github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-05-11 16:20:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3213 from github/update-v4.30.9-70205d3d1

Browse Source 
Merge main into releases/v4
This commit is contained in:
Henry Mercer
2025-10-17 16:22:48 +01:00
committed by GitHub
parent 2a6736cca7 30db5fee08
commit 9e5b0f05ba
51 changed files with 88397 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/__analyze-ref-input.yml
Generated
+15
View File
@@ -27,6 +27,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
workflow_call:
inputs:
go-version:
@@ -34,6 +39,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
defaults:
run:
shell: bash
@@ -70,6 +80,11 @@ jobs:
with:
go-version: ${{ inputs.go-version || '>=1.21.0' }}
cache: false
- name: Install Python
if: matrix.version != 'nightly-latest'
uses: actions/setup-python@v6
with:
python-version: ${{ inputs.python-version || '3.13' }}
- uses: ./../action/init
with:
tools: ${{ steps.prepare-test.outputs.tools-url }}
.github/workflows/__bundle-from-toolcache.yml
Generated
+2 -3
View File
@@ -67,10 +67,9 @@ jobs:
if (allCodeqlVersions.length === 0) {
throw new Error(`CodeQL could not be found in the toolcache`);
}
- id: init
uses: ./../action/init
- id: setup-codeql
uses: ./../action/setup-codeql
with:
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Check CodeQL is installed within the toolcache
uses: actions/github-script@v8
.github/workflows/__local-bundle.yml
Generated
+15
View File
@@ -27,6 +27,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
workflow_call:
inputs:
go-version:
@@ -34,6 +39,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
defaults:
run:
shell: bash
@@ -70,6 +80,11 @@ jobs:
with:
go-version: ${{ inputs.go-version || '>=1.21.0' }}
cache: false
- name: Install Python
if: matrix.version != 'nightly-latest'
uses: actions/setup-python@v6
with:
python-version: ${{ inputs.python-version || '3.13' }}
- name: Fetch latest CodeQL bundle
run: |
wget https://github.com/github/codeql-action/releases/latest/download/codeql-bundle-linux64.tar.zst
.github/workflows/__multi-language-autodetect.yml
Generated
+15
View File
@@ -27,6 +27,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
workflow_call:
inputs:
go-version:
@@ -34,6 +39,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
defaults:
run:
shell: bash
@@ -104,6 +114,11 @@ jobs:
with:
go-version: ${{ inputs.go-version || '>=1.21.0' }}
cache: false
- name: Install Python
if: matrix.version != 'nightly-latest'
uses: actions/setup-python@v6
with:
python-version: ${{ inputs.python-version || '3.13' }}
- name: Use Xcode 16
if: runner.os == 'macOS' && matrix.version != 'nightly-latest'
run: sudo xcode-select -s "/Applications/Xcode_16.app"
.github/workflows/__packaging-codescanning-config-inputs-js.yml
Generated
+15
View File
@@ -27,6 +27,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
workflow_call:
inputs:
go-version:
@@ -34,6 +39,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
defaults:
run:
shell: bash
@@ -81,6 +91,11 @@ jobs:
with:
go-version: ${{ inputs.go-version || '>=1.21.0' }}
cache: false
- name: Install Python
if: matrix.version != 'nightly-latest'
uses: actions/setup-python@v6
with:
python-version: ${{ inputs.python-version || '3.13' }}
- uses: ./../action/init
with:
config-file: .github/codeql/codeql-config-packaging3.yml
.github/workflows/__remote-config.yml
Generated
+15
View File
@@ -27,6 +27,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
workflow_call:
inputs:
go-version:
@@ -34,6 +39,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
defaults:
run:
shell: bash
@@ -72,6 +82,11 @@ jobs:
with:
go-version: ${{ inputs.go-version || '>=1.21.0' }}
cache: false
- name: Install Python
if: matrix.version != 'nightly-latest'
uses: actions/setup-python@v6
with:
python-version: ${{ inputs.python-version || '3.13' }}
- uses: ./../action/init
with:
tools: ${{ steps.prepare-test.outputs.tools-url }}
.github/workflows/__unset-environment.yml
Generated
+15
View File
@@ -27,6 +27,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
workflow_call:
inputs:
go-version:
@@ -34,6 +39,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
defaults:
run:
shell: bash
@@ -72,6 +82,11 @@ jobs:
with:
go-version: ${{ inputs.go-version || '>=1.21.0' }}
cache: false
- name: Install Python
if: matrix.version != 'nightly-latest'
uses: actions/setup-python@v6
with:
python-version: ${{ inputs.python-version || '3.13' }}
- uses: ./../action/init
id: init
with:
.github/workflows/__upload-ref-sha-input.yml
Generated
+15
View File
@@ -27,6 +27,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
workflow_call:
inputs:
go-version:
@@ -34,6 +39,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
defaults:
run:
shell: bash
@@ -70,6 +80,11 @@ jobs:
with:
go-version: ${{ inputs.go-version || '>=1.21.0' }}
cache: false
- name: Install Python
if: matrix.version != 'nightly-latest'
uses: actions/setup-python@v6
with:
python-version: ${{ inputs.python-version || '3.13' }}
- uses: ./../action/init
with:
tools: ${{ steps.prepare-test.outputs.tools-url }}
.github/workflows/__upload-sarif.yml
Generated
+15
View File
@@ -27,6 +27,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
workflow_call:
inputs:
go-version:
@@ -34,6 +39,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
defaults:
run:
shell: bash
@@ -77,6 +87,11 @@ jobs:
with:
go-version: ${{ inputs.go-version || '>=1.21.0' }}
cache: false
- name: Install Python
if: matrix.version != 'nightly-latest'
uses: actions/setup-python@v6
with:
python-version: ${{ inputs.python-version || '3.13' }}
- uses: ./../action/init
with:
tools: ${{ steps.prepare-test.outputs.tools-url }}
.github/workflows/__with-checkout-path.yml
Generated
+15
View File
@@ -27,6 +27,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
workflow_call:
inputs:
go-version:
@@ -34,6 +39,11 @@ on:
description: The version of Go to install
required: false
default: '>=1.21.0'
python-version:
type: string
description: The version of Python to install
required: false
default: '3.13'
defaults:
run:
shell: bash
@@ -70,6 +80,11 @@ jobs:
with:
go-version: ${{ inputs.go-version || '>=1.21.0' }}
cache: false
- name: Install Python
if: matrix.version != 'nightly-latest'
uses: actions/setup-python@v6
with:
