From d1442de855d6664c3386353d263a5b7fefddc03f Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Tue, 28 Oct 2025 12:19:41 +0000 Subject: [PATCH] Disable SIP disablement check --- lib/analyze-action.js | 31 ------------------------------- lib/autobuild-action.js | 31 ------------------------------- lib/init-action-post.js | 31 ------------------------------- lib/init-action.js | 31 ------------------------------- lib/resolve-environment-action.js | 31 ------------------------------- lib/setup-codeql-action.js | 31 ------------------------------- lib/start-proxy-action.js | 31 ------------------------------- lib/upload-sarif-action.js | 31 ------------------------------- src/util.ts | 9 --------- 9 files changed, 257 deletions(-) diff --git a/lib/analyze-action.js b/lib/analyze-action.js index d3148efde..5cc6c914e 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -89881,9 +89881,6 @@ function getErrorMessage(error2) { } async function checkDiskUsage(logger) { try { - if (process.platform === "darwin" && (process.arch === "arm" || process.arch === "arm64") && !await checkSipEnablement(logger)) { - return void 0; - } const diskUsage = await checkDiskSpace( getRequiredEnvParam("GITHUB_WORKSPACE") ); @@ -89934,34 +89931,6 @@ function satisfiesGHESVersion(ghesVersion, range, defaultIfInvalid) { function cloneObject(obj) { return JSON.parse(JSON.stringify(obj)); } -async function checkSipEnablement(logger) { - if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { - return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; - } - try { - const sipStatusOutput = await exec.getExecOutput("csrutil status"); - if (sipStatusOutput.exitCode === 0) { - if (sipStatusOutput.stdout.includes( - "System Integrity Protection status: enabled." - )) { - core3.exportVariable("CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */, "true"); - return true; - } - if (sipStatusOutput.stdout.includes( - "System Integrity Protection status: disabled." - )) { - core3.exportVariable("CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */, "false"); - return false; - } - } - return void 0; - } catch (e) { - logger.warning( - `Failed to determine if System Integrity Protection was enabled: ${e}` - ); - return void 0; - } -} async function cleanUpGlob(glob2, name, logger) { logger.debug(`Cleaning up ${name}.`); try { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 2a925939e..ec511aa08 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -79039,9 +79039,6 @@ function getErrorMessage(error2) { } async function checkDiskUsage(logger) { try { - if (process.platform === "darwin" && (process.arch === "arm" || process.arch === "arm64") && !await checkSipEnablement(logger)) { - return void 0; - } const diskUsage = await checkDiskSpace( getRequiredEnvParam("GITHUB_WORKSPACE") ); @@ -79084,34 +79081,6 @@ function checkActionVersion(version, githubVersion) { function cloneObject(obj) { return JSON.parse(JSON.stringify(obj)); } -async function checkSipEnablement(logger) { - if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { - return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; - } - try { - const sipStatusOutput = await exec.getExecOutput("csrutil status"); - if (sipStatusOutput.exitCode === 0) { - if (sipStatusOutput.stdout.includes( - "System Integrity Protection status: enabled." - )) { - core3.exportVariable("CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */, "true"); - return true; - } - if (sipStatusOutput.stdout.includes( - "System Integrity Protection status: disabled." - )) { - core3.exportVariable("CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */, "false"); - return false; - } - } - return void 0; - } catch (e) { - logger.warning( - `Failed to determine if System Integrity Protection was enabled: ${e}` - ); - return void 0; - } -} async function asyncFilter(array, predicate) { const results = await Promise.all(array.map(predicate)); return array.filter((_, index) => results[index]); diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 0ed7b0dd6..7bc1e5a02 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -128157,9 +128157,6 @@ function getErrorMessage(error2) { } async function checkDiskUsage(logger) { try { - if (process.platform === "darwin" && (process.arch === "arm" || process.arch === "arm64") && !await checkSipEnablement(logger)) { - return void 0; - } const diskUsage = await checkDiskSpace( getRequiredEnvParam("GITHUB_WORKSPACE") ); @@ -128196,34 +128193,6 @@ function satisfiesGHESVersion(ghesVersion, range, defaultIfInvalid) { function cloneObject(obj) { return JSON.parse(JSON.stringify(obj)); } -async function