github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-05-04 12:50:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/main' into mbg/upload-sarif/fix-codeql-multi-init

Browse Source
This commit is contained in:
Michael B. Gale
2026-02-24 19:52:40 +00:00
parent c59e24e20a 28737ec792
commit 503c5b9421
36 changed files with 4837 additions and 3006 deletions
Download Patch File Download Diff File Expand all files Collapse all files
eslint.config.mjs
+35 -37
View File
@@ -1,27 +1,14 @@
// Automatically generated by running npx @eslint/migrate-config .eslintrc.json
import path from "node:path";
import { fileURLToPath } from "node:url";
import { fixupConfigRules, fixupPluginRules } from "@eslint/compat";
import { FlatCompat } from "@eslint/eslintrc";
import { fixupPluginRules } from "@eslint/compat";
import js from "@eslint/js";
import typescriptEslint from "@typescript-eslint/eslint-plugin";
import tsParser from "@typescript-eslint/parser";
import filenames from "eslint-plugin-filenames";
import github from "eslint-plugin-github";
import _import from "eslint-plugin-import";
import { importX, createNodeResolver } from "eslint-plugin-import-x";
import { createTypeScriptImportResolver } from "eslint-import-resolver-typescript";
import noAsyncForeach from "eslint-plugin-no-async-foreach";
import jsdoc from "eslint-plugin-jsdoc";
import tseslint from "typescript-eslint";
import globals from "globals";
const __filename = fileURLToPath(import.meta.url);
const __dirname = path.dirname(__filename);
const compat = new FlatCompat({
baseDirectory: __dirname,
recommendedConfig: js.configs.recommended,
allConfig: js.configs.all,
});
const githubFlatConfigs = github.getFlatConfigs();
export default [
{
@@ -36,29 +23,29 @@ export default [
".github/**/*",
],
},
...fixupConfigRules(
compat.extends(
"eslint:recommended",
"plugin:@typescript-eslint/recommended",
"plugin:@typescript-eslint/recommended-requiring-type-checking",
"plugin:github/recommended",
"plugin:github/typescript",
"plugin:import/typescript",
),
),
// eslint recommended config
js.configs.recommended,
// Type-checked rules from typescript-eslint
...tseslint.configs.recommendedTypeChecked,
...tseslint.configs.strict,
// eslint-plugin-github recommended config
githubFlatConfigs.recommended,
// eslint-plugin-github typescript config
...githubFlatConfigs.typescript,
// import-x TypeScript settings
// This is needed for import-x rules to properly parse TypeScript files.
{
settings: importX.flatConfigs.typescript.settings,
},
{
plugins: {
"@typescript-eslint": fixupPluginRules(typescriptEslint),
filenames: fixupPluginRules(filenames),
github: fixupPluginRules(github),
import: fixupPluginRules(_import),
"no-async-foreach": noAsyncForeach,
"import-x": importX,
"no-async-foreach": fixupPluginRules(noAsyncForeach),
"jsdoc": jsdoc,
},
languageOptions: {
parser: tsParser,
ecmaVersion: 5,
ecmaVersion: "latest",
sourceType: "module",
globals: {
@@ -79,10 +66,16 @@ export default [
typescript: {},
},
"import/ignore": ["sinon", "uuid", "@octokit/plugin-retry", "del", "get-folder-size"],
"import-x/resolver-next": [
createTypeScriptImportResolver(),
createNodeResolver({
extensions: [".ts", ".js", ".json"],
}),
],
},
rules: {
"filenames/match-regex": ["error", "^[a-z0-9-]+(\\.test)?$"],
"github/filenames-match-regex": ["error", "^[a-z0-9-]+(\\.test)?$"],
"i18n-text/no-en": "off",
"import/extensions": [
@@ -94,7 +87,10 @@ export default [
"import/no-amd": "error",
"import/no-commonjs": "error",
"import/no-cycle": "error",
// import/no-cycle does not seem to work with ESLint 9.
// Use import-x/no-cycle from eslint-plugin-import-x instead.
"import/no-cycle": "off",
"import-x/no-cycle": "error",
"import/no-dynamic-require": "error",
"import/no-extraneous-dependencies": [
@@ -132,6 +128,8 @@ export default [
"no-async-foreach/no-async-foreach": "error",
"no-sequences": "error",
"no-shadow": "off",
// This is overly restrictive with unsetting `EnvVar`s
"@typescript-eslint/no-dynamic-delete": "off",
"@typescript-eslint/no-shadow": "error",
"@typescript-eslint/prefer-optional-chain": "error",
"one-var": ["error", "never"],
lib/analyze-action-post.js
Generated
+43 -30
View File
@@ -46037,8 +46037,6 @@ var require_package = __commonJS({
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^2.0.2",
"@eslint/eslintrc": "^3.3.3",
"@eslint/js": "^9.39.2",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^16.0.0",
"@types/archiver": "^7.0.0",
@@ -46048,21 +46046,20 @@ var require_package = __commonJS({
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.1",
"@types/sinon": "^21.0.0",
"@typescript-eslint/eslint-plugin": "^8.55.0",
"@typescript-eslint/parser": "^8.48.0",
ava: "^6.4.1",
esbuild: "^0.27.3",
eslint: "^8.57.1",
eslint: "^9.39.2",
"eslint-import-resolver-typescript": "^3.8.7",
"eslint-plugin-filenames": "^1.3.2",
"eslint-plugin-github": "^5.1.8",
"eslint-plugin-import": "2.29.1",
"eslint-plugin-jsdoc": "^62.5.4",
"eslint-plugin-github": "^6.0.0",
"eslint-plugin-import-x": "^4.16.1",
"eslint-plugin-jsdoc": "^62.5.0",
"eslint-plugin-no-async-foreach": "^0.1.1",
glob: "^11.1.0",
globals: "^16.5.0",
nock: "^14.0.11",
sinon: "^21.0.1",
typescript: "^5.9.3"
typescript: "^5.9.3",
"typescript-eslint": "^8.56.0"
},
overrides: {
"@actions/tool-cache": {
@@ -92794,7 +92791,7 @@ var require_cacheHttpClient = __commonJS({
exports2.getCacheEntry = getCacheEntry;
exports2.downloadCache = downloadCache;
exports2.reserveCache = reserveCache;
exports2.saveCache = saveCache4;
exports2.saveCache = saveCache5;
var core14 = __importStar2(require_core());
var http_client_1 = require_lib();
var auth_1 = require_auth();
@@ -92971,7 +92968,7 @@ Other caches with similar key:`);
}));
});
}
function saveCache4(cacheId, archivePath, signedUploadURL, options) {
function saveCache5(cacheId, archivePath, signedUploadURL, options) {
return __awaiter2(this, void 0, void 0, function* () {
const uploadOptions = (0, options_1.getUploadOptions)(options);
if (uploadOptions.useAzureSdk) {
@@ -98471,8 +98468,8 @@ var require_cache5 = __commonJS({
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.FinalizeCacheError = exports2.ReserveCacheError = exports2.ValidationError = void 0;
exports2.isFeatureAvailable = isFeatureAvailable;
exports2.restoreCache = restoreCache4;
exports2.saveCache = saveCache4;
exports2.restoreCache = restoreCache5;
exports2.saveCache = saveCache5;
var core14 = __importStar2(require_core());
var path7 = __importStar2(require("path"));
var utils = __importStar2(require_cacheUtils());
@@ -98529,7 +98526,7 @@ var require_cache5 = __commonJS({
return !!process.env["ACTIONS_CACHE_URL"];
}
}
function restoreCache4(paths_1, primaryKey_1, restoreKeys_1, options_1) {
function restoreCache5(paths_1, primaryKey_1, restoreKeys_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core14.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -98673,7 +98670,7 @@ var require_cache5 = __commonJS({
return void 0;
});
}
function saveCache4(paths_1, key_1, options_1) {
function saveCache5(paths_1, key_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, key, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core14.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -160722,9 +160719,6 @@ function getRequiredEnvParam(paramName) {
return value;
}
var ConfigurationError = class extends Error {
constructor(message) {
super(message);
}
};
var cachedCodeQlVersion = void 0;
function cacheCodeQlVersion(version) {
@@ -161291,7 +161285,7 @@ function withGroup(groupName, f) {
// src/feature-flags.ts
var semver5 = __toESM(require_semver2());
// src/overlay-database-utils.ts
// src/overlay/index.ts
var fs2 = __toESM(require("fs"));
var path2 = __toESM(require("path"));
var actionsCache = __toESM(require_cache5());
@@ -161461,7 +161455,7 @@ async function isAnalyzingDefaultBranch() {
return currentRef === defaultBranch;
}
// src/overlay-database-utils.ts
// src/overlay/index.ts
var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.8";
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
@@ -161675,6 +161669,16 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP",
minimumVersion: void 0
},
["overlay_analysis_status_check" /* OverlayAnalysisStatusCheck */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_CHECK",
minimumVersion: void 0
},
["overlay_analysis_status_save" /* OverlayAnalysisStatusSave */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_SAVE",
minimumVersion: void 0
},
["overlay_analysis_go" /* OverlayAnalysisGo */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO",
@@ -161695,6 +161699,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON",
minimumVersion: void 0
},
["overlay_analysis_resource_checks_v2" /* OverlayAnalysisResourceChecksV2 */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RESOURCE_CHECKS_V2",
minimumVersion: void 0
},
["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY",
@@ -161736,11 +161745,6 @@ var featureConfig = {
// cannot be found when interpreting results.
minimumVersion: void 0
},
["start_proxy_connection_checks" /* StartProxyConnectionChecks */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_START_PROXY_CONNECTION_CHECKS",
minimumVersion: void 0
},
["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
@@ -161759,12 +161763,17 @@ var featureConfig = {
}
};
// src/trap-caching.ts
// src/overlay/status.ts
var actionsCache2 = __toESM(require_cache5());
// src/trap-caching.ts
var actionsCache3 = __toESM(require_cache5());
// src/config-utils.ts
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB = 14e3;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB * 1e6;
var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
var OVERLAY_ANALYSIS_FEATURES = {
actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
@@ -162182,14 +162191,18 @@ ${output}`
await runCli(cmd, codeqlArgs);
}
},
async databaseBundle(databasePath, outputFilePath, databaseName, alsoIncludeRelativePaths) {
async databaseBundle(databasePath, outputFilePath, databaseName, includeDiagnostics, alsoIncludeRelativePaths) {
const includeDiagnosticsArgs = includeDiagnostics ? ["--include-diagnostics"] : [];
const args = [
"database",
"bundle",
databasePath,
`--output=${outputFilePath}`,
`--name=${databaseName}`,
...getExtraOptionsFromEnv(["database", "bundle"])
...includeDiagnosticsArgs,
...getExtraOptionsFromEnv(["database", "bundle"], {
ignoringOptions: includeDiagnosticsArgs
})
];
if (await this.supportsFeature("bundleSupportsIncludeOption" /* BundleSupportsIncludeOption */)) {
args.push(
@@ -162447,7 +162460,7 @@ var core11 = __toESM(require_core());
// src/dependency-caching.ts
var import_path = require("path");
var actionsCache3 = __toESM(require_cache5());
var actionsCache4 = __toESM(require_cache5());
var glob = __toESM(require_glob());
function getJavaTempDependencyDir() {
return (0, import_path.join)(getTemporaryDirectory(), "codeql_java", "repository");
lib/analyze-action.js
Generated
+52 -39
View File
@@ -46037,8 +46037,6 @@ var require_package = __commonJS({
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^2.0.2",
"@eslint/eslintrc": "^3.3.3",
"@eslint/js": "^9.39.2",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^16.0.0",
"@types/archiver": "^7.0.0",
@@ -46048,21 +46046,20 @@ var require_package = __commonJS({
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.1",
"@types/sinon": "^21.0.0",
"@typescript-eslint/eslint-plugin": "^8.55.0",
"@typescript-eslint/parser": "^8.48.0",
ava: "^6.4.1",
esbuild: "^0.27.3",
eslint: "^8.57.1",
eslint: "^9.39.2",
"eslint-import-resolver-typescript": "^3.8.7",
"eslint-plugin-filenames": "^1.3.2",
"eslint-plugin-github": "^5.1.8",
"eslint-plugin-import": "2.29.1",
"eslint-plugin-jsdoc": "^62.5.4",
"eslint-plugin-github": "^6.0.0",
"eslint-plugin-import-x": "^4.16.1",
"eslint-plugin-jsdoc": "^62.5.0",
"eslint-plugin-no-async-foreach": "^0.1.1",
glob: "^11.1.0",
globals: "^16.5.0",
nock: "^14.0.11",
sinon: "^21.0.1",
typescript: "^5.9.3"
typescript: "^5.9.3",
"typescript-eslint": "^8.56.0"
},
overrides: {
"@actions/tool-cache": {
@@ -92794,7 +92791,7 @@ var require_cacheHttpClient = __commonJS({
exports2.getCacheEntry = getCacheEntry;
exports2.downloadCache = downloadCache;
exports2.reserveCache = reserveCache;
exports2.saveCache = saveCache4;
exports2.saveCache = saveCache5;
var core15 = __importStar2(require_core());
var http_client_1 = require_lib();
var auth_1 = require_auth();
@@ -92971,7 +92968,7 @@ Other caches with similar key:`);
}));
});
}
function saveCache4(cacheId, archivePath, signedUploadURL, options) {
function saveCache5(cacheId, archivePath, signedUploadURL, options) {
return __awaiter2(this, void 0, void 0, function* () {
const uploadOptions = (0, options_1.getUploadOptions)(options);
if (uploadOptions.useAzureSdk) {
@@ -98471,8 +98468,8 @@ var require_cache5 = __commonJS({
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.FinalizeCacheError = exports2.ReserveCacheError = exports2.ValidationError = void 0;
exports2.isFeatureAvailable = isFeatureAvailable;
exports2.restoreCache = restoreCache4;
exports2.saveCache = saveCache4;
exports2.restoreCache = restoreCache5;
exports2.saveCache = saveCache5;
var core15 = __importStar2(require_core());
var path13 = __importStar2(require("path"));
var utils = __importStar2(require_cacheUtils());
@@ -98529,7 +98526,7 @@ var require_cache5 = __commonJS({
return !!process.env["ACTIONS_CACHE_URL"];
}
}
function restoreCache4(paths_1, primaryKey_1, restoreKeys_1, options_1) {
function restoreCache5(paths_1, primaryKey_1, restoreKeys_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core15.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -98673,7 +98670,7 @@ var require_cache5 = __commonJS({
return void 0;
});
}
function saveCache4(paths_1, key_1, options_1) {
function saveCache5(paths_1, key_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, key, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core15.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -106068,9 +106065,6 @@ var HTTPError = class extends Error {
}
};
var ConfigurationError = class extends Error {
constructor(message) {
super(message);
}
};
function asHTTPError(arg) {
if (typeof arg !== "object" || arg === null || typeof arg.message !== "string") {
@@ -106100,7 +106094,7 @@ async function codeQlVersionAtLeast(codeql, requiredVersion) {
function getBaseDatabaseOidsFilePath(config) {
return path.join(config.dbLocation, BASE_DATABASE_OIDS_FILE_NAME);
}
async function bundleDb(config, language, codeql, dbName) {
async function bundleDb(config, language, codeql, dbName, { includeDiagnostics }) {
const databasePath = getCodeQLDatabasePath(config, language);
const databaseBundlePath = path.resolve(config.dbLocation, `${dbName}.zip`);
if (fs.existsSync(databaseBundlePath)) {
@@ -106119,6 +106113,7 @@ async function bundleDb(config, language, codeql, dbName) {
databasePath,
databaseBundlePath,
dbName,
includeDiagnostics,
additionalFiles
);
return databaseBundlePath;
@@ -107166,7 +107161,7 @@ var semver5 = __toESM(require_semver2());
var bundleVersion = "codeql-bundle-v2.24.2";
var cliVersion = "2.24.2";
// src/overlay-database-utils.ts
// src/overlay/index.ts
var fs3 = __toESM(require("fs"));
var path3 = __toESM(require("path"));
var actionsCache = __toESM(require_cache5());
@@ -107370,7 +107365,7 @@ async function isAnalyzingDefaultBranch() {
return currentRef === defaultBranch;
}
// src/overlay-database-utils.ts
// src/overlay/index.ts
var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.8";
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
@@ -107717,6 +107712,16 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP",
minimumVersion: void 0
},
["overlay_analysis_status_check" /* OverlayAnalysisStatusCheck */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_CHECK",
minimumVersion: void 0
},
["overlay_analysis_status_save" /* OverlayAnalysisStatusSave */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_SAVE",
minimumVersion: void 0
},
["overlay_analysis_go" /* OverlayAnalysisGo */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO",
@@ -107737,6 +107742,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON",
minimumVersion: void 0
},
["overlay_analysis_resource_checks_v2" /* OverlayAnalysisResourceChecksV2 */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RESOURCE_CHECKS_V2",
minimumVersion: void 0
},
["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY",
@@ -107778,11 +107788,6 @@ var featureConfig = {
// cannot be found when interpreting results.
