github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-05-21 13:04:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

Match CLI version to cached overlay-base database

Browse Source
This commit is contained in:
Henry Mercer
2026-05-06 17:42:31 +01:00
parent b0942116d7
commit 55d6319f96
19 changed files with 2437 additions and 1101 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/setup-codeql-action.js
Generated
+312 -106
View File
@@ -203,7 +203,7 @@ var require_file_command = __commonJS({
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.issueFileCommand = issueFileCommand;
exports2.prepareKeyValueMessage = prepareKeyValueMessage;
var crypto2 = __importStar2(require("crypto"));
var crypto3 = __importStar2(require("crypto"));
var fs10 = __importStar2(require("fs"));
var os3 = __importStar2(require("os"));
var utils_1 = require_utils();
@@ -220,7 +220,7 @@ var require_file_command = __commonJS({
});
}
function prepareKeyValueMessage(key, value) {
const delimiter = `ghadelimiter_${crypto2.randomUUID()}`;
const delimiter = `ghadelimiter_${crypto3.randomUUID()}`;
const convertedValue = (0, utils_1.toCommandValue)(value);
if (key.includes(delimiter)) {
throw new Error(`Unexpected input: name should not contain the delimiter "${delimiter}"`);
@@ -4262,11 +4262,11 @@ var require_util2 = __commonJS({
var { isUint8Array } = require("node:util/types");
var { webidl } = require_webidl();
var supportedHashes = [];
var crypto2;
var crypto3;
try {
crypto2 = require("node:crypto");
crypto3 = require("node:crypto");
const possibleRelevantHashes = ["sha256", "sha384", "sha512"];
supportedHashes = crypto2.getHashes().filter((hash) => possibleRelevantHashes.includes(hash));
supportedHashes = crypto3.getHashes().filter((hash) => possibleRelevantHashes.includes(hash));
} catch {
}
function responseURL(response) {
@@ -4539,7 +4539,7 @@ var require_util2 = __commonJS({
}
}
function bytesMatch(bytes, metadataList) {
if (crypto2 === void 0) {
if (crypto3 === void 0) {
return true;
}
const parsedMetadata = parseMetadata(metadataList);
@@ -4554,7 +4554,7 @@ var require_util2 = __commonJS({
for (const item of metadata) {
const algorithm = item.algo;
const expectedValue = item.hash;
let actualValue = crypto2.createHash(algorithm).update(bytes).digest("base64");
let actualValue = crypto3.createHash(algorithm).update(bytes).digest("base64");
if (actualValue[actualValue.length - 1] === "=") {
if (actualValue[actualValue.length - 2] === "=") {
actualValue = actualValue.slice(0, -2);
@@ -5618,8 +5618,8 @@ var require_body = __commonJS({
var { multipartFormDataParser } = require_formdata_parser();
var random;
try {
const crypto2 = require("node:crypto");
random = (max) => crypto2.randomInt(0, max);
const crypto3 = require("node:crypto");
random = (max) => crypto3.randomInt(0, max);
} catch {
random = (max) => Math.floor(Math.random(max));
}
@@ -17023,13 +17023,13 @@ var require_frame = __commonJS({
"use strict";
var { maxUnsigned16Bit } = require_constants5();
var BUFFER_SIZE = 16386;
var crypto2;
var crypto3;
var buffer = null;
var bufIdx = BUFFER_SIZE;
try {
crypto2 = require("node:crypto");
crypto3 = require("node:crypto");
} catch {
crypto2 = {
crypto3 = {
// not full compatibility, but minimum.
randomFillSync: function randomFillSync(buffer2, _offset, _size) {
for (let i = 0; i < buffer2.length; ++i) {
@@ -17042,7 +17042,7 @@ var require_frame = __commonJS({
function generateMask() {
if (bufIdx === BUFFER_SIZE) {
bufIdx = 0;
crypto2.randomFillSync(buffer ??= Buffer.allocUnsafe(BUFFER_SIZE), 0, BUFFER_SIZE);
crypto3.randomFillSync(buffer ??= Buffer.allocUnsafe(BUFFER_SIZE), 0, BUFFER_SIZE);
}
return [buffer[bufIdx++], buffer[bufIdx++], buffer[bufIdx++], buffer[bufIdx++]];
}
@@ -17114,9 +17114,9 @@ var require_connection = __commonJS({
var { Headers, getHeadersList } = require_headers();
var { getDecodeSplit } = require_util2();
var { WebsocketFrameSend } = require_frame();
var crypto2;
var crypto3;
try {
crypto2 = require("node:crypto");
crypto3 = require("node:crypto");
} catch {
}
function establishWebSocketConnection(url, protocols, client, ws, onEstablish, options) {
@@ -17136,7 +17136,7 @@ var require_connection = __commonJS({
const headersList = getHeadersList(new Headers(options.headers));
request2.headersList = headersList;
}
const keyValue = crypto2.randomBytes(16).toString("base64");
const keyValue = crypto3.randomBytes(16).toString("base64");
request2.headersList.append("sec-websocket-key", keyValue);
request2.headersList.append("sec-websocket-version", "13");
for (const protocol of protocols) {
@@ -17166,7 +17166,7 @@ var require_connection = __commonJS({
return;
}
const secWSAccept = response.headersList.get("Sec-WebSocket-Accept");
const digest = crypto2.createHash("sha1").update(keyValue + uid).digest("base64");
const digest = crypto3.createHash("sha1").update(keyValue + uid).digest("base64");