python-version: ${{ inputs.python-version || '3.13' }}
- name: Delete original checkout
run: |
# delete the original checkout so we don't accidentally use it.
.github/workflows/post-release-mergeback.yml
+1
View File
@@ -146,6 +146,7 @@ jobs:
private-key: ${{ secrets.AUTOMATION_PRIVATE_KEY }}
- name: Create the GitHub release
if: steps.check.outputs.exists != 'true'
env:
PARTIAL_CHANGELOG: "${{ runner.temp }}/partial_changelog.md"
VERSION: "${{ steps.getVersion.outputs.version }}"
CHANGELOG.md
+5
View File
@@ -2,6 +2,11 @@
See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
## 4.30.9 - 17 Oct 2025
- Update default CodeQL bundle version to 2.23.3. [#3205](https://github.com/github/codeql-action/pull/3205)
- Experimental: A new `setup-codeql` action has been added which is similar to `init`, except it only installs the CodeQL CLI and does not initialize a database. Do not use this in production as it is part of an internal experiment and subject to change at any time. [#3204](https://github.com/github/codeql-action/pull/3204)
## 4.30.8 - 10 Oct 2025
No user facing changes.
README.md
+1
View File
@@ -34,6 +34,7 @@ Actions with special purposes and unlikely to be used directly:
- `autobuild`: Attempts to automatically build the code. Only used for analyzing languages that require a build. Use the `build-mode: autobuild` input in the `init` action instead. For information about input parameters, see the [autobuild action definition](https://github.com/github/codeql-action/blob/main/autobuild/action.yml).
- `resolve-environment`: [Experimental] Attempts to infer a build environment suitable for automatic builds. For information about input parameters, see the [resolve-environment action definition](https://github.com/github/codeql-action/blob/main/resolve-environment/action.yml).
- `start-proxy`: [Experimental] Start the HTTP proxy server. Internal use only and will change without notice. For information about input parameters, see the [start-proxy action definition](https://github.com/github/codeql-action/blob/main/start-proxy/action.yml).
- `setup-codeql`: [Experimental] Similar to `init`, except it only installs the CodeQL CLI and does not initialize a database.
### Workflow Permissions
lib/analyze-action-post.js
Generated
+1 -1
View File
@@ -26460,7 +26460,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "4.30.8",
version: "4.30.9",
private: true,
description: "CodeQL action",
scripts: {
lib/analyze-action.js
Generated
+3 -3
View File
@@ -32309,7 +32309,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "4.30.8",
version: "4.30.9",
private: true,
description: "CodeQL action",
scripts: {
@@ -90704,8 +90704,8 @@ var path8 = __toESM(require("path"));
var semver4 = __toESM(require_semver2());
// src/defaults.json
var bundleVersion = "codeql-bundle-v2.23.2";
var cliVersion = "2.23.2";
var bundleVersion = "codeql-bundle-v2.23.3";
var cliVersion = "2.23.3";
// src/overlay-database-utils.ts
var crypto = __toESM(require("crypto"));
lib/autobuild-action.js
Generated
+3 -3
View File
@@ -26460,7 +26460,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "4.30.8",
version: "4.30.9",
private: true,
description: "CodeQL action",
scripts: {
@@ -78318,8 +78318,8 @@ var path3 = __toESM(require("path"));
var semver4 = __toESM(require_semver2());
// src/defaults.json
var bundleVersion = "codeql-bundle-v2.23.2";
var cliVersion = "2.23.2";
var bundleVersion = "codeql-bundle-v2.23.3";
var cliVersion = "2.23.3";
// src/overlay-database-utils.ts
var fs2 = __toESM(require("fs"));
lib/defaults.json
+4 -4
View File
@@ -1,6 +1,6 @@
{
"bundleVersion": "codeql-bundle-v2.23.2",
"cliVersion": "2.23.2",
"priorBundleVersion": "codeql-bundle-v2.23.1",
"priorCliVersion": "2.23.1"
"bundleVersion": "codeql-bundle-v2.23.3",
"cliVersion": "2.23.3",
"priorBundleVersion": "codeql-bundle-v2.23.2",
"priorCliVersion": "2.23.2"
}
lib/init-action-post.js
Generated
+11 -3
View File
@@ -32309,7 +32309,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "4.30.8",
version: "4.30.9",
private: true,
description: "CodeQL action",
scripts: {
@@ -128949,8 +128949,8 @@ var path8 = __toESM(require("path"));
var semver4 = __toESM(require_semver2());
// src/defaults.json
var bundleVersion = "codeql-bundle-v2.23.2";
var cliVersion = "2.23.2";
var bundleVersion = "codeql-bundle-v2.23.3";
var cliVersion = "2.23.3";
// src/overlay-database-utils.ts
var fs6 = __toESM(require("fs"));
@@ -129786,6 +129786,9 @@ function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) {
}
return augmentedConfig;
}
function isCodeScanningEnabled(config) {
return config.analysisKinds.includes("code-scanning" /* CodeScanning */);
}
// src/setup-codeql.ts
var fs12 = __toESM(require("fs"));
@@ -133750,6 +133753,11 @@ async function tryUploadSarifIfRunFailed(config, repositoryNwo, features, logger
"CODEQL_ACTION_JOB_STATUS" /* JOB_STATUS */,
process.env["CODEQL_ACTION_JOB_STATUS" /* JOB_STATUS */] ?? "JOB_STATUS_CONFIGURATION_ERROR" /* ConfigErrorStatus */
);
if (!isCodeScanningEnabled(config)) {
return {
upload_failed_run_skipped_because: "Code Scanning is not enabled."
};
}
try {
return await maybeUploadFailedSarif(
config,
lib/init-action.js
Generated
+76 -52
View File
@@ -32309,7 +32309,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "4.30.8",
version: "4.30.9",
private: true,
description: "CodeQL action",
scripts: {
@@ -86062,6 +86062,50 @@ function isAnalyzingPullRequest() {
return getPullRequestBranches() !== void 0;
}
// src/analyses.ts
var AnalysisKind = /* @__PURE__ */ ((AnalysisKind3) => {
AnalysisKind3["CodeScanning"] = "code-scanning";
AnalysisKind3["CodeQuality"] = "code-quality";
return AnalysisKind3;
})(AnalysisKind || {});
var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
async function parseAnalysisKinds(input) {
const components = input.split(",");
if (components.length < 1) {
throw new ConfigurationError(
"At least one analysis kind must be configured."