minimumVersion: void 0
},
["start_proxy_connection_checks" /* StartProxyConnectionChecks */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_START_PROXY_CONNECTION_CHECKS",
minimumVersion: void 0
},
["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
@@ -108278,8 +108283,11 @@ function getDiffRanges(fileDiff, logger) {
return diffRanges;
}
// src/trap-caching.ts
// src/overlay/status.ts
var actionsCache2 = __toESM(require_cache5());
// src/trap-caching.ts
var actionsCache3 = __toESM(require_cache5());
var CACHE_VERSION2 = 1;
var CODEQL_TRAP_CACHE_PREFIX = "codeql-trap";
var MINIMUM_CACHE_MB_TO_UPLOAD = 10;
@@ -108310,7 +108318,7 @@ async function uploadTrapCaches(codeql, config, logger) {
logger.info(`Uploading TRAP cache to Actions cache with key ${key}`);
await waitForResultWithTimeLimit(
MAX_CACHE_OPERATION_MS2,
actionsCache2.saveCache([cacheDir], key),
actionsCache3.saveCache([cacheDir], key),
() => {
logger.info(
`Timed out waiting for TRAP cache for ${language} to upload, will continue without uploading`
@@ -108403,6 +108411,8 @@ async function cachePrefix(codeql, language) {
// src/config-utils.ts
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB = 14e3;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB * 1e6;
var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
var OVERLAY_ANALYSIS_FEATURES = {
actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
@@ -108868,14 +108878,18 @@ ${output}`
await runCli(cmd, codeqlArgs);
}
},
async databaseBundle(databasePath, outputFilePath, databaseName, alsoIncludeRelativePaths) {
async databaseBundle(databasePath, outputFilePath, databaseName, includeDiagnostics, alsoIncludeRelativePaths) {
const includeDiagnosticsArgs = includeDiagnostics ? ["--include-diagnostics"] : [];
const args = [
"database",
"bundle",
databasePath,
`--output=${outputFilePath}`,
`--name=${databaseName}`,
...getExtraOptionsFromEnv(["database", "bundle"])
...includeDiagnosticsArgs,
...getExtraOptionsFromEnv(["database", "bundle"], {
ignoringOptions: includeDiagnosticsArgs
})
];
if (await this.supportsFeature("bundleSupportsIncludeOption" /* BundleSupportsIncludeOption */)) {
args.push(
@@ -109166,7 +109180,7 @@ async function runAutobuild(config, language, logger) {
// src/dependency-caching.ts
var os2 = __toESM(require("os"));
var import_path2 = require("path");
var actionsCache3 = __toESM(require_cache5());
var actionsCache4 = __toESM(require_cache5());
var glob = __toESM(require_glob());
var CODEQL_DEPENDENCY_CACHE_PREFIX = "codeql-dependencies";
var CODEQL_DEPENDENCY_CACHE_VERSION = 1;
@@ -109304,7 +109318,7 @@ async function uploadDependencyCaches(codeql, features, config, logger) {
);
try {
const start = performance.now();
await actionsCache3.saveCache(
await actionsCache4.saveCache(
await cacheConfig.getDependencyPaths(codeql, features),
key
);
@@ -109316,7 +109330,7 @@ async function uploadDependencyCaches(codeql, features, config, logger) {
upload_duration_ms
});
} catch (error3) {
if (error3 instanceof actionsCache3.ReserveCacheError) {
if (error3 instanceof actionsCache4.ReserveCacheError) {
logger.info(
`Not uploading cache for ${language}, because ${key} is already in use.`
);
@@ -109784,7 +109798,9 @@ async function cleanupAndUploadDatabases(repositoryNwo, codeql, config, apiDetai
for (const language of config.languages) {
let bundledDbSize = void 0;
try {
const bundledDb = await bundleDb(config, language, codeql, language);
const bundledDb = await bundleDb(config, language, codeql, language, {
includeDiagnostics: false
});
bundledDbSize = fs10.statSync(bundledDb).size;
const bundledDbReadStream = fs10.createReadStream(bundledDb);
const commitOid = await getCommitOid(
@@ -111125,7 +111141,7 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) {
}
async function addFingerprints(sarif, sourceRoot, logger) {
logger.info(
`Adding fingerprints to SARIF file. See ${"https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs" /* TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS */} for more information.`
`Adding fingerprints to SARIF file. See ${"https://docs.github.com/en/code-security/reference/code-scanning/sarif-support-for-code-scanning#data-for-preventing-duplicated-alerts" /* TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS */} for more information.`
);
const callbacksByFile = {};
for (const run2 of sarif.runs || []) {
@@ -111743,9 +111759,6 @@ function sanitize(str2) {
return (str2 ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase();
}
var InvalidSarifUploadError = class extends Error {
constructor(message) {
super(message);
}
};
function filterAlertsByDiffRange(logger, sarif) {
const diffRanges = readDiffRangesJsonFile(logger);
lib/autobuild-action.js
Generated
+42 -29
View File
@@ -46037,8 +46037,6 @@ var require_package = __commonJS({
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^2.0.2",
"@eslint/eslintrc": "^3.3.3",
"@eslint/js": "^9.39.2",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^16.0.0",
"@types/archiver": "^7.0.0",
@@ -46048,21 +46046,20 @@ var require_package = __commonJS({
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.1",
"@types/sinon": "^21.0.0",
"@typescript-eslint/eslint-plugin": "^8.55.0",
"@typescript-eslint/parser": "^8.48.0",
ava: "^6.4.1",
esbuild: "^0.27.3",
eslint: "^8.57.1",
eslint: "^9.39.2",
"eslint-import-resolver-typescript": "^3.8.7",
"eslint-plugin-filenames": "^1.3.2",
"eslint-plugin-github": "^5.1.8",
"eslint-plugin-import": "2.29.1",
"eslint-plugin-jsdoc": "^62.5.4",
"eslint-plugin-github": "^6.0.0",
"eslint-plugin-import-x": "^4.16.1",
"eslint-plugin-jsdoc": "^62.5.0",
"eslint-plugin-no-async-foreach": "^0.1.1",
glob: "^11.1.0",
globals: "^16.5.0",
nock: "^14.0.11",
sinon: "^21.0.1",
typescript: "^5.9.3"
typescript: "^5.9.3",
"typescript-eslint": "^8.56.0"
},
overrides: {
"@actions/tool-cache": {
@@ -92794,7 +92791,7 @@ var require_cacheHttpClient = __commonJS({
exports2.getCacheEntry = getCacheEntry;
exports2.downloadCache = downloadCache;
exports2.reserveCache = reserveCache;
exports2.saveCache = saveCache3;
exports2.saveCache = saveCache4;
var core14 = __importStar2(require_core());
var http_client_1 = require_lib();
var auth_1 = require_auth();
@@ -92971,7 +92968,7 @@ Other caches with similar key:`);
}));
});
}
function saveCache3(cacheId, archivePath, signedUploadURL, options) {
function saveCache4(cacheId, archivePath, signedUploadURL, options) {
return __awaiter2(this, void 0, void 0, function* () {
const uploadOptions = (0, options_1.getUploadOptions)(options);
if (uploadOptions.useAzureSdk) {
@@ -98471,8 +98468,8 @@ var require_cache5 = __commonJS({
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.FinalizeCacheError = exports2.ReserveCacheError = exports2.ValidationError = void 0;
exports2.isFeatureAvailable = isFeatureAvailable;
exports2.restoreCache = restoreCache3;
exports2.saveCache = saveCache3;
exports2.restoreCache = restoreCache4;
exports2.saveCache = saveCache4;
var core14 = __importStar2(require_core());
var path7 = __importStar2(require("path"));
var utils = __importStar2(require_cacheUtils());
@@ -98529,7 +98526,7 @@ var require_cache5 = __commonJS({
return !!process.env["ACTIONS_CACHE_URL"];
}
}
function restoreCache3(paths_1, primaryKey_1, restoreKeys_1, options_1) {
function restoreCache4(paths_1, primaryKey_1, restoreKeys_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core14.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -98673,7 +98670,7 @@ var require_cache5 = __commonJS({
return void 0;
});
}
function saveCache3(paths_1, key_1, options_1) {
function saveCache4(paths_1, key_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, key, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core14.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -102980,9 +102977,6 @@ var HTTPError = class extends Error {
}
};
var ConfigurationError = class extends Error {
constructor(message) {
super(message);
}
};
function asHTTPError(arg) {
if (typeof arg !== "object" || arg === null || typeof arg.message !== "string") {
@@ -103694,7 +103688,7 @@ var semver5 = __toESM(require_semver2());
var bundleVersion = "codeql-bundle-v2.24.2";
var cliVersion = "2.24.2";
// src/overlay-database-utils.ts
// src/overlay/index.ts
var fs2 = __toESM(require("fs"));
var path2 = __toESM(require("path"));
var actionsCache = __toESM(require_cache5());
@@ -103864,7 +103858,7 @@ async function isAnalyzingDefaultBranch() {
return currentRef === defaultBranch;
}
// src/overlay-database-utils.ts
// src/overlay/index.ts
var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.8";
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
@@ -104076,6 +104070,16 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP",
minimumVersion: void 0
},
["overlay_analysis_status_check" /* OverlayAnalysisStatusCheck */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_CHECK",
minimumVersion: void 0
},
["overlay_analysis_status_save" /* OverlayAnalysisStatusSave */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_SAVE",
minimumVersion: void 0
},
["overlay_analysis_go" /* OverlayAnalysisGo */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO",
@@ -104096,6 +104100,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON",
minimumVersion: void 0
},
["overlay_analysis_resource_checks_v2" /* OverlayAnalysisResourceChecksV2 */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RESOURCE_CHECKS_V2",
minimumVersion: void 0
},
["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY",
@@ -104137,11 +104146,6 @@ var featureConfig = {
// cannot be found when interpreting results.
minimumVersion: void 0
},
["start_proxy_connection_checks" /* StartProxyConnectionChecks */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_START_PROXY_CONNECTION_CHECKS",
minimumVersion: void 0
},
["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
@@ -104483,12 +104487,17 @@ function initFeatures(gitHubVersion, repositoryNwo, tempDir, logger) {
}
}
// src/trap-caching.ts
// src/overlay/status.ts
var actionsCache2 = __toESM(require_cache5());
// src/trap-caching.ts
var actionsCache3 = __toESM(require_cache5());
// src/config-utils.ts
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB = 14e3;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB * 1e6;
var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
var OVERLAY_ANALYSIS_FEATURES = {
actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
@@ -104939,14 +104948,18 @@ ${output}`
await runCli(cmd, codeqlArgs);
}
},
async databaseBundle(databasePath, outputFilePath, databaseName, alsoIncludeRelativePaths) {
async databaseBundle(databasePath, outputFilePath, databaseName, includeDiagnostics, alsoIncludeRelativePaths) {
const includeDiagnosticsArgs = includeDiagnostics ? ["--include-diagnostics"] : [];
const args = [
"database",
"bundle",
databasePath,
`--output=${outputFilePath}`,
`--name=${databaseName}`,
...getExtraOptionsFromEnv(["database", "bundle"])
...includeDiagnosticsArgs,
...getExtraOptionsFromEnv(["database", "bundle"], {
ignoringOptions: includeDiagnosticsArgs
})
];
if (await this.supportsFeature("bundleSupportsIncludeOption" /* BundleSupportsIncludeOption */)) {
args.push(
lib/init-action-post.js
Generated
+946 -841
View File
File diff suppressed because it is too large Load Diff
lib/init-action.js
Generated
+530 -393
View File
File diff suppressed because it is too large Load Diff
lib/resolve-environment-action.js
Generated
+42 -29
View File
@@ -46037,8 +46037,6 @@ var require_package = __commonJS({
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^2.0.2",
"@eslint/eslintrc": "^3.3.3",
"@eslint/js": "^9.39.2",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^16.0.0",
"@types/archiver": "^7.0.0",
@@ -46048,21 +46046,20 @@ var require_package = __commonJS({
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.1",
"@types/sinon": "^21.0.0",
"@typescript-eslint/eslint-plugin": "^8.55.0",
"@typescript-eslint/parser": "^8.48.0",
ava: "^6.4.1",
esbuild: "^0.27.3",
eslint: "^8.57.1",
eslint: "^9.39.2",
"eslint-import-resolver-typescript": "^3.8.7",
"eslint-plugin-filenames": "^1.3.2",
"eslint-plugin-github": "^5.1.8",
"eslint-plugin-import": "2.29.1",
"eslint-plugin-jsdoc": "^62.5.4",
"eslint-plugin-github": "^6.0.0",
"eslint-plugin-import-x": "^4.16.1",
"eslint-plugin-jsdoc": "^62.5.0",
"eslint-plugin-no-async-foreach": "^0.1.1",
glob: "^11.1.0",
globals: "^16.5.0",
nock: "^14.0.11",
sinon: "^21.0.1",
typescript: "^5.9.3"
typescript: "^5.9.3",
"typescript-eslint": "^8.56.0"
},
overrides: {
"@actions/tool-cache": {
@@ -92794,7 +92791,7 @@ var require_cacheHttpClient = __commonJS({
exports2.getCacheEntry = getCacheEntry;
exports2.downloadCache = downloadCache;
exports2.reserveCache = reserveCache;
exports2.saveCache = saveCache3;
exports2.saveCache = saveCache4;
var core13 = __importStar2(require_core());
var http_client_1 = require_lib();
var auth_1 = require_auth();
@@ -92971,7 +92968,7 @@ Other caches with similar key:`);
}));
});
}
function saveCache3(cacheId, archivePath, signedUploadURL, options) {
function saveCache4(cacheId, archivePath, signedUploadURL, options) {
return __awaiter2(this, void 0, void 0, function* () {
const uploadOptions = (0, options_1.getUploadOptions)(options);
if (uploadOptions.useAzureSdk) {
@@ -98471,8 +98468,8 @@ var require_cache5 = __commonJS({
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.FinalizeCacheError = exports2.ReserveCacheError = exports2.ValidationError = void 0;
exports2.isFeatureAvailable = isFeatureAvailable;
exports2.restoreCache = restoreCache3;
exports2.saveCache = saveCache3;
exports2.restoreCache = restoreCache4;
exports2.saveCache = saveCache4;
var core13 = __importStar2(require_core());
var path5 = __importStar2(require("path"));
var utils = __importStar2(require_cacheUtils());
@@ -98529,7 +98526,7 @@ var require_cache5 = __commonJS({
return !!process.env["ACTIONS_CACHE_URL"];
}
}
function restoreCache3(paths_1, primaryKey_1, restoreKeys_1, options_1) {
function restoreCache4(paths_1, primaryKey_1, restoreKeys_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core13.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -98673,7 +98670,7 @@ var require_cache5 = __commonJS({
return void 0;
});
}
function saveCache3(paths_1, key_1, options_1) {
function saveCache4(paths_1, key_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, key, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core13.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -102973,9 +102970,6 @@ var HTTPError = class extends Error {
}
};
var ConfigurationError = class extends Error {
constructor(message) {
super(message);
}
};
function asHTTPError(arg) {
if (typeof arg !== "object" || arg === null || typeof arg.message !== "string") {
@@ -103687,7 +103681,7 @@ function getActionsLogger() {
// src/feature-flags.ts
var semver5 = __toESM(require_semver2());
// src/overlay-database-utils.ts
// src/overlay/index.ts
var fs2 = __toESM(require("fs"));
var path2 = __toESM(require("path"));
var actionsCache = __toESM(require_cache5());
@@ -103857,7 +103851,7 @@ async function isAnalyzingDefaultBranch() {
return currentRef === defaultBranch;
}
// src/overlay-database-utils.ts
// src/overlay/index.ts
var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.8";
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
@@ -104067,6 +104061,16 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP",
minimumVersion: void 0
},
["overlay_analysis_status_check" /* OverlayAnalysisStatusCheck */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_CHECK",
minimumVersion: void 0
},
["overlay_analysis_status_save" /* OverlayAnalysisStatusSave */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_SAVE",
minimumVersion: void 0
},
["overlay_analysis_go" /* OverlayAnalysisGo */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO",
@@ -104087,6 +104091,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON",
minimumVersion: void 0
},
["overlay_analysis_resource_checks_v2" /* OverlayAnalysisResourceChecksV2 */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RESOURCE_CHECKS_V2",
minimumVersion: void 0
},
["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY",
@@ -104128,11 +104137,6 @@ var featureConfig = {
// cannot be found when interpreting results.