if (secWSAccept !== digest) {
failWebsocketConnection(ws, "Incorrect hash received in Sec-WebSocket-Accept header.");
return;
@@ -25260,11 +25260,11 @@ var require_util10 = __commonJS({
var { isUint8Array } = require("node:util/types");
var { webidl } = require_webidl2();
var supportedHashes = [];
var crypto2;
var crypto3;
try {
crypto2 = require("node:crypto");
crypto3 = require("node:crypto");
const possibleRelevantHashes = ["sha256", "sha384", "sha512"];
supportedHashes = crypto2.getHashes().filter((hash) => possibleRelevantHashes.includes(hash));
supportedHashes = crypto3.getHashes().filter((hash) => possibleRelevantHashes.includes(hash));
} catch {
}
function responseURL(response) {
@@ -25537,7 +25537,7 @@ var require_util10 = __commonJS({
}
}
function bytesMatch(bytes, metadataList) {
if (crypto2 === void 0) {
if (crypto3 === void 0) {
return true;
}
const parsedMetadata = parseMetadata(metadataList);
@@ -25552,7 +25552,7 @@ var require_util10 = __commonJS({
for (const item of metadata) {
const algorithm = item.algo;
const expectedValue = item.hash;
let actualValue = crypto2.createHash(algorithm).update(bytes).digest("base64");
let actualValue = crypto3.createHash(algorithm).update(bytes).digest("base64");
if (actualValue[actualValue.length - 1] === "=") {
if (actualValue[actualValue.length - 2] === "=") {
actualValue = actualValue.slice(0, -2);
@@ -26616,8 +26616,8 @@ var require_body2 = __commonJS({
var { multipartFormDataParser } = require_formdata_parser2();
var random;
try {
const crypto2 = require("node:crypto");
random = (max) => crypto2.randomInt(0, max);
const crypto3 = require("node:crypto");
random = (max) => crypto3.randomInt(0, max);
} catch {
random = (max) => Math.floor(Math.random(max));
}
@@ -38021,13 +38021,13 @@ var require_frame2 = __commonJS({
"use strict";
var { maxUnsigned16Bit } = require_constants10();
var BUFFER_SIZE = 16386;
var crypto2;
var crypto3;
var buffer = null;
var bufIdx = BUFFER_SIZE;
try {
crypto2 = require("node:crypto");
crypto3 = require("node:crypto");
} catch {
crypto2 = {
crypto3 = {
// not full compatibility, but minimum.
randomFillSync: function randomFillSync(buffer2, _offset, _size) {
for (let i = 0; i < buffer2.length; ++i) {
@@ -38040,7 +38040,7 @@ var require_frame2 = __commonJS({
function generateMask() {
if (bufIdx === BUFFER_SIZE) {
bufIdx = 0;
crypto2.randomFillSync(buffer ??= Buffer.allocUnsafe(BUFFER_SIZE), 0, BUFFER_SIZE);
crypto3.randomFillSync(buffer ??= Buffer.allocUnsafe(BUFFER_SIZE), 0, BUFFER_SIZE);
}
return [buffer[bufIdx++], buffer[bufIdx++], buffer[bufIdx++], buffer[bufIdx++]];
}
@@ -38112,9 +38112,9 @@ var require_connection2 = __commonJS({
var { Headers, getHeadersList } = require_headers2();
var { getDecodeSplit } = require_util10();
var { WebsocketFrameSend } = require_frame2();
var crypto2;
var crypto3;
try {
crypto2 = require("node:crypto");
crypto3 = require("node:crypto");
} catch {
}
function establishWebSocketConnection(url, protocols, client, ws, onEstablish, options) {
@@ -38134,7 +38134,7 @@ var require_connection2 = __commonJS({
const headersList = getHeadersList(new Headers(options.headers));
request2.headersList = headersList;
}
const keyValue = crypto2.randomBytes(16).toString("base64");
const keyValue = crypto3.randomBytes(16).toString("base64");
request2.headersList.append("sec-websocket-key", keyValue);
request2.headersList.append("sec-websocket-version", "13");
for (const protocol of protocols) {
@@ -38164,7 +38164,7 @@ var require_connection2 = __commonJS({
return;
}
const secWSAccept = response.headersList.get("Sec-WebSocket-Accept");
const digest = crypto2.createHash("sha1").update(keyValue + uid).digest("base64");
const digest = crypto3.createHash("sha1").update(keyValue + uid).digest("base64");
if (secWSAccept !== digest) {
failWebsocketConnection(ws, "Incorrect hash received in Sec-WebSocket-Accept header.");
return;
@@ -44531,11 +44531,11 @@ var require_valid = __commonJS({
"node_modules/semver/functions/valid.js"(exports2, module2) {
"use strict";
var parse2 = require_parse3();
var valid3 = (version, options) => {
var valid4 = (version, options) => {
const v = parse2(version, options);
return v ? v.version : null;
};
module2.exports = valid3;
module2.exports = valid4;
}
});
@@ -44678,8 +44678,8 @@ var require_rcompare = __commonJS({
"node_modules/semver/functions/rcompare.js"(exports2, module2) {
"use strict";
var compare2 = require_compare();
var rcompare2 = (a, b, loose) => compare2(b, a, loose);
module2.exports = rcompare2;
var rcompare3 = (a, b, loose) => compare2(b, a, loose);
module2.exports = rcompare3;
}
});
@@ -45895,7 +45895,7 @@ var require_semver2 = __commonJS({
var SemVer = require_semver();
var identifiers = require_identifiers();
var parse2 = require_parse3();
var valid3 = require_valid();
var valid4 = require_valid();
var clean3 = require_clean();
var inc = require_inc();
