
|
||||
const languages_1 = require("./languages");
|
||||
const setupCodeql = __importStar(require("./setup-codeql"));
|
||||
const toolrunner_error_catcher_1 = require("./toolrunner-error-catcher");
|
||||
|
|
@ -98,6 +100,11 @@ exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = "2.10.3";
|
|||
* Versions 2.11.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for each language.
|
||||
*/
|
||||
exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
|
||||
/**
|
||||
* Versions 2.12.3+ of the CodeQL CLI support exporting information in the code scanning
|
||||
* configuration file to SARIF.
|
||||
*/
|
||||
exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = "2.12.3";
|
||||
/**
|
||||
* Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`.
|
||||
*/
|
||||
|
|
@ -306,7 +313,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
|
|||
...getExtraOptionsFromEnv(["database", "init"]),
|
||||
]);
|
||||
},
|
||||
async databaseInitCluster(config, sourceRoot, processName, featureEnablement, qlconfigFile, logger) {
|
||||
async databaseInitCluster(config, sourceRoot, processName, features, qlconfigFile, logger) {
|
||||
const extraArgs = config.languages.map((language) => `--language=${language}`);
|
||||
if (config.languages.filter((l) => (0, languages_1.isTracedLanguage)(l)).length > 0) {
|
||||
extraArgs.push("--begin-tracing");
|
||||
|
|
@ -325,7 +332,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
|
|||
}
|
||||
}
|
||||
// A code scanning config file is only generated if the CliConfigFileEnabled feature flag is enabled.
|
||||
const codeScanningConfigFile = await generateCodeScanningConfig(codeql, config, featureEnablement, logger);
|
||||
const codeScanningConfigFile = await generateCodeScanningConfig(codeql, config, features, logger);
|
||||
// Only pass external repository token if a config file is going to be parsed by the CLI.
|
||||
let externalRepositoryToken;
|
||||
if (codeScanningConfigFile) {
|
||||
|
|
@ -502,7 +509,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
|
|||
}
|
||||
await (0, toolrunner_error_catcher_1.toolrunnerErrorCatcher)(cmd, codeqlArgs, error_matcher_1.errorMatchers);
|
||||
},
|
||||
async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId) {
|
||||
async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, verbosityFlag, automationDetailsId, config, features) {
|
||||
const codeqlArgs = [
|
||||
"database",
|
||||
"interpret-results",
|
||||
|
|
@ -514,6 +521,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
|
|||
"--print-diagnostics-summary",
|
||||
"--print-metrics-summary",
|
||||
"--sarif-group-rules-by-pack",
|
||||
...(await getCodeScanningConfigExportArguments(config, this, features)),
|
||||
...getExtraOptionsFromEnv(["database", "interpret-results"]),
|
||||
];
|
||||
if (await util.codeQlVersionAbove(this, CODEQL_VERSION_CUSTOM_QUERY_HELP))
|
||||
|
|
@ -606,12 +614,13 @@ async function getCodeQLForCmd(cmd, checkVersion) {
|
|||
];
|
||||
await new toolrunner.ToolRunner(cmd, args).exec();
|
||||
},
|
||||
async diagnosticsExport(sarifFile, automationDetailsId) {
|
||||
async diagnosticsExport(sarifFile, automationDetailsId, config, features) {
|
||||
const args = [
|
||||
"diagnostics",
|
||||
"export",
|
||||
"--format=sarif-latest",
|
||||
`--output=${sarifFile}`,
|
||||
...(await getCodeScanningConfigExportArguments(config, this, features)),
|
||||
...getExtraOptionsFromEnv(["diagnostics", "export"]),
|
||||
];
|
||||
if (automationDetailsId !== undefined) {
|
||||
|
|
@ -722,11 +731,11 @@ async function runTool(cmd, args = [], opts = {}) {
|
|||
* @param config The configuration to use.
|
||||
* @returns the path to the generated user configuration file.
|
||||
*/
|
||||
async function generateCodeScanningConfig(codeql, config, featureEnablement, logger) {
|
||||
if (!(await util.useCodeScanningConfigInCli(codeql, featureEnablement))) {
|
||||
async function generateCodeScanningConfig(codeql, config, features, logger) {
|
||||
if (!(await util.useCodeScanningConfigInCli(codeql, features))) {
|
||||
return;
|
||||
}
|
||||
const codeScanningConfigFile = path.resolve(config.tempDir, "user-config.yaml");
|
||||
const codeScanningConfigFile = (0, config_utils_1.getGeneratedCodeScanningConfigPath)(config);
|
||||
// make a copy so we can modify it
|
||||
const augmentedConfig = cloneObject(config.originalUserInput);
|
||||
// Inject the queries from the input
|
||||
|
|
@ -790,4 +799,18 @@ async function generateCodeScanningConfig(codeql, config, featureEnablement, log
|
|||
function cloneObject(obj) {
|
||||
return JSON.parse(JSON.stringify(obj));
|
||||
}
|
||||
/**
|
||||
* Gets arguments for passing the code scanning configuration file to interpretation commands like
|
||||
* `codeql database interpret-results` and `codeql database export-diagnostics`.
|
||||
*
|
||||
* Returns an empty list if a code scanning configuration file was not generated by the CLI.
|
||||
*/
|
||||
async function getCodeScanningConfigExportArguments(config, codeql, features) {
|
||||
const codeScanningConfigPath = (0, config_utils_1.getGeneratedCodeScanningConfigPath)(config);
|
||||
if (fs.existsSync(codeScanningConfigPath) &&
|
||||
(await features.getValue(feature_flags_1.Feature.ExportCodeScanningConfigEnabled, codeql))) {
|
||||
return ["--sarif-codescanning-config", codeScanningConfigPath];
|
||||
}
|
||||
return [];
|
||||
}
|
||||
//# sourceMappingURL=codeql.js.map
|
||||
File diff suppressed because one or more lines are too long
8
lib/codeql.test.js
generated
8
lib/codeql.test.js
generated
|
|
@ -424,7 +424,7 @@ for (const isBundleVersionInUrl of [true, false]) {
|
|||
sinon.stub(codeqlObject, "getVersion").resolves("2.7.0");
|
||||
// safeWhich throws because of the test CodeQL object.
|
||||
sinon.stub(safeWhich, "safeWhich").resolves("");
|
||||
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "");
|
||||
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]));
|
||||
t.false(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"), "--sarif-add-query-help should be absent, but it is present");
|
||||
});
|
||||
(0, ava_1.default)("databaseInterpretResults() sets --sarif-add-query-help for 2.7.1", async (t) => {
|
||||
|
|
@ -433,7 +433,7 @@ for (const isBundleVersionInUrl of [true, false]) {
|
|||
sinon.stub(codeqlObject, "getVersion").resolves("2.7.1");
|
||||
// safeWhich throws because of the test CodeQL object.
|
||||
sinon.stub(safeWhich, "safeWhich").resolves("");
|
||||
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "");
|
||||
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]));
|
||||
t.true(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"), "--sarif-add-query-help should be present, but it is absent");
|
||||
});
|
||||
(0, ava_1.default)("databaseInitCluster() without injected codescanning config", async (t) => {
|
||||
|
|
@ -733,7 +733,7 @@ const injectedConfigMacro = ava_1.default.macro({
|
|||
sinon.stub(codeqlObject, "getVersion").resolves("2.11.3");
|
||||
// safeWhich throws because of the test CodeQL object.
|
||||
sinon.stub(safeWhich, "safeWhich").resolves("");
|
||||
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "");
|
||||
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]));
|
||||
t.true(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info should be present, but it is absent");
|
||||
});
|
||||
(0, ava_1.default)("databaseInterpretResults() does not set --sarif-add-baseline-file-info for 2.11.2", async (t) => {
|
||||
|
|
@ -742,7 +742,7 @@ const injectedConfigMacro = ava_1.default.macro({
|
|||
sinon.stub(codeqlObject, "getVersion").resolves("2.11.2");
|
||||
// safeWhich throws because of the test CodeQL object.
|
||||
sinon.stub(safeWhich, "safeWhich").resolves("");
|
||||
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "");
|
||||
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "", stubConfig, (0, testing_utils_1.createFeatures)([]));
|
||||
t.false(runnerConstructorStub.firstCall.args[1].includes("--sarif-add-baseline-file-info"), "--sarif-add-baseline-file-info must be absent, but it is present");
|
||||
});
|
||||
function stubToolRunnerConstructor() {
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
45
lib/config-utils.js
generated
45
lib/config-utils.js
generated
|
|
@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
|
|||
return result;
|
||||
};
|
||||
Object.defineProperty(exports, "__esModule", { value: true });
|
||||
exports.wrapEnvironment = exports.generateRegistries = exports.downloadPacks = exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.validatePackSpecification = exports.prettyPrintPack = exports.parsePacksSpecification = exports.parsePacksFromConfig = exports.calculateAugmentation = exports.getDefaultConfig = exports.getRawLanguages = exports.getLanguages = exports.getLanguagesInRepo = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesMissingUses = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = exports.defaultAugmentationProperties = void 0;
|
||||
exports.getGeneratedCodeScanningConfigPath = exports.wrapEnvironment = exports.generateRegistries = exports.downloadPacks = exports.getConfig = exports.getPathToParsedConfigFile = exports.initConfig = exports.parsePacks = exports.validatePackSpecification = exports.prettyPrintPack = exports.parsePacksSpecification = exports.parsePacksFromConfig = exports.calculateAugmentation = exports.getDefaultConfig = exports.getRawLanguages = exports.getLanguages = exports.getLanguagesInRepo = exports.getUnknownLanguagesError = exports.getNoLanguagesError = exports.getConfigFileDirectoryGivenMessage = exports.getConfigFileFormatInvalidMessage = exports.getConfigFileRepoFormatInvalidMessage = exports.getConfigFileDoesNotExistErrorMessage = exports.getConfigFileOutsideWorkspaceErrorMessage = exports.getLocalPathDoesNotExist = exports.getLocalPathOutsideOfRepository = exports.getPacksStrInvalid = exports.getPacksInvalid = exports.getPacksInvalidSplit = exports.getPathsInvalid = exports.getPathsIgnoreInvalid = exports.getQueryUsesInvalid = exports.getQueriesMissingUses = exports.getQueriesInvalid = exports.getDisableDefaultQueriesInvalid = exports.getNameInvalid = exports.validateAndSanitisePath = exports.defaultAugmentationProperties = void 0;
|
||||
const fs = __importStar(require("fs"));
|
||||
const path = __importStar(require("path"));
|
||||
const perf_hooks_1 = require("perf_hooks");
|
||||
|
|
@ -141,7 +141,7 @@ const builtinSuites = [
|
|||
* Throws an error if suiteName is not a valid builtin suite.
|
||||
* May inject ML queries, and the return value will declare if this was done.
|
||||
*/
|
||||
async function addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, suiteName, featureEnablement, configFile) {
|
||||
async function addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, suiteName, features, configFile) {
|
||||
let injectedMlQueries = false;
|
||||
const found = builtinSuites.find((suite) => suite === suiteName);
|
||||
if (!found) {
|
||||
|
|
@ -165,7 +165,7 @@ async function addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, suite
|
|||
found === "security-extended" ||
|
||||
found === "security-and-quality") &&
|
||||
!packs.javascript?.some(isMlPoweredJsQueriesPack) &&
|
||||
(await featureEnablement.getValue(feature_flags_1.Feature.MlPoweredQueriesEnabled, codeQL))) {
|
||||
(await features.getValue(feature_flags_1.Feature.MlPoweredQueriesEnabled, codeQL))) {
|
||||
if (!packs.javascript) {
|
||||
packs.javascript = [];
|
||||
}
|
||||
|
|
@ -240,7 +240,7 @@ async function addRemoteQueries(codeQL, resultMap, queryUses, tempDir, apiDetail
|
|||
*
|
||||
* @returns whether or not we injected ML queries into the packs
|
||||
*/
|
||||
async function parseQueryUses(languages, codeQL, resultMap, packs, queryUses, tempDir, workspacePath, apiDetails, featureEnablement, logger, configFile) {
|
||||
async function parseQueryUses(languages, codeQL, resultMap, packs, queryUses, tempDir, workspacePath, apiDetails, features, logger, configFile) {
|
||||
queryUses = queryUses.trim();
|
||||
if (queryUses === "") {
|
||||
throw new Error(getQueryUsesInvalid(configFile));
|
||||
|
|
@ -252,12 +252,12 @@ async function parseQueryUses(languages, codeQL, resultMap, packs, queryUses, te
|
|||
}
|
||||
// Check for one of the builtin suites
|
||||
if (queryUses.indexOf("/") === -1 && queryUses.indexOf("@") === -1) {
|
||||
return await addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, queryUses, featureEnablement, configFile);
|
||||
return await addBuiltinSuiteQueries(languages, codeQL, resultMap, packs, queryUses, features, configFile);
|
||||
}
|
||||
// Otherwise, must be a reference to another repo.
|
||||
// If config parsing is handled in CLI, then this repo will be downloaded
|
||||
// later by the CLI.
