diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 29896e043..118f19e37 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -85857,6 +85857,66 @@ function isAnalyzingPullRequest() { return getPullRequestBranches() !== void 0; } +// src/analyses.ts +var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { + AnalysisKind2["CodeScanning"] = "code-scanning"; + AnalysisKind2["CodeQuality"] = "code-quality"; + AnalysisKind2["RiskAssessment"] = "risk-assessment"; + return AnalysisKind2; +})(AnalysisKind || {}); +var compatibilityMatrix = { + ["code-scanning" /* CodeScanning */]: /* @__PURE__ */ new Set(["code-quality" /* CodeQuality */]), + ["code-quality" /* CodeQuality */]: /* @__PURE__ */ new Set(["code-scanning" /* CodeScanning */]), + ["risk-assessment" /* RiskAssessment */]: /* @__PURE__ */ new Set() +}; +var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); +async function parseAnalysisKinds(input) { + const components = input.split(","); + if (components.length < 1) { + throw new ConfigurationError( + "At least one analysis kind must be configured." + ); + } + for (const component of components) { + if (!supportedAnalysisKinds.has(component)) { + throw new ConfigurationError(`Unknown analysis kind: ${component}`); + } + } + return Array.from( + new Set(components.map((component) => component)) + ); +} +var cachedAnalysisKinds; +async function getAnalysisKinds(logger, skipCache = false) { + if (!skipCache && cachedAnalysisKinds !== void 0) { + return cachedAnalysisKinds; + } + const analysisKinds = await parseAnalysisKinds( + getRequiredInput("analysis-kinds") + ); + const qualityQueriesInput = getOptionalInput("quality-queries"); + if (qualityQueriesInput !== void 0) { + logger.warning( + "The `quality-queries` input is deprecated and will be removed in a future version of the CodeQL Action. Use the `analysis-kinds` input to configure different analysis kinds instead." + ); + } + if (!analysisKinds.includes("code-quality" /* CodeQuality */) && qualityQueriesInput !== void 0) { + analysisKinds.push("code-quality" /* CodeQuality */); + } + for (const analysisKind of analysisKinds) { + for (const otherAnalysisKind of analysisKinds) { + if (analysisKind === otherAnalysisKind) continue; + if (!compatibilityMatrix[analysisKind].has(otherAnalysisKind)) { + throw new ConfigurationError( + `${analysisKind} and ${otherAnalysisKind} cannot be enabled at the same time` + ); + } + } + } + cachedAnalysisKinds = analysisKinds; + return cachedAnalysisKinds; +} + // src/api-client.ts var core5 = __toESM(require_core()); var githubUtils = __toESM(require_utils4()); @@ -86124,10 +86184,146 @@ function wrapApiConfigurationError(e) { return e; } +// src/config-utils.ts +var core9 = __toESM(require_core()); + +// src/caching-utils.ts +var crypto2 = __toESM(require("crypto")); +var core6 = __toESM(require_core()); +var cacheKeyHashLength = 16; +function createCacheKeyHash(components) { + const componentsJson = JSON.stringify(components); + return crypto2.createHash("sha256").update(componentsJson).digest("hex").substring(0, cacheKeyHashLength); +} + +// src/config/db-config.ts +var jsonschema = __toESM(require_lib2()); +var semver2 = __toESM(require_semver2()); + +// src/feature-flags/properties.ts +var RepositoryPropertyName = /* @__PURE__ */ ((RepositoryPropertyName2) => { + RepositoryPropertyName2["DISABLE_OVERLAY"] = "github-codeql-disable-overlay"; + RepositoryPropertyName2["EXTRA_QUERIES"] = "github-codeql-extra-queries"; + RepositoryPropertyName2["FILE_COVERAGE_ON_PRS"] = "github-codeql-file-coverage-on-prs"; + return RepositoryPropertyName2; +})(RepositoryPropertyName || {}); +var KNOWN_REPOSITORY_PROPERTY_NAMES = new Set( + Object.values(RepositoryPropertyName) +); + +// src/config/db-config.ts +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); + +// src/diagnostics.ts +var import_fs = require("fs"); +var import_path = __toESM(require("path")); + +// src/logging.ts +var core7 = __toESM(require_core()); +function getActionsLogger() { + return { + debug: core7.debug, + info: core7.info, + warning: core7.warning, + error: core7.error, + isDebug: core7.isDebug, + startGroup: core7.startGroup, + endGroup: core7.endGroup + }; +} +function formatDuration(durationMs) { + if (durationMs < 1e3) { + return `${durationMs}ms`; + } + if (durationMs < 60 * 1e3) { + return `${(durationMs / 1e3).toFixed(1)}s`; + } + const minutes = Math.floor(durationMs / (60 * 1e3)); + const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3); + return `${minutes}m${seconds}s`; +} + +// src/diagnostics.ts +var unwrittenDiagnostics = []; +var unwrittenDefaultLanguageDiagnostics = []; +var diagnosticCounter = 0; +function makeDiagnostic(id, name, data = void 0) { + return { + ...data, + timestamp: data?.timestamp ?? (/* @__PURE__ */ new Date()).toISOString(), + source: { ...data?.source, id, name } + }; +} +function addDiagnostic(config, language, diagnostic) { + const logger = getActionsLogger(); + const databasePath = language ? getCodeQLDatabasePath(config, language) : config.dbLocation; + if ((0, import_fs.existsSync)(databasePath)) { + writeDiagnostic(config, language, diagnostic); + } else { + logger.debug( + `Writing a diagnostic for ${language}, but the database at ${databasePath} does not exist yet.` + ); + unwrittenDiagnostics.push({ diagnostic, language }); + } +} +function addNoLanguageDiagnostic(config, diagnostic) { + if (config !== void 0) { + addDiagnostic( + config, + // Arbitrarily choose the first language. We could also choose all languages, but that + // increases the risk of misinterpreting the data. + config.languages[0], + diagnostic + ); + } else { + unwrittenDefaultLanguageDiagnostics.push(diagnostic); + } +} +function writeDiagnostic(config, language, diagnostic) { + const logger = getActionsLogger(); + const databasePath = language ? getCodeQLDatabasePath(config, language) : config.dbLocation; + const diagnosticsPath = import_path.default.resolve( + databasePath, + "diagnostic", + "codeql-action" + ); + try { + (0, import_fs.mkdirSync)(diagnosticsPath, { recursive: true }); + const uniqueSuffix = (diagnosticCounter++).toString(); + const sanitizedTimestamp = diagnostic.timestamp.replace( + /[^a-zA-Z0-9.-]/g, + "" + ); + const jsonPath = import_path.default.resolve( + diagnosticsPath, + `codeql-action-${sanitizedTimestamp}-${uniqueSuffix}.json` + ); + (0, import_fs.writeFileSync)(jsonPath, JSON.stringify(diagnostic)); + } catch (err) { + logger.warning(`Unable to write diagnostic message to database: ${err}`); + logger.debug(JSON.stringify(diagnostic)); + } +} +function makeTelemetryDiagnostic(id, name, attributes) { + return makeDiagnostic(id, name, { + attributes, + visibility: { + cliSummaryTable: false, + statusPage: false, + telemetry: true + } + }); +} + // src/feature-flags.ts var fs5 = __toESM(require("fs")); -var path5 = __toESM(require("path")); -var semver4 = __toESM(require_semver2()); +var path6 = __toESM(require("path")); +var semver5 = __toESM(require_semver2()); // src/defaults.json var bundleVersion = "codeql-bundle-v2.25.4"; @@ -86135,19 +86331,19 @@ var cliVersion = "2.25.4"; // src/overlay/index.ts var fs4 = __toESM(require("fs")); -var path4 = __toESM(require("path")); +var path5 = __toESM(require("path")); // src/git-utils.ts var fs3 = __toESM(require("fs")); -var path3 = __toESM(require("path")); -var core6 = __toESM(require_core()); +var path4 = __toESM(require("path")); +var core8 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); -var semver2 = __toESM(require_semver2()); +var semver3 = __toESM(require_semver2()); var runGitCommand = async function(workingDirectory, args, customErrorMessage, options) { let stdout = ""; let stderr = ""; - core6.debug(`Running git command: git ${args.join(" ")}`); + core8.debug(`Running git command: git ${args.join(" ")}`); try { await new toolrunner2.ToolRunner(await io3.which("git", true), args, { silent: true, @@ -86168,7 +86364,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage, o if (stderr.includes("not a git repository")) { reason = "The checkout path provided to the action does not appear to be a git repository."; } - core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + core8.info(`git call failed. ${customErrorMessage} Error: ${reason}`); throw error3; } }; @@ -86230,7 +86426,7 @@ var getGitRoot = async function(sourceRoot) { } }; function hasSubmodules(gitRoot) { - return fs3.existsSync(path3.join(gitRoot, ".gitmodules")); + return fs3.existsSync(path4.join(gitRoot, ".gitmodules")); } var getFileOidsUnderPath = async function(basePath) { const gitRoot = await getGitRoot(basePath); @@ -86297,7 +86493,7 @@ async function getRef() { ) !