var diff = require_diff();
@@ -45904,7 +45904,7 @@ var require_semver2 = __commonJS({
var patch = require_patch();
var prerelease = require_prerelease();
var compare2 = require_compare();
var rcompare2 = require_rcompare();
var rcompare3 = require_rcompare();
var compareLoose = require_compare_loose();
var compareBuild = require_compare_build();
var sort = require_sort();
@@ -45933,7 +45933,7 @@ var require_semver2 = __commonJS({
var subset = require_subset();
module2.exports = {
parse: parse2,
valid: valid3,
valid: valid4,
clean: clean3,
inc,
diff,
@@ -45942,7 +45942,7 @@ var require_semver2 = __commonJS({
patch,
prerelease,
compare: compare2,
rcompare: rcompare2,
rcompare: rcompare3,
compareLoose,
compareBuild,
sort,
@@ -47732,16 +47732,16 @@ var require_attribute = __commonJS({
var result = new ValidatorResult(instance, schema2, options, ctx);
var self2 = this;
schema2.allOf.forEach(function(v, i) {
var valid3 = self2.validateSchema(instance, v, options, ctx);
if (!valid3.valid) {
var valid4 = self2.validateSchema(instance, v, options, ctx);
if (!valid4.valid) {
var id = v.$id || v.id;
var msg = id || v.title && JSON.stringify(v.title) || v["$ref"] && "<" + v["$ref"] + ">" || "[subschema " + i + "]";
result.addError({
name: "allOf",
argument: { id: msg, length: valid3.errors.length, valid: valid3 },
message: "does not match allOf schema " + msg + " with " + valid3.errors.length + " error[s]:"
argument: { id: msg, length: valid4.errors.length, valid: valid4 },
message: "does not match allOf schema " + msg + " with " + valid4.errors.length + " error[s]:"
});
result.importErrors(valid3);
result.importErrors(valid4);
}
});
return result;
@@ -48030,8 +48030,8 @@ var require_attribute = __commonJS({
if (typeof schema2.exclusiveMinimum === "boolean") return;
if (!this.types.number(instance)) return;
var result = new ValidatorResult(instance, schema2, options, ctx);
var valid3 = instance > schema2.exclusiveMinimum;
if (!valid3) {
var valid4 = instance > schema2.exclusiveMinimum;
if (!valid4) {
result.addError({
name: "exclusiveMinimum",
argument: schema2.exclusiveMinimum,
@@ -48044,8 +48044,8 @@ var require_attribute = __commonJS({
if (typeof schema2.exclusiveMaximum === "boolean") return;
if (!this.types.number(instance)) return;
var result = new ValidatorResult(instance, schema2, options, ctx);
var valid3 = instance < schema2.exclusiveMaximum;
if (!valid3) {
var valid4 = instance < schema2.exclusiveMaximum;
if (!valid4) {
result.addError({
name: "exclusiveMaximum",
argument: schema2.exclusiveMaximum,
@@ -50550,7 +50550,7 @@ var require_internal_hash_files = __commonJS({
};
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.hashFiles = hashFiles;
var crypto2 = __importStar2(require("crypto"));
var crypto3 = __importStar2(require("crypto"));
var core15 = __importStar2(require_core());
var fs10 = __importStar2(require("fs"));
var stream2 = __importStar2(require("stream"));
@@ -50563,7 +50563,7 @@ var require_internal_hash_files = __commonJS({
const writeDelegate = verbose ? core15.info : core15.debug;
let hasMatch = false;
const githubWorkspace = currentWorkspace ? currentWorkspace : (_d = process.env["GITHUB_WORKSPACE"]) !== null && _d !== void 0 ? _d : process.cwd();
const result = crypto2.createHash("sha256");
const result = crypto3.createHash("sha256");
let count = 0;
try {
for (var _e = true, _f = __asyncValues2(globber.globGenerator()), _g; _g = yield _f.next(), _a = _g.done, !_a; _e = true) {
@@ -50579,7 +50579,7 @@ var require_internal_hash_files = __commonJS({
writeDelegate(`Skip directory '${file}'.`);
continue;
}
const hash = crypto2.createHash("sha256");
const hash = crypto3.createHash("sha256");
const pipeline = util.promisify(stream2.pipeline);
yield pipeline(fs10.createReadStream(file), hash);
result.write(hash.digest());
@@ -50828,8 +50828,8 @@ var require_semver3 = __commonJS({
return null;
}
}
exports2.valid = valid3;
function valid3(version, options) {
exports2.valid = valid4;
function valid4(version, options) {
var v = parse2(version, options);
return v ? v.version : null;
}
@@ -51129,8 +51129,8 @@ var require_semver3 = __commonJS({
var versionB = new SemVer(b, loose);
return versionA.compare(versionB) || versionA.compareBuild(versionB);
}
exports2.rcompare = rcompare2;
function rcompare2(a, b, loose) {
exports2.rcompare = rcompare3;
function rcompare3(a, b, loose) {
return compare2(b, a, loose);
}
exports2.sort = sort;
@@ -51955,10 +51955,10 @@ var require_cacheUtils = __commonJS({
var exec = __importStar2(require_exec());
var glob = __importStar2(require_glob());
var io6 = __importStar2(require_io());
var crypto2 = __importStar2(require("crypto"));
var crypto3 = __importStar2(require("crypto"));
var fs10 = __importStar2(require("fs"));
var path10 = __importStar2(require("path"));
var semver9 = __importStar2(require_semver3());
var semver10 = __importStar2(require_semver3());