checkSipEnablement(logger) { - if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { - return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; - } - try { - const sipStatusOutput = await exec.getExecOutput("csrutil status"); - if (sipStatusOutput.exitCode === 0) { - if (sipStatusOutput.stdout.includes( - "System Integrity Protection status: enabled." - )) { - core3.exportVariable("CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */, "true"); - return true; - } - if (sipStatusOutput.stdout.includes( - "System Integrity Protection status: disabled." - )) { - core3.exportVariable("CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */, "false"); - return false; - } - } - return void 0; - } catch (e) { - logger.warning( - `Failed to determine if System Integrity Protection was enabled: ${e}` - ); - return void 0; - } -} async function cleanUpGlob(glob2, name, logger) { logger.debug(`Cleaning up ${name}.`); try { diff --git a/lib/init-action.js b/lib/init-action.js index f82412930..56d25a018 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -87196,9 +87196,6 @@ function prettyPrintPack(pack) { } async function checkDiskUsage(logger) { try { - if (process.platform === "darwin" && (process.arch === "arm" || process.arch === "arm64") && !await checkSipEnablement(logger)) { - return void 0; - } const diskUsage = await checkDiskSpace( getRequiredEnvParam("GITHUB_WORKSPACE") ); @@ -87255,34 +87252,6 @@ var BuildMode = /* @__PURE__ */ ((BuildMode3) => { function cloneObject(obj) { return JSON.parse(JSON.stringify(obj)); } -async function checkSipEnablement(logger) { - if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { - return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; - } - try { - const sipStatusOutput = await exec.getExecOutput("csrutil status"); - if (sipStatusOutput.exitCode === 0) { - if (sipStatusOutput.stdout.includes( - "System Integrity Protection status: enabled." - )) { - core3.exportVariable("CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */, "true"); - return true; - } - if (sipStatusOutput.stdout.includes( - "System Integrity Protection status: disabled." - )) { - core3.exportVariable("CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */, "false"); - return false; - } - } - return void 0; - } catch (e) { - logger.warning( - `Failed to determine if System Integrity Protection was enabled: ${e}` - ); - return void 0; - } -} async function cleanUpGlob(glob2, name, logger) { logger.debug(`Cleaning up ${name}.`); try { diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 884f16ced..5f07d4703 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -79051,9 +79051,6 @@ function getErrorMessage(error2) { } async function checkDiskUsage(logger) { try { - if (process.platform === "darwin" && (process.arch === "arm" || process.arch === "arm64") && !await checkSipEnablement(logger)) { - return void 0; - } const diskUsage = await checkDiskSpace( getRequiredEnvParam("GITHUB_WORKSPACE") ); @@ -79096,34 +79093,6 @@ function checkActionVersion(version, githubVersion) { function cloneObject(obj) { return JSON.parse(JSON.stringify(obj)); } -async function checkSipEnablement(logger) { - if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { - return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; - } - try { - const sipStatusOutput = await exec.getExecOutput("csrutil status"); - if (sipStatusOutput.exitCode === 0) { - if (sipStatusOutput.stdout.includes( - "System Integrity Protection status: enabled." - )) { - core3.exportVariable("CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */, "true"); - return true; - } - if (sipStatusOutput.stdout.includes( - "System Integrity Protection status: disabled." - )) { - core3.exportVariable("CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */, "false"); - return false; - } - } - return void 0; - } catch (e) { - logger.warning( - `Failed to determine if System Integrity Protection was enabled: ${e}` - ); - return void 0; - } -} async function asyncSome(array, predicate) { const results = await Promise.all(array.map(predicate)); return results.some((result) => result); diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 37e3f6121..ef7a3a50a 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -85706,9 +85706,6 @@ function getErrorMessage(error2) { } async function checkDiskUsage(logger) { try { - if (process.platform === "darwin" && (process.arch === "arm" || process.arch === "arm64") && !await checkSipEnablement(logger)) { - return void 0; - } const diskUsage = await checkDiskSpace( getRequiredEnvParam("GITHUB_WORKSPACE") ); @@ -85751,34 +85748,6 @@ function checkActionVersion(version, githubVersion) { function