robojerk/codeql-action

Gate config export behind a feature flag

Browse source
This commit is contained in:
Henry Mercer 2023-03-09 16:44:45 +00:00
parent 4b1f530308
commit fc1366f6ec
18 changed files with 74 additions and 55 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/analyze.ts
View file

@ -368,7 +368,8 @@ export async function runQueries(
threadsFlag,
enableDebugLogging ? "-vv" : "-v",
automationDetailsId,
config
config,
featureEnablement
);
}

12
src/codeql.test.ts
View file

@ -636,7 +636,8 @@ test("databaseInterpretResults() does not set --sarif-add-query-help for 2.7.0",
"",
"-v",
"",
stubConfig
stubConfig,
createFeatures([])
);
t.false(
runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"),
@ -658,7 +659,8 @@ test("databaseInterpretResults() sets --sarif-add-query-help for 2.7.1", async (
"",
"-v",
"",
stubConfig
stubConfig,
createFeatures([])
);
t.true(
runnerConstructorStub.firstCall.args[1].includes("--sarif-add-query-help"),
@ -1155,7 +1157,8 @@ test("databaseInterpretResults() sets --sarif-add-baseline-file-info for 2.11.3"
"",
"-v",
"",
stubConfig
stubConfig,
createFeatures([])
);
t.true(
runnerConstructorStub.firstCall.args[1].includes(
@ -1179,7 +1182,8 @@ test("databaseInterpretResults() does not set --sarif-add-baseline-file-info for
"",
"-v",
"",
stubConfig
stubConfig,
createFeatures([])
);
t.false(
runnerConstructorStub.firstCall.args[1].includes(

30
src/codeql.ts
View file

@ -8,7 +8,11 @@ import { getOptionalInput } from "./actions-util";
import * as api from "./api-client";
import { Config, getGeneratedCodeScanningConfigPath } from "./config-utils";
import { errorMatchers } from "./error-matcher";
import { CodeQLDefaultVersionInfo, FeatureEnablement } from "./feature-flags";
import {
CodeQLDefaultVersionInfo,
Feature,
FeatureEnablement,
} from "./feature-flags";
import { ToolsSource } from "./init";
import { isTracedLanguage, Language } from "./languages";
import { Logger } from "./logging";
@ -174,7 +178,8 @@ export interface CodeQL {
threadsFlag: string,
verbosityFlag: string | undefined,
automationDetailsId: string | undefined,
config: Config
config: Config,
features: FeatureEnablement
): Promise<string>;
/**
* Run 'codeql database print-baseline'.
@ -186,7 +191,8 @@ export interface CodeQL {
diagnosticsExport(
sarifFile: string,
automationDetailsId: string | undefined,
config: Config
config: Config,
features: FeatureEnablement
): Promise<void>;
}
@ -850,7 +856,8 @@ export async function getCodeQLForCmd(
threadsFlag: string,
verbosityFlag: string,
automationDetailsId: string | undefined,
config: Config
config: Config,
features: FeatureEnablement
): Promise<string> {
const codeqlArgs = [
"database",
@ -863,7 +870,7 @@ export async function getCodeQLForCmd(
"--print-diagnostics-summary",
"--print-metrics-summary",
"--sarif-group-rules-by-pack",
...(await getCodeScanningConfigExportArguments(config, this)),
...(await getCodeScanningConfigExportArguments(config, this, features)),
...getExtraOptionsFromEnv(["database", "interpret-results"]),
];
if (await util.codeQlVersionAbove(this, CODEQL_VERSION_CUSTOM_QUERY_HELP))
@ -984,14 +991,15 @@ export async function getCodeQLForCmd(
async diagnosticsExport(
sarifFile: string,
automationDetailsId: string | undefined,
config: Config
config: Config,
features: FeatureEnablement
): Promise<void> {
const args = [
"diagnostics",
"export",
"--format=sarif-latest",
`--output=${sarifFile}`,
...(await getCodeScanningConfigExportArguments(config, this)),
...(await getCodeScanningConfigExportArguments(config, this, features)),
...getExtraOptionsFromEnv(["diagnostics", "export"]),
];
if (automationDetailsId !== undefined) {
@ -1217,15 +1225,13 @@ function cloneObject<T>(obj: T): T {
*/
async function getCodeScanningConfigExportArguments(
config: Config,
codeql: CodeQL
codeql: CodeQL,
features: FeatureEnablement
): Promise<string[]> {
const codeScanningConfigPath = getGeneratedCodeScanningConfigPath(config);
if (
fs.existsSync(codeScanningConfigPath) &&
(await util.codeQlVersionAbove(
codeql,
CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG
))
(await features.getValue(Feature.ExportCodeScanningConfigEnabled, codeql))
) {
return ["--sarif-codescanning-config", codeScanningConfigPath];
}

7
src/feature-flags.ts
View file

@ -4,7 +4,7 @@ import * as path from "path";
import * as semver from "semver";
import { getApiClient } from "./api-client";
import { CodeQL } from "./codeql";
import { CodeQL, CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG } from "./codeql";
import * as defaults from "./defaults.json";
import { Logger } from "./logging";
import { RepositoryNwo } from "./repository";
@ -36,6 +36,7 @@ export interface FeatureEnablement {
export enum Feature {
CliConfigFileEnabled = "cli_config_file_enabled",
DisableKotlinAnalysisEnabled = "disable_kotlin_analysis_enabled",
ExportCodeScanningConfigEnabled = "export_code_scanning_config_enabled",
MlPoweredQueriesEnabled = "ml_powered_queries_enabled",
UploadFailedSarifEnabled = "upload_failed_sarif_enabled",
}
@ -52,6 +53,10 @@ export const featureConfig: Record<
envVar: "CODEQL_PASS_CONFIG_TO_CLI",
minimumVersion: "2.11.6",
},
[Feature.ExportCodeScanningConfigEnabled]: {
envVar: "CODEQL_ACTION_EXPORT_CODE_SCANNING_CONFIG",
minimumVersion: CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG,
},
[Feature.MlPoweredQueriesEnabled]: {
envVar: "CODEQL_ML_POWERED_QUERIES",
minimumVersion: "2.7.5",

1
src/init-action-post-helper.test.ts
View file

@ -292,6 +292,7 @@ async function testFailedSarifUpload(
diagnosticsExportStub.calledOnceWith(
sinon.match.string,
category,
sinon.match.any,
sinon.match.any
),
`Actual args were: ${diagnosticsExportStub.args}`

19
src/init-action-post-helper.ts
View file

@ -43,19 +43,14 @@ function createFailedUploadFailedSarifResult(
async function maybeUploadFailedSarif(
config: Config,
repositoryNwo: RepositoryNwo,
featureEnablement: FeatureEnablement,
features: FeatureEnablement,
logger: Logger
): Promise<UploadFailedSarifResult> {
if (!config.codeQLCmd) {
return { upload_failed_run_skipped_because: "CodeQL command not found" };
}
const codeql = await getCodeQL(config.codeQLCmd);
if (
!(await featureEnablement.getValue(
Feature.UploadFailedSarifEnabled,
codeql
))
) {
if (!(await features.getValue(Feature.UploadFailedSarifEnabled, codeql))) {
return { upload_failed_run_skipped_because: "Feature disabled" };
}
const workflow = await getWorkflow();
@ -71,7 +66,7 @@ async function maybeUploadFailedSarif(
const checkoutPath = getCheckoutPathInputOrThrow(workflow, jobName, matrix);
const sarifFile = "../codeql-failed-run.sarif";
await codeql.diagnosticsExport(sarifFile, category, config);
await codeql.diagnosticsExport(sarifFile, category, config, features);
core.info(`Uploading failed SARIF file ${sarifFile}`);
const uploadResult = await uploadLib.uploadFromActions(
@ -92,7 +87,7 @@ async function maybeUploadFailedSarif(
export async function tryUploadSarifIfRunFailed(
config: Config,
repositoryNwo: RepositoryNwo,
featureEnablement: FeatureEnablement,
features: FeatureEnablement,
logger: Logger
): Promise<UploadFailedSarifResult> {
if (process.env[CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY] !== "true") {
@ -100,7 +95,7 @@ export async function tryUploadSarifIfRunFailed(
return await maybeUploadFailedSarif(
config,
repositoryNwo,
featureEnablement,
features,
logger
);
} catch (e) {
@ -122,7 +117,7 @@ export async function run(
uploadLogsDebugArtifact: Function,
printDebugLogs: Function,
repositoryNwo: RepositoryNwo,
featureEnablement: FeatureEnablement,
features: FeatureEnablement,
logger: Logger
) {
const config = await getConfig(actionsUtil.getTemporaryDirectory(), logger);
@ -136,7 +131,7 @@ export async function run(
const uploadFailedSarifResult = await tryUploadSarifIfRunFailed(
config,
repositoryNwo,
featureEnablement,
features,
logger
);
if (uploadFailedSarifResult.upload_failed_run_skipped_because) {