var util = __importStar2(require("util"));
var constants_1 = require_constants12();
var versionSalt = "1.0";
@@ -51979,7 +51979,7 @@ var require_cacheUtils = __commonJS({
}
tempDirectory = path10.join(baseLocation, "actions", "temp");
}
const dest = path10.join(tempDirectory, crypto2.randomUUID());
const dest = path10.join(tempDirectory, crypto3.randomUUID());
yield io6.mkdirP(dest);
return dest;
});
@@ -52051,7 +52051,7 @@ var require_cacheUtils = __commonJS({
function getCompressionMethod() {
return __awaiter2(this, void 0, void 0, function* () {
const versionOutput = yield getVersion("zstd", ["--quiet"]);
const version = semver9.clean(versionOutput);
const version = semver10.clean(versionOutput);
core15.debug(`zstd version: ${version}`);
if (versionOutput === "") {
return constants_1.CompressionMethod.Gzip;
@@ -52087,7 +52087,7 @@ var require_cacheUtils = __commonJS({
components.push("windows-only");
}
components.push(versionSalt);
return crypto2.createHash("sha256").update(components.join("|")).digest("hex");
return crypto3.createHash("sha256").update(components.join("|")).digest("hex");
}
function getRuntimeToken() {
const token = process.env["ACTIONS_RUNTIME_TOKEN"];
@@ -93457,7 +93457,7 @@ var require_cacheHttpClient = __commonJS({
exports2.getCacheEntry = getCacheEntry;
exports2.downloadCache = downloadCache;
exports2.reserveCache = reserveCache;
exports2.saveCache = saveCache3;
exports2.saveCache = saveCache4;
var core15 = __importStar2(require_core());
var http_client_1 = require_lib();
var auth_1 = require_auth();
@@ -93634,7 +93634,7 @@ Other caches with similar key:`);
}));
});
}
function saveCache3(cacheId, archivePath, signedUploadURL, options) {
function saveCache4(cacheId, archivePath, signedUploadURL, options) {
return __awaiter2(this, void 0, void 0, function* () {
const uploadOptions = (0, options_1.getUploadOptions)(options);
if (uploadOptions.useAzureSdk) {
@@ -99134,8 +99134,8 @@ var require_cache5 = __commonJS({
Object.defineProperty(exports2, "__esModule", { value: true });
exports2.FinalizeCacheError = exports2.ReserveCacheError = exports2.ValidationError = void 0;
exports2.isFeatureAvailable = isFeatureAvailable;
exports2.restoreCache = restoreCache3;
exports2.saveCache = saveCache3;
exports2.restoreCache = restoreCache4;
exports2.saveCache = saveCache4;
var core15 = __importStar2(require_core());
var path10 = __importStar2(require("path"));
var utils = __importStar2(require_cacheUtils());
@@ -99192,7 +99192,7 @@ var require_cache5 = __commonJS({
return !!process.env["ACTIONS_CACHE_URL"];
}
}
function restoreCache3(paths_1, primaryKey_1, restoreKeys_1, options_1) {
function restoreCache4(paths_1, primaryKey_1, restoreKeys_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, primaryKey, restoreKeys, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core15.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -99336,7 +99336,7 @@ var require_cache5 = __commonJS({
return void 0;
});
}
function saveCache3(paths_1, key_1, options_1) {
function saveCache4(paths_1, key_1, options_1) {
return __awaiter2(this, arguments, void 0, function* (paths, key, options, enableCrossOsArchive = false) {
const cacheServiceVersion = (0, config_1.getCacheServiceVersion)();
core15.debug(`Cache service version: ${cacheServiceVersion}`);
@@ -99573,7 +99573,7 @@ var require_manifest = __commonJS({
exports2._findMatch = _findMatch;
exports2._getOsVersion = _getOsVersion;
exports2._readLinuxVersionFile = _readLinuxVersionFile;
var semver9 = __importStar2(require_semver2());
var semver10 = __importStar2(require_semver2());
var core_1 = require_core();
var os3 = require("os");
var cp = require("child_process");
@@ -99587,7 +99587,7 @@ var require_manifest = __commonJS({
for (const candidate of candidates) {
const version = candidate.version;
(0, core_1.debug)(`check ${version} satisfies ${versionSpec}`);
if (semver9.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
if (semver10.satisfies(version, versionSpec) && (!stable || candidate.stable === stable)) {
file = candidate.files.find((item) => {
(0, core_1.debug)(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`);
let chk = item.arch === archFilter && item.platform === platFilter;
@@ -99596,7 +99596,7 @@ var require_manifest = __commonJS({
if (osVersion === item.platform_version) {
chk = true;
} else {
chk = semver9.satisfies(osVersion, item.platform_version);
chk = semver10.satisfies(osVersion, item.platform_version);
}
}
return chk;
@@ -99850,13 +99850,13 @@ var require_tool_cache = __commonJS({
exports2.evaluateVersions = evaluateVersions;
var core15 = __importStar2(require_core());
var io6 = __importStar2(require_io());
var crypto2 = __importStar2(require("crypto"));
var crypto3 = __importStar2(require("crypto"));
var fs10 = __importStar2(require("fs"));
var mm = __importStar2(require_manifest());
var os3 = __importStar2(require("os"));