|
||||
if (!(await (0, util_1.useCodeScanningConfigInCli)(codeQL, featureEnablement))) {
|
||||
if (!(await (0, util_1.useCodeScanningConfigInCli)(codeQL, features))) {
|
||||
await addRemoteQueries(codeQL, resultMap, queryUses, tempDir, apiDetails, logger, configFile);
|
||||
}
|
||||
return false;
|
||||
|
|
@ -503,13 +503,13 @@ async function getRawLanguages(languagesInput, repository, logger) {
|
|||
return { rawLanguages, autodetected };
|
||||
}
|
||||
exports.getRawLanguages = getRawLanguages;
|
||||
async function addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, resultMap, packs, tempDir, workspacePath, apiDetails, featureEnablement, logger) {
|
||||
async function addQueriesAndPacksFromWorkflow(codeQL, queriesInput, languages, resultMap, packs, tempDir, workspacePath, apiDetails, features, logger) {
|
||||
let injectedMlQueries = false;
|
||||
queriesInput = queriesInput.trim();
|
||||
// "+" means "don't override config file" - see shouldAddConfigFileQueries
|
||||
queriesInput = queriesInput.replace(/^\+/, "");
|
||||
for (const query of queriesInput.split(",")) {
|
||||
const didInject = await parseQueryUses(languages, codeQL, resultMap, packs, query, tempDir, workspacePath, apiDetails, featureEnablement, logger);
|
||||
const didInject = await parseQueryUses(languages, codeQL, resultMap, packs, query, tempDir, workspacePath, apiDetails, features, logger);
|
||||
injectedMlQueries = injectedMlQueries || didInject;
|
||||
}
|
||||
return injectedMlQueries;
|
||||
|
|
@ -527,7 +527,7 @@ function shouldAddConfigFileQueries(queriesInput) {
|
|||
/**
|
||||
* Get the default config for when the user has not supplied one.
|
||||
*/
|
||||
async function getDefaultConfig(languagesInput, rawQueriesInput, rawPacksInput, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureEnablement, logger) {
|
||||
async function getDefaultConfig(languagesInput, rawQueriesInput, rawPacksInput, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
|
||||
const languages = await getLanguages(codeQL, languagesInput, repository, logger);
|
||||
const queries = {};
|
||||
for (const language of languages) {
|
||||
|
|
@ -545,7 +545,7 @@ async function getDefaultConfig(languagesInput, rawQueriesInput, rawPacksInput,
|
|||
: {};
|
||||
if (rawQueriesInput) {
|
||||
augmentationProperties.injectedMlQueries =
|
||||
await addQueriesAndPacksFromWorkflow(codeQL, rawQueriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureEnablement, logger);
|
||||
await addQueriesAndPacksFromWorkflow(codeQL, rawQueriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, features, logger);
|
||||
}
|
||||
const { trapCaches, trapCacheDownloadTime } = await downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logger);
|
||||
return {
|
||||
|
|
@ -581,7 +581,7 @@ async function downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logg
|
|||
/**
|
||||
* Load the config from the given file.
|
||||
*/
|
||||
async function loadConfig(languagesInput, rawQueriesInput, rawPacksInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureEnablement, logger) {
|
||||
async function loadConfig(languagesInput, rawQueriesInput, rawPacksInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
|
||||
let parsedYAML;
|
||||
if (isLocal(configFile)) {
|
||||
// Treat the config file as relative to the workspace
|
||||
|
|
@ -629,7 +629,7 @@ async function loadConfig(languagesInput, rawQueriesInput, rawPacksInput, config
|
|||
// in the config file.
|
||||
if (rawQueriesInput) {
|
||||
augmentationProperties.injectedMlQueries =
|
||||
await addQueriesAndPacksFromWorkflow(codeQL, rawQueriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, featureEnablement, logger);
|
||||
await addQueriesAndPacksFromWorkflow(codeQL, rawQueriesInput, languages, queries, packs, tempDir, workspacePath, apiDetails, features, logger);
|
||||
}
|
||||
if (shouldAddConfigFileQueries(rawQueriesInput) &&
|
||||
QUERIES_PROPERTY in parsedYAML) {
|
||||
|
|
@ -641,7 +641,7 @@ async function loadConfig(languagesInput, rawQueriesInput, rawPacksInput, config
|
|||
if (typeof query[QUERIES_USES_PROPERTY] !== "string") {
|
||||
throw new Error(getQueriesMissingUses(configFile));
|
||||
}
|
||||
await parseQueryUses(languages, codeQL, queries, packs, query[QUERIES_USES_PROPERTY], tempDir, workspacePath, apiDetails, featureEnablement, logger, configFile);
|
||||
await parseQueryUses(languages, codeQL, queries, packs, query[QUERIES_USES_PROPERTY], tempDir, workspacePath, apiDetails, features, logger, configFile);
|
||||
}
|
||||
}
|
||||
if (PATHS_IGNORE_PROPERTY in parsedYAML) {
|
||||
|
|
@ -932,21 +932,21 @@ function dbLocationOrDefault(dbLocation, tempDir) {
|
|||
* This will parse the config from the user input if present, or generate
|
||||
* a default config. The parsed config is then stored to a known location.
|
||||
*/
|
||||
async function initConfig(languagesInput, queriesInput, packsInput, registriesInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureEnablement, logger) {
|
||||
async function initConfig(languagesInput, queriesInput, packsInput, registriesInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
|
||||
let config;
|
||||
// If no config file was provided create an empty one
|
||||
if (!configFile) {
|
||||
logger.debug("No configuration file was provided");
|
||||
config = await getDefaultConfig(languagesInput, queriesInput, packsInput, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureEnablement, logger);
|
||||
config = await getDefaultConfig(languagesInput, queriesInput, packsInput, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger);
|
||||
}
|
||||
else {
|
||||
config = await loadConfig(languagesInput, queriesInput, packsInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureEnablement, logger);
|
||||
config = await loadConfig(languagesInput, queriesInput, packsInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger);
|
||||
}
|
||||
// When using the codescanning config in the CLI, pack downloads
|
||||
// happen in the CLI during the `database init` command, so no need
|
||||
// to download them here.
|
||||
await (0, util_1.logCodeScanningConfigInCli)(codeQL, featureEnablement, logger);
|
||||
if (!(await (0, util_1.useCodeScanningConfigInCli)(codeQL, featureEnablement))) {
|
||||
await (0, util_1.logCodeScanningConfigInCli)(codeQL, features, logger);
|
||||
if (!(await (0, util_1.useCodeScanningConfigInCli)(codeQL, features))) {
|
||||
// The list of queries should not be empty for any language. If it is then
|
||||
// it is a user configuration error.
|
||||
// This check occurs in the CLI when it parses the config file.
|
||||
|
|
@ -1177,4 +1177,13 @@ async function wrapEnvironment(env, operation) {
|
|||
}
|
||||
}
|
||||
exports.wrapEnvironment = wrapEnvironment;
|
||||
/**
|
||||
* Get the path to the code scanning configuration generated by the CLI.
|
||||
*
|
||||
* This will not exist if the configuration is being parsed in the Action.
|
||||
*/
|
||||
function getGeneratedCodeScanningConfigPath(config) {
|
||||
return path.resolve(config.tempDir, "user-config.yaml");
|
||||
}
|
||||
exports.getGeneratedCodeScanningConfigPath = getGeneratedCodeScanningConfigPath;
|
||||
//# sourceMappingURL=config-utils.js.map
|
||||
File diff suppressed because one or more lines are too long
13
lib/feature-flags.js
generated
13
lib/feature-flags.js
generated
|
|
@ -28,6 +28,7 @@ const fs = __importStar(require("fs"));
|
|||
const path = __importStar(require("path"));
|
||||
const semver = __importStar(require("semver"));
|
||||
const api_client_1 = require("./api-client");
|
||||
const codeql_1 = require("./codeql");
|
||||
const defaults = __importStar(require("./defaults.json"));
|
||||
const util = __importStar(require("./util"));
|
||||
const DEFAULT_VERSION_FEATURE_FLAG_PREFIX = "default_codeql_version_";
|
||||
|
|
@ -36,6 +37,7 @@ var Feature;
|
|||
(function (Feature) {
|
||||
Feature["CliConfigFileEnabled"] = "cli_config_file_enabled";
|
||||
Feature["DisableKotlinAnalysisEnabled"] = "disable_kotlin_analysis_enabled";
|
||||
Feature["ExportCodeScanningConfigEnabled"] = "export_code_scanning_config_enabled";
|
||||
Feature["MlPoweredQueriesEnabled"] = "ml_powered_queries_enabled";
|
||||
Feature["UploadFailedSarifEnabled"] = "upload_failed_sarif_enabled";
|
||||
})(Feature = exports.Feature || (exports.Feature = {}));
|
||||
|
|
@ -50,6 +52,11 @@ exports.featureConfig = {
|
|||
minimumVersion: "2.11.6",
|
||||
defaultValue: true,
|
||||
},
|
||||
[Feature.ExportCodeScanningConfigEnabled]: {
|
||||
envVar: "CODEQL_ACTION_EXPORT_CODE_SCANNING_CONFIG",
|
||||
minimumVersion: codeql_1.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG,
|
||||
defaultValue: false,
|
||||
},
|
||||
[Feature.MlPoweredQueriesEnabled]: {
|
||||
envVar: "CODEQL_ML_POWERED_QUERIES",
|
||||
minimumVersion: "2.7.5",
|
||||
|
|
@ -187,12 +194,12 @@ class GitHubFeatureFlags {
|
|||
this.logger.debug(`No feature flags API response for ${feature}.`);
|
||||
return undefined;
|
||||
}
|
||||
const featureEnablement = response[feature];
|
||||
if (featureEnablement === undefined) {
|
||||
const features = response[feature];
|
||||
if (features === undefined) {
|
||||
this.logger.debug(`Feature '${feature}' undefined in API response.`);
|
||||
return undefined;
|
||||
}
|
||||
return !!featureEnablement;
|
||||
return !!features;
|
||||
}
|
||||
async getAllFeatures() {
|
||||
// if we have an in memory cache, use that
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
74
lib/feature-flags.test.js
generated
74
lib/feature-flags.test.js
generated
|
|
@ -51,9 +51,9 @@ for (const variant of ALL_FEATURES_DISABLED_VARIANTS) {
|
|||
(0, ava_1.default)(`All features are disabled if running against ${variant.description}`, async (t) => {
|
||||
await (0, util_1.withTmpDir)(async (tmpDir) => {
|
||||
const loggedMessages = [];
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir, (0, testing_utils_1.getRecordingLogger)(loggedMessages), variant.gitHubVersion);
|
||||
const features = setUpFeatureFlagTests(tmpDir, (0, testing_utils_1.getRecordingLogger)(loggedMessages), variant.gitHubVersion);
|
||||
for (const feature of Object.values(feature_flags_1.Feature)) {
|
||||
t.deepEqual(await featureEnablement.getValue(feature, includeCodeQlIfRequired(feature)), feature_flags_1.featureConfig[feature].defaultValue);
|
||||
t.deepEqual(await features.getValue(feature, includeCodeQlIfRequired(feature)), feature_flags_1.featureConfig[feature].defaultValue);
|
||||
}
|
||||
t.assert(loggedMessages.find((v) => v.type === "debug" &&
|
||||
v.message ===
|
||||
|
|
@ -64,10 +64,11 @@ for (const variant of ALL_FEATURES_DISABLED_VARIANTS) {
|
|||
(0, ava_1.default)("API response missing and features use default value", async (t) => {
|
||||
await (0, util_1.withTmpDir)(async (tmpDir) => {
|
||||
const loggedMessages = [];
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
|
||||
const features = setUpFeatureFlagTests(tmpDir, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
|
||||
(0, testing_utils_1.mockFeatureFlagApiEndpoint)(403, {});
|
||||
for (const feature of Object.values(feature_flags_1.Feature)) {
|
||||
t.assert((await featureEnablement.getValue(feature, includeCodeQlIfRequired(feature))) === feature_flags_1.featureConfig[feature].defaultValue);
|
||||
t.assert((await features.getValue(feature, includeCodeQlIfRequired(feature))) ===
|
||||
feature_flags_1.featureConfig[feature].defaultValue);
|
||||
}
|
||||
assertAllFeaturesUndefinedInApi(t, loggedMessages);
|
||||
});
|
||||
|
|
@ -75,19 +76,20 @@ for (const variant of ALL_FEATURES_DISABLED_VARIANTS) {
|
|||
(0, ava_1.default)("Features use default value if they're not returned in API response", async (t) => {
|
||||
await (0, util_1.withTmpDir)(async (tmpDir) => {
|
||||
const loggedMessages = [];
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
|
||||
const features = setUpFeatureFlagTests(tmpDir, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
|
||||
(0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, {});
|
||||
for (const feature of Object.values(feature_flags_1.Feature)) {
|
||||
t.assert((await featureEnablement.getValue(feature, includeCodeQlIfRequired(feature))) === feature_flags_1.featureConfig[feature].defaultValue);
|
||||
t.assert((await features.getValue(feature, includeCodeQlIfRequired(feature))) ===
|
||||
feature_flags_1.featureConfig[feature].defaultValue);
|
||||
}
|
||||
assertAllFeaturesUndefinedInApi(t, loggedMessages);
|
||||
});
|
||||
});
|
||||
(0, ava_1.default)("Feature flags exception is propagated if the API request errors", async (t) => {
|
||||
await (0, util_1.withTmpDir)(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
(0, testing_utils_1.mockFeatureFlagApiEndpoint)(500, {});
|
||||
await t.throwsAsync(async () => featureEnablement.getValue(feature_flags_1.Feature.MlPoweredQueriesEnabled, includeCodeQlIfRequired(feature_flags_1.Feature.MlPoweredQueriesEnabled)), {
|
||||
await t.throwsAsync(async () => features.getValue(feature_flags_1.Feature.MlPoweredQueriesEnabled, includeCodeQlIfRequired(feature_flags_1.Feature.MlPoweredQueriesEnabled)), {
|
||||
