From a512fe0868dad020a7936ebc957e18cb421aaba9 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Fri, 10 Oct 2025 13:49:06 +0100 Subject: [PATCH] Gate `tools: toolcache` behind FF Mainly to allow us to disable it, if needed. --- lib/analyze-action.js | 29 +++++++++++++++++++++-------- lib/init-action-post.js | 29 +++++++++++++++++++++-------- lib/init-action.js | 29 +++++++++++++++++++++-------- lib/upload-lib.js | 29 +++++++++++++++++++++-------- lib/upload-sarif-action.js | 29 +++++++++++++++++++++-------- src/codeql.test.ts | 28 ++++++++++++++++++++++++++++ src/codeql.ts | 3 +++ src/init-action.ts | 1 + src/init.ts | 4 +++- src/setup-codeql.test.ts | 17 +++++++++++++++++ src/setup-codeql.ts | 23 +++++++++++++++++++---- src/upload-lib.ts | 1 + 12 files changed, 177 insertions(+), 45 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index aec886409..c94a9e384 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -92304,7 +92304,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { } return void 0; } -async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, logger) { +async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, features, logger) { if (toolsInput && !isReservedToolsValue(toolsInput) && !toolsInput.startsWith("http")) { logger.info(`Using CodeQL CLI from local path ${toolsInput}`); const compressionMethod2 = inferCompressionMethod(toolsInput); @@ -92343,7 +92343,10 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian } } else if (toolsInput !== void 0 && toolsInput === CODEQL_TOOLCACHE_INPUT) { let latestToolcacheVersion; - const allowToolcacheValue = isDynamicWorkflow() || isInTestMode(); + const allowToolcacheValueFF = await features.getValue( + "allow_toolcache_input" /* AllowToolcacheInput */ + ); + const allowToolcacheValue = allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode()); if (allowToolcacheValue) { logger.info( `Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.` @@ -92359,9 +92362,15 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian `Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...` ); } else { - logger.warning( - `Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.` - ); + if (allowToolcacheValueFF) { + logger.info( + `Ignoring 'tools: ${toolsInput}' because the feature is not enabled.` + ); + } else { + logger.warning( + `Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.` + ); + } } cliVersion2 = defaultCliVersion.cliVersion; tagName = defaultCliVersion.tagName; @@ -92574,7 +92583,7 @@ function getCanonicalToolcacheVersion(cliVersion2, bundleVersion2, logger) { } return cliVersion2; } -async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) { +async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) { if (!await isBinaryAccessible("tar", logger)) { throw new ConfigurationError( "Could not find tar in PATH, so unable to extract CodeQL bundle." @@ -92587,6 +92596,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau apiDetails, variant, zstdAvailability.available, + features, logger ); let codeqlFolder; @@ -92744,7 +92754,7 @@ var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19"; var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; var CODEQL_VERSION_CACHE_CLEANUP = "2.17.1"; -async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, checkVersion) { +async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) { try { const { codeqlFolder, @@ -92758,6 +92768,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV tempDir, variant, defaultCliVersion, + features, logger ); logger.debug( @@ -95409,7 +95420,7 @@ async function addFingerprints(sarif, sourceRoot, logger) { // src/init.ts var toolrunner4 = __toESM(require_toolrunner()); var io6 = __toESM(require_io()); -async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) { +async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) { logger.startGroup("Setup CodeQL tools"); const { codeql, @@ -95423,6 +95434,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe tempDir, variant, defaultCliVersion, + features, logger, true ); @@ -95569,6 +95581,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo tempDir, gitHubVersion.type, codeQLDefaultVersionInfo, + features, logger ); codeQL = initCodeQLResult.codeql; diff --git a/lib/init-action-post.js b/lib/init-action-post.js index ab441ee67..cc3b6a9d2 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -130286,7 +130286,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { } return void 0; } -async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, logger) { +async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, features, logger) { if (toolsInput && !isReservedToolsValue(toolsInput) && !toolsInput.startsWith("http")) { logger.info(`Using CodeQL CLI from local path ${toolsInput}`); const compressionMethod2 = inferCompressionMethod(toolsInput); @@ -130325,7 +130325,10 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian } } else if (toolsInput !