== head; if (hasChangedRef) { const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core6.debug( + core8.debug( `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); return newRef; @@ -86362,7 +86558,7 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) { const diffRangeFiles = await getDiffRangeFilePaths(sourceRoot, logger); const changedFiles = [.../* @__PURE__ */ new Set([...oidChangedFiles, ...diffRangeFiles])]; const changedFilesJson = JSON.stringify({ changes: changedFiles }); - const overlayChangesFile = path4.join( + const overlayChangesFile = path5.join( getTemporaryDirectory(), "overlay-changes.json" ); @@ -86428,13 +86624,13 @@ async function getDiffRangeFilePaths(sourceRoot, logger) { return [...new Set(diffRanges.map((r) => r.path))]; } const relativePaths = diffRanges.map( - (r) => path4.relative(sourceRoot, path4.join(repoRoot, r.path)).replaceAll(path4.sep, "/") + (r) => path5.relative(sourceRoot, path5.join(repoRoot, r.path)).replaceAll(path5.sep, "/") ).filter((rel) => !rel.startsWith("..")); return [...new Set(relativePaths)]; } // src/tools-features.ts -var semver3 = __toESM(require_semver2()); +var semver4 = __toESM(require_semver2()); function isSupportedToolsFeature(versionInfo, feature) { return !!versionInfo.features && versionInfo.features[feature]; } @@ -86774,7 +86970,7 @@ var Features = class extends OfflineFeatures { super(logger); this.gitHubFeatureFlags = new GitHubFeatureFlags( repositoryNwo, - path5.join(tempDir, FEATURE_FLAGS_FILE_NAME), + path6.join(tempDir, FEATURE_FLAGS_FILE_NAME), logger ); } @@ -86833,7 +87029,7 @@ var GitHubFeatureFlags = class { DEFAULT_VERSION_FEATURE_FLAG_PREFIX.length, f.length - DEFAULT_VERSION_FEATURE_FLAG_SUFFIX.length ).replace(/_/g, "."); - if (!semver4.valid(version)) { + if (!semver5.valid(version)) { this.logger.warning( `Ignoring feature flag ${f} as it does not specify a valid CodeQL version.` ); @@ -86850,7 +87046,7 @@ var GitHubFeatureFlags = class { const response = await this.getAllFeatures(); const sortedCliVersions = Object.entries(response).map( ([f, isEnabled]) => isEnabled ? this.getCliVersionFromFeatureFlag(f) : void 0 - ).filter((f) => f !== void 0).sort(semver4.rcompare); + ).filter((f) => f !== void 0).sort(semver5.rcompare); if (sortedCliVersions.length === 0) { this.logger.warning( `Feature flags do not specify a default CLI version. Falling back to the CLI version shipped with the Action. This is ${cliVersion}.` @@ -86994,6 +87190,99 @@ function initFeatures(gitHubVersion, repositoryNwo, tempDir, logger) { } } +// src/languages/builtin.json +var builtin_default = { + languages: [ + "actions", + "cpp", + "csharp", + "go", + "java", + "javascript", + "python", + "ruby", + "rust", + "swift" + ], + aliases: { + c: "cpp", + "c-c++": "cpp", + "c-cpp": "cpp", + "c#": "csharp", + "c++": "cpp", + "java-kotlin": "java", + "javascript-typescript": "javascript", + kotlin: "java", + typescript: "javascript" + } +}; + +// src/languages/index.ts +var builtInLanguageSet = new Set(builtin_default.languages); +function isBuiltInLanguage(language) { + return builtInLanguageSet.has(language); +} +function parseBuiltInLanguage(language) { + language = language.trim().toLowerCase(); + language = builtin_default.aliases[language] ?? language; + if (isBuiltInLanguage(language)) { + return language; + } + return void 0; +} + +// src/overlay/status.ts +var actionsCache = __toESM(require_cache4()); + +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache4()); + +// src/config-utils.ts +var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; +var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; +var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB = 14e3; +var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB * 1e6; +var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; +function getRawLanguagesNoAutodetect(languagesInput) { + return (languagesInput || "").split(",").map((x) => x.trim().toLowerCase()).filter((x) => x.length > 0); +} +var OVERLAY_ANALYSIS_FEATURES = { + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */ +}; +function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { + const augmentedConfig = cloneObject(cliConfig); + if (extraQueryExclusions.length === 0) { + return augmentedConfig; + } + augmentedConfig["query-filters"] = [ + // Ordering matters. If the first filter is an inclusion, it implicitly + // excludes all queries that are not included. If it is an exclusion, + // it implicitly includes all queries that are not excluded. So user + // filters (if any) should always be first to preserve intent. + ...augmentedConfig["query-filters"] || [], + ...extraQueryExclusions + ]; + if (augmentedConfig["query-filters"]?.length === 0) { + delete augmentedConfig["query-filters"]; + } + return augmentedConfig; +} + // src/init.ts var core12 = __toESM(require_core()); var toolrunner4 = __toESM(require_toolrunner()); @@ -87254,241 +87543,6 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } -// src/config-utils.ts -var core9 = __toESM(require_core()); - -// src/analyses.ts -var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { - AnalysisKind2["CodeScanning"] = "code-scanning"; - AnalysisKind2["CodeQuality"] = "code-quality"; - AnalysisKind2["RiskAssessment"] = "risk-assessment"; - return AnalysisKind2; -})(AnalysisKind || {}); -var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); - -// src/caching-utils.ts -var crypto2 = __toESM(require("crypto")); -var core7 = __toESM(require_core()); -var cacheKeyHashLength = 16; -function createCacheKeyHash(components) { - const componentsJson = JSON.stringify(components); - return crypto2.createHash("sha256").update(componentsJson).digest("hex").substring(0, cacheKeyHashLength); -} - -// src/config/db-config.ts -var jsonschema = __toESM(require_lib2()); -var semver5 = __toESM(require_semver2()); - -// src/feature-flags/properties.ts -var RepositoryPropertyName = /* @__PURE__ */ ((RepositoryPropertyName2) => { - RepositoryPropertyName2["DISABLE_OVERLAY"] = "github-codeql-disable-overlay"; - RepositoryPropertyName2["EXTRA_QUERIES"] = "github-codeql-extra-queries"; - RepositoryPropertyName2["FILE_COVERAGE_ON_PRS"] = "github-codeql-file-coverage-on-prs"; - return RepositoryPropertyName2; -})(RepositoryPropertyName || {}); -var KNOWN_REPOSITORY_PROPERTY_NAMES = new Set( - Object.values(RepositoryPropertyName) -); - -// src/config/db-config.ts -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); - -// src/diagnostics.ts -var import_fs = require("fs"); -var import_path = __toESM(require("path")); - -// src/logging.ts -var core8 = __toESM(require_core()); -function getActionsLogger() { - return { - debug: core8.debug, - info: core8.info, - warning: core8.warning, - error: core8.error, - isDebug: core8.isDebug, - startGroup: core8.startGroup, - endGroup: core8.endGroup - }; -} -function formatDuration(durationMs) { - if (durationMs < 1e3) { - return `${durationMs}ms`; - } - if (durationMs < 60 * 1e3) { - return `${(durationMs / 1e3).toFixed(1)}s`; - } - const minutes = Math.floor(durationMs / (60 * 1e3)); - const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3); - return `${minutes}m${seconds}s`; -} - -// src/diagnostics.ts -var unwrittenDiagnostics = []; -var unwrittenDefaultLanguageDiagnostics = []; -var diagnosticCounter = 0; -function makeDiagnostic(id, name, data = void 0) { - return { - ...data, - timestamp: data?.timestamp ?? (/* @__PURE__ */ new Date()).toISOString(), - source: { ...data?.source, id, name } - }; -} -function addDiagnostic(config, language, diagnostic) { - const logger = getActionsLogger(); - const databasePath = language ? getCodeQLDatabasePath(config, language) : config.dbLocation; - if ((0, import_fs.existsSync)(databasePath)) { - writeDiagnostic(config, language, diagnostic); - } else { - logger.debug( - `Writing a diagnostic for ${language}, but the database at ${databasePath} does not exist yet.