message: "Encountered an error while trying to determine feature enablement: Error: some error message",
|
||||
});
|
||||
});
|
||||
|
|
@ -95,7 +97,7 @@ for (const variant of ALL_FEATURES_DISABLED_VARIANTS) {
|
|||
for (const feature of Object.keys(feature_flags_1.featureConfig)) {
|
||||
(0, ava_1.default)(`Only feature '${feature}' is enabled if enabled in the API response. Other features disabled`, async (t) => {
|
||||
await (0, util_1.withTmpDir)(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
// set all features to false except the one we're testing
|
||||
const expectedFeatureEnablement = {};
|
||||
for (const f of Object.keys(feature_flags_1.featureConfig)) {
|
||||
|
|
@ -105,7 +107,7 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
|
|||
// retrieve the values of the actual features
|
||||
const actualFeatureEnablement = {};
|
||||
for (const f of Object.keys(feature_flags_1.featureConfig)) {
|
||||
actualFeatureEnablement[f] = await featureEnablement.getValue(f, includeCodeQlIfRequired(f));
|
||||
actualFeatureEnablement[f] = await features.getValue(f, includeCodeQlIfRequired(f));
|
||||
}
|
||||
// All features should be false except the one we're testing
|
||||
t.deepEqual(actualFeatureEnablement, expectedFeatureEnablement);
|
||||
|
|
@ -113,35 +115,35 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
|
|||
});
|
||||
(0, ava_1.default)(`Only feature '${feature}' is enabled if the associated environment variable is true. Others disabled.`, async (t) => {
|
||||
await (0, util_1.withTmpDir)(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
const expectedFeatureEnablement = initializeFeatures(false);
|
||||
(0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
|
||||
// feature should be disabled initially
|
||||
t.assert(!(await featureEnablement.getValue(feature, includeCodeQlIfRequired(feature))));
|
||||
t.assert(!(await features.getValue(feature, includeCodeQlIfRequired(feature))));
|
||||
// set env var to true and check that the feature is now enabled
|
||||
process.env[feature_flags_1.featureConfig[feature].envVar] = "true";
|
||||
t.assert(await featureEnablement.getValue(feature, includeCodeQlIfRequired(feature)));
|
||||
t.assert(await features.getValue(feature, includeCodeQlIfRequired(feature)));
|
||||
});
|
||||
});
|
||||
(0, ava_1.default)(`Feature '${feature}' is disabled if the associated environment variable is false, even if enabled in API`, async (t) => {
|
||||
await (0, util_1.withTmpDir)(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
const expectedFeatureEnablement = initializeFeatures(true);
|
||||
(0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
|
||||
// feature should be enabled initially
|
||||
t.assert(await featureEnablement.getValue(feature, includeCodeQlIfRequired(feature)));
|
||||
t.assert(await features.getValue(feature, includeCodeQlIfRequired(feature)));
|
||||
// set env var to false and check that the feature is now disabled
|
||||
process.env[feature_flags_1.featureConfig[feature].envVar] = "false";
|
||||
t.assert(!(await featureEnablement.getValue(feature, includeCodeQlIfRequired(feature))));
|
||||
t.assert(!(await features.getValue(feature, includeCodeQlIfRequired(feature))));
|
||||
});
|
||||
});
|
||||
if (feature_flags_1.featureConfig[feature].minimumVersion !== undefined) {
|
||||
(0, ava_1.default)(`Getting feature '${feature} should throw if no codeql is provided`, async (t) => {
|
||||
await (0, util_1.withTmpDir)(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
const expectedFeatureEnablement = initializeFeatures(true);
|
||||
(0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
|
||||
await t.throwsAsync(async () => featureEnablement.getValue(feature), {
|
||||
await t.throwsAsync(async () => features.getValue(feature), {
|
||||
message: `Internal error: A minimum version is specified for feature ${feature}, but no instance of CodeQL was provided.`,
|
||||
});
|
||||
});
|
||||
|
|
@ -150,24 +152,24 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
|
|||
if (feature_flags_1.featureConfig[feature].minimumVersion !== undefined) {
|
||||
(0, ava_1.default)(`Feature '${feature}' is disabled if the minimum CLI version is below ${feature_flags_1.featureConfig[feature].minimumVersion}`, async (t) => {
|
||||
await (0, util_1.withTmpDir)(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
const expectedFeatureEnablement = initializeFeatures(true);
|
||||
(0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
|
||||
// feature should be disabled when an old CLI version is set
|
||||
let codeql = (0, testing_utils_1.mockCodeQLVersion)("2.0.0");
|
||||
t.assert(!(await featureEnablement.getValue(feature, codeql)));
|
||||
t.assert(!(await features.getValue(feature, codeql)));
|
||||
// even setting the env var to true should not enable the feature if
|
||||
// the minimum CLI version is not met
|
||||
process.env[feature_flags_1.featureConfig[feature].envVar] = "true";
|
||||
t.assert(!(await featureEnablement.getValue(feature, codeql)));
|
||||
t.assert(!(await features.getValue(feature, codeql)));
|
||||
// feature should be enabled when a new CLI version is set
|
||||
// and env var is not set
|
||||
process.env[feature_flags_1.featureConfig[feature].envVar] = "";
|
||||
codeql = (0, testing_utils_1.mockCodeQLVersion)(feature_flags_1.featureConfig[feature].minimumVersion);
|
||||
t.assert(await featureEnablement.getValue(feature, codeql));
|
||||
t.assert(await features.getValue(feature, codeql));
|
||||
// set env var to false and check that the feature is now disabled
|
||||
process.env[feature_flags_1.featureConfig[feature].envVar] = "false";
|
||||
t.assert(!(await featureEnablement.getValue(feature, codeql)));
|
||||
t.assert(!(await features.getValue(feature, codeql)));
|
||||
});
|
||||
});
|
||||
}
|
||||
|
|
@ -184,12 +186,12 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
|
|||
});
|
||||
(0, ava_1.default)("Feature flags are saved to disk", async (t) => {
|
||||
await (0, util_1.withTmpDir)(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
const expectedFeatureEnablement = initializeFeatures(true);
|
||||
(0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
|
||||
const cachedFeatureFlags = path.join(tmpDir, feature_flags_1.FEATURE_FLAGS_FILE_NAME);
|
||||
t.false(fs.existsSync(cachedFeatureFlags), "Feature flag cached file should not exist before getting feature flags");
|
||||
t.true(await featureEnablement.getValue(feature_flags_1.Feature.CliConfigFileEnabled, includeCodeQlIfRequired(feature_flags_1.Feature.CliConfigFileEnabled)), "Feature flag should be enabled initially");
|
||||
t.true(await features.getValue(feature_flags_1.Feature.CliConfigFileEnabled, includeCodeQlIfRequired(feature_flags_1.Feature.CliConfigFileEnabled)), "Feature flag should be enabled initially");
|
||||
t.true(fs.existsSync(cachedFeatureFlags), "Feature flag cached file should exist after getting feature flags");
|
||||
const actualFeatureEnablement = JSON.parse(fs.readFileSync(cachedFeatureFlags, "utf8"));
|
||||
t.deepEqual(actualFeatureEnablement, expectedFeatureEnablement);
|
||||
|
|
@ -197,20 +199,20 @@ for (const feature of Object.keys(feature_flags_1.featureConfig)) {
|
|||
actualFeatureEnablement[feature_flags_1.Feature.CliConfigFileEnabled] = false;
|
||||
fs.writeFileSync(cachedFeatureFlags, JSON.stringify(actualFeatureEnablement));
|
||||
// delete the in memory cache so that we are forced to use the cached file
|
||||
featureEnablement.gitHubFeatureFlags.cachedApiResponse = undefined;
|
||||
t.false(await featureEnablement.getValue(feature_flags_1.Feature.CliConfigFileEnabled, includeCodeQlIfRequired(feature_flags_1.Feature.CliConfigFileEnabled)), "Feature flag should be enabled after reading from cached file");
|
||||
features.gitHubFeatureFlags.cachedApiResponse = undefined;
|
||||
t.false(await features.getValue(feature_flags_1.Feature.CliConfigFileEnabled, includeCodeQlIfRequired(feature_flags_1.Feature.CliConfigFileEnabled)), "Feature flag should be enabled after reading from cached file");
|
||||
});
|
||||
});
|
||||
(0, ava_1.default)("Environment variable can override feature flag cache", async (t) => {
|
||||
await (0, util_1.withTmpDir)(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
const expectedFeatureEnablement = initializeFeatures(true);
|
||||
(0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
|
||||
const cachedFeatureFlags = path.join(tmpDir, feature_flags_1.FEATURE_FLAGS_FILE_NAME);
|
||||
t.true(await featureEnablement.getValue(feature_flags_1.Feature.CliConfigFileEnabled, includeCodeQlIfRequired(feature_flags_1.Feature.CliConfigFileEnabled)), "Feature flag should be enabled initially");
|
||||
t.true(await features.getValue(feature_flags_1.Feature.CliConfigFileEnabled, includeCodeQlIfRequired(feature_flags_1.Feature.CliConfigFileEnabled)), "Feature flag should be enabled initially");
|
||||
t.true(fs.existsSync(cachedFeatureFlags), "Feature flag cached file should exist after getting feature flags");
|
||||
process.env.CODEQL_PASS_CONFIG_TO_CLI = "false";
|
||||
t.false(await featureEnablement.getValue(feature_flags_1.Feature.CliConfigFileEnabled, includeCodeQlIfRequired(feature_flags_1.Feature.CliConfigFileEnabled)), "Feature flag should be disabled after setting env var");
|
||||
t.false(await features.getValue(feature_flags_1.Feature.CliConfigFileEnabled, includeCodeQlIfRequired(feature_flags_1.Feature.CliConfigFileEnabled)), "Feature flag should be disabled after setting env var");
|
||||
});
|
||||
});
|
||||
for (const variant of [util_1.GitHubVariant.GHAE, util_1.GitHubVariant.GHES]) {
|
||||
|
|
@ -228,7 +230,7 @@ for (const variant of [util_1.GitHubVariant.GHAE, util_1.GitHubVariant.GHES]) {
|
|||
}
|
||||
(0, ava_1.default)("selects CLI v2.12.1 on Dotcom when feature flags enable v2.12.0 and v2.12.1", async (t) => {
|
||||
await (0, util_1.withTmpDir)(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
const expectedFeatureEnablement = initializeFeatures(true);
|
||||
expectedFeatureEnablement["default_codeql_version_2_12_0_enabled"] = true;
|
||||
expectedFeatureEnablement["default_codeql_version_2_12_1_enabled"] = true;
|
||||
|
|
@ -237,7 +239,7 @@ for (const variant of [util_1.GitHubVariant.GHAE, util_1.GitHubVariant.GHES]) {
|
|||
expectedFeatureEnablement["default_codeql_version_2_12_4_enabled"] = false;
|
||||
expectedFeatureEnablement["default_codeql_version_2_12_5_enabled"] = false;
|
||||
(0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
|
||||
const defaultCliVersion = await featureEnablement.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM);
|
||||
const defaultCliVersion = await features.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM);
|
||||
t.deepEqual(defaultCliVersion, {
|
||||
cliVersion: "2.12.1",
|
||||
toolsFeatureFlagsValid: true,
|
||||
|
|
@ -247,10 +249,10 @@ for (const variant of [util_1.GitHubVariant.GHAE, util_1.GitHubVariant.GHES]) {
|
|||
});
|
||||
(0, ava_1.default)(`selects CLI from defaults.json on Dotcom when no default version feature flags are enabled`, async (t) => {
|
||||
await (0, util_1.withTmpDir)(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
const expectedFeatureEnablement = initializeFeatures(true);
|
||||
(0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
|
||||
const defaultCliVersion = await featureEnablement.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM);
|
||||
const defaultCliVersion = await features.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM);
|
||||
t.deepEqual(defaultCliVersion, {
|
||||
cliVersion: defaults.cliVersion,
|
||||
toolsFeatureFlagsValid: false,
|
||||
|
|
@ -261,14 +263,14 @@ for (const variant of [util_1.GitHubVariant.GHAE, util_1.GitHubVariant.GHES]) {
|
|||
(0, ava_1.default)("ignores invalid version numbers in default version feature flags", async (t) => {
|
||||
await (0, util_1.withTmpDir)(async (tmpDir) => {
|
||||
const loggedMessages = [];
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
|
||||
const features = setUpFeatureFlagTests(tmpDir, (0, testing_utils_1.getRecordingLogger)(loggedMessages));
|
||||
const expectedFeatureEnablement = initializeFeatures(true);
|
||||
expectedFeatureEnablement["default_codeql_version_2_12_0_enabled"] = true;
|
||||
expectedFeatureEnablement["default_codeql_version_2_12_1_enabled"] = true;
|
||||
expectedFeatureEnablement["default_codeql_version_2_12_invalid_enabled"] =
|
||||
true;
|
||||
(0, testing_utils_1.mockFeatureFlagApiEndpoint)(200, expectedFeatureEnablement);
|
||||
const defaultCliVersion = await featureEnablement.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM);
|
||||
const defaultCliVersion = await features.getDefaultCliVersion(util_1.GitHubVariant.DOTCOM);
|
||||
t.deepEqual(defaultCliVersion, {
|
||||
cliVersion: "2.12.1",
|
||||
toolsFeatureFlagsValid: true,
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
14
lib/init-action-post-helper.js
generated
14
lib/init-action-post-helper.js
generated
|
|
@ -43,12 +43,12 @@ function createFailedUploadFailedSarifResult(error) {
|
|||
* Upload a failed SARIF file if we can verify that SARIF upload is enabled and determine the SARIF
|
||||
* category for the workflow.