var path10 = __importStar2(require("path"));
var httpm = __importStar2(require_lib());
var semver9 = __importStar2(require_semver2());
var semver10 = __importStar2(require_semver2());
var stream2 = __importStar2(require("stream"));
var util = __importStar2(require("util"));
var assert_1 = require("assert");
@@ -99875,7 +99875,7 @@ var require_tool_cache = __commonJS({
var userAgent2 = "actions/tool-cache";
function downloadTool2(url, dest, auth2, headers) {
return __awaiter2(this, void 0, void 0, function* () {
dest = dest || path10.join(_getTempDirectory(), crypto2.randomUUID());
dest = dest || path10.join(_getTempDirectory(), crypto3.randomUUID());
yield io6.mkdirP(path10.dirname(dest));
core15.debug(`Downloading ${url}`);
core15.debug(`Destination ${dest}`);
@@ -100129,7 +100129,7 @@ var require_tool_cache = __commonJS({
}
function cacheDir(sourceDir, tool, version, arch2) {
return __awaiter2(this, void 0, void 0, function* () {
version = semver9.clean(version) || version;
version = semver10.clean(version) || version;
arch2 = arch2 || os3.arch();
core15.debug(`Caching tool ${tool} ${version} ${arch2}`);
core15.debug(`source dir: ${sourceDir}`);
@@ -100147,7 +100147,7 @@ var require_tool_cache = __commonJS({
}
function cacheFile(sourceFile, targetFile, tool, version, arch2) {
return __awaiter2(this, void 0, void 0, function* () {
version = semver9.clean(version) || version;
version = semver10.clean(version) || version;
arch2 = arch2 || os3.arch();
core15.debug(`Caching tool ${tool} ${version} ${arch2}`);
core15.debug(`source file: ${sourceFile}`);
@@ -100177,7 +100177,7 @@ var require_tool_cache = __commonJS({
}
let toolPath = "";
if (versionSpec) {
versionSpec = semver9.clean(versionSpec) || "";
versionSpec = semver10.clean(versionSpec) || "";
const cachePath = path10.join(_getCacheDirectory(), toolName, versionSpec, arch2);
core15.debug(`checking cache: ${cachePath}`);
if (fs10.existsSync(cachePath) && fs10.existsSync(`${cachePath}.complete`)) {
@@ -100249,7 +100249,7 @@ var require_tool_cache = __commonJS({
function _createExtractFolder(dest) {
return __awaiter2(this, void 0, void 0, function* () {
if (!dest) {
dest = path10.join(_getTempDirectory(), crypto2.randomUUID());
dest = path10.join(_getTempDirectory(), crypto3.randomUUID());
}
yield io6.mkdirP(dest);
return dest;
@@ -100257,7 +100257,7 @@ var require_tool_cache = __commonJS({
}
function _createToolPath(tool, version, arch2) {
return __awaiter2(this, void 0, void 0, function* () {
const folderPath = path10.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || "");
const folderPath = path10.join(_getCacheDirectory(), tool, semver10.clean(version) || version, arch2 || "");
core15.debug(`destination ${folderPath}`);
const markerPath = `${folderPath}.complete`;
yield io6.rmRF(folderPath);
@@ -100267,30 +100267,30 @@ var require_tool_cache = __commonJS({
});
}
function _completeToolPath(tool, version, arch2) {
const folderPath = path10.join(_getCacheDirectory(), tool, semver9.clean(version) || version, arch2 || "");
const folderPath = path10.join(_getCacheDirectory(), tool, semver10.clean(version) || version, arch2 || "");
const markerPath = `${folderPath}.complete`;
fs10.writeFileSync(markerPath, "");
core15.debug("finished caching tool");
}
function isExplicitVersion(versionSpec) {
const c = semver9.clean(versionSpec) || "";
const c = semver10.clean(versionSpec) || "";
core15.debug(`isExplicit: ${c}`);
const valid3 = semver9.valid(c) != null;
core15.debug(`explicit? ${valid3}`);
return valid3;
const valid4 = semver10.valid(c) != null;
core15.debug(`explicit? ${valid4}`);
return valid4;
}
function evaluateVersions(versions, versionSpec) {
let version = "";
core15.debug(`evaluating ${versions.length} versions`);
versions = versions.sort((a, b) => {
if (semver9.gt(a, b)) {
if (semver10.gt(a, b)) {
return 1;
}
return -1;
});
for (let i = versions.length - 1; i >= 0; i--) {
const potential = versions[i];
const satisfied = semver9.satisfies(potential, versionSpec);
const satisfied = semver10.satisfies(potential, versionSpec);
if (satisfied) {
version = potential;
break;
@@ -103784,6 +103784,12 @@ async function checkForTimeout() {
process.exit();
}
}
function parseMatrixInput(matrixInput) {
if (matrixInput === void 0 || matrixInput === "null") {
return void 0;
}
return JSON.parse(matrixInput);
}
function wrapError(error3) {
return error3 instanceof Error ? error3 : new Error(String(error3));
}
@@ -104003,6 +104009,32 @@ async function runTool(cmd, args = [], opts = {}) {
}
return stdout;
}
function getPullRequestBranches() {
const pullRequest = github.context.payload.pull_request;
if (pullRequest) {
return {
base: pullRequest.base.ref,
// We use the head label instead of the head ref here, because the head
// ref lacks owner information and by itself does not uniquely identify
// the head branch (which may be in a forked repository).
