github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-30 10:50:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Changes from CR

Browse Source
This commit is contained in:
Óscar San José
2026-04-15 11:45:57 +02:00
parent 3b0b845f42
commit 8c41253947
15 changed files with 376 additions and 203 deletions
Download Patch File Download Diff File Expand all files Collapse all files
lib/analyze-action.js
Generated
+29 -17
View File
@@ -109538,7 +109538,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
);
} else {
logger.info(
`Using the latest CodeQL CLI nightly, as requested by 'tools: ${toolsInput}'.`
`Using the latest CodeQL CLI nightly, as requested.`
);
}
toolsInput = await getNightlyToolsUrl(logger);
@@ -109560,15 +109560,16 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
const allowToolcacheValueFF = await features.getValue(
"allow_toolcache_input" /* AllowToolcacheInput */
);
const allowToolcacheValue = toolsInputFromRepositoryProperty || allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode());
const allowToolcacheValue = toolsInputFromRepositoryProperty || // Repository properties bypass all restrictions
allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode());
if (allowToolcacheValue) {
if (toolsInputFromRepositoryProperty) {
logger.info(
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by the 'github-codeql-tools' repository property.`
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by the '${"github-codeql-tools" /* TOOLS */}' repository property.`
);
} else {
logger.info(
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested.`
);
}
latestToolcacheVersion = getLatestToolcacheVersion(logger);
@@ -109580,7 +109581,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
if (allowToolcacheValue) {
if (toolsInputFromRepositoryProperty) {
logger.info(
`Found no CodeQL CLI in the toolcache, ignoring the 'github-codeql-tools' repository property...`
`Found no CodeQL CLI in the toolcache, ignoring the '${"github-codeql-tools" /* TOOLS */}' repository property...`
);
} else {
logger.info(
@@ -109593,7 +109594,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
`Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.`
);
} else {
logger.info(
logger.warning(
`Ignoring 'tools: ${toolsInput}' because the feature is not enabled.`
);
}
@@ -109980,7 +109981,7 @@ var CODEQL_NEXT_MINIMUM_VERSION = "2.17.6";
var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13";
var GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19";
var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion, toolsInputFromRepositoryProperty = false) {
async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) {
try {
const {
codeqlFolder,
@@ -109995,8 +109996,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
variant,
defaultCliVersion,
features,
logger,
toolsInputFromRepositoryProperty
logger
);
logger.debug(
`Bundle download status report: ${JSON.stringify(
@@ -112694,7 +112694,7 @@ var core14 = __toESM(require_core());
var toolrunner4 = __toESM(require_toolrunner());
var github2 = __toESM(require_github());
var io6 = __toESM(require_io());
async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, toolsInputFromRepositoryProperty = false) {
async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) {
logger.startGroup("Setup CodeQL tools");
const {
codeql,
@@ -112710,8 +112710,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
defaultCliVersion,
features,
logger,
true,
toolsInputFromRepositoryProperty
true
);
await codeql.printVersion();
logger.endGroup();
@@ -113248,20 +113247,33 @@ async function waitForProcessing(repositoryNwo, sarifID, logger, options = {
);
break;
}
if (!response) {
logger.warning(
"Unable to check analysis status due to missing response. It should still be processed in the background."
);
break;
}
const status = response.data.processing_status;
logger.info(`Analysis upload status is ${status}.`);
if (status === "pending") {
logger.debug("Analysis processing is still pending...");
} else if (options.isUnsuccessfulExecution) {
handleProcessingResultForUnsuccessfulExecution(
response,
status,
logger
);
if (response) {
handleProcessingResultForUnsuccessfulExecution(
response,
status,
logger
);
}
break;
} else if (status === "complete") {
break;
} else if (status === "failed") {
if (!response) {
throw new Error(
"Code Scanning could not process the submitted SARIF file: Unable to retrieve error details."
