Merge remote-tracking branch 'upstream/main' into failed-database-diagnostic

2026-05-07 14:20:19 +00:00 · 2023-03-14 17:55:11 -07:00
parent ed73efb5ca 433fe88bf3
commit c193f610a2
48 changed files with 126 additions and 26 deletions
@@ -88,6 +88,7 @@ jobs:
      run: ./build.sh
    - uses: ./../action/analyze
      with:
+        upload-database: false
        ref: refs/heads/main
        sha: 5e235361806c361d4d3f8859e3c897658025a9a2
    env:
@@ -56,6 +56,8 @@ jobs:
        CORECLR_PROFILER: ''
        CORECLR_PROFILER_PATH_64: ''
    - uses: ./../action/analyze
+      with:
+        upload-database: false
    - name: Check database
      shell: bash
      run: |
@@ -86,6 +86,8 @@ jobs:
      shell: bash
      run: ./build.sh
    - uses: ./../action/analyze
+      with:
+        upload-database: false
    env:
      DOTNET_GENERATE_ASPNET_CERTIFICATE: 'false'
      CODEQL_ACTION_TEST_MODE: true
@@ -71,6 +71,8 @@ jobs:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/autobuild
    - uses: ./../action/analyze
+      with:
+        upload-database: false
    - shell: bash
      run: |
        if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then
@@ -73,6 +73,8 @@ jobs:
      shell: bash
      run: go build main.go
    - uses: ./../action/analyze
+      with:
+        upload-database: false
    - shell: bash
      run: |
        # Once we start running Bash 4.2 in all environments, we can replace the
@@ -70,6 +70,8 @@ jobs:
        languages: go
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/analyze
+      with:
+        upload-database: false
    - shell: bash
      run: |
        cd "$RUNNER_TEMP/codeql_databases"
@@ -54,6 +54,7 @@ jobs:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/analyze
      with:
+        upload-database: false
        skip-queries: true
        upload: false
    - name: Assert database exists
@@ -81,6 +81,8 @@ jobs:

    - uses: ./../action/analyze
      id: analysis
+      with:
+        upload-database: false

    - name: Check language autodetect for all languages excluding Ruby, Swift
      shell: bash
@@ -66,6 +66,7 @@ jobs:
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
+        upload-database: false

    - name: Check results
      uses: ./../action/.github/check-sarif
@@ -66,6 +66,7 @@ jobs:
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
+        upload-database: false

    - name: Check results
      uses: ./../action/.github/check-sarif
@@ -65,6 +65,7 @@ jobs:
    - uses: ./../action/analyze
      with:
        output: ${{ runner.temp }}/results
+        upload-database: false

    - name: Check results
      uses: ./../action/.github/check-sarif
@@ -54,6 +54,8 @@ jobs:
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/analyze
      id: analysis
+      with:
+        upload-database: false
    - name: Check database
      shell: bash
      run: |
@@ -61,6 +61,7 @@ jobs:
      with:
        skip-queries: true
        output: ${{ runner.temp }}/results
+        upload-database: false

    - name: Assert No Results
      shell: bash
@@ -57,6 +57,8 @@ jobs:
      timeout-minutes: 10
    - uses: ./../action/analyze
      id: analysis
+      with:
+        upload-database: false
    - name: Check database
      shell: bash
      run: |
@@ -64,6 +64,8 @@ jobs:
      run: ./build.sh
    - uses: ./../action/analyze
      id: analysis
+      with:
+        upload-database: false
    - name: Check database
      shell: bash
      run: |
@@ -53,6 +53,8 @@ jobs:
      with:
        working-directory: autobuild-dir
    - uses: ./../action/analyze
+      with:
+        upload-database: false
    - name: Check database
      shell: bash
      run: |
@@ -51,5 +51,7 @@ jobs:
      shell: bash
      run: ./build.sh
    - uses: ./../action/analyze
+      with:
+        upload-database: false
    env:
      CODEQL_ACTION_TEST_MODE: true
@@ -43,6 +43,8 @@ jobs:
        languages: javascript
        tools: ${{ steps.prepare-test.outputs.tools-url }}
    - uses: ./../action/analyze
+      with:
+        upload-database: false
    env:
      https_proxy: http://squid-proxy:3128
      CODEQL_ACTION_TEST_MODE: true
@@ -65,6 +65,8 @@ jobs:
        ./build.sh
    - uses: ./../action/analyze
      id: analysis
+      with:
+        upload-database: false
    - shell: bash
      run: |
        CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}"
@@ -88,6 +88,7 @@ jobs:
      run: ./build.sh
    - uses: ./../action/analyze
      with:
+        upload-database: false
        ref: refs/heads/main
        sha: 5e235361806c361d4d3f8859e3c897658025a9a2
        upload: false
@@ -104,6 +104,7 @@ jobs:
        ref: v1.1.0
        sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
        upload: false
+        upload-database: false