head: pullRequest.head.label
};
}
const codeScanningRef = process.env.CODE_SCANNING_REF;
const codeScanningBaseBranch = process.env.CODE_SCANNING_BASE_BRANCH;
if (codeScanningRef && codeScanningBaseBranch) {
return {
base: codeScanningBaseBranch,
// PR analysis under Default Setup analyzes the PR head commit instead of
// the merge commit, so we can use the provided ref directly.
head: codeScanningRef
};
}
return void 0;
}
function isAnalyzingPullRequest() {
return getPullRequestBranches() !== void 0;
}
// src/api-client.ts
var core5 = __toESM(require_core());
@@ -104202,6 +104234,37 @@ async function getAnalysisKey() {
core5.exportVariable("CODEQL_ACTION_ANALYSIS_KEY" /* ANALYSIS_KEY */, analysisKey);
return analysisKey;
}
async function getAutomationID() {
const analysis_key = await getAnalysisKey();
const environment = getRequiredInput("matrix");
return computeAutomationID(analysis_key, environment);
}
function computeAutomationID(analysis_key, environment) {
let automationID = `${analysis_key}/`;
const matrix = parseMatrixInput(environment);
if (matrix !== void 0) {
for (const entry of Object.entries(matrix).sort()) {
if (typeof entry[1] === "string") {
automationID += `${entry[0]}:${entry[1]}/`;
} else {
automationID += `${entry[0]}:/`;
}
}
}
return automationID;
}
async function listActionsCaches(keyPrefix, ref) {
const repositoryNwo = getRepositoryNwo();
return await getApiClient().paginate(
"GET /repos/{owner}/{repo}/actions/caches",
{
owner: repositoryNwo.owner,
repo: repositoryNwo.repo,
key: keyPrefix,
ref
}
);
}
function isEnablementError(msg) {
return [
/Code Security must be enabled/i,
@@ -105384,7 +105447,13 @@ var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
// src/caching-utils.ts
var crypto2 = __toESM(require("crypto"));
var core7 = __toESM(require_core());
var cacheKeyHashLength = 16;
function createCacheKeyHash(components) {
const componentsJson = JSON.stringify(components);
return crypto2.createHash("sha256").update(componentsJson).digest("hex").substring(0, cacheKeyHashLength);
}
// src/config/db-config.ts
var jsonschema = __toESM(require_lib2());
@@ -105529,6 +105598,17 @@ var builtin_default = {
// src/languages/index.ts
var builtInLanguageSet = new Set(builtin_default.languages);
function isBuiltInLanguage(language) {
return builtInLanguageSet.has(language);
}
function parseBuiltInLanguage(language) {
language = language.trim().toLowerCase();
language = builtin_default.aliases[language] ?? language;
if (isBuiltInLanguage(language)) {
return language;
}
return void 0;
}
// src/overlay/status.ts
var actionsCache = __toESM(require_cache5());
@@ -105584,7 +105664,68 @@ var fs8 = __toESM(require("fs"));
var path8 = __toESM(require("path"));
var toolcache3 = __toESM(require_tool_cache());
var import_fast_deep_equal = __toESM(require_fast_deep_equal());
var semver8 = __toESM(require_semver2());
var semver9 = __toESM(require_semver2());
// src/overlay/caching.ts
var actionsCache3 = __toESM(require_cache5());
var semver6 = __toESM(require_semver2());
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 7500;
var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6;
var CACHE_VERSION = 1;
var CACHE_PREFIX = "codeql-overlay-base-database";
async function getCacheKeyPrefixBase(parsedLanguages) {
const languagesComponent = [...parsedLanguages].sort().join("_");
const cacheKeyComponents = {
automationID: await getAutomationID()
// Add more components here as needed in the future
};
const componentsHash = createCacheKeyHash(cacheKeyComponents);
return `${CACHE_PREFIX}-${CACHE_VERSION}-${componentsHash}-${languagesComponent}-`;
}
async function getCodeQlVersionsForOverlayBaseDatabases(rawLanguages, logger) {
const languages = rawLanguages.map(parseBuiltInLanguage);
if (languages.includes(void 0)) {
logger.warning(
"One or more provided languages are not recognized as built-in languages. Skipping searching for overlay-base databases in cache."