);
}
const message = `Code Scanning could not process the submitted SARIF file:
${response.data.errors}`;
const processingErrors = response.data.errors;
lib/init-action-post.js
Generated
+29 -17
View File
@@ -167091,7 +167091,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
);
} else {
logger.info(
`Using the latest CodeQL CLI nightly, as requested by 'tools: ${toolsInput}'.`
`Using the latest CodeQL CLI nightly, as requested.`
);
}
toolsInput = await getNightlyToolsUrl(logger);
@@ -167113,15 +167113,16 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
const allowToolcacheValueFF = await features.getValue(
"allow_toolcache_input" /* AllowToolcacheInput */
);
const allowToolcacheValue = toolsInputFromRepositoryProperty || allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode());
const allowToolcacheValue = toolsInputFromRepositoryProperty || // Repository properties bypass all restrictions
allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode());
if (allowToolcacheValue) {
if (toolsInputFromRepositoryProperty) {
logger.info(
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by the 'github-codeql-tools' repository property.`
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by the '${"github-codeql-tools" /* TOOLS */}' repository property.`
);
} else {
logger.info(
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested.`
);
}
latestToolcacheVersion = getLatestToolcacheVersion(logger);
@@ -167133,7 +167134,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
if (allowToolcacheValue) {
if (toolsInputFromRepositoryProperty) {
logger.info(
`Found no CodeQL CLI in the toolcache, ignoring the 'github-codeql-tools' repository property...`
`Found no CodeQL CLI in the toolcache, ignoring the '${"github-codeql-tools" /* TOOLS */}' repository property...`
);
} else {
logger.info(
@@ -167146,7 +167147,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
`Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.`
);
} else {
logger.info(
logger.warning(
`Ignoring 'tools: ${toolsInput}' because the feature is not enabled.`
);
}
@@ -167500,7 +167501,7 @@ var CODEQL_NEXT_MINIMUM_VERSION = "2.17.6";
var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13";
var GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19";
var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion, toolsInputFromRepositoryProperty = false) {
async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) {
try {
const {
codeqlFolder,
@@ -167515,8 +167516,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
variant,
defaultCliVersion,
features,
logger,
toolsInputFromRepositoryProperty
logger
);
logger.debug(
`Bundle download status report: ${JSON.stringify(
@@ -169771,7 +169771,7 @@ var core14 = __toESM(require_core());
var toolrunner4 = __toESM(require_toolrunner());
var github2 = __toESM(require_github());
var io6 = __toESM(require_io());
async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, toolsInputFromRepositoryProperty = false) {
async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) {
logger.startGroup("Setup CodeQL tools");
const {
codeql,
@@ -169787,8 +169787,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
defaultCliVersion,
features,
logger,
true,
toolsInputFromRepositoryProperty
true
);
await codeql.printVersion();
logger.endGroup();
@@ -170296,20 +170295,33 @@ async function waitForProcessing(repositoryNwo, sarifID, logger, options = {
);
break;
}
if (!response) {
logger.warning(
"Unable to check analysis status due to missing response. It should still be processed in the background."
);
break;
}
const status = response.data.processing_status;
logger.info(`Analysis upload status is ${status}.`);
if (status === "pending") {
logger.debug("Analysis processing is still pending...");
} else if (options.isUnsuccessfulExecution) {
handleProcessingResultForUnsuccessfulExecution(
response,
status,
logger
);
if (response) {
handleProcessingResultForUnsuccessfulExecution(
response,
status,
logger
);
}
break;
} else if (status === "complete") {
break;
} else if (status === "failed") {
if (!response) {
throw new Error(
"Code Scanning could not process the submitted SARIF file: Unable to retrieve error details."
);
}
const message = `Code Scanning could not process the submitted SARIF file:
${response.data.errors}`;
const processingErrors = response.data.errors;
lib/init-action.js
Generated
+35 -20
View File
@@ -104077,6 +104077,19 @@ var getOptionalInput = function(name) {
const value = core4.getInput(name);
return value.length > 0 ? value : void 0;
};
function resolveToolsInput(repositoryProperties, toolsPropertyName, logger) {
const toolsWorkflowInput = getOptionalInput("tools");
const toolsPropertyValue = repositoryProperties[toolsPropertyName];
const effectiveToolsInput = toolsWorkflowInput ?? toolsPropertyValue;
if (effectiveToolsInput) {
if (toolsWorkflowInput) {
logger.info(`Setting tools: ${effectiveToolsInput} based on workflow input.`);
} else {