);
}
for (const component of components) {
if (!supportedAnalysisKinds.has(component)) {
throw new ConfigurationError(`Unknown analysis kind: ${component}`);
}
}
return Array.from(
new Set(components.map((component) => component))
);
}
var cachedAnalysisKinds;
async function getAnalysisKinds(logger, skipCache = false) {
if (!skipCache && cachedAnalysisKinds !== void 0) {
return cachedAnalysisKinds;
}
cachedAnalysisKinds = await parseAnalysisKinds(
getRequiredInput("analysis-kinds")
);
const qualityQueriesInput = getOptionalInput("quality-queries");
if (qualityQueriesInput !== void 0) {
logger.warning(
"The `quality-queries` input is deprecated and will be removed in a future version of the CodeQL Action. Use the `analysis-kinds` input to configure different analysis kinds instead."
);
}
if (!cachedAnalysisKinds.includes("code-quality" /* CodeQuality */) && qualityQueriesInput !== void 0) {
cachedAnalysisKinds.push("code-quality" /* CodeQuality */);
}
return cachedAnalysisKinds;
}
var codeQualityQueries = ["code-quality"];
// src/api-client.ts
var core5 = __toESM(require_core());
var githubUtils = __toESM(require_utils4());
@@ -86254,31 +86298,6 @@ var fs9 = __toESM(require("fs"));
var path11 = __toESM(require("path"));
var import_perf_hooks = require("perf_hooks");
// src/analyses.ts
var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => {
AnalysisKind2["CodeScanning"] = "code-scanning";
AnalysisKind2["CodeQuality"] = "code-quality";
return AnalysisKind2;
})(AnalysisKind || {});
var supportedAnalysisKinds = new Set(Object.values(AnalysisKind));
async function parseAnalysisKinds(input) {
const components = input.split(",");
if (components.length < 1) {
throw new ConfigurationError(
"At least one analysis kind must be configured."
);
}
for (const component of components) {
if (!supportedAnalysisKinds.has(component)) {
throw new ConfigurationError(`Unknown analysis kind: ${component}`);
}
}
return Array.from(
new Set(components.map((component) => component))
);
}
var codeQualityQueries = ["code-quality"];
// src/config/db-config.ts
var path7 = __toESM(require("path"));
var semver2 = __toESM(require_semver2());
@@ -86589,8 +86608,8 @@ var path9 = __toESM(require("path"));
var semver4 = __toESM(require_semver2());
// src/defaults.json
var bundleVersion = "codeql-bundle-v2.23.2";
var cliVersion = "2.23.2";
var bundleVersion = "codeql-bundle-v2.23.3";
var cliVersion = "2.23.3";
// src/overlay-database-utils.ts
var crypto = __toESM(require("crypto"));
@@ -87691,10 +87710,8 @@ async function getRawLanguages(languagesInput, repository, sourceRoot, logger) {
};
}
async function initActionState({
analysisKindsInput,
languagesInput,
queriesInput,
qualityQueriesInput,
packsInput,
buildModeInput,
dbLocation,
@@ -87710,12 +87727,9 @@ async function initActionState({
githubVersion,
features,
repositoryProperties,
analysisKinds,
logger
}, userConfig) {
const analysisKinds = await parseAnalysisKinds(analysisKindsInput);
if (!analysisKinds.includes("code-quality" /* CodeQuality */) && qualityQueriesInput !== void 0) {
analysisKinds.push("code-quality" /* CodeQuality */);
}
const languages = await getLanguages(
codeql,
languagesInput,
@@ -90683,6 +90697,19 @@ async function getWorkflowAbsolutePath(logger) {
}
// src/init-action.ts
async function sendStartingStatusReport(startedAt, config, logger) {
const statusReportBase = await createStatusReportBase(
"init" /* Init */,
"starting",
startedAt,
config,
await checkDiskUsage(logger),
logger
);
if (statusReportBase !== void 0) {
await sendStatusReport(statusReportBase);
}
}
async function sendCompletedStatusReport(startedAt, config, configFile, toolsDownloadStatusReport, toolsFeatureFlagsValid, toolsSource, toolsVersion, overlayBaseDatabaseStats, dependencyCachingResults, logger, error2) {
const statusReportBase = await createStatusReportBase(
"init" /* Init */,
@@ -90773,16 +90800,19 @@ async function run() {
getOptionalInput("source-root") || ""
);
try {
const statusReportBase = await createStatusReportBase(
"init" /* Init */,
"starting",
startedAt,
config,
await checkDiskUsage(logger),
logger
);
if (statusReportBase !== void 0) {
await sendStatusReport(statusReportBase);
let analysisKinds;
try {
analysisKinds = await getAnalysisKinds(logger);
} catch (err) {
logger.debug(
`Failed to parse analysis kinds for 'starting' status report: ${getErrorMessage(err)}`
);
}
await sendStartingStatusReport(startedAt, { analysisKinds }, logger);
if (process.env["CODEQL_ACTION_SETUP_CODEQL_HAS_RUN" /* SETUP_CODEQL_ACTION_HAS_RUN */] === "true") {
throw new ConfigurationError(
`The 'init' action should not be run in the same workflow as 'setup-codeql'.`
);
}
const codeQLDefaultVersionInfo = await features.getDefaultCliVersion(
gitHubVersion.type
@@ -90830,17 +90860,11 @@ async function run() {
logger.info("Experimental Rust analysis enabled");
}
}
const qualityQueriesInput = getOptionalInput("quality-queries");
if (qualityQueriesInput !== void 0) {
logger.warning(
"The `quality-queries` input is deprecated and will be removed in a future version of the CodeQL Action. Use the `analysis-kinds` input to configure different analysis kinds instead."