== void 0 && toolsInput === CODEQL_TOOLCACHE_INPUT) { let latestToolcacheVersion; - const allowToolcacheValue = isDynamicWorkflow() || isInTestMode(); + const allowToolcacheValueFF = await features.getValue( + "allow_toolcache_input" /* AllowToolcacheInput */ + ); + const allowToolcacheValue = allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode()); if (allowToolcacheValue) { logger.info( `Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.` @@ -130341,9 +130344,15 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian `Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...` ); } else { - logger.warning( - `Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.` - ); + if (allowToolcacheValueFF) { + logger.info( + `Ignoring 'tools: ${toolsInput}' because the feature is not enabled.` + ); + } else { + logger.warning( + `Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.` + ); + } } cliVersion2 = defaultCliVersion.cliVersion; tagName = defaultCliVersion.tagName; @@ -130556,7 +130565,7 @@ function getCanonicalToolcacheVersion(cliVersion2, bundleVersion2, logger) { } return cliVersion2; } -async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) { +async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) { if (!await isBinaryAccessible("tar", logger)) { throw new ConfigurationError( "Could not find tar in PATH, so unable to extract CodeQL bundle." @@ -130569,6 +130578,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau apiDetails, variant, zstdAvailability.available, + features, logger ); let codeqlFolder; @@ -130693,7 +130703,7 @@ var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19"; var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; var CODEQL_VERSION_CACHE_CLEANUP = "2.17.1"; -async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, checkVersion) { +async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) { try { const { codeqlFolder, @@ -130707,6 +130717,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV tempDir, variant, defaultCliVersion, + features, logger ); logger.debug( @@ -132885,7 +132896,7 @@ async function addFingerprints(sarif, sourceRoot, logger) { // src/init.ts var toolrunner4 = __toESM(require_toolrunner()); var io6 = __toESM(require_io()); -async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) { +async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) { logger.startGroup("Setup CodeQL tools"); const { codeql, @@ -132899,6 +132910,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe tempDir, variant, defaultCliVersion, + features, logger, true ); @@ -133045,6 +133057,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo tempDir, gitHubVersion.type, codeQLDefaultVersionInfo, + features, logger ); codeQL = initCodeQLResult.codeql; diff --git a/lib/init-action.js b/lib/init-action.js index 8a1c1455b..c1009d393 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -89082,7 +89082,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { } return void 0; } -async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, logger) { +async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, features, logger) { if (toolsInput && !isReservedToolsValue(toolsInput) && !toolsInput.startsWith("http")) { logger.info(`Using CodeQL CLI from local path ${toolsInput}`); const compressionMethod2 = inferCompressionMethod(toolsInput); @@ -89121,7 +89121,10 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian } } else if (toolsInput !== void 0 && toolsInput === CODEQL_TOOLCACHE_INPUT) { let latestToolcacheVersion; - const allowToolcacheValue = isDynamicWorkflow() || isInTestMode(); + const allowToolcacheValueFF = await features.getValue( + "allow_toolcache_input" /* AllowToolcacheInput */ + ); + const allowToolcacheValue = allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode()); if (allowToolcacheValue) { logger.info( `Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.