mirror of
https://github.com/github/codeql-action.git
synced 2026-04-26 16:58:47 +00:00
Restrict when tools: toolcache can be used
This commit is contained in:
Michael B. Gale
Generated
+19
-8
@@ -92294,16 +92294,27 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
|
||||
);
|
||||
}
|
||||
} else if (toolsInput !== void 0 && toolsInput === CODEQL_TOOLCACHE_INPUT) {
|
||||
logger.info(
|
||||
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
|
||||
);
|
||||
const latestToolcacheVersion = getLatestToolcacheVersion(logger);
|
||||
if (latestToolcacheVersion) {
|
||||
cliVersion2 = latestToolcacheVersion;
|
||||
} else {
|
||||
let latestToolcacheVersion;
|
||||
const allowToolcacheValue = isDynamicWorkflow() || isInTestMode();
|
||||
if (allowToolcacheValue) {
|
||||
logger.info(
|
||||
`Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...`
|
||||
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
|
||||
);
|
||||
latestToolcacheVersion = getLatestToolcacheVersion(logger);
|
||||
if (latestToolcacheVersion) {
|
||||
cliVersion2 = latestToolcacheVersion;
|
||||
}
|
||||
}
|
||||
if (latestToolcacheVersion === void 0) {
|
||||
if (allowToolcacheValue) {
|
||||
logger.info(
|
||||
`Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...`
|
||||
);
|
||||
} else {
|
||||
logger.warning(
|
||||
`Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.`
|
||||
);
|
||||
}
|
||||
cliVersion2 = defaultCliVersion.cliVersion;
|
||||
tagName = defaultCliVersion.tagName;
|
||||
}
|
||||
|
||||
Generated
+19
-8
@@ -130276,16 +130276,27 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
|
||||
);
|
||||
}
|
||||
} else if (toolsInput !== void 0 && toolsInput === CODEQL_TOOLCACHE_INPUT) {
|
||||
logger.info(
|
||||
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
|
||||
);
|
||||
const latestToolcacheVersion = getLatestToolcacheVersion(logger);
|
||||
if (latestToolcacheVersion) {
|
||||
cliVersion2 = latestToolcacheVersion;
|
||||
} else {
|
||||
let latestToolcacheVersion;
|
||||
const allowToolcacheValue = isDynamicWorkflow() || isInTestMode();
|
||||
if (allowToolcacheValue) {
|
||||
logger.info(
|
||||
`Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...`
|
||||
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
|
||||
);
|
||||
latestToolcacheVersion = getLatestToolcacheVersion(logger);
|
||||
if (latestToolcacheVersion) {
|
||||
cliVersion2 = latestToolcacheVersion;
|
||||
}
|
||||
}
|
||||
if (latestToolcacheVersion === void 0) {
|
||||
if (allowToolcacheValue) {
|
||||
logger.info(
|
||||
`Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...`
|
||||
);
|
||||
} else {
|
||||
logger.warning(
|
||||
`Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.`
|
||||
);
|
||||
}
|
||||
cliVersion2 = defaultCliVersion.cliVersion;
|
||||
tagName = defaultCliVersion.tagName;
|
||||
}
|
||||
|
||||
Generated
+19
-8
@@ -89069,16 +89069,27 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
|
||||
);
|
||||
}
|
||||
} else if (toolsInput !== void 0 && toolsInput === CODEQL_TOOLCACHE_INPUT) {
|
||||
logger.info(
|
||||
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
|
||||
);
|
||||
const latestToolcacheVersion = getLatestToolcacheVersion(logger);
|
||||
if (latestToolcacheVersion) {
|
||||
cliVersion2 = latestToolcacheVersion;
|
||||
} else {
|
||||
let latestToolcacheVersion;
|
||||
const allowToolcacheValue = isDynamicWorkflow() || isInTestMode();
|
||||
if (allowToolcacheValue) {
|
||||
logger.info(
|
||||
`Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...`
|
||||
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
|
||||
);
|
||||
latestToolcacheVersion = getLatestToolcacheVersion(logger);
|
||||
if (latestToolcacheVersion) {
|
||||
cliVersion2 = latestToolcacheVersion;
|
||||
}
|
||||
}
|
||||
if (latestToolcacheVersion === void 0) {
|
||||
if (allowToolcacheValue) {
|
||||
logger.info(
|
||||
`Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...`
|
||||
);
|
||||
} else {
|
||||
logger.warning(
|
||||
`Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.`
|
||||
);
|
||||
}
|
||||
cliVersion2 = defaultCliVersion.cliVersion;
|
||||
tagName = defaultCliVersion.tagName;
|
||||
}
|
||||
|
||||
Generated
+19
-8
@@ -90110,16 +90110,27 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
|
||||
);
|
||||
}
|
||||
} else if (toolsInput !== void 0 && toolsInput === CODEQL_TOOLCACHE_INPUT) {
|
||||
logger.info(
|
||||
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
|
||||
);
|
||||
const latestToolcacheVersion = getLatestToolcacheVersion(logger);
|
||||
if (latestToolcacheVersion) {
|
||||
cliVersion2 = latestToolcacheVersion;
|
||||
} else {
|
||||
let latestToolcacheVersion;
|
||||
const allowToolcacheValue = isDynamicWorkflow() || isInTestMode();
|
||||
if (allowToolcacheValue) {
|
||||
logger.info(
|
||||
`Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...`
|
||||
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
|
||||
);
|
||||
latestToolcacheVersion = getLatestToolcacheVersion(logger);
|
||||
if (latestToolcacheVersion) {
|
||||
cliVersion2 = latestToolcacheVersion;
|
||||
}
|
||||
}
|
||||
if (latestToolcacheVersion === void 0) {
|
||||