);
return void 0;
}
const cacheKeyPrefix = await getCacheKeyPrefixBase(
languages.filter((l) => l !== void 0)
);
logger.debug(
`Searching for overlay-base databases in Actions cache with prefix ${cacheKeyPrefix}`
);
const caches = await listActionsCaches(cacheKeyPrefix);
if (caches.length === 0) {
logger.info("No overlay-base databases found in Actions cache.");
return [];
}
logger.info(
`Found ${caches.length} overlay-base ${caches.length === 1 ? "database" : "databases"} in the Actions cache.`
);
const versionRegex = /^([\d.]+)-/;
const versionSet = /* @__PURE__ */ new Set();
for (const cache of caches) {
if (!cache.key) continue;
const suffix = cache.key.substring(cacheKeyPrefix.length);
const match = suffix.match(versionRegex);
if (match && semver6.valid(match[1])) {
versionSet.add(match[1]);
}
}
if (versionSet.size === 0) {
logger.info(
"Could not parse any CodeQL versions from overlay-base database cache keys."
);
return [];
}
const versions = [...versionSet].sort(semver6.rcompare);
logger.info(
`Found overlay databases for the following CodeQL versions in the Actions cache: ${versions.join(", ")}`
);
return versions;
}
// src/tar.ts
var import_child_process = require("child_process");
@@ -105593,7 +105734,7 @@ var stream = __toESM(require("stream"));
var import_toolrunner = __toESM(require_toolrunner());
var io4 = __toESM(require_io());
var toolcache = __toESM(require_tool_cache());
var semver6 = __toESM(require_semver2());
var semver7 = __toESM(require_semver2());
var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3";
var MIN_REQUIRED_GNU_TAR_VERSION = "1.31";
async function getTarVersion() {
@@ -105635,9 +105776,9 @@ async function isZstdAvailable(logger) {
case "gnu":
return {
available: foundZstdBinary && // GNU tar only uses major and minor version numbers
semver6.gte(
semver6.coerce(version),
semver6.coerce(MIN_REQUIRED_GNU_TAR_VERSION)
semver7.gte(
semver7.coerce(version),
semver7.coerce(MIN_REQUIRED_GNU_TAR_VERSION)
),
foundZstdBinary,
version: tarVersion
@@ -105646,7 +105787,7 @@ async function isZstdAvailable(logger) {
return {
available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain
// a patch version number.
semver6.gte(version, MIN_REQUIRED_BSD_TAR_VERSION),
semver7.gte(version, MIN_REQUIRED_BSD_TAR_VERSION),
foundZstdBinary,
version: tarVersion
};
@@ -105753,7 +105894,7 @@ var core10 = __toESM(require_core());
var import_http_client = __toESM(require_lib());
var toolcache2 = __toESM(require_tool_cache());
var import_follow_redirects = __toESM(require_follow_redirects());
var semver7 = __toESM(require_semver2());
var semver8 = __toESM(require_semver2());
var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024;
var TOOLCACHE_TOOL_NAME = "CodeQL";
function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) {
@@ -105883,7 +106024,7 @@ function getToolcacheDirectory(version) {
return path7.join(
getRequiredEnvParam("RUNNER_TOOL_CACHE"),
TOOLCACHE_TOOL_NAME,
semver7.clean(version) || version,
semver8.clean(version) || version,
os.arch() || ""
);
}
@@ -106008,13 +106149,13 @@ function tryGetTagNameFromUrl(url, logger) {
return match[1];
}
function convertToSemVer(version, logger) {
if (!semver8.valid(version)) {
if (!semver9.valid(version)) {
logger.debug(
`Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`
);
version = `0.0.0-${version}`;
}
const s = semver8.clean(version);
const s = semver9.clean(version);
if (!s) {
throw new Error(`Bundle version ${version} is not in SemVer format.`);
}
@@ -106046,7 +106187,55 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) {
}
return void 0;
}
async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, features, logger) {
async function getEnabledVersionsWithOverlayBaseDatabases(defaultCliVersion, rawLanguages, features, logger) {
if (rawLanguages === void 0 || rawLanguages.length === 0) {
return [];
}
if (!await features.getValue("overlay_analysis_match_codeql_version" /* OverlayAnalysisMatchCodeqlVersion */)) {
return [];
}
let cachedVersions;
try {
cachedVersions = await getCodeQlVersionsForOverlayBaseDatabases(
rawLanguages,
logger
);
} catch (e) {
logger.warning(
`While setting up CodeQL, was unable to list overlay-base databases in the Actions cache. Details: ${e}`
);
return [];
}
if (cachedVersions === void 0 || cachedVersions.length === 0) {
return [];
}
const cachedVersionsSet = new Set(cachedVersions);
return defaultCliVersion.enabledVersions.filter(
(v) => cachedVersionsSet.has(v.cliVersion)
);
}
async function resolveDefaultCliVersion(defaultCliVersion, rawLanguages, features, logger) {
if (!isAnalyzingPullRequest()) {
return defaultCliVersion.enabledVersions[0];
}
const overlayVersions = await getEnabledVersionsWithOverlayBaseDatabases(
defaultCliVersion,