cloneObject(obj) { return JSON.parse(JSON.stringify(obj)); } -async function checkSipEnablement(logger) { - if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { - return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; - } - try { - const sipStatusOutput = await exec.getExecOutput("csrutil status"); - if (sipStatusOutput.exitCode === 0) { - if (sipStatusOutput.stdout.includes( - "System Integrity Protection status: enabled." - )) { - core3.exportVariable("CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */, "true"); - return true; - } - if (sipStatusOutput.stdout.includes( - "System Integrity Protection status: disabled." - )) { - core3.exportVariable("CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */, "false"); - return false; - } - } - return void 0; - } catch (e) { - logger.warning( - `Failed to determine if System Integrity Protection was enabled: ${e}` - ); - return void 0; - } -} async function cleanUpGlob(glob, name, logger) { logger.debug(`Cleaning up ${name}.`); try { diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index 82011798b..414d03542 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -96145,9 +96145,6 @@ function getErrorMessage(error2) { } async function checkDiskUsage(logger) { try { - if (process.platform === "darwin" && (process.arch === "arm" || process.arch === "arm64") && !await checkSipEnablement(logger)) { - return void 0; - } const diskUsage = await checkDiskSpace( getRequiredEnvParam("GITHUB_WORKSPACE") ); @@ -96173,34 +96170,6 @@ async function checkDiskUsage(logger) { return void 0; } } -async function checkSipEnablement(logger) { - if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { - return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; - } - try { - const sipStatusOutput = await exec.getExecOutput("csrutil status"); - if (sipStatusOutput.exitCode === 0) { - if (sipStatusOutput.stdout.includes( - "System Integrity Protection status: enabled." - )) { - core3.exportVariable("CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */, "true"); - return true; - } - if (sipStatusOutput.stdout.includes( - "System Integrity Protection status: disabled." - )) { - core3.exportVariable("CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */, "false"); - return false; - } - } - return void 0; - } catch (e) { - logger.warning( - `Failed to determine if System Integrity Protection was enabled: ${e}` - ); - return void 0; - } -} function isDefined(value) { return value !== void 0 && value !== null; } diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index d49ad89b2..13c98f7df 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -88526,9 +88526,6 @@ function getErrorMessage(error2) { } async function checkDiskUsage(logger) { try { - if (process.platform === "darwin" && (process.arch === "arm" || process.arch === "arm64") && !await checkSipEnablement(logger)) { - return void 0; - } const diskUsage = await checkDiskSpace( getRequiredEnvParam("GITHUB_WORKSPACE") ); @@ -88579,34 +88576,6 @@ function satisfiesGHESVersion(ghesVersion, range, defaultIfInvalid) { function cloneObject(obj) { return JSON.parse(JSON.stringify(obj)); } -async function checkSipEnablement(logger) { - if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { - return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; - } - try { - const sipStatusOutput = await exec.getExecOutput("csrutil status"); - if (sipStatusOutput.exitCode === 0) { - if (sipStatusOutput.stdout.includes( - "System Integrity Protection status: enabled." - )) { - core3.exportVariable("CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */, "true"); - return true; - } - if (sipStatusOutput.stdout.includes( - "System Integrity Protection status: disabled." - )) { - core3.exportVariable("CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */, "false"); - return false; - } - } - return void 0; - } catch (e) { - logger.warning( - `Failed to determine if System Integrity Protection was enabled: ${e}` - ); - return void 0; - } -} async function cleanUpGlob(glob, name, logger) { logger.debug(`Cleaning up ${name}.`); try { diff --git a/src/util.ts b/src/util.ts index 6aa8e7d9a..511465694 100644 --- a/src/util.ts +++ b/src/util.ts @@ -1099,15 +1099,6 @@ export async function checkDiskUsage( logger: Logger, ): Promise { try { - // We avoid running the `df` binary under the hood for macOS ARM runners with SIP disabled. - if ( - process.platform === "darwin" && - (process.arch === "arm" || process.arch === "arm64") && - !(await checkSipEnablement(logger)) - ) { - return undefined; - } - const diskUsage = await checkDiskSpace( getRequiredEnvParam("GITHUB_WORKSPACE"), );