);
}
analysisKinds = await getAnalysisKinds(logger);
config = await initConfig2({
analysisKindsInput: getRequiredInput("analysis-kinds"),
analysisKinds,
languagesInput: getOptionalInput("languages"),
queriesInput: getOptionalInput("queries"),
qualityQueriesInput,
packsInput: getOptionalInput("packs"),
buildModeInput: getOptionalInput("build-mode"),
configFile,
lib/resolve-environment-action.js
Generated
+1 -1
View File
@@ -26460,7 +26460,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "4.30.8",
version: "4.30.9",
private: true,
description: "CodeQL action",
scripts: {
lib/setup-codeql-action.js
Generated
+87679
View File
File diff suppressed because one or more lines are too long
lib/start-proxy-action-post.js
Generated
+1 -1
View File
@@ -26460,7 +26460,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "4.30.8",
version: "4.30.9",
private: true,
description: "CodeQL action",
scripts: {
lib/start-proxy-action.js
Generated
+3 -3
View File
@@ -44996,7 +44996,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "4.30.8",
version: "4.30.9",
private: true,
description: "CodeQL action",
scripts: {
@@ -95060,8 +95060,8 @@ function getActionsLogger() {
var core7 = __toESM(require_core());
// src/defaults.json
var bundleVersion = "codeql-bundle-v2.23.2";
var cliVersion = "2.23.2";
var bundleVersion = "codeql-bundle-v2.23.3";
var cliVersion = "2.23.3";
// src/languages.ts
var KnownLanguage = /* @__PURE__ */ ((KnownLanguage2) => {
lib/upload-lib.js
Generated
+3 -3
View File
@@ -33606,7 +33606,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "4.30.8",
version: "4.30.9",
private: true,
description: "CodeQL action",
scripts: {
@@ -89065,8 +89065,8 @@ var path8 = __toESM(require("path"));
var semver4 = __toESM(require_semver2());
// src/defaults.json
var bundleVersion = "codeql-bundle-v2.23.2";
var cliVersion = "2.23.2";
var bundleVersion = "codeql-bundle-v2.23.3";
var cliVersion = "2.23.3";
// src/overlay-database-utils.ts
var fs5 = __toESM(require("fs"));
lib/upload-sarif-action-post.js
Generated
+1 -1
View File
@@ -26460,7 +26460,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "4.30.8",
version: "4.30.9",
private: true,
description: "CodeQL action",
scripts: {
lib/upload-sarif-action.js
Generated
+3 -3
View File
@@ -32309,7 +32309,7 @@ var require_package = __commonJS({
"package.json"(exports2, module2) {
module2.exports = {
name: "codeql",
version: "4.30.8",
version: "4.30.9",
private: true,
description: "CodeQL action",
scripts: {
@@ -88976,8 +88976,8 @@ var path8 = __toESM(require("path"));
var semver3 = __toESM(require_semver2());
// src/defaults.json
var bundleVersion = "codeql-bundle-v2.23.2";
var cliVersion = "2.23.2";
var bundleVersion = "codeql-bundle-v2.23.3";
var cliVersion = "2.23.3";
// src/overlay-database-utils.ts
var fs5 = __toESM(require("fs"));
package-lock.json
Generated
+2 -2
View File
@@ -1,12 +1,12 @@
{
"name": "codeql",
"version": "4.30.8",
"version": "4.30.9",
"lockfileVersion": 3,
"requires": true,
"packages": {
"": {
"name": "codeql",
"version": "4.30.8",
"version": "4.30.9",
"license": "MIT",
"dependencies": {
"@actions/artifact": "^2.3.1",
package.json
+1 -1
View File
@@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "4.30.8",
"version": "4.30.9",
"private": true,
"description": "CodeQL action",
"scripts": {
pr-checks/checks/analyze-ref-input.yml
+1
View File
@@ -2,6 +2,7 @@ name: "Analyze: 'ref' and 'sha' from inputs"
description: "Checks that specifying 'ref' and 'sha' as inputs works"
versions: ["default"]
installGo: true
installPython: true
steps:
- uses: ./../action/init
with:
pr-checks/checks/bundle-from-toolcache.yml
+2 -3
View File
@@ -15,10 +15,9 @@ steps:
if (allCodeqlVersions.length === 0) {
throw new Error(`CodeQL could not be found in the toolcache`);
}
- id: init
uses: ./../action/init
- id: setup-codeql
uses: ./../action/setup-codeql
with:
languages: javascript
tools: ${{ steps.prepare-test.outputs.tools-url }}
- name: Check CodeQL is installed within the toolcache
uses: actions/github-script@v8
pr-checks/checks/local-bundle.yml
+1
View File
@@ -2,6 +2,7 @@ name: "Local CodeQL bundle"
description: "Tests using a CodeQL bundle from a local file rather than a URL"
versions: ["linked"]
installGo: true
installPython: true
steps:
- name: Fetch latest CodeQL bundle
run: |
pr-checks/checks/multi-language-autodetect.yml
+1
View File
@@ -4,6 +4,7 @@ operatingSystems: ["macos", "ubuntu"]
env:
CODEQL_ACTION_RESOLVE_SUPPORTED_LANGUAGES_USING_CLI: true
installGo: true
installPython: true
steps:
- name: Use Xcode 16
if: runner.os == 'macOS' && matrix.version != 'nightly-latest'
pr-checks/checks/packaging-codescanning-config-inputs-js.yml
+1
View File
@@ -3,6 +3,7 @@ description: "Checks that specifying packages using a combination of a config fi
versions: ["linked", "default", "nightly-latest"] # This feature is not compatible with old CLIs
installGo: true
installNode: true
installPython: true
steps:
- uses: ./../action/init
with:
pr-checks/checks/remote-config.yml
+1
View File
@@ -6,6 +6,7 @@ versions:
- linked
- nightly-latest
installGo: true
installPython: true
steps:
- uses: ./../action/init
with:
pr-checks/checks/unset-environment.yml
+1
View File
@@ -6,6 +6,7 @@ versions:
- linked
- nightly-latest
installGo: true
installPython: true
steps:
- uses: ./../action/init
id: init
pr-checks/checks/upload-ref-sha-input.yml
+1
View File
@@ -2,6 +2,7 @@ name: "Upload-sarif: 'ref' and 'sha' from inputs"
description: "Checks that specifying 'ref' and 'sha' as inputs works"
versions: ["default"]
installGo: true
installPython: true
steps:
- uses: ./../action/init
with:
pr-checks/checks/upload-sarif.yml
+1
View File
@@ -3,6 +3,7 @@ description: "Checks that uploading SARIFs to the code quality endpoint works"
versions: ["default"]
analysisKinds: ["code-scanning", "code-quality", "code-scanning,code-quality"]
installGo: true
installPython: true
steps:
- uses: ./../action/init
with:
pr-checks/checks/with-checkout-path.yml
+1
View File
@@ -2,6 +2,7 @@ name: "Use a custom `checkout_path`"
description: "Checks that a custom `checkout_path` will find the proper commit_oid"
versions: ["linked"]
installGo: true
installPython: true
steps:
# This ensures we don't accidentally use the original checkout for any part of the test.
- name: Delete original checkout
pr-checks/sync.py
+20
View File
@@ -184,6 +184,26 @@ for file in sorted((this_dir / 'checks').glob('*.yml')):
}
})
installPython = is_truthy(checkSpecification.get('installPython', ''))
if installPython:
basePythonVersionExpr = '3.13'
workflowInputs['python-version'] = {
'type': 'string',
'description': 'The version of Python to install',
'required': False,
'default': basePythonVersionExpr,
}
steps.append({
'name': 'Install Python',
'if': 'matrix.version != \'nightly-latest\'',
'uses': 'actions/setup-python@v6',
'with': {
'python-version': '${{ inputs.python-version || \'' + basePythonVersionExpr + '\' }}'
}
})
# If container initialisation steps are present in the check specification,
# make sure to execute them first.
if 'container' in checkSpecification and 'container-init-steps' in checkSpecification:
setup-codeql/action.yml
+39
View File
@@ -0,0 +1,39 @@
name: 'CodeQL: Setup'
description: 'Installs the CodeQL CLI'
author: 'GitHub'
inputs:
tools:
description: >-
By default, the Action will use the recommended version of the CodeQL
Bundle to analyze your project. You can override this choice using this
input. One of:
- A local path to a CodeQL Bundle tarball, or
- The URL of a CodeQL Bundle tarball GitHub release asset, or
- A special value `linked` which uses the version of the CodeQL tools
that the Action has been bundled with.
- A special value `nightly` which uses the latest nightly version of the
CodeQL tools. Note that this is unstable and not recommended for
production use.
If not specified, the Action will check in several places until it finds
the CodeQL tools.
required: false
token:
description: GitHub token to use for authenticating with this instance of GitHub.
default: ${{ github.token }}
required: false
matrix:
default: ${{ toJson(matrix) }}
required: false
external-repository-token:
description: A token for fetching additional files from private repositories in the same GitHub instance that is running this action.
required: false
outputs:
codeql-path:
description: The path of the CodeQL binary that was installed.
codeql-version:
description: The version of the CodeQL binary that was installed.
runs:
using: node24
main: '../lib/setup-codeql-action.js'
src/analyses.test.ts
+33
View File
@@ -1,12 +1,19 @@
import test from "ava";
import * as sinon from "sinon";
import * as actionsUtil from "./actions-util";
import {
AnalysisKind,
getAnalysisKinds,
parseAnalysisKinds,
supportedAnalysisKinds,
} from "./analyses";
import { getRunnerLogger } from "./logging";
import { setupTests } from "./testing-utils";
import { ConfigurationError } from "./util";
setupTests(test);
test("All known analysis kinds can be parsed successfully", async (t) => {
for (const analysisKind of supportedAnalysisKinds) {
t.deepEqual(await parseAnalysisKinds(analysisKind), [analysisKind]);
@@ -34,3 +41,29 @@ test("Parsing analysis kinds requires at least one analysis kind", async (t) =>
instanceOf: ConfigurationError,
});
});
test("getAnalysisKinds - returns expected analysis kinds for `analysis-kinds` input", async (t) => {
const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
requiredInputStub
.withArgs("analysis-kinds")
.returns("code-scanning,code-quality");
const result = await getAnalysisKinds(getRunnerLogger(true), true);
t.assert(result.includes(AnalysisKind.CodeScanning));
t.assert(result.includes(AnalysisKind.CodeQuality));
});
test("getAnalysisKinds - includes `code-quality` when deprecated `quality-queries` input is used", async (t) => {
const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
requiredInputStub.withArgs("analysis-kinds").returns("code-scanning");
const optionalInputStub = sinon.stub(actionsUtil, "getOptionalInput");
optionalInputStub.withArgs("quality-queries").returns("code-quality");
const result = await getAnalysisKinds(getRunnerLogger(true), true);
t.assert(result.includes(AnalysisKind.CodeScanning));
t.assert(result.includes(AnalysisKind.CodeQuality));
});
test("getAnalysisKinds - throws if `analysis-kinds` input is invalid", async (t) => {
const requiredInputStub = sinon.stub(actionsUtil, "getRequiredInput");
requiredInputStub.withArgs("analysis-kinds").returns("no-such-thing");
await t.throwsAsync(getAnalysisKinds(getRunnerLogger(true), true));
});
src/analyses.ts
+54 -1
View File
@@ -1,4 +1,8 @@
import { fixCodeQualityCategory } from "./actions-util";
import {
fixCodeQualityCategory,
getOptionalInput,
getRequiredInput,
} from "./actions-util";
import { Logger } from "./logging";
import { ConfigurationError } from "./util";
@@ -41,6 +45,55 @@ export async function parseAnalysisKinds(
);
}
// Used to avoid re-parsing the input after we have done it once.
let cachedAnalysisKinds: AnalysisKind[] | undefined;
/**
* Initialises the analysis kinds for the analysis based on the `analysis-kinds` input.
* This function will also use the deprecated `quality-queries` input as an indicator to enable `code-quality`.
* If the `analysis-kinds` input cannot be parsed, a `ConfigurationError` is thrown.
*
* @param logger The logger to use.
* @param skipCache For testing, whether to ignore the cached values (default: false).
*
* @returns The array of enabled analysis kinds.
* @throws A `ConfigurationError` if the `analysis-kinds` input cannot be parsed.