minimumVersion: void 0
},
["start_proxy_connection_checks" /* StartProxyConnectionChecks */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_START_PROXY_CONNECTION_CHECKS",
minimumVersion: void 0
},
["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
@@ -104151,12 +104155,17 @@ var featureConfig = {
}
};
// src/trap-caching.ts
// src/overlay/status.ts
var actionsCache2 = __toESM(require_cache5());
// src/trap-caching.ts
var actionsCache3 = __toESM(require_cache5());
// src/config-utils.ts
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB = 14e3;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB * 1e6;
var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
var OVERLAY_ANALYSIS_FEATURES = {
actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
@@ -104580,14 +104589,18 @@ ${output}`
await runCli(cmd, codeqlArgs);
}
},
async databaseBundle(databasePath, outputFilePath, databaseName, alsoIncludeRelativePaths) {
async databaseBundle(databasePath, outputFilePath, databaseName, includeDiagnostics, alsoIncludeRelativePaths) {
const includeDiagnosticsArgs = includeDiagnostics ? ["--include-diagnostics"] : [];
const args = [
"database",
"bundle",
databasePath,
`--output=${outputFilePath}`,
`--name=${databaseName}`,
...getExtraOptionsFromEnv(["database", "bundle"])
...includeDiagnosticsArgs,
...getExtraOptionsFromEnv(["database", "bundle"], {
ignoringOptions: includeDiagnosticsArgs
})
];
if (await this.supportsFeature("bundleSupportsIncludeOption" /* BundleSupportsIncludeOption */)) {
args.push(
lib/setup-codeql-action.js
Generated
+42 -29
View File
@@ -46037,8 +46037,6 @@ var require_package = __commonJS({
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^2.0.2",
"@eslint/eslintrc": "^3.3.3",
"@eslint/js": "^9.39.2",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^16.0.0",
"@types/archiver": "^7.0.0",
@@ -46048,21 +46046,20 @@ var require_package = __commonJS({
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.1",
"@types/sinon": "^21.0.0",
"@typescript-eslint/eslint-plugin": "^8.55.0",
"@typescript-eslint/parser": "^8.48.0",
ava: "^6.4.1",
esbuild: "^0.27.3",
eslint: "^8.57.1",
eslint: "^9.39.2",
"eslint-import-resolver-typescript": "^3.8.7",
"eslint-plugin-filenames": "^1.3.2",
"eslint-plugin-github": "^5.1.8",
"eslint-plugin-import": "2.29.1",
"eslint-plugin-jsdoc": "^62.5.4",
"eslint-plugin-github": "^6.0.0",
"eslint-plugin-import-x": "^4.16.1",
"eslint-plugin-jsdoc": "^62.5.0",
"eslint-plugin-no-async-foreach": "^0.1.1",
glob: "^11.1.0",
globals: "^16.5.0",
nock: "^14.0.11",
sinon: "^21.0.1",
typescript: "^5.9.3"
typescript: "^5.9.3",
"typescript-eslint": "^8.56.0"
},
overrides: {
"@actions/tool-cache": {
@@ -91497,7 +91494,7 @@ var require_cacheHttpClient = __commonJS({
exports2.getCacheEntry = getCacheEntry;
exports2.downloadCache = downloadCache;
exports2.reserveCache = reserveCache;
exports2.saveCache = saveCache3;
exports2.saveCache = saveCache4;
var core13 = __importStar2(require_core());
var http_client_1 = require_lib();
var auth_1 = require_auth();
@@ -91674,7 +91671,7 @@ Other caches with similar key:`);
}));
});
}
function saveCache3(cacheId, archivePath, signedUploadURL, options) {
function saveCache4(cacheId, archivePath, signedUploadURL, options) {
return __awaiter2(this, void 0, void 0, function* () {
const uploadOptions = (0, options_1.getUploadOptions)(options);
if (uploadOptions.useAzureSdk) {
@@ -97174,8 +97171,8 @@ var require_cache5 = __commonJS({
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.FinalizeCacheError = exports2.ReserveCacheError = exports2.ValidationError = void 0;
exports2.isFeatureAvailable = isFeatureAvailable;
exports2.restoreCache = restoreCache3;
exports2.saveCache = saveCache3;
exports2.restoreCache = restoreCache4;
exports2.saveCache = saveCache4;
var core13 = __importStar2(require_core());
var path9 = __importStar2(require("path"));
var utils = __importStar2(require_cacheUtils());
@@ -97232,7 +97229,7 @@ var require_cache5 = __commonJS({
return !!process.env["ACTIONS_CACHE_URL"];
}
}
function restoreCache3(paths_1, primaryKey_1, restoreKeys_1, options_1) {
function restoreCache4(paths_1, primaryKey_1, restoreKeys_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core13.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -97376,7 +97373,7 @@ var require_cache5 = __commonJS({
return void 0;
});
}
function saveCache3(paths_1, key_1, options_1) {
function saveCache4(paths_1, key_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, key, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core13.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -103046,9 +103043,6 @@ var HTTPError = class extends Error {
}
};
var ConfigurationError = class extends Error {
constructor(message) {
super(message);
}
};
function asHTTPError(arg) {
if (typeof arg !== "object" || arg === null || typeof arg.message !== "string") {
@@ -103565,7 +103559,7 @@ var semver4 = __toESM(require_semver2());
var bundleVersion = "codeql-bundle-v2.24.2";
var cliVersion = "2.24.2";
// src/overlay-database-utils.ts
// src/overlay/index.ts
var fs3 = __toESM(require("fs"));
var path3 = __toESM(require("path"));
var actionsCache = __toESM(require_cache5());
@@ -103763,7 +103757,7 @@ function formatDuration(durationMs) {
return `${minutes}m${seconds}s`;
}
// src/overlay-database-utils.ts
// src/overlay/index.ts
var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.8";
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
@@ -103976,6 +103970,16 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP",
minimumVersion: void 0
},
["overlay_analysis_status_check" /* OverlayAnalysisStatusCheck */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_CHECK",
minimumVersion: void 0
},
["overlay_analysis_status_save" /* OverlayAnalysisStatusSave */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_SAVE",
minimumVersion: void 0
},
["overlay_analysis_go" /* OverlayAnalysisGo */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO",
@@ -103996,6 +104000,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON",
minimumVersion: void 0
},
["overlay_analysis_resource_checks_v2" /* OverlayAnalysisResourceChecksV2 */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RESOURCE_CHECKS_V2",
minimumVersion: void 0
},
["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY",
@@ -104037,11 +104046,6 @@ var featureConfig = {
// cannot be found when interpreting results.
minimumVersion: void 0
},
["start_proxy_connection_checks" /* StartProxyConnectionChecks */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_START_PROXY_CONNECTION_CHECKS",
minimumVersion: void 0
},
["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
@@ -104713,12 +104717,17 @@ function writeDiagnostic(config, language, diagnostic) {
}
}
// src/trap-caching.ts
// src/overlay/status.ts
var actionsCache2 = __toESM(require_cache5());
// src/trap-caching.ts
var actionsCache3 = __toESM(require_cache5());
// src/config-utils.ts
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB = 14e3;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB * 1e6;
var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
var OVERLAY_ANALYSIS_FEATURES = {
actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
@@ -106026,14 +106035,18 @@ ${output}`
await runCli(cmd, codeqlArgs);
}
},
async databaseBundle(databasePath, outputFilePath, databaseName, alsoIncludeRelativePaths) {
async databaseBundle(databasePath, outputFilePath, databaseName, includeDiagnostics, alsoIncludeRelativePaths) {
const includeDiagnosticsArgs = includeDiagnostics ? ["--include-diagnostics"] : [];
const args = [
"database",
"bundle",
databasePath,
`--output=${outputFilePath}`,
`--name=${databaseName}`,
...getExtraOptionsFromEnv(["database", "bundle"])
...includeDiagnosticsArgs,
...getExtraOptionsFromEnv(["database", "bundle"], {
ignoringOptions: includeDiagnosticsArgs
})
];
if (await this.supportsFeature("bundleSupportsIncludeOption" /* BundleSupportsIncludeOption */)) {
args.push(
lib/start-proxy-action-post.js
Generated
+37 -28
View File
@@ -46037,8 +46037,6 @@ var require_package = __commonJS({
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^2.0.2",
"@eslint/eslintrc": "^3.3.3",
"@eslint/js": "^9.39.2",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^16.0.0",
"@types/archiver": "^7.0.0",
@@ -46048,21 +46046,20 @@ var require_package = __commonJS({
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.1",
"@types/sinon": "^21.0.0",
"@typescript-eslint/eslint-plugin": "^8.55.0",
"@typescript-eslint/parser": "^8.48.0",
ava: "^6.4.1",
esbuild: "^0.27.3",
eslint: "^8.57.1",
eslint: "^9.39.2",
"eslint-import-resolver-typescript": "^3.8.7",
"eslint-plugin-filenames": "^1.3.2",
"eslint-plugin-github": "^5.1.8",
"eslint-plugin-import": "2.29.1",
"eslint-plugin-jsdoc": "^62.5.4",
"eslint-plugin-github": "^6.0.0",
"eslint-plugin-import-x": "^4.16.1",
"eslint-plugin-jsdoc": "^62.5.0",
"eslint-plugin-no-async-foreach": "^0.1.1",
glob: "^11.1.0",
globals: "^16.5.0",
nock: "^14.0.11",
sinon: "^21.0.1",
typescript: "^5.9.3"
typescript: "^5.9.3",
"typescript-eslint": "^8.56.0"
},
overrides: {
"@actions/tool-cache": {
@@ -92794,7 +92791,7 @@ var require_cacheHttpClient = __commonJS({
exports2.getCacheEntry = getCacheEntry;
exports2.downloadCache = downloadCache;
exports2.reserveCache = reserveCache;
exports2.saveCache = saveCache4;
exports2.saveCache = saveCache5;
var core14 = __importStar2(require_core());
var http_client_1 = require_lib();
var auth_1 = require_auth();
@@ -92971,7 +92968,7 @@ Other caches with similar key:`);
}));
});
}
function saveCache4(cacheId, archivePath, signedUploadURL, options) {
function saveCache5(cacheId, archivePath, signedUploadURL, options) {
return __awaiter2(this, void 0, void 0, function* () {
const uploadOptions = (0, options_1.getUploadOptions)(options);
if (uploadOptions.useAzureSdk) {
@@ -98471,8 +98468,8 @@ var require_cache5 = __commonJS({
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.FinalizeCacheError = exports2.ReserveCacheError = exports2.ValidationError = void 0;
exports2.isFeatureAvailable = isFeatureAvailable;
exports2.restoreCache = restoreCache4;
exports2.saveCache = saveCache4;
exports2.restoreCache = restoreCache5;
exports2.saveCache = saveCache5;
var core14 = __importStar2(require_core());
var path4 = __importStar2(require("path"));
var utils = __importStar2(require_cacheUtils());
@@ -98529,7 +98526,7 @@ var require_cache5 = __commonJS({
return !!process.env["ACTIONS_CACHE_URL"];
}
}
function restoreCache4(paths_1, primaryKey_1, restoreKeys_1, options_1) {
function restoreCache5(paths_1, primaryKey_1, restoreKeys_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core14.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -98673,7 +98670,7 @@ var require_cache5 = __commonJS({
return void 0;
});
}
function saveCache4(paths_1, key_1, options_1) {
function saveCache5(paths_1, key_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, key, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core14.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -160700,9 +160697,6 @@ function getRequiredEnvParam(paramName) {
return value;
}
var ConfigurationError = class extends Error {
constructor(message) {
super(message);
}
};
function isInTestMode() {
return process.env["CODEQL_ACTION_TEST_MODE" /* TEST_MODE */] === "true";
@@ -160918,7 +160912,7 @@ function getActionsLogger() {
// src/feature-flags.ts
var semver5 = __toESM(require_semver2());
// src/overlay-database-utils.ts
// src/overlay/index.ts
var actionsCache = __toESM(require_cache5());
// src/git-utils.ts
@@ -160927,7 +160921,7 @@ var toolrunner2 = __toESM(require_toolrunner());
var io3 = __toESM(require_io());
var semver3 = __toESM(require_semver2());
// src/overlay-database-utils.ts
// src/overlay/index.ts
var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.8";
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
@@ -161081,6 +161075,16 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP",
minimumVersion: void 0
},
["overlay_analysis_status_check" /* OverlayAnalysisStatusCheck */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_CHECK",
minimumVersion: void 0
},
["overlay_analysis_status_save" /* OverlayAnalysisStatusSave */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_SAVE",
minimumVersion: void 0
},
["overlay_analysis_go" /* OverlayAnalysisGo */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO",
@@ -161101,6 +161105,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON",
minimumVersion: void 0
},
["overlay_analysis_resource_checks_v2" /* OverlayAnalysisResourceChecksV2 */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RESOURCE_CHECKS_V2",
minimumVersion: void 0
},
["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY",
@@ -161142,11 +161151,6 @@ var featureConfig = {
// cannot be found when interpreting results.