if (allowToolcacheValue) {
|
||||
logger.info(
|
||||
`Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...`
|
||||
);
|
||||
} else {
|
||||
logger.warning(
|
||||
`Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.`
|
||||
);
|
||||
}
|
||||
cliVersion2 = defaultCliVersion.cliVersion;
|
||||
tagName = defaultCliVersion.tagName;
|
||||
}
|
||||
|
||||
Generated
+19
-8
@@ -90782,16 +90782,27 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
|
||||
);
|
||||
}
|
||||
} else if (toolsInput !== void 0 && toolsInput === CODEQL_TOOLCACHE_INPUT) {
|
||||
logger.info(
|
||||
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
|
||||
);
|
||||
const latestToolcacheVersion = getLatestToolcacheVersion(logger);
|
||||
if (latestToolcacheVersion) {
|
||||
cliVersion2 = latestToolcacheVersion;
|
||||
} else {
|
||||
let latestToolcacheVersion;
|
||||
const allowToolcacheValue = isDynamicWorkflow() || isInTestMode();
|
||||
if (allowToolcacheValue) {
|
||||
logger.info(
|
||||
`Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...`
|
||||
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
|
||||
);
|
||||
latestToolcacheVersion = getLatestToolcacheVersion(logger);
|
||||
if (latestToolcacheVersion) {
|
||||
cliVersion2 = latestToolcacheVersion;
|
||||
}
|
||||
}
|
||||
if (latestToolcacheVersion === void 0) {
|
||||
if (allowToolcacheValue) {
|
||||
logger.info(
|
||||
`Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...`
|
||||
);
|
||||
} else {
|
||||
logger.warning(
|
||||
`Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.`
|
||||
);
|
||||
}
|
||||
cliVersion2 = defaultCliVersion.cliVersion;
|
||||
tagName = defaultCliVersion.tagName;
|
||||
}
|
||||
|
||||
@@ -259,6 +259,8 @@ test("getCodeQLSource correctly returns latest version from toolcache when tools
|
||||
const loggedMessages: LoggedMessage[] = [];
|
||||
const logger = getRecordingLogger(loggedMessages);
|
||||
|
||||
process.env["GITHUB_EVENT_NAME"] = "dynamic";
|
||||
|
||||
const latestToolcacheVersion = "3.2.1";
|
||||
const latestVersionPath = "/path/to/latest";
|
||||
const testVersions = ["2.3.1", latestToolcacheVersion, "1.2.3"];
|
||||
@@ -318,6 +320,8 @@ test("getCodeQLSource falls back to downloading the CLI if the toolcache doesn't
|
||||
const loggedMessages: LoggedMessage[] = [];
|
||||
const logger = getRecordingLogger(loggedMessages);
|
||||
|
||||
process.env["GITHUB_EVENT_NAME"] = "dynamic";
|
||||
|
||||
const testVersions = [];
|
||||
const findAllVersionsStub = sinon
|
||||
.stub(toolcache, "findAllVersions")
|
||||
|
||||
+29
-12
@@ -7,7 +7,7 @@ import { default as deepEqual } from "fast-deep-equal";
|
||||
import * as semver from "semver";
|
||||
import { v4 as uuidV4 } from "uuid";
|
||||
|
||||
import { isRunningLocalAction } from "./actions-util";
|
||||
import { isDynamicWorkflow, isRunningLocalAction } from "./actions-util";
|
||||
import * as api from "./api-client";
|
||||
import * as defaults from "./defaults.json";
|
||||
import {
|
||||
@@ -351,20 +351,37 @@ export async function getCodeQLSource(
|
||||
toolsInput !== undefined &&
|
||||
toolsInput === CODEQL_TOOLCACHE_INPUT
|
||||
) {
|
||||
// If `toolsInput === "toolcache"`, try to find the latest version of the CLI that's available in the toolcache
|
||||
// and use that. We perform this check here since we can set `cliVersion` directly and don't want to default to
|
||||
// the linked version.
|
||||
logger.info(
|
||||
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`,
|
||||
);
|
||||
let latestToolcacheVersion: string | undefined;
|
||||
|
||||
const latestToolcacheVersion = getLatestToolcacheVersion(logger);
|
||||
if (latestToolcacheVersion) {
|
||||
cliVersion = latestToolcacheVersion;
|
||||
} else {
|
||||
// We only allow `toolsInput === "toolcache"` for `dynamic` events. In general, using `toolsInput === "toolcache"`
|
||||
// can lead to alert wobble and so it shouldn't be used for an analysis where results are intended to be uploaded.
|
||||
// We also allow this in test mode.
|
||||
const allowToolcacheValue = isDynamicWorkflow() || util.isInTestMode();
|
||||
if (allowToolcacheValue) {
|
||||
// If `toolsInput === "toolcache"`, try to find the latest version of the CLI that's available in the toolcache
|
||||
// and use that. We perform this check here since we can set `cliVersion` directly and don't want to default to
|
||||
// the linked version.
|
||||
logger.info(
|
||||
`Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...`,
|
||||
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`,
|
||||
);
|
||||
|
||||
latestToolcacheVersion = getLatestToolcacheVersion(logger);
|
||||
if (latestToolcacheVersion) {
|
||||
cliVersion = latestToolcacheVersion;
|
||||
}
|
||||
}
|
||||
|
||||
if (latestToolcacheVersion === undefined) {
|
||||
if (allowToolcacheValue) {
|
||||
logger.info(
|
||||
`Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...`,
|
||||
);
|
||||
} else {
|
||||
logger.warning(
|
||||
`Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.`,
|
||||
);
|
||||
}
|
||||
|
||||
cliVersion = defaultCliVersion.cliVersion;
|
||||
tagName = defaultCliVersion.tagName;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user