*/
export async function getAnalysisKinds(
logger: Logger,
skipCache: boolean = false,
): Promise<AnalysisKind[]> {
if (!skipCache && cachedAnalysisKinds !== undefined) {
return cachedAnalysisKinds;
}
cachedAnalysisKinds = await parseAnalysisKinds(
getRequiredInput("analysis-kinds"),
);
// Warn that `quality-queries` is deprecated if there is an argument for it.
const qualityQueriesInput = getOptionalInput("quality-queries");
if (qualityQueriesInput !== undefined) {
logger.warning(
"The `quality-queries` input is deprecated and will be removed in a future version of the CodeQL Action. " +
"Use the `analysis-kinds` input to configure different analysis kinds instead.",
);
}
// For backwards compatibility, add Code Quality to the enabled analysis kinds
// if an input to `quality-queries` was specified. We should remove this once
// `quality-queries` is no longer used.
if (
!cachedAnalysisKinds.includes(AnalysisKind.CodeQuality) &&
qualityQueriesInput !== undefined
) {
cachedAnalysisKinds.push(AnalysisKind.CodeQuality);
}
return cachedAnalysisKinds;
}
/** The queries to use for Code Quality analyses. */
export const codeQualityQueries: string[] = ["code-quality"];
src/config-utils.test.ts
+3 -4
View File
@@ -49,10 +49,9 @@ function createTestInitConfigInputs(
return Object.assign(
{},
{
analysisKindsInput: "code-scanning",
analysisKinds: [AnalysisKind.CodeScanning],
languagesInput: undefined,
queriesInput: undefined,
qualityQueriesInput: undefined,
packsInput: undefined,
configFile: undefined,
dbLocation: undefined,
@@ -189,7 +188,7 @@ test("load code quality config", async (t) => {
const config = await configUtils.initConfig(
createTestInitConfigInputs({
analysisKindsInput: "code-quality",
analysisKinds: [AnalysisKind.CodeQuality],
languagesInput: languages,
repository: { owner: "github", repo: "example" },
tempDir,
@@ -273,7 +272,7 @@ test("initActionState doesn't throw if there are queries configured in the repos
await t.notThrowsAsync(async () => {
const config = await configUtils.initConfig(
createTestInitConfigInputs({
analysisKindsInput: "code-quality",
analysisKinds: [AnalysisKind.CodeQuality],
languagesInput: languages,
repository: { owner: "github", repo: "example" },
tempDir,
src/config-utils.ts
+2 -17
View File
@@ -11,7 +11,6 @@ import {
CodeQuality,
codeQualityQueries,
CodeScanning,
parseAnalysisKinds,
} from "./analyses";
import * as api from "./api-client";
import { CachingKind, getCachingKind } from "./caching-utils";
@@ -373,10 +372,8 @@ export async function getRawLanguages(
/** Inputs required to initialize a configuration. */
export interface InitConfigInputs {
analysisKindsInput: string;
languagesInput: string | undefined;
queriesInput: string | undefined;
qualityQueriesInput: string | undefined;
packsInput: string | undefined;
configFile: string | undefined;
dbLocation: string | undefined;
@@ -396,6 +393,7 @@ export interface InitConfigInputs {
apiDetails: api.GitHubApiCombinedDetails;
features: FeatureEnablement;
repositoryProperties: RepositoryProperties;
analysisKinds: AnalysisKind[];
logger: Logger;
}
@@ -405,10 +403,8 @@ export interface InitConfigInputs {
*/
export async function initActionState(
{
analysisKindsInput,
languagesInput,
queriesInput,
qualityQueriesInput,
packsInput,
buildModeInput,
dbLocation,
@@ -424,22 +420,11 @@ export async function initActionState(
githubVersion,
features,
repositoryProperties,
analysisKinds,
logger,
}: InitConfigInputs,
userConfig: UserConfig,
): Promise<Config> {
const analysisKinds = await parseAnalysisKinds(analysisKindsInput);
// For backwards compatibility, add Code Quality to the enabled analysis kinds
// if an input to `quality-queries` was specified. We should remove this once
// `quality-queries` is no longer used.
if (
!analysisKinds.includes(AnalysisKind.CodeQuality) &&
qualityQueriesInput !== undefined
) {
analysisKinds.push(AnalysisKind.CodeQuality);
}
const languages = await getLanguages(
codeql,
languagesInput,
src/defaults.json
+4 -4
View File
@@ -1,6 +1,6 @@
{
"bundleVersion": "codeql-bundle-v2.23.2",
"cliVersion": "2.23.2",
"priorBundleVersion": "codeql-bundle-v2.23.1",
"priorCliVersion": "2.23.1"
"bundleVersion": "codeql-bundle-v2.23.3",
"cliVersion": "2.23.3",
"priorBundleVersion": "codeql-bundle-v2.23.2",
"priorCliVersion": "2.23.2"
}
src/environment.ts
+3
View File
@@ -47,6 +47,9 @@ export enum EnvVar {
/** Whether the CodeQL Action has already warned the user about low disk space. */
HAS_WARNED_ABOUT_DISK_SPACE = "CODEQL_ACTION_HAS_WARNED_ABOUT_DISK_SPACE",
/** Whether the `setup-codeql` action has been run. */
SETUP_CODEQL_ACTION_HAS_RUN = "CODEQL_ACTION_SETUP_CODEQL_HAS_RUN",
/** Whether the init action has been run. */
INIT_ACTION_HAS_RUN = "CODEQL_ACTION_INIT_HAS_RUN",
src/init-action-post-helper.test.ts
+24 -9
View File
@@ -2,6 +2,7 @@ import test, { ExecutionContext } from "ava";
import * as sinon from "sinon";
import * as actionsUtil from "./actions-util";
import { AnalysisKind } from "./analyses";
import * as codeql from "./codeql";
import * as configUtils from "./config-utils";
import { Feature } from "./feature-flags";
@@ -28,12 +29,13 @@ test("post: init action with debug mode off", async (t) => {
const gitHubVersion: util.GitHubVersion = {
type: util.GitHubVariant.DOTCOM,
};
sinon.stub(configUtils, "getConfig").resolves({
debugMode: false,
gitHubVersion,
languages: [],
packs: [],
} as unknown as configUtils.Config);
sinon.stub(configUtils, "getConfig").resolves(
createTestConfig({
debugMode: false,
gitHubVersion,
languages: [],
}),
);
const uploadAllAvailableDebugArtifactsSpy = sinon.spy();
const printDebugLogsSpy = sinon.spy();
@@ -295,6 +297,17 @@ test("uploading failed SARIF run fails when workflow does not reference github/c
t.truthy(result.upload_failed_run_stack_trace);
});
test("not uploading failed SARIF when `code-scanning` is not an enabled analysis kind", async (t) => {
const result = await testFailedSarifUpload(t, createTestWorkflow([]), {
analysisKinds: [AnalysisKind.CodeQuality],
expectUpload: false,
});
t.is(
result.upload_failed_run_skipped_because,
"Code Scanning is not enabled.",
);
});
function createTestWorkflow(
steps: workflow.WorkflowJobStep[],
): workflow.Workflow {
@@ -327,20 +340,22 @@ async function testFailedSarifUpload(
expectUpload = true,
exportDiagnosticsEnabled = false,
matrix = {},
analysisKinds = [AnalysisKind.CodeScanning],
}: {
category?: string;
databaseExists?: boolean;
expectUpload?: boolean;
exportDiagnosticsEnabled?: boolean;
matrix?: { [key: string]: string };
analysisKinds?: AnalysisKind[];
} = {},
): Promise<initActionPostHelper.UploadFailedSarifResult> {
const config = {
const config = createTestConfig({
analysisKinds,
codeQLCmd: "codeql",
debugMode: true,
languages: [],
packs: [],
} as unknown as configUtils.Config;
});
if (databaseExists) {
config.dbLocation = "path/to/database";
}
src/init-action-post-helper.ts
+10 -1
View File
@@ -7,7 +7,7 @@ import * as actionsUtil from "./actions-util";
import { CodeScanning } from "./analyses";
import { getApiClient } from "./api-client";
import { CodeQL, getCodeQL } from "./codeql";
import { Config } from "./config-utils";
import { Config, isCodeScanningEnabled } from "./config-utils";
import * as dependencyCaching from "./dependency-caching";
import { EnvVar } from "./environment";
import { Feature, FeatureEnablement } from "./feature-flags";
@@ -139,6 +139,15 @@ export async function tryUploadSarifIfRunFailed(
EnvVar.JOB_STATUS,
process.env[EnvVar.JOB_STATUS] ?? JobStatus.ConfigErrorStatus,
);
// If the only enabled analysis kind is `code-quality`, then we shouldn't
// upload the failed SARIF to Code Scanning.