minimumVersion: void 0
},
["start_proxy_connection_checks" /* StartProxyConnectionChecks */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_START_PROXY_CONNECTION_CHECKS",
minimumVersion: void 0
},
["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
@@ -161165,12 +161169,17 @@ var featureConfig = {
}
};
// src/trap-caching.ts
// src/overlay/status.ts
var actionsCache2 = __toESM(require_cache5());
// src/trap-caching.ts
var actionsCache3 = __toESM(require_cache5());
// src/config-utils.ts
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB = 14e3;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB * 1e6;
var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
var OVERLAY_ANALYSIS_FEATURES = {
actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
@@ -161394,7 +161403,7 @@ var semver7 = __toESM(require_semver2());
var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024;
// src/dependency-caching.ts
var actionsCache3 = __toESM(require_cache5());
var actionsCache4 = __toESM(require_cache5());
var glob = __toESM(require_glob());
// src/artifact-scanner.ts
lib/start-proxy-action.js
Generated
+37 -30
View File
@@ -46037,8 +46037,6 @@ var require_package = __commonJS({
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^2.0.2",
"@eslint/eslintrc": "^3.3.3",
"@eslint/js": "^9.39.2",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^16.0.0",
"@types/archiver": "^7.0.0",
@@ -46048,21 +46046,20 @@ var require_package = __commonJS({
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.1",
"@types/sinon": "^21.0.0",
"@typescript-eslint/eslint-plugin": "^8.55.0",
"@typescript-eslint/parser": "^8.48.0",
ava: "^6.4.1",
esbuild: "^0.27.3",
eslint: "^8.57.1",
eslint: "^9.39.2",
"eslint-import-resolver-typescript": "^3.8.7",
"eslint-plugin-filenames": "^1.3.2",
"eslint-plugin-github": "^5.1.8",
"eslint-plugin-import": "2.29.1",
"eslint-plugin-jsdoc": "^62.5.4",
"eslint-plugin-github": "^6.0.0",
"eslint-plugin-import-x": "^4.16.1",
"eslint-plugin-jsdoc": "^62.5.0",
"eslint-plugin-no-async-foreach": "^0.1.1",
glob: "^11.1.0",
globals: "^16.5.0",
nock: "^14.0.11",
sinon: "^21.0.1",
typescript: "^5.9.3"
typescript: "^5.9.3",
"typescript-eslint": "^8.56.0"
},
overrides: {
"@actions/tool-cache": {
@@ -91497,7 +91494,7 @@ var require_cacheHttpClient = __commonJS({
exports2.getCacheEntry = getCacheEntry;
exports2.downloadCache = downloadCache;
exports2.reserveCache = reserveCache;
exports2.saveCache = saveCache3;
exports2.saveCache = saveCache4;
var core12 = __importStar2(require_core());
var http_client_1 = require_lib();
var auth_1 = require_auth();
@@ -91674,7 +91671,7 @@ Other caches with similar key:`);
}));
});
}
function saveCache3(cacheId, archivePath, signedUploadURL, options) {
function saveCache4(cacheId, archivePath, signedUploadURL, options) {
return __awaiter2(this, void 0, void 0, function* () {
const uploadOptions = (0, options_1.getUploadOptions)(options);
if (uploadOptions.useAzureSdk) {
@@ -97174,8 +97171,8 @@ var require_cache5 = __commonJS({
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.FinalizeCacheError = exports2.ReserveCacheError = exports2.ValidationError = void 0;
exports2.isFeatureAvailable = isFeatureAvailable;
exports2.restoreCache = restoreCache3;
exports2.saveCache = saveCache3;
exports2.restoreCache = restoreCache4;
exports2.saveCache = saveCache4;
var core12 = __importStar2(require_core());
var path5 = __importStar2(require("path"));
var utils = __importStar2(require_cacheUtils());
@@ -97232,7 +97229,7 @@ var require_cache5 = __commonJS({
return !!process.env["ACTIONS_CACHE_URL"];
}
}
function restoreCache3(paths_1, primaryKey_1, restoreKeys_1, options_1) {
function restoreCache4(paths_1, primaryKey_1, restoreKeys_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core12.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -97376,7 +97373,7 @@ var require_cache5 = __commonJS({
return void 0;
});
}
function saveCache3(paths_1, key_1, options_1) {
function saveCache4(paths_1, key_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, key, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core12.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -120148,9 +120145,6 @@ var HTTPError = class extends Error {
}
};
var ConfigurationError = class extends Error {
constructor(message) {
super(message);
}
};
function asHTTPError(arg) {
if (typeof arg !== "object" || arg === null || typeof arg.message !== "string") {
@@ -120498,7 +120492,7 @@ var semver4 = __toESM(require_semver2());
var bundleVersion = "codeql-bundle-v2.24.2";
var cliVersion = "2.24.2";
// src/overlay-database-utils.ts
// src/overlay/index.ts
var actionsCache = __toESM(require_cache5());
// src/caching-utils.ts
@@ -120612,7 +120606,7 @@ function getActionsLogger() {
};
}
// src/overlay-database-utils.ts
// src/overlay/index.ts
var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.8";
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
@@ -120768,6 +120762,16 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP",
minimumVersion: void 0
},
["overlay_analysis_status_check" /* OverlayAnalysisStatusCheck */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_CHECK",
minimumVersion: void 0
},
["overlay_analysis_status_save" /* OverlayAnalysisStatusSave */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_SAVE",
minimumVersion: void 0
},
["overlay_analysis_go" /* OverlayAnalysisGo */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO",
@@ -120788,6 +120792,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON",
minimumVersion: void 0
},
["overlay_analysis_resource_checks_v2" /* OverlayAnalysisResourceChecksV2 */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RESOURCE_CHECKS_V2",
minimumVersion: void 0
},
["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY",
@@ -120829,11 +120838,6 @@ var featureConfig = {
// cannot be found when interpreting results.
minimumVersion: void 0
},
["start_proxy_connection_checks" /* StartProxyConnectionChecks */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_START_PROXY_CONNECTION_CHECKS",
minimumVersion: void 0
},
["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
@@ -121261,12 +121265,17 @@ var PACK_IDENTIFIER_PATTERN = (function() {
return new RegExp(`^${component}/${component}$`);
})();
// src/trap-caching.ts
// src/overlay/status.ts
var actionsCache2 = __toESM(require_cache5());
// src/trap-caching.ts
var actionsCache3 = __toESM(require_cache5());
// src/config-utils.ts
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB = 14e3;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB * 1e6;
var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
var OVERLAY_ANALYSIS_FEATURES = {
actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
@@ -122152,9 +122161,7 @@ async function run(startedAt) {
proxyLogFilePath,
logger
);
if (await features.getValue("start_proxy_connection_checks" /* StartProxyConnectionChecks */)) {
await checkConnections(logger, proxyInfo);
}
await checkConnections(logger, proxyInfo);
await sendSuccessStatusReport(
startedAt,
{
lib/upload-lib.js
Generated
+43 -33
View File
@@ -47334,8 +47334,6 @@ var require_package = __commonJS({
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^2.0.2",
"@eslint/eslintrc": "^3.3.3",
"@eslint/js": "^9.39.2",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^16.0.0",
"@types/archiver": "^7.0.0",
@@ -47345,21 +47343,20 @@ var require_package = __commonJS({
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.1",
"@types/sinon": "^21.0.0",
"@typescript-eslint/eslint-plugin": "^8.55.0",
"@typescript-eslint/parser": "^8.48.0",
ava: "^6.4.1",
esbuild: "^0.27.3",
eslint: "^8.57.1",
eslint: "^9.39.2",
"eslint-import-resolver-typescript": "^3.8.7",
"eslint-plugin-filenames": "^1.3.2",
"eslint-plugin-github": "^5.1.8",
"eslint-plugin-import": "2.29.1",
"eslint-plugin-jsdoc": "^62.5.4",
"eslint-plugin-github": "^6.0.0",
"eslint-plugin-import-x": "^4.16.1",
"eslint-plugin-jsdoc": "^62.5.0",
"eslint-plugin-no-async-foreach": "^0.1.1",
glob: "^11.1.0",
globals: "^16.5.0",
nock: "^14.0.11",
sinon: "^21.0.1",
typescript: "^5.9.3"
typescript: "^5.9.3",
"typescript-eslint": "^8.56.0"
},
overrides: {
"@actions/tool-cache": {
@@ -92794,7 +92791,7 @@ var require_cacheHttpClient = __commonJS({
exports2.getCacheEntry = getCacheEntry;
exports2.downloadCache = downloadCache;
exports2.reserveCache = reserveCache;
exports2.saveCache = saveCache3;
exports2.saveCache = saveCache4;
var core12 = __importStar2(require_core());
var http_client_1 = require_lib();
var auth_1 = require_auth();
@@ -92971,7 +92968,7 @@ Other caches with similar key:`);
}));
});
}
function saveCache3(cacheId, archivePath, signedUploadURL, options) {
function saveCache4(cacheId, archivePath, signedUploadURL, options) {
return __awaiter2(this, void 0, void 0, function* () {
const uploadOptions = (0, options_1.getUploadOptions)(options);
if (uploadOptions.useAzureSdk) {
@@ -98471,8 +98468,8 @@ var require_cache5 = __commonJS({
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.FinalizeCacheError = exports2.ReserveCacheError = exports2.ValidationError = void 0;
exports2.isFeatureAvailable = isFeatureAvailable;
exports2.restoreCache = restoreCache3;
exports2.saveCache = saveCache3;
exports2.restoreCache = restoreCache4;
exports2.saveCache = saveCache4;
var core12 = __importStar2(require_core());
var path11 = __importStar2(require("path"));
var utils = __importStar2(require_cacheUtils());
@@ -98529,7 +98526,7 @@ var require_cache5 = __commonJS({
return !!process.env["ACTIONS_CACHE_URL"];
}
}
function restoreCache3(paths_1, primaryKey_1, restoreKeys_1, options_1) {
function restoreCache4(paths_1, primaryKey_1, restoreKeys_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core12.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -98673,7 +98670,7 @@ var require_cache5 = __commonJS({
return void 0;
});
}
function saveCache3(paths_1, key_1, options_1) {
function saveCache4(paths_1, key_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, key, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core12.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -105887,9 +105884,6 @@ var HTTPError = class extends Error {
}
};
var ConfigurationError = class extends Error {
constructor(message) {
super(message);
}
};
function asHTTPError(arg) {
if (typeof arg !== "object" || arg === null || typeof arg.message !== "string") {
@@ -106470,7 +106464,7 @@ var semver4 = __toESM(require_semver2());
var bundleVersion = "codeql-bundle-v2.24.2";
var cliVersion = "2.24.2";
// src/overlay-database-utils.ts
// src/overlay/index.ts
var fs3 = __toESM(require("fs"));
var path3 = __toESM(require("path"));
var actionsCache = __toESM(require_cache5());
@@ -106702,7 +106696,7 @@ function formatDuration(durationMs) {
return `${minutes}m${seconds}s`;
}
// src/overlay-database-utils.ts
// src/overlay/index.ts
var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.8";
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
@@ -106913,6 +106907,16 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP",
minimumVersion: void 0
},
["overlay_analysis_status_check" /* OverlayAnalysisStatusCheck */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_CHECK",
minimumVersion: void 0
},
["overlay_analysis_status_save" /* OverlayAnalysisStatusSave */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_SAVE",
minimumVersion: void 0
},
["overlay_analysis_go" /* OverlayAnalysisGo */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO",
@@ -106933,6 +106937,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON",
minimumVersion: void 0
},
["overlay_analysis_resource_checks_v2" /* OverlayAnalysisResourceChecksV2 */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RESOURCE_CHECKS_V2",
minimumVersion: void 0
},
["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY",
@@ -106974,11 +106983,6 @@ var featureConfig = {
// cannot be found when interpreting results.
minimumVersion: void 0
},
["start_proxy_connection_checks" /* StartProxyConnectionChecks */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_START_PROXY_CONNECTION_CHECKS",
minimumVersion: void 0
},
["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
@@ -108091,7 +108095,7 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) {
}
async function addFingerprints(sarif, sourceRoot, logger) {
logger.info(
`Adding fingerprints to SARIF file. See ${"https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs" /* TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS */} for more information.`
`Adding fingerprints to SARIF file. See ${"https://docs.github.com/en/code-security/reference/code-scanning/sarif-support-for-code-scanning#data-for-preventing-duplicated-alerts" /* TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS */} for more information.`
);
const callbacksByFile = {};
for (const run of sarif.runs || []) {
@@ -108458,12 +108462,17 @@ function writeDiagnostic(config, language, diagnostic) {
}
}
// src/trap-caching.ts
// src/overlay/status.ts
var actionsCache2 = __toESM(require_cache5());
// src/trap-caching.ts
var actionsCache3 = __toESM(require_cache5());
// src/config-utils.ts
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB = 14e3;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB * 1e6;
var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
var OVERLAY_ANALYSIS_FEATURES = {
actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
@@ -109825,14 +109834,18 @@ ${output}`
await runCli(cmd, codeqlArgs);
}
},
async databaseBundle(databasePath, outputFilePath, databaseName, alsoIncludeRelativePaths) {
async databaseBundle(databasePath, outputFilePath, databaseName, includeDiagnostics, alsoIncludeRelativePaths) {
const includeDiagnosticsArgs = includeDiagnostics ? ["--include-diagnostics"] : [];
const args = [
"database",
"bundle",
databasePath,
`--output=${outputFilePath}`,
`--name=${databaseName}`,
...getExtraOptionsFromEnv(["database", "bundle"])
...includeDiagnosticsArgs,
...getExtraOptionsFromEnv(["database", "bundle"], {
ignoringOptions: includeDiagnosticsArgs
})
];
if (await this.supportsFeature("bundleSupportsIncludeOption" /* BundleSupportsIncludeOption */)) {
args.push(
@@ -110748,9 +110761,6 @@ function sanitize(str2) {
return (str2 ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase();
}
var InvalidSarifUploadError = class extends Error {
constructor(message) {
super(message);
}
};
function filterAlertsByDiffRange(logger, sarif) {
const diffRanges = readDiffRangesJsonFile(logger);
lib/upload-sarif-action-post.js
Generated
+37 -28
View File
@@ -46037,8 +46037,6 @@ var require_package = __commonJS({
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^2.0.2",
"@eslint/eslintrc": "^3.3.3",
"@eslint/js": "^9.39.2",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^16.0.0",
"@types/archiver": "^7.0.0",
@@ -46048,21 +46046,20 @@ var require_package = __commonJS({
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.1",
"@types/sinon": "^21.0.0",
"@typescript-eslint/eslint-plugin": "^8.55.0",
"@typescript-eslint/parser": "^8.48.0",
ava: "^6.4.1",
esbuild: "^0.27.3",
eslint: "^8.57.1",
eslint: "^9.39.2",
"eslint-import-resolver-typescript": "^3.8.7",
"eslint-plugin-filenames": "^1.3.2",
"eslint-plugin-github": "^5.1.8",
"eslint-plugin-import": "2.29.1",
"eslint-plugin-jsdoc": "^62.5.4",
"eslint-plugin-github": "^6.0.0",
"eslint-plugin-import-x": "^4.16.1",
"eslint-plugin-jsdoc": "^62.5.0",
"eslint-plugin-no-async-foreach": "^0.1.1",
glob: "^11.1.0",
globals: "^16.5.0",
nock: "^14.0.11",
sinon: "^21.0.1",
typescript: "^5.9.3"
typescript: "^5.9.3",
"typescript-eslint": "^8.56.0"
},
overrides: {
"@actions/tool-cache": {
@@ -154776,7 +154773,7 @@ var require_cacheHttpClient = __commonJS({
exports2.getCacheEntry = getCacheEntry;
exports2.downloadCache = downloadCache;
exports2.reserveCache = reserveCache;
exports2.saveCache = saveCache4;
exports2.saveCache = saveCache5;
var core14 = __importStar2(require_core());
var http_client_1 = require_lib();
var auth_1 = require_auth();
@@ -154953,7 +154950,7 @@ Other caches with similar key:`);
}));
});
}
function saveCache4(cacheId, archivePath, signedUploadURL, options) {
function saveCache5(cacheId, archivePath, signedUploadURL, options) {
return __awaiter2(this, void 0, void 0, function* () {
const uploadOptions = (0, options_1.getUploadOptions)(options);
if (uploadOptions.useAzureSdk) {
@@ -156227,8 +156224,8 @@ var require_cache6 = __commonJS({
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.FinalizeCacheError = exports2.ReserveCacheError = exports2.ValidationError = void 0;
exports2.isFeatureAvailable = isFeatureAvailable;
exports2.restoreCache = restoreCache4;
exports2.saveCache = saveCache4;
exports2.restoreCache = restoreCache5;
exports2.saveCache = saveCache5;
var core14 = __importStar2(require_core());
var path3 = __importStar2(require("path"));
var utils = __importStar2(require_cacheUtils());
@@ -156285,7 +156282,7 @@ var require_cache6 = __commonJS({
return !!process.env["ACTIONS_CACHE_URL"];
}
}
function restoreCache4(paths_1, primaryKey_1, restoreKeys_1, options_1) {
function restoreCache5(paths_1, primaryKey_1, restoreKeys_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core14.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -156429,7 +156426,7 @@ var require_cache6 = __commonJS({
return void 0;
});
}
function saveCache4(paths_1, key_1, options_1) {
function saveCache5(paths_1, key_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, key, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core14.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -160700,9 +160697,6 @@ function getRequiredEnvParam(paramName) {
return value;
}
var ConfigurationError = class extends Error {
constructor(message) {
super(message);
}
};
function isInTestMode() {
return process.env["CODEQL_ACTION_TEST_MODE" /* TEST_MODE */] === "true";
@@ -161076,7 +161070,7 @@ function withGroup(groupName, f) {
// src/feature-flags.ts
var semver5 = __toESM(require_semver2());
// src/overlay-database-utils.ts
// src/overlay/index.ts
var actionsCache = __toESM(require_cache6());
// src/git-utils.ts
@@ -161085,7 +161079,7 @@ var toolrunner2 = __toESM(require_toolrunner());
var io3 = __toESM(require_io());
var semver3 = __toESM(require_semver2());
// src/overlay-database-utils.ts
// src/overlay/index.ts
var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.8";
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
@@ -161243,6 +161237,16 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP",
minimumVersion: void 0
},
["overlay_analysis_status_check" /* OverlayAnalysisStatusCheck */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_CHECK",
minimumVersion: void 0
},
["overlay_analysis_status_save" /* OverlayAnalysisStatusSave */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_SAVE",
minimumVersion: void 0
},
["overlay_analysis_go" /* OverlayAnalysisGo */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO",
@@ -161263,6 +161267,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON",
minimumVersion: void 0
},
["overlay_analysis_resource_checks_v2" /* OverlayAnalysisResourceChecksV2 */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RESOURCE_CHECKS_V2",
minimumVersion: void 0
},
["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY",
@@ -161304,11 +161313,6 @@ var featureConfig = {
// cannot be found when interpreting results.
