Merge branch 'main' into henrymercer/stub-actions-vars

src/api-compatibility.json

@@ -1 +1 @@
-{"maximumVersion": "3.20", "minimumVersion": "3.14"}
+{"maximumVersion": "3.21", "minimumVersion": "3.14"}

src/feature-flags.ts

@@ -62,21 +62,29 @@ export enum Feature {
   OverlayAnalysisCodeScanningSwift = "overlay_analysis_code_scanning_swift",
   OverlayAnalysisCpp = "overlay_analysis_cpp",
   OverlayAnalysisCsharp = "overlay_analysis_csharp",
+  /** Controls whether the Actions cache is checked for overlay build outcomes. */
   OverlayAnalysisStatusCheck = "overlay_analysis_status_check",
+  /** Controls whether overlay build failures on are stored in the Actions cache. */
   OverlayAnalysisStatusSave = "overlay_analysis_status_save",
   OverlayAnalysisGo = "overlay_analysis_go",
   OverlayAnalysisJava = "overlay_analysis_java",
   OverlayAnalysisJavascript = "overlay_analysis_javascript",
   OverlayAnalysisPython = "overlay_analysis_python",
+  /**
+   * Controls whether lower disk space requirements are used for overlay hardware checks.
+   * Has no effect if `OverlayAnalysisSkipResourceChecks` is enabled.
+   */
   OverlayAnalysisResourceChecksV2 = "overlay_analysis_resource_checks_v2",
   OverlayAnalysisRuby = "overlay_analysis_ruby",
   OverlayAnalysisRust = "overlay_analysis_rust",
+  /** Controls whether hardware checks are skipped for overlay analysis. */
   OverlayAnalysisSkipResourceChecks = "overlay_analysis_skip_resource_checks",
   OverlayAnalysisSwift = "overlay_analysis_swift",
   PythonDefaultIsToNotExtractStdlib = "python_default_is_to_not_extract_stdlib",
   QaTelemetryEnabled = "qa_telemetry_enabled",
   /** Note that this currently only disables baseline file coverage information. */
   SkipFileCoverageOnPrs = "skip_file_coverage_on_prs",
+  StartProxyRemoveUnusedRegistries = "start_proxy_remove_unused_registries",
   StartProxyUseFeaturesRelease = "start_proxy_use_features_release",
   UploadOverlayDbToApi = "upload_overlay_db_to_api",
   UseRepositoryProperties = "use_repository_properties_v2",
@@ -328,6 +336,11 @@ export const featureConfig = {
     // cannot be found when interpreting results.
     minimumVersion: undefined,
   },
+  [Feature.StartProxyRemoveUnusedRegistries]: {
+    defaultValue: false,
+    envVar: "CODEQL_ACTION_START_PROXY_REMOVE_UNUSED_REGISTRIES",
+    minimumVersion: undefined,
+  },
   [Feature.StartProxyUseFeaturesRelease]: {
     defaultValue: false,
     envVar: "CODEQL_ACTION_START_PROXY_USE_FEATURES_RELEASE",

src/init-action-post-helper.test.ts

@@ -370,6 +370,7 @@ test("saves overlay status when overlay-base analysis did not complete successfu
         attemptedToBuildOverlayBaseDatabase: true,
         builtOverlayBaseDatabase: false,
         job: {
+          checkRunId: undefined,
           workflowRunId: Number(DEFAULT_ACTIONS_VARS.GITHUB_RUN_ID),
           workflowRunAttempt: Number(DEFAULT_ACTIONS_VARS.GITHUB_RUN_ATTEMPT),
           name: DEFAULT_ACTIONS_VARS.GITHUB_JOB,

src/init-action-post-helper.ts

@@ -283,7 +283,7 @@ async function recordOverlayStatus(
       attemptedToBuildOverlayBaseDatabase: true,
       builtOverlayBaseDatabase: false,
     },
-    Number.isNaN(checkRunId) ? undefined : checkRunId,
+    checkRunId !== undefined && checkRunId >= 0 ? checkRunId : undefined,
   );
 
   const diskUsage = await checkDiskUsage(logger);

src/overlay/status.ts

@@ -74,7 +74,7 @@ export function createOverlayStatus(
     workflowRunId: getWorkflowRunID(),
     workflowRunAttempt: getWorkflowRunAttempt(),
     name: getRequiredEnvParam("GITHUB_JOB"),
-    ...(checkRunId !== undefined && { checkRunId }),
+    checkRunId,
   };
   return {
     ...attributes,

