diff --git a/.github/workflows/codescanning-config-cli.yml b/.github/workflows/codescanning-config-cli.yml index bf6d90fbf..0c4829339 100644 --- a/.github/workflows/codescanning-config-cli.yml +++ b/.github/workflows/codescanning-config-cli.yml @@ -11,6 +11,8 @@ env: CODEQL_ACTION_OVERLAY_ANALYSIS: true CODEQL_ACTION_OVERLAY_ANALYSIS_JAVASCRIPT: false CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVASCRIPT: true + CODEQL_ACTION_OVERLAY_ANALYSIS_STATUS_CHECK: false + CODEQL_ACTION_OVERLAY_ANALYSIS_SKIP_RESOURCE_CHECKS: true on: push: diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 7b6ade4b6..6986e029b 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -161100,7 +161100,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.20"; +var maximumVersion = "3.21"; var minimumVersion = "3.14"; // src/util.ts @@ -162227,6 +162227,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/analyze-action.js b/lib/analyze-action.js index d5c9e751c..af669490f 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -107976,6 +107976,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index fbddb3bb2..6df04ea01 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -102992,7 +102992,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.20"; +var maximumVersion = "3.21"; var minimumVersion = "3.14"; // src/util.ts @@ -104276,6 +104276,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/init-action-post.js b/lib/init-action-post.js index e1b1f04e5..67b6f43e8 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -163998,7 +163998,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.20"; +var maximumVersion = "3.21"; var minimumVersion = "3.14"; // src/util.ts @@ -165713,6 +165713,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", @@ -166096,7 +166101,7 @@ function createOverlayStatus(attributes, checkRunId) { workflowRunId: getWorkflowRunID(), workflowRunAttempt: getWorkflowRunAttempt(), name: getRequiredEnvParam("GITHUB_JOB"), - ...checkRunId !== void 0 && { checkRunId } + checkRunId }; return { ...attributes, @@ -170374,7 +170379,7 @@ async function recordOverlayStatus(codeql, config, features, logger) { attemptedToBuildOverlayBaseDatabase: true, builtOverlayBaseDatabase: false }, - Number.isNaN(checkRunId) ? void 0 : checkRunId + checkRunId !== void 0 && checkRunId >= 0 ? checkRunId : void 0 ); const diskUsage = await checkDiskUsage(logger); if (diskUsage === void 0) { diff --git a/lib/init-action.js b/lib/init-action.js index 9b81fc7b8..6b1f265a5 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -103211,7 +103211,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.20"; +var maximumVersion = "3.21"; var minimumVersion = "3.14"; // src/util.ts @@ -105522,6 +105522,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 406b4e3af..19d6f4bc0 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -102992,7 +102992,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.20"; +var maximumVersion = "3.21"; var minimumVersion = "3.14"; // src/util.ts @@ -104267,6 +104267,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/setup-codeql-action.js b/lib/setup-codeql-action.js index 6f01bd64a..24d4fe61b 100644 --- a/lib/setup-codeql-action.js +++ b/lib/setup-codeql-action.js @@ -103048,7 +103048,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.20"; +var maximumVersion = "3.21"; var minimumVersion = "3.14"; // src/util.ts @@ -104164,6 +104164,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 81c6c77c3..cb16ce9fe 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -161097,7 +161097,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.20"; +var maximumVersion = "3.21"; var minimumVersion = "3.14"; // src/util.ts @@ -161633,6 +161633,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index a2b450097..461b36194 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -120956,6 +120956,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", @@ -121748,6 +121753,18 @@ var LANGUAGE_TO_REGISTRY_TYPE = { rust: ["cargo_registry"], go: ["goproxy_server", "git_source"] }; +var NEW_LANGUAGE_TO_REGISTRY_TYPE = { + actions: [], + cpp: [], + java: ["maven_repository"], + csharp: ["nuget_feed"], + javascript: [], + python: [], + ruby: [], + rust: [], + swift: [], + go: ["goproxy_server", "git_source"] +}; function getRegistryAddress(registry) { if (isDefined2(registry.url)) { return { @@ -121765,8 +121782,9 @@ function getRegistryAddress(registry) { ); } } -function getCredentials(logger, registrySecrets, registriesCredentials, language) { - const registryTypeForLanguage = language ? LANGUAGE_TO_REGISTRY_TYPE[language] : void 0; +function getCredentials(logger, registrySecrets, registriesCredentials, language, skipUnusedRegistries = false) { + const registryMapping = skipUnusedRegistries ? NEW_LANGUAGE_TO_REGISTRY_TYPE : LANGUAGE_TO_REGISTRY_TYPE; + const registryTypeForLanguage = language ? registryMapping[language] : void 0; let credentialsStr; if (registriesCredentials !