minimumVersion: void 0
},
["start_proxy_connection_checks" /* StartProxyConnectionChecks */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_START_PROXY_CONNECTION_CHECKS",
minimumVersion: void 0
},
["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
@@ -161327,12 +161331,17 @@ var featureConfig = {
}
};
// src/trap-caching.ts
// src/overlay/status.ts
var actionsCache2 = __toESM(require_cache6());
// src/trap-caching.ts
var actionsCache3 = __toESM(require_cache6());
// src/config-utils.ts
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB = 14e3;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB * 1e6;
var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
var OVERLAY_ANALYSIS_FEATURES = {
actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
@@ -161379,7 +161388,7 @@ var semver7 = __toESM(require_semver2());
var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024;
// src/dependency-caching.ts
var actionsCache3 = __toESM(require_cache6());
var actionsCache4 = __toESM(require_cache6());
var glob = __toESM(require_glob2());
// src/artifact-scanner.ts
lib/upload-sarif-action.js
Generated
+43 -33
View File
@@ -46037,8 +46037,6 @@ var require_package = __commonJS({
devDependencies: {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^2.0.2",
"@eslint/eslintrc": "^3.3.3",
"@eslint/js": "^9.39.2",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^16.0.0",
"@types/archiver": "^7.0.0",
@@ -46048,21 +46046,20 @@ var require_package = __commonJS({
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.1",
"@types/sinon": "^21.0.0",
"@typescript-eslint/eslint-plugin": "^8.55.0",
"@typescript-eslint/parser": "^8.48.0",
ava: "^6.4.1",
esbuild: "^0.27.3",
eslint: "^8.57.1",
eslint: "^9.39.2",
"eslint-import-resolver-typescript": "^3.8.7",
"eslint-plugin-filenames": "^1.3.2",
"eslint-plugin-github": "^5.1.8",
"eslint-plugin-import": "2.29.1",
"eslint-plugin-jsdoc": "^62.5.4",
"eslint-plugin-github": "^6.0.0",
"eslint-plugin-import-x": "^4.16.1",
"eslint-plugin-jsdoc": "^62.5.0",
"eslint-plugin-no-async-foreach": "^0.1.1",
glob: "^11.1.0",
globals: "^16.5.0",
nock: "^14.0.11",
sinon: "^21.0.1",
typescript: "^5.9.3"
typescript: "^5.9.3",
"typescript-eslint": "^8.56.0"
},
overrides: {
"@actions/tool-cache": {
@@ -92794,7 +92791,7 @@ var require_cacheHttpClient = __commonJS({
exports2.getCacheEntry = getCacheEntry;
exports2.downloadCache = downloadCache;
exports2.reserveCache = reserveCache;
exports2.saveCache = saveCache3;
exports2.saveCache = saveCache4;
var core14 = __importStar2(require_core());
var http_client_1 = require_lib();
var auth_1 = require_auth();
@@ -92971,7 +92968,7 @@ Other caches with similar key:`);
}));
});
}
function saveCache3(cacheId, archivePath, signedUploadURL, options) {
function saveCache4(cacheId, archivePath, signedUploadURL, options) {
return __awaiter2(this, void 0, void 0, function* () {
const uploadOptions = (0, options_1.getUploadOptions)(options);
if (uploadOptions.useAzureSdk) {
@@ -98471,8 +98468,8 @@ var require_cache5 = __commonJS({
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.FinalizeCacheError = exports2.ReserveCacheError = exports2.ValidationError = void 0;
exports2.isFeatureAvailable = isFeatureAvailable;
exports2.restoreCache = restoreCache3;
exports2.saveCache = saveCache3;
exports2.restoreCache = restoreCache4;
exports2.saveCache = saveCache4;
var core14 = __importStar2(require_core());
var path13 = __importStar2(require("path"));
var utils = __importStar2(require_cacheUtils());
@@ -98529,7 +98526,7 @@ var require_cache5 = __commonJS({
return !!process.env["ACTIONS_CACHE_URL"];
}
}
function restoreCache3(paths_1, primaryKey_1, restoreKeys_1, options_1) {
function restoreCache4(paths_1, primaryKey_1, restoreKeys_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core14.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -98673,7 +98670,7 @@ var require_cache5 = __commonJS({
return void 0;
});
}
function saveCache3(paths_1, key_1, options_1) {
function saveCache4(paths_1, key_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, key, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core14.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -105867,9 +105864,6 @@ var HTTPError = class extends Error {
}
};
var ConfigurationError = class extends Error {
constructor(message) {
super(message);
}
};
function asHTTPError(arg) {
if (typeof arg !== "object" || arg === null || typeof arg.message !== "string") {
@@ -106870,7 +106864,7 @@ var semver5 = __toESM(require_semver2());
var bundleVersion = "codeql-bundle-v2.24.2";
var cliVersion = "2.24.2";
// src/overlay-database-utils.ts
// src/overlay/index.ts
var fs3 = __toESM(require("fs"));
var path4 = __toESM(require("path"));
var actionsCache = __toESM(require_cache5());
@@ -107074,7 +107068,7 @@ async function isAnalyzingDefaultBranch() {
return currentRef === defaultBranch;
}
// src/overlay-database-utils.ts
// src/overlay/index.ts
var CODEQL_OVERLAY_MINIMUM_VERSION = "2.23.8";
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
@@ -107287,6 +107281,16 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP",
minimumVersion: void 0
},
["overlay_analysis_status_check" /* OverlayAnalysisStatusCheck */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_CHECK",
minimumVersion: void 0
},
["overlay_analysis_status_save" /* OverlayAnalysisStatusSave */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_SAVE",
minimumVersion: void 0
},
["overlay_analysis_go" /* OverlayAnalysisGo */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO",
@@ -107307,6 +107311,11 @@ var featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON",
minimumVersion: void 0
},
["overlay_analysis_resource_checks_v2" /* OverlayAnalysisResourceChecksV2 */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RESOURCE_CHECKS_V2",
minimumVersion: void 0
},
["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY",
@@ -107348,11 +107357,6 @@ var featureConfig = {
// cannot be found when interpreting results.
minimumVersion: void 0
},
["start_proxy_connection_checks" /* StartProxyConnectionChecks */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_START_PROXY_CONNECTION_CHECKS",
minimumVersion: void 0
},
["upload_overlay_db_to_api" /* UploadOverlayDbToApi */]: {
defaultValue: false,
envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
@@ -107712,12 +107716,17 @@ ${jsonContents}`
return JSON.parse(jsonContents);
}
// src/trap-caching.ts
// src/overlay/status.ts
var actionsCache2 = __toESM(require_cache5());
// src/trap-caching.ts
var actionsCache3 = __toESM(require_cache5());
// src/config-utils.ts
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 2e4;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1e6;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB = 14e3;
var OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES = OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB * 1e6;
var OVERLAY_MINIMUM_MEMORY_MB = 5 * 1024;
var OVERLAY_ANALYSIS_FEATURES = {
actions: "overlay_analysis_actions" /* OverlayAnalysisActions */,
@@ -109109,14 +109118,18 @@ ${output}`
await runCli(cmd, codeqlArgs);
}
},
async databaseBundle(databasePath, outputFilePath, databaseName, alsoIncludeRelativePaths) {
async databaseBundle(databasePath, outputFilePath, databaseName, includeDiagnostics, alsoIncludeRelativePaths) {
const includeDiagnosticsArgs = includeDiagnostics ? ["--include-diagnostics"] : [];
const args = [
"database",
"bundle",
databasePath,
`--output=${outputFilePath}`,
`--name=${databaseName}`,
...getExtraOptionsFromEnv(["database", "bundle"])
...includeDiagnosticsArgs,
...getExtraOptionsFromEnv(["database", "bundle"], {
ignoringOptions: includeDiagnosticsArgs
})
];
if (await this.supportsFeature("bundleSupportsIncludeOption" /* BundleSupportsIncludeOption */)) {
args.push(
@@ -110652,7 +110665,7 @@ function resolveUriToFile(location, artifacts, sourceRoot, logger) {
}
async function addFingerprints(sarif, sourceRoot, logger) {
logger.info(
`Adding fingerprints to SARIF file. See ${"https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs" /* TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS */} for more information.`
`Adding fingerprints to SARIF file. See ${"https://docs.github.com/en/code-security/reference/code-scanning/sarif-support-for-code-scanning#data-for-preventing-duplicated-alerts" /* TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS */} for more information.`
);
const callbacksByFile = {};
for (const run2 of sarif.runs || []) {
@@ -111323,9 +111336,6 @@ function sanitize(str2) {
return (str2 ?? "_").replace(/[^a-zA-Z0-9_]/g, "_").toLocaleUpperCase();
}
var InvalidSarifUploadError = class extends Error {
constructor(message) {
super(message);
}
};
function filterAlertsByDiffRange(logger, sarif) {
const diffRanges = readDiffRangesJsonFile(logger);
package-lock.json
Generated
+2000 -1335
View File
File diff suppressed because it is too large Load Diff
package.json
+7 -10
View File
@@ -51,8 +51,6 @@
"devDependencies": {
"@ava/typescript": "6.0.0",
"@eslint/compat": "^2.0.2",
"@eslint/eslintrc": "^3.3.3",
"@eslint/js": "^9.39.2",
"@microsoft/eslint-formatter-sarif": "^3.1.0",
"@octokit/types": "^16.0.0",
"@types/archiver": "^7.0.0",
@@ -62,21 +60,20 @@
"@types/node-forge": "^1.3.14",
"@types/semver": "^7.7.1",
"@types/sinon": "^21.0.0",
"@typescript-eslint/eslint-plugin": "^8.55.0",
"@typescript-eslint/parser": "^8.48.0",
"ava": "^6.4.1",
"esbuild": "^0.27.3",
"eslint": "^8.57.1",
"eslint": "^9.39.2",
"eslint-import-resolver-typescript": "^3.8.7",
"eslint-plugin-filenames": "^1.3.2",
"eslint-plugin-github": "^5.1.8",
"eslint-plugin-import": "2.29.1",
"eslint-plugin-jsdoc": "^62.5.4",
"eslint-plugin-github": "^6.0.0",
"eslint-plugin-import-x": "^4.16.1",
"eslint-plugin-jsdoc": "^62.5.0",
"eslint-plugin-no-async-foreach": "^0.1.1",
"glob": "^11.1.0",
"globals": "^16.5.0",
"nock": "^14.0.11",
"sinon": "^21.0.1",
"typescript": "^5.9.3"
"typescript": "^5.9.3",
"typescript-eslint": "^8.56.0"
},
"overrides": {
"@actions/tool-cache": {
src/analyze-action.ts
+1 -1
View File
@@ -33,7 +33,7 @@ import { EnvVar } from "./environment";
import { initFeatures } from "./feature-flags";
import { KnownLanguage } from "./languages";
import { getActionsLogger, Logger } from "./logging";
import { cleanupAndUploadOverlayBaseDatabaseToCache } from "./overlay-database-utils";
import { cleanupAndUploadOverlayBaseDatabaseToCache } from "./overlay";
import { getRepositoryNwo } from "./repository";
import * as statusReport from "./status-report";
import {
src/analyze.ts
+1 -1
View File
@@ -24,7 +24,7 @@ import { EnvVar } from "./environment";
import { FeatureEnablement, Feature } from "./feature-flags";
import { KnownLanguage, Language } from "./languages";
import { Logger, withGroupAsync } from "./logging";
import { OverlayDatabaseMode } from "./overlay-database-utils";
import { OverlayDatabaseMode } from "./overlay";
import { DatabaseCreationTimings, EventReport } from "./status-report";
import { endTracingForCluster } from "./tracer-config";
import * as util from "./util";
src/codeql.ts
+10 -2
View File
@@ -28,7 +28,7 @@ import {
OverlayDatabaseMode,
writeBaseDatabaseOidsFile,
writeOverlayChangesFile,
} from "./overlay-database-utils";
} from "./overlay";
import * as setupCodeql from "./setup-codeql";
import { ZstdAvailability } from "./tar";
import { ToolsDownloadStatusReport } from "./tools-download";
@@ -160,6 +160,7 @@ export interface CodeQL {
databasePath: string,
outputFilePath: string,
dbName: string,
includeDiagnostics: boolean,
alsoIncludeRelativePaths: string[],
): Promise<void>;
/**
@@ -912,15 +913,22 @@ async function getCodeQLForCmd(
databasePath: string,
outputFilePath: string,
databaseName: string,
includeDiagnostics: boolean,
alsoIncludeRelativePaths: string[],
): Promise<void> {
const includeDiagnosticsArgs = includeDiagnostics
? ["--include-diagnostics"]
: [];
const args = [
"database",
"bundle",
databasePath,
`--output=${outputFilePath}`,
`--name=${databaseName}`,
...getExtraOptionsFromEnv(["database", "bundle"]),
...includeDiagnosticsArgs,
...getExtraOptionsFromEnv(["database", "bundle"], {
ignoringOptions: includeDiagnosticsArgs,
}),
];
if (
await this.supportsFeature(ToolsFeature.BundleSupportsIncludeOption)
src/config-utils.test.ts
+118 -5
View File
@@ -18,10 +18,8 @@ import * as gitUtils from "./git-utils";
import { GitVersionInfo } from "./git-utils";
import { KnownLanguage, Language } from "./languages";
import { getRunnerLogger } from "./logging";
import {
CODEQL_OVERLAY_MINIMUM_VERSION,
OverlayDatabaseMode,
} from "./overlay-database-utils";
import { CODEQL_OVERLAY_MINIMUM_VERSION, OverlayDatabaseMode } from "./overlay";
import * as overlayStatus from "./overlay/status";
import { parseRepositoryNwo } from "./repository";
import {
setupTests,
@@ -984,6 +982,7 @@ interface OverlayDatabaseModeTestSetup {
codeScanningConfig: configUtils.UserConfig;