if (!isCodeScanningEnabled(config)) {
return {
upload_failed_run_skipped_because: "Code Scanning is not enabled.",
};
}
try {
return await maybeUploadFailedSarif(
config,
src/init-action.ts
+51 -30
View File
@@ -15,6 +15,7 @@ import {
getTemporaryDirectory,
persistInputs,
} from "./actions-util";
import { AnalysisKind, getAnalysisKinds } from "./analyses";
import { getGitHubVersion } from "./api-client";
import {
getDependencyCachingEnabled,
@@ -56,6 +57,7 @@ import { ToolsSource } from "./setup-codeql";
import {
ActionName,
InitStatusReport,
InitToolsDownloadFields,
InitWithConfigStatusReport,
createInitWithConfigStatusReport,
createStatusReportBase,
@@ -86,14 +88,29 @@ import {
} from "./util";
import { validateWorkflow } from "./workflow";
/** Fields of the init status report populated when the tools source is `download`. */
interface InitToolsDownloadFields {
/** Time taken to download the bundle, in milliseconds. */
tools_download_duration_ms?: number;
/**
* Whether the relevant tools dotcom feature flags have been misconfigured.
* Only populated if we attempt to determine the default version based on the dotcom feature flags. */
tools_feature_flags_valid?: boolean;
/**
* Sends a status report indicating that the `init` Action is starting.
*
* @param startedAt
* @param config
* @param logger
*/
async function sendStartingStatusReport(
startedAt: Date,
config: Partial<configUtils.Config> | undefined,
logger: Logger,
) {
const statusReportBase = await createStatusReportBase(
ActionName.Init,
"starting",
startedAt,
config,
await checkDiskUsage(logger),
logger,
);
if (statusReportBase !== undefined) {
await sendStatusReport(statusReportBase);
}
}
async function sendCompletedStatusReport(
@@ -210,6 +227,7 @@ async function run() {
? await loadPropertiesFromApi(gitHubVersion, logger, repositoryNwo)
: {};
// Create a unique identifier for this run.
const jobRunUuid = uuidV4();
logger.info(`Job run UUID is ${jobRunUuid}.`);
core.exportVariable(EnvVar.JOB_RUN_UUID, jobRunUuid);
@@ -227,17 +245,30 @@ async function run() {
);
try {
const statusReportBase = await createStatusReportBase(
ActionName.Init,
"starting",
startedAt,
config,
await checkDiskUsage(logger),
logger,
);
if (statusReportBase !== undefined) {
await sendStatusReport(statusReportBase);
// Parsing the `analysis-kinds` input may throw a `ConfigurationError`, which we don't want before
// we have called `sendStartingStatusReport` below. However, we want the analysis kinds for that status
// report. To work around this, we ignore exceptions that are thrown here and then call `getAnalysisKinds`
// a second time later. The second call will then throw the exception again. If `getAnalysisKinds` is
// successful, the results are cached so that we don't duplicate the work in normal runs.
let analysisKinds: AnalysisKind[] | undefined;
try {
analysisKinds = await getAnalysisKinds(logger);
} catch (err) {
logger.debug(
`Failed to parse analysis kinds for 'starting' status report: ${getErrorMessage(err)}`,
);
}
// Send a status report indicating that an analysis is starting.
await sendStartingStatusReport(startedAt, { analysisKinds }, logger);
// Throw a `ConfigurationError` if the `setup-codeql` action has been run.
if (process.env[EnvVar.SETUP_CODEQL_ACTION_HAS_RUN] === "true") {
throw new ConfigurationError(
`The 'init' action should not be run in the same workflow as 'setup-codeql'.`,
);
}
const codeQLDefaultVersionInfo = await features.getDefaultCliVersion(
gitHubVersion.type,
);
@@ -293,21 +324,11 @@ async function run() {
}
}
// Warn that `quality-queries` is deprecated if there is an argument for it.
const qualityQueriesInput = getOptionalInput("quality-queries");
if (qualityQueriesInput !== undefined) {
logger.warning(
"The `quality-queries` input is deprecated and will be removed in a future version of the CodeQL Action. " +
"Use the `analysis-kinds` input to configure different analysis kinds instead.",
);
}
analysisKinds = await getAnalysisKinds(logger);
config = await initConfig({
analysisKindsInput: getRequiredInput("analysis-kinds"),
analysisKinds,
languagesInput: getOptionalInput("languages"),
queriesInput: getOptionalInput("queries"),
qualityQueriesInput,
packsInput: getOptionalInput("packs"),
buildModeInput: getOptionalInput("build-mode"),
configFile,
src/setup-codeql-action.ts
+196
View File
@@ -0,0 +1,196 @@
import * as core from "@actions/core";
import { v4 as uuidV4 } from "uuid";
import {
getActionVersion,
getOptionalInput,
getRequiredInput,
getTemporaryDirectory,
} from "./actions-util";
import { getGitHubVersion } from "./api-client";
import { CodeQL } from "./codeql";
import { EnvVar } from "./environment";
import { Features } from "./feature-flags";
import { initCodeQL } from "./init";
import { getActionsLogger, Logger } from "./logging";
import { getRepositoryNwo } from "./repository";
import { ToolsSource } from "./setup-codeql";
import {
ActionName,
InitStatusReport,
InitToolsDownloadFields,
createStatusReportBase,
getActionsStatus,
sendStatusReport,
} from "./status-report";
import { ToolsDownloadStatusReport } from "./tools-download";
import {
checkDiskUsage,
checkForTimeout,
checkGitHubVersionInRange,
getRequiredEnvParam,
initializeEnvironment,
ConfigurationError,
wrapError,
checkActionVersion,
getErrorMessage,
} from "./util";
/**
* Helper function to send a full status report for this action.