` - ); - unwrittenDiagnostics.push({ diagnostic, language }); - } -} -function addNoLanguageDiagnostic(config, diagnostic) { - if (config !== void 0) { - addDiagnostic( - config, - // Arbitrarily choose the first language. We could also choose all languages, but that - // increases the risk of misinterpreting the data. - config.languages[0], - diagnostic - ); - } else { - unwrittenDefaultLanguageDiagnostics.push(diagnostic); - } -} -function writeDiagnostic(config, language, diagnostic) { - const logger = getActionsLogger(); - const databasePath = language ? getCodeQLDatabasePath(config, language) : config.dbLocation; - const diagnosticsPath = import_path.default.resolve( - databasePath, - "diagnostic", - "codeql-action" - ); - try { - (0, import_fs.mkdirSync)(diagnosticsPath, { recursive: true }); - const uniqueSuffix = (diagnosticCounter++).toString(); - const sanitizedTimestamp = diagnostic.timestamp.replace( - /[^a-zA-Z0-9.-]/g, - "" - ); - const jsonPath = import_path.default.resolve( - diagnosticsPath, - `codeql-action-${sanitizedTimestamp}-${uniqueSuffix}.json` - ); - (0, import_fs.writeFileSync)(jsonPath, JSON.stringify(diagnostic)); - } catch (err) { - logger.warning(`Unable to write diagnostic message to database: ${err}`); - logger.debug(JSON.stringify(diagnostic)); - } -} -function makeTelemetryDiagnostic(id, name, attributes) { - return makeDiagnostic(id, name, { - attributes, - visibility: { - cliSummaryTable: false, - statusPage: false, - telemetry: true - } - }); -} - -// src/languages/builtin.json -var builtin_default = { - languages: [ - "actions", - "cpp", - "csharp", - "go", - "java", - "javascript", - "python", - "ruby", - "rust", - "swift" - ], - aliases: { - c: "cpp", - "c-c++": "cpp", - "c-cpp": "cpp", - "c#": "csharp", - "c++": "cpp", - "java-kotlin": "java", - "javascript-typescript": "javascript", - kotlin: "java", - typescript: "javascript" - } -}; - -// src/languages/index.ts -var builtInLanguageSet = new Set(builtin_default.languages); -function isBuiltInLanguage(language) { - return builtInLanguageSet.has(language); -} -function parseBuiltInLanguage(language) { - language = language.trim().toLowerCase(); - language = builtin_default.aliases[language] ?? language; - if (isBuiltInLanguage(language)) { - return language; - } - return void 0; -} - -// src/overlay/status.ts -var actionsCache = __toESM(require_cache4()); - -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache4()); - -// src/config-utils.ts -var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4; -var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6; -var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB = 14e3; -var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB * 1e6; -var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024; -var OVERLAY_ANALYSIS_FEATURES = { - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */ -}; -function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { - const augmentedConfig = cloneObject(cliConfig); - if (extraQueryExclusions.length === 0) { - return augmentedConfig; - } - augmentedConfig["query-filters"] = [ - // Ordering matters. If the first filter is an inclusion, it implicitly - // excludes all queries that are not included. If it is an exclusion, - // it implicitly includes all queries that are not excluded. So user - // filters (if any) should always be first to preserve intent. - ...augmentedConfig["query-filters"] || [], - ...extraQueryExclusions - ]; - if (augmentedConfig["query-filters"]?.length === 0) { - delete augmentedConfig["query-filters"]; - } - return augmentedConfig; -} - // src/setup-codeql.ts var fs8 = __toESM(require("fs")); var path8 = __toESM(require("path")); @@ -89468,16 +89522,23 @@ async function run(startedAt) { } const codeQLDefaultVersionInfo = await features.getEnabledDefaultCliVersions(gitHubVersion.type); toolsFeatureFlagsValid = codeQLDefaultVersionInfo.toolsFeatureFlagsValid; + const rawLanguages = getRawLanguagesNoAutodetect( + getOptionalInput("languages") + ); + const analysisKinds = await getAnalysisKinds(logger); const initCodeQLResult = await initCodeQL( getOptionalInput("tools"), apiDetails, getTemporaryDirectory(), gitHubVersion.type, codeQLDefaultVersionInfo, - void 0, - // rawLanguages: currently, setup-codeql is not language aware - false, - // useOverlayAwareDefaultCliVersion: setup-codeql is not language aware + rawLanguages, + // Only consider the languages for overlay-aware version selection if the + // user has told us what they intend to analyze and Code Scanning is among + // the configured analysis kinds. Without `languages`, the subsequent + // `init` invocation may analyze a different set; without Code Scanning, + // overlay analysis is not in use anyway. + rawLanguages.length > 0 && analysisKinds.includes("code-scanning" /* CodeScanning */), features, logger ); diff --git a/setup-codeql/action.yml b/setup-codeql/action.yml index b7b52b9a3..d9f7ccb40 100644 --- a/setup-codeql/action.yml +++ b/setup-codeql/action.yml @@ -19,6 +19,25 @@ inputs: If not specified, the Action will check in several places until it finds the CodeQL tools. required: false + languages: + description: >- + A comma-separated list of CodeQL languages that will be analyzed in subsequent + `github/codeql-action/init` and `github/codeql-action/analyze` invocations. If specified, the + Action may use this list to select a CodeQL CLI version that is best suited to analyzing those + languages, for example by preferring a version that has a cached overlay-base database for the + specified languages. This input is not remembered and must also be passed to + `github/codeql-action/init`. + required: false + analysis-kinds: + description: >- + [Internal] A comma-separated list of analysis kinds that subsequent + `github/codeql-action/init` invocations will enable. If specified, the Action may use this + list to select a CodeQL CLI version that is best suited to those analysis kinds. This input is + not remembered and must also be passed to `github/codeql-action/init`. + + Available options are the same as for the `analysis-kinds` input on the `init` Action. + default: 'code-scanning' + required: true token: description: GitHub token to use for authenticating with this instance of GitHub. default: ${{ github.token }} diff --git a/src/setup-codeql-action.ts b/src/setup-codeql-action.ts index b9091a18b..c23553c98 100644 --- a/src/setup-codeql-action.ts +++ b/src/setup-codeql-action.ts @@ -7,8 +7,10 @@ import { getRequiredInput, getTemporaryDirectory, } from "./actions-util"; +import { AnalysisKind, getAnalysisKinds } from "./analyses"; import { getGitHubVersion } from "./api-client"; import { CodeQL } from "./codeql"; +import { getRawLanguagesNoAutodetect } from "./config-utils"; import { EnvVar } from "./environment"; import { initFeatures } from "./feature-flags"; import { initCodeQL } from "./init"; @@ -139,14 +141,18 @@ async function run(startedAt: Date): Promise { const codeQLDefaultVersionInfo = await features.getEnabledDefaultCliVersions(gitHubVersion.type); toolsFeatureFlagsValid = codeQLDefaultVersionInfo.toolsFeatureFlagsValid; + const rawLanguages = getRawLanguagesNoAutodetect( + getOptionalInput("languages"), + ); + const analysisKinds = await getAnalysisKinds(logger); const initCodeQLResult = await initCodeQL( getOptionalInput("tools"), apiDetails, getTemporaryDirectory(), gitHubVersion.type, codeQLDefaultVersionInfo, - undefined, // rawLanguages: currently, setup-codeql is not language aware - false, // useOverlayAwareDefaultCliVersion: setup-codeql is not language aware + rawLanguages, + analysisKinds.includes(AnalysisKind.CodeScanning), features, logger, );