diskUsage: DiskUsage | undefined;
memoryFlagValue: number;
shouldSkipOverlayAnalysisDueToCachedStatus: boolean;
}
const defaultOverlayDatabaseModeTestSetup: OverlayDatabaseModeTestSetup = {
@@ -1005,6 +1004,7 @@ const defaultOverlayDatabaseModeTestSetup: OverlayDatabaseModeTestSetup = {
numTotalBytes: 100_000_000_000,
},
memoryFlagValue: 6920,
shouldSkipOverlayAnalysisDueToCachedStatus: false,
};
const getOverlayDatabaseModeMacro = test.macro({
@@ -1015,6 +1015,7 @@ const getOverlayDatabaseModeMacro = test.macro({
expected: {
overlayDatabaseMode: OverlayDatabaseMode;
useOverlayDatabaseCaching: boolean;
skippedDueToCachedStatus?: boolean;
},
) => {
return await withTmpDir(async (tempDir) => {
@@ -1039,6 +1040,10 @@ const getOverlayDatabaseModeMacro = test.macro({
sinon.stub(util, "checkDiskUsage").resolves(setup.diskUsage);
sinon
.stub(overlayStatus, "shouldSkipOverlayAnalysis")
.resolves(setup.shouldSkipOverlayAnalysisDueToCachedStatus);
// Mock feature flags
const features = createFeatures(setup.features);
@@ -1081,7 +1086,10 @@ const getOverlayDatabaseModeMacro = test.macro({
logger,
);
t.deepEqual(result, expected);
t.deepEqual(result, {
skippedDueToCachedStatus: false,
...expected,
});
} finally {
// Restore the original environment
process.env = originalEnv;
@@ -1261,6 +1269,71 @@ test(
},
);
test(
getOverlayDatabaseModeMacro,
"No overlay-base database on default branch if runner disk space is below v2 limit and v2 resource checks enabled",
{
languages: [KnownLanguage.javascript],
features: [
Feature.OverlayAnalysis,
Feature.OverlayAnalysisCodeScanningJavascript,
Feature.OverlayAnalysisResourceChecksV2,
],
isDefaultBranch: true,
diskUsage: {
numAvailableBytes: 5_000_000_000,
numTotalBytes: 100_000_000_000,
},
},
{
overlayDatabaseMode: OverlayDatabaseMode.None,
useOverlayDatabaseCaching: false,
},
);
test(
getOverlayDatabaseModeMacro,
"Overlay-base database on default branch if runner disk space is between v2 and v1 limits and v2 resource checks enabled",
{
languages: [KnownLanguage.javascript],
features: [
Feature.OverlayAnalysis,
Feature.OverlayAnalysisCodeScanningJavascript,
Feature.OverlayAnalysisResourceChecksV2,
],
isDefaultBranch: true,
diskUsage: {
numAvailableBytes: 15_000_000_000,
numTotalBytes: 100_000_000_000,
},
},
{
overlayDatabaseMode: OverlayDatabaseMode.OverlayBase,
useOverlayDatabaseCaching: true,
},
);
test(
getOverlayDatabaseModeMacro,
"No overlay-base database on default branch if runner disk space is between v2 and v1 limits and v2 resource checks not enabled",
{
languages: [KnownLanguage.javascript],
features: [
Feature.OverlayAnalysis,
Feature.OverlayAnalysisCodeScanningJavascript,
],
isDefaultBranch: true,
diskUsage: {
numAvailableBytes: 15_000_000_000,
numTotalBytes: 100_000_000_000,
},
},
{
overlayDatabaseMode: OverlayDatabaseMode.None,
useOverlayDatabaseCaching: false,
},
);
test(
getOverlayDatabaseModeMacro,
"No overlay-base database on default branch if memory flag is too low",
@@ -1298,6 +1371,46 @@ test(
},
);
test(
getOverlayDatabaseModeMacro,
"No overlay-base database on default branch when cached status indicates previous failure",
{
languages: [KnownLanguage.javascript],
features: [
Feature.OverlayAnalysis,
Feature.OverlayAnalysisJavascript,
Feature.OverlayAnalysisStatusCheck,
],
isDefaultBranch: true,
shouldSkipOverlayAnalysisDueToCachedStatus: true,
},
{
overlayDatabaseMode: OverlayDatabaseMode.None,
useOverlayDatabaseCaching: false,
skippedDueToCachedStatus: true,
},
);
test(
getOverlayDatabaseModeMacro,
"No overlay analysis on PR when cached status indicates previous failure",
{
languages: [KnownLanguage.javascript],
features: [
Feature.OverlayAnalysis,
Feature.OverlayAnalysisJavascript,
Feature.OverlayAnalysisStatusCheck,
],
isPullRequest: true,
shouldSkipOverlayAnalysisDueToCachedStatus: true,
},
{
overlayDatabaseMode: OverlayDatabaseMode.None,
useOverlayDatabaseCaching: false,
skippedDueToCachedStatus: true,
},
);
test(
getOverlayDatabaseModeMacro,
"No overlay-base database on default branch when code-scanning feature enabled with disable-default-queries",
src/config-utils.ts
+104 -21
View File
@@ -27,9 +27,11 @@ import {
} from "./config/db-config";
import {
addNoLanguageDiagnostic,
makeDiagnostic,
makeTelemetryDiagnostic,
} from "./diagnostics";
import { shouldPerformDiffInformedAnalysis } from "./diff-informed-analysis-utils";
import { DocUrl } from "./doc-url";
import { EnvVar } from "./environment";
import * as errorMessages from "./error-messages";
import { Feature, FeatureEnablement } from "./feature-flags";
@@ -44,10 +46,8 @@ import {
} from "./git-utils";
import { KnownLanguage, Language } from "./languages";
import { Logger } from "./logging";
import {
CODEQL_OVERLAY_MINIMUM_VERSION,
OverlayDatabaseMode,
} from "./overlay-database-utils";
import { CODEQL_OVERLAY_MINIMUM_VERSION, OverlayDatabaseMode } from "./overlay";
import { shouldSkipOverlayAnalysis } from "./overlay/status";
import { RepositoryNwo } from "./repository";
import { ToolsFeature } from "./tools-features";
import { downloadTrapCaches } from "./trap-caching";
@@ -63,6 +63,7 @@ import {
getErrorMessage,
isInTestMode,
joinAtMost,
DiskUsage,
} from "./util";
export * from "./config/db-config";
@@ -78,6 +79,15 @@ const OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB = 20000;
const OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES =
OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_MB * 1_000_000;
/**
* The v2 minimum available disk space (in MB) required to perform overlay
* analysis. This is a lower threshold than the v1 limit, allowing overlay
* analysis to run on runners with less available disk space.
*/
const OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB = 14000;
const OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES =
OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_MB * 1_000_000;
/**
* The minimum memory (in MB) that must be available for CodeQL to perform overlay
* analysis. If CodeQL will be given less memory than this threshold, then the
@@ -675,21 +685,26 @@ async function isOverlayAnalysisFeatureEnabled(
* and the maximum memory CodeQL will be allowed to use.
*/
async function runnerSupportsOverlayAnalysis(
diskUsage: DiskUsage | undefined,
ramInput: string | undefined,
logger: Logger,
useV2ResourceChecks: boolean,
): Promise<boolean> {
const diskUsage = await checkDiskUsage(logger);
const minimumDiskSpaceBytes = useV2ResourceChecks
? OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_V2_BYTES
: OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES;
if (
diskUsage === undefined ||
diskUsage.numAvailableBytes < OVERLAY_MINIMUM_AVAILABLE_DISK_SPACE_BYTES
diskUsage.numAvailableBytes < minimumDiskSpaceBytes
) {
const diskSpaceMb =
diskUsage === undefined
? 0
: Math.round(diskUsage.numAvailableBytes / 1_000_000);
const minimumDiskSpaceMb = Math.round(minimumDiskSpaceBytes / 1_000_000);
logger.info(
`Setting overlay database mode to ${OverlayDatabaseMode.None} ` +
`due to insufficient disk space (${diskSpaceMb} MB).`,
`due to insufficient disk space (${diskSpaceMb} MB, needed ${minimumDiskSpaceMb} MB).`,
);
return false;
}
@@ -698,7 +713,7 @@ async function runnerSupportsOverlayAnalysis(
if (memoryFlagValue < OVERLAY_MINIMUM_MEMORY_MB) {
logger.info(
`Setting overlay database mode to ${OverlayDatabaseMode.None} ` +
`due to insufficient memory for CodeQL analysis (${memoryFlagValue} MB).`,
`due to insufficient memory for CodeQL analysis (${memoryFlagValue} MB, needed ${OVERLAY_MINIMUM_MEMORY_MB} MB).`,
);
return false;
}
@@ -740,9 +755,11 @@ export async function getOverlayDatabaseMode(
): Promise<{
overlayDatabaseMode: OverlayDatabaseMode;
useOverlayDatabaseCaching: boolean;
skippedDueToCachedStatus: boolean;
}> {
let overlayDatabaseMode = OverlayDatabaseMode.None;
let useOverlayDatabaseCaching = false;
let skippedDueToCachedStatus = false;
const modeEnv = process.env.CODEQL_OVERLAY_DATABASE_MODE;
// Any unrecognized CODEQL_OVERLAY_DATABASE_MODE value will be ignored and
@@ -769,11 +786,43 @@ export async function getOverlayDatabaseMode(
Feature.OverlayAnalysisSkipResourceChecks,
codeql,
));
const useV2ResourceChecks = await features.getValue(
Feature.OverlayAnalysisResourceChecksV2,
);
const checkOverlayStatus = await features.getValue(
Feature.OverlayAnalysisStatusCheck,
);
const diskUsage =
performResourceChecks || checkOverlayStatus
? await checkDiskUsage(logger)
: undefined;
if (
performResourceChecks &&
!(await runnerSupportsOverlayAnalysis(ramInput, logger))
!(await runnerSupportsOverlayAnalysis(
diskUsage,
ramInput,
logger,
useV2ResourceChecks,
))
) {
overlayDatabaseMode = OverlayDatabaseMode.None;
} else if (checkOverlayStatus && diskUsage === undefined) {
logger.warning(
`Unable to determine disk usage, therefore setting overlay database mode to ${OverlayDatabaseMode.None}.`,
);
overlayDatabaseMode = OverlayDatabaseMode.None;
} else if (
checkOverlayStatus &&
diskUsage &&
(await shouldSkipOverlayAnalysis(codeql, languages, diskUsage, logger))
) {
logger.info(
`Setting overlay database mode to ${OverlayDatabaseMode.None} ` +
"because overlay analysis previously failed with this combination of languages, " +
"disk space, and CodeQL version.",
);
overlayDatabaseMode = OverlayDatabaseMode.None;
skippedDueToCachedStatus = true;
} else if (isAnalyzingPullRequest()) {
overlayDatabaseMode = OverlayDatabaseMode.Overlay;
useOverlayDatabaseCaching = true;
@@ -794,6 +843,7 @@ export async function getOverlayDatabaseMode(
const nonOverlayAnalysis = {
overlayDatabaseMode: OverlayDatabaseMode.None,
useOverlayDatabaseCaching: false,
skippedDueToCachedStatus,
};
if (overlayDatabaseMode === OverlayDatabaseMode.None) {
@@ -858,6 +908,7 @@ export async function getOverlayDatabaseMode(
return {
overlayDatabaseMode,
useOverlayDatabaseCaching,
skippedDueToCachedStatus,
};
}
@@ -1004,18 +1055,21 @@ export async function initConfig(
// and queries, which in turn depends on the user config and the augmentation
// properties. So we need to calculate the overlay database mode after the
// rest of the config has been populated.
const { overlayDatabaseMode, useOverlayDatabaseCaching } =
await getOverlayDatabaseMode(
inputs.codeql,
inputs.features,
config.languages,
inputs.sourceRoot,
config.buildMode,
inputs.ramInput,
config.computedConfig,
gitVersion,
logger,
);
const {
overlayDatabaseMode,
useOverlayDatabaseCaching,
skippedDueToCachedStatus: overlaySkippedDueToCachedStatus,
} = await getOverlayDatabaseMode(
inputs.codeql,
inputs.features,
config.languages,
inputs.sourceRoot,
config.buildMode,
inputs.ramInput,
config.computedConfig,
gitVersion,
logger,
);
logger.info(
`Using overlay database mode: ${overlayDatabaseMode} ` +
`${useOverlayDatabaseCaching ? "with" : "without"} caching.`,
@@ -1023,6 +1077,35 @@ export async function initConfig(
config.overlayDatabaseMode = overlayDatabaseMode;
config.useOverlayDatabaseCaching = useOverlayDatabaseCaching;
if (overlaySkippedDueToCachedStatus) {
addNoLanguageDiagnostic(
config,
makeDiagnostic(
"codeql-action/overlay-skipped-due-to-cached-status",
"Skipped improved incremental analysis because it failed previously with similar hardware resources",
{
attributes: {
languages: config.languages,
},
markdownMessage:
`Improved incremental analysis was skipped because it previously failed for this repository ` +
`with CodeQL version ${(await inputs.codeql.getVersion()).version} on a runner with similar hardware resources. ` +
"Improved incremental analysis may require a significant amount of disk space for some repositories. " +
"If you want to enable improved incremental analysis, increase the disk space available " +
"to the runner. If that doesn't help, contact GitHub Support for further assistance.\n\n" +
"Improved incremental analysis will be automatically retried when the next version of CodeQL is released. " +
`You can also manually trigger a retry by [removing](${DocUrl.DELETE_ACTIONS_CACHE_ENTRIES}) \`codeql-overlay-status-*\` entries from the Actions cache.`,
severity: "note",
visibility: {
cliSummaryTable: true,
statusPage: true,
telemetry: true,
},
},
),
);
}
if (
overlayDatabaseMode === OverlayDatabaseMode.Overlay ||
(await shouldPerformDiffInformedAnalysis(
src/database-upload.ts
+4 -2
View File
@@ -8,7 +8,7 @@ import { Config } from "./config-utils";
import { Feature, FeatureEnablement } from "./feature-flags";
import * as gitUtils from "./git-utils";
import { Logger, withGroupAsync } from "./logging";
import { OverlayDatabaseMode } from "./overlay-database-utils";
import { OverlayDatabaseMode } from "./overlay";
import { RepositoryNwo } from "./repository";
import * as util from "./util";
import { bundleDb, CleanupLevel, parseGitHubUrl } from "./util";
@@ -101,7 +101,9 @@ export async function cleanupAndUploadDatabases(
// Although we are uploading arbitrary file contents to the API, it's worth
// noting that it's the API's job to validate that the contents is acceptable.