    - uses: ./../action/upload-sarif
      with:
@@ -23,7 +23,7 @@ var __importStar = (this && this.__importStar) || function (mod) {
    return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
+exports.getExtraOptions = exports.getCodeQLForCmd = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.setupCodeQL = exports.CODEQL_VERSION_INIT_WITH_QLCONFIG = exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = exports.CODEQL_VERSION_ML_POWERED_QUERIES_WINDOWS = exports.CODEQL_VERSION_TRACING_GLIBC_2_34 = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_GHES_PACK_DOWNLOAD = exports.CommandInvocationError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
@@ -100,11 +100,6 @@ exports.CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = "2.10.3";
 * Versions 2.11.1+ of the CodeQL Bundle include a `security-experimental` built-in query suite for each language.
 */
 exports.CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";
-/**
- * Versions 2.12.3+ of the CodeQL CLI support exporting information in the code scanning
- * configuration file to SARIF.
- */
-exports.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = "2.12.3";
 /**
 * Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`.
 */
@@ -28,7 +28,6 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const semver = __importStar(require("semver"));
 const api_client_1 = require("./api-client");
-const codeql_1 = require("./codeql");
 const defaults = __importStar(require("./defaults.json"));
 const util = __importStar(require("./util"));
 const DEFAULT_VERSION_FEATURE_FLAG_PREFIX = "default_codeql_version_";
@@ -55,7 +54,7 @@ exports.featureConfig = {
    },
    [Feature.ExportCodeScanningConfigEnabled]: {
        envVar: "CODEQL_ACTION_EXPORT_CODE_SCANNING_CONFIG",
-        minimumVersion: codeql_1.CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG,
+        minimumVersion: "2.12.3",
        defaultValue: false,
    },
    [Feature.ExportDiagnosticsEnabled]: {
@@ -82,6 +81,7 @@ exports.FEATURE_FLAGS_FILE_NAME = "cached-feature-flags.json";
 */
 class Features {
    constructor(gitHubVersion, repositoryNwo, tempDir, logger) {
+        this.logger = logger;
        this.gitHubFeatureFlags = new GitHubFeatureFlags(gitHubVersion, repositoryNwo, path.join(tempDir, exports.FEATURE_FLAGS_FILE_NAME), logger);
    }
    async getDefaultCliVersion(variant) {
@@ -106,22 +106,36 @@ class Features {
        const envVar = (process.env[exports.featureConfig[feature].envVar] || "").toLocaleLowerCase();
        // Do not use this feature if user explicitly disables it via an environment variable.
        if (envVar === "false") {
+            this.logger.debug(`Feature ${feature} is disabled via the environment variable ${exports.featureConfig[feature].envVar}.`);
            return false;
        }
        // Never use this feature if the CLI version explicitly can't support it.
        const minimumVersion = exports.featureConfig[feature].minimumVersion;
        if (codeql && minimumVersion) {
            if (!(await util.codeQlVersionAbove(codeql, minimumVersion))) {
+                this.logger.debug(`Feature ${feature} is disabled because the CodeQL CLI version is older than the minimum ` +
+                    `version ${minimumVersion}.`);
                return false;
            }
+            else {
+                this.logger.debug(`CodeQL CLI version ${await codeql.getVersion()} is newer than the minimum ` +
+                    `version ${minimumVersion} for feature ${feature}.`);
+            }
        }
        // Use this feature if user explicitly enables it via an environment variable.
        if (envVar === "true") {
+            this.logger.debug(`Feature ${feature} is enabled via the environment variable ${exports.featureConfig[feature].envVar}.`);
            return true;
        }
        // Ask the GitHub API if the feature is enabled.
-        return ((await this.gitHubFeatureFlags.getValue(feature)) ??
-            exports.featureConfig[feature].defaultValue);
+        const apiValue = await this.gitHubFeatureFlags.getValue(feature);
+        if (apiValue !== undefined) {
+            this.logger.debug(`Feature ${feature} is ${apiValue ? "enabled" : "disabled"} via the GitHub API.`);
+            return apiValue;
+        }
+        const defaultValue = exports.featureConfig[feature].defaultValue;
+        this.logger.debug(`Feature ${feature} is ${defaultValue ? "enabled" : "disabled"} due to its default value.`);
+        return defaultValue;
    }
 }
 exports.Features = Features;
@@ -11,5 +11,6 @@ steps:
    run: ./build.sh
  - uses: ./../action/analyze
    with:
+      upload-database: false
      ref: 'refs/heads/main'
      sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
@@ -16,6 +16,8 @@ steps:
      CORECLR_PROFILER: ""
      CORECLR_PROFILER_PATH_64: ""
  - uses: ./../action/analyze
+    with:
+      upload-database: false
  - name: Check database
    shell: bash
    run: |
@@ -1,6 +1,6 @@
 name: "Go: Custom queries"
 description: "Checks that Go works in conjunction with a config file specifying custom queries"
-env: 
+env:
  DOTNET_GENERATE_ASPNET_CERTIFICATE: "false"
 steps:
  - uses: ./../action/init
@@ -12,3 +12,5 @@ steps:
    shell: bash
    run: ./build.sh
  - uses: ./../action/analyze
+    with:
+      upload-database: false
@@ -10,6 +10,8 @@ steps:
      tools: ${{ steps.prepare-test.outputs.tools-url }}
  - uses: ./../action/autobuild
  - uses: ./../action/analyze
+    with:
+      upload-database: false
  - shell: bash
    run: |
      if [[ "${CODEQL_ACTION_DID_AUTOBUILD_GOLANG}" != true ]]; then
@@ -10,6 +10,8 @@ steps:
    shell: bash
    run: go build main.go
  - uses: ./../action/analyze
+    with:
+      upload-database: false
  - shell: bash
    run: |
      # Once we start running Bash 4.2 in all environments, we can replace the
@@ -9,6 +9,8 @@ steps:
      languages: go
      tools: ${{ steps.prepare-test.outputs.tools-url }}
  - uses: ./../action/analyze
+    with:
+      upload-database: false
  - shell: bash
    run: |
      cd "$RUNNER_TEMP/codeql_databases"
@@ -15,6 +15,7 @@ steps:
      tools: ${{ steps.prepare-test.outputs.tools-url }}
  - uses: ./../action/analyze
    with:
+      upload-database: false
      skip-queries: true
      upload: false
  - name: Assert database exists
@@ -9,7 +9,7 @@ steps:
    with:
      db-location: "${{ runner.temp }}/customDbLocation"
      tools: ${{ steps.prepare-test.outputs.tools-url }}
-  
+
  - uses: ./../action/.github/setup-swift
    with:
      codeql-path: ${{steps.init.outputs.codeql-path}}
@@ -20,6 +20,8 @@ steps:

  - uses: ./../action/analyze
    id: analysis
+    with:
+      upload-database: false

  - name: Check language autodetect for all languages excluding Ruby, Swift
    shell: bash
@@ -18,6 +18,7 @@ steps:
  - uses: ./../action/analyze
    with:
      output: "${{ runner.temp }}/results"
+      upload-database: false

  - name: Check results
    uses: ./../action/.github/check-sarif
@@ -14,6 +14,7 @@ steps:
  - uses: ./../action/analyze
    with:
      output: "${{ runner.temp }}/results"
+      upload-database: false

  - name: Check results
    uses: ./../action/.github/check-sarif
@@ -13,6 +13,7 @@ steps:
  - uses: ./../action/analyze
    with:
      output: "${{ runner.temp }}/results"
+      upload-database: false

  - name: Check results
    uses: ./../action/.github/check-sarif
@@ -9,6 +9,8 @@ steps:
      tools: ${{ steps.prepare-test.outputs.tools-url }}
  - uses: ./../action/analyze
    id: analysis
+    with:
+      upload-database: false
  - name: Check database
    shell: bash
    run: |
@@ -16,6 +16,7 @@ steps:
    with:
      skip-queries: true
      output: "${{ runner.temp }}/results"
+      upload-database: false

  - name: Assert No Results
    shell: bash
@@ -21,6 +21,8 @@ steps:
    timeout-minutes: 10
  - uses: ./../action/analyze
    id: analysis
+    with:
+      upload-database: false
  - name: Check database
    shell: bash
    run: |
@@ -22,6 +22,8 @@ steps:
    run: ./build.sh
  - uses: ./../action/analyze
    id: analysis
+    with:
+      upload-database: false
  - name: Check database
    shell: bash
    run: |
@@ -18,6 +18,8 @@ steps:
    with:
      working-directory: autobuild-dir
  - uses: ./../action/analyze
+    with:
+      upload-database: false
  - name: Check database
    shell: bash
    run: |
@@ -16,3 +16,5 @@ steps:
    shell: bash
    run: ./build.sh
  - uses: ./../action/analyze
+    with:
+      upload-database: false
@@ -18,3 +18,5 @@ steps:
      languages: javascript
      tools: ${{ steps.prepare-test.outputs.tools-url }}
  - uses: ./../action/analyze
+    with:
+      upload-database: false
@@ -13,6 +13,8 @@ steps:
    run: env -i CODEQL_EXTRACTOR_JAVA_AGENT_DISABLE_KOTLIN=true PATH="$PATH" HOME="$HOME" ./build.sh
  - uses: ./../action/analyze
    id: analysis
+    with:
+      upload-database: false
  - shell: bash
    run: |
      CPP_DB="${{ fromJson(steps.analysis.outputs.db-locations).cpp }}"
@@ -11,6 +11,7 @@ steps:
    run: ./build.sh
  - uses: ./../action/analyze
    with:
+      upload-database: false
      ref: 'refs/heads/main'
      sha: '5e235361806c361d4d3f8859e3c897658025a9a2'
      upload: false
@@ -30,6 +30,7 @@ steps:
      ref: v1.1.0
      sha: 474bbf07f9247ffe1856c6a0f94aeeb10e7afee6
      upload: false
+      upload-database: false

