github/codeql-action
0
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-04-17 04:23:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve logging around authorization headers

Browse Source
This commit is contained in:
Henry Mercer
2023-01-06 12:28:54 +00:00
parent 5eba74a3c9
commit b2b478264a
3 changed files with 12 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/codeql.ts
View File

@@ -514,14 +514,13 @@ async function downloadCodeQL(
// from the same GitHub instance the Action is running on.
// This avoids leaking Enterprise tokens to dotcom.
// We also don't want to send an authorization header if there's already a token provided in the URL.
if (
codeqlURL.startsWith(`${apiDetails.url}/`) &&
!searchParams.has("token")
) {
logger.debug("Downloading CodeQL bundle with token.");
if (searchParams.has("token")) {
logger.debug("CodeQL tools URL contains an authorization token.");
} else if (codeqlURL.startsWith(`${apiDetails.url}/`)) {
logger.debug("Providing an authorization token to download CodeQL tools.");
headers.authorization = `token ${apiDetails.auth}`;
} else {
logger.debug("Downloading CodeQL bundle without token.");
logger.debug("Downloading CodeQL tools without an authorization token.");
}
logger.info(
`Downloading CodeQL tools from ${codeqlURL}. This may take a while.`