` @@ -89137,9 +89140,15 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian `Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...` ); } else { - logger.warning( - `Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.` - ); + if (allowToolcacheValueFF) { + logger.info( + `Ignoring 'tools: ${toolsInput}' because the feature is not enabled.` + ); + } else { + logger.warning( + `Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.` + ); + } } cliVersion2 = defaultCliVersion.cliVersion; tagName = defaultCliVersion.tagName; @@ -89352,7 +89361,7 @@ function getCanonicalToolcacheVersion(cliVersion2, bundleVersion2, logger) { } return cliVersion2; } -async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) { +async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) { if (!await isBinaryAccessible("tar", logger)) { throw new ConfigurationError( "Could not find tar in PATH, so unable to extract CodeQL bundle." @@ -89365,6 +89374,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau apiDetails, variant, zstdAvailability.available, + features, logger ); let codeqlFolder; @@ -89511,7 +89521,7 @@ var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19"; var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; var CODEQL_VERSION_CACHE_CLEANUP = "2.17.1"; -async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, checkVersion) { +async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) { try { const { codeqlFolder, @@ -89525,6 +89535,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV tempDir, variant, defaultCliVersion, + features, logger ); logger.debug( @@ -90098,7 +90109,7 @@ async function getJobRunUuidSarifOptions(codeql) { } // src/init.ts -async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) { +async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) { logger.startGroup("Setup CodeQL tools"); const { codeql, @@ -90112,6 +90123,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe tempDir, variant, defaultCliVersion, + features, logger, true ); @@ -90760,6 +90772,7 @@ async function run() { getTemporaryDirectory(), gitHubVersion.type, codeQLDefaultVersionInfo, + features, logger ); codeql = initCodeQLResult.codeql; diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 3a783a2a0..f820544aa 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -90121,7 +90121,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { } return void 0; } -async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, logger) { +async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, features, logger) { if (toolsInput && !isReservedToolsValue(toolsInput) && !toolsInput.startsWith("http")) { logger.info(`Using CodeQL CLI from local path ${toolsInput}`); const compressionMethod2 = inferCompressionMethod(toolsInput); @@ -90160,7 +90160,10 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian } } else if (toolsInput !== void 0 && toolsInput === CODEQL_TOOLCACHE_INPUT) { let latestToolcacheVersion; - const allowToolcacheValue = isDynamicWorkflow() || isInTestMode(); + const allowToolcacheValueFF = await features.getValue( + "allow_toolcache_input" /* AllowToolcacheInput */ + ); + const allowToolcacheValue = allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode()); if (allowToolcacheValue) { logger.info( `Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.` @@ -90176,9 +90179,15 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian `Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...` ); } else { - logger.warning( - `Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.` - ); + if (allowToolcacheValueFF) { + logger.info( + `Ignoring 'tools: ${toolsInput}' because the feature is not enabled.` + ); + } else { + logger.warning( + `Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.` + ); + } } cliVersion2 = defaultCliVersion.cliVersion; tagName = defaultCliVersion.tagName; @@ -90391,7 +90400,7 @@ function getCanonicalToolcacheVersion(cliVersion2, bundleVersion2, logger) { } return cliVersion2; } -async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) { +async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) { if (!await isBinaryAccessible("tar", logger)) { throw new ConfigurationError( "Could not find tar in PATH, so unable to extract CodeQL bundle." @@ -90404,6 +90413,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau apiDetails, variant, zstdAvailability.available, + features, logger ); let codeqlFolder; @@ -90528,7 +90538,7 @@ var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19"; var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; var CODEQL_VERSION_CACHE_CLEANUP = "2.17.1"; -async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, checkVersion) { +async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) { try { const { codeqlFolder, @@ -90542,6 +90552,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV tempDir, variant, defaultCliVersion, + features, logger ); logger.debug( @@ -92245,7 +92256,7 @@ async function addFingerprints(sarif, sourceRoot, logger) { // src/init.ts var toolrunner4 = __toESM(require_toolrunner()); var io5 = __toESM(require_io()); -async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) { +async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) { logger.startGroup("Setup CodeQL tools"); const { codeql, @@ -92259,6 +92270,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe tempDir, variant, defaultCliVersion, + features, logger, true ); @@ -92405,6 +92417,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo tempDir, gitHubVersion.type, codeQLDefaultVersionInfo, + features, logger ); codeQL = initCodeQLResult.codeql; diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 5d0991524..efd8fe7e8 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -90792,7 +90792,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { } return void 0; } -async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, logger) { +async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, features, logger) { if (toolsInput && !isReservedToolsValue(toolsInput) && !toolsInput.startsWith("http")) { logger.info(`Using CodeQL CLI from local path ${toolsInput}`); const compressionMethod2 = inferCompressionMethod(toolsInput); @@ -90831,7 +90831,10 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian } } else if (toolsInput !== void 0 && toolsInput === CODEQL_TOOLCACHE_INPUT) { let latestToolcacheVersion; - const allowToolcacheValue = isDynamicWorkflow() || isInTestMode(); + const allowToolcacheValueFF = await features.getValue( + "allow_toolcache_input" /* AllowToolcacheInput */ + ); + const allowToolcacheValue = allowToolcacheValueFF && (isDynamicWorkflow() || isInTestMode()); if (allowToolcacheValue) { logger.info( `Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.` @@ -90847,9 +90850,15 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian `Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...` ); } else { - logger.warning( - `Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.` - ); + if (allowToolcacheValueFF) { + logger.info( + `Ignoring 'tools: ${toolsInput}' because the feature is not enabled.` + ); + } else { + logger.warning( + `Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.` + ); + } } cliVersion2 = defaultCliVersion.cliVersion; tagName = defaultCliVersion.tagName; @@ -91062,7 +91071,7 @@ function getCanonicalToolcacheVersion(cliVersion2, bundleVersion2, logger) { } return cliVersion2; } -async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) { +async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) { if (!await isBinaryAccessible("tar", logger)) { throw new ConfigurationError( "Could not find tar in PATH, so unable to extract CodeQL bundle." @@ -91075,6 +91084,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau apiDetails, variant, zstdAvailability.available, + features, logger ); let codeqlFolder; @@ -91199,7 +91209,7 @@ var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19"; var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; var CODEQL_VERSION_CACHE_CLEANUP = "2.17.1"; -async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, checkVersion) { +async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) { try { const { codeqlFolder, @@ -91213,6 +91223,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV tempDir, variant, defaultCliVersion, + features, logger ); logger.debug( @@ -92916,7 +92927,7 @@ async function addFingerprints(sarif, sourceRoot, logger) { // src/init.ts var toolrunner4 = __toESM(require_toolrunner()); var io5 = __toESM(require_io()); -async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) { +async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) { logger.startGroup("Setup CodeQL tools"); const { codeql, @@ -92930,6 +92941,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe tempDir, variant, defaultCliVersion, + features, logger, true ); @@ -93076,6 +93088,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo tempDir, gitHubVersion.type, codeQLDefaultVersionInfo, + features, logger ); codeQL = initCodeQLResult.codeql; diff --git a/src/codeql.test.ts b/src/codeql.test.ts index a5422b1e3..24d88069b 100644 --- a/src/codeql.test.ts +++ b/src/codeql.test.ts @@ -74,6 +74,7 @@ async function installIntoToolcache({ cliVersion !