logger.info(`Setting tools: ${effectiveToolsInput} based on the '${toolsPropertyName}' repository property.`);
}
}
return effectiveToolsInput;
}
function getTemporaryDirectory() {
const value = process.env["CODEQL_ACTION_TEMP"];
return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP");
@@ -108225,7 +108238,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
);
} else {
logger.info(
`Using the latest CodeQL CLI nightly, as requested by 'tools: ${toolsInput}'.`
`Using the latest CodeQL CLI nightly, as requested.`
);
}
toolsInput = await getNightlyToolsUrl(logger);
@@ -108247,15 +108260,16 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
const allowToolcacheValueFF = await features.getValue(
"allow_toolcache_input" /* AllowToolcacheInput */
);
const allowToolcacheValue = toolsInputFromRepositoryProperty || allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode());
const allowToolcacheValue = toolsInputFromRepositoryProperty || // Repository properties bypass all restrictions
allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode());
if (allowToolcacheValue) {
if (toolsInputFromRepositoryProperty) {
logger.info(
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by the 'github-codeql-tools' repository property.`
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by the '${"github-codeql-tools" /* TOOLS */}' repository property.`
);
} else {
logger.info(
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested.`
);
}
latestToolcacheVersion = getLatestToolcacheVersion(logger);
@@ -108267,7 +108281,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
if (allowToolcacheValue) {
if (toolsInputFromRepositoryProperty) {
logger.info(
`Found no CodeQL CLI in the toolcache, ignoring the 'github-codeql-tools' repository property...`
`Found no CodeQL CLI in the toolcache, ignoring the '${"github-codeql-tools" /* TOOLS */}' repository property...`
);
} else {
logger.info(
@@ -108280,7 +108294,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
`Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.`
);
} else {
logger.info(
logger.warning(
`Ignoring 'tools: ${toolsInput}' because the feature is not enabled.`
);
}
@@ -108656,7 +108670,7 @@ var CODEQL_NEXT_MINIMUM_VERSION = "2.17.6";
var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13";
var GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19";
var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion, toolsInputFromRepositoryProperty = false) {
async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) {
try {
const {
codeqlFolder,
@@ -108671,8 +108685,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
variant,
defaultCliVersion,
features,
logger,
toolsInputFromRepositoryProperty
logger
);
logger.debug(
`Bundle download status report: ${JSON.stringify(
@@ -109260,7 +109273,7 @@ async function getJobRunUuidSarifOptions(codeql) {
}
// src/init.ts
async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, toolsInputFromRepositoryProperty = false) {
async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) {
logger.startGroup("Setup CodeQL tools");
const {
codeql,
@@ -109276,8 +109289,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
defaultCliVersion,
features,
logger,
true,
toolsInputFromRepositoryProperty
true
);
await codeql.printVersion();
logger.endGroup();
@@ -109948,7 +109960,7 @@ async function sendStartingStatusReport(startedAt, config, logger) {
await sendStatusReport(statusReportBase);
}
}
async function sendCompletedStatusReport(startedAt, config, configFile, toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, overlayBaseDatabaseStats, dependencyCachingResults, logger, error3) {
async function sendCompletedStatusReport(startedAt, config, configFile, toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, effectiveToolsInput, overlayBaseDatabaseStats, dependencyCachingResults, logger, error3) {
const statusReportBase = await createStatusReportBase(
"init" /* Init */,
getActionsStatus(error3),
@@ -109965,7 +109977,7 @@ async function sendCompletedStatusReport(startedAt, config, configFile, toolsDow
const workflowLanguages = getOptionalInput("languages");
const initStatusReport = {
...statusReportBase,
tools_input: getOptionalInput("tools") || "",
tools_input: effectiveToolsInput || "",
tools_resolved_version: toolsVersion,
tools_source: toolsSource || "UNKNOWN" /* Unknown */,
workflow_languages: workflowLanguages || ""
@@ -110009,6 +110021,7 @@ async function run(startedAt) {
let toolsSource;
let toolsVersion;
let zstdAvailability;
let effectiveToolsInput;
try {
initializeEnvironment(getActionVersion());
persistInputs();
@@ -110059,10 +110072,11 @@ async function run(startedAt) {
gitHubVersion.type
);
toolsFeatureFlagsValid = codeQLDefaultVersionInfo.toolsFeatureFlagsValid;
const toolsWorkflowInput = getOptionalInput("tools");
const toolsPropertyValue = repositoryPropertiesResult.orElse({})["github-codeql-tools" /* TOOLS */];
const effectiveToolsInput = toolsWorkflowInput ?? toolsPropertyValue;