  - uses: ./../action/upload-sarif
    with:
@@ -307,12 +307,6 @@ export const CODEQL_VERSION_BETTER_RESOLVE_LANGUAGES = "2.10.3";
 */
 export const CODEQL_VERSION_SECURITY_EXPERIMENTAL_SUITE = "2.12.1";

-/**
- * Versions 2.12.3+ of the CodeQL CLI support exporting information in the code scanning
- * configuration file to SARIF.
- */
-export const CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG = "2.12.3";
-
 /**
 * Versions 2.12.4+ of the CodeQL CLI support the `--qlconfig-file` flag in calls to `database init`.
 */
@@ -4,7 +4,7 @@ import * as path from "path";
 import * as semver from "semver";

 import { getApiClient } from "./api-client";
-import { CodeQL, CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG } from "./codeql";
+import { CodeQL } from "./codeql";
 import * as defaults from "./defaults.json";
 import { Logger } from "./logging";
 import { RepositoryNwo } from "./repository";
@@ -58,7 +58,7 @@ export const featureConfig: Record<
  },
  [Feature.ExportCodeScanningConfigEnabled]: {
    envVar: "CODEQL_ACTION_EXPORT_CODE_SCANNING_CONFIG",
-    minimumVersion: CODEQL_VERSION_EXPORT_CODE_SCANNING_CONFIG,
+    minimumVersion: "2.12.3",
    defaultValue: false,
  },
  [Feature.ExportDiagnosticsEnabled]: {
@@ -101,7 +101,7 @@ export class Features implements FeatureEnablement {
    gitHubVersion: util.GitHubVersion,
    repositoryNwo: RepositoryNwo,
    tempDir: string,
-    logger: Logger
+    private readonly logger: Logger
  ) {
    this.gitHubFeatureFlags = new GitHubFeatureFlags(
      gitHubVersion,
@@ -142,6 +142,9 @@ export class Features implements FeatureEnablement {

    // Do not use this feature if user explicitly disables it via an environment variable.
    if (envVar === "false") {
+      this.logger.debug(
+        `Feature ${feature} is disabled via the environment variable ${featureConfig[feature].envVar}.`
+      );
      return false;
    }

@@ -149,19 +152,45 @@ export class Features implements FeatureEnablement {
    const minimumVersion = featureConfig[feature].minimumVersion;
    if (codeql && minimumVersion) {
      if (!(await util.codeQlVersionAbove(codeql, minimumVersion))) {
+        this.logger.debug(
+          `Feature ${feature} is disabled because the CodeQL CLI version is older than the minimum ` +
+            `version ${minimumVersion}.`
+        );
        return false;
+      } else {
+        this.logger.debug(
+          `CodeQL CLI version ${await codeql.getVersion()} is newer than the minimum ` +
+            `version ${minimumVersion} for feature ${feature}.`
+        );
      }
    }

    // Use this feature if user explicitly enables it via an environment variable.
    if (envVar === "true") {
+      this.logger.debug(
+        `Feature ${feature} is enabled via the environment variable ${featureConfig[feature].envVar}.`
+      );
      return true;
    }
+
    // Ask the GitHub API if the feature is enabled.
-    return (
-      (await this.gitHubFeatureFlags.getValue(feature)) ??
-      featureConfig[feature].defaultValue
+    const apiValue = await this.gitHubFeatureFlags.getValue(feature);
+    if (apiValue !== undefined) {
+      this.logger.debug(
+        `Feature ${feature} is ${
+          apiValue ? "enabled" : "disabled"
+        } via the GitHub API.`
+      );
+      return apiValue;
+    }
+
+    const defaultValue = featureConfig[feature].defaultValue;
+    this.logger.debug(
+      `Feature ${feature} is ${
+        defaultValue ? "enabled" : "disabled"
+      } due to its default value.`
    );
+    return defaultValue;
  }
 }