== undefined ? { cliVersion, tagName } : SAMPLE_DEFAULT_CLI_VERSION, + createFeatures([]), getRunnerLogger(true), false, ); @@ -122,6 +123,8 @@ async function stubCodeql(): Promise { } test("downloads and caches explicitly requested bundles that aren't in the toolcache", async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -140,6 +143,7 @@ test("downloads and caches explicitly requested bundles that aren't in the toolc tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, getRunnerLogger(true), false, ); @@ -154,6 +158,8 @@ test("downloads and caches explicitly requested bundles that aren't in the toolc }); test("caches semantically versioned bundles using their semantic version number", async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); const url = mockBundleDownloadApi({ @@ -166,6 +172,7 @@ test("caches semantically versioned bundles using their semantic version number" tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, getRunnerLogger(true), false, ); @@ -181,6 +188,8 @@ test("caches semantically versioned bundles using their semantic version number" }); test("downloads an explicitly requested bundle even if a different version is cached", async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -199,6 +208,7 @@ test("downloads an explicitly requested bundle even if a different version is ca tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, getRunnerLogger(true), false, ); @@ -227,6 +237,8 @@ for (const { expectedToolcacheVersion, } of EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES) { test(`caches explicitly requested bundle ${tagName} as ${expectedToolcacheVersion}`, async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -243,6 +255,7 @@ for (const { tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, getRunnerLogger(true), false, ); @@ -266,6 +279,8 @@ for (const toolcacheVersion of [ `uses tools from toolcache when ${SAMPLE_DEFAULT_CLI_VERSION.cliVersion} is requested and ` + `${toolcacheVersion} is installed`, async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -281,6 +296,7 @@ for (const toolcacheVersion of [ tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, getRunnerLogger(true), false, ); @@ -295,6 +311,8 @@ for (const toolcacheVersion of [ } test(`uses a cached bundle when no tools input is given on GHES`, async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -313,6 +331,7 @@ test(`uses a cached bundle when no tools input is given on GHES`, async (t) => { cliVersion: defaults.cliVersion, tagName: defaults.bundleVersion, }, + features, getRunnerLogger(true), false, ); @@ -328,6 +347,8 @@ test(`uses a cached bundle when no tools input is given on GHES`, async (t) => { }); test(`downloads bundle if only an unpinned version is cached on GHES`, async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -349,6 +370,7 @@ test(`downloads bundle if only an unpinned version is cached on GHES`, async (t) cliVersion: defaults.cliVersion, tagName: defaults.bundleVersion, }, + features, getRunnerLogger(true), false, ); @@ -364,6 +386,8 @@ test(`downloads bundle if only an unpinned version is cached on GHES`, async (t) }); test('downloads bundle if "latest" tools specified but not cached', async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -382,6 +406,7 @@ test('downloads bundle if "latest" tools specified but not cached', async (t) => tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, getRunnerLogger(true), false, ); @@ -397,6 +422,8 @@ test('downloads bundle if "latest" tools specified but not cached', async (t) => }); test("bundle URL from another repo is cached as 0.0.0-bundleVersion", async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -417,6 +444,7 @@ test("bundle URL from another repo is cached as 0.0.0-bundleVersion", async (t) tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, getRunnerLogger(true), false, ); diff --git a/src/codeql.ts b/src/codeql.ts index 5241ff247..ccb7be08d 100644 --- a/src/codeql.ts +++ b/src/codeql.ts @@ -309,6 +309,7 @@ const CODEQL_VERSION_CACHE_CLEANUP = "2.17.1"; * @param tempDir * @param variant * @param defaultCliVersion + * @param features Information about the features that are enabled. * @param logger * @param checkVersion Whether to check that CodeQL CLI meets the minimum * version requirement. Must be set to true outside tests. @@ -320,6 +321,7 @@ export async function setupCodeQL( tempDir: string, variant: util.GitHubVariant, defaultCliVersion: CodeQLDefaultVersionInfo, + features: FeatureEnablement, logger: Logger, checkVersion: boolean, ): Promise<{ @@ -342,6 +344,7 @@ export async function setupCodeQL( tempDir, variant, defaultCliVersion, + features, logger, ); diff --git a/src/init-action.ts b/src/init-action.ts index 114ad6cab..0dbe957a7 100644 --- a/src/init-action.ts +++ b/src/init-action.ts @@ -248,6 +248,7 @@ async function run() { getTemporaryDirectory(), gitHubVersion.type, codeQLDefaultVersionInfo, + features, logger, ); codeql = initCodeQLResult.codeql; diff --git a/src/init.ts b/src/init.ts index 687afc122..7ca6a3e39 100644 --- a/src/init.ts +++ b/src/init.ts @@ -9,7 +9,7 @@ import { getOptionalInput, isSelfHostedRunner } from "./actions-util"; import { GitHubApiDetails } from "./api-client"; import { CodeQL, setupCodeQL } from "./codeql"; import * as configUtils from "./config-utils"; -import { CodeQLDefaultVersionInfo } from "./feature-flags"; +import { CodeQLDefaultVersionInfo, FeatureEnablement } from "./feature-flags"; import { KnownLanguage, Language } from "./languages"; import { Logger, withGroupAsync } from "./logging"; import { ToolsSource } from "./setup-codeql"; @@ -23,6 +23,7 @@ export async function initCodeQL( tempDir: string, variant: util.GitHubVariant, defaultCliVersion: CodeQLDefaultVersionInfo, + features: FeatureEnablement, logger: Logger, ): Promise<{ codeql: CodeQL; @@ -44,6 +45,7 @@ export async function initCodeQL( tempDir, variant, defaultCliVersion, + features, logger, true, ); diff --git a/src/setup-codeql.test.ts b/src/setup-codeql.test.ts index 4e65c6edf..561dfb4e5 100644 --- a/src/setup-codeql.test.ts +++ b/src/setup-codeql.test.ts @@ -13,6 +13,7 @@ import { LoggedMessage, SAMPLE_DEFAULT_CLI_VERSION, SAMPLE_DOTCOM_API_DETAILS, + createFeatures, getRecordingLogger, initializeFeatures, mockBundleDownloadApi, @@ -91,6 +92,8 @@ test("getCodeQLActionRepository", (t) => { }); test("getCodeQLSource sets CLI version for a semver tagged bundle", async (t) => { + const features = createFeatures([]); + await withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); const tagName = "codeql-bundle-v1.2.3"; @@ -101,6 +104,7 @@ test("getCodeQLSource sets CLI version for a semver tagged bundle", async (t) => SAMPLE_DOTCOM_API_DETAILS, GitHubVariant.DOTCOM, false, + features, getRunnerLogger(true), ); @@ -110,6 +114,8 @@ test("getCodeQLSource sets CLI version for a semver tagged bundle", async (t) => }); test("getCodeQLSource correctly returns bundled CLI version when tools == linked", async (t) => { + const features = createFeatures([]); + await withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); const source = await setupCodeql.getCodeQLSource( @@ -118,6 +124,7 @@ test("getCodeQLSource correctly returns bundled CLI version when tools == linked SAMPLE_DOTCOM_API_DETAILS, GitHubVariant.DOTCOM, false, + features, getRunnerLogger(true), ); @@ -129,6 +136,7 @@ test("getCodeQLSource correctly returns bundled CLI version when tools == linked test("getCodeQLSource correctly returns bundled CLI version when tools == latest", async (t) => { const loggedMessages: LoggedMessage[] = []; const logger = getRecordingLogger(loggedMessages); + const features = createFeatures([]); await withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -138,6 +146,7 @@ test("getCodeQLSource correctly returns bundled CLI version when tools == latest SAMPLE_DOTCOM_API_DETAILS, GitHubVariant.DOTCOM, false, + features, logger, ); @@ -162,6 +171,7 @@ test("getCodeQLSource correctly returns bundled CLI version when tools == latest test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to use linked tools", async (t) => { const loggedMessages: LoggedMessage[] = []; const logger = getRecordingLogger(loggedMessages); + const features = createFeatures([]); // Stub the downloadCodeQL function to prevent downloading artefacts // during testing from being called. @@ -186,6 +196,7 @@ test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to use "tmp/codeql_action_test/", GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, logger, ); @@ -208,6 +219,7 @@ test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to use test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to download a non-default bundle", async (t) => { const loggedMessages: LoggedMessage[] = []; const logger = getRecordingLogger(loggedMessages); + const features = createFeatures([]); const bundleUrl = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.16.0/codeql-bundle-linux64.tar.gz"; @@ -236,6 +248,7 @@ test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to dow "tmp/codeql_action_test/", GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, logger, ); @@ -258,6 +271,7 @@ test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to dow test("getCodeQLSource correctly returns latest version from toolcache when tools == toolcache", async (t) => { const loggedMessages: LoggedMessage[] = []; const logger = getRecordingLogger(loggedMessages); + const features = createFeatures([Feature.AllowToolcacheInput]); process.env["GITHUB_EVENT_NAME"] = "dynamic"; @@ -280,6 +294,7 @@ test("getCodeQLSource correctly returns latest version from toolcache when tools SAMPLE_DOTCOM_API_DETAILS, GitHubVariant.DOTCOM, false, + features, logger, ); @@ -319,6 +334,7 @@ test("getCodeQLSource correctly returns latest version from toolcache when tools test("getCodeQLSource falls back to downloading the CLI if the toolcache doesn't have a CodeQL CLI when tools == toolcache", async (t) => { const loggedMessages: LoggedMessage[] = []; const logger = getRecordingLogger(loggedMessages); + const features = createFeatures([Feature.AllowToolcacheInput]); process.env["GITHUB_EVENT_NAME"] = "dynamic"; @@ -335,6 +351,7 @@ test("getCodeQLSource falls back to downloading the CLI if the toolcache doesn't SAMPLE_DOTCOM_API_DETAILS, GitHubVariant.DOTCOM, false, + features, logger, ); diff --git a/src/setup-codeql.ts b/src/setup-codeql.ts index e01037223..35b831f56 100644 --- a/src/setup-codeql.ts +++ b/src/setup-codeql.ts @@ -13,6 +13,8 @@ import * as defaults from "./defaults.json"; import { CODEQL_VERSION_ZSTD_BUNDLE, CodeQLDefaultVersionInfo, + Feature, + FeatureEnablement, } from "./feature-flags"; import { Logger } from "./logging"; import * as tar from "./tar"; @@ -276,6 +278,7 @@ export async function getCodeQLSource( apiDetails: api.GitHubApiDetails, variant: util.GitHubVariant, tarSupportsZstd: boolean, + features: FeatureEnablement, logger: Logger, ): Promise { if ( @@ -356,7 +359,11 @@ export async function getCodeQLSource( // We only allow `toolsInput === "toolcache"` for `dynamic` events. In general, using `toolsInput === "toolcache"` // can lead to alert wobble and so it shouldn't be used for an analysis where results are intended to be uploaded. // We also allow this in test mode. - const allowToolcacheValue = isDynamicWorkflow() || util.isInTestMode(); + const allowToolcacheValueFF = await features.getValue( + Feature.AllowToolcacheInput, + ); + const allowToolcacheValue = + allowToolcacheValueFF && (isDynamicWorkflow() || util.isInTestMode()); if (allowToolcacheValue) { // If `toolsInput === "toolcache"`, try to find the latest version of the CLI that's available in the toolcache // and use that. We perform this check here since we can set `cliVersion` directly and don't want to default to @@ -377,9 +384,15 @@ export async function getCodeQLSource( `Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...`, ); } else { - logger.warning( - `Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.`, - ); + if (allowToolcacheValueFF) { + logger.info( + `Ignoring 'tools: ${toolsInput}' because the feature is not enabled.`, + ); + } else { + logger.warning( + `Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.`, + ); + } } cliVersion = defaultCliVersion.cliVersion; @@ -735,6 +748,7 @@ export async function setupCodeQLBundle( tempDir: string, variant: util.GitHubVariant, defaultCliVersion: CodeQLDefaultVersionInfo, + features: FeatureEnablement, logger: Logger, ) { if (!(await util.isBinaryAccessible("tar", logger))) { @@ -750,6 +764,7 @@ export async function setupCodeQLBundle( apiDetails, variant, zstdAvailability.available, + features, logger, ); diff --git a/src/upload-lib.ts b/src/upload-lib.ts index 90f0342de..26ae88f32 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -262,6 +262,7 @@ async function combineSarifFilesUsingCLI( tempDir, gitHubVersion.type, codeQLDefaultVersionInfo, + features, logger, );