const toolsInputFromRepositoryProperty = toolsWorkflowInput === void 0 && toolsPropertyValue !== void 0;
effectiveToolsInput = resolveToolsInput(
repositoryPropertiesResult.orElse({}),
"github-codeql-tools" /* TOOLS */,
logger
);
const initCodeQLResult = await initCodeQL(
effectiveToolsInput,
apiDetails,
@@ -110070,8 +110084,7 @@ async function run(startedAt) {
gitHubVersion.type,
codeQLDefaultVersionInfo,
features,
logger,
toolsInputFromRepositoryProperty
logger
);
codeql = initCodeQLResult.codeql;
toolsDownloadStatusReport = initCodeQLResult.toolsDownloadStatusReport;
@@ -110406,6 +110419,7 @@ exec ${goBinaryPath} "$@"`
toolsFeatureFlagsValid,
toolsSource,
toolsVersion,
effectiveToolsInput,
overlayBaseDatabaseStats,
dependencyCachingStatus,
logger,
@@ -110423,6 +110437,7 @@ exec ${goBinaryPath} "$@"`
toolsFeatureFlagsValid,
toolsSource,
toolsVersion,
effectiveToolsInput,
overlayBaseDatabaseStats,
dependencyCachingStatus,
logger
lib/setup-codeql-action.js
Generated
+156 -35
View File
@@ -100236,7 +100236,7 @@ var require_follow_redirects = __commonJS({
if (this._ending) {
throw new WriteAfterEndError();
}
if (!isString2(data) && !isBuffer(data)) {
if (!isString3(data) && !isBuffer(data)) {
throw new TypeError("data should be a string, Buffer or Uint8Array");
}
if (isFunction(encoding)) {
@@ -100491,7 +100491,7 @@ var require_follow_redirects = __commonJS({
function request2(input, options, callback) {
if (isURL(input)) {
input = spreadUrlObject(input);
} else if (isString2(input)) {
} else if (isString3(input)) {
input = spreadUrlObject(parseUrl2(input));
} else {
callback = options;
@@ -100507,7 +100507,7 @@ var require_follow_redirects = __commonJS({
maxBodyLength: exports3.maxBodyLength
}, input, options);
options.nativeProtocols = nativeProtocols;
if (!isString2(options.host) && !isString2(options.hostname)) {
if (!isString3(options.host) && !isString3(options.hostname)) {
options.hostname = "::1";
}
assert.equal(options.protocol, protocol, "protocol mismatch");
@@ -100534,7 +100534,7 @@ var require_follow_redirects = __commonJS({
parsed = new URL2(input);
} else {
parsed = validateUrl(url.parse(input));
if (!isString2(parsed.protocol)) {
if (!isString3(parsed.protocol)) {
throw new InvalidUrlError({ input });
}
}
@@ -100606,11 +100606,11 @@ var require_follow_redirects = __commonJS({
request2.destroy(error3);
}
function isSubdomain(subdomain, domain) {
assert(isString2(subdomain) && isString2(domain));
assert(isString3(subdomain) && isString3(domain));
var dot = subdomain.length - domain.length - 1;
return dot > 0 && subdomain[dot] === "." && subdomain.endsWith(domain);
}
function isString2(value) {
function isString3(value) {
return typeof value === "string" || value instanceof String;
}
function isFunction(value) {
@@ -103620,6 +103620,19 @@ var getOptionalInput = function(name) {
const value = core4.getInput(name);
return value.length > 0 ? value : void 0;
};
function resolveToolsInput(repositoryProperties, toolsPropertyName, logger) {
const toolsWorkflowInput = getOptionalInput("tools");
const toolsPropertyValue = repositoryProperties[toolsPropertyName];
const effectiveToolsInput = toolsWorkflowInput ?? toolsPropertyValue;
if (effectiveToolsInput) {
if (toolsWorkflowInput) {
logger.info(`Setting tools: ${effectiveToolsInput} based on workflow input.`);
} else {
logger.info(`Setting tools: ${effectiveToolsInput} based on the '${toolsPropertyName}' repository property.`);
}
}
return effectiveToolsInput;
}
function getTemporaryDirectory() {
const value = process.env["CODEQL_ACTION_TEMP"];
return value !== void 0 && value !== "" ? value : getRequiredEnvParam("RUNNER_TEMP");
@@ -103936,6 +103949,12 @@ async function getAnalysisKey() {
core5.exportVariable("CODEQL_ACTION_ANALYSIS_KEY" /* ANALYSIS_KEY */, analysisKey);
return analysisKey;
}
async function getRepositoryProperties(repositoryNwo) {
return getApiClient().request("GET /repos/:owner/:repo/properties/values", {
owner: repositoryNwo.owner,
repo: repositoryNwo.repo
});
}
function isEnablementError(msg) {
return [
/Code Security must be enabled/i,
@@ -104794,6 +104813,112 @@ function initFeatures(gitHubVersion, repositoryNwo, tempDir, logger) {
}
}
// src/feature-flags/properties.ts
var GITHUB_CODEQL_PROPERTY_PREFIX = "github-codeql-";
var RepositoryPropertyName = /* @__PURE__ */ ((RepositoryPropertyName2) => {
RepositoryPropertyName2["DISABLE_OVERLAY"] = "github-codeql-disable-overlay";
RepositoryPropertyName2["EXTRA_QUERIES"] = "github-codeql-extra-queries";
RepositoryPropertyName2["FILE_COVERAGE_ON_PRS"] = "github-codeql-file-coverage-on-prs";
RepositoryPropertyName2["TOOLS"] = "github-codeql-tools";
return RepositoryPropertyName2;
})(RepositoryPropertyName || {});
function isString2(value) {
return typeof value === "string";
}
var stringProperty = {
validate: isString2,
parse: parseStringRepositoryProperty
};
var booleanProperty = {
// The value from the API should come as a string, which we then parse into a boolean.