// This API method is available to anyone with write access to the repo.
const bundledDb = await bundleDb(config, language, codeql, language);
const bundledDb = await bundleDb(config, language, codeql, language, {
includeDiagnostics: false,
});
bundledDbSize = fs.statSync(bundledDb).size;
const bundledDbReadStream = fs.createReadStream(bundledDb);
const commitOid = await gitUtils.getCommitOid(
src/debug-artifacts.ts
+1
View File
@@ -429,6 +429,7 @@ async function createDatabaseBundleCli(
language,
codeql,
`${config.debugDatabaseName}-${language}`,
{ includeDiagnostics: true },
);
return databaseBundlePath;
}
src/doc-url.ts
+3 -2
View File
@@ -5,10 +5,11 @@
export enum DocUrl {
ASSIGNING_PERMISSIONS_TO_JOBS = "https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs",
AUTOMATIC_BUILD_FAILED = "https://docs.github.com/en/code-security/code-scanning/troubleshooting-code-scanning/automatic-build-failed",
CODEQL_BUILD_MODES = "https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes",
DEFINE_ENV_VARIABLES = "https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow",
DELETE_ACTIONS_CACHE_ENTRIES = "https://docs.github.com/en/actions/how-tos/manage-workflow-runs/manage-caches#deleting-cache-entries",
SCANNING_ON_PUSH = "https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning#scanning-on-push",
SPECIFY_BUILD_STEPS_MANUALLY = "https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#about-specifying-build-steps-manually",
TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS = "https://docs.github.com/en/enterprise-cloud@latest/code-security/code-scanning/integrating-with-code-scanning/sarif-support-for-code-scanning#providing-data-to-track-code-scanning-alerts-across-runs",
CODEQL_BUILD_MODES = "https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages#codeql-build-modes",
SYSTEM_REQUIREMENTS = "https://codeql.github.com/docs/codeql-overview/system-requirements/",
TRACK_CODE_SCANNING_ALERTS_ACROSS_RUNS = "https://docs.github.com/en/code-security/reference/code-scanning/sarif-support-for-code-scanning#data-for-preventing-duplicated-alerts",
}
src/feature-flags.ts
+19 -7
View File
@@ -7,7 +7,7 @@ import { getApiClient } from "./api-client";
import type { CodeQL } from "./codeql";
import * as defaults from "./defaults.json";
import { Logger } from "./logging";
import { CODEQL_OVERLAY_MINIMUM_VERSION } from "./overlay-database-utils";
import { CODEQL_OVERLAY_MINIMUM_VERSION } from "./overlay";
import { RepositoryNwo } from "./repository";
import { ToolsFeature } from "./tools-features";
import * as util from "./util";
@@ -63,10 +63,13 @@ export enum Feature {
OverlayAnalysisCodeScanningSwift = "overlay_analysis_code_scanning_swift",
OverlayAnalysisCpp = "overlay_analysis_cpp",
OverlayAnalysisCsharp = "overlay_analysis_csharp",
OverlayAnalysisStatusCheck = "overlay_analysis_status_check",
OverlayAnalysisStatusSave = "overlay_analysis_status_save",
OverlayAnalysisGo = "overlay_analysis_go",
OverlayAnalysisJava = "overlay_analysis_java",
OverlayAnalysisJavascript = "overlay_analysis_javascript",
OverlayAnalysisPython = "overlay_analysis_python",
OverlayAnalysisResourceChecksV2 = "overlay_analysis_resource_checks_v2",
OverlayAnalysisRuby = "overlay_analysis_ruby",
OverlayAnalysisRust = "overlay_analysis_rust",
OverlayAnalysisSkipResourceChecks = "overlay_analysis_skip_resource_checks",
@@ -75,7 +78,6 @@ export enum Feature {
QaTelemetryEnabled = "qa_telemetry_enabled",
/** Note that this currently only disables baseline file coverage information. */
SkipFileCoverageOnPrs = "skip_file_coverage_on_prs",
StartProxyConnectionChecks = "start_proxy_connection_checks",
UploadOverlayDbToApi = "upload_overlay_db_to_api",
UseRepositoryProperties = "use_repository_properties_v2",
ValidateDbConfig = "validate_db_config",
@@ -255,6 +257,16 @@ export const featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP",
minimumVersion: undefined,
},
[Feature.OverlayAnalysisStatusCheck]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_CHECK",
minimumVersion: undefined,
},
[Feature.OverlayAnalysisStatusSave]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_SAVE",
minimumVersion: undefined,
},
[Feature.OverlayAnalysisGo]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO",
@@ -275,6 +287,11 @@ export const featureConfig = {
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON",
minimumVersion: undefined,
},
[Feature.OverlayAnalysisResourceChecksV2]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RESOURCE_CHECKS_V2",
minimumVersion: undefined,
},
[Feature.OverlayAnalysisRuby]: {
defaultValue: false,
envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY",
@@ -316,11 +333,6 @@ export const featureConfig = {
// cannot be found when interpreting results.
minimumVersion: undefined,
},
[Feature.StartProxyConnectionChecks]: {
defaultValue: false,
envVar: "CODEQL_ACTION_START_PROXY_CONNECTION_CHECKS",
minimumVersion: undefined,
},
[Feature.UploadOverlayDbToApi]: {
defaultValue: false,
envVar: "CODEQL_ACTION_UPLOAD_OVERLAY_DB_TO_API",
src/init-action-post-helper.test.ts
+180 -2
View File
@@ -5,9 +5,12 @@ import * as actionsUtil from "./actions-util";
import { AnalysisKind } from "./analyses";
import * as codeql from "./codeql";
import * as configUtils from "./config-utils";
import { EnvVar } from "./environment";
import { Feature } from "./feature-flags";
import * as initActionPostHelper from "./init-action-post-helper";
import { getRunnerLogger } from "./logging";
import { OverlayDatabaseMode } from "./overlay";
import * as overlayStatus from "./overlay/status";
import { parseRepositoryNwo } from "./repository";
import {
createFeatures,
@@ -19,9 +22,11 @@ import * as uploadLib from "./upload-lib";
import * as util from "./util";
import * as workflow from "./workflow";
const NUM_BYTES_PER_GIB = 1024 * 1024 * 1024;
setupTests(test);
test("post: init action with debug mode off", async (t) => {
test("init-post action with debug mode off", async (t) => {
return await util.withTmpDir(async (tmpDir) => {
process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
process.env["RUNNER_TEMP"] = tmpDir;
@@ -55,7 +60,7 @@ test("post: init action with debug mode off", async (t) => {
});
});
test("post: init action with debug mode on", async (t) => {
test("init-post action with debug mode on", async (t) => {
return await util.withTmpDir(async (tmpDir) => {
process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
process.env["RUNNER_TEMP"] = tmpDir;
@@ -308,6 +313,179 @@ test("not uploading failed SARIF when `code-scanning` is not an enabled analysis
);
});
test("saves overlay status when overlay-base analysis did not complete successfully", async (t) => {
return await util.withTmpDir(async (tmpDir) => {
process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
process.env["RUNNER_TEMP"] = tmpDir;
// Ensure analyze did not complete successfully.
delete process.env[EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY];
const diskUsage: util.DiskUsage = {
numAvailableBytes: 100 * NUM_BYTES_PER_GIB,
numTotalBytes: 200 * NUM_BYTES_PER_GIB,
};
sinon.stub(util, "checkDiskUsage").resolves(diskUsage);
const saveOverlayStatusStub = sinon
.stub(overlayStatus, "saveOverlayStatus")
.resolves(true);
const stubCodeQL = codeql.createStubCodeQL({});
await initActionPostHelper.run(
sinon.spy(),
sinon.spy(),
stubCodeQL,
createTestConfig({
debugMode: false,
languages: ["javascript"],
overlayDatabaseMode: OverlayDatabaseMode.OverlayBase,
}),
parseRepositoryNwo("github/codeql-action"),
createFeatures([Feature.OverlayAnalysisStatusSave]),
getRunnerLogger(true),
);
t.true(
saveOverlayStatusStub.calledOnce,
"saveOverlayStatus should be called exactly once",
);
t.deepEqual(
saveOverlayStatusStub.firstCall.args[0],
stubCodeQL,
"first arg should be the CodeQL instance",
);
t.deepEqual(
saveOverlayStatusStub.firstCall.args[1],
["javascript"],
"second arg should be the languages",
);
t.deepEqual(
saveOverlayStatusStub.firstCall.args[2],
diskUsage,
"third arg should be the disk usage",
);
t.deepEqual(
saveOverlayStatusStub.firstCall.args[3],
{
attemptedToBuildOverlayBaseDatabase: true,
builtOverlayBaseDatabase: false,
},
"fourth arg should be the overlay status recording an unsuccessful build attempt",
);
});
});
test("does not save overlay status when OverlayAnalysisStatusSave feature flag is disabled", async (t) => {
return await util.withTmpDir(async (tmpDir) => {
process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
process.env["RUNNER_TEMP"] = tmpDir;
// Ensure analyze did not complete successfully.
delete process.env[EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY];
sinon.stub(util, "checkDiskUsage").resolves({
numAvailableBytes: 100 * NUM_BYTES_PER_GIB,
numTotalBytes: 200 * NUM_BYTES_PER_GIB,
});
const saveOverlayStatusStub = sinon
.stub(overlayStatus, "saveOverlayStatus")
.resolves(true);
await initActionPostHelper.run(
sinon.spy(),
sinon.spy(),
codeql.createStubCodeQL({}),
createTestConfig({
debugMode: false,
languages: ["javascript"],
overlayDatabaseMode: OverlayDatabaseMode.OverlayBase,
}),
parseRepositoryNwo("github/codeql-action"),
createFeatures([]),
getRunnerLogger(true),
);
t.true(
saveOverlayStatusStub.notCalled,
"saveOverlayStatus should not be called when OverlayAnalysisStatusSave feature flag is disabled",
);
});
});
test("does not save overlay status when build successful", async (t) => {
return await util.withTmpDir(async (tmpDir) => {
process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
process.env["RUNNER_TEMP"] = tmpDir;
// Mark analyze as having completed successfully.
process.env[EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY] = "true";
sinon.stub(util, "checkDiskUsage").resolves({
numAvailableBytes: 100 * NUM_BYTES_PER_GIB,
numTotalBytes: 200 * NUM_BYTES_PER_GIB,
});
const saveOverlayStatusStub = sinon
.stub(overlayStatus, "saveOverlayStatus")
.resolves(true);
await initActionPostHelper.run(
sinon.spy(),
sinon.spy(),
codeql.createStubCodeQL({}),
createTestConfig({
debugMode: false,
languages: ["javascript"],
overlayDatabaseMode: OverlayDatabaseMode.OverlayBase,
}),
parseRepositoryNwo("github/codeql-action"),
createFeatures([Feature.OverlayAnalysisStatusSave]),
getRunnerLogger(true),
);
t.true(
saveOverlayStatusStub.notCalled,
"saveOverlayStatus should not be called when build completed successfully",
);
});
});
test("does not save overlay status when overlay not enabled", async (t) => {
return await util.withTmpDir(async (tmpDir) => {
process.env["GITHUB_REPOSITORY"] = "github/codeql-action-fake-repository";
process.env["RUNNER_TEMP"] = tmpDir;
delete process.env[EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY];
sinon.stub(util, "checkDiskUsage").resolves({
numAvailableBytes: 100 * NUM_BYTES_PER_GIB,
numTotalBytes: 200 * NUM_BYTES_PER_GIB,
});
const saveOverlayStatusStub = sinon
.stub(overlayStatus, "saveOverlayStatus")
.resolves(true);
await initActionPostHelper.run(
sinon.spy(),
sinon.spy(),
codeql.createStubCodeQL({}),
createTestConfig({
debugMode: false,
languages: ["javascript"],
overlayDatabaseMode: OverlayDatabaseMode.None,
}),
parseRepositoryNwo("github/codeql-action"),
createFeatures([]),
getRunnerLogger(true),
);
t.true(
saveOverlayStatusStub.notCalled,
"saveOverlayStatus should not be called when overlay is not enabled",
);
});
});
function createTestWorkflow(
steps: workflow.WorkflowJobStep[],
): workflow.Workflow {
src/init-action-post-helper.ts
+67
View File
@@ -11,10 +11,13 @@ import * as dependencyCaching from "./dependency-caching";
import { EnvVar } from "./environment";
import { Feature, FeatureEnablement } from "./feature-flags";
import { Logger } from "./logging";
import { OverlayDatabaseMode } from "./overlay";
import { OverlayStatus, saveOverlayStatus } from "./overlay/status";
import { RepositoryNwo, getRepositoryNwo } from "./repository";
import { JobStatus } from "./status-report";
import * as uploadLib from "./upload-lib";
import {
checkDiskUsage,
delay,
getErrorMessage,
getRequiredEnvParam,
@@ -171,6 +174,8 @@ export async function run(
features: FeatureEnablement,
logger: Logger,
) {
await recordOverlayStatus(codeql, config, features, logger);
const uploadFailedSarifResult = await tryUploadSarifIfRunFailed(
config,
repositoryNwo,
@@ -248,6 +253,68 @@ export async function run(
return uploadFailedSarifResult;
}
/**
* If overlay base database creation was attempted but the analysis did not complete
* successfully, save the failure status to the Actions cache so that subsequent runs
* can skip overlay analysis until something changes (e.g. a new CodeQL version).