|
||||
*/
|
||||
async function maybeUploadFailedSarif(config, repositoryNwo, featureEnablement, logger) {
|
||||
async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) {
|
||||
if (!config.codeQLCmd) {
|
||||
return { upload_failed_run_skipped_because: "CodeQL command not found" };
|
||||
}
|
||||
const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
|
||||
if (!(await featureEnablement.getValue(feature_flags_1.Feature.UploadFailedSarifEnabled, codeql))) {
|
||||
if (!(await features.getValue(feature_flags_1.Feature.UploadFailedSarifEnabled, codeql))) {
|
||||
return { upload_failed_run_skipped_because: "Feature disabled" };
|
||||
}
|
||||
const workflow = await (0, workflow_1.getWorkflow)();
|
||||
|
|
@ -61,16 +61,16 @@ async function maybeUploadFailedSarif(config, repositoryNwo, featureEnablement,
|
|||
const category = (0, workflow_1.getCategoryInputOrThrow)(workflow, jobName, matrix);
|
||||
const checkoutPath = (0, workflow_1.getCheckoutPathInputOrThrow)(workflow, jobName, matrix);
|
||||
const sarifFile = "../codeql-failed-run.sarif";
|
||||
await codeql.diagnosticsExport(sarifFile, category);
|
||||
await codeql.diagnosticsExport(sarifFile, category, config, features);
|
||||
core.info(`Uploading failed SARIF file ${sarifFile}`);
|
||||
const uploadResult = await uploadLib.uploadFromActions(sarifFile, checkoutPath, category, logger);
|
||||
await uploadLib.waitForProcessing(repositoryNwo, uploadResult.sarifID, logger, { isUnsuccessfulExecution: true });
|
||||
return uploadResult?.statusReport ?? {};
|
||||
}
|
||||
async function tryUploadSarifIfRunFailed(config, repositoryNwo, featureEnablement, logger) {
|
||||
async function tryUploadSarifIfRunFailed(config, repositoryNwo, features, logger) {
|
||||
if (process.env[shared_environment_1.CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY] !== "true") {
|
||||
try {
|
||||
return await maybeUploadFailedSarif(config, repositoryNwo, featureEnablement, logger);
|
||||
return await maybeUploadFailedSarif(config, repositoryNwo, features, logger);
|
||||
}
|
||||
catch (e) {
|
||||
logger.debug(`Failed to upload a SARIF file for this failed CodeQL code scanning run. ${e}`);
|
||||
|
|
@ -84,13 +84,13 @@ async function tryUploadSarifIfRunFailed(config, repositoryNwo, featureEnablemen
|
|||
}
|
||||
}
|
||||
exports.tryUploadSarifIfRunFailed = tryUploadSarifIfRunFailed;
|
||||
async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, printDebugLogs, repositoryNwo, featureEnablement, logger) {
|
||||
async function run(uploadDatabaseBundleDebugArtifact, uploadLogsDebugArtifact, printDebugLogs, repositoryNwo, features, logger) {
|
||||
const config = await (0, config_utils_1.getConfig)(actionsUtil.getTemporaryDirectory(), logger);
|
||||
if (config === undefined) {
|
||||
logger.warning("Debugging artifacts are unavailable since the 'init' Action failed before it could produce any.");
|
||||
return;
|
||||
}
|
||||
const uploadFailedSarifResult = await tryUploadSarifIfRunFailed(config, repositoryNwo, featureEnablement, logger);
|
||||
const uploadFailedSarifResult = await tryUploadSarifIfRunFailed(config, repositoryNwo, features, logger);
|
||||
if (uploadFailedSarifResult.upload_failed_run_skipped_because) {
|
||||
logger.debug("Won't upload a failed SARIF file for this CodeQL code scanning run because: " +
|
||||
`${uploadFailedSarifResult.upload_failed_run_skipped_because}.`);
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAAuF;AACvF,wDAA0C;AAC1C,iCAA6E;AAC7E,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,OAAO;QACL,uBAAuB,EACrB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;QACxD,6BAA6B,EAC3B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACnD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAc,EACd,aAA4B,EAC5B,iBAAoC,EACpC,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IACE,CAAC,CAAC,MAAM,iBAAiB,CAAC,QAAQ,CAChC,uBAAO,CAAC,wBAAwB,EAChC,MAAM,CACP,CAAC,EACF;QACA,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,GAAE,CAAC;IACrC,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,IACE,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,MAAM;QAC3D,IAAA,mBAAY,GAAE,EACd;QACA,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAE5E,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAC/C,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC;IAEpD,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,YAAY,EAAE,YAAY,IAAI,EAAE,CAAC;AAC1C,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,aAA4B,EAC5B,iBAAoC,EACpC,MAAc;IAEd,IAAI,OAAO,CAAC,GAAG,CAAC,oEAA+C,CAAC,KAAK,MAAM,EAAE;QAC3E,IAAI;YACF,OAAO,MAAM,sBAAsB,CACjC,MAAM,EACN,aAAa,EACb,iBAAiB,EACjB,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,CAAC,KAAK,CACV,2EAA2E,CAAC,EAAE,CAC/E,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM;QACL,OAAO;YACL,iCAAiC,EAC/B,uCAAuC;SAC1C,CAAC;KACH;AACH,CAAC;AA1BD,8DA0BC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,iBAAoC,EACpC,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,yBAAyB,CAC7D,MAAM,EACN,aAAa,EACb,iBAAiB,EACjB,MAAM,CACP,CAAC;IACF,IAAI,uBAAuB,CAAC,iCAAiC,EAAE;QAC7D,MAAM,CAAC,KAAK,CACV,8EAA8E;YAC5E,GAAG,uBAAuB,CAAC,iCAAiC,GAAG,CAClE,CAAC;KACH;IACD,8FAA8F;IAC9F,iCAAiC;IACjC,IACE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM;QAClE,CAAC,uBAAuB,CAAC,qBAAqB,EAC9C;QACA,MAAM,IAAI,KAAK,CACb,4EAA4E;YAC1E,8BAA8B,uBAAuB,GAAG,CAC3D,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AApDD,kBAoDC"}
|
||||
{"version":3,"file":"init-action-post-helper.js","sourceRoot":"","sources":["../src/init-action-post-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,oDAAsC;AAEtC,4DAA8C;AAC9C,qCAAqC;AACrC,iDAAmD;AACnD,mDAA6D;AAG7D,6DAAuF;AACvF,wDAA0C;AAC1C,iCAA6E;AAC7E,yCAKoB;AAWpB,SAAS,mCAAmC,CAC1C,KAAc;IAEd,OAAO;QACL,uBAAuB,EACrB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC;QACxD,6BAA6B,EAC3B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS;KACnD,CAAC;AACJ,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,sBAAsB,CACnC,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,CAAC,MAAM,CAAC,SAAS,EAAE;QACrB,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,MAAM,GAAG,MAAM,IAAA,kBAAS,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IACjD,IAAI,CAAC,CAAC,MAAM,QAAQ,CAAC,QAAQ,CAAC,uBAAO,CAAC,wBAAwB,EAAE,MAAM,CAAC,CAAC,EAAE;QACxE,OAAO,EAAE,iCAAiC,EAAE,kBAAkB,EAAE,CAAC;KAClE;IACD,MAAM,QAAQ,GAAG,MAAM,IAAA,sBAAW,GAAE,CAAC;IACrC,MAAM,OAAO,GAAG,IAAA,0BAAmB,EAAC,YAAY,CAAC,CAAC;IAClD,MAAM,MAAM,GAAG,IAAA,uBAAgB,EAAC,WAAW,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC,CAAC;IACxE,IACE,IAAA,gCAAqB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,KAAK,MAAM;QAC3D,IAAA,mBAAY,GAAE,EACd;QACA,OAAO,EAAE,iCAAiC,EAAE,0BAA0B,EAAE,CAAC;KAC1E;IACD,MAAM,QAAQ,GAAG,IAAA,kCAAuB,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IACpE,MAAM,YAAY,GAAG,IAAA,sCAA2B,EAAC,QAAQ,EAAE,OAAO,EAAE,MAAM,CAAC,CAAC;IAE5E,MAAM,SAAS,GAAG,4BAA4B,CAAC;IAC/C,MAAM,MAAM,CAAC,iBAAiB,CAAC,SAAS,EAAE,QAAQ,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;IAEtE,IAAI,CAAC,IAAI,CAAC,+BAA+B,SAAS,EAAE,CAAC,CAAC;IACtD,MAAM,YAAY,GAAG,MAAM,SAAS,CAAC,iBAAiB,CACpD,SAAS,EACT,YAAY,EACZ,QAAQ,EACR,MAAM,CACP,CAAC;IACF,MAAM,SAAS,CAAC,iBAAiB,CAC/B,aAAa,EACb,YAAY,CAAC,OAAO,EACpB,MAAM,EACN,EAAE,uBAAuB,EAAE,IAAI,EAAE,CAClC,CAAC;IACF,OAAO,YAAY,EAAE,YAAY,IAAI,EAAE,CAAC;AAC1C,CAAC;AAEM,KAAK,UAAU,yBAAyB,CAC7C,MAAc,EACd,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,IAAI,OAAO,CAAC,GAAG,CAAC,oEAA+C,CAAC,KAAK,MAAM,EAAE;QAC3E,IAAI;YACF,OAAO,MAAM,sBAAsB,CACjC,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;SACH;QAAC,OAAO,CAAC,EAAE;YACV,MAAM,CAAC,KAAK,CACV,2EAA2E,CAAC,EAAE,CAC/E,CAAC;YACF,OAAO,mCAAmC,CAAC,CAAC,CAAC,CAAC;SAC/C;KACF;SAAM;QACL,OAAO;YACL,iCAAiC,EAC/B,uCAAuC;SAC1C,CAAC;KACH;AACH,CAAC;AA1BD,8DA0BC;AAEM,KAAK,UAAU,GAAG,CACvB,iCAA2C,EAC3C,uBAAiC,EACjC,cAAwB,EACxB,aAA4B,EAC5B,QAA2B,EAC3B,MAAc;IAEd,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAS,EAAC,WAAW,CAAC,qBAAqB,EAAE,EAAE,MAAM,CAAC,CAAC;IAC5E,IAAI,MAAM,KAAK,SAAS,EAAE;QACxB,MAAM,CAAC,OAAO,CACZ,iGAAiG,CAClG,CAAC;QACF,OAAO;KACR;IAED,MAAM,uBAAuB,GAAG,MAAM,yBAAyB,CAC7D,MAAM,EACN,aAAa,EACb,QAAQ,EACR,MAAM,CACP,CAAC;IACF,IAAI,uBAAuB,CAAC,iCAAiC,EAAE;QAC7D,MAAM,CAAC,KAAK,CACV,8EAA8E;YAC5E,GAAG,uBAAuB,CAAC,iCAAiC,GAAG,CAClE,CAAC;KACH;IACD,8FAA8F;IAC9F,iCAAiC;IACjC,IACE,OAAO,CAAC,GAAG,CAAC,0CAA0C,CAAC,KAAK,MAAM;QAClE,CAAC,uBAAuB,CAAC,qBAAqB,EAC9C;QACA,MAAM,IAAI,KAAK,CACb,4EAA4E;YAC1E,8BAA8B,uBAAuB,GAAG,CAC3D,CAAC;KACH;IAED,qDAAqD;IACrD,IAAI,MAAM,CAAC,SAAS,EAAE;QACpB,IAAI,CAAC,IAAI,CACP,mGAAmG,CACpG,CAAC;QACF,MAAM,iCAAiC,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACxD,MAAM,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtC,MAAM,cAAc,CAAC,MAAM,CAAC,CAAC;KAC9B;IAED,OAAO,uBAAuB,CAAC;AACjC,CAAC;AApDD,kBAoDC"}
|
||||
2
lib/init-action-post-helper.test.js
generated
2
lib/init-action-post-helper.test.js
generated
|
|
@ -254,7 +254,7 @@ async function testFailedSarifUpload(t, actionsWorkflow, { category, expectUploa
|
|||
});
|
||||
}
|
||||
if (expectUpload) {
|
||||
t.true(diagnosticsExportStub.calledOnceWith(sinon.match.string, category), `Actual args were: ${diagnosticsExportStub.args}`);
|
||||
t.true(diagnosticsExportStub.calledOnceWith(sinon.match.string, category, sinon.match.any, sinon.match.any), `Actual args were: ${diagnosticsExportStub.args}`);
|
||||
t.true(uploadFromActions.calledOnceWith(sinon.match.string, sinon.match.string, category, sinon.match.any), `Actual args were: ${uploadFromActions.args}`);
|
||||
t.true(waitForProcessing.calledOnceWith(sinon.match.any, "42", sinon.match.any, {
|
||||
isUnsuccessfulExecution: true,
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
10
lib/init.js
generated
10
lib/init.js
generated
|
|
@ -49,15 +49,15 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
|
|||
return { codeql, toolsDownloadDurationMs, toolsSource, toolsVersion };
|
||||
}
|
||||
exports.initCodeQL = initCodeQL;
|
||||
async function initConfig(languagesInput, queriesInput, packsInput, registriesInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureEnablement, logger) {
|
||||
async function initConfig(languagesInput, queriesInput, packsInput, registriesInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger) {
|
||||
logger.startGroup("Load language configuration");
|
||||
const config = await configUtils.initConfig(languagesInput, queriesInput, packsInput, registriesInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, featureEnablement, logger);
|
||||
const config = await configUtils.initConfig(languagesInput, queriesInput, packsInput, registriesInput, configFile, dbLocation, trapCachingEnabled, debugMode, debugArtifactName, debugDatabaseName, repository, tempDir, codeQL, workspacePath, gitHubVersion, apiDetails, features, logger);
|
||||
analysisPaths.printPathFiltersWarning(config, logger);
|
||||
logger.endGroup();
|
||||
return config;
|
||||
}
|
||||
exports.initConfig = initConfig;
|
||||
async function runInit(codeql, config, sourceRoot, processName, registriesInput, featureEnablement, apiDetails, logger) {
|
||||
async function runInit(codeql, config, sourceRoot, processName, registriesInput, features, apiDetails, logger) {
|
||||
fs.mkdirSync(config.dbLocation, { recursive: true });
|
||||
try {
|
||||
if (await (0, util_1.codeQlVersionAbove)(codeql, codeql_1.CODEQL_VERSION_NEW_TRACING)) {
|
||||
|
|
@ -67,7 +67,7 @@ async function runInit(codeql, config, sourceRoot, processName, registriesInput,
|
|||
// before the `pack download` command was invoked. It is not required for the init command.