== void 0) { logger.info(`Using registries_credentials input.`); @@ -122263,11 +122281,15 @@ async function run(startedAt) { ); const languageInput = getOptionalInput("language"); language = languageInput ? parseLanguage(languageInput) : void 0; + const skipUnusedRegistries = await features.getValue( + "start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */ + ); const credentials = getCredentials( logger, getOptionalInput("registry_secrets"), getOptionalInput("registries_credentials"), - language + language, + skipUnusedRegistries ); if (credentials.length === 0) { logger.info("No credentials found, skipping proxy setup."); diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 90863e6d7..16ba1a303 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -107423,6 +107423,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 25e3acdb4..87163ccb4 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -161097,7 +161097,7 @@ var safeDump = renamed("safeDump", "dump"); var semver = __toESM(require_semver2()); // src/api-compatibility.json -var maximumVersion = "3.20"; +var maximumVersion = "3.21"; var minimumVersion = "3.14"; // src/util.ts @@ -161795,6 +161795,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index c8c0b19b4..b37c9a6a4 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -107137,6 +107137,11 @@ var featureConfig = { // cannot be found when interpreting results. minimumVersion: void 0 }, + ["start_proxy_remove_unused_registries" /* StartProxyRemoveUnusedRegistries */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: void 0 + }, ["start_proxy_use_features_release" /* StartProxyUseFeaturesRelease */]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/src/api-compatibility.json b/src/api-compatibility.json index b61bbd26d..2e55b9ad7 100644 --- a/src/api-compatibility.json +++ b/src/api-compatibility.json @@ -1 +1 @@ -{"maximumVersion": "3.20", "minimumVersion": "3.14"} +{"maximumVersion": "3.21", "minimumVersion": "3.14"} diff --git a/src/feature-flags.ts b/src/feature-flags.ts index 546d2e0ff..c77bd794f 100644 --- a/src/feature-flags.ts +++ b/src/feature-flags.ts @@ -62,21 +62,29 @@ export enum Feature { OverlayAnalysisCodeScanningSwift = "overlay_analysis_code_scanning_swift", OverlayAnalysisCpp = "overlay_analysis_cpp", OverlayAnalysisCsharp = "overlay_analysis_csharp", + /** Controls whether the Actions cache is checked for overlay build outcomes. */ OverlayAnalysisStatusCheck = "overlay_analysis_status_check", + /** Controls whether overlay build failures on are stored in the Actions cache. */ OverlayAnalysisStatusSave = "overlay_analysis_status_save", OverlayAnalysisGo = "overlay_analysis_go", OverlayAnalysisJava = "overlay_analysis_java", OverlayAnalysisJavascript = "overlay_analysis_javascript", OverlayAnalysisPython = "overlay_analysis_python", + /** + * Controls whether lower disk space requirements are used for overlay hardware checks. + * Has no effect if `OverlayAnalysisSkipResourceChecks` is enabled. + */ OverlayAnalysisResourceChecksV2 = "overlay_analysis_resource_checks_v2", OverlayAnalysisRuby = "overlay_analysis_ruby", OverlayAnalysisRust = "overlay_analysis_rust", + /** Controls whether hardware checks are skipped for overlay analysis. */ OverlayAnalysisSkipResourceChecks = "overlay_analysis_skip_resource_checks", OverlayAnalysisSwift = "overlay_analysis_swift", PythonDefaultIsToNotExtractStdlib = "python_default_is_to_not_extract_stdlib", QaTelemetryEnabled = "qa_telemetry_enabled", /** Note that this currently only disables baseline file coverage information. */ SkipFileCoverageOnPrs = "skip_file_coverage_on_prs", + StartProxyRemoveUnusedRegistries = "start_proxy_remove_unused_registries", StartProxyUseFeaturesRelease = "start_proxy_use_features_release", UploadOverlayDbToApi = "upload_overlay_db_to_api", UseRepositoryProperties = "use_repository_properties_v2", @@ -328,6 +336,11 @@ export const featureConfig = { // cannot be found when interpreting results. minimumVersion: undefined, }, + [Feature.StartProxyRemoveUnusedRegistries]: { + defaultValue: false, + envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES", + minimumVersion: undefined, + }, [Feature.StartProxyUseFeaturesRelease]: { defaultValue: false, envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE", diff --git a/src/init-action-post-helper.test.ts b/src/init-action-post-helper.test.ts index 9e6eadc08..ee18c8fcc 100644 --- a/src/init-action-post-helper.test.ts +++ b/src/init-action-post-helper.test.ts @@ -370,6 +370,7 @@ test("saves overlay status when overlay-base analysis did not complete successfu attemptedToBuildOverlayBaseDatabase: true, builtOverlayBaseDatabase: false, job: { + checkRunId: undefined, workflowRunId: Number(DEFAULT_ACTIONS_VARS.GITHUB_RUN_ID), workflowRunAttempt: Number(DEFAULT_ACTIONS_VARS.GITHUB_RUN_ATTEMPT), name: DEFAULT_ACTIONS_VARS.GITHUB_JOB, diff --git a/src/init-action-post-helper.ts b/src/init-action-post-helper.ts index b1fb968c0..a8f7a8731 100644 --- a/src/init-action-post-helper.ts +++ b/src/init-action-post-helper.ts @@ -283,7 +283,7 @@ async function recordOverlayStatus( attemptedToBuildOverlayBaseDatabase: true, builtOverlayBaseDatabase: false, }, - Number.isNaN(checkRunId) ? undefined : checkRunId, + checkRunId !