rawLanguages,
features,
logger
);
if (overlayVersions.length > 0) {
logger.info(
`Using CodeQL version ${overlayVersions[0].cliVersion} since this is the highest enabled version that has a cached overlay-base database.`
);
return overlayVersions[0];
}
logger.info(
`Using CodeQL version ${defaultCliVersion.enabledVersions[0].cliVersion} since no enabled versions with cached overlay-base databases were found.`
);
return defaultCliVersion.enabledVersions[0];
}
async function getCodeQLSource(toolsInput, defaultCliVersion, rawLanguages, apiDetails, variant, tarSupportsZstd, features, logger) {
if (toolsInput && !isReservedToolsValue(toolsInput) && !toolsInput.startsWith("http")) {
logger.info(`Using CodeQL CLI from local path ${toolsInput}`);
const compressionMethod2 = inferCompressionMethod(toolsInput);
@@ -106140,21 +106329,33 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
);
}
}
cliVersion2 = defaultCliVersion.enabledVersions[0].cliVersion;
tagName = defaultCliVersion.enabledVersions[0].tagName;
const version = await resolveDefaultCliVersion(
defaultCliVersion,
rawLanguages,
features,
logger
);
cliVersion2 = version.cliVersion;
tagName = version.tagName;
}
} else if (toolsInput !== void 0) {
tagName = tryGetTagNameFromUrl(toolsInput, logger);
url = toolsInput;
if (tagName) {
const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger);
if (bundleVersion3 && semver8.valid(bundleVersion3)) {
if (bundleVersion3 && semver9.valid(bundleVersion3)) {
cliVersion2 = convertToSemVer(bundleVersion3, logger);
}
}
} else {
cliVersion2 = defaultCliVersion.enabledVersions[0].cliVersion;
tagName = defaultCliVersion.enabledVersions[0].tagName;
const version = await resolveDefaultCliVersion(
defaultCliVersion,
rawLanguages,
features,
logger
);
cliVersion2 = version.cliVersion;
tagName = version.tagName;
}
const bundleVersion2 = tagName && tryGetBundleVersionFromTagName(tagName, logger);
const humanReadableVersion = cliVersion2 ?? (bundleVersion2 && convertToSemVer(bundleVersion2, logger)) ?? tagName ?? url ?? "unknown";
@@ -106351,7 +106552,7 @@ function getCanonicalToolcacheVersion(cliVersion2, bundleVersion2, logger) {
}
return cliVersion2;
}
async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) {
async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger) {
if (!await isBinaryAccessible("tar", logger)) {
throw new ConfigurationError(
"Could not find tar in PATH, so unable to extract CodeQL bundle."
@@ -106361,6 +106562,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau
const source = await getCodeQLSource(
toolsInput,
defaultCliVersion,
rawLanguages,
apiDetails,
variant,
zstdAvailability.available,
@@ -106419,7 +106621,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau
async function useZstdBundle(cliVersion2, tarSupportsZstd) {
return (
// In testing, gzip performs better than zstd on Windows.
process.platform !== "win32" && tarSupportsZstd && semver8.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE)
process.platform !== "win32" && tarSupportsZstd && semver9.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE)
);
}
function getTempExtractionDir(tempDir) {
@@ -106451,7 +106653,7 @@ async function getNightlyToolsUrl(logger) {
}
}
function getLatestToolcacheVersion(logger) {
const allVersions = toolcache3.findAllVersions("CodeQL").sort((a, b) => semver8.compare(b, a));
const allVersions = toolcache3.findAllVersions("CodeQL").sort((a, b) => semver9.compare(b, a));
logger.debug(
`Found the following versions of the CodeQL tools in the toolcache: ${JSON.stringify(
allVersions
@@ -106488,7 +106690,7 @@ var CODEQL_NEXT_MINIMUM_VERSION = "2.19.4";
var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.15";
var GHES_MOST_RECENT_DEPRECATION_DATE = "2026-04-09";
var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) {
async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger, checkVersion) {
try {
const {
codeqlFolder,
@@ -106502,6 +106704,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
tempDir,
variant,
defaultCliVersion,
rawLanguages,
features,
logger
);
@@ -107091,7 +107294,7 @@ async function getJobRunUuidSarifOptions(codeql) {
}
// src/init.ts
async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) {
async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, rawLanguages, features, logger) {
logger.startGroup("Setup CodeQL tools");
const {
codeql,
@@ -107105,6 +107308,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
tempDir,
variant,
defaultCliVersion,
rawLanguages,
features,
logger,
true
@@ -107405,6 +107609,8 @@ async function run(startedAt) {
getTemporaryDirectory(),
gitHubVersion.type,
codeQLDefaultVersionInfo,
void 0,
// rawLanguages: currently, setup-codeql is not language aware
features,
logger
);