|
||||
let registriesAuthTokens;
|
||||
let qlconfigFile;
|
||||
if (await util.useCodeScanningConfigInCli(codeql, featureEnablement)) {
|
||||
if (await util.useCodeScanningConfigInCli(codeql, features)) {
|
||||
({ registriesAuthTokens, qlconfigFile } =
|
||||
await configUtils.generateRegistries(registriesInput, codeql, config.tempDir, logger));
|
||||
}
|
||||
|
|
@ -76,7 +76,7 @@ async function runInit(codeql, config, sourceRoot, processName, registriesInput,
|
|||
CODEQL_REGISTRIES_AUTH: registriesAuthTokens,
|
||||
},
|
||||
// Init a database cluster
|
||||
async () => await codeql.databaseInitCluster(config, sourceRoot, processName, featureEnablement, qlconfigFile, logger));
|
||||
async () => await codeql.databaseInitCluster(config, sourceRoot, processName, features, qlconfigFile, logger));
|
||||
}
|
||||
else {
|
||||
for (const language of config.languages) {
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
8
lib/util.js
generated
8
lib/util.js
generated
|
|
@ -560,12 +560,12 @@ exports.isInTestMode = isInTestMode;
|
|||
* @returns true if the action should generate a conde-scanning config file
|
||||
* that gets passed to the CLI.
|
||||
*/
|
||||
async function useCodeScanningConfigInCli(codeql, featureEnablement) {
|
||||
return await featureEnablement.getValue(feature_flags_1.Feature.CliConfigFileEnabled, codeql);
|
||||
async function useCodeScanningConfigInCli(codeql, features) {
|
||||
return await features.getValue(feature_flags_1.Feature.CliConfigFileEnabled, codeql);
|
||||
}
|
||||
exports.useCodeScanningConfigInCli = useCodeScanningConfigInCli;
|
||||
async function logCodeScanningConfigInCli(codeql, featureEnablement, logger) {
|
||||
if (await useCodeScanningConfigInCli(codeql, featureEnablement)) {
|
||||
async function logCodeScanningConfigInCli(codeql, features, logger) {
|
||||
if (await useCodeScanningConfigInCli(codeql, features)) {
|
||||
logger.info("Code Scanning configuration file being processed in the codeql CLI.");
|
||||
}
|
||||
else {
|
||||
|
|
|
|||
File diff suppressed because one or more lines are too long
49
pr-checks/checks/config-export.yml
Normal file
49
pr-checks/checks/config-export.yml
Normal file
|
|
@ -0,0 +1,49 @@
|
|||
name: "Config export"
|
||||
description: "Tests that the code scanning configuration file is exported to SARIF correctly."
|
||||
versions: ["latest"]
|
||||
env:
|
||||
CODEQL_ACTION_EXPORT_CODE_SCANNING_CONFIG: true
|
||||
CODEQL_PASS_CONFIG_TO_CLI: true
|
||||
steps:
|
||||
- uses: ./../action/init
|
||||
with:
|
||||
languages: javascript
|
||||
queries: security-extended
|
||||
tools: ${{ steps.prepare-test.outputs.tools-url }}
|
||||
- uses: ./../action/analyze
|
||||
with:
|
||||
output: "${{ runner.temp }}/results"
|
||||
upload-database: false
|
||||
- name: Upload SARIF
|
||||
uses: actions/upload-artifact@v3
|
||||
with:
|
||||
name: config-export-${{ matrix.os }}-${{ matrix.version }}.sarif.json
|
||||
path: "${{ runner.temp }}/results/javascript.sarif"
|
||||
retention-days: 7
|
||||
- name: Check config properties appear in SARIF
|
||||
uses: actions/github-script@v6
|
||||
env:
|
||||
SARIF_PATH: "${{ runner.temp }}/results/javascript.sarif"
|
||||
with:
|
||||
script: |
|
||||
const fs = require('fs');
|
||||
const path = require('path');
|
||||
|
||||
const sarif = JSON.parse(fs.readFileSync(process.env['SARIF_PATH'], 'utf8'));
|
||||
const run = sarif.runs[0];
|
||||
const configSummary = run.properties.codeqlConfigSummary;
|
||||
|
||||
if (configSummary === undefined) {
|
||||
core.setFailed('`codeqlConfigSummary` property not found in the SARIF run property bag.');
|
||||
}
|
||||
if (configSummary.disableDefaultQueries !== false) {
|
||||
core.setFailed('`disableDefaultQueries` property incorrect: expected false, got ' +
|
||||
`${JSON.stringify(configSummary.disableDefaultQueries)}.`);
|
||||
}
|
||||
const expectedQueries = [{ type: 'builtinSuite', uses: 'security-extended' }];
|
||||
// Use JSON.stringify to deep-equal the arrays.
|
||||
if (JSON.stringify(configSummary.queries) !== JSON.stringify(expectedQueries)) {
|
||||
core.setFailed(`\`queries\` property incorrect: expected ${JSON.stringify(expectedQueries)}, got ` +
|
||||
`${JSON.stringify(configSummary.queries)}.`);
|
||||
}
|
||||
core.info('Finished config export tests.');
|
||||
|
|
@ -207,14 +207,14 @@ export async function runQueries(
|
|||
automationDetailsId: string | undefined,
|
||||
config: configUtils.Config,
|
||||
logger: Logger,
|
||||
featureEnablement: FeatureEnablement
|
||||
features: FeatureEnablement
|
||||
): Promise<QueriesStatusReport> {
|
||||
const statusReport: QueriesStatusReport = {};
|
||||
|
||||
const codeql = await getCodeQL(config.codeQLCmd);
|
||||
const queryFlags = [memoryFlag, threadsFlag];
|
||||
|
||||
await util.logCodeScanningConfigInCli(codeql, featureEnablement, logger);
|
||||
await util.logCodeScanningConfigInCli(codeql, features, logger);
|
||||
|
||||
for (const language of config.languages) {
|
||||
const queries = config.queries[language];
|
||||
|
|
@ -224,7 +224,7 @@ export async function runQueries(
|
|||
const packsWithVersion = config.packs[language] || [];
|
||||
|
||||
try {
|
||||
if (await util.useCodeScanningConfigInCli(codeql, featureEnablement)) {
|
||||
if (await util.useCodeScanningConfigInCli(codeql, features)) {
|
||||
// If we are using the code scanning config in the CLI,
|
||||
// much of the work needed to generate the query suites
|
||||
// is done in the CLI. We just need to make a single
|
||||
|
|
@ -367,7 +367,9 @@ export async function runQueries(
|
|||
addSnippetsFlag,
|
||||
threadsFlag,
|
||||
enableDebugLogging ? "-vv" : "-v",
|
||||
automationDetailsId
|
||||
automationDetailsId,
|
||||
config,
|
||||
features
|
||||
);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -628,7 +628,17 @@ test("databaseInterpretResults() does not set --sarif-add-query-help for 2.7.0",
|
|||
sinon.stub(codeqlObject, "getVersion").resolves("2.7.0");
|
||||
// safeWhich throws because of the test CodeQL object.
|
||||
sinon.stub(safeWhich, "safeWhich").resolves("");
|
||||
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "");
|
||||
await codeqlObject.databaseInterpretResults(
|
||||
"",
|
||||
[],
|
||||
"",
|
||||
"",
|
||||
"",
|
||||
"-v",
|
||||
"",
|
||||
stubConfig,
|
||||
createFeatures([])
|
||||
);
|
||||
t.false(
|
||||
runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"),
|
||||
"--sarif-add-query-help should be absent, but it is present"
|
||||
|
|
@ -641,7 +651,17 @@ test("databaseInterpretResults() sets --sarif-add-query-help for 2.7.1", async (
|
|||
sinon.stub(codeqlObject, "getVersion").resolves("2.7.1");
|
||||
// safeWhich throws because of the test CodeQL object.
|
||||
sinon.stub(safeWhich, "safeWhich").resolves("");
|
||||
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "");
|
||||
await codeqlObject.databaseInterpretResults(
|
||||
"",
|
||||
[],
|
||||
"",
|
||||
"",
|
||||
"",
|
||||
"-v",
|
||||
"",
|
||||
stubConfig,
|
||||
createFeatures([])
|
||||
);
|
||||
t.true(
|
||||
runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"),
|
||||
"--sarif-add-query-help should be present, but it is absent"
|
||||
|
|
@ -1129,7 +1149,17 @@ test("databaseInterpretResults() sets --sarif-add-baseline-file-info for 2.11.3"
|
|||
sinon.stub(codeqlObject, "getVersion").resolves("2.11.3");
|
||||
// safeWhich throws because of the test CodeQL object.
|
||||
sinon.stub(safeWhich, "safeWhich").resolves("");
|
||||
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "");
|
||||
await codeqlObject.databaseInterpretResults(
|
||||
"",
|
||||
[],
|
||||
"",
|
||||
"",
|
||||
"",
|
||||
"-v",
|
||||
"",
|
||||
stubConfig,
|
||||
createFeatures([])
|
||||
);
|
||||
t.true(
|
||||
runnerConstructorStub.firstCall.args[1].includes(
|
||||
"--sarif-add-baseline-file-info"
|
||||
|
|
@ -1144,7 +1174,17 @@ test("databaseInterpretResults() does not set --sarif-add-baseline-file-info for
|
|||
sinon.stub(codeqlObject, "getVersion").resolves("2.11.2");
|
||||
// safeWhich throws because of the test CodeQL object.