== undefined && checkRunId >= 0 ? checkRunId : undefined, ); const diskUsage = await checkDiskUsage(logger); diff --git a/src/overlay/status.ts b/src/overlay/status.ts index 73f426059..a57835ed1 100644 --- a/src/overlay/status.ts +++ b/src/overlay/status.ts @@ -74,7 +74,7 @@ export function createOverlayStatus( workflowRunId: getWorkflowRunID(), workflowRunAttempt: getWorkflowRunAttempt(), name: getRequiredEnvParam("GITHUB_JOB"), - ...(checkRunId !== undefined && { checkRunId }), + checkRunId, }; return { ...attributes, diff --git a/src/start-proxy-action.ts b/src/start-proxy-action.ts index 438d565ae..29c76643e 100644 --- a/src/start-proxy-action.ts +++ b/src/start-proxy-action.ts @@ -5,7 +5,7 @@ import * as core from "@actions/core"; import * as actionsUtil from "./actions-util"; import { getGitHubVersion } from "./api-client"; -import { FeatureEnablement, initFeatures } from "./feature-flags"; +import { Feature, FeatureEnablement, initFeatures } from "./feature-flags"; import { KnownLanguage } from "./languages"; import { getActionsLogger, Logger } from "./logging"; import { getRepositoryNwo } from "./repository"; @@ -58,12 +58,18 @@ async function run(startedAt: Date) { const languageInput = actionsUtil.getOptionalInput("language"); language = languageInput ? parseLanguage(languageInput) : undefined; + // Query the FF for whether we should use the reduced registry mapping. + const skipUnusedRegistries = await features.getValue( + Feature.StartProxyRemoveUnusedRegistries, + ); + // Get the registry configurations from one of the inputs. const credentials = getCredentials( logger, actionsUtil.getOptionalInput("registry_secrets"), actionsUtil.getOptionalInput("registries_credentials"), language, + skipUnusedRegistries, ); if (credentials.length === 0) { diff --git a/src/start-proxy.test.ts b/src/start-proxy.test.ts index b1c4926f8..52456fe42 100644 --- a/src/start-proxy.test.ts +++ b/src/start-proxy.test.ts @@ -328,6 +328,32 @@ test("getCredentials logs a warning when a PAT is used without a username", asyn ]); }); +test("getCredentials returns all credentials for Actions when using LANGUAGE_TO_REGISTRY_TYPE", async (t) => { + const credentialsInput = toEncodedJSON(mixedCredentials); + + const credentials = startProxyExports.getCredentials( + getRunnerLogger(true), + undefined, + credentialsInput, + KnownLanguage.actions, + false, + ); + t.is(credentials.length, mixedCredentials.length); +}); + +test("getCredentials returns no credentials for Actions when using NEW_LANGUAGE_TO_REGISTRY_TYPE", async (t) => { + const credentialsInput = toEncodedJSON(mixedCredentials); + + const credentials = startProxyExports.getCredentials( + getRunnerLogger(true), + undefined, + credentialsInput, + KnownLanguage.actions, + true, + ); + t.deepEqual(credentials, []); +}); + test("parseLanguage", async (t) => { // Exact matches t.deepEqual(parseLanguage("csharp"), KnownLanguage.csharp); diff --git a/src/start-proxy.ts b/src/start-proxy.ts index 7ed466a41..60d0afbc6 100644 --- a/src/start-proxy.ts +++ b/src/start-proxy.ts @@ -224,7 +224,9 @@ function isPAT(value: string) { ]); } -const LANGUAGE_TO_REGISTRY_TYPE: Partial> = { +type RegistryMapping = Partial>; + +const LANGUAGE_TO_REGISTRY_TYPE: RegistryMapping = { java: ["maven_repository"], csharp: ["nuget_feed"], javascript: ["npm_registry"], @@ -234,6 +236,19 @@ const LANGUAGE_TO_REGISTRY_TYPE: Partial> = { go: ["goproxy_server", "git_source"], } as const; +const NEW_LANGUAGE_TO_REGISTRY_TYPE: Required = { + actions: [], + cpp: [], + java: ["maven_repository"], + csharp: ["nuget_feed"], + javascript: [], + python: [], + ruby: [], + rust: [], + swift: [], + go: ["goproxy_server", "git_source"], +} as const; + /** * Extracts an `Address` value from the given `Registry` value by determining whether it has * a `url` value, or no `url` value but a `host` value. @@ -267,9 +282,13 @@ export function getCredentials( registrySecrets: string | undefined, registriesCredentials: string | undefined, language: KnownLanguage | undefined, + skipUnusedRegistries: boolean = false, ): Credential[] { + const registryMapping = skipUnusedRegistries + ? NEW_LANGUAGE_TO_REGISTRY_TYPE + : LANGUAGE_TO_REGISTRY_TYPE; const registryTypeForLanguage = language - ? LANGUAGE_TO_REGISTRY_TYPE[language] + ? registryMapping[language] : undefined; let credentialsStr: string;