validate: isString2,
parse: parseBooleanRepositoryProperty
};
var repositoryPropertyParsers = {
["github-codeql-disable-overlay" /* DISABLE_OVERLAY */]: booleanProperty,
["github-codeql-extra-queries" /* EXTRA_QUERIES */]: stringProperty,
["github-codeql-file-coverage-on-prs" /* FILE_COVERAGE_ON_PRS */]: booleanProperty,
["github-codeql-tools" /* TOOLS */]: stringProperty
};
async function loadPropertiesFromApi(logger, repositoryNwo) {
try {
const response = await getRepositoryProperties(repositoryNwo);
const remoteProperties = response.data;
if (!Array.isArray(remoteProperties)) {
throw new Error(
`Expected repository properties API to return an array, but got: ${JSON.stringify(response.data)}`
);
}
logger.debug(
`Retrieved ${remoteProperties.length} repository properties: ${remoteProperties.map((p) => p.property_name).join(", ")}`
);
const properties = {};
const unrecognisedProperties = [];
for (const property of remoteProperties) {
if (property.property_name === void 0) {
throw new Error(
`Expected repository property object to have a 'property_name', but got: ${JSON.stringify(property)}`
);
}
if (isKnownPropertyName(property.property_name)) {
setProperty2(properties, property.property_name, property.value, logger);
} else if (property.property_name.startsWith(GITHUB_CODEQL_PROPERTY_PREFIX) && !isDynamicWorkflow()) {
unrecognisedProperties.push(property.property_name);
}
}
if (Object.keys(properties).length === 0) {
logger.debug("No known repository properties were found.");
} else {
logger.debug(
"Loaded the following values for the repository properties:"
);
for (const [property, value] of Object.entries(properties).sort(
([nameA], [nameB]) => nameA.localeCompare(nameB)
)) {
logger.debug(` ${property}: ${value}`);
}
}
if (unrecognisedProperties.length > 0) {
const unrecognisedPropertyList = unrecognisedProperties.map((name) => `'${name}'`).join(", ");
logger.warning(
`Found repository properties (${unrecognisedPropertyList}), which look like CodeQL Action repository properties, but which are not understood by this version of the CodeQL Action. Do you need to update to a newer version?`
);
}
return properties;
} catch (e) {
throw new Error(
`Encountered an error while trying to determine repository properties: ${e}`
);
}
}
function setProperty2(properties, name, value, logger) {
const propertyOptions = repositoryPropertyParsers[name];
if (propertyOptions.validate(value)) {
properties[name] = propertyOptions.parse(name, value, logger);
} else {
throw new Error(
`Unexpected value for repository property '${name}' (${typeof value}), got: ${JSON.stringify(value)}`
);
}
}
function parseBooleanRepositoryProperty(name, value, logger) {
if (value !== "true" && value !== "false") {
logger.warning(
`Repository property '${name}' has unexpected value '${value}'. Expected 'true' or 'false'. Defaulting to false.`
);
}
return value === "true";
}
function parseStringRepositoryProperty(_name, value) {
return value;
}
var KNOWN_REPOSITORY_PROPERTY_NAMES = new Set(
Object.values(RepositoryPropertyName)
);
function isKnownPropertyName(name) {
return KNOWN_REPOSITORY_PROPERTY_NAMES.has(name);
}
// src/init.ts
var core12 = __toESM(require_core());
var toolrunner4 = __toESM(require_toolrunner());
@@ -105063,20 +105188,6 @@ var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
// src/config/db-config.ts
var jsonschema = __toESM(require_lib2());
var semver5 = __toESM(require_semver2());
// src/feature-flags/properties.ts
var RepositoryPropertyName = /* @__PURE__ */ ((RepositoryPropertyName2) => {
RepositoryPropertyName2["DISABLE_OVERLAY"] = "github-codeql-disable-overlay";
RepositoryPropertyName2["EXTRA_QUERIES"] = "github-codeql-extra-queries";
RepositoryPropertyName2["FILE_COVERAGE_ON_PRS"] = "github-codeql-file-coverage-on-prs";
RepositoryPropertyName2["TOOLS"] = "github-codeql-tools";
return RepositoryPropertyName2;
})(RepositoryPropertyName || {});
var KNOWN_REPOSITORY_PROPERTY_NAMES = new Set(
Object.values(RepositoryPropertyName)
);
// src/config/db-config.ts
var PACK_IDENTIFIER_PATTERN = (function() {
const alphaNumeric = "[a-z0-9]";
const alphaNumericDash = "[a-z0-9-]";
@@ -105705,7 +105816,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