|
||||
sinon.stub(safeWhich, "safeWhich").resolves("");
|
||||
await codeqlObject.databaseInterpretResults("", [], "", "", "", "-v", "");
|
||||
await codeqlObject.databaseInterpretResults(
|
||||
"",
|
||||
[],
|
||||
"",
|
||||
"",
|
||||
"",
|
||||
"-v",
|
||||
"",
|
||||
stubConfig,
|
||||
createFeatures([])
|
||||
);
|
||||
t.false(
|
||||
runnerConstructorStub.firstCall.args[1].includes(
|
||||
"--sarif-add-baseline-file-info"
|
||||
|
|
|
|||
|
|
@ -6,9 +6,13 @@ import * as yaml from "js-yaml";
|
|||
|
||||
import { getOptionalInput } from "./actions-util";
|
||||
import * as api from "./api-client";
|
||||
import { Config } from "./config-utils";
|
||||
import { Config, getGeneratedCodeScanningConfigPath } from "./config-utils";
|
||||
import { errorMatchers } from "./error-matcher";
|
||||
import { CodeQLDefaultVersionInfo, FeatureEnablement } from "./feature-flags";
|
||||
import {
|
||||
CodeQLDefaultVersionInfo,
|
||||
Feature,
|
||||
FeatureEnablement,
|
||||
} from "./feature-flags";
|
||||
import { ToolsSource } from "./init";
|
||||
import { isTracedLanguage, Language } from "./languages";
|
||||
import { Logger } from "./logging";
|
||||
|
|
@ -90,7 +94,7 @@ export interface CodeQL {
|
|||
config: Config,
|
||||
sourceRoot: string,
|
||||
processName: string | undefined,
|
||||
featureEnablement: FeatureEnablement,
|
||||
features: FeatureEnablement,
|
||||
qlconfigFile: string | undefined,
|
||||
logger: Logger
|
||||
): Promise<void>;
|
||||
|
|
@ -173,7 +177,9 @@ export interface CodeQL {
|
|||
addSnippetsFlag: string,
|
||||
threadsFlag: string,
|
||||
verbosityFlag: string | undefined,
|
||||
automationDetailsId: string | undefined
|
||||
automationDetailsId: string | undefined,
|
||||
config: Config,
|
||||
features: FeatureEnablement
|
||||
): Promise<string>;
|
||||
/**
|
||||
* Run 'codeql database print-baseline'.
|
||||
|
|
@ -184,7 +190,9 @@ export interface CodeQL {
|
|||
*/
|
||||
diagnosticsExport(
|
||||
sarifFile: string,
|
||||
automationDetailsId: string | undefined
|
||||
automationDetailsId: string | undefined,
|
||||
config: Config,
|
||||
features: FeatureEnablement
|
||||
): Promise<void>;
|
||||
}
|
||||
|
||||
|
|
@ -290,6 +298,12 @@ export const CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = "2.10.3";
|
|||
*/
|
||||
export const CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
|
||||
|
||||
/**
|
||||
* Versions 2.12.3+ of the CodeQL CLI support exporting information in the code scanning
|
||||
* configuration file to SARIF.
|
||||
*/
|
||||
export const CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = "2.12.3";
|
||||
|
||||
/**
|
||||
* Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`.
|
||||
*/
|
||||
|
|
@ -570,7 +584,7 @@ export async function getCodeQLForCmd(
|
|||
config: Config,
|
||||
sourceRoot: string,
|
||||
processName: string | undefined,
|
||||
featureEnablement: FeatureEnablement,
|
||||
features: FeatureEnablement,
|
||||
qlconfigFile: string | undefined,
|
||||
logger: Logger
|
||||
) {
|
||||
|
|
@ -605,7 +619,7 @@ export async function getCodeQLForCmd(
|
|||
const codeScanningConfigFile = await generateCodeScanningConfig(
|
||||
codeql,
|
||||
config,
|
||||
featureEnablement,
|
||||
features,
|
||||
logger
|
||||
);
|
||||
// Only pass external repository token if a config file is going to be parsed by the CLI.
|
||||
|
|
@ -841,7 +855,9 @@ export async function getCodeQLForCmd(
|
|||
addSnippetsFlag: string,
|
||||
threadsFlag: string,
|
||||
verbosityFlag: string,
|
||||
automationDetailsId: string | undefined
|
||||
automationDetailsId: string | undefined,
|
||||
config: Config,
|
||||
features: FeatureEnablement
|
||||
): Promise<string> {
|
||||
const codeqlArgs = [
|
||||
"database",
|
||||
|
|
@ -854,6 +870,7 @@ export async function getCodeQLForCmd(
|
|||
"--print-diagnostics-summary",
|
||||
"--print-metrics-summary",
|
||||
"--sarif-group-rules-by-pack",
|
||||
...(await getCodeScanningConfigExportArguments(config, this, features)),
|
||||
...getExtraOptionsFromEnv(["database", "interpret-results"]),
|
||||
];
|
||||
if (await util.codeQlVersionAbove(this, CODEQL_VERSION_CUSTOM_QUERY_HELP))
|
||||
|
|
@ -973,13 +990,16 @@ export async function getCodeQLForCmd(
|
|||
},
|
||||
async diagnosticsExport(
|
||||
sarifFile: string,
|
||||
automationDetailsId: string | undefined
|
||||
automationDetailsId: string | undefined,
|
||||
config: Config,
|
||||
features: FeatureEnablement
|
||||
): Promise<void> {
|
||||
const args = [
|
||||
"diagnostics",
|
||||
"export",
|
||||
"--format=sarif-latest",
|
||||
`--output=${sarifFile}`,
|
||||
...(await getCodeScanningConfigExportArguments(config, this, features)),
|
||||
...getExtraOptionsFromEnv(["diagnostics", "export"]),
|
||||
];
|
||||
if (automationDetailsId !== undefined) {
|
||||
|
|
@ -1118,16 +1138,14 @@ async function runTool(
|
|||
async function generateCodeScanningConfig(
|
||||
codeql: CodeQL,
|
||||
config: Config,
|
||||
featureEnablement: FeatureEnablement,
|
||||
features: FeatureEnablement,
|
||||
logger: Logger
|
||||
): Promise<string | undefined> {
|
||||
if (!(await util.useCodeScanningConfigInCli(codeql, featureEnablement))) {
|
||||
if (!(await util.useCodeScanningConfigInCli(codeql, features))) {
|
||||
return;
|
||||
}
|
||||
const codeScanningConfigFile = path.resolve(
|
||||
config.tempDir,
|
||||
"user-config.yaml"
|
||||
);
|
||||
const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config);
|
||||
|
||||
// make a copy so we can modify it
|
||||
const augmentedConfig = cloneObject(config.originalUserInput);
|
||||
|
||||
|
|
@ -1198,3 +1216,24 @@ async function generateCodeScanningConfig(
|
|||
function cloneObject<T>(obj: T): T {
|
||||
return JSON.parse(JSON.stringify(obj));
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets arguments for passing the code scanning configuration file to interpretation commands like
|
||||
* `codeql database interpret-results` and `codeql database export-diagnostics`.
|
||||
*
|
||||
* Returns an empty list if a code scanning configuration file was not generated by the CLI.
|
||||
*/
|
||||
async function getCodeScanningConfigExportArguments(
|
||||
config: Config,
|
||||
codeql: CodeQL,
|
||||
features: FeatureEnablement
|
||||
): Promise<string[]> {
|
||||
const codeScanningConfigPath = getGeneratedCodeScanningConfigPath(config);
|
||||
if (
|
||||
fs.existsSync(codeScanningConfigPath) &&
|
||||
(await features.getValue(Feature.ExportCodeScanningConfigEnabled, codeql))
|
||||
) {
|
||||
return ["--sarif-codescanning-config", codeScanningConfigPath];
|
||||
}
|
||||
return [];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -398,7 +398,7 @@ async function addBuiltinSuiteQueries(
|
|||
resultMap: Queries,
|
||||
packs: Packs,
|
||||
suiteName: string,
|
||||
featureEnablement: FeatureEnablement,
|
||||
features: FeatureEnablement,
|
||||
configFile?: string
|
||||
): Promise<boolean> {
|
||||
let injectedMlQueries = false;
|
||||
|
|
@ -435,7 +435,7 @@ async function addBuiltinSuiteQueries(
|
|||
found === "security-extended" ||
|
||||
found === "security-and-quality") &&
|
||||
!packs.javascript?.some(isMlPoweredJsQueriesPack) &&
|
||||
(await featureEnablement.getValue(Feature.MlPoweredQueriesEnabled, codeQL))
|
||||
(await features.getValue(Feature.MlPoweredQueriesEnabled, codeQL))
|
||||
) {
|
||||
if (!packs.javascript) {
|
||||
packs.javascript = [];
|
||||
|
|
@ -567,7 +567,7 @@ async function parseQueryUses(
|
|||
tempDir: string,
|
||||
workspacePath: string,
|
||||
apiDetails: api.GitHubApiExternalRepoDetails,
|
||||
featureEnablement: FeatureEnablement,
|
||||
features: FeatureEnablement,
|
||||
logger: Logger,
|
||||
configFile?: string
|
||||
): Promise<boolean> {
|
||||
|
|
@ -596,7 +596,7 @@ async function parseQueryUses(
|
|||
resultMap,
|
||||
packs,
|
||||
queryUses,
|
||||
featureEnablement,
|
||||
features,
|
||||
configFile
|
||||
);
|
||||
}
|
||||
|
|
@ -604,7 +604,7 @@ async function parseQueryUses(
|
|||
// Otherwise, must be a reference to another repo.
|
||||
// If config parsing is handled in CLI, then this repo will be downloaded
|
||||
// later by the CLI.
|
||||
if (!(await useCodeScanningConfigInCli(codeQL, featureEnablement))) {
|
||||
if (!(await useCodeScanningConfigInCli(codeQL, features))) {
|
||||
await addRemoteQueries(
|
||||
codeQL,
|
||||
resultMap,
|
||||
|
|
@ -1011,7 +1011,7 @@ async function addQueriesAndPacksFromWorkflow(
|
|||
tempDir: string,
|
||||
workspacePath: string,
|
||||
apiDetails: api.GitHubApiExternalRepoDetails,
|
||||
featureEnablement: FeatureEnablement,
|
||||
features: FeatureEnablement,
|
||||
logger: Logger
|
||||
): Promise<boolean> {
|
||||
let injectedMlQueries = false;
|
||||
|
|
@ -1029,7 +1029,7 @@ async function addQueriesAndPacksFromWorkflow(
|
|||
tempDir,
|
||||
workspacePath,
|
||||
apiDetails,
|
||||
featureEnablement,
|
||||
features,
|
||||
logger
|
||||
);
|
||||
injectedMlQueries = injectedMlQueries || didInject;
|
||||
|
|
@ -1068,7 +1068,7 @@ export async function getDefaultConfig(
|
|||
workspacePath: string,
|
||||
gitHubVersion: GitHubVersion,
|
||||
apiDetails: api.GitHubApiCombinedDetails,
|
||||
featureEnablement: FeatureEnablement,
|
||||
features: FeatureEnablement,
|
||||
logger: Logger
|
||||
): Promise<Config> {
|
||||
const languages = await getLanguages(
|
||||
|
|
@ -1106,7 +1106,7 @@ export async function getDefaultConfig(
|
|||
tempDir,
|
||||
workspacePath,
|
||||
apiDetails,
|
||||
featureEnablement,
|
||||
features,
|
||||
logger
|
||||
);
|
||||
}
|
||||
|
|
@ -1176,7 +1176,7 @@ async function loadConfig(
|
|||
workspacePath: string,
|
||||
gitHubVersion: GitHubVersion,
|
||||
apiDetails: api.GitHubApiCombinedDetails,
|
||||
featureEnablement: FeatureEnablement,
|
||||
features: FeatureEnablement,
|
||||
logger: Logger
|
||||
): Promise<Config> {
|
||||
let parsedYAML: UserConfig;
|
||||
|
|
@ -1256,7 +1256,7 @@ async function loadConfig(
|
|||
tempDir,
|
||||
workspacePath,
|
||||
apiDetails,
|
||||
featureEnablement,
|
||||
features,
|
||||
logger
|
||||
);
|
||||
}
|
||||
|
|
@ -1281,7 +1281,7 @@ async function loadConfig(
|
|||
tempDir,
|
||||
workspacePath,
|
||||
apiDetails,
|
||||
featureEnablement,
|
||||
features,
|
||||
logger,
|
||||
configFile
|
||||
);
|
||||
|
|
@ -1700,7 +1700,7 @@ export async function initConfig(
|
|||
workspacePath: string,
|
||||
gitHubVersion: GitHubVersion,
|
||||
apiDetails: api.GitHubApiCombinedDetails,
|
||||
featureEnablement: FeatureEnablement,
|
||||
features: FeatureEnablement,
|
||||
logger: Logger
|
||||
): Promise<Config> {
|
||||
let config: Config;
|
||||
|
|
@ -1723,7 +1723,7 @@ export async function initConfig(
|
|||
workspacePath,
|
||||
gitHubVersion,
|
||||
apiDetails,
|
||||
featureEnablement,
|
||||
features,
|
||||
logger
|
||||
);
|
||||
} else {
|
||||
|
|
@ -1743,7 +1743,7 @@ export async function initConfig(
|
|||
workspacePath,
|
||||
gitHubVersion,
|
||||
apiDetails,
|
||||
featureEnablement,
|
||||
features,
|
||||
logger
|
||||
);
|
||||
}
|
||||
|
|
@ -1751,9 +1751,9 @@ export async function initConfig(
|
|||
// When using the codescanning config in the CLI, pack downloads
|
||||
// happen in the CLI during the `database init` command, so no need
|
||||
// to download them here.
|
||||
await logCodeScanningConfigInCli(codeQL, featureEnablement, logger);
|
||||
await logCodeScanningConfigInCli(codeQL, features, logger);
|
||||
|
||||
if (!(await useCodeScanningConfigInCli(codeQL, featureEnablement))) {
|
||||
if (!(await useCodeScanningConfigInCli(codeQL, features))) {
|
||||
// The list of queries should not be empty for any language. If it is then
|
||||
// it is a user configuration error.