src/start-proxy-action.ts

@@ -5,7 +5,7 @@ import * as core from "@actions/core";
 
 import * as actionsUtil from "./actions-util";
 import { getGitHubVersion } from "./api-client";
-import { FeatureEnablement, initFeatures } from "./feature-flags";
+import { Feature, FeatureEnablement, initFeatures } from "./feature-flags";
 import { KnownLanguage } from "./languages";
 import { getActionsLogger, Logger } from "./logging";
 import { getRepositoryNwo } from "./repository";
@@ -58,12 +58,18 @@ async function run(startedAt: Date) {
     const languageInput = actionsUtil.getOptionalInput("language");
     language = languageInput ? parseLanguage(languageInput) : undefined;
 
+    // Query the FF for whether we should use the reduced registry mapping.
+    const skipUnusedRegistries = await features.getValue(
+      Feature.StartProxyRemoveUnusedRegistries,
+    );
+
     // Get the registry configurations from one of the inputs.
     const credentials = getCredentials(
       logger,
       actionsUtil.getOptionalInput("registry_secrets"),
       actionsUtil.getOptionalInput("registries_credentials"),
       language,
+      skipUnusedRegistries,
     );
 
     if (credentials.length === 0) {

src/start-proxy.test.ts

@@ -328,6 +328,32 @@ test("getCredentials logs a warning when a PAT is used without a username", asyn
   ]);
 });
 
+test("getCredentials returns all credentials for Actions when using LANGUAGE_TO_REGISTRY_TYPE", async (t) => {
+  const credentialsInput = toEncodedJSON(mixedCredentials);
+
+  const credentials = startProxyExports.getCredentials(
+    getRunnerLogger(true),
+    undefined,
+    credentialsInput,
+    KnownLanguage.actions,
+    false,
+  );
+  t.is(credentials.length, mixedCredentials.length);
+});
+
+test("getCredentials returns no credentials for Actions when using NEW_LANGUAGE_TO_REGISTRY_TYPE", async (t) => {
+  const credentialsInput = toEncodedJSON(mixedCredentials);
+
+  const credentials = startProxyExports.getCredentials(
+    getRunnerLogger(true),
+    undefined,
+    credentialsInput,
+    KnownLanguage.actions,
+    true,
+  );
+  t.deepEqual(credentials, []);
+});
+
 test("parseLanguage", async (t) => {
   // Exact matches
   t.deepEqual(parseLanguage("csharp"), KnownLanguage.csharp);

src/start-proxy.ts

@@ -224,7 +224,9 @@ function isPAT(value: string) {
   ]);
 }
 
-const LANGUAGE_TO_REGISTRY_TYPE: Partial<Record<KnownLanguage, string[]>> = {
+type RegistryMapping = Partial<Record<KnownLanguage, string[]>>;
+
+const LANGUAGE_TO_REGISTRY_TYPE: RegistryMapping = {
   java: ["maven_repository"],
   csharp: ["nuget_feed"],
   javascript: ["npm_registry"],
@@ -234,6 +236,19 @@ const LANGUAGE_TO_REGISTRY_TYPE: Partial<Record<KnownLanguage, string[]>> = {
   go: ["goproxy_server", "git_source"],
 } as const;
 
+const NEW_LANGUAGE_TO_REGISTRY_TYPE: Required<RegistryMapping> = {
+  actions: [],
+  cpp: [],
+  java: ["maven_repository"],
+  csharp: ["nuget_feed"],
+  javascript: [],
+  python: [],
+  ruby: [],
+  rust: [],
+  swift: [],
+  go: ["goproxy_server", "git_source"],
+} as const;
+
 /**
  * Extracts an `Address` value from the given `Registry` value by determining whether it has
  * a `url` value, or no `url` value but a `host` value.
@@ -267,9 +282,13 @@ export function getCredentials(
   registrySecrets: string | undefined,
   registriesCredentials: string | undefined,
   language: KnownLanguage | undefined,
+  skipUnusedRegistries: boolean = false,
 ): Credential[] {
+  const registryMapping = skipUnusedRegistries
+    ? NEW_LANGUAGE_TO_REGISTRY_TYPE
+    : LANGUAGE_TO_REGISTRY_TYPE;
   const registryTypeForLanguage = language
-    ? LANGUAGE_TO_REGISTRY_TYPE[language]
+    ? registryMapping[language]
     : undefined;
 
   let credentialsStr: string;