*/
async function recordOverlayStatus(
codeql: CodeQL,
config: Config,
features: FeatureEnablement,
logger: Logger,
) {
if (
config.overlayDatabaseMode !== OverlayDatabaseMode.OverlayBase ||
process.env[EnvVar.ANALYZE_DID_COMPLETE_SUCCESSFULLY] === "true" ||
!(await features.getValue(Feature.OverlayAnalysisStatusSave))
) {
return;
}
const overlayStatus: OverlayStatus = {
attemptedToBuildOverlayBaseDatabase: true,
builtOverlayBaseDatabase: false,
};
const diskUsage = await checkDiskUsage(logger);
if (diskUsage === undefined) {
logger.warning(
"Unable to save overlay status to the Actions cache because the available disk space could not be determined.",
);
return;
}
const saved = await saveOverlayStatus(
codeql,
config.languages,
diskUsage,
overlayStatus,
logger,
);
const blurb =
"This job attempted to run with improved incremental analysis but it did not complete successfully. " +
"This may have been due to disk space constraints: using improved incremental analysis can " +
"require a significant amount of disk space for some repositories.";
if (saved) {
logger.error(
`${blurb} ` +
"This failure has been recorded in the Actions cache, so the next CodeQL analysis will run " +
"without improved incremental analysis. If you want to enable improved incremental analysis, " +
"increase the disk space available to the runner. " +
"If that doesn't help, contact GitHub Support for further assistance.",
);
} else {
logger.error(
`${blurb} ` +
"The attempt to save this failure status to the Actions cache failed. The Action will attempt to " +
"run with improved incremental analysis again.",
);
}
}
async function removeUploadedSarif(
uploadFailedSarifResult: UploadFailedSarifResult,
logger: Logger,
src/init-action.ts
+1 -1
View File
@@ -58,7 +58,7 @@ import {
downloadOverlayBaseDatabaseFromCache,
OverlayBaseDatabaseDownloadStats,
OverlayDatabaseMode,
} from "./overlay-database-utils";
} from "./overlay";
import { getRepositoryNwo, RepositoryNwo } from "./repository";
import { ToolsSource } from "./setup-codeql";
import {
src/overlay-database-utils.test.ts → src/overlay/index.test.ts
+15 -14
View File
@@ -5,12 +5,20 @@ import * as actionsCache from "@actions/cache";
import test from "ava";
import * as sinon from "sinon";
import * as actionsUtil from "./actions-util";
import * as apiClient from "./api-client";
import { ResolveDatabaseOutput } from "./codeql";
import * as gitUtils from "./git-utils";
import { KnownLanguage } from "./languages";
import { getRunnerLogger } from "./logging";
import * as actionsUtil from "../actions-util";
import * as apiClient from "../api-client";
import { ResolveDatabaseOutput } from "../codeql";
import * as gitUtils from "../git-utils";
import { KnownLanguage } from "../languages";
import { getRunnerLogger } from "../logging";
import {
createTestConfig,
mockCodeQLVersion,
setupTests,
} from "../testing-utils";
import * as utils from "../util";
import { withTmpDir } from "../util";
import {
downloadOverlayBaseDatabaseFromCache,
getCacheRestoreKeyPrefix,
@@ -18,14 +26,7 @@ import {
OverlayDatabaseMode,
writeBaseDatabaseOidsFile,
writeOverlayChangesFile,
} from "./overlay-database-utils";
import {
createTestConfig,
mockCodeQLVersion,
setupTests,
} from "./testing-utils";
import * as utils from "./util";
import { withTmpDir } from "./util";
} from ".";
setupTests(test);
src/overlay-database-utils.ts → src/overlay/index.ts
+8 -8
View File
@@ -8,13 +8,13 @@ import {
getTemporaryDirectory,
getWorkflowRunAttempt,
getWorkflowRunID,
} from "./actions-util";
import { getAutomationID } from "./api-client";
import { createCacheKeyHash } from "./caching-utils";
import { type CodeQL } from "./codeql";
import { type Config } from "./config-utils";
import { getCommitOid, getFileOidsUnderPath } from "./git-utils";
import { Logger, withGroupAsync } from "./logging";
} from "../actions-util";
import { getAutomationID } from "../api-client";
import { createCacheKeyHash } from "../caching-utils";
import { type CodeQL } from "../codeql";
import { type Config } from "../config-utils";
import { getCommitOid, getFileOidsUnderPath } from "../git-utils";
import { Logger, withGroupAsync } from "../logging";
import {
CleanupLevel,
getBaseDatabaseOidsFilePath,
@@ -23,7 +23,7 @@ import {
isInTestMode,
tryGetFolderBytes,
waitForResultWithTimeLimit,
} from "./util";
} from "../util";
export enum OverlayDatabaseMode {
Overlay = "overlay",
src/overlay/status.test.ts
+172
View File
@@ -0,0 +1,172 @@
import * as fs from "fs";
import * as path from "path";
import * as actionsCache from "@actions/cache";
import test from "ava";
import * as sinon from "sinon";
import {
getRecordingLogger,
LoggedMessage,
mockCodeQLVersion,
setupTests,
} from "../testing-utils";
import { DiskUsage, withTmpDir } from "../util";
import { getCacheKey, shouldSkipOverlayAnalysis } from "./status";
setupTests(test);
function makeDiskUsage(totalGiB: number): DiskUsage {
return {
numTotalBytes: totalGiB * 1024 * 1024 * 1024,
numAvailableBytes: 0,
};
}
test("getCacheKey incorporates language, CodeQL version, and disk space", async (t) => {
const codeql = mockCodeQLVersion("2.20.0");
t.is(
await getCacheKey(codeql, ["javascript"], makeDiskUsage(50)),
"codeql-overlay-status-javascript-2.20.0-runner-50GB",
);
t.is(
await getCacheKey(codeql, ["python"], makeDiskUsage(50)),
"codeql-overlay-status-python-2.20.0-runner-50GB",
);
t.is(
await getCacheKey(
mockCodeQLVersion("2.21.0"),
["javascript"],
makeDiskUsage(50),
),
"codeql-overlay-status-javascript-2.21.0-runner-50GB",
);
t.is(
await getCacheKey(codeql, ["javascript"], makeDiskUsage(100)),
"codeql-overlay-status-javascript-2.20.0-runner-100GB",
);
});
test("getCacheKey sorts and joins multiple languages", async (t) => {
const codeql = mockCodeQLVersion("2.20.0");
t.is(
await getCacheKey(codeql, ["python", "javascript"], makeDiskUsage(50)),
"codeql-overlay-status-javascript+python-2.20.0-runner-50GB",
);
t.is(
await getCacheKey(codeql, ["javascript", "python"], makeDiskUsage(50)),
"codeql-overlay-status-javascript+python-2.20.0-runner-50GB",
);
});
test("getCacheKey rounds disk space down to nearest 10 GiB", async (t) => {
const codeql = mockCodeQLVersion("2.20.0");
t.is(
await getCacheKey(codeql, ["javascript"], makeDiskUsage(14)),
"codeql-overlay-status-javascript-2.20.0-runner-10GB",
);
t.is(
await getCacheKey(codeql, ["javascript"], makeDiskUsage(19)),
"codeql-overlay-status-javascript-2.20.0-runner-10GB",
);
});
test("shouldSkipOverlayAnalysis returns false when no cached status exists", async (t) => {
await withTmpDir(async (tmpDir) => {
process.env["RUNNER_TEMP"] = tmpDir;
const codeql = mockCodeQLVersion("2.20.0");
const messages: LoggedMessage[] = [];
const logger = getRecordingLogger(messages);
sinon.stub(actionsCache, "restoreCache").resolves(undefined);
const result = await shouldSkipOverlayAnalysis(
codeql,
["javascript"],
makeDiskUsage(50),
logger,
);
t.false(result);
t.true(
messages.some(
(m) =>
m.type === "debug" &&
typeof m.message === "string" &&
m.message.includes("No overlay status found in Actions cache."),
),
);
});
});
test("shouldSkipOverlayAnalysis returns true when cached status indicates failed build", async (t) => {
await withTmpDir(async (tmpDir) => {
process.env["RUNNER_TEMP"] = tmpDir;
const codeql = mockCodeQLVersion("2.20.0");
const messages: LoggedMessage[] = [];
const logger = getRecordingLogger(messages);
const status = {
attemptedToBuildOverlayBaseDatabase: true,
builtOverlayBaseDatabase: false,
};
// Stub restoreCache to write the status file and return a key
sinon.stub(actionsCache, "restoreCache").callsFake(async (paths) => {
const statusFile = paths[0];
await fs.promises.mkdir(path.dirname(statusFile), { recursive: true });
await fs.promises.writeFile(statusFile, JSON.stringify(status));
return "found-key";
});
const result = await shouldSkipOverlayAnalysis(
codeql,
["javascript"],
makeDiskUsage(50),
logger,
);
t.true(result);
});
});
test("shouldSkipOverlayAnalysis returns false when cached status indicates successful build", async (t) => {
await withTmpDir(async (tmpDir) => {
process.env["RUNNER_TEMP"] = tmpDir;
const codeql = mockCodeQLVersion("2.20.0");
const messages: LoggedMessage[] = [];
const logger = getRecordingLogger(messages);
const status = {
attemptedToBuildOverlayBaseDatabase: true,
builtOverlayBaseDatabase: true,
};
sinon.stub(actionsCache, "restoreCache").callsFake(async (paths) => {
const statusFile = paths[0];
await fs.promises.mkdir(path.dirname(statusFile), { recursive: true });
await fs.promises.writeFile(statusFile, JSON.stringify(status));
return "found-key";
});
const result = await shouldSkipOverlayAnalysis(
codeql,
["javascript"],
makeDiskUsage(50),
logger,
);
t.false(result);
t.true(
messages.some(
(m) =>
m.type === "debug" &&
typeof m.message === "string" &&
m.message.includes(
"Cached overlay status does not indicate a previous unsuccessful attempt",
),
),
);
});
});
src/overlay/status.ts
+190
View File
@@ -0,0 +1,190 @@
/*
* We perform enablement checks for overlay analysis to avoid using it on runners that are too small
* to support it. However these checks cannot avoid every potential issue without being overly
* conservative. Therefore, if our enablement checks enable overlay analysis for a runner that is
* too small, we want to remember that, so that we will not try to use overlay analysis until
* something changes (e.g. a larger runner is provisioned, or a new CodeQL version is released).
*
* We use the Actions cache as a lightweight way of providing this functionality.
*/
import * as fs from "fs";
import * as path from "path";
import * as actionsCache from "@actions/cache";
import { getTemporaryDirectory } from "../actions-util";
import { type CodeQL } from "../codeql";
import { Logger } from "../logging";
import {
DiskUsage,
getErrorMessage,
waitForResultWithTimeLimit,
} from "../util";
/** The maximum time to wait for a cache operation to complete. */
const MAX_CACHE_OPERATION_MS = 30_000;
/** File name for the serialized overlay status. */
const STATUS_FILE_NAME = "overlay-status.json";
/** Path to the local overlay status file. */
function getStatusFilePath(languages: string[]): string {
return path.join(
getTemporaryDirectory(),
"overlay-status",
[...languages].sort().join("+"),
STATUS_FILE_NAME,
);
}
/** Status of an overlay analysis for a group of languages. */
export interface OverlayStatus {
/** Whether the job attempted to build an overlay base database. */
attemptedToBuildOverlayBaseDatabase: boolean;
/** Whether the job successfully built an overlay base database. */
builtOverlayBaseDatabase: boolean;
}
/**
* Whether overlay analysis should be skipped, based on the cached status for the given languages and disk usage.
*/
export async function shouldSkipOverlayAnalysis(
codeql: CodeQL,
languages: string[],
diskUsage: DiskUsage,
logger: Logger,
): Promise<boolean> {
const status = await getOverlayStatus(codeql, languages, diskUsage, logger);
if (status === undefined) {
return false;
}
if (
status.attemptedToBuildOverlayBaseDatabase &&
!status.builtOverlayBaseDatabase
) {
logger.debug(
"Cached overlay status indicates that building an overlay base database was unsuccessful.",
);
return true;
}
logger.debug(
"Cached overlay status does not indicate a previous unsuccessful attempt to build an overlay base database.",
);
return false;
}
/**
* Retrieve overlay status from the Actions cache, if available.
*
* @returns `undefined` if no status was found in the cache (e.g. first run with
* this cache key) or if the cache operation fails.
*/
export async function getOverlayStatus(
codeql: CodeQL,
languages: string[],
diskUsage: DiskUsage,
logger: Logger,
): Promise<OverlayStatus | undefined> {
const cacheKey = await getCacheKey(codeql, languages, diskUsage);
const statusFile = getStatusFilePath(languages);
try {
await fs.promises.mkdir(path.dirname(statusFile), { recursive: true });
const foundKey = await waitForResultWithTimeLimit(
MAX_CACHE_OPERATION_MS,
actionsCache.restoreCache([statusFile], cacheKey),
() => {
logger.warning("Timed out restoring overlay status from cache.");
},
);
if (foundKey === undefined) {
logger.debug("No overlay status found in Actions cache.");
return undefined;
}
if (!fs.existsSync(statusFile)) {
logger.debug(
"Overlay status cache entry found but status file is missing.",
);
return undefined;
}
const contents = await fs.promises.readFile(statusFile, "utf-8");
const parsed: unknown = JSON.parse(contents);
if (
typeof parsed !== "object" ||
parsed === null ||
typeof parsed["attemptedToBuildOverlayBaseDatabase"] !== "boolean" ||
typeof parsed["builtOverlayBaseDatabase"] !== "boolean"
) {
logger.debug(
"Ignoring overlay status cache entry with unexpected format.",
);
return undefined;
}
return parsed as OverlayStatus;
} catch (error) {
logger.warning(
`Failed to restore overlay status from cache: ${getErrorMessage(error)}`,
);
return undefined;
}
}
/**
* Save overlay status to the Actions cache.
*
* @returns `true` if the status was saved successfully, `false` otherwise.
*/
export async function saveOverlayStatus(
codeql: CodeQL,
languages: string[],
diskUsage: DiskUsage,
status: OverlayStatus,
logger: Logger,
): Promise<boolean> {
const cacheKey = await getCacheKey(codeql, languages, diskUsage);
const statusFile = getStatusFilePath(languages);
try {
await fs.promises.mkdir(path.dirname(statusFile), { recursive: true });
await fs.promises.writeFile(statusFile, JSON.stringify(status));
const cacheId = await waitForResultWithTimeLimit(
MAX_CACHE_OPERATION_MS,
actionsCache.saveCache([statusFile], cacheKey),
() => {
logger.warning("Timed out saving overlay status to cache.");
},
);
if (cacheId === undefined) {
return false;
}
logger.debug(`Saved overlay status to Actions cache with key ${cacheKey}`);
return true;
} catch (error) {
logger.warning(
`Failed to save overlay status to cache: ${getErrorMessage(error)}`,
);
return false;
}
}
export async function getCacheKey(
codeql: CodeQL,
languages: string[],
diskUsage: DiskUsage,
): Promise<string> {
// Total disk space, rounded to the nearest 10 GB. This is included in the cache key so that if a
// customer upgrades their runner, we will try again to use overlay analysis, even if the CodeQL
// version has not changed. We round to the nearest 10 GB to work around small differences in disk
// space.
//
// Limitation: this can still flip from "too small" to "large enough" and back again if the disk
// space fluctuates above and below a multiple of 10 GB.
const diskSpaceToNearest10Gb = `${10 * Math.floor(diskUsage.numTotalBytes / (10 * 1024 * 1024 * 1024))}GB`;
// Include the CodeQL version in the cache key so we will try again to use overlay analysis when
// new queries and libraries that may be more efficient are released.
return `codeql-overlay-status-${[...languages].sort().join("+")}-${(await codeql.getVersion()).version}-runner-${diskSpaceToNearest10Gb}`;
}
src/start-proxy-action.ts
+1 -3
View File
@@ -109,9 +109,7 @@ async function run(startedAt: Date) {
);
// Check that the private registries are reachable.
if (await features.getValue(Feature.StartProxyConnectionChecks)) {
await checkConnections(logger, proxyInfo);
}
await checkConnections(logger, proxyInfo);
// Report success if we have reached this point.
await sendSuccessStatusReport(
src/status-report.ts
+1 -1
View File
@@ -18,7 +18,7 @@ import { DocUrl } from "./doc-url";
import { EnvVar } from "./environment";
import { getRef } from "./git-utils";
import { Logger } from "./logging";
import { OverlayBaseDatabaseDownloadStats } from "./overlay-database-utils";
import { OverlayBaseDatabaseDownloadStats } from "./overlay";
import { getRepositoryNwo } from "./repository";
import { ToolsSource } from "./setup-codeql";
import {
src/testing-utils.ts
+1 -1
View File
@@ -21,7 +21,7 @@ import {
FeatureEnablement,
} from "./feature-flags";
import { Logger } from "./logging";
import { OverlayDatabaseMode } from "./overlay-database-utils";
import { OverlayDatabaseMode } from "./overlay";
import {
DEFAULT_DEBUG_ARTIFACT_NAME,
DEFAULT_DEBUG_DATABASE_NAME,
src/upload-lib.ts
+1 -6
View File
@@ -960,7 +960,6 @@ export async function waitForProcessing(
const client = api.getApiClient();
const statusCheckingStarted = Date.now();
// eslint-disable-next-line no-constant-condition
while (true) {
if (
Date.now() >
@@ -1149,11 +1148,7 @@ function sanitize(str?: string) {
/**
* An error that occurred due to an invalid SARIF upload request.
*/
export class InvalidSarifUploadError extends Error {
constructor(message: string) {
super(message);
}
}
export class InvalidSarifUploadError extends Error {}
function filterAlertsByDiffRange(logger: Logger, sarif: SarifFile): SarifFile {
const diffRanges = readDiffRangesJsonFile(logger);
src/util.ts
+3 -5
View File
@@ -690,11 +690,7 @@ export class HTTPError extends Error {
* An Error class that indicates an error that occurred due to
* a misconfiguration of the action or the CodeQL CLI.
*/
export class ConfigurationError extends Error {
constructor(message: string) {
super(message);
}
}
export class ConfigurationError extends Error {}
export function asHTTPError(arg: any): HTTPError | undefined {
if (
@@ -744,6 +740,7 @@ export async function bundleDb(
language: Language,
codeql: CodeQL,
dbName: string,
{ includeDiagnostics }: { includeDiagnostics: boolean },
) {
const databasePath = getCodeQLDatabasePath(config, language);
const databaseBundlePath = path.resolve(config.dbLocation, `${dbName}.zip`);
@@ -774,6 +771,7 @@ export async function bundleDb(
databasePath,
databaseBundlePath,
dbName,
includeDiagnostics,
additionalFiles,
);
return databaseBundlePath;