|
||||
// This check occurs in the CLI when it parses the config file.
|
||||
|
|
@ -2066,3 +2066,12 @@ export async function wrapEnvironment(
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the path to the code scanning configuration generated by the CLI.
|
||||
*
|
||||
* This will not exist if the configuration is being parsed in the Action.
|
||||
*/
|
||||
export function getGeneratedCodeScanningConfigPath(config: Config): string {
|
||||
return path.resolve(config.tempDir, "user-config.yaml");
|
||||
}
|
||||
|
|
|
|||
|
|
@ -47,7 +47,7 @@ for (const variant of ALL_FEATURES_DISABLED_VARIANTS) {
|
|||
test(`All features are disabled if running against ${variant.description}`, async (t) => {
|
||||
await withTmpDir(async (tmpDir) => {
|
||||
const loggedMessages = [];
|
||||
const featureEnablement = setUpFeatureFlagTests(
|
||||
const features = setUpFeatureFlagTests(
|
||||
tmpDir,
|
||||
getRecordingLogger(loggedMessages),
|
||||
variant.gitHubVersion
|
||||
|
|
@ -55,10 +55,7 @@ for (const variant of ALL_FEATURES_DISABLED_VARIANTS) {
|
|||
|
||||
for (const feature of Object.values(Feature)) {
|
||||
t.deepEqual(
|
||||
await featureEnablement.getValue(
|
||||
feature,
|
||||
includeCodeQlIfRequired(feature)
|
||||
),
|
||||
await features.getValue(feature, includeCodeQlIfRequired(feature)),
|
||||
featureConfig[feature].defaultValue
|
||||
);
|
||||
}
|
||||
|
|
@ -78,7 +75,7 @@ for (const variant of ALL_FEATURES_DISABLED_VARIANTS) {
|
|||
test("API response missing and features use default value", async (t) => {
|
||||
await withTmpDir(async (tmpDir) => {
|
||||
const loggedMessages: LoggedMessage[] = [];
|
||||
const featureEnablement = setUpFeatureFlagTests(
|
||||
const features = setUpFeatureFlagTests(
|
||||
tmpDir,
|
||||
getRecordingLogger(loggedMessages)
|
||||
);
|
||||
|
|
@ -87,10 +84,8 @@ test("API response missing and features use default value", async (t) => {
|
|||
|
||||
for (const feature of Object.values(Feature)) {
|
||||
t.assert(
|
||||
(await featureEnablement.getValue(
|
||||
feature,
|
||||
includeCodeQlIfRequired(feature)
|
||||
)) === featureConfig[feature].defaultValue
|
||||
(await features.getValue(feature, includeCodeQlIfRequired(feature))) ===
|
||||
featureConfig[feature].defaultValue
|
||||
);
|
||||
}
|
||||
assertAllFeaturesUndefinedInApi(t, loggedMessages);
|
||||
|
|
@ -100,7 +95,7 @@ test("API response missing and features use default value", async (t) => {
|
|||
test("Features use default value if they're not returned in API response", async (t) => {
|
||||
await withTmpDir(async (tmpDir) => {
|
||||
const loggedMessages: LoggedMessage[] = [];
|
||||
const featureEnablement = setUpFeatureFlagTests(
|
||||
const features = setUpFeatureFlagTests(
|
||||
tmpDir,
|
||||
getRecordingLogger(loggedMessages)
|
||||
);
|
||||
|
|
@ -109,10 +104,8 @@ test("Features use default value if they're not returned in API response", async
|
|||
|
||||
for (const feature of Object.values(Feature)) {
|
||||
t.assert(
|
||||
(await featureEnablement.getValue(
|
||||
feature,
|
||||
includeCodeQlIfRequired(feature)
|
||||
)) === featureConfig[feature].defaultValue
|
||||
(await features.getValue(feature, includeCodeQlIfRequired(feature))) ===
|
||||
featureConfig[feature].defaultValue
|
||||
);
|
||||
}
|
||||
|
||||
|
|
@ -122,13 +115,13 @@ test("Features use default value if they're not returned in API response", async
|
|||
|
||||
test("Feature flags exception is propagated if the API request errors", async (t) => {
|
||||
await withTmpDir(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
|
||||
mockFeatureFlagApiEndpoint(500, {});
|
||||
|
||||
await t.throwsAsync(
|
||||
async () =>
|
||||
featureEnablement.getValue(
|
||||
features.getValue(
|
||||
Feature.MlPoweredQueriesEnabled,
|
||||
includeCodeQlIfRequired(Feature.MlPoweredQueriesEnabled)
|
||||
),
|
||||
|
|
@ -143,7 +136,7 @@ test("Feature flags exception is propagated if the API request errors", async (t
|
|||
for (const feature of Object.keys(featureConfig)) {
|
||||
test(`Only feature '${feature}' is enabled if enabled in the API response. Other features disabled`, async (t) => {
|
||||
await withTmpDir(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
|
||||
// set all features to false except the one we're testing
|
||||
const expectedFeatureEnablement: { [feature: string]: boolean } = {};
|
||||
|
|
@ -155,7 +148,7 @@ for (const feature of Object.keys(featureConfig)) {
|
|||
// retrieve the values of the actual features
|
||||
const actualFeatureEnablement: { [feature: string]: boolean } = {};
|
||||
for (const f of Object.keys(featureConfig)) {
|
||||
actualFeatureEnablement[f] = await featureEnablement.getValue(
|
||||
actualFeatureEnablement[f] = await features.getValue(
|
||||
f as Feature,
|
||||
includeCodeQlIfRequired(f)
|
||||
);
|
||||
|
|
@ -168,14 +161,14 @@ for (const feature of Object.keys(featureConfig)) {
|
|||
|
||||
test(`Only feature '${feature}' is enabled if the associated environment variable is true. Others disabled.`, async (t) => {
|
||||
await withTmpDir(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
|
||||
const expectedFeatureEnablement = initializeFeatures(false);
|
||||
mockFeatureFlagApiEndpoint(200, expectedFeatureEnablement);
|
||||
|
||||
// feature should be disabled initially
|
||||
t.assert(
|
||||
!(await featureEnablement.getValue(
|
||||
!(await features.getValue(
|
||||
feature as Feature,
|
||||
includeCodeQlIfRequired(feature)
|
||||
))
|
||||
|
|
@ -184,7 +177,7 @@ for (const feature of Object.keys(featureConfig)) {
|
|||
// set env var to true and check that the feature is now enabled
|
||||
process.env[featureConfig[feature].envVar] = "true";
|
||||
t.assert(
|
||||
await featureEnablement.getValue(
|
||||
await features.getValue(
|
||||
feature as Feature,
|
||||
includeCodeQlIfRequired(feature)
|
||||
)
|
||||
|
|
@ -194,14 +187,14 @@ for (const feature of Object.keys(featureConfig)) {
|
|||
|
||||
test(`Feature '${feature}' is disabled if the associated environment variable is false, even if enabled in API`, async (t) => {
|
||||
await withTmpDir(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
|
||||
const expectedFeatureEnablement = initializeFeatures(true);
|
||||
mockFeatureFlagApiEndpoint(200, expectedFeatureEnablement);
|
||||
|
||||
// feature should be enabled initially
|
||||
t.assert(
|
||||
await featureEnablement.getValue(
|
||||
await features.getValue(
|
||||
feature as Feature,
|
||||
includeCodeQlIfRequired(feature)
|
||||
)
|
||||
|
|
@ -210,7 +203,7 @@ for (const feature of Object.keys(featureConfig)) {
|
|||
// set env var to false and check that the feature is now disabled
|
||||
process.env[featureConfig[feature].envVar] = "false";
|
||||
t.assert(
|
||||
!(await featureEnablement.getValue(
|
||||
!(await features.getValue(
|
||||
feature as Feature,
|
||||
includeCodeQlIfRequired(feature)
|
||||
))
|
||||
|
|
@ -221,17 +214,14 @@ for (const feature of Object.keys(featureConfig)) {
|
|||
if (featureConfig[feature].minimumVersion !== undefined) {
|
||||
test(`Getting feature '${feature} should throw if no codeql is provided`, async (t) => {
|
||||
await withTmpDir(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
|
||||
const expectedFeatureEnablement = initializeFeatures(true);
|
||||
mockFeatureFlagApiEndpoint(200, expectedFeatureEnablement);
|
||||
|
||||
await t.throwsAsync(
|
||||
async () => featureEnablement.getValue(feature as Feature),
|
||||
{
|
||||
message: `Internal error: A minimum version is specified for feature ${feature}, but no instance of CodeQL was provided.`,
|
||||
}
|
||||
);
|
||||
await t.throwsAsync(async () => features.getValue(feature as Feature), {
|
||||
message: `Internal error: A minimum version is specified for feature ${feature}, but no instance of CodeQL was provided.`,
|
||||
});
|
||||
});
|
||||
});
|
||||
}
|
||||
|
|
@ -239,35 +229,29 @@ for (const feature of Object.keys(featureConfig)) {
|
|||
if (featureConfig[feature].minimumVersion !== undefined) {
|
||||
test(`Feature '${feature}' is disabled if the minimum CLI version is below ${featureConfig[feature].minimumVersion}`, async (t) => {
|
||||
await withTmpDir(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
|
||||
const expectedFeatureEnablement = initializeFeatures(true);
|
||||
mockFeatureFlagApiEndpoint(200, expectedFeatureEnablement);
|
||||
|
||||
// feature should be disabled when an old CLI version is set
|
||||
let codeql = mockCodeQLVersion("2.0.0");
|
||||
t.assert(
|
||||
!(await featureEnablement.getValue(feature as Feature, codeql))
|
||||
);
|
||||
t.assert(!(await features.getValue(feature as Feature, codeql)));
|
||||
|
||||
// even setting the env var to true should not enable the feature if
|
||||
// the minimum CLI version is not met
|
||||
process.env[featureConfig[feature].envVar] = "true";
|
||||
t.assert(
|
||||
!(await featureEnablement.getValue(feature as Feature, codeql))
|
||||
);
|
||||
t.assert(!(await features.getValue(feature as Feature, codeql)));
|
||||
|
||||
// feature should be enabled when a new CLI version is set
|
||||
// and env var is not set
|
||||
process.env[featureConfig[feature].envVar] = "";
|
||||
codeql = mockCodeQLVersion(featureConfig[feature].minimumVersion);
|
||||
t.assert(await featureEnablement.getValue(feature as Feature, codeql));
|
||||
t.assert(await features.getValue(feature as Feature, codeql));
|
||||
|
||||
// set env var to false and check that the feature is now disabled
|
||||
process.env[featureConfig[feature].envVar] = "false";
|
||||
t.assert(
|
||||
!(await featureEnablement.getValue(feature as Feature, codeql))
|
||||
);
|
||||
t.assert(!(await features.getValue(feature as Feature, codeql)));
|
||||
});
|
||||
});
|
||||
}
|
||||
|
|
@ -293,7 +277,7 @@ test("At least one feature has a minimum version specified", (t) => {
|
|||
|
||||
test("Feature flags are saved to disk", async (t) => {
|
||||
await withTmpDir(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
const expectedFeatureEnablement = initializeFeatures(true);
|
||||
mockFeatureFlagApiEndpoint(200, expectedFeatureEnablement);
|
||||
|
||||
|
|
@ -305,7 +289,7 @@ test("Feature flags are saved to disk", async (t) => {
|
|||
);
|
||||
|
||||
t.true(
|
||||
await featureEnablement.getValue(
|
||||
await features.getValue(
|
||||
Feature.CliConfigFileEnabled,
|
||||
includeCodeQlIfRequired(Feature.CliConfigFileEnabled)
|
||||
),
|
||||
|
|
@ -330,10 +314,10 @@ test("Feature flags are saved to disk", async (t) => {
|
|||
);
|
||||
|
||||
// delete the in memory cache so that we are forced to use the cached file
|
||||
(featureEnablement as any).gitHubFeatureFlags.cachedApiResponse = undefined;
|
||||
(features as any).gitHubFeatureFlags.cachedApiResponse = undefined;
|
||||
|
||||
t.false(
|
||||
await featureEnablement.getValue(
|
||||
await features.getValue(
|
||||
Feature.CliConfigFileEnabled,
|
||||
includeCodeQlIfRequired(Feature.CliConfigFileEnabled)
|
||||
),
|
||||
|
|
@ -344,13 +328,13 @@ test("Feature flags are saved to disk", async (t) => {
|
|||
|
||||
test("Environment variable can override feature flag cache", async (t) => {
|
||||
await withTmpDir(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
const expectedFeatureEnablement = initializeFeatures(true);
|
||||
mockFeatureFlagApiEndpoint(200, expectedFeatureEnablement);
|
||||
|
||||
const cachedFeatureFlags = path.join(tmpDir, FEATURE_FLAGS_FILE_NAME);
|
||||
t.true(
|
||||
await featureEnablement.getValue(
|
||||
await features.getValue(
|
||||
Feature.CliConfigFileEnabled,
|
||||
includeCodeQlIfRequired(Feature.CliConfigFileEnabled)
|
||||
),
|
||||
|
|
@ -364,7 +348,7 @@ test("Environment variable can override feature flag cache", async (t) => {
|
|||
process.env.CODEQL_PASS_CONFIG_TO_CLI = "false";
|
||||
|
||||
t.false(
|
||||
await featureEnablement.getValue(
|
||||
await features.getValue(
|
||||
Feature.CliConfigFileEnabled,
|
||||
includeCodeQlIfRequired(Feature.CliConfigFileEnabled)
|
||||
),
|
||||
|
|
@ -390,7 +374,7 @@ for (const variant of [GitHubVariant.GHAE, GitHubVariant.GHES]) {
|
|||
|
||||
test("selects CLI v2.12.1 on Dotcom when feature flags enable v2.12.0 and v2.12.1", async (t) => {
|
||||
await withTmpDir(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
const expectedFeatureEnablement = initializeFeatures(true);
|
||||
expectedFeatureEnablement["default_codeql_version_2_12_0_enabled"] = true;
|
||||
expectedFeatureEnablement["default_codeql_version_2_12_1_enabled"] = true;
|
||||
|
|
@ -400,7 +384,7 @@ test("selects CLI v2.12.1 on Dotcom when feature flags enable v2.12.0 and v2.12.