);
} else {
logger.info(
`Using the latest CodeQL CLI nightly, as requested by 'tools: ${toolsInput}'.`
`Using the latest CodeQL CLI nightly, as requested.`
);
}
toolsInput = await getNightlyToolsUrl(logger);
@@ -105727,15 +105838,16 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
const allowToolcacheValueFF = await features.getValue(
"allow_toolcache_input" /* AllowToolcacheInput */
);
const allowToolcacheValue = toolsInputFromRepositoryProperty || allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode());
const allowToolcacheValue = toolsInputFromRepositoryProperty || // Repository properties bypass all restrictions
allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode());
if (allowToolcacheValue) {
if (toolsInputFromRepositoryProperty) {
logger.info(
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by the 'github-codeql-tools' repository property.`
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by the '${"github-codeql-tools" /* TOOLS */}' repository property.`
);
} else {
logger.info(
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested.`
);
}
latestToolcacheVersion = getLatestToolcacheVersion(logger);
@@ -105747,7 +105859,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
if (allowToolcacheValue) {
if (toolsInputFromRepositoryProperty) {
logger.info(
`Found no CodeQL CLI in the toolcache, ignoring the 'github-codeql-tools' repository property...`
`Found no CodeQL CLI in the toolcache, ignoring the '${"github-codeql-tools" /* TOOLS */}' repository property...`
);
} else {
logger.info(
@@ -105760,7 +105872,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
`Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.`
);
} else {
logger.info(
logger.warning(
`Ignoring 'tools: ${toolsInput}' because the feature is not enabled.`
);
}
@@ -106114,7 +106226,7 @@ var CODEQL_NEXT_MINIMUM_VERSION = "2.17.6";
var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13";
var GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19";
var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion, toolsInputFromRepositoryProperty = false) {
async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) {
try {
const {
codeqlFolder,
@@ -106129,8 +106241,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
variant,
defaultCliVersion,
features,
logger,
toolsInputFromRepositoryProperty
logger
);
logger.debug(
`Bundle download status report: ${JSON.stringify(
@@ -106718,7 +106829,7 @@ async function getJobRunUuidSarifOptions(codeql) {
}
// src/init.ts
async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, toolsInputFromRepositoryProperty = false) {
async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) {
logger.startGroup("Setup CodeQL tools");
const {
codeql,
@@ -106734,8 +106845,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
defaultCliVersion,
features,
logger,
true,
toolsInputFromRepositoryProperty
true
);
await codeql.printVersion();
logger.endGroup();
@@ -106956,7 +107066,7 @@ async function sendUnhandledErrorStatusReport(actionName, actionStartedAt, error
}
// src/setup-codeql-action.ts
async function sendCompletedStatusReport(startedAt, toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, logger, error3) {
async function sendCompletedStatusReport(startedAt, toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, effectiveToolsInput, logger, error3) {
const statusReportBase = await createStatusReportBase(
"setup-codeql" /* SetupCodeQL */,
getActionsStatus(error3),
@@ -106972,7 +107082,7 @@ async function sendCompletedStatusReport(startedAt, toolsDownloadStatusReport, t
}
const initStatusReport = {
...statusReportBase,
tools_input: getOptionalInput("tools") || "",
tools_input: effectiveToolsInput || "",
tools_resolved_version: toolsVersion,
tools_source: toolsSource || "UNKNOWN" /* Unknown */,
workflow_languages: ""
@@ -106993,6 +107103,7 @@ async function run(startedAt) {
let toolsFeatureFlagsValid;
let toolsSource;
let toolsVersion;
let effectiveToolsInput;
try {
initializeEnvironment(getActionVersion());
const apiDetails = {
@@ -107011,6 +107122,10 @@ async function run(startedAt) {
getTemporaryDirectory(),
logger
);
const repositoryPropertiesResult = await loadPropertiesFromApi(
logger,
repositoryNwo
);
const jobRunUuid = v4_default();
logger.info(`Job run UUID is ${jobRunUuid}.`);
core14.exportVariable("JOB_RUN_UUID" /* JOB_RUN_UUID */, jobRunUuid);
@@ -107029,8 +107144,13 @@ async function run(startedAt) {
gitHubVersion.type
);
toolsFeatureFlagsValid = codeQLDefaultVersionInfo.toolsFeatureFlagsValid;
effectiveToolsInput = resolveToolsInput(
repositoryPropertiesResult,
"github-codeql-tools" /* TOOLS */,
logger
);
const initCodeQLResult = await initCodeQL(
getOptionalInput("tools"),
effectiveToolsInput,
apiDetails,
getTemporaryDirectory(),
gitHubVersion.type,
@@ -107069,6 +107189,7 @@ async function run(startedAt) {
toolsFeatureFlagsValid,
toolsSource,
toolsVersion,
effectiveToolsInput,
logger
);
}
lib/upload-lib.js
Generated
+29 -17
View File
@@ -108394,7 +108394,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
);
} else {
logger.info(
`Using the latest CodeQL CLI nightly, as requested by 'tools: ${toolsInput}'.`
`Using the latest CodeQL CLI nightly, as requested.`
);
}
toolsInput = await getNightlyToolsUrl(logger);
@@ -108416,15 +108416,16 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
const allowToolcacheValueFF = await features.getValue(
"allow_toolcache_input" /* AllowToolcacheInput */
);
const allowToolcacheValue = toolsInputFromRepositoryProperty || allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode());
const allowToolcacheValue = toolsInputFromRepositoryProperty || // Repository properties bypass all restrictions
allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode());
if (allowToolcacheValue) {
if (toolsInputFromRepositoryProperty) {
logger.info(
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by the 'github-codeql-tools' repository property.`
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by the '${"github-codeql-tools" /* TOOLS */}' repository property.`
);
} else {
logger.info(
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested.`
);
}
latestToolcacheVersion = getLatestToolcacheVersion(logger);
@@ -108436,7 +108437,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
if (allowToolcacheValue) {
if (toolsInputFromRepositoryProperty) {
logger.info(
`Found no CodeQL CLI in the toolcache, ignoring the 'github-codeql-tools' repository property...`
`Found no CodeQL CLI in the toolcache, ignoring the '${"github-codeql-tools" /* TOOLS */}' repository property...`
);
} else {
logger.info(
@@ -108449,7 +108450,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
`Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.`
);
} else {
logger.info(
logger.warning(
`Ignoring 'tools: ${toolsInput}' because the feature is not enabled.`
);
}
@@ -108803,7 +108804,7 @@ var CODEQL_NEXT_MINIMUM_VERSION = "2.17.6";
var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13";
var GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19";
var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion, toolsInputFromRepositoryProperty = false) {
async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) {
try {
const {
codeqlFolder,
@@ -108818,8 +108819,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
variant,
defaultCliVersion,
features,
logger,
toolsInputFromRepositoryProperty
logger
);
logger.debug(
`Bundle download status report: ${JSON.stringify(
@@ -110539,7 +110539,7 @@ var core12 = __toESM(require_core());
var toolrunner4 = __toESM(require_toolrunner());
var github2 = __toESM(require_github());
var io5 = __toESM(require_io());
async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, toolsInputFromRepositoryProperty = false) {
async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) {
logger.startGroup("Setup CodeQL tools");
const {
codeql,
@@ -110555,8 +110555,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
defaultCliVersion,
features,
logger,
true,
toolsInputFromRepositoryProperty
true
);
await codeql.printVersion();
logger.endGroup();
@@ -111140,20 +111139,33 @@ async function waitForProcessing(repositoryNwo, sarifID, logger, options = {
);
break;
}
if (!response) {
logger.warning(
"Unable to check analysis status due to missing response. It should still be processed in the background."
);
break;
}
const status = response.data.processing_status;
logger.info(`Analysis upload status is ${status}.`);
if (status === "pending") {
logger.debug("Analysis processing is still pending...");
} else if (options.isUnsuccessfulExecution) {
handleProcessingResultForUnsuccessfulExecution(
response,
status,
logger
);
if (response) {
handleProcessingResultForUnsuccessfulExecution(
response,
status,
logger
);
}
break;
} else if (status === "complete") {
break;
} else if (status === "failed") {
if (!response) {
throw new Error(
"Code Scanning could not process the submitted SARIF file: Unable to retrieve error details."
);
}
const message = `Code Scanning could not process the submitted SARIF file:
${response.data.errors}`;
const processingErrors = response.data.errors;
lib/upload-sarif-action.js
Generated
+29 -17
View File
@@ -109056,7 +109056,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
);
} else {
logger.info(
`Using the latest CodeQL CLI nightly, as requested by 'tools: ${toolsInput}'.`
`Using the latest CodeQL CLI nightly, as requested.`
);
}
toolsInput = await getNightlyToolsUrl(logger);
@@ -109078,15 +109078,16 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
const allowToolcacheValueFF = await features.getValue(
"allow_toolcache_input" /* AllowToolcacheInput */
);
const allowToolcacheValue = toolsInputFromRepositoryProperty || allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode());
const allowToolcacheValue = toolsInputFromRepositoryProperty || // Repository properties bypass all restrictions
allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode());
if (allowToolcacheValue) {
if (toolsInputFromRepositoryProperty) {
logger.info(
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by the 'github-codeql-tools' repository property.`
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by the '${"github-codeql-tools" /* TOOLS */}' repository property.`
);
} else {
logger.info(
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`
`Attempting to use the latest CodeQL CLI version in the toolcache, as requested.`
);
}
latestToolcacheVersion = getLatestToolcacheVersion(logger);
@@ -109098,7 +109099,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
if (allowToolcacheValue) {
if (toolsInputFromRepositoryProperty) {
logger.info(
`Found no CodeQL CLI in the toolcache, ignoring the 'github-codeql-tools' repository property...`
`Found no CodeQL CLI in the toolcache, ignoring the '${"github-codeql-tools" /* TOOLS */}' repository property...`
);
} else {
logger.info(
@@ -109111,7 +109112,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
`Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.`
);
} else {
logger.info(
logger.warning(
`Ignoring 'tools: ${toolsInput}' because the feature is not enabled.`
);
}
@@ -109465,7 +109466,7 @@ var CODEQL_NEXT_MINIMUM_VERSION = "2.17.6";
var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13";
var GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19";
var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++";
async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion, toolsInputFromRepositoryProperty = false) {
async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) {
try {
const {
codeqlFolder,
@@ -109480,8 +109481,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV
variant,
defaultCliVersion,
features,
logger,
toolsInputFromRepositoryProperty
logger
);
logger.debug(
`Bundle download status report: ${JSON.stringify(
@@ -111201,7 +111201,7 @@ var core13 = __toESM(require_core());
var toolrunner4 = __toESM(require_toolrunner());
var github2 = __toESM(require_github());
var io5 = __toESM(require_io());
async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, toolsInputFromRepositoryProperty = false) {
async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) {
logger.startGroup("Setup CodeQL tools");
const {
codeql,
@@ -111217,8 +111217,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe
defaultCliVersion,
features,
logger,
true,
toolsInputFromRepositoryProperty
true
);
await codeql.printVersion();
logger.endGroup();
@@ -111684,20 +111683,33 @@ async function waitForProcessing(repositoryNwo, sarifID, logger, options = {
);
break;
}
if (!response) {
logger.warning(
"Unable to check analysis status due to missing response. It should still be processed in the background."
);
break;
}
const status = response.data.processing_status;
logger.info(`Analysis upload status is ${status}.`);
if (status === "pending") {
logger.debug("Analysis processing is still pending...");
} else if (options.isUnsuccessfulExecution) {
handleProcessingResultForUnsuccessfulExecution(
response,
status,
logger
);
if (response) {
handleProcessingResultForUnsuccessfulExecution(
response,
status,
logger
);
}
break;
} else if (status === "complete") {
break;
} else if (status === "failed") {
if (!response) {
throw new Error(
"Code Scanning could not process the submitted SARIF file: Unable to retrieve error details."
);
}
const message = `Code Scanning could not process the submitted SARIF file:
${response.data.errors}`;
const processingErrors = response.data.errors;