*/
async function sendCompletedStatusReport(
startedAt: Date,
toolsDownloadStatusReport: ToolsDownloadStatusReport | undefined,
toolsFeatureFlagsValid: boolean | undefined,
toolsSource: ToolsSource,
toolsVersion: string,
logger: Logger,
error?: Error,
): Promise<void> {
const statusReportBase = await createStatusReportBase(
ActionName.SetupCodeQL,
getActionsStatus(error),
startedAt,
undefined,
await checkDiskUsage(logger),
logger,
error?.message,
error?.stack,
);
if (statusReportBase === undefined) {
return;
}
const initStatusReport: InitStatusReport = {
...statusReportBase,
tools_input: getOptionalInput("tools") || "",
tools_resolved_version: toolsVersion,
tools_source: toolsSource || ToolsSource.Unknown,
workflow_languages: "",
};
const initToolsDownloadFields: InitToolsDownloadFields = {};
if (toolsDownloadStatusReport?.downloadDurationMs !== undefined) {
initToolsDownloadFields.tools_download_duration_ms =
toolsDownloadStatusReport.downloadDurationMs;
}
if (toolsFeatureFlagsValid !== undefined) {
initToolsDownloadFields.tools_feature_flags_valid = toolsFeatureFlagsValid;
}
await sendStatusReport({ ...initStatusReport, ...initToolsDownloadFields });
}
/** The main behaviour of this action. */
async function run(): Promise<void> {
const startedAt = new Date();
const logger = getActionsLogger();
initializeEnvironment(getActionVersion());
let codeql: CodeQL;
let toolsDownloadStatusReport: ToolsDownloadStatusReport | undefined;
let toolsFeatureFlagsValid: boolean | undefined;
let toolsSource: ToolsSource;
let toolsVersion: string;
const apiDetails = {
auth: getRequiredInput("token"),
externalRepoAuth: getOptionalInput("external-repository-token"),
url: getRequiredEnvParam("GITHUB_SERVER_URL"),
apiURL: getRequiredEnvParam("GITHUB_API_URL"),
};
const gitHubVersion = await getGitHubVersion();
checkGitHubVersionInRange(gitHubVersion, logger);
checkActionVersion(getActionVersion(), gitHubVersion);
const repositoryNwo = getRepositoryNwo();
const features = new Features(
gitHubVersion,
repositoryNwo,
getTemporaryDirectory(),
logger,
);
const jobRunUuid = uuidV4();
logger.info(`Job run UUID is ${jobRunUuid}.`);
core.exportVariable(EnvVar.JOB_RUN_UUID, jobRunUuid);
try {
const statusReportBase = await createStatusReportBase(
ActionName.SetupCodeQL,
"starting",
startedAt,
undefined,
await checkDiskUsage(logger),
logger,
);
if (statusReportBase !== undefined) {
await sendStatusReport(statusReportBase);
}
const codeQLDefaultVersionInfo = await features.getDefaultCliVersion(
gitHubVersion.type,
);
toolsFeatureFlagsValid = codeQLDefaultVersionInfo.toolsFeatureFlagsValid;
const initCodeQLResult = await initCodeQL(
getOptionalInput("tools"),
apiDetails,
getTemporaryDirectory(),
gitHubVersion.type,
codeQLDefaultVersionInfo,
features,
logger,
);
codeql = initCodeQLResult.codeql;
toolsDownloadStatusReport = initCodeQLResult.toolsDownloadStatusReport;
toolsVersion = initCodeQLResult.toolsVersion;
toolsSource = initCodeQLResult.toolsSource;
core.setOutput("codeql-path", codeql.getPath());
core.setOutput("codeql-version", (await codeql.getVersion()).version);
core.exportVariable(EnvVar.SETUP_CODEQL_ACTION_HAS_RUN, "true");
} catch (unwrappedError) {
const error = wrapError(unwrappedError);
core.setFailed(error.message);
const statusReportBase = await createStatusReportBase(
ActionName.SetupCodeQL,
error instanceof ConfigurationError ? "user-error" : "failure",
startedAt,
undefined,
await checkDiskUsage(logger),
logger,
error.message,
error.stack,
);
if (statusReportBase !== undefined) {
await sendStatusReport(statusReportBase);
}
return;
}
await sendCompletedStatusReport(
startedAt,
toolsDownloadStatusReport,
toolsFeatureFlagsValid,
toolsSource,
toolsVersion,
logger,
);
}
/** Run the action and catch any unhandled errors. */
async function runWrapper(): Promise<void> {
try {
await run();
} catch (error) {
core.setFailed(`setup-codeql action failed: ${getErrorMessage(error)}`);
}
await checkForTimeout();
}
void runWrapper();
src/status-report.ts
+11
View File
@@ -41,6 +41,7 @@ export enum ActionName {
Init = "init",
InitPost = "init-post",
ResolveEnvironment = "resolve-environment",
SetupCodeQL = "setup-codeql",
StartProxy = "start-proxy",
UploadSarif = "upload-sarif",
}
@@ -516,6 +517,16 @@ export interface InitWithConfigStatusReport extends InitStatusReport {
config_file: string;
}
/** Fields of the init status report populated when the tools source is `download`. */
export interface InitToolsDownloadFields {
/** Time taken to download the bundle, in milliseconds. */
tools_download_duration_ms?: number;
/**
* Whether the relevant tools dotcom feature flags have been misconfigured.
* Only populated if we attempt to determine the default version based on the dotcom feature flags. */
tools_feature_flags_valid?: boolean;
}
/**
* Composes a `InitWithConfigStatusReport` from the given values.
*