|
|||
expectedFeatureEnablement["default_codeql_version_2_12_5_enabled"] = false;
|
||||
mockFeatureFlagApiEndpoint(200, expectedFeatureEnablement);
|
||||
|
||||
const defaultCliVersion = await featureEnablement.getDefaultCliVersion(
|
||||
const defaultCliVersion = await features.getDefaultCliVersion(
|
||||
GitHubVariant.DOTCOM
|
||||
);
|
||||
t.deepEqual(defaultCliVersion, {
|
||||
|
|
@ -413,11 +397,11 @@ test("selects CLI v2.12.1 on Dotcom when feature flags enable v2.12.0 and v2.12.
|
|||
|
||||
test(`selects CLI from defaults.json on Dotcom when no default version feature flags are enabled`, async (t) => {
|
||||
await withTmpDir(async (tmpDir) => {
|
||||
const featureEnablement = setUpFeatureFlagTests(tmpDir);
|
||||
const features = setUpFeatureFlagTests(tmpDir);
|
||||
const expectedFeatureEnablement = initializeFeatures(true);
|
||||
mockFeatureFlagApiEndpoint(200, expectedFeatureEnablement);
|
||||
|
||||
const defaultCliVersion = await featureEnablement.getDefaultCliVersion(
|
||||
const defaultCliVersion = await features.getDefaultCliVersion(
|
||||
GitHubVariant.DOTCOM
|
||||
);
|
||||
t.deepEqual(defaultCliVersion, {
|
||||
|
|
@ -431,7 +415,7 @@ test(`selects CLI from defaults.json on Dotcom when no default version feature f
|
|||
test("ignores invalid version numbers in default version feature flags", async (t) => {
|
||||
await withTmpDir(async (tmpDir) => {
|
||||
const loggedMessages = [];
|
||||
const featureEnablement = setUpFeatureFlagTests(
|
||||
const features = setUpFeatureFlagTests(
|
||||
tmpDir,
|
||||
getRecordingLogger(loggedMessages)
|
||||
);
|
||||
|
|
@ -442,7 +426,7 @@ test("ignores invalid version numbers in default version feature flags", async (
|
|||
true;
|
||||
mockFeatureFlagApiEndpoint(200, expectedFeatureEnablement);
|
||||
|
||||
const defaultCliVersion = await featureEnablement.getDefaultCliVersion(
|
||||
const defaultCliVersion = await features.getDefaultCliVersion(
|
||||
GitHubVariant.DOTCOM
|
||||
);
|
||||
t.deepEqual(defaultCliVersion, {
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ import * as path from "path";
|
|||
import * as semver from "semver";
|
||||
|
||||
import { getApiClient } from "./api-client";
|
||||
import { CodeQL } from "./codeql";
|
||||
import { CodeQL, CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG } from "./codeql";
|
||||
import * as defaults from "./defaults.json";
|
||||
import { Logger } from "./logging";
|
||||
import { RepositoryNwo } from "./repository";
|
||||
|
|
@ -36,6 +36,7 @@ export interface FeatureEnablement {
|
|||
export enum Feature {
|
||||
CliConfigFileEnabled = "cli_config_file_enabled",
|
||||
DisableKotlinAnalysisEnabled = "disable_kotlin_analysis_enabled",
|
||||
ExportCodeScanningConfigEnabled = "export_code_scanning_config_enabled",
|
||||
MlPoweredQueriesEnabled = "ml_powered_queries_enabled",
|
||||
UploadFailedSarifEnabled = "upload_failed_sarif_enabled",
|
||||
}
|
||||
|
|
@ -54,6 +55,11 @@ export const featureConfig: Record<
|
|||
minimumVersion: "2.11.6",
|
||||
defaultValue: true,
|
||||
},
|
||||
[Feature.ExportCodeScanningConfigEnabled]: {
|
||||
envVar: "CODEQL_ACTION_EXPORT_CODE_SCANNING_CONFIG",
|
||||
minimumVersion: CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG,
|
||||
defaultValue: false,
|
||||
},
|
||||
[Feature.MlPoweredQueriesEnabled]: {
|
||||
envVar: "CODEQL_ML_POWERED_QUERIES",
|
||||
minimumVersion: "2.7.5",
|
||||
|
|
@ -264,12 +270,12 @@ class GitHubFeatureFlags {
|
|||
this.logger.debug(`No feature flags API response for ${feature}.`);
|
||||
return undefined;
|
||||
}
|
||||
const featureEnablement = response[feature];
|
||||
if (featureEnablement === undefined) {
|
||||
const features = response[feature];
|
||||
if (features === undefined) {
|
||||
this.logger.debug(`Feature '${feature}' undefined in API response.`);
|
||||
return undefined;
|
||||
}
|
||||
return !!featureEnablement;
|
||||
return !!features;
|
||||
}
|
||||
|
||||
private async getAllFeatures(): Promise<GitHubFeatureFlagsApiResponse> {
|
||||
|
|
|
|||
|
|
@ -289,7 +289,12 @@ async function testFailedSarifUpload(
|
|||
}
|
||||
if (expectUpload) {
|
||||
t.true(
|
||||
diagnosticsExportStub.calledOnceWith(sinon.match.string, category),
|
||||
diagnosticsExportStub.calledOnceWith(
|
||||
sinon.match.string,
|
||||
category,
|
||||
sinon.match.any,
|
||||
sinon.match.any
|
||||
),
|
||||
`Actual args were: ${diagnosticsExportStub.args}`
|
||||
);
|
||||
t.true(
|
||||
|
|
|
|||
|
|
@ -43,19 +43,14 @@ function createFailedUploadFailedSarifResult(
|
|||
async function maybeUploadFailedSarif(
|
||||
config: Config,
|
||||
repositoryNwo: RepositoryNwo,
|
||||
featureEnablement: FeatureEnablement,
|
||||
features: FeatureEnablement,
|
||||
logger: Logger
|
||||
): Promise<UploadFailedSarifResult> {
|
||||
if (!config.codeQLCmd) {
|
||||
return { upload_failed_run_skipped_because: "CodeQL command not found" };
|
||||
}
|
||||
const codeql = await getCodeQL(config.codeQLCmd);
|
||||
if (
|
||||
!(await featureEnablement.getValue(
|
||||
Feature.UploadFailedSarifEnabled,
|
||||
codeql
|
||||
))
|
||||
) {
|
||||
if (!(await features.getValue(Feature.UploadFailedSarifEnabled, codeql))) {
|
||||
return { upload_failed_run_skipped_because: "Feature disabled" };
|
||||
}
|
||||
const workflow = await getWorkflow();
|
||||
|
|
@ -71,7 +66,7 @@ async function maybeUploadFailedSarif(
|
|||
const checkoutPath = getCheckoutPathInputOrThrow(workflow, jobName, matrix);
|
||||
|
||||
const sarifFile = "../codeql-failed-run.sarif";
|
||||
await codeql.diagnosticsExport(sarifFile, category);
|
||||
await codeql.diagnosticsExport(sarifFile, category, config, features);
|
||||
|
||||
core.info(`Uploading failed SARIF file ${sarifFile}`);
|
||||
const uploadResult = await uploadLib.uploadFromActions(
|
||||
|
|
@ -92,7 +87,7 @@ async function maybeUploadFailedSarif(
|
|||
export async function tryUploadSarifIfRunFailed(
|
||||
config: Config,
|
||||
repositoryNwo: RepositoryNwo,
|
||||
featureEnablement: FeatureEnablement,
|
||||
features: FeatureEnablement,
|
||||
logger: Logger
|
||||
): Promise<UploadFailedSarifResult> {
|
||||
if (process.env[CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY] !== "true") {
|
||||
|
|
@ -100,7 +95,7 @@ export async function tryUploadSarifIfRunFailed(
|
|||
return await maybeUploadFailedSarif(
|
||||
config,
|
||||
repositoryNwo,
|
||||
featureEnablement,
|
||||
features,
|
||||
logger
|
||||
);
|
||||
} catch (e) {
|
||||
|
|
@ -122,7 +117,7 @@ export async function run(
|
|||
uploadLogsDebugArtifact: Function,
|
||||
printDebugLogs: Function,
|
||||
repositoryNwo: RepositoryNwo,
|
||||
featureEnablement: FeatureEnablement,
|
||||
features: FeatureEnablement,
|
||||
logger: Logger
|
||||
) {
|
||||
const config = await getConfig(actionsUtil.getTemporaryDirectory(), logger);
|
||||
|
|
@ -136,7 +131,7 @@ export async function run(
|
|||
const uploadFailedSarifResult = await tryUploadSarifIfRunFailed(
|
||||
config,
|
||||
repositoryNwo,
|
||||
featureEnablement,
|
||||
features,
|
||||
logger
|
||||
);
|
||||
if (uploadFailedSarifResult.upload_failed_run_skipped_because) {
|
||||
|
|
|
|||
10
src/init.ts
10
src/init.ts
|
|
@ -68,7 +68,7 @@ export async function initConfig(
|
|||
workspacePath: string,
|
||||
gitHubVersion: util.GitHubVersion,
|
||||
apiDetails: GitHubApiCombinedDetails,
|
||||
featureEnablement: FeatureEnablement,
|
||||
features: FeatureEnablement,
|
||||
logger: Logger
|
||||
): Promise<configUtils.Config> {
|
||||
logger.startGroup("Load language configuration");
|
||||
|
|
@ -89,7 +89,7 @@ export async function initConfig(
|
|||
workspacePath,
|
||||
gitHubVersion,
|
||||
apiDetails,
|
||||
featureEnablement,
|
||||
features,
|
||||
logger
|
||||
);
|
||||
analysisPaths.printPathFiltersWarning(config, logger);
|
||||
|
|
@ -103,7 +103,7 @@ export async function runInit(
|
|||
sourceRoot: string,
|
||||
processName: string | undefined,
|
||||
registriesInput: string | undefined,
|
||||
featureEnablement: FeatureEnablement,
|
||||
features: FeatureEnablement,
|
||||
apiDetails: GitHubApiCombinedDetails,
|
||||
logger: Logger
|
||||
): Promise<TracerConfig | undefined> {
|
||||
|
|
@ -117,7 +117,7 @@ export async function runInit(
|
|||
// before the `pack download` command was invoked. It is not required for the init command.
|
||||
let registriesAuthTokens: string | undefined;
|
||||
let qlconfigFile: string | undefined;
|
||||
if (await util.useCodeScanningConfigInCli(codeql, featureEnablement)) {
|
||||
if (await util.useCodeScanningConfigInCli(codeql, features)) {
|
||||
({ registriesAuthTokens, qlconfigFile } =
|
||||
await configUtils.generateRegistries(
|
||||
registriesInput,
|
||||
|
|
@ -138,7 +138,7 @@ export async function runInit(
|
|||
config,
|
||||
sourceRoot,
|
||||
processName,
|
||||
featureEnablement,
|
||||
features,
|
||||
qlconfigFile,
|
||||
logger
|
||||
)
|
||||
|
|
|
|||
|
|
@ -664,17 +664,17 @@ export function isInTestMode(): boolean {
|
|||
*/
|
||||
export async function useCodeScanningConfigInCli(
|
||||
codeql: CodeQL,
|
||||
featureEnablement: FeatureEnablement
|
||||
features: FeatureEnablement
|
||||
): Promise<boolean> {
|
||||
return await featureEnablement.getValue(Feature.CliConfigFileEnabled, codeql);
|
||||
return await features.getValue(Feature.CliConfigFileEnabled, codeql);
|
||||
}
|
||||
|
||||
export async function logCodeScanningConfigInCli(
|
||||
codeql: CodeQL,
|
||||
featureEnablement: FeatureEnablement,
|
||||
features: FeatureEnablement,
|
||||
logger: Logger
|
||||
) {
|
||||
if (await useCodeScanningConfigInCli(codeql, featureEnablement)) {
|
||||
if (await useCodeScanningConfigInCli(codeql, features)) {
|
||||
logger.info(
|
||||
"Code Scanning configuration file being processed in the codeql CLI."
|
||||
);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue