Merge pull request #159 from github/rename_cli

Rename CLI to CodeQL runner

.github/workflows/pr-checks.yml

@@ -24,6 +24,8 @@ jobs:
           >&2 echo "Failed: Repo should be clean before testing!"
           exit 1
         fi
+        # Wipe the lib directory incase there are extra unnecessary files in there
+        rm -rf lib
         # Generate the JavaScript files
         npm run-script build
         # Check that repo is still clean

.github/workflows/runner.yml

@@ -0,0 +1,26 @@
+name: "CodeQL runner"
+
+on: [push, pull_request]
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Build runner
+      run: |
+        cd runner
+        npm install
+        npm run build-runner
+
+    - name: Upload with runner
+      run: |
+        runner/dist/codeql-runner-linux upload \
+          --sarif-file src/testdata/empty-sarif.sarif \
+          --repository $GITHUB_REPOSITORY \
+          --commit $GITHUB_SHA \
+          --ref $GITHUB_REF \
+          --github-url $GITHUB_API_URL \
+          --github-auth ${{ github.token }}

.gitignore

@@ -0,0 +1,2 @@
+/runner/dist/
+/runner/node_modules/

CONTRIBUTING.md

@@ -49,6 +49,10 @@ Running locally will generate the CodeQL database and run all the queries, but i
 
 As well as the unit tests (see _Common tasks_ above), there are integration tests, defined in `.github/workflows/integration-testing.yml`.  These are run by a CI check.  Depending on the change you’re making, you may want to add a test to this file or extend an existing one.
 
+### Building the CodeQL runner
+
+Navigate to the `runner` directory and run `npm install` to install dependencies needed only for compiling the CodeQL runner. Run `npm run build-runner` to output files to the `runner/dist` directory.
+
 ## Submitting a pull request
 
 1. [Fork][fork] and clone the repository

analyze/action.yml

@@ -19,7 +19,6 @@ inputs:
   threads:
     description: The number of threads to be used by CodeQL.
     required: false
-    default: "1"
   checkout_path:
     description: "The path at which the analyzed repository was checked out. Used to relativeize any absolute paths in the uploaded SARIF file."
     required: false
@@ -30,4 +29,4 @@ inputs:
     default: ${{ toJson(matrix) }}
 runs:
   using: 'node12'
-  main: '../lib/finalize-db.js'
+  main: '../lib/analyze-action.js'

autobuild/action.yml

@@ -8,4 +8,4 @@ inputs:
     default: ${{ toJson(matrix) }}
 runs:
   using: 'node12'
-  main: '../lib/autobuild.js'
+  main: '../lib/autobuild-action.js'

init/action.yml

@@ -16,6 +16,9 @@ inputs:
   config-file:
     description: Path of the config file to use
     required: false
+  queries:
+    description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file
+    required: false
 runs:
   using: 'node12'
-  main: '../lib/setup-tracer.js'
+  main: '../lib/init-action.js'

lib/analysis-paths.test.js

@@ -13,31 +13,42 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const ava_1 = __importDefault(require("ava"));
 const analysisPaths = __importStar(require("./analysis-paths"));
 const testing_utils_1 = require("./testing-utils");
+const util = __importStar(require("./util"));
 testing_utils_1.setupTests(ava_1.default);
 ava_1.default("emptyPaths", async (t) => {
-    const config = {
-        languages: [],
-        queries: {},
-        pathsIgnore: [],
-        paths: [],
-        originalUserInput: {},
-    };
-    analysisPaths.includeAndExcludeAnalysisPaths(config);
-    t.is(process.env['LGTM_INDEX_INCLUDE'], undefined);
-    t.is(process.env['LGTM_INDEX_EXCLUDE'], undefined);
-    t.is(process.env['LGTM_INDEX_FILTERS'], undefined);
+    return await util.withTmpDir(async (tmpDir) => {
+        const config = {
+            languages: [],
+            queries: {},
+            pathsIgnore: [],
+            paths: [],
+            originalUserInput: {},
+            tempDir: tmpDir,
+            toolCacheDir: tmpDir,
+            codeQLCmd: '',
+        };
+        analysisPaths.includeAndExcludeAnalysisPaths(config);
+        t.is(process.env['LGTM_INDEX_INCLUDE'], undefined);
+        t.is(process.env['LGTM_INDEX_EXCLUDE'], undefined);
+        t.is(process.env['LGTM_INDEX_FILTERS'], undefined);
+    });
 });
 ava_1.default("nonEmptyPaths", async (t) => {
-    const config = {
-        languages: [],
-        queries: {},
-        paths: ['path1', 'path2', '**/path3'],
-        pathsIgnore: ['path4', 'path5', 'path6/**'],
-        originalUserInput: {},
-    };
-    analysisPaths.includeAndExcludeAnalysisPaths(config);
-    t.is(process.env['LGTM_INDEX_INCLUDE'], 'path1\npath2');
-    t.is(process.env['LGTM_INDEX_EXCLUDE'], 'path4\npath5');
-    t.is(process.env['LGTM_INDEX_FILTERS'], 'include:path1\ninclude:path2\ninclude:**/path3\nexclude:path4\nexclude:path5\nexclude:path6/**');
+    return await util.withTmpDir(async (tmpDir) => {
+        const config = {
+            languages: [],
+            queries: {},
+            paths: ['path1', 'path2', '**/path3'],
+            pathsIgnore: ['path4', 'path5', 'path6/**'],
+            originalUserInput: {},
+            tempDir: tmpDir,
+            toolCacheDir: tmpDir,
+            codeQLCmd: '',
+        };
+        analysisPaths.includeAndExcludeAnalysisPaths(config);
+        t.is(process.env['LGTM_INDEX_INCLUDE'], 'path1\npath2');
+        t.is(process.env['LGTM_INDEX_EXCLUDE'], 'path4\npath5');
+        t.is(process.env['LGTM_INDEX_FILTERS'], 'include:path1\ninclude:path2\ninclude:**/path3\nexclude:path4\nexclude:path5\nexclude:path6/**');
+    });
 });
 //# sourceMappingURL=analysis-paths.test.js.map

lib/analysis-paths.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,gEAAkD;AAClD,mDAA2C;AAE3C,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,YAAY,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAC3B,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,EAAE;QACb,OAAO,EAAE,EAAE;QACX,WAAW,EAAE,EAAE;QACf,KAAK,EAAE,EAAE;QACT,iBAAiB,EAAE,EAAE;KACtB,CAAC;IACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;IACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,eAAe,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAC9B,MAAM,MAAM,GAAG;QACb,SAAS,EAAE,EAAE;QACb,OAAO,EAAE,EAAE;QACX,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;QACrC,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;QAC3C,iBAAiB,EAAE,EAAE;KACtB,CAAC;IACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;IACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;IACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;IACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,gGAAgG,CAAC,CAAC;AAC5I,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,gEAAkD;AAClD,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,YAAY,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAC3B,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QAC1C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;SACd,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,eAAe,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAC9B,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QAC1C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YACrC,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YAC3C,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;SACd,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,gGAAgG,CAAC,CAAC;IAC5I,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action.js

@@ -12,6 +12,9 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
+const languages_1 = require("./languages");
+const logging_1 = require("./logging");
+const repository_1 = require("./repository");
 const sharedEnv = __importStar(require("./shared-environment"));
 const upload_lib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
@@ -26,43 +29,44 @@ async function sendStatusReport(startedAt, queriesStats, uploadStats, error) {
     };
     await util.sendStatusReport(statusReport);
 }
-async function createdDBForScannedLanguages(databaseFolder, config) {
-    const codeql = codeql_1.getCodeQL();
+async function createdDBForScannedLanguages(config) {
+    const codeql = codeql_1.getCodeQL(config.codeQLCmd);
     for (const language of config.languages) {
-        if (codeql_1.isScannedLanguage(language)) {
+        if (languages_1.isScannedLanguage(language)) {
             core.startGroup('Extracting ' + language);
-            await codeql.extractScannedLanguage(path.join(databaseFolder, language), language);
+            await codeql.extractScannedLanguage(util.getCodeQLDatabasePath(config.tempDir, language), language);
             core.endGroup();
         }
     }
 }
-async function finalizeDatabaseCreation(databaseFolder, config) {
-    await createdDBForScannedLanguages(databaseFolder, config);
-    const codeql = codeql_1.getCodeQL();
+async function finalizeDatabaseCreation(config) {
+    await createdDBForScannedLanguages(config);
+    const codeql = codeql_1.getCodeQL(config.codeQLCmd);
     for (const language of config.languages) {
         core.startGroup('Finalizing ' + language);
-        await codeql.finalizeDatabase(path.join(databaseFolder, language));
+        await codeql.finalizeDatabase(util.getCodeQLDatabasePath(config.tempDir, language));
         core.endGroup();
     }
 }
 // Runs queries and creates sarif files in the given folder
-async function runQueries(databaseFolder, sarifFolder, config) {
-    const codeql = codeql_1.getCodeQL();
-    for (let language of fs.readdirSync(databaseFolder)) {
+async function runQueries(sarifFolder, config) {
+    const codeql = codeql_1.getCodeQL(config.codeQLCmd);
+    for (let language of config.languages) {
         core.startGroup('Analyzing ' + language);
         const queries = config.queries[language] || [];
         if (queries.length === 0) {
             throw new Error('Unable to analyse ' + language + ' as no queries were selected for this language');
         }
         try {
+            const databasePath = util.getCodeQLDatabasePath(config.tempDir, language);
             // Pass the queries to codeql using a file instead of using the command
             // line to avoid command line length restrictions, particularly on windows.
-            const querySuite = path.join(databaseFolder, language + '-queries.qls');
+            const querySuite = databasePath + '-queries.qls';
             const querySuiteContents = queries.map(q => '- query: ' + q).join('\n');
             fs.writeFileSync(querySuite, querySuiteContents);
             core.debug('Query suite file for ' + language + '...\n' + querySuiteContents);
             const sarifFile = path.join(sarifFolder, language + '.sarif');
-            await codeql.databaseAnalyze(path.join(databaseFolder, language), sarifFile, querySuite);
+            await codeql.databaseAnalyze(databasePath, sarifFile, querySuite);
             core.debug('SARIF results for database ' + language + ' created at "' + sarifFile + '"');
             core.endGroup();
         }
@@ -84,18 +88,17 @@ async function run() {
         if (!await util.sendStatusReport(await util.createStatusReportBase('finish', 'starting', startedAt), true)) {
             return;
         }
-        const config = await configUtils.getConfig();
+        const config = await configUtils.getConfig(util.getRequiredEnvParam('RUNNER_TEMP'));
         core.exportVariable(sharedEnv.ODASA_TRACER_CONFIGURATION, '');
         delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
-        const databaseFolder = util.getCodeQLDatabasesDir();
         const sarifFolder = core.getInput('output');
         fs.mkdirSync(sarifFolder, { recursive: true });
         core.info('Finalizing database creation');
-        await finalizeDatabaseCreation(databaseFolder, config);
+        await finalizeDatabaseCreation(config);
         core.info('Analyzing database');
-        queriesStats = await runQueries(databaseFolder, sarifFolder, config);
+        queriesStats = await runQueries(sarifFolder, config);
         if ('true' === core.getInput('upload')) {
-            uploadStats = await upload_lib.upload(sarifFolder);
+            uploadStats = await upload_lib.upload(sarifFolder, repository_1.parseRepositoryNwo(util.getRequiredEnvParam('GITHUB_REPOSITORY')), await util.getCommitOid(), util.getRef(), await util.getAnalysisKey(), util.getRequiredEnvParam('GITHUB_WORKFLOW'), util.getWorkflowRunID(), core.getInput('checkout_path'), core.getInput('matrix'), core.getInput('token'), util.getRequiredEnvParam('GITHUB_API_URL'), 'actions', logging_1.getActionsLogger());
         }
     }
     catch (error) {
@@ -110,4 +113,4 @@ run().catch(e => {
     core.setFailed("analyze action failed: " + e);
     console.log(e);
 });
-//# sourceMappingURL=finalize-db.js.map
+//# sourceMappingURL=analyze-action.js.map

lib/analyze-action.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyze-action.js","sourceRoot":"","sources":["../src/analyze-action.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,uCAAyB;AACzB,2CAA6B;AAE7B,qCAAqC;AACrC,4DAA8C;AAC9C,2CAAgD;AAChD,uCAA6C;AAC7C,6CAAkD;AAClD,gEAAkD;AAClD,yDAA2C;AAC3C,6CAA+B;AAiC/B,KAAK,UAAU,gBAAgB,CAC7B,SAAe,EACf,YAA6C,EAC7C,WAAsD,EACtD,KAAa;;IAEb,MAAM,MAAM,GAAG,OAAA,YAAY,0CAAE,wBAAwB,MAAK,SAAS,IAAI,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IACnH,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,QAAE,KAAK,0CAAE,OAAO,QAAE,KAAK,0CAAE,KAAK,CAAC,CAAC;IACtH,MAAM,YAAY,GAAuB;QACvC,GAAG,gBAAgB;QACnB,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;QACvB,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;KACvB,CAAC;IACF,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAC5C,CAAC;AAED,KAAK,UAAU,4BAA4B,CAAC,MAA0B;IACpE,MAAM,MAAM,GAAG,kBAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC3C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI,6BAAiB,CAAC,QAAQ,CAAC,EAAE;YAC/B,IAAI,CAAC,UAAU,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC;YAC1C,MAAM,MAAM,CAAC,sBAAsB,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,QAAQ,CAAC,CAAC;YACpG,IAAI,CAAC,QAAQ,EAAE,CAAC;SACjB;KACF;AACH,CAAC;AAED,KAAK,UAAU,wBAAwB,CAAC,MAA0B;IAChE,MAAM,4BAA4B,CAAC,MAAM,CAAC,CAAC;IAE3C,MAAM,MAAM,GAAG,kBAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC3C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI,CAAC,UAAU,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC;QAC1C,MAAM,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;QACpF,IAAI,CAAC,QAAQ,EAAE,CAAC;KACjB;AACH,CAAC;AAED,2DAA2D;AAC3D,KAAK,UAAU,UAAU,CACvB,WAAmB,EACnB,MAA0B;IAE1B,MAAM,MAAM,GAAG,kBAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC3C,KAAK,IAAI,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACrC,IAAI,CAAC,UAAU,CAAC,YAAY,GAAG,QAAQ,CAAC,CAAC;QAEzC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC/C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;YACxB,MAAM,IAAI,KAAK,CAAC,oBAAoB,GAAG,QAAQ,GAAG,gDAAgD,CAAC,CAAC;SACrG;QAED,IAAI;YACF,MAAM,YAAY,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAC1E,uEAAuE;YACvE,2EAA2E;YAC3E,MAAM,UAAU,GAAG,YAAY,GAAG,cAAc,CAAC;YACjD,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxE,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;YACjD,IAAI,CAAC,KAAK,CAAC,uBAAuB,GAAG,QAAQ,GAAG,OAAO,GAAG,kBAAkB,CAAC,CAAC;YAE9E,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,GAAG,QAAQ,CAAC,CAAC;YAE9D,MAAM,MAAM,CAAC,eAAe,CAAC,YAAY,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;YAElE,IAAI,CAAC,KAAK,CAAC,6BAA6B,GAAG,QAAQ,GAAG,eAAe,GAAG,SAAS,GAAG,GAAG,CAAC,CAAC;YACzF,IAAI,CAAC,QAAQ,EAAE,CAAC;SAEjB;QAAC,OAAO,CAAC,EAAE;YACV,+DAA+D;YAC/D,OAAO;gBACL,wBAAwB,EAAE,QAAQ;aACnC,CAAC;SACH;KACF;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,YAAY,GAAoC,SAAS,CAAC;IAC9D,IAAI,WAAW,GAA8C,SAAS,CAAC;IACvE,IAAI;QACF,IAAI,CAAC,0BAA0B,EAAE,CAAC;QAClC,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,EAAE;YAC1G,OAAO;SACR;QACD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,CAAC,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC,CAAC;QAEpF,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,0BAA0B,EAAE,EAAE,CAAC,CAAC;QAC9D,OAAO,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;QAEzD,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC5C,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE/C,IAAI,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC1C,MAAM,wBAAwB,CAAC,MAAM,CAAC,CAAC;QAEvC,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QAChC,YAAY,GAAG,MAAM,UAAU,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC;QAErD,IAAI,MAAM,KAAK,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;YACtC,WAAW,GAAG,MAAM,UAAU,CAAC,MAAM,CACnC,WAAW,EACX,+BAAkB,CAAC,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,CAAC,EACjE,MAAM,IAAI,CAAC,YAAY,EAAE,EACzB,IAAI,CAAC,MAAM,EAAE,EACb,MAAM,IAAI,CAAC,cAAc,EAAE,EAC3B,IAAI,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,EAC3C,IAAI,CAAC,gBAAgB,EAAE,EACvB,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,EAC9B,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EACvB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EACtB,IAAI,CAAC,mBAAmB,CAAC,gBAAgB,CAAC,EAC1C,SAAS,EACT,0BAAgB,EAAE,CAAC,CAAC;SACvB;KAEF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,gBAAgB,CAAC,SAAS,EAAE,YAAY,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;QACpE,OAAO;KACR;IAED,MAAM,gBAAgB,CAAC,SAAS,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;AAC/D,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,yBAAyB,GAAG,CAAC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}

lib/api-client.js

@@ -14,13 +14,33 @@ const core = __importStar(require("@actions/core"));
 const github = __importStar(require("@actions/github"));
 const console_log_level_1 = __importDefault(require("console-log-level"));
 const util_1 = require("./util");
-exports.getApiClient = function (allowLocalRun = false) {
+exports.getApiClient = function (githubAuth, githubApiUrl, allowLocalRun = false) {
     if (util_1.isLocalRun() && !allowLocalRun) {
         throw new Error('Invalid API call in local run');
     }
-    return new github.GitHub(core.getInput('token'), {
+    return new github.GitHub({
+        auth: parseAuth(githubAuth),
+        baseUrl: githubApiUrl,
         userAgent: "CodeQL Action",
         log: console_log_level_1.default({ level: "debug" })
     });
 };
+// Parses the user input as either a single token,
+// or a username and password / PAT.
+function parseAuth(auth) {
+    // Check if it's a username:password pair
+    const c = auth.indexOf(':');
+    if (c !== -1) {
+        return 'basic ' + Buffer.from(auth).toString('base64');
+    }
+    // Otherwise use the token as it is
+    return auth;
+}
+// Temporary function to aid in the transition to running on and off of github actions.
+// Once all code has been coverted this function should be removed or made canonical
+// and called only from the action entrypoints.
+function getActionsApiClient(allowLocalRun = false) {
+    return exports.getApiClient(core.getInput('token'), util_1.getRequiredEnvParam('GITHUB_API_URL'), allowLocalRun);
+}
+exports.getActionsApiClient = getActionsApiClient;
 //# sourceMappingURL=api-client.js.map

lib/api-client.js.map

@@ -1 +1 @@
-{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAAsC;AACtC,wDAA0C;AAC1C,0EAAgD;AAEhD,iCAAoC;AAEvB,QAAA,YAAY,GAAG,UAAS,aAAa,GAAG,KAAK;IACxD,IAAI,iBAAU,EAAE,IAAI,CAAC,aAAa,EAAE;QAClC,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;KAClD;IACD,OAAO,IAAI,MAAM,CAAC,MAAM,CACtB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EACtB;QACE,SAAS,EAAE,eAAe;QAC1B,GAAG,EAAE,2BAAe,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CAAC;AACP,CAAC,CAAC"}
+{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAAsC;AACtC,wDAA0C;AAC1C,0EAAgD;AAEhD,iCAAyD;AAE5C,QAAA,YAAY,GAAG,UAAS,UAAkB,EAAE,YAAoB,EAAE,aAAa,GAAG,KAAK;IAClG,IAAI,iBAAU,EAAE,IAAI,CAAC,aAAa,EAAE;QAClC,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;KAClD;IACD,OAAO,IAAI,MAAM,CAAC,MAAM,CACtB;QACE,IAAI,EAAE,SAAS,CAAC,UAAU,CAAC;QAC3B,OAAO,EAAE,YAAY;QACrB,SAAS,EAAE,eAAe;QAC1B,GAAG,EAAE,2BAAe,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CAAC;AACP,CAAC,CAAC;AAEF,kDAAkD;AAClD,oCAAoC;AACpC,SAAS,SAAS,CAAC,IAAY;IAC7B,yCAAyC;IACzC,MAAM,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;IAC5B,IAAI,CAAC,KAAK,CAAC,CAAC,EAAE;QACZ,OAAO,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;KACxD;IAED,mCAAmC;IACnC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,uFAAuF;AACvF,oFAAoF;AACpF,+CAA+C;AAC/C,SAAgB,mBAAmB,CAAC,aAAa,GAAG,KAAK;IACvD,OAAO,oBAAY,CACjB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EACtB,0BAAmB,CAAC,gBAAgB,CAAC,EACrC,aAAa,CAAC,CAAC;AACnB,CAAC;AALD,kDAKC"}

lib/autobuild-action.js

@@ -10,6 +10,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const codeql_1 = require("./codeql");
 const config_utils = __importStar(require("./config-utils"));
+const languages_1 = require("./languages");
 const util = __importStar(require("./util"));
 async function sendCompletedStatusReport(startedAt, allLanguages, failingLanguage, cause) {
     var _a, _b;
@@ -30,12 +31,12 @@ async function run() {
         if (!await util.sendStatusReport(await util.createStatusReportBase('autobuild', 'starting', startedAt), true)) {
             return;
         }
-        const config = await config_utils.getConfig();
+        const config = await config_utils.getConfig(util.getRequiredEnvParam('RUNNER_TEMP'));
         // Attempt to find a language to autobuild
         // We want pick the dominant language in the repo from the ones we're able to build
         // The languages are sorted in order specified by user or by lines of code if we got
         // them from the GitHub API, so try to build the first language on the list.
-        const autobuildLanguages = config.languages.filter(codeql_1.isTracedLanguage);
+        const autobuildLanguages = config.languages.filter(languages_1.isTracedLanguage);
         language = autobuildLanguages[0];
         if (!language) {
             core.info("None of the languages in this project require extra build steps");
@@ -46,7 +47,7 @@ async function run() {
             core.warning(`We will only automatically build ${language} code. If you wish to scan ${autobuildLanguages.slice(1).join(' and ')}, you must replace this block with custom build steps.`);
         }
         core.startGroup(`Attempting to automatically build ${language} code`);
-        const codeQL = codeql_1.getCodeQL();
+        const codeQL = codeql_1.getCodeQL(config.codeQLCmd);
         await codeQL.runAutobuild(language);
         core.endGroup();
     }
@@ -62,4 +63,4 @@ run().catch(e => {
     core.setFailed("autobuild action failed.  " + e);
     console.log(e);
 });
-//# sourceMappingURL=autobuild.js.map
+//# sourceMappingURL=autobuild-action.js.map

lib/autobuild-action.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAEtC,qCAAqC;AACrC,6DAA+C;AAC/C,2CAA+C;AAC/C,6CAA+B;AAS/B,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;;IAEb,MAAM,MAAM,GAAG,eAAe,KAAK,SAAS,IAAI,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5F,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CACxD,WAAW,EACX,MAAM,EACN,SAAS,QACT,KAAK,0CAAE,OAAO,QACd,KAAK,0CAAE,KAAK,CAAC,CAAC;IAChB,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAC5C,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,QAAQ,CAAC;IACb,IAAI;QACF,IAAI,CAAC,0BAA0B,EAAE,CAAC;QAClC,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,EAAE;YAC7G,OAAO;SACR;QAED,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,SAAS,CAAC,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC,CAAC;QAErF,0CAA0C;QAC1C,mFAAmF;QACnF,oFAAoF;QACpF,4EAA4E;QAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,4BAAgB,CAAC,CAAC;QACrE,QAAQ,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;QAEjC,IAAI,CAAC,QAAQ,EAAE;YACb,IAAI,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;YAC7E,OAAO;SACR;QAED,IAAI,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;QAE7D,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE;YACjC,IAAI,CAAC,OAAO,CAAC,oCAAoC,QAAQ,8BAA8B,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,wDAAwD,CAAC,CAAC;SAC3L;QAED,IAAI,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;QACtE,MAAM,MAAM,GAAG,kBAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC3C,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAEpC,IAAI,CAAC,QAAQ,EAAE,CAAC;KAEjB;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,kIAAkI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACnK,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QACxE,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,GAAG,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}

lib/autobuild.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAEtC,qCAAuD;AACvD,6DAA+C;AAC/C,6CAA+B;AAS/B,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;;IAEb,MAAM,MAAM,GAAG,eAAe,KAAK,SAAS,IAAI,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IAC5F,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CACxD,WAAW,EACX,MAAM,EACN,SAAS,QACT,KAAK,0CAAE,OAAO,QACd,KAAK,0CAAE,KAAK,CAAC,CAAC;IAChB,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAC5C,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,QAAQ,CAAC;IACb,IAAI;QACF,IAAI,CAAC,0BAA0B,EAAE,CAAC;QAClC,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,EAAE;YAC7G,OAAO;SACR;QAED,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,SAAS,EAAE,CAAC;QAE9C,0CAA0C;QAC1C,mFAAmF;QACnF,oFAAoF;QACpF,4EAA4E;QAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,yBAAgB,CAAC,CAAC;QACrE,QAAQ,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;QAEjC,IAAI,CAAC,QAAQ,EAAE;YACb,IAAI,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;YAC7E,OAAO;SACR;QAED,IAAI,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;QAE7D,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE;YACjC,IAAI,CAAC,OAAO,CAAC,oCAAoC,QAAQ,8BAA8B,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,wDAAwD,CAAC,CAAC;SAC3L;QAED,IAAI,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;QACtE,MAAM,MAAM,GAAG,kBAAS,EAAE,CAAC;QAC3B,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAEpC,IAAI,CAAC,QAAQ,EAAE,CAAC;KAEjB;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,kIAAkI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACnK,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,EAAE,QAAQ,EAAE,KAAK,CAAC,CAAC;QACxE,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,CAAC,QAAQ,CAAC,CAAC,CAAC;AACzD,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,GAAG,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}

lib/codeql.js

@@ -21,18 +21,14 @@ const stream = __importStar(require("stream"));
 const globalutil = __importStar(require("util"));
 const v4_1 = __importDefault(require("uuid/v4"));
 const api = __importStar(require("./api-client"));
+const defaults = __importStar(require("./defaults.json")); // Referenced from codeql-action-sync-tool!
 const util = __importStar(require("./util"));
 /**
  * Stores the CodeQL object, and is populated by `setupCodeQL` or `getCodeQL`.
  * Can be overridden in tests using `setCodeQL`.
  */
 let cachedCodeQL = undefined;
-/**
- * Environment variable used to store the location of the CodeQL CLI executable.
- * Value is set by setupCodeQL and read by getCodeQL.
- */
-const CODEQL_ACTION_CMD = "CODEQL_ACTION_CMD";
-const CODEQL_BUNDLE_VERSION = "codeql-bundle-20200630";
+const CODEQL_BUNDLE_VERSION = defaults.bundleVersion;
 const CODEQL_BUNDLE_NAME = "codeql-bundle.tar.gz";
 const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
 function getCodeQLActionRepository() {
@@ -71,7 +67,7 @@ async function getCodeQLBundleDownloadURL() {
         }
         let [repositoryOwner, repositoryName] = repository.split("/");
         try {
-            const release = await api.getApiClient().repos.getReleaseByTag({
+            const release = await api.getActionsApiClient().repos.getReleaseByTag({
                 owner: repositoryOwner,
                 repo: repositoryName,
                 tag: CODEQL_BUNDLE_VERSION
@@ -142,7 +138,6 @@ async function setupCodeQL() {
             throw new Error("Unsupported platform: " + process.platform);
         }
         cachedCodeQL = getCodeQLForCmd(codeqlCmd);
-        core.exportVariable(CODEQL_ACTION_CMD, codeqlCmd);
         return cachedCodeQL;
     }
     catch (e) {
@@ -168,16 +163,21 @@ function getCodeQLURLVersion(url) {
     return s;
 }
 exports.getCodeQLURLVersion = getCodeQLURLVersion;
-function getCodeQL() {
+/**
+ * Use the CodeQL executable located at the given path.
+ */
+function getCodeQL(cmd) {
     if (cachedCodeQL === undefined) {
-        const codeqlCmd = util.getRequiredEnvParam(CODEQL_ACTION_CMD);
-        cachedCodeQL = getCodeQLForCmd(codeqlCmd);
+        cachedCodeQL = getCodeQLForCmd(cmd);
     }
     return cachedCodeQL;
 }
 exports.getCodeQL = getCodeQL;
-function resolveFunction(partialCodeql, methodName) {
+function resolveFunction(partialCodeql, methodName, defaultImplementation) {
     if (typeof partialCodeql[methodName] !== 'function') {
+        if (defaultImplementation !== undefined) {
+            return defaultImplementation;
+        }
         const dummyMethod = () => {
             throw new Error('CodeQL ' + methodName + ' method not correctly defined');
         };
@@ -193,7 +193,7 @@ function resolveFunction(partialCodeql, methodName) {
  */
 function setCodeQL(partialCodeql) {
     cachedCodeQL = {
-        getDir: resolveFunction(partialCodeql, 'getDir'),
+        getPath: resolveFunction(partialCodeql, 'getPath', () => '/tmp/dummy-path'),
         printVersion: resolveFunction(partialCodeql, 'printVersion'),
         getTracerEnv: resolveFunction(partialCodeql, 'getTracerEnv'),
         databaseInit: resolveFunction(partialCodeql, 'databaseInit'),
@@ -203,12 +203,27 @@ function setCodeQL(partialCodeql) {
         resolveQueries: resolveFunction(partialCodeql, 'resolveQueries'),
         databaseAnalyze: resolveFunction(partialCodeql, 'databaseAnalyze')
     };
+    return cachedCodeQL;
 }
 exports.setCodeQL = setCodeQL;
+/**
+ * Get the cached CodeQL object. Should only be used from tests.
+ *
+ * TODO: Work out a good way for tests to get this from the test context
+ * instead of having to have this method.
+ */
+function getCachedCodeQL() {
+    if (cachedCodeQL === undefined) {
+        // Should never happen as setCodeQL is called by testing-utils.setupTests
+        throw new Error('cachedCodeQL undefined');
+    }
+    return cachedCodeQL;
+}
+exports.getCachedCodeQL = getCachedCodeQL;
 function getCodeQLForCmd(cmd) {
     return {
-        getDir: function () {
-            return path.dirname(cmd);
+        getPath: function () {
+            return cmd;
         },
         printVersion: async function () {
             await exec.exec(cmd, [
@@ -216,14 +231,13 @@ function getCodeQLForCmd(cmd) {
                 '--format=json'
             ]);
         },
-        getTracerEnv: async function (databasePath, compilerSpec) {
+        getTracerEnv: async function (databasePath) {
             let envFile = path.resolve(databasePath, 'working', 'env.tmp');
-            const compilerSpecArg = compilerSpec ? ["--compiler-spec=" + compilerSpec] : [];
             await exec.exec(cmd, [
                 'database',
                 'trace-command',
                 databasePath,
-                ...compilerSpecArg,
+                ...getExtraOptionsFromEnv(['database', 'trace-command']),
                 process.execPath,
                 path.resolve(__dirname, 'tracer-env.js'),
                 envFile
@@ -237,6 +251,7 @@ function getCodeQLForCmd(cmd) {
                 databasePath,
                 '--language=' + language,
                 '--source-root=' + sourceRoot,
+                ...getExtraOptionsFromEnv(['database', 'init']),
             ]);
         },
         runAutobuild: async function (language) {
@@ -258,7 +273,8 @@ function getCodeQLForCmd(cmd) {
                 'resolve',
                 'extractor',
                 '--format=json',
-                '--language=' + language
+                '--language=' + language,
+                ...getExtraOptionsFromEnv(['resolve', 'extractor']),
             ], {
                 silent: true,
                 listeners: {
@@ -273,6 +289,7 @@ function getCodeQLForCmd(cmd) {
             await exec.exec(cmd, [
                 'database',
                 'trace-command',
+                ...getExtraOptionsFromEnv(['database', 'trace-command']),
                 databasePath,
                 '--',
                 traceCommand
@@ -282,6 +299,7 @@ function getCodeQLForCmd(cmd) {
             await exec.exec(cmd, [
                 'database',
                 'finalize',
+                ...getExtraOptionsFromEnv(['database', 'finalize']),
                 databasePath
             ]);
         },
@@ -290,7 +308,8 @@ function getCodeQLForCmd(cmd) {
                 'resolve',
                 'queries',
                 ...queries,
-                '--format=bylanguage'
+                '--format=bylanguage',
+                ...getExtraOptionsFromEnv(['resolve', 'queries'])
             ];
             if (extraSearchPath !== undefined) {
                 codeqlArgs.push('--search-path', extraSearchPath);
@@ -315,17 +334,54 @@ function getCodeQLForCmd(cmd) {
                 '--format=sarif-latest',
                 '--output=' + sarifFile,
                 '--no-sarif-add-snippets',
+                ...getExtraOptionsFromEnv(['database', 'analyze']),
                 querySuite
             ]);
         }
     };
 }
-function isTracedLanguage(language) {
-    return ['cpp', 'java', 'csharp'].includes(language);
+/**
+ * Gets the options for `path` of `options` as an array of extra option strings.
+ */
+function getExtraOptionsFromEnv(path) {
+    let options = util.getExtraOptionsEnvParam();
+    return getExtraOptions(options, path, []);
 }
-exports.isTracedLanguage = isTracedLanguage;
-function isScannedLanguage(language) {
-    return !isTracedLanguage(language);
+/**
+ * Gets the options for `path` of `options` as an array of extra option strings.
+ *
+ * - the special terminal step name '*' in `options` matches all path steps
+ * - throws an exception if this conversion is impossible.
+ */
+function getExtraOptions(options, path, pathInfo) {
+    var _a, _b, _c;
+    /**
+     * Gets `options` as an array of extra option strings.
+     *
+     * - throws an exception mentioning `pathInfo` if this conversion is impossible.
+     */
+    function asExtraOptions(options, pathInfo) {
+        if (options === undefined) {
+            return [];
+        }
+        if (!Array.isArray(options)) {
+            const msg = `The extra options for '${pathInfo.join('.')}' ('${JSON.stringify(options)}') are not in an array.`;
+            throw new Error(msg);
+        }
+        return options.map(o => {
+            const t = typeof o;
+            if (t !== 'string' && t !== 'number' && t !== 'boolean') {
+                const msg = `The extra option for '${pathInfo.join('.')}' ('${JSON.stringify(o)}') is not a primitive value.`;
+                throw new Error(msg);
+            }
+            return o + '';
+        });
+    }
+    let all = asExtraOptions((_a = options) === null || _a === void 0 ? void 0 : _a['*'], pathInfo.concat('*'));
+    let specific = path.length === 0 ?
+        asExtraOptions(options, pathInfo) :
+        getExtraOptions((_b = options) === null || _b === void 0 ? void 0 : _b[path[0]], (_c = path) === null || _c === void 0 ? void 0 : _c.slice(1), pathInfo.concat(path[0]));
+    return all.concat(specific);
 }
-exports.isScannedLanguage = isScannedLanguage;
+exports.getExtraOptions = getExtraOptions;
 //# sourceMappingURL=codeql.js.map

lib/codeql.test.js

@@ -57,4 +57,26 @@ ava_1.default('parse codeql bundle url version', t => {
         }
     }
 });
+ava_1.default('getExtraOptions works for explicit paths', t => {
+    t.deepEqual(codeql.getExtraOptions({}, ['foo'], []), []);
+    t.deepEqual(codeql.getExtraOptions({ foo: [42] }, ['foo'], []), ['42']);
+    t.deepEqual(codeql.getExtraOptions({ foo: { bar: [42] } }, ['foo', 'bar'], []), ['42']);
+});
+ava_1.default('getExtraOptions works for wildcards', t => {
+    t.deepEqual(codeql.getExtraOptions({ '*': [42] }, ['foo'], []), ['42']);
+});
+ava_1.default('getExtraOptions works for wildcards and explicit paths', t => {
+    let o1 = { '*': [42], foo: [87] };
+    t.deepEqual(codeql.getExtraOptions(o1, ['foo'], []), ['42', '87']);
+    let o2 = { '*': [42], foo: [87] };
+    t.deepEqual(codeql.getExtraOptions(o2, ['foo', 'bar'], []), ['42']);
+    let o3 = { '*': [42], foo: { '*': [87], bar: [99] } };
+    let p = ['foo', 'bar'];
+    t.deepEqual(codeql.getExtraOptions(o3, p, []), ['42', '87', '99']);
+});
+ava_1.default('getExtraOptions throws for bad content', t => {
+    t.throws(() => codeql.getExtraOptions({ '*': 42 }, ['foo'], []));
+    t.throws(() => codeql.getExtraOptions({ foo: 87 }, ['foo'], []));
+    t.throws(() => codeql.getExtraOptions({ '*': [42], foo: { '*': 87, bar: [99] } }, ['foo', 'bar'], []));
+});
 //# sourceMappingURL=codeql.test.js.map

lib/codeql.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"codeql.test.js","sourceRoot":"","sources":["../src/codeql.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+DAAiD;AACjD,8CAAuB;AACvB,gDAAwB;AACxB,2CAA6B;AAE7B,iDAAmC;AACnC,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,8BAA8B,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAE7C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QAEnC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,MAAM,CAAC;QAEzC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAE9D,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YACxC,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YAE5B,cAAI,CAAC,qBAAqB,CAAC;iBACxB,GAAG,CAAC,2BAA2B,OAAO,uBAAuB,CAAC;iBAC9D,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,uCAAuC,CAAC,CAAC,CAAC;YAGrF,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,8CAA8C,OAAO,uBAAuB,CAAC;YAE1G,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC;YAE3B,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,OAAO,EAAE,CAAC,CAAC,CAAC;SACxD;QAED,MAAM,cAAc,GAAG,SAAS,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAE3D,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAE1C,MAAM,KAAK,GAAG;QACZ,UAAU,EAAE,gBAAgB;QAC5B,YAAY,EAAE,kBAAkB;QAChC,cAAc,EAAE,cAAc;QAC9B,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,aAAa;QAC5B,cAAc,EAAE,cAAc;KAC/B,CAAC;IAEF,KAAK,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAC9D,MAAM,GAAG,GAAG,wCAAwC,OAAO,MAAM,CAAC;QAElE,IAAI;YACF,MAAM,aAAa,GAAG,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YACtD,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SAC7C;QAAC,OAAO,CAAC,EAAE;YACV,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;SACnB;KACF;AACH,CAAC,CAAC,CAAC"}
+{"version":3,"file":"codeql.test.js","sourceRoot":"","sources":["../src/codeql.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+DAAiD;AACjD,8CAAuB;AACvB,gDAAwB;AACxB,2CAA6B;AAE7B,iDAAmC;AACnC,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,8BAA8B,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAE7C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QAEnC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,MAAM,CAAC;QAEzC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAE9D,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YACxC,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YAE5B,cAAI,CAAC,qBAAqB,CAAC;iBACxB,GAAG,CAAC,2BAA2B,OAAO,uBAAuB,CAAC;iBAC9D,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,uCAAuC,CAAC,CAAC,CAAC;YAGrF,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,8CAA8C,OAAO,uBAAuB,CAAC;YAE1G,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC;YAE3B,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,OAAO,EAAE,CAAC,CAAC,CAAC;SACxD;QAED,MAAM,cAAc,GAAG,SAAS,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAE3D,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAE1C,MAAM,KAAK,GAAG;QACZ,UAAU,EAAE,gBAAgB;QAC5B,YAAY,EAAE,kBAAkB;QAChC,cAAc,EAAE,cAAc;QAC9B,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,aAAa;QAC5B,cAAc,EAAE,cAAc;KAC/B,CAAC;IAEF,KAAK,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAC9D,MAAM,GAAG,GAAG,wCAAwC,OAAO,MAAM,CAAC;QAElE,IAAI;YACF,MAAM,aAAa,GAAG,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YACtD,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SAC7C;QAAC,OAAO,CAAC,EAAE;YACV,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;SACnB;KACF;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,0CAA0C,EAAE,CAAC,CAAC,EAAE;IACnD,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;IAEzD,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,EAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IAEtE,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,EAAC,GAAG,EAAE,EAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAC,EAAC,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;AACtF,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,qCAAqC,EAAE,CAAC,CAAC,EAAE;IAC9C,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,EAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;AACxE,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,wDAAwD,EAAE,CAAC,CAAC,EAAE;IACjE,IAAI,EAAE,GAAG,EAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAC,CAAC;IAChC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;IAEnE,IAAI,EAAE,GAAG,EAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAC,CAAC;IAChC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IAEpE,IAAI,EAAE,GAAG,EAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAC,EAAC,CAAC;IACnD,IAAI,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACvB,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;AACrE,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,wCAAwC,EAAE,CAAC,CAAC,EAAE;IACjD,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,EAAC,GAAG,EAAE,EAAE,EAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAE/D,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,EAAC,GAAG,EAAE,EAAE,EAAC,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAE/D,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,EAAC,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAC,EAAC,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;AACtG,CAAC,CAAC,CAAC"}

lib/config-utils.js

@@ -12,8 +12,8 @@ const fs = __importStar(require("fs"));
 const yaml = __importStar(require("js-yaml"));
 const path = __importStar(require("path"));
 const api = __importStar(require("./api-client"));
-const codeql_1 = require("./codeql");
 const externalQueries = __importStar(require("./external-queries"));
+const languages_1 = require("./languages");
 const util = __importStar(require("./util"));
 // Property names from the user-supplied config file.
 const NAME_PROPERTY = 'name';
@@ -22,13 +22,6 @@ const QUERIES_PROPERTY = 'queries';
 const QUERIES_USES_PROPERTY = 'uses';
 const PATHS_IGNORE_PROPERTY = 'paths-ignore';
 const PATHS_PROPERTY = 'paths';
-// All the languages supported by CodeQL
-const ALL_LANGUAGES = ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'];
-// Some alternate names for languages
-const LANGUAGE_ALIASES = {
-    'c': 'cpp',
-    'typescript': 'javascript',
-};
 /**
  * A list of queries from https://github.com/github/codeql that
  * we don't want to run. Disabling them here is a quicker alternative to
@@ -71,9 +64,8 @@ function validateQueries(resolvedQueries) {
 /**
  * Run 'codeql resolve queries' and add the results to resultMap
  */
-async function runResolveQueries(resultMap, toResolve, extraSearchPath, errorOnInvalidQueries) {
-    const codeQl = codeql_1.getCodeQL();
-    const resolvedQueries = await codeQl.resolveQueries(toResolve, extraSearchPath);
+async function runResolveQueries(codeQL, resultMap, toResolve, extraSearchPath, errorOnInvalidQueries) {
+    const resolvedQueries = await codeQL.resolveQueries(toResolve, extraSearchPath);
     for (const [language, queries] of Object.entries(resolvedQueries.byLanguage)) {
         if (resultMap[language] === undefined) {
             resultMap[language] = [];
@@ -87,9 +79,9 @@ async function runResolveQueries(resultMap, toResolve, extraSearchPath, errorOnI
 /**
  * Get the set of queries included by default.
  */
-async function addDefaultQueries(languages, resultMap) {
+async function addDefaultQueries(codeQL, languages, resultMap) {
     const suites = languages.map(l => l + '-code-scanning.qls');
-    await runResolveQueries(resultMap, suites, undefined, false);
+    await runResolveQueries(codeQL, resultMap, suites, undefined, false);
 }
 // The set of acceptable values for built-in suites from the codeql bundle
 const builtinSuites = ['security-extended', 'security-and-quality'];
@@ -97,18 +89,18 @@ const builtinSuites = ['security-extended', 'security-and-quality'];
  * Determine the set of queries associated with suiteName's suites and add them to resultMap.
  * Throws an error if suiteName is not a valid builtin suite.
  */
-async function addBuiltinSuiteQueries(configFile, languages, resultMap, suiteName) {
+async function addBuiltinSuiteQueries(languages, codeQL, resultMap, suiteName, configFile) {
     const suite = builtinSuites.find((suite) => suite === suiteName);
     if (!suite) {
         throw new Error(getQueryUsesInvalid(configFile, suiteName));
     }
     const suites = languages.map(l => l + '-' + suiteName + '.qls');
-    await runResolveQueries(resultMap, suites, undefined, false);
+    await runResolveQueries(codeQL, resultMap, suites, undefined, false);
 }
 /**
  * Retrieve the set of queries at localQueryPath and add them to resultMap.
  */
-async function addLocalQueries(configFile, resultMap, localQueryPath) {
+async function addLocalQueries(codeQL, resultMap, localQueryPath, configFile) {
     // Resolve the local path against the workspace so that when this is
     // passed to codeql it resolves to exactly the path we expect it to resolve to.
     const workspacePath = fs.realpathSync(util.getRequiredEnvParam('GITHUB_WORKSPACE'));
@@ -125,12 +117,12 @@ async function addLocalQueries(configFile, resultMap, localQueryPath) {
     }
     // Get the root of the current repo to use when resolving query dependencies
     const rootOfRepo = util.getRequiredEnvParam('GITHUB_WORKSPACE');
-    await runResolveQueries(resultMap, [absoluteQueryPath], rootOfRepo, true);
+    await runResolveQueries(codeQL, resultMap, [absoluteQueryPath], rootOfRepo, true);
 }
 /**
  * Retrieve the set of queries at the referenced remote repo and add them to resultMap.
  */
-async function addRemoteQueries(configFile, resultMap, queryUses) {
+async function addRemoteQueries(codeQL, resultMap, queryUses, tempDir, configFile) {
     let tok = queryUses.split('@');
     if (tok.length !== 2) {
         throw new Error(getQueryUsesInvalid(configFile, queryUses));
@@ -149,11 +141,11 @@ async function addRemoteQueries(configFile, resultMap, queryUses) {
     }
     const nwo = tok[0] + '/' + tok[1];
     // Checkout the external repository
-    const rootOfRepo = await externalQueries.checkoutExternalRepository(nwo, ref);
+    const rootOfRepo = await externalQueries.checkoutExternalRepository(nwo, ref, tempDir);
     const queryPath = tok.length > 2
         ? path.join(rootOfRepo, tok.slice(2).join('/'))
         : rootOfRepo;
-    await runResolveQueries(resultMap, [queryPath], rootOfRepo, true);
+    await runResolveQueries(codeQL, resultMap, [queryPath], rootOfRepo, true);
 }
 /**
  * Parse a query 'uses' field to a discrete set of query files and update resultMap.
@@ -163,23 +155,23 @@ async function addRemoteQueries(configFile, resultMap, queryUses) {
  * local paths starting with './', or references to remote repos, or
  * a finite set of hardcoded terms for builtin suites.
  */
-async function parseQueryUses(configFile, languages, resultMap, queryUses) {
+async function parseQueryUses(languages, codeQL, resultMap, queryUses, tempDir, configFile) {
     queryUses = queryUses.trim();
     if (queryUses === "") {
         throw new Error(getQueryUsesInvalid(configFile));
     }
     // Check for the local path case before we start trying to parse the repository name
     if (queryUses.startsWith("./")) {
-        await addLocalQueries(configFile, resultMap, queryUses.slice(2));
+        await addLocalQueries(codeQL, resultMap, queryUses.slice(2), configFile);
         return;
     }
     // Check for one of the builtin suites
     if (queryUses.indexOf('/') === -1 && queryUses.indexOf('@') === -1) {
-        await addBuiltinSuiteQueries(configFile, languages, resultMap, queryUses);
+        await addBuiltinSuiteQueries(languages, codeQL, resultMap, queryUses, configFile);
         return;
     }
     // Otherwise, must be a reference to another repo
-    await addRemoteQueries(configFile, resultMap, queryUses);
+    await addRemoteQueries(codeQL, resultMap, queryUses, tempDir, configFile);
 }
 // Regex validating stars in paths or paths-ignore entries.
 // The intention is to only allow ** to appear when immediately
@@ -227,6 +219,8 @@ function validateAndSanitisePath(originalPath, propertyName, configFile) {
     return path;
 }
 exports.validateAndSanitisePath = validateAndSanitisePath;
+// An undefined configFile in some of these functions indicates that
+// the property was in a workflow file, not a config file
 function getNameInvalid(configFile) {
     return getConfigFilePropertyError(configFile, NAME_PROPERTY, 'must be a non-empty string');
 }
@@ -284,7 +278,12 @@ function getConfigFileDirectoryGivenMessage(configFile) {
 }
 exports.getConfigFileDirectoryGivenMessage = getConfigFileDirectoryGivenMessage;
 function getConfigFilePropertyError(configFile, property, error) {
-    return 'The configuration file "' + configFile + '" is invalid: property "' + property + '" ' + error;
+    if (configFile === undefined) {
+        return 'The workflow property "' + property + '" is invalid: ' + error;
+    }
+    else {
+        return 'The configuration file "' + configFile + '" is invalid: property "' + property + '" ' + error;
+    }
 }
 function getNoLanguagesError() {
     return "Did not detect any languages to analyze. " +
@@ -300,23 +299,12 @@ exports.getUnknownLanguagesError = getUnknownLanguagesError;
  */
 async function getLanguagesInRepo() {
     var _a;
-    // Translate between GitHub's API names for languages and ours
-    const codeqlLanguages = {
-        'C': 'cpp',
-        'C++': 'cpp',
-        'C#': 'csharp',
-        'Go': 'go',
-        'Java': 'java',
-        'JavaScript': 'javascript',
-        'TypeScript': 'javascript',
-        'Python': 'python',
-    };
     let repo_nwo = (_a = process.env['GITHUB_REPOSITORY']) === null || _a === void 0 ? void 0 : _a.split("/");
     if (repo_nwo) {
         let owner = repo_nwo[0];
         let repo = repo_nwo[1];
         core.debug(`GitHub repo ${owner} ${repo}`);
-        const response = await api.getApiClient(true).repos.listLanguages({
+        const response = await api.getActionsApiClient(true).repos.listLanguages({
             owner,
             repo
         });
@@ -326,9 +314,10 @@ async function getLanguagesInRepo() {
         // Since sets in javascript maintain insertion order, using a set here and then splatting it
         // into an array gives us an array of languages ordered by popularity
         let languages = new Set();
-        for (let lang in response.data) {
-            if (lang in codeqlLanguages) {
-                languages.add(codeqlLanguages[lang]);
+        for (let lang of Object.keys(response.data)) {
+            let parsedLang = languages_1.parseLanguage(lang);
+            if (parsedLang !== undefined) {
+                languages.add(parsedLang);
             }
         }
         return [...languages];
@@ -365,48 +354,60 @@ async function getLanguages() {
         throw new Error(getNoLanguagesError());
     }
     // Make sure they are supported
-    const checkedLanguages = [];
+    const parsedLanguages = [];
     const unknownLanguages = [];
     for (let language of languages) {
-        // Normalise to lower case
-        language = language.toLowerCase();
-        // Resolve any known aliases
-        if (language in LANGUAGE_ALIASES) {
-            language = LANGUAGE_ALIASES[language];
-        }
-        const checkedLanguage = ALL_LANGUAGES.find(l => l === language);
-        if (checkedLanguage === undefined) {
+        const parsedLanguage = languages_1.parseLanguage(language);
+        if (parsedLanguage === undefined) {
             unknownLanguages.push(language);
         }
-        else if (checkedLanguages.indexOf(checkedLanguage) === -1) {
-            checkedLanguages.push(checkedLanguage);
+        else if (parsedLanguages.indexOf(parsedLanguage) === -1) {
+            parsedLanguages.push(parsedLanguage);
         }
     }
     if (unknownLanguages.length > 0) {
         throw new Error(getUnknownLanguagesError(unknownLanguages));
     }
-    return checkedLanguages;
+    return parsedLanguages;
+}
+/**
+ * Returns true if queries were provided in the workflow file
+ * (and thus added), otherwise false
+ */
+async function addQueriesFromWorkflowIfRequired(codeQL, languages, resultMap, tempDir) {
+    const queryUses = core.getInput('queries');
+    if (queryUses) {
+        for (const query of queryUses.split(',')) {
+            await parseQueryUses(languages, codeQL, resultMap, query, tempDir);
+        }
+        return true;
+    }
+    return false;
 }
 /**
  * Get the default config for when the user has not supplied one.
  */
-async function getDefaultConfig() {
+async function getDefaultConfig(tempDir, toolCacheDir, codeQL) {
     const languages = await getLanguages();
     const queries = {};
-    await addDefaultQueries(languages, queries);
+    await addDefaultQueries(codeQL, languages, queries);
+    await addQueriesFromWorkflowIfRequired(codeQL, languages, queries, tempDir);
     return {
         languages: languages,
         queries: queries,
         pathsIgnore: [],
         paths: [],
         originalUserInput: {},
+        tempDir,
+        toolCacheDir,
+        codeQLCmd: codeQL.getPath(),
     };
 }
 exports.getDefaultConfig = getDefaultConfig;
 /**
  * Load the config from the given file.
  */
-async function loadConfig(configFile) {
+async function loadConfig(configFile, tempDir, toolCacheDir, codeQL) {
     let parsedYAML;
     if (isLocal(configFile)) {
         // Treat the config file as relative to the workspace
@@ -439,9 +440,12 @@ async function loadConfig(configFile) {
         disableDefaultQueries = parsedYAML[DISABLE_DEFAULT_QUERIES_PROPERTY];
     }
     if (!disableDefaultQueries) {
-        await addDefaultQueries(languages, queries);
+        await addDefaultQueries(codeQL, languages, queries);
     }
-    if (QUERIES_PROPERTY in parsedYAML) {
+    // If queries were provided using `with` in the action configuration,
+    // they should take precedence over the queries in the config file
+    const addedQueriesFromAction = await addQueriesFromWorkflowIfRequired(codeQL, languages, queries, tempDir);
+    if (!addedQueriesFromAction && QUERIES_PROPERTY in parsedYAML) {
         if (!(parsedYAML[QUERIES_PROPERTY] instanceof Array)) {
             throw new Error(getQueriesInvalid(configFile));
         }
@@ -449,7 +453,7 @@ async function loadConfig(configFile) {
             if (!(QUERIES_USES_PROPERTY in query) || typeof query[QUERIES_USES_PROPERTY] !== "string") {
                 throw new Error(getQueryUsesInvalid(configFile));
             }
-            await parseQueryUses(configFile, languages, queries, query[QUERIES_USES_PROPERTY]);
+            await parseQueryUses(languages, codeQL, queries, query[QUERIES_USES_PROPERTY], tempDir, configFile);
         }
     }
     if (PATHS_IGNORE_PROPERTY in parsedYAML) {
@@ -487,7 +491,10 @@ async function loadConfig(configFile) {
         queries,
         pathsIgnore,
         paths,
-        originalUserInput: parsedYAML
+        originalUserInput: parsedYAML,
+        tempDir,
+        toolCacheDir,
+        codeQLCmd: codeQL.getPath(),
     };
 }
 /**
@@ -496,16 +503,16 @@ async function loadConfig(configFile) {
  * This will parse the config from the user input if present, or generate
  * a default config. The parsed config is then stored to a known location.
  */
-async function initConfig() {
+async function initConfig(tempDir, toolCacheDir, codeQL) {
     const configFile = core.getInput('config-file');
     let config;
     // If no config file was provided create an empty one
     if (configFile === '') {
         core.debug('No configuration file was provided');
-        config = await getDefaultConfig();
+        config = await getDefaultConfig(tempDir, toolCacheDir, codeQL);
     }
     else {
-        config = await loadConfig(configFile);
+        config = await loadConfig(configFile, tempDir, toolCacheDir, codeQL);
     }
     // Save the config so we can easily access it again in the future
     await saveConfig(config);
@@ -538,7 +545,7 @@ async function getRemoteConfig(configFile) {
     if (pieces === null || pieces.groups === undefined || pieces.length < 5) {
         throw new Error(getConfigFileRepoFormatInvalidMessage(configFile));
     }
-    const response = await api.getApiClient(true).repos.getContents({
+    const response = await api.getActionsApiClient(true).repos.getContents({
         owner: pieces.groups.owner,
         repo: pieces.groups.repo,
         path: pieces.groups.path,
@@ -559,8 +566,8 @@ async function getRemoteConfig(configFile) {
 /**
  * Get the file path where the parsed config will be stored.
  */
-function getPathToParsedConfigFile() {
-    return path.join(util.getRequiredEnvParam('RUNNER_TEMP'), 'config');
+function getPathToParsedConfigFile(tempDir) {
+    return path.join(tempDir, 'config');
 }
 exports.getPathToParsedConfigFile = getPathToParsedConfigFile;
 /**
@@ -568,7 +575,7 @@ exports.getPathToParsedConfigFile = getPathToParsedConfigFile;
  */
 async function saveConfig(config) {
     const configString = JSON.stringify(config);
-    const configFile = getPathToParsedConfigFile();
+    const configFile = getPathToParsedConfigFile(config.tempDir);
     fs.mkdirSync(path.dirname(configFile), { recursive: true });
     fs.writeFileSync(configFile, configString, 'utf8');
     core.debug('Saved config:');
@@ -582,8 +589,8 @@ async function saveConfig(config) {
  * stored to a known location. On the second and further calls, this will
  * return the contents of the parsed config from the known location.
  */
-async function getConfig() {
-    const configFile = getPathToParsedConfigFile();
+async function getConfig(tempDir) {
+    const configFile = getPathToParsedConfigFile(tempDir);
     if (!fs.existsSync(configFile)) {
         throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");
     }

lib/config-utils.test.js

@@ -16,8 +16,9 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const sinon_1 = __importDefault(require("sinon"));
 const api = __importStar(require("./api-client"));
-const CodeQL = __importStar(require("./codeql"));
+const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
+const languages_1 = require("./languages");
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
 testing_utils_1.setupTests(ava_1.default);
@@ -60,7 +61,7 @@ ava_1.default("load empty config", async (t) => {
         process.env['GITHUB_WORKSPACE'] = tmpDir;
         setInput('config-file', undefined);
         setInput('languages', 'javascript,python');
-        CodeQL.setCodeQL({
+        const codeQL = codeql_1.setCodeQL({
             resolveQueries: async function () {
                 return {
                     byLanguage: {},
@@ -69,8 +70,8 @@ ava_1.default("load empty config", async (t) => {
                 };
             },
         });
-        const config = await configUtils.initConfig();
-        t.deepEqual(config, await configUtils.getDefaultConfig());
+        const config = await configUtils.initConfig(tmpDir, tmpDir, codeQL);
+        t.deepEqual(config, await configUtils.getDefaultConfig(tmpDir, tmpDir, codeQL));
     });
 });
 ava_1.default("loading config saves config", async (t) => {
@@ -79,7 +80,7 @@ ava_1.default("loading config saves config", async (t) => {
         process.env['GITHUB_WORKSPACE'] = tmpDir;
         setInput('config-file', undefined);
         setInput('languages', 'javascript,python');
-        CodeQL.setCodeQL({
+        const codeQL = codeql_1.setCodeQL({
             resolveQueries: async function () {
                 return {
                     byLanguage: {},
@@ -89,14 +90,14 @@ ava_1.default("loading config saves config", async (t) => {
             },
         });
         // Sanity check the saved config file does not already exist
-        t.false(fs.existsSync(configUtils.getPathToParsedConfigFile()));
+        t.false(fs.existsSync(configUtils.getPathToParsedConfigFile(tmpDir)));
         // Sanity check that getConfig throws before we have called initConfig
-        await t.throwsAsync(configUtils.getConfig);
-        const config1 = await configUtils.initConfig();
+        await t.throwsAsync(() => configUtils.getConfig(tmpDir));
+        const config1 = await configUtils.initConfig(tmpDir, tmpDir, codeQL);
         // The saved config file should now exist
-        t.true(fs.existsSync(configUtils.getPathToParsedConfigFile()));
+        t.true(fs.existsSync(configUtils.getPathToParsedConfigFile(tmpDir)));
         // And that same newly-initialised config should now be returned by getConfig
-        const config2 = await configUtils.getConfig();
+        const config2 = await configUtils.getConfig(tmpDir);
         t.deepEqual(config1, config2);
     });
 });
@@ -106,7 +107,7 @@ ava_1.default("load input outside of workspace", async (t) => {
         process.env['GITHUB_WORKSPACE'] = tmpDir;
         setInput('config-file', '../input');
         try {
-            await configUtils.initConfig();
+            await configUtils.initConfig(tmpDir, tmpDir, codeql_1.getCachedCodeQL());
             throw new Error('initConfig did not throw error');
         }
         catch (err) {
@@ -121,7 +122,7 @@ ava_1.default("load non-local input with invalid repo syntax", async (t) => {
         // no filename given, just a repo
         setInput('config-file', 'octo-org/codeql-config@main');
         try {
-            await configUtils.initConfig();
+            await configUtils.initConfig(tmpDir, tmpDir, codeql_1.getCachedCodeQL());
             throw new Error('initConfig did not throw error');
         }
         catch (err) {
@@ -137,7 +138,7 @@ ava_1.default("load non-existent input", async (t) => {
         setInput('config-file', 'input');
         setInput('languages', 'javascript');
         try {
-            await configUtils.initConfig();
+            await configUtils.initConfig(tmpDir, tmpDir, codeql_1.getCachedCodeQL());
             throw new Error('initConfig did not throw error');
         }
         catch (err) {
@@ -149,7 +150,7 @@ ava_1.default("load non-empty input", async (t) => {
     return await util.withTmpDir(async (tmpDir) => {
         process.env['RUNNER_TEMP'] = tmpDir;
         process.env['GITHUB_WORKSPACE'] = tmpDir;
-        CodeQL.setCodeQL({
+        const codeQL = codeql_1.setCodeQL({
             resolveQueries: async function () {
                 return {
                     byLanguage: {
@@ -177,7 +178,7 @@ ava_1.default("load non-empty input", async (t) => {
         fs.mkdirSync(path.join(tmpDir, 'foo'));
         // And the config we expect it to parse to
         const expectedConfig = {
-            languages: ['javascript'],
+            languages: [languages_1.Language.javascript],
             queries: { 'javascript': ['/foo/a.ql', '/bar/b.ql'] },
             pathsIgnore: ['a', 'b'],
             paths: ['c/d'],
@@ -188,11 +189,14 @@ ava_1.default("load non-empty input", async (t) => {
                 'paths-ignore': ['a', 'b'],
                 paths: ['c/d'],
             },
+            tempDir: tmpDir,
+            toolCacheDir: tmpDir,
+            codeQLCmd: codeQL.getPath(),
         };
         fs.writeFileSync(path.join(tmpDir, 'input'), inputFileContents, 'utf8');
         setInput('config-file', 'input');
         setInput('languages', 'javascript');
-        const actualConfig = await configUtils.initConfig();
+        const actualConfig = await configUtils.initConfig(tmpDir, tmpDir, codeQL);
         // Should exactly equal the object we constructed earlier
         t.deepEqual(actualConfig, expectedConfig);
     });
@@ -207,7 +211,7 @@ ava_1.default("default queries are used", async (t) => {
         // We determine this by whether CodeQL.resolveQueries is called
         // with the correct arguments.
         const resolveQueriesArgs = [];
-        CodeQL.setCodeQL({
+        const codeQL = codeql_1.setCodeQL({
             resolveQueries: async function (queries, extraSearchPath) {
                 resolveQueriesArgs.push({ queries, extraSearchPath });
                 return {
@@ -231,18 +235,177 @@ ava_1.default("default queries are used", async (t) => {
         fs.writeFileSync(path.join(tmpDir, 'input'), inputFileContents, 'utf8');
         setInput('config-file', 'input');
         setInput('languages', 'javascript');
-        await configUtils.initConfig();
+        await configUtils.initConfig(tmpDir, tmpDir, codeQL);
         // Check resolve queries was called correctly
         t.deepEqual(resolveQueriesArgs.length, 1);
         t.deepEqual(resolveQueriesArgs[0].queries, ['javascript-code-scanning.qls']);
         t.deepEqual(resolveQueriesArgs[0].extraSearchPath, undefined);
     });
 });
+ava_1.default("Queries can be specified in config file", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env['RUNNER_TEMP'] = tmpDir;
+        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        const inputFileContents = `
+      name: my config
+      queries:
+        - uses: ./foo`;
+        fs.writeFileSync(path.join(tmpDir, 'input'), inputFileContents, 'utf8');
+        setInput('config-file', 'input');
+        fs.mkdirSync(path.join(tmpDir, 'foo'));
+        const resolveQueriesArgs = [];
+        const codeQL = codeql_1.setCodeQL({
+            resolveQueries: async function (queries, extraSearchPath) {
+                resolveQueriesArgs.push({ queries, extraSearchPath });
+                // Return what we're given, just in the right format for a resolved query
+                // This way we can test by seeing which returned items are in the final
+                // configuration.
+                const dummyResolvedQueries = {};
+                queries.forEach(q => { dummyResolvedQueries[q] = {}; });
+                return {
+                    byLanguage: {
+                        'javascript': dummyResolvedQueries,
+                    },
+                    noDeclaredLanguage: {},
+                    multipleDeclaredLanguages: {},
+                };
+            },
+        });
+        setInput('languages', 'javascript');
+        const config = await configUtils.initConfig(tmpDir, tmpDir, codeQL);
+        // Check resolveQueries was called correctly
+        // It'll be called once for the default queries
+        // and once for `./foo` from the config file.
+        t.deepEqual(resolveQueriesArgs.length, 2);
+        t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
+        t.regex(resolveQueriesArgs[1].queries[0], /.*\/foo$/);
+        // Now check that the end result contains the default queries and the query from config
+        t.deepEqual(config.queries['javascript'].length, 2);
+        t.regex(config.queries['javascript'][0], /javascript-code-scanning.qls$/);
+        t.regex(config.queries['javascript'][1], /.*\/foo$/);
+    });
+});
+ava_1.default("Queries from config file can be overridden in workflow file", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env['RUNNER_TEMP'] = tmpDir;
+        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        const inputFileContents = `
+      name: my config
+      queries:
+        - uses: ./foo`;
+        fs.writeFileSync(path.join(tmpDir, 'input'), inputFileContents, 'utf8');
+        setInput('config-file', 'input');
+        // This config item should take precedence over the config file but shouldn't affect the default queries.
+        setInput('queries', './override');
+        fs.mkdirSync(path.join(tmpDir, 'foo'));
+        fs.mkdirSync(path.join(tmpDir, 'override'));
+        const resolveQueriesArgs = [];
+        const codeQL = codeql_1.setCodeQL({
+            resolveQueries: async function (queries, extraSearchPath) {
+                resolveQueriesArgs.push({ queries, extraSearchPath });
+                // Return what we're given, just in the right format for a resolved query
+                // This way we can test overriding by seeing which returned items are in
+                // the final configuration.
+                const dummyResolvedQueries = {};
+                queries.forEach(q => { dummyResolvedQueries[q] = {}; });
+                return {
+                    byLanguage: {
+                        'javascript': dummyResolvedQueries,
+                    },
+                    noDeclaredLanguage: {},
+                    multipleDeclaredLanguages: {},
+                };
+            },
+        });
+        setInput('languages', 'javascript');
+        const config = await configUtils.initConfig(tmpDir, tmpDir, codeQL);
+        // Check resolveQueries was called correctly
+        // It'll be called once for the default queries and once for `./override`,
+        // but won't be called for './foo' from the config file.
+        t.deepEqual(resolveQueriesArgs.length, 2);
+        t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
+        t.regex(resolveQueriesArgs[1].queries[0], /.*\/override$/);
+        // Now check that the end result contains only the default queries and the override query
+        t.deepEqual(config.queries['javascript'].length, 2);
+        t.regex(config.queries['javascript'][0], /javascript-code-scanning.qls$/);
+        t.regex(config.queries['javascript'][1], /.*\/override$/);
+    });
+});
+ava_1.default("Multiple queries can be specified in workflow file, no config file required", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env['RUNNER_TEMP'] = tmpDir;
+        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        fs.mkdirSync(path.join(tmpDir, 'override1'));
+        fs.mkdirSync(path.join(tmpDir, 'override2'));
+        setInput('queries', './override1,./override2');
+        const resolveQueriesArgs = [];
+        const codeQL = codeql_1.setCodeQL({
+            resolveQueries: async function (queries, extraSearchPath) {
+                resolveQueriesArgs.push({ queries, extraSearchPath });
+                // Return what we're given, just in the right format for a resolved query
+                // This way we can test overriding by seeing which returned items are in
+                // the final configuration.
+                const dummyResolvedQueries = {};
+                queries.forEach(q => { dummyResolvedQueries[q] = {}; });
+                return {
+                    byLanguage: {
+                        'javascript': dummyResolvedQueries,
+                    },
+                    noDeclaredLanguage: {},
+                    multipleDeclaredLanguages: {},
+                };
+            },
+        });
+        setInput('languages', 'javascript');
+        const config = await configUtils.initConfig(tmpDir, tmpDir, codeQL);
+        // Check resolveQueries was called correctly:
+        // It'll be called once for the default queries,
+        // and then once for each of the two queries from the workflow
+        t.deepEqual(resolveQueriesArgs.length, 3);
+        t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
+        t.deepEqual(resolveQueriesArgs[2].queries.length, 1);
+        t.regex(resolveQueriesArgs[1].queries[0], /.*\/override1$/);
+        t.regex(resolveQueriesArgs[2].queries[0], /.*\/override2$/);
+        // Now check that the end result contains both the queries from the workflow, as well as the defaults
+        t.deepEqual(config.queries['javascript'].length, 3);
+        t.regex(config.queries['javascript'][0], /javascript-code-scanning.qls$/);
+        t.regex(config.queries['javascript'][1], /.*\/override1$/);
+        t.regex(config.queries['javascript'][2], /.*\/override2$/);
+    });
+});
+ava_1.default("Invalid queries in workflow file handled correctly", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env['RUNNER_TEMP'] = tmpDir;
+        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        setInput('queries', 'foo/bar@v1@v3');
+        setInput('languages', 'javascript');
+        // This function just needs to be type-correct; it doesn't need to do anything,
+        // since we're deliberately passing in invalid data
+        const codeQL = codeql_1.setCodeQL({
+            resolveQueries: async function (_queries, _extraSearchPath) {
+                return {
+                    byLanguage: {
+                        'javascript': {},
+                    },
+                    noDeclaredLanguage: {},
+                    multipleDeclaredLanguages: {},
+                };
+            },
+        });
+        try {
+            await configUtils.initConfig(tmpDir, tmpDir, codeQL);
+            t.fail('initConfig did not throw error');
+        }
+        catch (err) {
+            t.deepEqual(err, new Error(configUtils.getQueryUsesInvalid(undefined, "foo/bar@v1@v3")));
+        }
+    });
+});
 ava_1.default("API client used when reading remote config", async (t) => {
     return await util.withTmpDir(async (tmpDir) => {
         process.env['RUNNER_TEMP'] = tmpDir;
         process.env['GITHUB_WORKSPACE'] = tmpDir;
-        CodeQL.setCodeQL({
+        const codeQL = codeql_1.setCodeQL({
             resolveQueries: async function () {
                 return {
                     byLanguage: {
@@ -272,10 +435,10 @@ ava_1.default("API client used when reading remote config", async (t) => {
         };
         const spyGetContents = mockGetContents(dummyResponse);
         // Create checkout directory for remote queries repository
-        fs.mkdirSync(path.join(tmpDir, 'foo/bar'), { recursive: true });
+        fs.mkdirSync(path.join(tmpDir, 'foo/bar/dev'), { recursive: true });
         setInput('config-file', 'octo-org/codeql-config/config.yaml@main');
         setInput('languages', 'javascript');
-        await configUtils.initConfig();
+        await configUtils.initConfig(tmpDir, tmpDir, codeQL);
         t.assert(spyGetContents.called);
     });
 });
@@ -288,7 +451,7 @@ ava_1.default("Remote config handles the case where a directory is provided", as
         const repoReference = 'octo-org/codeql-config/config.yaml@main';
         setInput('config-file', repoReference);
         try {
-            await configUtils.initConfig();
+            await configUtils.initConfig(tmpDir, tmpDir, codeql_1.getCachedCodeQL());
             throw new Error('initConfig did not throw error');
         }
         catch (err) {
@@ -307,7 +470,7 @@ ava_1.default("Invalid format of remote config handled correctly", async (t) =>
         const repoReference = 'octo-org/codeql-config/config.yaml@main';
         setInput('config-file', repoReference);
         try {
-            await configUtils.initConfig();
+            await configUtils.initConfig(tmpDir, tmpDir, codeql_1.getCachedCodeQL());
             throw new Error('initConfig did not throw error');
         }
         catch (err) {
@@ -321,7 +484,7 @@ ava_1.default("No detected languages", async (t) => {
         process.env['GITHUB_WORKSPACE'] = tmpDir;
         mockListLanguages([]);
         try {
-            await configUtils.initConfig();
+            await configUtils.initConfig(tmpDir, tmpDir, codeql_1.getCachedCodeQL());
             throw new Error('initConfig did not throw error');
         }
         catch (err) {
@@ -335,7 +498,7 @@ ava_1.default("Unknown languages", async (t) => {
         process.env['GITHUB_WORKSPACE'] = tmpDir;
         setInput('languages', 'ruby,english');
         try {
-            await configUtils.initConfig();
+            await configUtils.initConfig(tmpDir, tmpDir, codeql_1.getCachedCodeQL());
             throw new Error('initConfig did not throw error');
         }
         catch (err) {
@@ -348,7 +511,7 @@ function doInvalidInputTest(testName, inputFileContents, expectedErrorMessageGen
         return await util.withTmpDir(async (tmpDir) => {
             process.env['RUNNER_TEMP'] = tmpDir;
             process.env['GITHUB_WORKSPACE'] = tmpDir;
-            CodeQL.setCodeQL({
+            const codeQL = codeql_1.setCodeQL({
                 resolveQueries: async function () {
                     return {
                         byLanguage: {},
@@ -362,7 +525,7 @@ function doInvalidInputTest(testName, inputFileContents, expectedErrorMessageGen
             setInput('config-file', 'input');
             setInput('languages', 'javascript');
             try {
-                await configUtils.initConfig();
+                await configUtils.initConfig(tmpDir, tmpDir, codeQL);
                 throw new Error('initConfig did not throw error');
             }
             catch (err) {

lib/defaults.json

@@ -0,0 +1,3 @@
+{
+    "bundleVersion": "codeql-bundle-20200630"
+}

lib/external-queries.js

@@ -11,14 +11,16 @@ const core = __importStar(require("@actions/core"));
 const exec = __importStar(require("@actions/exec"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const util = __importStar(require("./util"));
 /**
  * Check out repository at the given ref, and return the directory of the checkout.
  */
-async function checkoutExternalRepository(repository, ref) {
-    const folder = util.getRequiredEnvParam('RUNNER_TEMP');
+async function checkoutExternalRepository(repository, ref, tempDir) {
     core.info('Checking out ' + repository);
-    const checkoutLocation = path.join(folder, repository);
+    const checkoutLocation = path.join(tempDir, repository, ref);
+    if (!checkoutLocation.startsWith(tempDir)) {
+        // this still permits locations that mess with sibling repositories in `tempDir`, but that is acceptable
+        throw new Error(`'${repository}@${ref}' is not a valid repository and reference.`);
+    }
     if (!fs.existsSync(checkoutLocation)) {
         const repoURL = 'https://github.com/' + repository + '.git';
         await exec.exec('git', ['clone', repoURL, checkoutLocation]);

lib/external-queries.js.map

@@ -1 +1 @@
-{"version":3,"file":"external-queries.js","sourceRoot":"","sources":["../src/external-queries.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,oDAAsC;AACtC,uCAAyB;AACzB,2CAA6B;AAE7B,6CAA+B;AAE/B;;GAEG;AACI,KAAK,UAAU,0BAA0B,CAAC,UAAkB,EAAE,GAAW;IAC9E,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC;IAEvD,IAAI,CAAC,IAAI,CAAC,eAAe,GAAG,UAAU,CAAC,CAAC;IAExC,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,CAAC;IACvD,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE;QACpC,MAAM,OAAO,GAAG,qBAAqB,GAAG,UAAU,GAAG,MAAM,CAAC;QAC5D,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC;QAC7D,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE;YACrB,cAAc,GAAG,gBAAgB;YACjC,YAAY,GAAG,gBAAgB,GAAG,OAAO;YACzC,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;KACJ;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAjBD,gEAiBC"}
+{"version":3,"file":"external-queries.js","sourceRoot":"","sources":["../src/external-queries.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,oDAAsC;AACtC,uCAAyB;AACzB,2CAA6B;AAE7B;;GAEG;AACI,KAAK,UAAU,0BAA0B,CAAC,UAAkB,EAAE,GAAW,EAAE,OAAe;IAC/F,IAAI,CAAC,IAAI,CAAC,eAAe,GAAG,UAAU,CAAC,CAAC;IAExC,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IAE7D,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;QACzC,wGAAwG;QACxG,MAAM,IAAI,KAAK,CAAC,IAAI,UAAU,IAAI,GAAG,4CAA4C,CAAC,CAAC;KACpF;IAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE;QACpC,MAAM,OAAO,GAAG,qBAAqB,GAAG,UAAU,GAAG,MAAM,CAAC;QAC5D,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC;QAC7D,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE;YACrB,cAAc,GAAG,gBAAgB;YACjC,YAAY,GAAG,gBAAgB,GAAG,OAAO;YACzC,UAAU,EAAE,GAAG;SAChB,CAAC,CAAC;KACJ;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AArBD,gEAqBC"}

lib/external-queries.test.js

@@ -19,10 +19,10 @@ const util = __importStar(require("./util"));
 testing_utils_1.setupTests(ava_1.default);
 ava_1.default("checkoutExternalQueries", async (t) => {
     await util.withTmpDir(async (tmpDir) => {
-        process.env["RUNNER_TEMP"] = tmpDir;
-        await externalQueries.checkoutExternalRepository("github/codeql-go", "df4c6869212341b601005567381944ed90906b6b");
+        const ref = "df4c6869212341b601005567381944ed90906b6b";
+        await externalQueries.checkoutExternalRepository("github/codeql-go", ref, tmpDir);
         // COPYRIGHT file existed in df4c6869212341b601005567381944ed90906b6b but not in the default branch
-        t.true(fs.existsSync(path.join(tmpDir, "github", "codeql-go", "COPYRIGHT")));
+        t.true(fs.existsSync(path.join(tmpDir, "github", "codeql-go", ref, "COPYRIGHT")));
     });
 });
 //# sourceMappingURL=external-queries.test.js.map

lib/external-queries.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,2CAA6B;AAE7B,oEAAsD;AACtD,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IACxC,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QACnC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QACpC,MAAM,eAAe,CAAC,0BAA0B,CAAC,kBAAkB,EAAE,0CAA0C,CAAC,CAAC;QAEjH,mGAAmG;QACnG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC/E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,2CAA6B;AAE7B,oEAAsD;AACtD,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IACxC,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QACnC,MAAM,GAAG,GAAG,0CAA0C,CAAC;QACvD,MAAM,eAAe,CAAC,0BAA0B,CAC9C,kBAAkB,EAClB,GAAG,EACH,MAAM,CAAC,CAAC;QAEV,mGAAmG;QACnG,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,GAAG,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IACpF,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/finalize-db.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"finalize-db.js","sourceRoot":"","sources":["../src/finalize-db.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,uCAAyB;AACzB,2CAA6B;AAE7B,qCAAwD;AACxD,4DAA8C;AAC9C,gEAAkD;AAClD,yDAA2C;AAC3C,6CAA+B;AAiC/B,KAAK,UAAU,gBAAgB,CAC7B,SAAe,EACf,YAA6C,EAC7C,WAAsD,EACtD,KAAa;;IAEb,MAAM,MAAM,GAAG,OAAA,YAAY,0CAAE,wBAAwB,MAAK,SAAS,IAAI,KAAK,KAAK,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;IACnH,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,MAAM,EAAE,SAAS,QAAE,KAAK,0CAAE,OAAO,QAAE,KAAK,0CAAE,KAAK,CAAC,CAAC;IACtH,MAAM,YAAY,GAAuB;QACvC,GAAG,gBAAgB;QACnB,GAAG,CAAC,YAAY,IAAI,EAAE,CAAC;QACvB,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC;KACvB,CAAC;IACF,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAC5C,CAAC;AAED,KAAK,UAAU,4BAA4B,CAAC,cAAsB,EAAE,MAA0B;IAC5F,MAAM,MAAM,GAAG,kBAAS,EAAE,CAAC;IAC3B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI,0BAAiB,CAAC,QAAQ,CAAC,EAAE;YAC/B,IAAI,CAAC,UAAU,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC;YAC1C,MAAM,MAAM,CAAC,sBAAsB,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,EAAE,QAAQ,CAAC,CAAC;YACnF,IAAI,CAAC,QAAQ,EAAE,CAAC;SACjB;KACF;AACH,CAAC;AAED,KAAK,UAAU,wBAAwB,CAAC,cAAsB,EAAE,MAA0B;IACxF,MAAM,4BAA4B,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;IAE3D,MAAM,MAAM,GAAG,kBAAS,EAAE,CAAC;IAC3B,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI,CAAC,UAAU,CAAC,aAAa,GAAG,QAAQ,CAAC,CAAC;QAC1C,MAAM,MAAM,CAAC,gBAAgB,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC,CAAC;QACnE,IAAI,CAAC,QAAQ,EAAE,CAAC;KACjB;AACH,CAAC;AAED,2DAA2D;AAC3D,KAAK,UAAU,UAAU,CACvB,cAAsB,EACtB,WAAmB,EACnB,MAA0B;IAE1B,MAAM,MAAM,GAAG,kBAAS,EAAE,CAAC;IAC3B,KAAK,IAAI,QAAQ,IAAI,EAAE,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE;QACnD,IAAI,CAAC,UAAU,CAAC,YAAY,GAAG,QAAQ,CAAC,CAAC;QAEzC,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC/C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;YACxB,MAAM,IAAI,KAAK,CAAC,oBAAoB,GAAG,QAAQ,GAAG,gDAAgD,CAAC,CAAC;SACrG;QAED,IAAI;YACF,uEAAuE;YACvE,2EAA2E;YAC3E,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,GAAG,cAAc,CAAC,CAAC;YACxE,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,WAAW,GAAG,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YACxE,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;YACjD,IAAI,CAAC,KAAK,CAAC,uBAAuB,GAAG,QAAQ,GAAG,OAAO,GAAG,kBAAkB,CAAC,CAAC;YAE9E,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,QAAQ,GAAG,QAAQ,CAAC,CAAC;YAE9D,MAAM,MAAM,CAAC,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,cAAc,EAAE,QAAQ,CAAC,EAAE,SAAS,EAAE,UAAU,CAAC,CAAC;YAEzF,IAAI,CAAC,KAAK,CAAC,6BAA6B,GAAG,QAAQ,GAAG,eAAe,GAAG,SAAS,GAAG,GAAG,CAAC,CAAC;YACzF,IAAI,CAAC,QAAQ,EAAE,CAAC;SAEjB;QAAC,OAAO,CAAC,EAAE;YACV,+DAA+D;YAC/D,OAAO;gBACL,wBAAwB,EAAE,QAAQ;aACnC,CAAC;SACH;KACF;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,YAAY,GAAoC,SAAS,CAAC;IAC9D,IAAI,WAAW,GAA8C,SAAS,CAAC;IACvE,IAAI;QACF,IAAI,CAAC,0BAA0B,EAAE,CAAC;QAClC,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,EAAE;YAC1G,OAAO;SACR;QACD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,SAAS,EAAE,CAAC;QAE7C,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,0BAA0B,EAAE,EAAE,CAAC,CAAC;QAC9D,OAAO,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;QAEzD,MAAM,cAAc,GAAG,IAAI,CAAC,qBAAqB,EAAE,CAAC;QAEpD,MAAM,WAAW,GAAG,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QAC5C,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE/C,IAAI,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;QAC1C,MAAM,wBAAwB,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;QAEvD,IAAI,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;QAChC,YAAY,GAAG,MAAM,UAAU,CAAC,cAAc,EAAE,WAAW,EAAE,MAAM,CAAC,CAAC;QAErE,IAAI,MAAM,KAAK,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;YACtC,WAAW,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC;SACpD;KAEF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,gBAAgB,CAAC,SAAS,EAAE,YAAY,EAAE,WAAW,EAAE,KAAK,CAAC,CAAC;QACpE,OAAO;KACR;IAED,MAAM,gBAAgB,CAAC,SAAS,EAAE,YAAY,EAAE,WAAW,CAAC,CAAC;AAC/D,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,yBAAyB,GAAG,CAAC,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}

lib/finalize-db.test.js

@@ -1,2 +0,0 @@
-"use strict";
-//# sourceMappingURL=finalize-db.test.js.map

lib/finalize-db.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"finalize-db.test.js","sourceRoot":"","sources":["../src/finalize-db.test.ts"],"names":[],"mappings":""}

lib/fingerprints.js

@@ -10,7 +10,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
 const fs = __importStar(require("fs"));
 const long_1 = __importDefault(require("long"));
 const tab = '\t'.charCodeAt(0);
@@ -122,7 +121,7 @@ function hash(callback, input) {
 exports.hash = hash;
 // Generate a hash callback function that updates the given result in-place
 // when it recieves a hash for the correct line number. Ignores hashes for other lines.
-function locationUpdateCallback(result, location) {
+function locationUpdateCallback(result, location, logger) {
     var _a, _b;
     let locationStartLine = (_b = (_a = location.physicalLocation) === null || _a === void 0 ? void 0 : _a.region) === null || _b === void 0 ? void 0 : _b.startLine;
     if (locationStartLine === undefined) {
@@ -146,7 +145,7 @@ function locationUpdateCallback(result, location) {
             result.partialFingerprints.primaryLocationLineHash = hash;
         }
         else if (existingFingerprint !== hash) {
-            core.warning('Calculated fingerprint of ' + hash +
+            logger.warning('Calculated fingerprint of ' + hash +
                 ' for file ' + location.physicalLocation.artifactLocation.uri +
                 ' line ' + lineNumber +
                 ', but found existing inconsistent fingerprint value ' + existingFingerprint);
@@ -157,21 +156,21 @@ function locationUpdateCallback(result, location) {
 // the source file so we can hash it.
 // If possible returns a absolute file path for the source file,
 // or if not possible then returns undefined.
-function resolveUriToFile(location, artifacts) {
+function resolveUriToFile(location, artifacts, logger) {
     // This may be referencing an artifact
     if (!location.uri && location.index !== undefined) {
         if (typeof location.index !== 'number' ||
             location.index < 0 ||
             location.index >= artifacts.length ||
             typeof artifacts[location.index].location !== 'object') {
-            core.debug(`Ignoring location as URI "${location.index}" is invalid`);
+            logger.debug(`Ignoring location as URI "${location.index}" is invalid`);
             return undefined;
         }
         location = artifacts[location.index].location;
     }
     // Get the URI and decode
     if (typeof location.uri !== 'string') {
-        core.debug(`Ignoring location as index "${location.uri}" is invalid`);
+        logger.debug(`Ignoring location as index "${location.uri}" is invalid`);
         return undefined;
     }
     let uri = decodeURIComponent(location.uri);
@@ -181,13 +180,13 @@ function resolveUriToFile(location, artifacts) {
         uri = uri.substring(fileUriPrefix.length);
     }
     if (uri.indexOf('://') !== -1) {
-        core.debug(`Ignoring location URI "${uri}" as the scheme is not recognised`);
+        logger.debug(`Ignoring location URI "${uri}" as the scheme is not recognised`);
         return undefined;
     }
     // Discard any absolute paths that aren't in the src root
     const srcRootPrefix = process.env['GITHUB_WORKSPACE'] + '/';
     if (uri.startsWith('/') && !uri.startsWith(srcRootPrefix)) {
-        core.debug(`Ignoring location URI "${uri}" as it is outside of the src root`);
+        logger.debug(`Ignoring location URI "${uri}" as it is outside of the src root`);
         return undefined;
     }
     // Just assume a relative path is relative to the src root.
@@ -198,7 +197,7 @@ function resolveUriToFile(location, artifacts) {
     }
     // Check the file exists
     if (!fs.existsSync(uri)) {
-        core.debug(`Unable to compute fingerprint for non-existent file: ${uri}`);
+        logger.debug(`Unable to compute fingerprint for non-existent file: ${uri}`);
         return undefined;
     }
     return uri;
@@ -206,7 +205,7 @@ function resolveUriToFile(location, artifacts) {
 exports.resolveUriToFile = resolveUriToFile;
 // Compute fingerprints for results in the given sarif file
 // and return an updated sarif file contents.
-function addFingerprints(sarifContents) {
+function addFingerprints(sarifContents, logger) {
     var _a, _b;
     let sarif = JSON.parse(sarifContents);
     // Gather together results for the same file and construct
@@ -219,17 +218,17 @@ function addFingerprints(sarifContents) {
             // Check the primary location is defined correctly and is in the src root
             const primaryLocation = (result.locations || [])[0];
             if (!((_b = (_a = primaryLocation) === null || _a === void 0 ? void 0 : _a.physicalLocation) === null || _b === void 0 ? void 0 : _b.artifactLocation)) {
-                core.debug(`Unable to compute fingerprint for invalid location: ${JSON.stringify(primaryLocation)}`);
+                logger.debug(`Unable to compute fingerprint for invalid location: ${JSON.stringify(primaryLocation)}`);
                 continue;
             }
-            const filepath = resolveUriToFile(primaryLocation.physicalLocation.artifactLocation, artifacts);
+            const filepath = resolveUriToFile(primaryLocation.physicalLocation.artifactLocation, artifacts, logger);
             if (!filepath) {
                 continue;
             }
             if (!callbacksByFile[filepath]) {
                 callbacksByFile[filepath] = [];
             }
-            callbacksByFile[filepath].push(locationUpdateCallback(result, primaryLocation));
+            callbacksByFile[filepath].push(locationUpdateCallback(result, primaryLocation, logger));
         }
     }
     // Now hash each file that was found

lib/fingerprints.test.js

@@ -14,6 +14,7 @@ const ava_1 = __importDefault(require("ava"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const fingerprints = __importStar(require("./fingerprints"));
+const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
 testing_utils_1.setupTests(ava_1.default);
 function testHash(t, input, expectedHashes) {
@@ -98,7 +99,7 @@ ava_1.default('hash', (t) => {
 function testResolveUriToFile(uri, index, artifactsURIs) {
     const location = { "uri": uri, "index": index };
     const artifacts = artifactsURIs.map(uri => ({ "location": { "uri": uri } }));
-    return fingerprints.resolveUriToFile(location, artifacts);
+    return fingerprints.resolveUriToFile(location, artifacts, logging_1.getRunnerLogger());
 }
 ava_1.default('resolveUriToFile', t => {
     // The resolveUriToFile method checks that the file exists and is in the right directory
@@ -143,7 +144,7 @@ ava_1.default('addFingerprints', t => {
     expected = JSON.stringify(JSON.parse(expected));
     // The URIs in the SARIF files resolve to files in the testdata directory
     process.env['GITHUB_WORKSPACE'] = path.normalize(__dirname + '/../src/testdata');
-    t.deepEqual(fingerprints.addFingerprints(input), expected);
+    t.deepEqual(fingerprints.addFingerprints(input, logging_1.getRunnerLogger()), expected);
 });
 ava_1.default('missingRegions', t => {
     // Run an end-to-end test on a test file
@@ -154,6 +155,6 @@ ava_1.default('missingRegions', t => {
     expected = JSON.stringify(JSON.parse(expected));
     // The URIs in the SARIF files resolve to files in the testdata directory
     process.env['GITHUB_WORKSPACE'] = path.normalize(__dirname + '/../src/testdata');
-    t.deepEqual(fingerprints.addFingerprints(input), expected);
+    t.deepEqual(fingerprints.addFingerprints(input, logging_1.getRunnerLogger()), expected);
 });
 //# sourceMappingURL=fingerprints.test.js.map

lib/init-action.js

@@ -0,0 +1,103 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core = __importStar(require("@actions/core"));
+const exec = __importStar(require("@actions/exec"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const analysisPaths = __importStar(require("./analysis-paths"));
+const codeql_1 = require("./codeql");
+const configUtils = __importStar(require("./config-utils"));
+const tracer_config_1 = require("./tracer-config");
+const util = __importStar(require("./util"));
+async function sendSuccessStatusReport(startedAt, config) {
+    const statusReportBase = await util.createStatusReportBase('init', 'success', startedAt);
+    const languages = config.languages.join(',');
+    const workflowLanguages = core.getInput('languages', { required: false });
+    const paths = (config.originalUserInput.paths || []).join(',');
+    const pathsIgnore = (config.originalUserInput['paths-ignore'] || []).join(',');
+    const disableDefaultQueries = config.originalUserInput['disable-default-queries'] ? languages : '';
+    const queries = (config.originalUserInput.queries || []).map(q => q.uses).join(',');
+    const statusReport = {
+        ...statusReportBase,
+        languages: languages,
+        workflow_languages: workflowLanguages,
+        paths: paths,
+        paths_ignore: pathsIgnore,
+        disable_default_queries: disableDefaultQueries,
+        queries: queries,
+    };
+    await util.sendStatusReport(statusReport);
+}
+async function run() {
+    const startedAt = new Date();
+    let config;
+    let codeql;
+    try {
+        util.prepareLocalRunEnvironment();
+        if (!await util.sendStatusReport(await util.createStatusReportBase('init', 'starting', startedAt), true)) {
+            return;
+        }
+        core.startGroup('Setup CodeQL tools');
+        codeql = await codeql_1.setupCodeQL();
+        await codeql.printVersion();
+        core.endGroup();
+        core.startGroup('Load language configuration');
+        config = await configUtils.initConfig(util.getRequiredEnvParam('RUNNER_TEMP'), util.getRequiredEnvParam('RUNNER_TOOL_CACHE'), codeql);
+        analysisPaths.includeAndExcludeAnalysisPaths(config);
+        core.endGroup();
+    }
+    catch (e) {
+        core.setFailed(e.message);
+        console.log(e);
+        await util.sendStatusReport(await util.createStatusReportBase('init', 'aborted', startedAt, e.message));
+        return;
+    }
+    try {
+        const sourceRoot = path.resolve();
+        // Forward Go flags
+        const goFlags = process.env['GOFLAGS'];
+        if (goFlags) {
+            core.exportVariable('GOFLAGS', goFlags);
+            core.warning("Passing the GOFLAGS env parameter to the init action is deprecated. Please move this to the analyze action.");
+        }
+        // Setup CODEQL_RAM flag (todo improve this https://github.com/github/dsp-code-scanning/issues/935)
+        const codeqlRam = process.env['CODEQL_RAM'] || '6500';
+        core.exportVariable('CODEQL_RAM', codeqlRam);
+        fs.mkdirSync(util.getCodeQLDatabasesDir(config.tempDir), { recursive: true });
+        // TODO: replace this code once CodeQL supports multi-language tracing
+        for (let language of config.languages) {
+            // Init language database
+            await codeql.databaseInit(util.getCodeQLDatabasePath(config.tempDir, language), language, sourceRoot);
+        }
+        const tracerConfig = await tracer_config_1.getCombinedTracerConfig(config, codeql);
+        if (tracerConfig !== undefined) {
+            if (process.platform === 'win32') {
+                await exec.exec('powershell', [
+                    path.resolve(__dirname, '..', 'src', 'inject-tracer.ps1'),
+                    path.resolve(path.dirname(codeql.getPath()), 'tools', 'win64', 'tracer.exe'),
+                ], { env: { 'ODASA_TRACER_CONFIGURATION': tracerConfig.spec } });
+            }
+            // NB: in CLI mode these will be output to a file rather than exported with core.exportVariable
+            Object.entries(tracerConfig.env).forEach(([key, value]) => core.exportVariable(key, value));
+        }
+    }
+    catch (error) {
+        core.setFailed(error.message);
+        console.log(error);
+        await util.sendStatusReport(await util.createStatusReportBase('init', 'failure', startedAt, error.message, error.stack));
+        return;
+    }
+    await sendSuccessStatusReport(startedAt, config);
+}
+run().catch(e => {
+    core.setFailed("init action failed: " + e);
+    console.log(e);
+});
+//# sourceMappingURL=init-action.js.map

lib/init-action.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init-action.js","sourceRoot":"","sources":["../src/init-action.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,oDAAsC;AACtC,uCAAyB;AACzB,2CAA6B;AAE7B,gEAAkD;AAClD,qCAA+C;AAC/C,4DAA8C;AAC9C,mDAA0D;AAC1D,6CAA+B;AAkB/B,KAAK,UAAU,uBAAuB,CAAC,SAAe,EAAE,MAA0B;IAChF,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IAEzF,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,iBAAiB,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;IAC1E,MAAM,KAAK,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/E,MAAM,qBAAqB,GAAG,MAAM,CAAC,iBAAiB,CAAC,yBAAyB,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE,CAAC;IACnG,MAAM,OAAO,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,IAAI,EAAE,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAEpF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,SAAS,EAAE,SAAS;QACpB,kBAAkB,EAAE,iBAAiB;QACrC,KAAK,EAAE,KAAK;QACZ,YAAY,EAAE,WAAW;QACzB,uBAAuB,EAAE,qBAAqB;QAC9C,OAAO,EAAE,OAAO;KACjB,CAAC;IAEF,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAC5C,CAAC;AAED,KAAK,UAAU,GAAG;IAEhB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,MAA0B,CAAC;IAC/B,IAAI,MAAc,CAAC;IAEnB,IAAI;QACF,IAAI,CAAC,0BAA0B,EAAE,CAAC;QAClC,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,EAAE;YACxG,OAAO;SACR;QAED,IAAI,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;QACtC,MAAM,GAAG,MAAM,oBAAW,EAAE,CAAC;QAC7B,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;QAC5B,IAAI,CAAC,QAAQ,EAAE,CAAC;QAEhB,IAAI,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;QAC/C,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CACnC,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,EACvC,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,EAC7C,MAAM,CAAC,CAAC;QACV,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,IAAI,CAAC,QAAQ,EAAE,CAAC;KAEjB;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACf,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC;QACxG,OAAO;KACR;IAED,IAAI;QAEF,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;QAElC,mBAAmB;QACnB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACvC,IAAI,OAAO,EAAE;YACX,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACxC,IAAI,CAAC,OAAO,CAAC,6GAA6G,CAAC,CAAC;SAC7H;QAED,mGAAmG;QACnG,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,MAAM,CAAC;QACtD,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QAE7C,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAE9E,sEAAsE;QACtE,KAAK,IAAI,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;YACrC,yBAAyB;YACzB,MAAM,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC;SACvG;QAED,MAAM,YAAY,GAAG,MAAM,uCAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACnE,IAAI,YAAY,KAAK,SAAS,EAAE;YAC9B,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;gBAChC,MAAM,IAAI,CAAC,IAAI,CACb,YAAY,EACZ;oBACE,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,IAAI,EAAE,KAAK,EAAE,mBAAmB,CAAC;oBACzD,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAAE,OAAO,EAAE,OAAO,EAAE,YAAY,CAAC;iBAC7E,EACD,EAAE,GAAG,EAAE,EAAE,4BAA4B,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;aACjE;YAED,+FAA+F;YAC/F,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,CAAC,CAAC;SAC7F;KAEF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAC3D,MAAM,EACN,SAAS,EACT,SAAS,EACT,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;QAChB,OAAO;KACR;IACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AACnD,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,sBAAsB,GAAG,CAAC,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}

lib/languages.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+// All the languages supported by CodeQL
+var Language;
+(function (Language) {
+    Language["csharp"] = "csharp";
+    Language["cpp"] = "cpp";
+    Language["go"] = "go";
+    Language["java"] = "java";
+    Language["javascript"] = "javascript";
+    Language["python"] = "python";
+})(Language = exports.Language || (exports.Language = {}));
+// Additional names for languages
+const LANGUAGE_ALIASES = {
+    'c': Language.cpp,
+    'c++': Language.cpp,
+    'c#': Language.csharp,
+    'typescript': Language.javascript,
+};
+// Translate from user input or GitHub's API names for languages to CodeQL's names for languages
+function parseLanguage(language) {
+    // Normalise to lower case
+    language = language.toLowerCase();
+    // See if it's an exact match
+    if (language in Language) {
+        return language;
+    }
+    // Check language aliases
+    if (language in LANGUAGE_ALIASES) {
+        return LANGUAGE_ALIASES[language];
+    }
+    return undefined;
+}
+exports.parseLanguage = parseLanguage;
+function isTracedLanguage(language) {
+    return ['cpp', 'java', 'csharp'].includes(language);
+}
+exports.isTracedLanguage = isTracedLanguage;
+function isScannedLanguage(language) {
+    return !isTracedLanguage(language);
+}
+exports.isScannedLanguage = isScannedLanguage;
+//# sourceMappingURL=languages.js.map

lib/languages.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"languages.js","sourceRoot":"","sources":["../src/languages.ts"],"names":[],"mappings":";;AAAA,wCAAwC;AACxC,IAAY,QAOX;AAPD,WAAY,QAAQ;IAClB,6BAAiB,CAAA;IACjB,uBAAW,CAAA;IACX,qBAAS,CAAA;IACT,yBAAa,CAAA;IACb,qCAAyB,CAAA;IACzB,6BAAiB,CAAA;AACnB,CAAC,EAPW,QAAQ,GAAR,gBAAQ,KAAR,gBAAQ,QAOnB;AAED,iCAAiC;AACjC,MAAM,gBAAgB,GAA+B;IACnD,GAAG,EAAE,QAAQ,CAAC,GAAG;IACjB,KAAK,EAAE,QAAQ,CAAC,GAAG;IACnB,IAAI,EAAE,QAAQ,CAAC,MAAM;IACrB,YAAY,EAAE,QAAQ,CAAC,UAAU;CAClC,CAAC;AAEF,gGAAgG;AAChG,SAAgB,aAAa,CAAC,QAAgB;IAC5C,0BAA0B;IAC1B,QAAQ,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IAElC,6BAA6B;IAC7B,IAAI,QAAQ,IAAI,QAAQ,EAAE;QACxB,OAAO,QAAoB,CAAC;KAC7B;IAED,yBAAyB;IACzB,IAAI,QAAQ,IAAI,gBAAgB,EAAE;QAChC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,CAAC;KACnC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAfD,sCAeC;AAGD,SAAgB,gBAAgB,CAAC,QAAkB;IACjD,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACtD,CAAC;AAFD,4CAEC;AAED,SAAgB,iBAAiB,CAAC,QAAkB;IAClD,OAAO,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC;AAFD,8CAEC"}

lib/languages.test.js

@@ -0,0 +1,44 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const ava_1 = __importDefault(require("ava"));
+const languages_1 = require("./languages");
+const testing_utils_1 = require("./testing-utils");
+testing_utils_1.setupTests(ava_1.default);
+ava_1.default('parseLangauge', async (t) => {
+    // Exact matches
+    t.deepEqual(languages_1.parseLanguage('csharp'), languages_1.Language.csharp);
+    t.deepEqual(languages_1.parseLanguage('cpp'), languages_1.Language.cpp);
+    t.deepEqual(languages_1.parseLanguage('go'), languages_1.Language.go);
+    t.deepEqual(languages_1.parseLanguage('java'), languages_1.Language.java);
+    t.deepEqual(languages_1.parseLanguage('javascript'), languages_1.Language.javascript);
+    t.deepEqual(languages_1.parseLanguage('python'), languages_1.Language.python);
+    // Aliases
+    t.deepEqual(languages_1.parseLanguage('c'), languages_1.Language.cpp);
+    t.deepEqual(languages_1.parseLanguage('c++'), languages_1.Language.cpp);
+    t.deepEqual(languages_1.parseLanguage('c#'), languages_1.Language.csharp);
+    t.deepEqual(languages_1.parseLanguage('typescript'), languages_1.Language.javascript);
+    // Not matches
+    t.deepEqual(languages_1.parseLanguage('foo'), undefined);
+    t.deepEqual(languages_1.parseLanguage(' '), undefined);
+    t.deepEqual(languages_1.parseLanguage(''), undefined);
+});
+ava_1.default('isTracedLanguage', async (t) => {
+    t.true(languages_1.isTracedLanguage(languages_1.Language.cpp));
+    t.true(languages_1.isTracedLanguage(languages_1.Language.java));
+    t.true(languages_1.isTracedLanguage(languages_1.Language.csharp));
+    t.false(languages_1.isTracedLanguage(languages_1.Language.go));
+    t.false(languages_1.isTracedLanguage(languages_1.Language.javascript));
+    t.false(languages_1.isTracedLanguage(languages_1.Language.python));
+});
+ava_1.default('isScannedLanguage', async (t) => {
+    t.false(languages_1.isScannedLanguage(languages_1.Language.cpp));
+    t.false(languages_1.isScannedLanguage(languages_1.Language.java));
+    t.false(languages_1.isScannedLanguage(languages_1.Language.csharp));
+    t.true(languages_1.isScannedLanguage(languages_1.Language.go));
+    t.true(languages_1.isScannedLanguage(languages_1.Language.javascript));
+    t.true(languages_1.isScannedLanguage(languages_1.Language.python));
+});
+//# sourceMappingURL=languages.test.js.map

lib/languages.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"languages.test.js","sourceRoot":"","sources":["../src/languages.test.ts"],"names":[],"mappings":";;;;;AAAA,8CAAuB;AAEvB,2CAAyF;AACzF,mDAA2C;AAE3C,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,eAAe,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAC9B,gBAAgB;IAChB,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,QAAQ,CAAC,EAAE,oBAAQ,CAAC,MAAM,CAAC,CAAC;IACtD,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,KAAK,CAAC,EAAE,oBAAQ,CAAC,GAAG,CAAC,CAAC;IAChD,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,IAAI,CAAC,EAAE,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9C,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,MAAM,CAAC,EAAE,oBAAQ,CAAC,IAAI,CAAC,CAAC;IAClD,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,YAAY,CAAC,EAAE,oBAAQ,CAAC,UAAU,CAAC,CAAC;IAC9D,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,QAAQ,CAAC,EAAE,oBAAQ,CAAC,MAAM,CAAC,CAAC;IAEtD,UAAU;IACV,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,GAAG,CAAC,EAAE,oBAAQ,CAAC,GAAG,CAAC,CAAC;IAC9C,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,KAAK,CAAC,EAAE,oBAAQ,CAAC,GAAG,CAAC,CAAC;IAChD,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,IAAI,CAAC,EAAE,oBAAQ,CAAC,MAAM,CAAC,CAAC;IAClD,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,YAAY,CAAC,EAAE,oBAAQ,CAAC,UAAU,CAAC,CAAC;IAE9D,cAAc;IACd,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC;IAC7C,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,GAAG,CAAC,EAAE,SAAS,CAAC,CAAC;IAC3C,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,EAAE,CAAC,EAAE,SAAS,CAAC,CAAC;AAC5C,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,kBAAkB,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IACjC,CAAC,CAAC,IAAI,CAAC,4BAAgB,CAAC,oBAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC,IAAI,CAAC,4BAAgB,CAAC,oBAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IACxC,CAAC,CAAC,IAAI,CAAC,4BAAgB,CAAC,oBAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IAE1C,CAAC,CAAC,KAAK,CAAC,4BAAgB,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC,KAAK,CAAC,4BAAgB,CAAC,oBAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;IAC/C,CAAC,CAAC,KAAK,CAAC,4BAAgB,CAAC,oBAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;AAC7C,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,mBAAmB,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAClC,CAAC,CAAC,KAAK,CAAC,6BAAiB,CAAC,oBAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC,CAAC,KAAK,CAAC,6BAAiB,CAAC,oBAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,KAAK,CAAC,6BAAiB,CAAC,oBAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IAE5C,CAAC,CAAC,IAAI,CAAC,6BAAiB,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC,IAAI,CAAC,6BAAiB,CAAC,oBAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;IAC/C,CAAC,CAAC,IAAI,CAAC,6BAAiB,CAAC,oBAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;AAC7C,CAAC,CAAC,CAAC"}

lib/logging.js

@@ -0,0 +1,26 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core = __importStar(require("@actions/core"));
+function getActionsLogger() {
+    return core;
+}
+exports.getActionsLogger = getActionsLogger;
+function getRunnerLogger() {
+    return {
+        debug: console.debug,
+        info: console.info,
+        warning: console.warn,
+        error: console.error,
+        startGroup: () => undefined,
+        endGroup: () => undefined,
+    };
+}
+exports.getRunnerLogger = getRunnerLogger;
+//# sourceMappingURL=logging.js.map

lib/logging.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logging.js","sourceRoot":"","sources":["../src/logging.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAYtC,SAAgB,gBAAgB;IAC9B,OAAO,IAAI,CAAC;AACd,CAAC;AAFD,4CAEC;AAED,SAAgB,eAAe;IAC7B,OAAO;QACL,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,OAAO,EAAE,OAAO,CAAC,IAAI;QACrB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,UAAU,EAAE,GAAG,EAAE,CAAC,SAAS;QAC3B,QAAQ,EAAE,GAAG,EAAE,CAAC,SAAS;KAC1B,CAAC;AACJ,CAAC;AATD,0CASC"}

lib/repository.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+function parseRepositoryNwo(input) {
+    const parts = input.split('/');
+    if (parts.length !== 2) {
+        throw new Error(`"${input}" is not a valid repository name`);
+    }
+    return {
+        owner: parts[0],
+        repo: parts[1],
+    };
+}
+exports.parseRepositoryNwo = parseRepositoryNwo;
+//# sourceMappingURL=repository.js.map

lib/repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"repository.js","sourceRoot":"","sources":["../src/repository.ts"],"names":[],"mappings":";;AAMA,SAAgB,kBAAkB,CAAC,KAAa;IAC9C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QACtB,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,kCAAkC,CAAC,CAAC;KAC9D;IACD,OAAO;QACL,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;QACf,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;KACf,CAAC;AACJ,CAAC;AATD,gDASC"}

lib/runner.js

@@ -0,0 +1,57 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const commander_1 = require("commander");
+const path = __importStar(require("path"));
+const logging_1 = require("./logging");
+const repository_1 = require("./repository");
+const upload_lib = __importStar(require("./upload-lib"));
+const program = new commander_1.Command();
+program.version('0.0.1');
+function parseGithubApiUrl(inputUrl) {
+    try {
+        const url = new URL(inputUrl);
+        // If we detect this is trying to be to github.com
+        // then return with a fixed canonical URL.
+        if (url.hostname === 'github.com' || url.hostname === 'api.github.com') {
+            return 'https://api.github.com';
+        }
+        // Add the API path if it's not already present.
+        if (url.pathname.indexOf('/api/v3') === -1) {
+            url.pathname = path.join(url.pathname, 'api', 'v3');
+        }
+        return url.toString();
+    }
+    catch (e) {
+        throw new Error(`"${inputUrl}" is not a valid URL`);
+    }
+}
+const logger = logging_1.getRunnerLogger();
+program
+    .command('upload')
+    .description('Uploads a SARIF file, or all SARIF files from a directory, to code scanning')
+    .requiredOption('--sarif-file <file>', 'SARIF file to upload; can also be a directory for uploading multiple')
+    .requiredOption('--repository <repository>', 'Repository name')
+    .requiredOption('--commit <commit>', 'SHA of commit that was analyzed')
+    .requiredOption('--ref <ref>', 'Name of ref that was analyzed')
+    .requiredOption('--github-url <url>', 'URL of GitHub instance')
+    .requiredOption('--github-auth <auth>', 'GitHub Apps token, or of the form "username:token" if using a personal access token')
+    .option('--checkout-path <path>', 'Checkout path (default: current working directory)')
+    .action(async (cmd) => {
+    try {
+        await upload_lib.upload(cmd.sarifFile, repository_1.parseRepositoryNwo(cmd.repository), cmd.commit, cmd.ref, undefined, undefined, undefined, cmd.checkoutPath || process.cwd(), undefined, cmd.githubAuth, parseGithubApiUrl(cmd.githubUrl), 'runner', logger);
+    }
+    catch (e) {
+        logger.error('Upload failed');
+        logger.error(e);
+        process.exitCode = 1;
+    }
+});
+program.parse(process.argv);
+//# sourceMappingURL=runner.js.map

lib/runner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"runner.js","sourceRoot":"","sources":["../src/runner.ts"],"names":[],"mappings":";;;;;;;;;AAAA,yCAAoC;AACpC,2CAA6B;AAE7B,uCAA4C;AAC5C,6CAAkD;AAClD,yDAA2C;AAE3C,MAAM,OAAO,GAAG,IAAI,mBAAO,EAAE,CAAC;AAC9B,OAAO,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;AAYzB,SAAS,iBAAiB,CAAC,QAAgB;IACzC,IAAI;QACF,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,QAAQ,CAAC,CAAC;QAE9B,kDAAkD;QAClD,0CAA0C;QAC1C,IAAI,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE;YACtE,OAAO,wBAAwB,CAAC;SACjC;QAED,gDAAgD;QAChD,IAAI,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,SAAS,CAAC,KAAK,CAAC,CAAC,EAAE;YAC1C,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;SACrD;QAED,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;KAEvB;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,IAAI,KAAK,CAAC,IAAI,QAAQ,sBAAsB,CAAC,CAAC;KACrD;AACH,CAAC;AAED,MAAM,MAAM,GAAG,yBAAe,EAAE,CAAC;AAEjC,OAAO;KACJ,OAAO,CAAC,QAAQ,CAAC;KACjB,WAAW,CAAC,6EAA6E,CAAC;KAC1F,cAAc,CAAC,qBAAqB,EAAE,sEAAsE,CAAC;KAC7G,cAAc,CAAC,2BAA2B,EAAE,iBAAiB,CAAC;KAC9D,cAAc,CAAC,mBAAmB,EAAE,iCAAiC,CAAC;KACtE,cAAc,CAAC,aAAa,EAAE,+BAA+B,CAAC;KAC9D,cAAc,CAAC,oBAAoB,EAAE,wBAAwB,CAAC;KAC9D,cAAc,CAAC,sBAAsB,EAAE,qFAAqF,CAAC;KAC7H,MAAM,CAAC,wBAAwB,EAAE,oDAAoD,CAAC;KACtF,MAAM,CAAC,KAAK,EAAE,GAAe,EAAE,EAAE;IAChC,IAAI;QACF,MAAM,UAAU,CAAC,MAAM,CACrB,GAAG,CAAC,SAAS,EACb,+BAAkB,CAAC,GAAG,CAAC,UAAU,CAAC,EAClC,GAAG,CAAC,MAAM,EACV,GAAG,CAAC,GAAG,EACP,SAAS,EACT,SAAS,EACT,SAAS,EACT,GAAG,CAAC,YAAY,IAAI,OAAO,CAAC,GAAG,EAAE,EACjC,SAAS,EACT,GAAG,CAAC,UAAU,EACd,iBAAiB,CAAC,GAAG,CAAC,SAAS,CAAC,EAChC,QAAQ,EACR,MAAM,CAAC,CAAC;KACX;IAAC,OAAO,CAAC,EAAE;QACV,MAAM,CAAC,KAAK,CAAC,eAAe,CAAC,CAAC;QAC9B,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QAChB,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;KACtB;AACH,CAAC,CAAC,CAAC;AAEL,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC"}

lib/setup-tools.js

@@ -1,76 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
-const toolcache = __importStar(require("@actions/tool-cache"));
-const path = __importStar(require("path"));
-const semver = __importStar(require("semver"));
-class CodeQLSetup {
-    constructor(codeqlDist) {
-        this.dist = codeqlDist;
-        this.tools = path.join(this.dist, 'tools');
-        this.cmd = path.join(codeqlDist, 'codeql');
-        // TODO check process.arch ?
-        if (process.platform === 'win32') {
-            this.platform = 'win64';
-            if (this.cmd.endsWith('codeql')) {
-                this.cmd += ".exe";
-            }
-        }
-        else if (process.platform === 'linux') {
-            this.platform = 'linux64';
-        }
-        else if (process.platform === 'darwin') {
-            this.platform = 'osx64';
-        }
-        else {
-            throw new Error("Unsupported plaform: " + process.platform);
-        }
-    }
-}
-exports.CodeQLSetup = CodeQLSetup;
-async function setupCodeQL() {
-    try {
-        const codeqlURL = core.getInput('tools', { required: true });
-        const codeqlURLVersion = getCodeQLURLVersion(codeqlURL);
-        let codeqlFolder = toolcache.find('CodeQL', codeqlURLVersion);
-        if (codeqlFolder) {
-            core.debug(`CodeQL found in cache ${codeqlFolder}`);
-        }
-        else {
-            const codeqlPath = await toolcache.downloadTool(codeqlURL);
-            const codeqlExtracted = await toolcache.extractTar(codeqlPath);
-            codeqlFolder = await toolcache.cacheDir(codeqlExtracted, 'CodeQL', codeqlURLVersion);
-        }
-        return new CodeQLSetup(path.join(codeqlFolder, 'codeql'));
-    }
-    catch (e) {
-        core.error(e);
-        throw new Error("Unable to download and extract CodeQL CLI");
-    }
-}
-exports.setupCodeQL = setupCodeQL;
-function getCodeQLURLVersion(url) {
-    const match = url.match(/\/codeql-bundle-(.*)\//);
-    if (match === null || match.length < 2) {
-        throw new Error(`Malformed tools url: ${url}. Version could not be inferred`);
-    }
-    let version = match[1];
-    if (!semver.valid(version)) {
-        core.debug(`Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`);
-        version = '0.0.0-' + version;
-    }
-    const s = semver.clean(version);
-    if (!s) {
-        throw new Error(`Malformed tools url ${url}. Version should be in SemVer format but have ${version} instead`);
-    }
-    return s;
-}
-exports.getCodeQLURLVersion = getCodeQLURLVersion;
-//# sourceMappingURL=setup-tools.js.map

lib/setup-tools.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"setup-tools.js","sourceRoot":"","sources":["../src/setup-tools.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,+DAAiD;AACjD,2CAA6B;AAC7B,+CAAiC;AAEjC,MAAa,WAAW;IAMtB,YAAY,UAAkB;QAC5B,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;QACvB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC3C,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAC3C,4BAA4B;QAC5B,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;YACxB,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;gBAC/B,IAAI,CAAC,GAAG,IAAI,MAAM,CAAC;aACpB;SACF;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YACvC,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC;SAC3B;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE;YACxC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;SACzB;aAAM;YACL,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;SAC7D;IACH,CAAC;CACF;AAxBD,kCAwBC;AAEM,KAAK,UAAU,WAAW;IAC/B,IAAI;QACF,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7D,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAExD,IAAI,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAC9D,IAAI,YAAY,EAAE;YAChB,IAAI,CAAC,KAAK,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;SACrD;aAAM;YACL,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YAC3D,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC/D,YAAY,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;SACtF;QACD,OAAO,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC;KAE3D;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;KAC9D;AACH,CAAC;AAnBD,kCAmBC;AAED,SAAgB,mBAAmB,CAAC,GAAW;IAE7C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAClD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;QACtC,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,iCAAiC,CAAC,CAAC;KAC/E;IAED,IAAI,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAEvB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE;QAC1B,IAAI,CAAC,KAAK,CAAC,kBAAkB,OAAO,gEAAgE,OAAO,GAAG,CAAC,CAAC;QAChH,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC;KAC9B;IAED,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAChC,IAAI,CAAC,CAAC,EAAE;QACN,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,iDAAiD,OAAO,UAAU,CAAC,CAAC;KAC/G;IAED,OAAO,CAAC,CAAC;AACX,CAAC;AApBD,kDAoBC"}

lib/setup-tools.test.js

@@ -1,60 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const toolcache = __importStar(require("@actions/tool-cache"));
-const ava_1 = __importDefault(require("ava"));
-const nock_1 = __importDefault(require("nock"));
-const path = __importStar(require("path"));
-const setupTools = __importStar(require("./setup-tools"));
-const testing_utils_1 = require("./testing-utils");
-const util = __importStar(require("./util"));
-testing_utils_1.silenceDebugOutput(ava_1.default);
-ava_1.default('download codeql bundle cache', async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        process.env['RUNNER_TEMP'] = path.join(tmpDir, 'temp');
-        process.env['RUNNER_TOOL_CACHE'] = path.join(tmpDir, 'cache');
-        const versions = ['20200601', '20200610'];
-        for (let i = 0; i < versions.length; i++) {
-            const version = versions[i];
-            nock_1.default('https://example.com')
-                .get(`/download/codeql-bundle-${version}/codeql-bundle.tar.gz`)
-                .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle.tar.gz`));
-            process.env['INPUT_TOOLS'] = `https://example.com/download/codeql-bundle-${version}/codeql-bundle.tar.gz`;
-            await setupTools.setupCodeQL();
-            t.assert(toolcache.find('CodeQL', `0.0.0-${version}`));
-        }
-        const cachedVersions = toolcache.findAllVersions('CodeQL');
-        t.is(cachedVersions.length, 2);
-    });
-});
-ava_1.default('parse codeql bundle url version', t => {
-    const tests = {
-        '20200601': '0.0.0-20200601',
-        '20200601.0': '0.0.0-20200601.0',
-        '20200601.0.0': '20200601.0.0',
-        '1.2.3': '1.2.3',
-        '1.2.3-alpha': '1.2.3-alpha',
-        '1.2.3-beta.1': '1.2.3-beta.1',
-    };
-    for (const [version, expectedVersion] of Object.entries(tests)) {
-        const url = `https://github.com/.../codeql-bundle-${version}/...`;
-        try {
-            const parsedVersion = setupTools.getCodeQLURLVersion(url);
-            t.deepEqual(parsedVersion, expectedVersion);
-        }
-        catch (e) {
-            t.fail(e.message);
-        }
-    }
-});
-//# sourceMappingURL=setup-tools.test.js.map

lib/setup-tools.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"setup-tools.test.js","sourceRoot":"","sources":["../src/setup-tools.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+DAAiD;AACjD,8CAAuB;AACvB,gDAAwB;AACxB,2CAA6B;AAE7B,0DAA4C;AAC5C,mDAAmD;AACnD,6CAA+B;AAE/B,kCAAkB,CAAC,aAAI,CAAC,CAAC;AAEzB,aAAI,CAAC,8BAA8B,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAE7C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QAEnC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,MAAM,CAAC;QAEzC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAE9D,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YACxC,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YAE5B,cAAI,CAAC,qBAAqB,CAAC;iBACxB,GAAG,CAAC,2BAA2B,OAAO,uBAAuB,CAAC;iBAC9D,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,uCAAuC,CAAC,CAAC,CAAC;YAGrF,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,8CAA8C,OAAO,uBAAuB,CAAC;YAE1G,MAAM,UAAU,CAAC,WAAW,EAAE,CAAC;YAE/B,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,OAAO,EAAE,CAAC,CAAC,CAAC;SACxD;QAED,MAAM,cAAc,GAAG,SAAS,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAE3D,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAE1C,MAAM,KAAK,GAAG;QACZ,UAAU,EAAE,gBAAgB;QAC5B,YAAY,EAAE,kBAAkB;QAChC,cAAc,EAAE,cAAc;QAC9B,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,aAAa;QAC5B,cAAc,EAAE,cAAc;KAC/B,CAAC;IAEF,KAAK,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAC9D,MAAM,GAAG,GAAG,wCAAwC,OAAO,MAAM,CAAC;QAElE,IAAI;YACF,MAAM,aAAa,GAAG,UAAU,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAC1D,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SAC7C;QAAC,OAAO,CAAC,EAAE;YACV,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;SACnB;KACF;AACH,CAAC,CAAC,CAAC"}

lib/setup-tracer.js

@@ -1,224 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
-const exec = __importStar(require("@actions/exec"));
-const fs = __importStar(require("fs"));
-const path = __importStar(require("path"));
-const analysisPaths = __importStar(require("./analysis-paths"));
-const codeql_1 = require("./codeql");
-const configUtils = __importStar(require("./config-utils"));
-const util = __importStar(require("./util"));
-const CRITICAL_TRACER_VARS = new Set(['SEMMLE_PRELOAD_libtrace',
-    ,
-    'SEMMLE_RUNNER',
-    ,
-    'SEMMLE_COPY_EXECUTABLES_ROOT',
-    ,
-    'SEMMLE_DEPTRACE_SOCKET',
-    ,
-    'SEMMLE_JAVA_TOOL_OPTIONS'
-]);
-async function tracerConfig(codeql, database, compilerSpec) {
-    const env = await codeql.getTracerEnv(database, compilerSpec);
-    const config = env['ODASA_TRACER_CONFIGURATION'];
-    const info = { spec: config, env: {} };
-    // Extract critical tracer variables from the environment
-    for (let entry of Object.entries(env)) {
-        const key = entry[0];
-        const value = entry[1];
-        // skip ODASA_TRACER_CONFIGURATION as it is handled separately
-        if (key === 'ODASA_TRACER_CONFIGURATION') {
-            continue;
-        }
-        // skip undefined values
-        if (typeof value === 'undefined') {
-            continue;
-        }
-        // Keep variables that do not exist in current environment. In addition always keep
-        // critical and CODEQL_ variables
-        if (typeof process.env[key] === 'undefined' || CRITICAL_TRACER_VARS.has(key) || key.startsWith('CODEQL_')) {
-            info.env[key] = value;
-        }
-    }
-    return info;
-}
-function concatTracerConfigs(configs) {
-    // A tracer config is a map containing additional environment variables and a tracer 'spec' file.
-    // A tracer 'spec' file has the following format [log_file, number_of_blocks, blocks_text]
-    // Merge the environments
-    const env = {};
-    let copyExecutables = false;
-    let envSize = 0;
-    for (const v of configs) {
-        for (let e of Object.entries(v.env)) {
-            const name = e[0];
-            const value = e[1];
-            // skip SEMMLE_COPY_EXECUTABLES_ROOT as it is handled separately
-            if (name === 'SEMMLE_COPY_EXECUTABLES_ROOT') {
-                copyExecutables = true;
-            }
-            else if (name in env) {
-                if (env[name] !== value) {
-                    throw Error('Incompatible values in environment parameter ' +
-                        name + ': ' + env[name] + ' and ' + value);
-                }
-            }
-            else {
-                env[name] = value;
-                envSize += 1;
-            }
-        }
-    }
-    // Concatenate spec files into a new spec file
-    let languages = Object.keys(configs);
-    const cppIndex = languages.indexOf('cpp');
-    // Make sure cpp is the last language, if it's present since it must be concatenated last
-    if (cppIndex !== -1) {
-        let lastLang = languages[languages.length - 1];
-        languages[languages.length - 1] = languages[cppIndex];
-        languages[cppIndex] = lastLang;
-    }
-    let totalLines = [];
-    let totalCount = 0;
-    for (let lang of languages) {
-        const lines = fs.readFileSync(configs[lang].spec, 'utf8').split(/\r?\n/);
-        const count = parseInt(lines[1], 10);
-        totalCount += count;
-        totalLines.push(...lines.slice(2));
-    }
-    const tempFolder = util.getRequiredEnvParam('RUNNER_TEMP');
-    const newLogFilePath = path.resolve(tempFolder, 'compound-build-tracer.log');
-    const spec = path.resolve(tempFolder, 'compound-spec');
-    const compoundTempFolder = path.resolve(tempFolder, 'compound-temp');
-    const newSpecContent = [newLogFilePath, totalCount.toString(10), ...totalLines];
-    if (copyExecutables) {
-        env['SEMMLE_COPY_EXECUTABLES_ROOT'] = compoundTempFolder;
-        envSize += 1;
-    }
-    fs.writeFileSync(spec, newSpecContent.join('\n'));
-    // Prepare the content of the compound environment file
-    let buffer = Buffer.alloc(4);
-    buffer.writeInt32LE(envSize, 0);
-    for (let e of Object.entries(env)) {
-        const key = e[0];
-        const value = e[1];
-        const lineBuffer = new Buffer(key + '=' + value + '\0', 'utf8');
-        const sizeBuffer = Buffer.alloc(4);
-        sizeBuffer.writeInt32LE(lineBuffer.length, 0);
-        buffer = Buffer.concat([buffer, sizeBuffer, lineBuffer]);
-    }
-    // Write the compound environment
-    const envPath = spec + '.environment';
-    fs.writeFileSync(envPath, buffer);
-    return { env, spec };
-}
-async function sendSuccessStatusReport(startedAt, config) {
-    const statusReportBase = await util.createStatusReportBase('init', 'success', startedAt);
-    const languages = config.languages.join(',');
-    const workflowLanguages = core.getInput('languages', { required: false });
-    const paths = (config.originalUserInput.paths || []).join(',');
-    const pathsIgnore = (config.originalUserInput['paths-ignore'] || []).join(',');
-    const disableDefaultQueries = config.originalUserInput['disable-default-queries'] ? languages : '';
-    const queries = (config.originalUserInput.queries || []).map(q => q.uses).join(',');
-    const statusReport = {
-        ...statusReportBase,
-        languages: languages,
-        workflow_languages: workflowLanguages,
-        paths: paths,
-        paths_ignore: pathsIgnore,
-        disable_default_queries: disableDefaultQueries,
-        queries: queries,
-    };
-    await util.sendStatusReport(statusReport);
-}
-async function run() {
-    const startedAt = new Date();
-    let config;
-    let codeql;
-    try {
-        util.prepareLocalRunEnvironment();
-        if (!await util.sendStatusReport(await util.createStatusReportBase('init', 'starting', startedAt), true)) {
-            return;
-        }
-        core.startGroup('Setup CodeQL tools');
-        codeql = await codeql_1.setupCodeQL();
-        await codeql.printVersion();
-        core.endGroup();
-        core.startGroup('Load language configuration');
-        config = await configUtils.initConfig();
-        analysisPaths.includeAndExcludeAnalysisPaths(config);
-        core.endGroup();
-    }
-    catch (e) {
-        core.setFailed(e.message);
-        console.log(e);
-        await util.sendStatusReport(await util.createStatusReportBase('init', 'aborted', startedAt, e.message));
-        return;
-    }
-    try {
-        const sourceRoot = path.resolve();
-        // Forward Go flags
-        const goFlags = process.env['GOFLAGS'];
-        if (goFlags) {
-            core.exportVariable('GOFLAGS', goFlags);
-            core.warning("Passing the GOFLAGS env parameter to the init action is deprecated. Please move this to the analyze action.");
-        }
-        // Setup CODEQL_RAM flag (todo improve this https://github.com/github/dsp-code-scanning/issues/935)
-        const codeqlRam = process.env['CODEQL_RAM'] || '6500';
-        core.exportVariable('CODEQL_RAM', codeqlRam);
-        const databaseFolder = util.getCodeQLDatabasesDir();
-        fs.mkdirSync(databaseFolder, { recursive: true });
-        let tracedLanguageConfigs = [];
-        // TODO: replace this code once CodeQL supports multi-language tracing
-        for (let language of config.languages) {
-            const languageDatabase = path.join(databaseFolder, language);
-            // Init language database
-            await codeql.databaseInit(languageDatabase, language, sourceRoot);
-            // TODO: add better detection of 'traced languages' instead of using a hard coded list
-            if (codeql_1.isTracedLanguage(language)) {
-                const config = await tracerConfig(codeql, languageDatabase);
-                tracedLanguageConfigs.push(config);
-            }
-        }
-        if (tracedLanguageConfigs.length > 0) {
-            const mainTracerConfig = concatTracerConfigs(tracedLanguageConfigs);
-            if (mainTracerConfig.spec) {
-                for (let entry of Object.entries(mainTracerConfig.env)) {
-                    core.exportVariable(entry[0], entry[1]);
-                }
-                core.exportVariable('ODASA_TRACER_CONFIGURATION', mainTracerConfig.spec);
-                if (process.platform === 'darwin') {
-                    core.exportVariable('DYLD_INSERT_LIBRARIES', path.join(codeql.getDir(), 'tools', 'osx64', 'libtrace.dylib'));
-                }
-                else if (process.platform === 'win32') {
-                    await exec.exec('powershell', [
-                        path.resolve(__dirname, '..', 'src', 'inject-tracer.ps1'),
-                        path.resolve(codeql.getDir(), 'tools', 'win64', 'tracer.exe'),
-                    ], { env: { 'ODASA_TRACER_CONFIGURATION': mainTracerConfig.spec } });
-                }
-                else {
-                    core.exportVariable('LD_PRELOAD', path.join(codeql.getDir(), 'tools', 'linux64', '${LIB}trace.so'));
-                }
-            }
-        }
-    }
-    catch (error) {
-        core.setFailed(error.message);
-        console.log(error);
-        await util.sendStatusReport(await util.createStatusReportBase('init', 'failure', startedAt, error.message, error.stack));
-        return;
-    }
-    await sendSuccessStatusReport(startedAt, config);
-}
-run().catch(e => {
-    core.setFailed("init action failed: " + e);
-    console.log(e);
-});
-//# sourceMappingURL=setup-tracer.js.map

lib/test-utils.js

@@ -1,22 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-function silenceDebugOutput(test) {
-    const typedTest = test;
-    typedTest.beforeEach(t => {
-        const processStdoutWrite = process.stdout.write.bind(process.stdout);
-        t.context.write = processStdoutWrite;
-        process.stdout.write = (str, encoding, cb) => {
-            // Core library will directly call process.stdout.write for commands
-            // We don't want :: commands to be executed by the runner during tests
-            if (!str.match(/^::/)) {
-                processStdoutWrite(str, encoding, cb);
-            }
-            return true;
-        };
-    });
-    typedTest.afterEach(t => {
-        process.stdout.write = t.context.write;
-    });
-}
-exports.silenceDebugOutput = silenceDebugOutput;
-//# sourceMappingURL=test-utils.js.map

lib/test-utils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"test-utils.js","sourceRoot":"","sources":["../src/test-utils.ts"],"names":[],"mappings":";;AAEA,SAAgB,kBAAkB,CAAC,IAAwB;IACzD,MAAM,SAAS,GAAG,IAAmC,CAAC;IAEtD,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;QACrB,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,KAAK,GAAG,kBAAkB,CAAC;QACrC,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,GAAQ,EAAE,QAAc,EAAE,EAA0B,EAAE,EAAE;YAC5E,oEAAoE;YACpE,sEAAsE;YACtE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;gBACnB,kBAAkB,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;aACzC;YACD,OAAO,IAAI,CAAC;QAChB,CAAC,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE;QACpB,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC;AAnBD,gDAmBC"}

lib/testing-utils.js

@@ -56,6 +56,9 @@ function setupTests(test) {
         // process.env only has strings fields, so a shallow copy is fine.
         t.context.env = {};
         Object.assign(t.context.env, process.env);
+        // Any test that runs code that expects to only be run on actions
+        // will depend on various environment variables.
+        process.env['GITHUB_API_URL'] = 'https://github.localhost/api/v3';
     });
     typedTest.afterEach.always(t => {
         // Restore stdout and stderr

lib/testing-utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"testing-utils.js","sourceRoot":"","sources":["../src/testing-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,kDAA0B;AAE1B,iDAAmC;AAInC,SAAS,UAAU,CAAC,OAAoB;IACtC,8CAA8C;IAC9C,gCAAgC;IAChC,2EAA2E;IAC3E,2FAA2F;IAC3F,OAAO,CAAC,KAA0B,EAAE,QAAiB,EAAE,EAA0B,EAAW,EAAE;QAC5F,2CAA2C;QAC3C,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,QAAQ,KAAK,UAAU,EAAE;YACtD,EAAE,GAAG,QAAQ,CAAC;YACd,QAAQ,GAAG,SAAS,CAAC;SACtB;QAED,oBAAoB;QACpB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC7B,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;SAC7B;aAAM;YACL,OAAO,CAAC,UAAU,IAAI,IAAI,WAAW,CAAC,QAAQ,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;SAC1E;QAED,iDAAiD;QACjD,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,EAAE,KAAK,UAAU,EAAE;YAChD,EAAE,EAAE,CAAC;SACN;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAED,SAAgB,UAAU,CAAC,IAAwB;IACjD,MAAM,SAAS,GAAG,IAAkC,CAAC;IAErD,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;QACvB,gEAAgE;QAChE,0CAA0C;QAC1C,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAErB,iEAAiE;QACjE,CAAC,CAAC,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC;QAC1B,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QACpD,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QAEpD,mEAAmE;QACnE,wEAAwE;QACxE,kEAAkE;QAClE,CAAC,CAAC,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC;QACnB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;QAC7B,4BAA4B;QAC5B,0DAA0D;QAC1D,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE;YACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;SAC5C;QAED,uCAAuC;QACvC,eAAK,CAAC,OAAO,EAAE,CAAC;QAEhB,oCAAoC;QACpC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAvCD,gCAuCC"}
+{"version":3,"file":"testing-utils.js","sourceRoot":"","sources":["../src/testing-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,kDAA0B;AAE1B,iDAAmC;AAInC,SAAS,UAAU,CAAC,OAAoB;IACtC,8CAA8C;IAC9C,gCAAgC;IAChC,2EAA2E;IAC3E,2FAA2F;IAC3F,OAAO,CAAC,KAA0B,EAAE,QAAiB,EAAE,EAA0B,EAAW,EAAE;QAC5F,2CAA2C;QAC3C,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,QAAQ,KAAK,UAAU,EAAE;YACtD,EAAE,GAAG,QAAQ,CAAC;YACd,QAAQ,GAAG,SAAS,CAAC;SACtB;QAED,oBAAoB;QACpB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC7B,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;SAC7B;aAAM;YACL,OAAO,CAAC,UAAU,IAAI,IAAI,WAAW,CAAC,QAAQ,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;SAC1E;QAED,iDAAiD;QACjD,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,EAAE,KAAK,UAAU,EAAE;YAChD,EAAE,EAAE,CAAC;SACN;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAED,SAAgB,UAAU,CAAC,IAAwB;IACjD,MAAM,SAAS,GAAG,IAAkC,CAAC;IAErD,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;QACvB,gEAAgE;QAChE,0CAA0C;QAC1C,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAErB,iEAAiE;QACjE,CAAC,CAAC,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC;QAC1B,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QACpD,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QAEpD,mEAAmE;QACnE,wEAAwE;QACxE,kEAAkE;QAClE,CAAC,CAAC,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC;QACnB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;QAE1C,iEAAiE;QACjE,gDAAgD;QAChD,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,GAAG,iCAAiC,CAAC;IACpE,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;QAC7B,4BAA4B;QAC5B,0DAA0D;QAC1D,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE;YACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;SAC5C;QAED,uCAAuC;QACvC,eAAK,CAAC,OAAO,EAAE,CAAC;QAEhB,oCAAoC;QACpC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AA3CD,gCA2CC"}

lib/tracer-config.js

@@ -0,0 +1,143 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const languages_1 = require("./languages");
+const util = __importStar(require("./util"));
+const CRITICAL_TRACER_VARS = new Set(['SEMMLE_PRELOAD_libtrace',
+    ,
+    'SEMMLE_RUNNER',
+    ,
+    'SEMMLE_COPY_EXECUTABLES_ROOT',
+    ,
+    'SEMMLE_DEPTRACE_SOCKET',
+    ,
+    'SEMMLE_JAVA_TOOL_OPTIONS'
+]);
+async function getTracerConfigForLanguage(codeql, config, language) {
+    const env = await codeql.getTracerEnv(util.getCodeQLDatabasePath(config.tempDir, language));
+    const spec = env['ODASA_TRACER_CONFIGURATION'];
+    const info = { spec, env: {} };
+    // Extract critical tracer variables from the environment
+    for (let entry of Object.entries(env)) {
+        const key = entry[0];
+        const value = entry[1];
+        // skip ODASA_TRACER_CONFIGURATION as it is handled separately
+        if (key === 'ODASA_TRACER_CONFIGURATION') {
+            continue;
+        }
+        // skip undefined values
+        if (typeof value === 'undefined') {
+            continue;
+        }
+        // Keep variables that do not exist in current environment. In addition always keep
+        // critical and CODEQL_ variables
+        if (typeof process.env[key] === 'undefined' || CRITICAL_TRACER_VARS.has(key) || key.startsWith('CODEQL_')) {
+            info.env[key] = value;
+        }
+    }
+    return info;
+}
+exports.getTracerConfigForLanguage = getTracerConfigForLanguage;
+function concatTracerConfigs(tracerConfigs, config) {
+    // A tracer config is a map containing additional environment variables and a tracer 'spec' file.
+    // A tracer 'spec' file has the following format [log_file, number_of_blocks, blocks_text]
+    // Merge the environments
+    const env = {};
+    let copyExecutables = false;
+    let envSize = 0;
+    for (const v of Object.values(tracerConfigs)) {
+        for (let e of Object.entries(v.env)) {
+            const name = e[0];
+            const value = e[1];
+            // skip SEMMLE_COPY_EXECUTABLES_ROOT as it is handled separately
+            if (name === 'SEMMLE_COPY_EXECUTABLES_ROOT') {
+                copyExecutables = true;
+            }
+            else if (name in env) {
+                if (env[name] !== value) {
+                    throw Error('Incompatible values in environment parameter ' +
+                        name + ': ' + env[name] + ' and ' + value);
+                }
+            }
+            else {
+                env[name] = value;
+                envSize += 1;
+            }
+        }
+    }
+    // Concatenate spec files into a new spec file
+    let languages = Object.keys(tracerConfigs);
+    const cppIndex = languages.indexOf('cpp');
+    // Make sure cpp is the last language, if it's present since it must be concatenated last
+    if (cppIndex !== -1) {
+        let lastLang = languages[languages.length - 1];
+        languages[languages.length - 1] = languages[cppIndex];
+        languages[cppIndex] = lastLang;
+    }
+    let totalLines = [];
+    let totalCount = 0;
+    for (let lang of languages) {
+        const lines = fs.readFileSync(tracerConfigs[lang].spec, 'utf8').split(/\r?\n/);
+        const count = parseInt(lines[1], 10);
+        totalCount += count;
+        totalLines.push(...lines.slice(2));
+    }
+    const newLogFilePath = path.resolve(config.tempDir, 'compound-build-tracer.log');
+    const spec = path.resolve(config.tempDir, 'compound-spec');
+    const compoundTempFolder = path.resolve(config.tempDir, 'compound-temp');
+    const newSpecContent = [newLogFilePath, totalCount.toString(10), ...totalLines];
+    if (copyExecutables) {
+        env['SEMMLE_COPY_EXECUTABLES_ROOT'] = compoundTempFolder;
+        envSize += 1;
+    }
+    fs.writeFileSync(spec, newSpecContent.join('\n'));
+    // Prepare the content of the compound environment file
+    let buffer = Buffer.alloc(4);
+    buffer.writeInt32LE(envSize, 0);
+    for (let e of Object.entries(env)) {
+        const key = e[0];
+        const value = e[1];
+        const lineBuffer = new Buffer(key + '=' + value + '\0', 'utf8');
+        const sizeBuffer = Buffer.alloc(4);
+        sizeBuffer.writeInt32LE(lineBuffer.length, 0);
+        buffer = Buffer.concat([buffer, sizeBuffer, lineBuffer]);
+    }
+    // Write the compound environment
+    const envPath = spec + '.environment';
+    fs.writeFileSync(envPath, buffer);
+    return { env, spec };
+}
+exports.concatTracerConfigs = concatTracerConfigs;
+async function getCombinedTracerConfig(config, codeql) {
+    // Abort if there are no traced languages as there's nothing to do
+    const tracedLanguages = config.languages.filter(languages_1.isTracedLanguage);
+    if (tracedLanguages.length === 0) {
+        return undefined;
+    }
+    // Get all the tracer configs and combine them together
+    const tracedLanguageConfigs = {};
+    for (const language of tracedLanguages) {
+        tracedLanguageConfigs[language] = await getTracerConfigForLanguage(codeql, config, language);
+    }
+    const mainTracerConfig = concatTracerConfigs(tracedLanguageConfigs, config);
+    // Add a couple more variables
+    mainTracerConfig.env['ODASA_TRACER_CONFIGURATION'] = mainTracerConfig.spec;
+    const codeQLDir = path.dirname(codeql.getPath());
+    if (process.platform === 'darwin') {
+        mainTracerConfig.env['DYLD_INSERT_LIBRARIES'] = path.join(codeQLDir, 'tools', 'osx64', 'libtrace.dylib');
+    }
+    else if (process.platform !== 'win32') {
+        mainTracerConfig.env['LD_PRELOAD'] = path.join(codeQLDir, 'tools', 'linux64', '${LIB}trace.so');
+    }
+    return mainTracerConfig;
+}
+exports.getCombinedTracerConfig = getCombinedTracerConfig;
+//# sourceMappingURL=tracer-config.js.map

lib/tracer-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tracer-config.js","sourceRoot":"","sources":["../src/tracer-config.ts"],"names":[],"mappings":";;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAI7B,2CAAyD;AACzD,6CAA+B;AAO/B,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAClC,CAAC,yBAAyB;IACxB,AADyB;IACvB,eAAe;IACjB,AADkB;IAChB,8BAA8B;IAChC,AADiC;IAC/B,wBAAwB;IAC1B,AAD2B;IACzB,0BAA0B;CAC7B,CAAC,CAAC;AAEE,KAAK,UAAU,0BAA0B,CAC9C,MAAc,EACd,MAA0B,EAC1B,QAAkB;IAElB,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,CAAC;IAE5F,MAAM,IAAI,GAAG,GAAG,CAAC,4BAA4B,CAAC,CAAC;IAC/C,MAAM,IAAI,GAAiB,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC;IAE7C,yDAAyD;IACzD,KAAK,IAAI,KAAK,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;QACrC,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACrB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACvB,8DAA8D;QAC9D,IAAI,GAAG,KAAK,4BAA4B,EAAE;YACxC,SAAS;SACV;QACD,wBAAwB;QACxB,IAAI,OAAO,KAAK,KAAK,WAAW,EAAE;YAChC,SAAS;SACV;QACD,mFAAmF;QACnF,iCAAiC;QACjC,IAAI,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,WAAW,IAAI,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC,IAAI,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE;YACzG,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;SACvB;KACF;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AA7BD,gEA6BC;AAED,SAAgB,mBAAmB,CACjC,aAA+C,EAC/C,MAA0B;IAE1B,iGAAiG;IACjG,0FAA0F;IAE1F,yBAAyB;IACzB,MAAM,GAAG,GAA+B,EAAE,CAAC;IAC3C,IAAI,eAAe,GAAG,KAAK,CAAC;IAC5B,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE;QAC5C,KAAK,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE;YACnC,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClB,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACnB,gEAAgE;YAChE,IAAI,IAAI,KAAK,8BAA8B,EAAE;gBAC3C,eAAe,GAAG,IAAI,CAAC;aACxB;iBAAM,IAAI,IAAI,IAAI,GAAG,EAAE;gBACtB,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,KAAK,EAAE;oBACvB,MAAM,KAAK,CAAC,+CAA+C;wBACzD,IAAI,GAAG,IAAI,GAAG,GAAG,CAAC,IAAI,CAAC,GAAG,OAAO,GAAG,KAAK,CAAC,CAAC;iBAC9C;aACF;iBAAM;gBACL,GAAG,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;gBAClB,OAAO,IAAI,CAAC,CAAC;aACd;SACF;KACF;IAED,8CAA8C;IAC9C,IAAI,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC3C,MAAM,QAAQ,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC1C,yFAAyF;IACzF,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE;QACnB,IAAI,QAAQ,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QAC/C,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QACtD,SAAS,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC;KAChC;IAED,IAAI,UAAU,GAAa,EAAE,CAAC;IAC9B,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,KAAK,IAAI,IAAI,IAAI,SAAS,EAAE;QAC1B,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC/E,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,UAAU,IAAI,KAAK,CAAC;QACpB,UAAU,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;KACpC;IAED,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,2BAA2B,CAAC,CAAC;IACjF,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAC3D,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IACzE,MAAM,cAAc,GAAG,CAAC,cAAc,EAAE,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC,EAAE,GAAG,UAAU,CAAC,CAAC;IAEhF,IAAI,eAAe,EAAE;QACnB,GAAG,CAAC,8BAA8B,CAAC,GAAG,kBAAkB,CAAC;QACzD,OAAO,IAAI,CAAC,CAAC;KACd;IAED,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAElD,uDAAuD;IACvD,IAAI,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC7B,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IAChC,KAAK,IAAI,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;QACjC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACjB,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACnB,MAAM,UAAU,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,GAAG,GAAG,KAAK,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC;QAChE,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACnC,UAAU,CAAC,YAAY,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC9C,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC;KAC1D;IACD,iCAAiC;IACjC,MAAM,OAAO,GAAG,IAAI,GAAG,cAAc,CAAC;IACtC,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAElC,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;AACvB,CAAC;AA7ED,kDA6EC;AAEM,KAAK,UAAU,uBAAuB,CAC3C,MAA0B,EAC1B,MAAc;IAEd,kEAAkE;IAClE,MAAM,eAAe,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,4BAAgB,CAAC,CAAC;IAClE,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE;QAChC,OAAO,SAAS,CAAC;KAClB;IAED,uDAAuD;IACvD,MAAM,qBAAqB,GAAqC,EAAE,CAAC;IACnE,KAAK,MAAM,QAAQ,IAAI,eAAe,EAAE;QACtC,qBAAqB,CAAC,QAAQ,CAAC,GAAG,MAAM,0BAA0B,CAAC,MAAM,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC;KAC9F;IACD,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;IAE5E,8BAA8B;IAC9B,gBAAgB,CAAC,GAAG,CAAC,4BAA4B,CAAC,GAAG,gBAAgB,CAAC,IAAI,CAAC;IAC3E,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;IACjD,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE;QACjC,gBAAgB,CAAC,GAAG,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC;KAC1G;SAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QACvC,gBAAgB,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,OAAO,EAAE,SAAS,EAAE,gBAAgB,CAAC,CAAC;KACjG;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AA3BD,0DA2BC"}

lib/tracer-config.test.js

@@ -0,0 +1,272 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const ava_1 = __importDefault(require("ava"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const codeql_1 = require("./codeql");
+const languages_1 = require("./languages");
+const testing_utils_1 = require("./testing-utils");
+const tracer_config_1 = require("./tracer-config");
+const util = __importStar(require("./util"));
+testing_utils_1.setupTests(ava_1.default);
+function getTestConfig(tmpDir) {
+    return {
+        languages: [languages_1.Language.java],
+        queries: {},
+        pathsIgnore: [],
+        paths: [],
+        originalUserInput: {},
+        tempDir: tmpDir,
+        toolCacheDir: tmpDir,
+        codeQLCmd: '',
+    };
+}
+// A very minimal setup
+ava_1.default('getTracerConfigForLanguage - minimal setup', async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        const codeQL = codeql_1.setCodeQL({
+            getTracerEnv: async function () {
+                return {
+                    'ODASA_TRACER_CONFIGURATION': 'abc',
+                    'foo': 'bar'
+                };
+            },
+        });
+        const result = await tracer_config_1.getTracerConfigForLanguage(codeQL, config, languages_1.Language.javascript);
+        t.deepEqual(result, { spec: 'abc', env: { 'foo': 'bar' } });
+    });
+});
+// Existing vars should not be overwritten, unless they are critical or prefixed with CODEQL_
+ava_1.default('getTracerConfigForLanguage - existing / critical vars', async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        // Set up some variables in the environment
+        process.env['foo'] = 'abc';
+        process.env['SEMMLE_PRELOAD_libtrace'] = 'abc';
+        process.env['SEMMLE_RUNNER'] = 'abc';
+        process.env['SEMMLE_COPY_EXECUTABLES_ROOT'] = 'abc';
+        process.env['SEMMLE_DEPTRACE_SOCKET'] = 'abc';
+        process.env['SEMMLE_JAVA_TOOL_OPTIONS'] = 'abc';
+        process.env['SEMMLE_DEPTRACE_SOCKET'] = 'abc';
+        process.env['CODEQL_VAR'] = 'abc';
+        // Now CodeQL returns all these variables, and one more, with different values
+        const codeQL = codeql_1.setCodeQL({
+            getTracerEnv: async function () {
+                return {
+                    'ODASA_TRACER_CONFIGURATION': 'abc',
+                    'foo': 'bar',
+                    'baz': 'qux',
+                    'SEMMLE_PRELOAD_libtrace': 'SEMMLE_PRELOAD_libtrace',
+                    'SEMMLE_RUNNER': 'SEMMLE_RUNNER',
+                    'SEMMLE_COPY_EXECUTABLES_ROOT': 'SEMMLE_COPY_EXECUTABLES_ROOT',
+                    'SEMMLE_DEPTRACE_SOCKET': 'SEMMLE_DEPTRACE_SOCKET',
+                    'SEMMLE_JAVA_TOOL_OPTIONS': 'SEMMLE_JAVA_TOOL_OPTIONS',
+                    'CODEQL_VAR': 'CODEQL_VAR',
+                };
+            },
+        });
+        const result = await tracer_config_1.getTracerConfigForLanguage(codeQL, config, languages_1.Language.javascript);
+        t.deepEqual(result, {
+            spec: 'abc',
+            env: {
+                // Should contain all variables except 'foo', because that already existed in the
+                // environment with a different value, and is not deemed a "critical" variable.
+                'baz': 'qux',
+                'SEMMLE_PRELOAD_libtrace': 'SEMMLE_PRELOAD_libtrace',
+                'SEMMLE_RUNNER': 'SEMMLE_RUNNER',
+                'SEMMLE_COPY_EXECUTABLES_ROOT': 'SEMMLE_COPY_EXECUTABLES_ROOT',
+                'SEMMLE_DEPTRACE_SOCKET': 'SEMMLE_DEPTRACE_SOCKET',
+                'SEMMLE_JAVA_TOOL_OPTIONS': 'SEMMLE_JAVA_TOOL_OPTIONS',
+                'CODEQL_VAR': 'CODEQL_VAR',
+            }
+        });
+    });
+});
+ava_1.default('concatTracerConfigs - minimal configs correctly combined', async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        const spec1 = path.join(tmpDir, 'spec1');
+        fs.writeFileSync(spec1, 'foo.log\n2\nabc\ndef');
+        const tc1 = {
+            spec: spec1,
+            env: {
+                'a': 'a',
+                'b': 'b',
+            }
+        };
+        const spec2 = path.join(tmpDir, 'spec2');
+        fs.writeFileSync(spec2, 'foo.log\n1\nghi');
+        const tc2 = {
+            spec: spec2,
+            env: {
+                'c': 'c',
+            }
+        };
+        const result = tracer_config_1.concatTracerConfigs({ 'javascript': tc1, 'python': tc2 }, config);
+        t.deepEqual(result, {
+            spec: path.join(tmpDir, 'compound-spec'),
+            env: {
+                'a': 'a',
+                'b': 'b',
+                'c': 'c',
+            }
+        });
+        t.true(fs.existsSync(result.spec));
+        t.deepEqual(fs.readFileSync(result.spec, 'utf8'), path.join(tmpDir, 'compound-build-tracer.log') + '\n3\nabc\ndef\nghi');
+    });
+});
+ava_1.default('concatTracerConfigs - conflicting env vars', async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        const spec = path.join(tmpDir, 'spec');
+        fs.writeFileSync(spec, 'foo.log\n0');
+        // Ok if env vars have the same name and the same value
+        t.deepEqual(tracer_config_1.concatTracerConfigs({
+            'javascript': { spec: spec, env: { 'a': 'a', 'b': 'b' } },
+            'python': { spec: spec, env: { 'b': 'b', 'c': 'c' } },
+        }, config).env, {
+            'a': 'a',
+            'b': 'b',
+            'c': 'c',
+        });
+        // Throws if env vars have same name but different values
+        const e = t.throws(() => tracer_config_1.concatTracerConfigs({
+            'javascript': { spec: spec, env: { 'a': 'a', 'b': 'b' } },
+            'python': { spec: spec, env: { 'b': 'c' } },
+        }, config));
+        t.deepEqual(e.message, 'Incompatible values in environment parameter b: b and c');
+    });
+});
+ava_1.default('concatTracerConfigs - cpp spec lines come last if present', async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        const spec1 = path.join(tmpDir, 'spec1');
+        fs.writeFileSync(spec1, 'foo.log\n2\nabc\ndef');
+        const tc1 = {
+            spec: spec1,
+            env: {
+                'a': 'a',
+                'b': 'b',
+            }
+        };
+        const spec2 = path.join(tmpDir, 'spec2');
+        fs.writeFileSync(spec2, 'foo.log\n1\nghi');
+        const tc2 = {
+            spec: spec2,
+            env: {
+                'c': 'c',
+            }
+        };
+        const result = tracer_config_1.concatTracerConfigs({ 'cpp': tc1, 'python': tc2 }, config);
+        t.deepEqual(result, {
+            spec: path.join(tmpDir, 'compound-spec'),
+            env: {
+                'a': 'a',
+                'b': 'b',
+                'c': 'c',
+            }
+        });
+        t.true(fs.existsSync(result.spec));
+        t.deepEqual(fs.readFileSync(result.spec, 'utf8'), path.join(tmpDir, 'compound-build-tracer.log') + '\n3\nghi\nabc\ndef');
+    });
+});
+ava_1.default('concatTracerConfigs - SEMMLE_COPY_EXECUTABLES_ROOT is updated to point to compound spec', async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        const spec = path.join(tmpDir, 'spec');
+        fs.writeFileSync(spec, 'foo.log\n0');
+        const result = tracer_config_1.concatTracerConfigs({
+            'javascript': { spec: spec, env: { 'a': 'a', 'b': 'b' } },
+            'python': { spec: spec, env: { 'SEMMLE_COPY_EXECUTABLES_ROOT': 'foo' } },
+        }, config);
+        t.deepEqual(result.env, {
+            'a': 'a',
+            'b': 'b',
+            'SEMMLE_COPY_EXECUTABLES_ROOT': path.join(tmpDir, 'compound-temp')
+        });
+    });
+});
+ava_1.default('concatTracerConfigs - compound environment file is created correctly', async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        const spec1 = path.join(tmpDir, 'spec1');
+        fs.writeFileSync(spec1, 'foo.log\n2\nabc\ndef');
+        const tc1 = {
+            spec: spec1,
+            env: {
+                'a': 'a',
+            }
+        };
+        const spec2 = path.join(tmpDir, 'spec2');
+        fs.writeFileSync(spec2, 'foo.log\n1\nghi');
+        const tc2 = {
+            spec: spec2,
+            env: {
+                'foo': 'bar_baz',
+            }
+        };
+        const result = tracer_config_1.concatTracerConfigs({ 'javascript': tc1, 'python': tc2 }, config);
+        const envPath = result.spec + '.environment';
+        t.true(fs.existsSync(envPath));
+        const buffer = fs.readFileSync(envPath);
+        // Contents is binary data
+        t.deepEqual(buffer.length, 28);
+        t.deepEqual(buffer.readInt32LE(0), 2); // number of env vars
+        t.deepEqual(buffer.readInt32LE(4), 4); // length of env var definition
+        t.deepEqual(buffer.toString('utf8', 8, 12), 'a=a\0'); // [key]=[value]\0
+        t.deepEqual(buffer.readInt32LE(12), 12); // length of env var definition
+        t.deepEqual(buffer.toString('utf8', 16, 28), 'foo=bar_baz\0'); // [key]=[value]\0
+    });
+});
+ava_1.default('getCombinedTracerConfig - return undefined when no languages are traced languages', async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        // No traced languages
+        config.languages = [languages_1.Language.javascript, languages_1.Language.python];
+        const codeQL = codeql_1.setCodeQL({
+            getTracerEnv: async function () {
+                return {
+                    'ODASA_TRACER_CONFIGURATION': 'abc',
+                    'foo': 'bar'
+                };
+            },
+        });
+        t.deepEqual(await tracer_config_1.getCombinedTracerConfig(config, codeQL), undefined);
+    });
+});
+ava_1.default('getCombinedTracerConfig - valid spec file', async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        const spec = path.join(tmpDir, 'spec');
+        fs.writeFileSync(spec, 'foo.log\n2\nabc\ndef');
+        const codeQL = codeql_1.setCodeQL({
+            getTracerEnv: async function () {
+                return {
+                    'ODASA_TRACER_CONFIGURATION': spec,
+                    'foo': 'bar',
+                };
+            },
+        });
+        const result = await tracer_config_1.getCombinedTracerConfig(config, codeQL);
+        t.deepEqual(result, {
+            spec: path.join(tmpDir, 'compound-spec'),
+            env: {
+                'foo': 'bar',
+                'ODASA_TRACER_CONFIGURATION': result.spec,
+                'LD_PRELOAD': path.join(path.dirname(codeQL.getPath()), 'tools', 'linux64', '${LIB}trace.so'),
+            }
+        });
+    });
+});
+//# sourceMappingURL=tracer-config.test.js.map

lib/upload-lib.js

@@ -43,29 +43,32 @@ function combineSarifFiles(sarifFiles) {
 exports.combineSarifFiles = combineSarifFiles;
 // Upload the given payload.
 // If the request fails then this will retry a small number of times.
-async function uploadPayload(payload) {
-    core.info('Uploading results');
+async function uploadPayload(payload, repositoryNwo, githubAuth, githubApiUrl, mode, logger) {
+    logger.info('Uploading results');
     // If in test mode we don't want to upload the results
     const testMode = process.env['TEST_MODE'] === 'true' || false;
     if (testMode) {
         return;
     }
-    const [owner, repo] = util.getRequiredEnvParam("GITHUB_REPOSITORY").split("/");
     // Make up to 4 attempts to upload, and sleep for these
     // number of seconds between each attempt.
     // We don't want to backoff too much to avoid wasting action
     // minutes, but just waiting a little bit could maybe help.
     const backoffPeriods = [1, 5, 15];
+    const client = api.getApiClient(githubAuth, githubApiUrl);
     for (let attempt = 0; attempt <= backoffPeriods.length; attempt++) {
-        const response = await api.getApiClient().request("PUT /repos/:owner/:repo/code-scanning/analysis", ({
-            owner: owner,
-            repo: repo,
+        const reqURL = mode === 'actions'
+            ? 'PUT /repos/:owner/:repo/code-scanning/analysis'
+            : 'POST /repos/:owner/:repo/code-scanning/sarifs';
+        const response = await client.request(reqURL, ({
+            owner: repositoryNwo.owner,
+            repo: repositoryNwo.repo,
             data: payload,
         }));
-        core.debug('response status: ' + response.status);
+        logger.debug('response status: ' + response.status);
         const statusCode = response.status;
         if (statusCode === 202) {
-            core.info("Successfully uploaded results");
+            logger.info("Successfully uploaded results");
             return;
         }
         const requestID = response.headers["x-github-request-id"];
@@ -76,7 +79,7 @@ async function uploadPayload(payload) {
         // On a 5xx status code we may retry the request
         if (attempt < backoffPeriods.length) {
             // Log the failure as a warning but don't mark the action as failed yet
-            core.warning('Upload attempt (' + (attempt + 1) + ' of ' + (backoffPeriods.length + 1) +
+            logger.warning('Upload attempt (' + (attempt + 1) + ' of ' + (backoffPeriods.length + 1) +
                 ') failed (' + requestID + '). Retrying in ' + backoffPeriods[attempt] +
                 ' seconds: (' + statusCode + ') ' + JSON.stringify(response.data));
             // Sleep for the backoff period
@@ -97,19 +100,24 @@ async function uploadPayload(payload) {
 // Uploads a single sarif file or a directory of sarif files
 // depending on what the path happens to refer to.
 // Returns true iff the upload occurred and succeeded
-async function upload(input) {
-    if (fs.lstatSync(input).isDirectory()) {
-        const sarifFiles = fs.readdirSync(input)
+async function upload(sarifPath, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, githubAuth, githubApiUrl, mode, logger) {
+    const sarifFiles = [];
+    if (!fs.existsSync(sarifPath)) {
+        throw new Error(`Path does not exist: ${sarifPath}`);
+    }
+    if (fs.lstatSync(sarifPath).isDirectory()) {
+        fs.readdirSync(sarifPath)
             .filter(f => f.endsWith(".sarif"))
-            .map(f => path.resolve(input, f));
+            .map(f => path.resolve(sarifPath, f))
+            .forEach(f => sarifFiles.push(f));
         if (sarifFiles.length === 0) {
-            throw new Error("No SARIF files found to upload in \"" + input + "\".");
+            throw new Error("No SARIF files found to upload in \"" + sarifPath + "\".");
         }
-        return await uploadFiles(sarifFiles);
     }
     else {
-        return await uploadFiles([input]);
+        sarifFiles.push(sarifPath);
     }
+    return await uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, githubAuth, githubApiUrl, mode, logger);
 }
 exports.upload = upload;
 // Counts the number of results in the given SARIF file
@@ -123,16 +131,16 @@ function countResultsInSarif(sarif) {
 exports.countResultsInSarif = countResultsInSarif;
 // Validates that the given file path refers to a valid SARIF file.
 // Throws an error if the file is invalid.
-function validateSarifFileSchema(sarifFilePath) {
+function validateSarifFileSchema(sarifFilePath, logger) {
     const sarif = JSON.parse(fs.readFileSync(sarifFilePath, 'utf8'));
-    const schema = JSON.parse(fs.readFileSync(__dirname + '/../src/sarif_v2.1.0_schema.json', 'utf8'));
+    const schema = require('../src/sarif_v2.1.0_schema.json');
     const result = new jsonschema.Validator().validate(sarif, schema);
     if (!result.valid) {
         // Output the more verbose error messages in groups as these may be very large.
         for (const error of result.errors) {
-            core.startGroup("Error details: " + error.stack);
-            core.info(JSON.stringify(error, null, 2));
-            core.endGroup();
+            logger.startGroup("Error details: " + error.stack);
+            logger.info(JSON.stringify(error, null, 2));
+            logger.endGroup();
         }
         // Set the main error message to the stacks of all the errors.
         // This should be of a manageable size and may even give enough to fix the error.
@@ -143,65 +151,58 @@ function validateSarifFileSchema(sarifFilePath) {
 exports.validateSarifFileSchema = validateSarifFileSchema;
 // Uploads the given set of sarif files.
 // Returns true iff the upload occurred and succeeded
-async function uploadFiles(sarifFiles) {
-    core.startGroup("Uploading results");
-    core.info("Uploading sarif files: " + JSON.stringify(sarifFiles));
-    const sentinelEnvVar = "CODEQL_UPLOAD_SARIF";
-    if (process.env[sentinelEnvVar]) {
-        throw new Error("Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job");
+async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, githubAuth, githubApiUrl, mode, logger) {
+    logger.info("Uploading sarif files: " + JSON.stringify(sarifFiles));
+    if (mode === 'actions') {
+        // This check only works on actions as env vars don't persist between calls to the runner
+        const sentinelEnvVar = "CODEQL_UPLOAD_SARIF";
+        if (process.env[sentinelEnvVar]) {
+            throw new Error("Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job");
+        }
+        core.exportVariable(sentinelEnvVar, sentinelEnvVar);
     }
-    core.exportVariable(sentinelEnvVar, sentinelEnvVar);
     // Validate that the files we were asked to upload are all valid SARIF files
     for (const file of sarifFiles) {
-        validateSarifFileSchema(file);
+        validateSarifFileSchema(file, logger);
     }
-    const commitOid = await util.getCommitOid();
-    const workflowRunIDStr = util.getRequiredEnvParam('GITHUB_RUN_ID');
-    const ref = util.getRef();
-    const analysisKey = await util.getAnalysisKey();
-    const analysisName = util.getRequiredEnvParam('GITHUB_WORKFLOW');
-    const startedAt = process.env[sharedEnv.CODEQL_WORKFLOW_STARTED_AT];
     let sarifPayload = combineSarifFiles(sarifFiles);
-    sarifPayload = fingerprints.addFingerprints(sarifPayload);
+    sarifPayload = fingerprints.addFingerprints(sarifPayload, logger);
     const zipped_sarif = zlib_1.default.gzipSync(sarifPayload).toString('base64');
-    let checkoutPath = core.getInput('checkout_path');
     let checkoutURI = file_url_1.default(checkoutPath);
-    const workflowRunID = parseInt(workflowRunIDStr, 10);
-    if (Number.isNaN(workflowRunID)) {
-        throw new Error('GITHUB_RUN_ID must define a non NaN workflow run ID');
-    }
-    let matrix = core.getInput('matrix');
-    if (matrix === "null" || matrix === "") {
-        matrix = undefined;
-    }
     const toolNames = util.getToolNames(sarifPayload);
-    const payload = JSON.stringify({
-        "commit_oid": commitOid,
-        "ref": ref,
-        "analysis_key": analysisKey,
-        "analysis_name": analysisName,
-        "sarif": zipped_sarif,
-        "workflow_run_id": workflowRunID,
-        "checkout_uri": checkoutURI,
-        "environment": matrix,
-        "started_at": startedAt,
-        "tool_names": toolNames,
-    });
-    // Log some useful debug info about the info
-    const rawUploadSizeBytes = sarifPayload.length;
-    core.debug("Raw upload size: " + rawUploadSizeBytes + " bytes");
-    const zippedUploadSizeBytes = zipped_sarif.length;
-    core.debug("Base64 zipped upload size: " + zippedUploadSizeBytes + " bytes");
-    const numResultInSarif = countResultsInSarif(sarifPayload);
-    core.debug("Number of results in upload: " + numResultInSarif);
-    if (!util.isLocalRun()) {
-        // Make the upload
-        await uploadPayload(payload);
+    let payload;
+    if (mode === 'actions') {
+        payload = JSON.stringify({
+            "commit_oid": commitOid,
+            "ref": ref,
+            "analysis_key": analysisKey,
+            "analysis_name": analysisName,
+            "sarif": zipped_sarif,
+            "workflow_run_id": workflowRunID,
+            "checkout_uri": checkoutURI,
+            "environment": environment,
+            "started_at": process.env[sharedEnv.CODEQL_WORKFLOW_STARTED_AT],
+            "tool_names": toolNames,
+        });
     }
     else {
-        core.debug("Not uploading because this is a local run.");
+        payload = JSON.stringify({
+            "commit_sha": commitOid,
+            "ref": ref,
+            "sarif": zipped_sarif,
+            "checkout_uri": checkoutURI,
+            "tool_name": toolNames[0],
+        });
     }
-    core.endGroup();
+    // Log some useful debug info about the info
+    const rawUploadSizeBytes = sarifPayload.length;
+    logger.debug("Raw upload size: " + rawUploadSizeBytes + " bytes");
+    const zippedUploadSizeBytes = zipped_sarif.length;
+    logger.debug("Base64 zipped upload size: " + zippedUploadSizeBytes + " bytes");
+    const numResultInSarif = countResultsInSarif(sarifPayload);
+    logger.debug("Number of results in upload: " + numResultInSarif);
+    // Make the upload
+    await uploadPayload(payload, repositoryNwo, githubAuth, githubApiUrl, mode, logger);
     return {
         raw_upload_size_bytes: rawUploadSizeBytes,
         zipped_upload_size_bytes: zippedUploadSizeBytes,

lib/upload-lib.test.js

@@ -11,15 +11,16 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const ava_1 = __importDefault(require("ava"));
+const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
 const uploadLib = __importStar(require("./upload-lib"));
 testing_utils_1.setupTests(ava_1.default);
 ava_1.default('validateSarifFileSchema - valid', t => {
     const inputFile = __dirname + '/../src/testdata/valid-sarif.sarif';
-    t.notThrows(() => uploadLib.validateSarifFileSchema(inputFile));
+    t.notThrows(() => uploadLib.validateSarifFileSchema(inputFile, logging_1.getRunnerLogger()));
 });
 ava_1.default('validateSarifFileSchema - invalid', t => {
     const inputFile = __dirname + '/../src/testdata/invalid-sarif.sarif';
-    t.throws(() => uploadLib.validateSarifFileSchema(inputFile));
+    t.throws(() => uploadLib.validateSarifFileSchema(inputFile, logging_1.getRunnerLogger()));
 });
 //# sourceMappingURL=upload-lib.test.js.map

lib/upload-lib.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"upload-lib.test.js","sourceRoot":"","sources":["../src/upload-lib.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,mDAA2C;AAC3C,wDAA0C;AAE1C,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAC1C,MAAM,SAAS,GAAG,SAAS,GAAG,oCAAoC,CAAC;IACnE,CAAC,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC;AAClE,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,mCAAmC,EAAE,CAAC,CAAC,EAAE;IAC5C,MAAM,SAAS,GAAG,SAAS,GAAG,sCAAsC,CAAC;IACrE,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC;AAC/D,CAAC,CAAC,CAAC"}
+{"version":3,"file":"upload-lib.test.js","sourceRoot":"","sources":["../src/upload-lib.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,uCAA4C;AAC5C,mDAA2C;AAC3C,wDAA0C;AAE1C,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAC1C,MAAM,SAAS,GAAG,SAAS,GAAG,oCAAoC,CAAC;IACnE,CAAC,CAAC,SAAS,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,EAAE,yBAAe,EAAE,CAAC,CAAC,CAAC;AACrF,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,mCAAmC,EAAE,CAAC,CAAC,EAAE;IAC5C,MAAM,SAAS,GAAG,SAAS,GAAG,sCAAsC,CAAC;IACrE,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,EAAE,yBAAe,EAAE,CAAC,CAAC,CAAC;AAClF,CAAC,CAAC,CAAC"}

lib/upload-sarif-action.js

@@ -8,6 +8,8 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
+const logging_1 = require("./logging");
+const repository_1 = require("./repository");
 const upload_lib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
 async function sendSuccessStatusReport(startedAt, uploadStats) {
@@ -24,7 +26,7 @@ async function run() {
         return;
     }
     try {
-        const uploadStats = await upload_lib.upload(core.getInput('sarif_file'));
+        const uploadStats = await upload_lib.upload(core.getInput('sarif_file'), repository_1.parseRepositoryNwo(util.getRequiredEnvParam('GITHUB_REPOSITORY')), await util.getCommitOid(), util.getRef(), await util.getAnalysisKey(), util.getRequiredEnvParam('GITHUB_WORKFLOW'), util.getWorkflowRunID(), core.getInput('checkout_path'), core.getInput('matrix'), core.getInput('token'), util.getRequiredEnvParam('GITHUB_API_URL'), 'actions', logging_1.getActionsLogger());
         await sendSuccessStatusReport(startedAt, uploadStats);
     }
     catch (error) {
@@ -38,4 +40,4 @@ run().catch(e => {
     core.setFailed("codeql/upload-sarif action failed: " + e);
     console.log(e);
 });
-//# sourceMappingURL=upload-sarif.js.map
+//# sourceMappingURL=upload-sarif-action.js.map

lib/upload-sarif-action.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAEtC,uCAA6C;AAC7C,6CAAkD;AAClD,yDAA2C;AAC3C,6CAA+B;AAI/B,KAAK,UAAU,uBAAuB,CAAC,SAAe,EAAE,WAA0C;IAChG,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,cAAc,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IACjG,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAI,WAAW;KAChB,CAAC;IACF,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAC5C,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,cAAc,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,EAAE;QAChH,OAAO;KACR;IAED,IAAI;QACF,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,MAAM,CACzC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,EAC3B,+BAAkB,CAAC,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,CAAC,EACjE,MAAM,IAAI,CAAC,YAAY,EAAE,EACzB,IAAI,CAAC,MAAM,EAAE,EACb,MAAM,IAAI,CAAC,cAAc,EAAE,EAC3B,IAAI,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,EAC3C,IAAI,CAAC,gBAAgB,EAAE,EACvB,IAAI,CAAC,QAAQ,CAAC,eAAe,CAAC,EAC9B,IAAI,CAAC,QAAQ,CAAC,QAAQ,CAAC,EACvB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EACtB,IAAI,CAAC,mBAAmB,CAAC,gBAAgB,CAAC,EAC1C,SAAS,EACT,0BAAgB,EAAE,CAAC,CAAC;QACtB,MAAM,uBAAuB,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;KAEvD;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAC3D,cAAc,EACd,SAAS,EACT,SAAS,EACT,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;QAChB,OAAO;KACR;AACH,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,qCAAqC,GAAG,CAAC,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}

lib/upload-sarif.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"upload-sarif.js","sourceRoot":"","sources":["../src/upload-sarif.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAEtC,yDAA2C;AAC3C,6CAA+B;AAI/B,KAAK,UAAU,uBAAuB,CAAC,SAAe,EAAE,WAA0C;IAChG,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CAAC,cAAc,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;IACjG,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAI,WAAW;KAChB,CAAC;IACF,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAC5C,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAAC,cAAc,EAAE,UAAU,EAAE,SAAS,CAAC,EAAE,IAAI,CAAC,EAAE;QAChH,OAAO;KACR;IAED,IAAI;QACF,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,CAAC;QACzE,MAAM,uBAAuB,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;KAEvD;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,IAAI,CAAC,gBAAgB,CAAC,MAAM,IAAI,CAAC,sBAAsB,CAC3D,cAAc,EACd,SAAS,EACT,SAAS,EACT,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC;QAChB,OAAO;KACR;AACH,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,qCAAqC,GAAG,CAAC,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}

lib/util.js

@@ -45,6 +45,25 @@ function getRequiredEnvParam(paramName) {
     return value;
 }
 exports.getRequiredEnvParam = getRequiredEnvParam;
+/**
+ * Get the extra options for the codeql commands.
+ */
+function getExtraOptionsEnvParam() {
+    const varName = 'CODEQL_ACTION_EXTRA_OPTIONS';
+    const raw = process.env[varName];
+    if (raw === undefined || raw.length === 0) {
+        return {};
+    }
+    try {
+        return JSON.parse(raw);
+    }
+    catch (e) {
+        throw new Error(varName +
+            ' environment variable is set, but does not contain valid JSON: ' +
+            e.message);
+    }
+}
+exports.getExtraOptionsEnvParam = getExtraOptionsEnvParam;
 function isLocalRun() {
     return !!process.env.CODEQL_LOCAL_RUN
         && process.env.CODEQL_LOCAL_RUN !== 'false'
@@ -96,14 +115,11 @@ exports.getCommitOid = getCommitOid;
  * Get the path of the currently executing workflow.
  */
 async function getWorkflowPath() {
-    if (isLocalRun()) {
-        return 'LOCAL';
-    }
     const repo_nwo = getRequiredEnvParam('GITHUB_REPOSITORY').split("/");
     const owner = repo_nwo[0];
     const repo = repo_nwo[1];
     const run_id = Number(getRequiredEnvParam('GITHUB_RUN_ID'));
-    const apiClient = api.getApiClient();
+    const apiClient = api.getActionsApiClient();
     const runsResponse = await apiClient.request('GET /repos/:owner/:repo/actions/runs/:run_id', {
         owner,
         repo,
@@ -113,6 +129,17 @@ async function getWorkflowPath() {
     const workflowResponse = await apiClient.request('GET ' + workflowUrl);
     return workflowResponse.data.path;
 }
+/**
+ * Get the workflow run ID.
+ */
+function getWorkflowRunID() {
+    const workflowRunID = parseInt(getRequiredEnvParam('GITHUB_RUN_ID'), 10);
+    if (Number.isNaN(workflowRunID)) {
+        throw new Error('GITHUB_RUN_ID must define a non NaN workflow run ID');
+    }
+    return workflowRunID;
+}
+exports.getWorkflowRunID = getWorkflowRunID;
 /**
  * Get the analysis key paramter for the current job.
  *
@@ -230,7 +257,8 @@ async function sendStatusReport(statusReport, ignoreFailures) {
     core.debug('Sending status report: ' + statusReportJSON);
     const nwo = getRequiredEnvParam("GITHUB_REPOSITORY");
     const [owner, repo] = nwo.split("/");
-    const statusResponse = await api.getApiClient().request('PUT /repos/:owner/:repo/code-scanning/analysis/status', {
+    const client = api.getActionsApiClient();
+    const statusResponse = await client.request('PUT /repos/:owner/:repo/code-scanning/analysis/status', {
         owner: owner,
         repo: repo,
         data: statusReportJSON,
@@ -310,36 +338,51 @@ function getMemoryFlag() {
 }
 exports.getMemoryFlag = getMemoryFlag;
 /**
- * Get the codeql `--threads` value specified for the `threads` input. The value
- * defaults to 1. The value will be capped to the number of available CPUs.
+ * Get the codeql `--threads` value specified for the `threads` input.
+ * If not value was specified, all available threads will be used.
+ *
+ * The value will be capped to the number of available CPUs.
  *
  * @returns string
  */
 function getThreadsFlag() {
-    let numThreads = 1;
+    let numThreads;
     const numThreadsString = core.getInput("threads");
+    const maxThreads = os.cpus().length;
     if (numThreadsString) {
         numThreads = Number(numThreadsString);
         if (Number.isNaN(numThreads)) {
             throw new Error(`Invalid threads setting "${numThreadsString}", specified.`);
         }
-        const maxThreads = os.cpus().length;
         if (numThreads > maxThreads) {
+            core.info(`Clamping desired number of threads (${numThreads}) to max available (${maxThreads}).`);
             numThreads = maxThreads;
         }
         const minThreads = -maxThreads;
         if (numThreads < minThreads) {
+            core.info(`Clamping desired number of free threads (${numThreads}) to max available (${minThreads}).`);
             numThreads = minThreads;
         }
     }
+    else {
+        // Default to using all threads
+        numThreads = maxThreads;
+    }
     return `--threads=${numThreads}`;
 }
 exports.getThreadsFlag = getThreadsFlag;
 /**
  * Get the directory where CodeQL databases should be placed.
  */
-function getCodeQLDatabasesDir() {
-    return path.resolve(getRequiredEnvParam('RUNNER_TEMP'), 'codeql_databases');
+function getCodeQLDatabasesDir(tempDir) {
+    return path.resolve(tempDir, 'codeql_databases');
 }
 exports.getCodeQLDatabasesDir = getCodeQLDatabasesDir;
+/**
+ * Get the path where the CodeQL database for the given language lives.
+ */
+function getCodeQLDatabasePath(tempDir, language) {
+    return path.resolve(getCodeQLDatabasesDir(tempDir), language);
+}
+exports.getCodeQLDatabasePath = getCodeQLDatabasePath;
 //# sourceMappingURL=util.js.map

lib/util.test.js

@@ -92,4 +92,25 @@ ava_1.default('prepareEnvironment() when a local run', t => {
     t.deepEqual(process.env.GITHUB_JOB, 'UNKNOWN-JOB');
     process.env.CODEQL_LOCAL_RUN = origLocalRun;
 });
+ava_1.default('getExtraOptionsEnvParam() succeeds on valid JSON with invalid options (for now)', t => {
+    const origExtraOptions = process.env.CODEQL_ACTION_EXTRA_OPTIONS;
+    const options = { foo: 42 };
+    process.env.CODEQL_ACTION_EXTRA_OPTIONS = JSON.stringify(options);
+    t.deepEqual(util.getExtraOptionsEnvParam(), options);
+    process.env.CODEQL_ACTION_EXTRA_OPTIONS = origExtraOptions;
+});
+ava_1.default('getExtraOptionsEnvParam() succeeds on valid options', t => {
+    const origExtraOptions = process.env.CODEQL_ACTION_EXTRA_OPTIONS;
+    const options = { database: { init: ["--debug"] } };
+    process.env.CODEQL_ACTION_EXTRA_OPTIONS =
+        JSON.stringify(options);
+    t.deepEqual(util.getExtraOptionsEnvParam(), options);
+    process.env.CODEQL_ACTION_EXTRA_OPTIONS = origExtraOptions;
+});
+ava_1.default('getExtraOptionsEnvParam() fails on invalid JSON', t => {
+    const origExtraOptions = process.env.CODEQL_ACTION_EXTRA_OPTIONS;
+    process.env.CODEQL_ACTION_EXTRA_OPTIONS = "{{invalid-json}}";
+    t.throws(util.getExtraOptionsEnvParam);
+    process.env.CODEQL_ACTION_EXTRA_OPTIONS = origExtraOptions;
+});
 //# sourceMappingURL=util.test.js.map

lib/util.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"util.test.js","sourceRoot":"","sources":["../src/util.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,uCAAyB;AAEzB,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE;IACvB,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,GAAG,mCAAmC,EAAE,MAAM,CAAC,CAAC;IACvF,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,+BAA+B,EAAE,QAAQ,CAAC,CAAC,CAAC;AACtE,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,sDAAsD,EAAE,CAAC,CAAC,EAAE;IAE/D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC;IAE3D,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,SAAS,QAAQ,GAAG,GAAG,EAAE;QAC7B,KAAK,EAAE,WAAW;KACnB,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAEzD,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;QAEjC,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,uDAAuD,EAAE,CAAC,CAAC,EAAE;IAChE,KAAK,MAAM,KAAK,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE;QACpC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;QACjC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;KAC9B;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,2DAA2D,EAAE,CAAC,CAAC,EAAE;IAEpE,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC;IAEjC,MAAM,KAAK,GAAG;QACZ,GAAG,EAAE,aAAa;QAClB,GAAG,EAAE,aAAa;QAClB,CAAC,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,OAAO,EAAE;QAC1C,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,OAAO,EAAE;KAC7C,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAEzD,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC;QAErC,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACnC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,gEAAgE,EAAE,CAAC,CAAC,EAAE;IACzE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,QAAQ,CAAC;IACxC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;AAChC,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,qCAAqC,EAAE,CAAC,CAAC,EAAE;IAC9C,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC;IAC/B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,6BAA6B,EAAE,CAAC,CAAC,EAAE;IACtC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAElD,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,EAAE,CAAC;IAClC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE7B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,OAAO,CAAC;IACvC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE7B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,GAAG,CAAC;IACnC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE7B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,MAAM,CAAC;IACtC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE5B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,SAAS,CAAC;IACzC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE5B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,YAAY,CAAC;AAC9C,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,uCAAuC,EAAE,CAAC,CAAC,EAAE;IAChD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAElD,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,OAAO,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,KAAK,CAAC;IAE/B,IAAI,CAAC,0BAA0B,EAAE,CAAC;IAElC,YAAY;IACZ,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAE3C,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,MAAM,CAAC;IAEtC,IAAI,CAAC,0BAA0B,EAAE,CAAC;IAElC,YAAY;IACZ,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAE3C,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,EAAE,CAAC;IAE5B,IAAI,CAAC,0BAA0B,EAAE,CAAC;IAElC,UAAU;IACV,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAEnD,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,YAAY,CAAC;AAC9C,CAAC,CAAC,CAAC"}
+{"version":3,"file":"util.test.js","sourceRoot":"","sources":["../src/util.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,uCAAyB;AAEzB,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE;IACvB,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,GAAG,mCAAmC,EAAE,MAAM,CAAC,CAAC;IACvF,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,+BAA+B,EAAE,QAAQ,CAAC,CAAC,CAAC;AACtE,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,sDAAsD,EAAE,CAAC,CAAC,EAAE;IAE/D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC;IAE3D,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,SAAS,QAAQ,GAAG,GAAG,EAAE;QAC7B,KAAK,EAAE,WAAW;KACnB,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAEzD,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;QAEjC,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,uDAAuD,EAAE,CAAC,CAAC,EAAE;IAChE,KAAK,MAAM,KAAK,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE;QACpC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;QACjC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;KAC9B;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,2DAA2D,EAAE,CAAC,CAAC,EAAE;IAEpE,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC;IAEjC,MAAM,KAAK,GAAG;QACZ,GAAG,EAAE,aAAa;QAClB,GAAG,EAAE,aAAa;QAClB,CAAC,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,OAAO,EAAE;QAC1C,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,OAAO,EAAE;KAC7C,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAEzD,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC;QAErC,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACnC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,gEAAgE,EAAE,CAAC,CAAC,EAAE;IACzE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,QAAQ,CAAC;IACxC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;AAChC,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,qCAAqC,EAAE,CAAC,CAAC,EAAE;IAC9C,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC;IAC/B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,6BAA6B,EAAE,CAAC,CAAC,EAAE;IACtC,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAElD,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,EAAE,CAAC;IAClC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE7B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,OAAO,CAAC;IACvC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE7B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,GAAG,CAAC;IACnC,CAAC,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE7B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,MAAM,CAAC;IACtC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE5B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,SAAS,CAAC;IACzC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,CAAC,CAAC;IAE5B,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,YAAY,CAAC;AAC9C,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,uCAAuC,EAAE,CAAC,CAAC,EAAE;IAChD,MAAM,YAAY,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC;IAElD,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,OAAO,CAAC;IACvC,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,KAAK,CAAC;IAE/B,IAAI,CAAC,0BAA0B,EAAE,CAAC;IAElC,YAAY;IACZ,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAE3C,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,MAAM,CAAC;IAEtC,IAAI,CAAC,0BAA0B,EAAE,CAAC;IAElC,YAAY;IACZ,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAE3C,OAAO,CAAC,GAAG,CAAC,UAAU,GAAG,EAAE,CAAC;IAE5B,IAAI,CAAC,0BAA0B,EAAE,CAAC;IAElC,UAAU;IACV,CAAC,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,EAAE,aAAa,CAAC,CAAC;IAEnD,OAAO,CAAC,GAAG,CAAC,gBAAgB,GAAG,YAAY,CAAC;AAC9C,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,iFAAiF,EAAE,CAAC,CAAC,EAAE;IAC1F,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;IAEjE,MAAM,OAAO,GAAG,EAAC,GAAG,EAAE,EAAE,EAAC,CAAC;IAE1B,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAElE,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAO,OAAO,CAAC,CAAC;IAE1D,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,gBAAgB,CAAC;AAC7D,CAAC,CAAC,CAAC;AAGH,aAAI,CAAC,qDAAqD,EAAE,CAAC,CAAC,EAAE;IAC9D,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;IAEjE,MAAM,OAAO,GAAG,EAAE,QAAQ,EAAE,EAAE,IAAI,EAAE,CAAC,SAAS,CAAC,EAAE,EAAE,CAAC;IACpD,OAAO,CAAC,GAAG,CAAC,2BAA2B;QACrC,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;IAE1B,CAAC,CAAC,SAAS,CAAC,IAAI,CAAC,uBAAuB,EAAE,EAAE,OAAO,CAAC,CAAC;IAErD,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,gBAAgB,CAAC;AAC7D,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,iDAAiD,EAAE,CAAC,CAAC,EAAE;IAC1D,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,2BAA2B,CAAC;IAEjE,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,kBAAkB,CAAC;IAC7D,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;IAEvC,OAAO,CAAC,GAAG,CAAC,2BAA2B,GAAG,gBAAgB,CAAC;AAC7D,CAAC,CAAC,CAAC"}

node_modules/commander/CHANGELOG.md

@@ -1,419 +1,300 @@
-2.20.3 / 2019-10-11
-==================
+# Changelog
 
-  * Support Node.js 0.10 (Revert #1059)
-  * Ran "npm unpublish commander@2.20.2". There is no 2.20.2.
+All notable changes to this project will be documented in this file.
 
-2.20.1 / 2019-09-29
-==================
+The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
+and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). (Format adopted after v3.0.0.)
 
-  * Improve executable subcommand tracking
-  * Update dev dependencies
+<!-- markdownlint-disable MD024 -->
+<!-- markdownlint-disable MD004 -->
 
-2.20.0 / 2019-04-02
-==================
+## [6.0.0] (2020-07-21)
 
-  * fix: resolve symbolic links completely when hunting for subcommands (#935)
-  * Update index.d.ts (#930)
-  * Update Readme.md (#924)
-  * Remove --save option as it isn't required anymore (#918)
-  * Add link to the license file (#900)
-  * Added example of receiving args from options (#858)
-  * Added missing semicolon (#882)
-  * Add extension to .eslintrc (#876)
-
-2.19.0 / 2018-10-02
-==================
+### Added
 
-  * Removed newline after Options and Commands headers (#864)
-  * Bugfix - Error output (#862)
-  * Fix to change default value to string (#856)
-
-2.18.0 / 2018-09-07
-==================
-
-  * Standardize help output (#853)
-  * chmod 644 travis.yml (#851)
-  * add support for execute typescript subcommand via ts-node (#849)
-
-2.17.1 / 2018-08-07
-==================
-
-  * Fix bug in command emit (#844)
-
-2.17.0 / 2018-08-03
-==================
-
-  * fixed newline output after help information (#833)
-  * Fix to emit the action even without command (#778)
-  * npm update (#823)
-
-2.16.0 / 2018-06-29
-==================
-
-  * Remove Makefile and `test/run` (#821)
-  * Make 'npm test' run on Windows (#820)
-  * Add badge to display install size (#807)
-  * chore: cache node_modules (#814)
-  * chore: remove Node.js 4 (EOL), add Node.js 10 (#813)
-  * fixed typo in readme (#812)
-  * Fix types (#804)
-  * Update eslint to resolve vulnerabilities in lodash (#799)
-  * updated readme with custom event listeners. (#791)
-  * fix tests (#794)
-
-2.15.0 / 2018-03-07
-==================
-
-  * Update downloads badge to point to graph of downloads over time instead of duplicating link to npm
-  * Arguments description
-
-2.14.1 / 2018-02-07
-==================
-
-  * Fix typing of help function
-
-2.14.0 / 2018-02-05
-==================
-
-  * only register the option:version event once
-  * Fixes issue #727: Passing empty string for option on command is set to undefined
-  * enable eqeqeq rule
-  * resolves #754 add linter configuration to project
-  * resolves #560 respect custom name for version option
-  * document how to override the version flag
-  * document using options per command
-
-2.13.0 / 2018-01-09
-==================
-
-  * Do not print default for --no-
-  * remove trailing spaces in command help
-  * Update CI's Node.js to LTS and latest version
-  * typedefs: Command and Option types added to commander namespace
-
-2.12.2 / 2017-11-28
-==================
-
-  * fix: typings are not shipped
-
-2.12.1 / 2017-11-23
-==================
-
-  * Move @types/node to dev dependency
-
-2.12.0 / 2017-11-22
-==================
-
-  * add attributeName() method to Option objects
-  * Documentation updated for options with --no prefix
-  * typings: `outputHelp` takes a string as the first parameter
-  * typings: use overloads
-  * feat(typings): update to match js api
-  * Print default value in option help
-  * Fix translation error
-  * Fail when using same command and alias (#491)
-  * feat(typings): add help callback
-  * fix bug when description is add after command with options (#662)
-  * Format js code
-  * Rename History.md to CHANGELOG.md (#668)
-  * feat(typings): add typings to support TypeScript (#646)
-  * use current node
-
-2.11.0 / 2017-07-03
-==================
-
-  * Fix help section order and padding (#652)
-  * feature: support for signals to subcommands (#632)
-  * Fixed #37, --help should not display first (#447)
-  * Fix translation errors. (#570)
-  * Add package-lock.json
-  * Remove engines
-  * Upgrade package version
-  * Prefix events to prevent conflicts between commands and options (#494)
-  * Removing dependency on graceful-readlink
-  * Support setting name in #name function and make it chainable
-  * Add .vscode directory to .gitignore (Visual Studio Code metadata)
-  * Updated link to ruby commander in readme files
-
-2.10.0 / 2017-06-19
-==================
-
-  * Update .travis.yml. drop support for older node.js versions.
-  * Fix require arguments in README.md
-  * On SemVer you do not start from 0.0.1
-  * Add missing semi colon in readme
-  * Add save param to npm install
-  * node v6 travis test
-  * Update Readme_zh-CN.md
-  * Allow literal '--' to be passed-through as an argument
-  * Test subcommand alias help
-  * link build badge to master branch
-  * Support the alias of Git style sub-command
-  * added keyword commander for better search result on npm
-  * Fix Sub-Subcommands
-  * test node.js stable
-  * Fixes TypeError when a command has an option called `--description`
-  * Update README.md to make it beginner friendly and elaborate on the difference between angled and square brackets.
-  * Add chinese Readme file
+- add support for variadic options ([#1250])
+- allow options to be added with just a short flag ([#1256])
+- throw an error if there might be a clash between option name and a Command property, with advice on how to resolve ([#1275])
 
-2.9.0 / 2015-10-13
-==================
+### Fixed
 
-  * Add option `isDefault` to set default subcommand #415 @Qix-
-  * Add callback to allow filtering or post-processing of help text #434 @djulien
-  * Fix `undefined` text in help information close #414 #416 @zhiyelee
+- Options which contain -no- in the middle of the option flag should not be treated as negatable. ([#1301])
 
-2.8.1 / 2015-04-22
-==================
+## [6.0.0-0] (2020-06-20)
 
- * Back out `support multiline description` Close #396 #397
+(Released in 6.0.0)
 
-2.8.0 / 2015-04-07
-==================
+## [5.1.0] (2020-04-25)
 
-  * Add `process.execArg` support, execution args like `--harmony` will be passed to sub-commands #387 @DigitalIO @zhiyelee
-  * Fix bug in Git-style sub-commands #372 @zhiyelee
-  * Allow commands to be hidden from help #383 @tonylukasavage
-  * When git-style sub-commands are in use, yet none are called, display help #382 @claylo
-  * Add ability to specify arguments syntax for top-level command #258 @rrthomas
-  * Support multiline descriptions #208 @zxqfox
+### Added
 
-2.7.1 / 2015-03-11
-==================
+- support for multiple command aliases, the first of which is shown in the auto-generated help ([#531], [#1236])
+- configuration support in `addCommand()` for `hidden` and `isDefault` ([#1232])
 
- * Revert #347 (fix collisions when option and first arg have same name) which causes a bug in #367.
+### Fixed
 
-2.7.0 / 2015-03-09
-==================
+- omit masked help flags from the displayed help ([#645], [#1247])
+- remove old short help flag when change help flags using `helpOption` ([#1248])
 
- * Fix git-style bug when installed globally. Close #335 #349 @zhiyelee
- * Fix collisions when option and first arg have same name. Close #346 #347 @tonylukasavage
- * Add support for camelCase on `opts()`. Close #353  @nkzawa
- * Add node.js 0.12 and io.js to travis.yml
- * Allow RegEx options. #337 @palanik
- * Fixes exit code when sub-command failing.  Close #260 #332 @pirelenito
- * git-style `bin` files in $PATH make sense. Close #196 #327  @zhiyelee
+### Changed
 
-2.6.0 / 2014-12-30
-==================
+- remove use of `arguments` to improve auto-generated help in editors ([#1235])
+- rename `.command()` configuration `noHelp` to `hidden` (but not remove old support) ([#1232])
+- improvements to documentation
+- update dependencies
+- update tested versions of node
+- eliminate lint errors in TypeScript ([#1208])
 
-  * added `Command#allowUnknownOption` method. Close #138 #318 @doozr @zhiyelee
-  * Add application description to the help msg. Close #112 @dalssoft
+## [5.0.0] (2020-03-14)
 
-2.5.1 / 2014-12-15
-==================
+### Added
 
-  * fixed two bugs incurred by variadic arguments. Close #291 @Quentin01 #302 @zhiyelee
+* support for nested commands with action-handlers ([#1] [#764] [#1149])
+* `.addCommand()` for adding a separately configured command ([#764] [#1149])
+* allow a non-executable to be set as the default command ([#742] [#1149])
+* implicit help command when there are subcommands (previously only if executables) ([#1149])
+* customise implicit help command with `.addHelpCommand()` ([#1149])
+* display error message for unknown subcommand, by default ([#432] [#1088] [#1149])
+* display help for missing subcommand, by default ([#1088] [#1149])
+* combined short options as single argument may include boolean flags and value flag and value (e.g. `-a -b -p 80` can be written as `-abp80`) ([#1145])
+* `.parseOption()` includes short flag and long flag expansions ([#1145])
+* `.helpInformation()` returns help text as a string, previously a private routine ([#1169])
+* `.parse()` implicitly uses `process.argv` if arguments not specified ([#1172])
+* optionally specify where `.parse()` arguments "from", if not following node conventions ([#512] [#1172])
+* suggest help option along with unknown command error ([#1179])
+* TypeScript definition for `commands` property of `Command` ([#1184])
+* export `program` property ([#1195])
+* `createCommand` factory method to simplify subclassing ([#1191])
 
-2.5.0 / 2014-10-24
-==================
+### Fixed
 
- * add support for variadic arguments. Closes #277 @whitlockjc
+* preserve argument order in subcommands ([#508] [#962] [#1138])
+* do not emit `command:*` for executable subcommands ([#809] [#1149])
+* action handler called whether or not there are non-option arguments ([#1062] [#1149])
+* combining option short flag and value in single argument now works for subcommands ([#1145])
+* only add implicit help command when it will not conflict with other uses of argument ([#1153] [#1149])
+* implicit help command works with command aliases ([#948] [#1149])
+* options are validated whether or not there is an action handler ([#1149])
 
-2.4.0 / 2014-10-17
-==================
+### Changed
 
- * fixed a bug on executing the coercion function of subcommands option. Closes #270
- * added `Command.prototype.name` to retrieve command name. Closes #264 #266 @tonylukasavage
- * added `Command.prototype.opts` to retrieve all the options as a simple object of key-value pairs. Closes #262 @tonylukasavage
- * fixed a bug on subcommand name. Closes #248 @jonathandelgado
- * fixed function normalize doesn’t honor option terminator. Closes #216 @abbr
+* *Breaking* `.args` contains command arguments with just recognised options removed ([#1032] [#1138])
+* *Breaking* display error if required argument for command is missing ([#995] [#1149])
+* tighten TypeScript definition of custom option processing function passed to `.option()` ([#1119])
+* *Breaking* `.allowUnknownOption()` ([#802] [#1138])
+  * unknown options included in arguments passed to command action handler
+  * unknown options included in `.args`
+* only recognised option short flags and long flags are expanded (e.g. `-ab` or `--foo=bar`) ([#1145])
+* *Breaking* `.parseOptions()` ([#1138])
+  * `args` in returned result renamed `operands` and does not include anything after first unknown option
+  * `unknown` in returned result has arguments after first unknown option including operands, not just options and values
+* *Breaking* `.on('command:*', callback)` and other command events passed (changed) results from `.parseOptions`, i.e. operands and unknown  ([#1138])
+* refactor Option from prototype to class ([#1133])
+* refactor Command from prototype to class ([#1159])
+* changes to error handling ([#1165])
+  * throw for author error, not just display message
+  * preflight for variadic error
+  * add tips to missing subcommand executable
+* TypeScript fluent return types changed to be more subclass friendly, return `this` rather than `Command` ([#1180])
+* `.parseAsync` returns `Promise<this>` to be consistent with `.parse()` ([#1180])
+* update dependencies
 
-2.3.0 / 2014-07-16
-==================
+### Removed
 
- * add command alias'. Closes PR #210
- * fix: Typos. Closes #99
- * fix: Unused fs module. Closes #217
+* removed EventEmitter from TypeScript definition for Command, eliminating implicit peer dependency on `@types/node` ([#1146])
+* removed private function `normalize` (the functionality has been integrated into `parseOptions`) ([#1145])
+* `parseExpectedArgs` is now private ([#1149])
 
-2.2.0 / 2014-03-29
-==================
+### Migration Tips
 
- * add passing of previous option value
- * fix: support subcommands on windows. Closes #142
- * Now the defaultValue passed as the second argument of the coercion function.
+If you use `.on('command:*')` or more complicated tests to detect an unrecognised subcommand, you may be able to delete the code and rely on the default behaviour.
 
-2.1.0 / 2013-11-21
-==================
+If you use `program.args` or more complicated tests to detect a missing subcommand, you may be able to delete the code and rely on the default behaviour.
 
- * add: allow cflag style option params, unit test, fixes #174
+If you use `.command('*')` to add a default command, you may be be able to switch to `isDefault:true` with a named command.
 
-2.0.0 / 2013-07-18
-==================
+## [5.0.0-4] (2020-03-03)
 
- * remove input methods (.prompt, .confirm, etc)
+(Released in 5.0.0)
 
-1.3.2 / 2013-07-18
-==================
+## [5.0.0-3] (2020-02-20)
 
- * add support for sub-commands to co-exist with the original command
+(Released in 5.0.0)
 
-1.3.1 / 2013-07-18
-==================
+## [5.0.0-2] (2020-02-10)
 
- * add quick .runningCommand hack so you can opt-out of other logic when running a sub command
+(Released in 5.0.0)
 
-1.3.0 / 2013-07-09
-==================
+## [5.0.0-1] (2020-02-08)
 
- * add EACCES error handling
- * fix sub-command --help
+(Released in 5.0.0)
 
-1.2.0 / 2013-06-13
-==================
+## [5.0.0-0] (2020-02-02)
 
- * allow "-" hyphen as an option argument
- * support for RegExp coercion
+(Released in 5.0.0)
 
-1.1.1 / 2012-11-20
-==================
+## [4.1.1] (2020-02-02)
 
-  * add more sub-command padding
-  * fix .usage() when args are present. Closes #106
+### Fixed
 
-1.1.0 / 2012-11-16
-==================
+* TypeScript definition for `.action()` should include Promise for async ([#1157])
 
-  * add git-style executable subcommand support. Closes #94
+## [4.1.0] (2020-01-06)
 
-1.0.5 / 2012-10-09
-==================
+### Added
 
-  * fix `--name` clobbering. Closes #92
-  * fix examples/help. Closes #89
+* two routines to change how option values are handled, and eliminate name clashes with command properties ([#933] [#1102])
+  * see storeOptionsAsProperties and passCommandToAction in README
+* `.parseAsync` to use instead of `.parse` if supply async action handlers ([#806] [#1118])
 
-1.0.4 / 2012-09-03
-==================
+### Fixed
 
-  * add `outputHelp()` method.
+* Remove trailing blanks from wrapped help text ([#1096])
 
-1.0.3 / 2012-08-30
-==================
+### Changed
 
-  * remove invalid .version() defaulting
+* update dependencies
+* extend security coverage for Commander 2.x to 2020-02-03
+* improvements to README
+* improvements to TypeScript definition documentation
+* move old versions out of main CHANGELOG
+* removed explicit use of `ts-node` in tests
 
-1.0.2 / 2012-08-24
-==================
+## [4.0.1] (2019-11-12)
 
-  * add `--foo=bar` support [arv]
-  * fix password on node 0.8.8. Make backward compatible with 0.6 [focusaurus]
+### Fixed
 
-1.0.1 / 2012-08-03
-==================
+* display help when requested, even if there are missing required options ([#1091])
 
-  * fix issue #56
-  * fix tty.setRawMode(mode) was moved to tty.ReadStream#setRawMode() (i.e. process.stdin.setRawMode())
+## [4.0.0] (2019-11-02)
 
-1.0.0 / 2012-07-05
-==================
+### Added
 
-  * add support for optional option descriptions
-  * add defaulting of `.version()` to package.json's version
+* automatically wrap and indent help descriptions for options and commands ([#1051])
+* `.exitOverride()` allows override of calls to `process.exit` for additional error handling and to keep program running ([#1040])
+* support for declaring required options with `.requiredOptions()` ([#1071])
+* GitHub Actions support ([#1027])
+* translation links in README
 
-0.6.1 / 2012-06-01
-==================
+### Changed
 
-  * Added: append (yes or no) on confirmation
-  * Added: allow node.js v0.7.x
+* dev: switch tests from Sinon+Should to Jest with major rewrite of tests ([#1035])
+* call default subcommand even when there are unknown options ([#1047])
+* *Breaking* Commander is only officially supported on Node 8 and above, and requires Node 6 ([#1053])
 
-0.6.0 / 2012-04-10
-==================
+### Fixed
 
-  * Added `.prompt(obj, callback)` support. Closes #49
-  * Added default support to .choose(). Closes #41
-  * Fixed the choice example
+* *Breaking* keep command object out of program.args when action handler called ([#1048])
+  * also, action handler now passed array of unknown arguments
+* complain about unknown options when program argument supplied and action handler ([#1049])
+  * this changes parameters to `command:*` event to include unknown arguments
+* removed deprecated `customFds` option from call to `child_process.spawn` ([#1052])
+* rework TypeScript declarations to bring all types into imported namespace ([#1081])
 
-0.5.1 / 2011-12-20
-==================
+### Migration Tips
 
-  * Fixed `password()` for recent nodes. Closes #36
+#### Testing for no arguments
 
-0.5.0 / 2011-12-04
-==================
+If you were previously using code like:
 
-  * Added sub-command option support [itay]
+```js
+if (!program.args.length) ...
+```
 
-0.4.3 / 2011-12-04
-==================
-
-  * Fixed custom help ordering. Closes #32
-
-0.4.2 / 2011-11-24
-==================
-
-  * Added travis support
-  * Fixed: line-buffered input automatically trimmed. Closes #31
-
-0.4.1 / 2011-11-18
-==================
-
-  * Removed listening for "close" on --help
-
-0.4.0 / 2011-11-15
-==================
-
-  * Added support for `--`. Closes #24
-
-0.3.3 / 2011-11-14
-==================
-
-  * Fixed: wait for close event when writing help info [Jerry Hamlet]
-
-0.3.2 / 2011-11-01
-==================
-
-  * Fixed long flag definitions with values [felixge]
-
-0.3.1 / 2011-10-31
-==================
-
-  * Changed `--version` short flag to `-V` from `-v`
-  * Changed `.version()` so it's configurable [felixge]
-
-0.3.0 / 2011-10-31
-==================
-
-  * Added support for long flags only. Closes #18
-
-0.2.1 / 2011-10-24
-==================
-
-  * "node": ">= 0.4.x < 0.7.0". Closes #20
-
-0.2.0 / 2011-09-26
-==================
-
-  * Allow for defaults that are not just boolean. Default peassignment only occurs for --no-*, optional, and required arguments. [Jim Isaacs]
-
-0.1.0 / 2011-08-24
-==================
-
-  * Added support for custom `--help` output
-
-0.0.5 / 2011-08-18
-==================
-
-  * Changed: when the user enters nothing prompt for password again
-  * Fixed issue with passwords beginning with numbers [NuckChorris]
-
-0.0.4 / 2011-08-15
-==================
-
-  * Fixed `Commander#args`
-
-0.0.3 / 2011-08-15
-==================
-
-  * Added default option value support
-
-0.0.2 / 2011-08-15
-==================
-
-  * Added mask support to `Command#password(str[, mask], fn)`
-  * Added `Command#password(str, fn)`
-
-0.0.1 / 2010-01-03
-==================
-
-  * Initial release
+a partial replacement is:
+
+```js
+if (program.rawArgs.length < 3) ...
+```
+
+## [4.0.0-1] Prerelease (2019-10-08)
+
+(Released in 4.0.0)
+
+## [4.0.0-0] Prerelease (2019-10-01)
+
+(Released in 4.0.0)
+
+## Older versions
+
+* [3.x](./changelogs/CHANGELOG-3.md)
+* [2.x](./changelogs/CHANGELOG-2.md)
+* [1.x](./changelogs/CHANGELOG-1.md)
+* [0.x](./changelogs/CHANGELOG-0.md)
+
+[#1]: https://github.com/tj/commander.js/issues/1
+[#432]: https://github.com/tj/commander.js/issues/432
+[#508]: https://github.com/tj/commander.js/issues/508
+[#512]: https://github.com/tj/commander.js/issues/512
+[#531]: https://github.com/tj/commander.js/issues/531
+[#645]: https://github.com/tj/commander.js/issues/645
+[#742]: https://github.com/tj/commander.js/issues/742
+[#764]: https://github.com/tj/commander.js/issues/764
+[#802]: https://github.com/tj/commander.js/issues/802
+[#806]: https://github.com/tj/commander.js/issues/806
+[#809]: https://github.com/tj/commander.js/issues/809
+[#948]: https://github.com/tj/commander.js/issues/948
+[#962]: https://github.com/tj/commander.js/issues/962
+[#995]: https://github.com/tj/commander.js/issues/995
+[#1027]: https://github.com/tj/commander.js/pull/1027
+[#1032]: https://github.com/tj/commander.js/issues/1032
+[#1035]: https://github.com/tj/commander.js/pull/1035
+[#1040]: https://github.com/tj/commander.js/pull/1040
+[#1047]: https://github.com/tj/commander.js/pull/1047
+[#1048]: https://github.com/tj/commander.js/pull/1048
+[#1049]: https://github.com/tj/commander.js/pull/1049
+[#1051]: https://github.com/tj/commander.js/pull/1051
+[#1052]: https://github.com/tj/commander.js/pull/1052
+[#1053]: https://github.com/tj/commander.js/pull/1053
+[#1062]: https://github.com/tj/commander.js/pull/1062
+[#1071]: https://github.com/tj/commander.js/pull/1071
+[#1081]: https://github.com/tj/commander.js/pull/1081
+[#1088]: https://github.com/tj/commander.js/issues/1088
+[#1091]: https://github.com/tj/commander.js/pull/1091
+[#1096]: https://github.com/tj/commander.js/pull/1096
+[#1102]: https://github.com/tj/commander.js/pull/1102
+[#1118]: https://github.com/tj/commander.js/pull/1118
+[#1119]: https://github.com/tj/commander.js/pull/1119
+[#1133]: https://github.com/tj/commander.js/pull/1133
+[#1138]: https://github.com/tj/commander.js/pull/1138
+[#1145]: https://github.com/tj/commander.js/pull/1145
+[#1146]: https://github.com/tj/commander.js/pull/1146
+[#1149]: https://github.com/tj/commander.js/pull/1149
+[#1153]: https://github.com/tj/commander.js/issues/1153
+[#1157]: https://github.com/tj/commander.js/pull/1157
+[#1159]: https://github.com/tj/commander.js/pull/1159
+[#1165]: https://github.com/tj/commander.js/pull/1165
+[#1169]: https://github.com/tj/commander.js/pull/1169
+[#1172]: https://github.com/tj/commander.js/pull/1172
+[#1179]: https://github.com/tj/commander.js/pull/1179
+[#1180]: https://github.com/tj/commander.js/pull/1180
+[#1184]: https://github.com/tj/commander.js/pull/1184
+[#1191]: https://github.com/tj/commander.js/pull/1191
+[#1195]: https://github.com/tj/commander.js/pull/1195
+[#1208]: https://github.com/tj/commander.js/pull/1208
+[#1232]: https://github.com/tj/commander.js/pull/1232
+[#1235]: https://github.com/tj/commander.js/pull/1235
+[#1236]: https://github.com/tj/commander.js/pull/1236
+[#1247]: https://github.com/tj/commander.js/pull/1247
+[#1248]: https://github.com/tj/commander.js/pull/1248
+[#1250]: https://github.com/tj/commander.js/pull/1250
+[#1256]: https://github.com/tj/commander.js/pull/1256
+[#1275]: https://github.com/tj/commander.js/pull/1275
+[#1301]: https://github.com/tj/commander.js/issues/1301
+
+[Unreleased]: https://github.com/tj/commander.js/compare/master...develop
+[6.0.0]: https://github.com/tj/commander.js/compare/v5.1.0..v6.0.0
+[6.0.0-0]: https://github.com/tj/commander.js/compare/v5.1.0..v6.0.0-0
+[5.1.0]: https://github.com/tj/commander.js/compare/v5.0.0..v5.1.0
+[5.0.0]: https://github.com/tj/commander.js/compare/v4.1.1..v5.0.0
+[5.0.0-4]: https://github.com/tj/commander.js/compare/v5.0.0-3..v5.0.0-4
+[5.0.0-3]: https://github.com/tj/commander.js/compare/v5.0.0-2..v5.0.0-3
+[5.0.0-2]: https://github.com/tj/commander.js/compare/v5.0.0-1..v5.0.0-2
+[5.0.0-1]: https://github.com/tj/commander.js/compare/v5.0.0-0..v5.0.0-1
+[5.0.0-0]: https://github.com/tj/commander.js/compare/v4.1.1..v5.0.0-0
+[4.1.1]: https://github.com/tj/commander.js/compare/v4.1.0..v4.1.1
+[4.1.0]: https://github.com/tj/commander.js/compare/v4.0.1..v4.1.0
+[4.0.1]: https://github.com/tj/commander.js/compare/v4.0.0..v4.0.1
+[4.0.0]: https://github.com/tj/commander.js/compare/v3.0.2..v4.0.0
+[4.0.0-1]: https://github.com/tj/commander.js/compare/v4.0.0-0..v4.0.0-1
+[4.0.0-0]: https://github.com/tj/commander.js/compare/v3.0.2...v4.0.0-0

node_modules/commander/Readme.md

@@ -1,187 +1,400 @@
 # Commander.js
 
-
 [![Build Status](https://api.travis-ci.org/tj/commander.js.svg?branch=master)](http://travis-ci.org/tj/commander.js)
 [![NPM Version](http://img.shields.io/npm/v/commander.svg?style=flat)](https://www.npmjs.org/package/commander)
 [![NPM Downloads](https://img.shields.io/npm/dm/commander.svg?style=flat)](https://npmcharts.com/compare/commander?minimal=true)
 [![Install Size](https://packagephobia.now.sh/badge?p=commander)](https://packagephobia.now.sh/result?p=commander)
-[![Join the chat at https://gitter.im/tj/commander.js](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/tj/commander.js?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
 
-  The complete solution for [node.js](http://nodejs.org) command-line interfaces, inspired by Ruby's [commander](https://github.com/commander-rb/commander).  
-  [API documentation](http://tj.github.com/commander.js/)
+The complete solution for [node.js](http://nodejs.org) command-line interfaces, inspired by Ruby's [commander](https://github.com/commander-rb/commander).
 
+Read this in other languages: English | [简体中文](./Readme_zh-CN.md)
+
+- [Commander.js](#commanderjs)
+  - [Installation](#installation)
+  - [Declaring _program_ variable](#declaring-program-variable)
+  - [Options](#options)
+    - [Common option types, boolean and value](#common-option-types-boolean-and-value)
+    - [Default option value](#default-option-value)
+    - [Other option types, negatable boolean and flag|value](#other-option-types-negatable-boolean-and-flagvalue)
+    - [Custom option processing](#custom-option-processing)
+    - [Required option](#required-option)
+    - [Variadic option](#variadic-option)
+    - [Version option](#version-option)
+  - [Commands](#commands)
+    - [Specify the argument syntax](#specify-the-argument-syntax)
+    - [Action handler (sub)commands](#action-handler-subcommands)
+    - [Stand-alone executable (sub)commands](#stand-alone-executable-subcommands)
+  - [Automated help](#automated-help)
+    - [Custom help](#custom-help)
+    - [.usage and .name](#usage-and-name)
+    - [.help(cb)](#helpcb)
+    - [.outputHelp(cb)](#outputhelpcb)
+    - [.helpInformation()](#helpinformation)
+    - [.helpOption(flags, description)](#helpoptionflags-description)
+    - [.addHelpCommand()](#addhelpcommand)
+  - [Custom event listeners](#custom-event-listeners)
+  - [Bits and pieces](#bits-and-pieces)
+    - [.parse() and .parseAsync()](#parse-and-parseasync)
+    - [Avoiding option name clashes](#avoiding-option-name-clashes)
+    - [TypeScript](#typescript)
+    - [createCommand()](#createcommand)
+    - [Import into ECMAScript Module](#import-into-ecmascript-module)
+    - [Node options such as `--harmony`](#node-options-such-as---harmony)
+    - [Debugging stand-alone executable subcommands](#debugging-stand-alone-executable-subcommands)
+    - [Override exit handling](#override-exit-handling)
+  - [Examples](#examples)
+  - [Support](#support)
+    - [Commander for enterprise](#commander-for-enterprise)
 
 ## Installation
 
-    $ npm install commander
-
-## Option parsing
-
-Options with commander are defined with the `.option()` method, also serving as documentation for the options. The example below parses args and options from `process.argv`, leaving remaining args as the `program.args` array which were not consumed by options.
-
-```js
-#!/usr/bin/env node
-
-/**
- * Module dependencies.
- */
-
-var program = require('commander');
-
-program
-  .version('0.1.0')
-  .option('-p, --peppers', 'Add peppers')
-  .option('-P, --pineapple', 'Add pineapple')
-  .option('-b, --bbq-sauce', 'Add bbq sauce')
-  .option('-c, --cheese [type]', 'Add the specified type of cheese [marble]', 'marble')
-  .parse(process.argv);
-
-console.log('you ordered a pizza with:');
-if (program.peppers) console.log('  - peppers');
-if (program.pineapple) console.log('  - pineapple');
-if (program.bbqSauce) console.log('  - bbq');
-console.log('  - %s cheese', program.cheese);
+```bash
+npm install commander
 ```
 
-Short flags may be passed as a single arg, for example `-abc` is equivalent to `-a -b -c`. Multi-word options such as "--template-engine" are camel-cased, becoming `program.templateEngine` etc.
+## Declaring _program_ variable
 
-Note that multi-word options starting with `--no` prefix negate the boolean value of the following word. For example, `--no-sauce` sets the value of `program.sauce` to false.
+Commander exports a global object which is convenient for quick programs.
+This is used in the examples in this README for brevity.
 
 ```js
-#!/usr/bin/env node
+const { program } = require('commander');
+program.version('0.0.1');
+```
 
-/**
- * Module dependencies.
- */
+For larger programs which may use commander in multiple ways, including unit testing, it is better to create a local Command object to use.
 
-var program = require('commander');
+```js
+const { Command } = require('commander');
+const program = new Command();
+program.version('0.0.1');
+```
 
+## Options
+
+Options are defined with the `.option()` method, also serving as documentation for the options. Each option can have a short flag (single character) and a long name, separated by a comma or space or vertical bar ('|').
+
+The options can be accessed as properties on the Command object. Multi-word options such as "--template-engine" are camel-cased, becoming `program.templateEngine` etc. See also optional new behaviour to [avoid name clashes](#avoiding-option-name-clashes).
+
+Multiple short flags may optionally be combined in a single argument following the dash: boolean flags, the last flag may take a value, and the value.
+For example `-a -b -p 80` may be written as `-ab -p80` or even `-abp80`.
+
+You can use `--` to indicate the end of the options, and any remaining arguments will be used without being interpreted.
+This is particularly useful for passing options through to another
+command, like: `do -- git --version`.
+
+Options on the command line are not positional, and can be specified before or after other command arguments.
+
+### Common option types, boolean and value
+
+The two most used option types are a boolean flag, and an option which takes a value (declared using angle brackets). Both are `undefined` unless specified on command line.
+
+Example file: [options-common.js](./examples/options-common.js)
+
+```js
+program
+  .option('-d, --debug', 'output extra debugging')
+  .option('-s, --small', 'small pizza size')
+  .option('-p, --pizza-type <type>', 'flavour of pizza');
+
+program.parse(process.argv);
+
+if (program.debug) console.log(program.opts());
+console.log('pizza details:');
+if (program.small) console.log('- small pizza size');
+if (program.pizzaType) console.log(`- ${program.pizzaType}`);
+```
+
+```bash
+$ pizza-options -d
+{ debug: true, small: undefined, pizzaType: undefined }
+pizza details:
+$ pizza-options -p
+error: option '-p, --pizza-type <type>' argument missing
+$ pizza-options -ds -p vegetarian
+{ debug: true, small: true, pizzaType: 'vegetarian' }
+pizza details:
+- small pizza size
+- vegetarian
+$ pizza-options --pizza-type=cheese
+pizza details:
+- cheese
+```
+
+`program.parse(arguments)` processes the arguments, leaving any args not consumed by the program options in the `program.args` array.
+
+### Default option value
+
+You can specify a default value for an option which takes a value.
+
+Example file: [options-defaults.js](./examples/options-defaults.js)
+
+```js
+program
+  .option('-c, --cheese <type>', 'add the specified type of cheese', 'blue');
+
+program.parse(process.argv);
+
+console.log(`cheese: ${program.cheese}`);
+```
+
+```bash
+$ pizza-options
+cheese: blue
+$ pizza-options --cheese stilton
+cheese: stilton
+```
+
+### Other option types, negatable boolean and flag|value
+
+You can specify a boolean option long name with a leading `no-` to set the option value to false when used.
+Defined alone this also makes the option true by default.
+
+If you define `--foo` first, adding `--no-foo` does not change the default value from what it would
+otherwise be. You can specify a default boolean value for a boolean flag and it can be overridden on command line.
+
+Example file: [options-negatable.js](./examples/options-negatable.js)
+
+```js
 program
   .option('--no-sauce', 'Remove sauce')
+  .option('--cheese <flavour>', 'cheese flavour', 'mozzarella')
+  .option('--no-cheese', 'plain with no cheese')
   .parse(process.argv);
 
-console.log('you ordered a pizza');
-if (program.sauce) console.log('  with sauce');
-else console.log(' without sauce');
+const sauceStr = program.sauce ? 'sauce' : 'no sauce';
+const cheeseStr = (program.cheese === false) ? 'no cheese' : `${program.cheese} cheese`;
+console.log(`You ordered a pizza with ${sauceStr} and ${cheeseStr}`);
 ```
 
-To get string arguments from options you will need to use angle brackets <> for required inputs or square brackets [] for optional inputs. 
+```bash
+$ pizza-options
+You ordered a pizza with sauce and mozzarella cheese
+$ pizza-options --sauce
+error: unknown option '--sauce'
+$ pizza-options --cheese=blue
+You ordered a pizza with sauce and blue cheese
+$ pizza-options --no-sauce --no-cheese
+You ordered a pizza with no sauce and no cheese
+```
 
-e.g. ```.option('-m --myarg [myVar]', 'my super cool description')```
+You can specify an option which functions as a flag but may also take a value (declared using square brackets).
 
-Then to access the input if it was passed in.
-
-e.g. ```var myInput = program.myarg```
-
-**NOTE**: If you pass a argument without using brackets the example above will return true and not the value passed in.
-
-
-## Version option
-
-Calling the `version` implicitly adds the `-V` and `--version` options to the command.
-When either of these options is present, the command prints the version number and exits.
-
-    $ ./examples/pizza -V
-    0.0.1
-
-If you want your program to respond to the `-v` option instead of the `-V` option, simply pass custom flags to the `version` method using the same syntax as the `option` method.
+Example file: [options-flag-or-value.js](./examples/options-flag-or-value.js)
 
 ```js
 program
-  .version('0.0.1', '-v, --version')
+  .option('-c, --cheese [type]', 'Add cheese with optional type');
+
+program.parse(process.argv);
+
+if (program.cheese === undefined) console.log('no cheese');
+else if (program.cheese === true) console.log('add cheese');
+else console.log(`add cheese type ${program.cheese}`);
 ```
 
-The version flags can be named anything, but the long option is required.
-
-## Command-specific options
-
-You can attach options to a command.
-
-```js
-#!/usr/bin/env node
-
-var program = require('commander');
-
-program
-  .command('rm <dir>')
-  .option('-r, --recursive', 'Remove recursively')
-  .action(function (dir, cmd) {
-    console.log('remove ' + dir + (cmd.recursive ? ' recursively' : ''))
-  })
-
-program.parse(process.argv)
+```bash
+$ pizza-options
+no cheese
+$ pizza-options --cheese
+add cheese
+$ pizza-options --cheese mozzarella
+add cheese type mozzarella
 ```
 
-A command's options are validated when the command is used. Any unknown options will be reported as an error. However, if an action-based command does not define an action, then the options are not validated.
+### Custom option processing
 
-## Coercion
+You may specify a function to do custom processing of option values. The callback function receives two parameters, the user specified value and the
+previous value for the option. It returns the new value for the option.
+
+This allows you to coerce the option value to the desired type, or accumulate values, or do entirely custom processing.
+
+You can optionally specify the default/starting value for the option after the function.
+
+Example file: [options-custom-processing.js](./examples/options-custom-processing.js)
 
 ```js
-function range(val) {
-  return val.split('..').map(Number);
+function myParseInt(value, dummyPrevious) {
+  // parseInt takes a string and an optional radix
+  return parseInt(value);
 }
 
-function list(val) {
-  return val.split(',');
+function increaseVerbosity(dummyValue, previous) {
+  return previous + 1;
 }
 
-function collect(val, memo) {
-  memo.push(val);
-  return memo;
+function collect(value, previous) {
+  return previous.concat([value]);
 }
 
-function increaseVerbosity(v, total) {
-  return total + 1;
+function commaSeparatedList(value, dummyPrevious) {
+  return value.split(',');
 }
 
 program
-  .version('0.1.0')
-  .usage('[options] <file ...>')
-  .option('-i, --integer <n>', 'An integer argument', parseInt)
-  .option('-f, --float <n>', 'A float argument', parseFloat)
-  .option('-r, --range <a>..<b>', 'A range', range)
-  .option('-l, --list <items>', 'A list', list)
-  .option('-o, --optional [value]', 'An optional value')
-  .option('-c, --collect [value]', 'A repeatable value', collect, [])
-  .option('-v, --verbose', 'A value that can be increased', increaseVerbosity, 0)
-  .parse(process.argv);
+  .option('-f, --float <number>', 'float argument', parseFloat)
+  .option('-i, --integer <number>', 'integer argument', myParseInt)
+  .option('-v, --verbose', 'verbosity that can be increased', increaseVerbosity, 0)
+  .option('-c, --collect <value>', 'repeatable value', collect, [])
+  .option('-l, --list <items>', 'comma separated list', commaSeparatedList)
+;
 
-console.log(' int: %j', program.integer);
-console.log(' float: %j', program.float);
-console.log(' optional: %j', program.optional);
-program.range = program.range || [];
-console.log(' range: %j..%j', program.range[0], program.range[1]);
-console.log(' list: %j', program.list);
-console.log(' collect: %j', program.collect);
-console.log(' verbosity: %j', program.verbose);
-console.log(' args: %j', program.args);
+program.parse(process.argv);
+
+if (program.float !== undefined) console.log(`float: ${program.float}`);
+if (program.integer !== undefined) console.log(`integer: ${program.integer}`);
+if (program.verbose > 0) console.log(`verbosity: ${program.verbose}`);
+if (program.collect.length > 0) console.log(program.collect);
+if (program.list !== undefined) console.log(program.list);
 ```
 
-## Regular Expression
+```bash
+$ custom -f 1e2
+float: 100
+$ custom --integer 2
+integer: 2
+$ custom -v -v -v
+verbose: 3
+$ custom -c a -c b -c c
+[ 'a', 'b', 'c' ]
+$ custom --list x,y,z
+[ 'x', 'y', 'z' ]
+```
+
+### Required option
+
+You may specify a required (mandatory) option using `.requiredOption`. The option must have a value after parsing, usually specified on the command line, or perhaps from a default value (say from environment). The method is otherwise the same as `.option` in format, taking flags and description, and optional default value or custom processing.
+
+Example file: [options-required.js](./examples/options-required.js)
+
+```js
+program
+  .requiredOption('-c, --cheese <type>', 'pizza must have cheese');
+
+program.parse(process.argv);
+```
+
+```bash
+$ pizza
+error: required option '-c, --cheese <type>' not specified
+```
+
+### Variadic option
+
+You may make an option variadic by appending `...` to the value placeholder when declaring the option. On the command line you
+can then specify multiple option arguments, and the parsed option value will be an array. The extra arguments
+are read until the first argument starting with a dash. The special argument `--` stops option processing entirely. If a value
+is specified in the same argument as the option then no further values are read.
+
+Example file: [options-variadic.js](./examples/options-variadic.js)
+
+```js
+program
+  .option('-n, --number <numbers...>', 'specify numbers')
+  .option('-l, --letter [letters...]', 'specify letters');
+
+program.parse();
+
+console.log('Options: ', program.opts());
+console.log('Remaining arguments: ', program.args);
+```
+
+```bash
+$ collect -n 1 2 3 --letter a b c
+Options:  { number: [ '1', '2', '3' ], letter: [ 'a', 'b', 'c' ] }
+Remaining arguments:  []
+$ collect --letter=A -n80 operand
+Options:  { number: [ '80' ], letter: [ 'A' ] }
+Remaining arguments:  [ 'operand' ]
+$ collect --letter -n 1 -n 2 3 -- operand
+Options:  { number: [ '1', '2', '3' ], letter: true }
+Remaining arguments:  [ 'operand' ]
+```
+
+### Version option
+
+The optional `version` method adds handling for displaying the command version. The default option flags are `-V` and `--version`, and when present the command prints the version number and exits.
+
+```js
+program.version('0.0.1');
+```
+
+```bash
+$ ./examples/pizza -V
+0.0.1
+```
+
+You may change the flags and description by passing additional parameters to the `version` method, using
+the same syntax for flags as the `option` method.
+
+```js
+program.version('0.0.1', '-v, --vers', 'output the current version');
+```
+
+## Commands
+
+You can specify (sub)commands using `.command()` or `.addCommand()`. There are two ways these can be implemented: using an action handler attached to the command, or as a stand-alone executable file (described in more detail later). The subcommands may be nested ([example](./examples/nestedCommands.js)).
+
+In the first parameter to `.command()` you specify the command name and any command arguments. The arguments may be `<required>` or `[optional]`, and the last argument may also be `variadic...`.
+
+You can use `.addCommand()` to add an already configured subcommand to the program.
+
+For example:
+
+```js
+// Command implemented using action handler (description is supplied separately to `.command`)
+// Returns new command for configuring.
+program
+  .command('clone <source> [destination]')
+  .description('clone a repository into a newly created directory')
+  .action((source, destination) => {
+    console.log('clone command called');
+  });
+
+// Command implemented using stand-alone executable file (description is second parameter to `.command`)
+// Returns `this` for adding more commands.
+program
+  .command('start <service>', 'start named service')
+  .command('stop [service]', 'stop named service, or all if no name supplied');
+
+// Command prepared separately.
+// Returns `this` for adding more commands.
+program
+  .addCommand(build.makeBuildCommand());
+```
+
+Configuration options can be passed with the call to `.command()` and `.addCommand()`. Specifying `true` for `opts.hidden` will remove the command from the generated help output. Specifying `true` for `opts.isDefault` will run the subcommand if no other subcommand is specified ([example](./examples/defaultCommand.js)).
+
+### Specify the argument syntax
+
+You use `.arguments` to specify the arguments for the top-level command, and for subcommands they are usually included in the `.command` call. Angled brackets (e.g. `<required>`) indicate required input. Square brackets (e.g. `[optional]`) indicate optional input.
+
+Example file: [env](./examples/env)
+
 ```js
 program
   .version('0.1.0')
-  .option('-s --size <size>', 'Pizza size', /^(large|medium|small)$/i, 'medium')
-  .option('-d --drink [drink]', 'Drink', /^(coke|pepsi|izze)$/i)
-  .parse(process.argv);
+  .arguments('<cmd> [env]')
+  .action(function (cmd, env) {
+    cmdValue = cmd;
+    envValue = env;
+  });
 
-console.log(' size: %j', program.size);
-console.log(' drink: %j', program.drink);
+program.parse(process.argv);
+
+if (typeof cmdValue === 'undefined') {
+  console.error('no command given!');
+  process.exit(1);
+}
+console.log('command:', cmdValue);
+console.log('environment:', envValue || "no environment given");
 ```
 
-## Variadic arguments
-
- The last argument of a command can be variadic, and only the last argument.  To make an argument variadic you have to
- append `...` to the argument name.  Here is an example:
+ The last argument of a command can be variadic, and only the last argument.  To make an argument variadic you
+ append `...` to the argument name. For example:
 
 ```js
-#!/usr/bin/env node
-
-/**
- * Module dependencies.
- */
-
-var program = require('commander');
+const { program } = require('commander');
 
 program
   .version('0.1.0')
@@ -198,188 +411,327 @@ program
 program.parse(process.argv);
 ```
 
- An `Array` is used for the value of a variadic argument.  This applies to `program.args` as well as the argument passed
- to your action as demonstrated above.
+The variadic argument is passed to the action handler as an array.
 
-## Specify the argument syntax
+### Action handler (sub)commands
+
+You can add options to a command that uses an action handler.
+The action handler gets passed a parameter for each argument you declared, and one additional argument which is the
+command object itself. This command argument has the values for the command-specific options added as properties.
 
 ```js
-#!/usr/bin/env node
-
-var program = require('commander');
+const { program } = require('commander');
 
 program
-  .version('0.1.0')
-  .arguments('<cmd> [env]')
-  .action(function (cmd, env) {
-     cmdValue = cmd;
-     envValue = env;
-  });
+  .command('rm <dir>')
+  .option('-r, --recursive', 'Remove recursively')
+  .action(function (dir, cmdObj) {
+    console.log('remove ' + dir + (cmdObj.recursive ? ' recursively' : ''))
+  })
 
-program.parse(process.argv);
-
-if (typeof cmdValue === 'undefined') {
-   console.error('no command given!');
-   process.exit(1);
-}
-console.log('command:', cmdValue);
-console.log('environment:', envValue || "no environment given");
+program.parse(process.argv)
 ```
-Angled brackets (e.g. `<cmd>`) indicate required input. Square brackets (e.g. `[env]`) indicate optional input.
 
-## Git-style sub-commands
+You may supply an `async` action handler, in which case you call `.parseAsync` rather than `.parse`.
 
 ```js
-// file: ./examples/pm
-var program = require('commander');
+async function run() { /* code goes here */ }
 
+async function main() {
+  program
+    .command('run')
+    .action(run);
+  await program.parseAsync(process.argv);
+}
+```
+
+A command's options on the command line are validated when the command is used. Any unknown options will be reported as an error.
+
+### Stand-alone executable (sub)commands
+
+When `.command()` is invoked with a description argument, this tells Commander that you're going to use stand-alone executables for subcommands.
+Commander will search the executables in the directory of the entry script (like `./examples/pm`) with the name `program-subcommand`, like `pm-install`, `pm-search`.
+You can specify a custom name with the `executableFile` configuration option.
+
+You handle the options for an executable (sub)command in the executable, and don't declare them at the top-level.
+
+Example file: [pm](./examples/pm)
+
+```js
 program
   .version('0.1.0')
   .command('install [name]', 'install one or more packages')
   .command('search [query]', 'search with optional query')
-  .command('list', 'list packages installed', {isDefault: true})
-  .parse(process.argv);
+  .command('update', 'update installed packages', { executableFile: 'myUpdateSubCommand' })
+  .command('list', 'list packages installed', { isDefault: true });
+
+program.parse(process.argv);
 ```
 
-When `.command()` is invoked with a description argument, no `.action(callback)` should be called to handle sub-commands, otherwise there will be an error. This tells commander that you're going to use separate executables for sub-commands, much like `git(1)` and other popular tools.  
-The commander will try to search the executables in the directory of the entry script (like `./examples/pm`) with the name `program-command`, like `pm-install`, `pm-search`.
-
-Options can be passed with the call to `.command()`. Specifying `true` for `opts.noHelp` will remove the subcommand from the generated help output. Specifying `true` for `opts.isDefault` will run the subcommand if no other subcommand is specified.
-
 If the program is designed to be installed globally, make sure the executables have proper modes, like `755`.
 
-### `--harmony`
+## Automated help
 
-You can enable `--harmony` option in two ways:
-* Use `#! /usr/bin/env node --harmony` in the sub-commands scripts. Note some os version don’t support this pattern.
-* Use the `--harmony` option when call the command, like `node --harmony examples/pm publish`. The `--harmony` option will be preserved when spawning sub-command process.
+The help information is auto-generated based on the information commander already knows about your program. The default
+help option is `-h,--help`.
 
-## Automated --help
+Example file: [pizza](./examples/pizza)
 
- The help information is auto-generated based on the information commander already knows about your program, so the following `--help` info is for free:
-
-```  
-$ ./examples/pizza --help
+```bash
+$ node ./examples/pizza --help
 Usage: pizza [options]
 
 An application for pizzas ordering
 
 Options:
-  -h, --help           output usage information
   -V, --version        output the version number
   -p, --peppers        Add peppers
-  -P, --pineapple      Add pineapple
-  -b, --bbq            Add bbq sauce
-  -c, --cheese <type>  Add the specified type of cheese [marble]
+  -c, --cheese <type>  Add the specified type of cheese (default: "marble")
   -C, --no-cheese      You do not want any cheese
+  -h, --help           display help for command
 ```
 
-## Custom help
+A `help` command is added by default if your command has subcommands. It can be used alone, or with a subcommand name to show
+further help for the subcommand. These are effectively the same if the `shell` program has implicit help:
 
- You can display arbitrary `-h, --help` information
- by listening for "--help". Commander will automatically
- exit once you are done so that the remainder of your program
- does not execute causing undesired behaviors, for example
- in the following executable "stuff" will not output when
- `--help` is used.
+```bash
+shell help
+shell --help
+
+shell help spawn
+shell spawn --help
+```
+
+### Custom help
+
+You can display extra information by listening for "--help".
+
+Example file: [custom-help](./examples/custom-help)
 
 ```js
-#!/usr/bin/env node
-
-/**
- * Module dependencies.
- */
-
-var program = require('commander');
-
 program
-  .version('0.1.0')
-  .option('-f, --foo', 'enable some foo')
-  .option('-b, --bar', 'enable some bar')
-  .option('-B, --baz', 'enable some baz');
+  .option('-f, --foo', 'enable some foo');
 
-// must be before .parse() since
-// node's emit() is immediate
-
-program.on('--help', function(){
-  console.log('')
-  console.log('Examples:');
+// must be before .parse()
+program.on('--help', () => {
+  console.log('');
+  console.log('Example call:');
   console.log('  $ custom-help --help');
-  console.log('  $ custom-help -h');
 });
-
-program.parse(process.argv);
-
-console.log('stuff');
 ```
 
-Yields the following help output when `node script-name.js -h` or `node script-name.js --help` are run:
+Yields the following help output:
 
-```
+```Text
 Usage: custom-help [options]
 
 Options:
-  -h, --help     output usage information
-  -V, --version  output the version number
-  -f, --foo      enable some foo
-  -b, --bar      enable some bar
-  -B, --baz      enable some baz
+  -f, --foo   enable some foo
+  -h, --help  display help for command
 
-Examples:
+Example call:
   $ custom-help --help
-  $ custom-help -h
 ```
 
-## .outputHelp(cb)
+### .usage and .name
+
+These allow you to customise the usage description in the first line of the help. The name is otherwise
+deduced from the (full) program arguments. Given:
+
+```js
+program
+  .name("my-command")
+  .usage("[global options] command")
+```
+
+The help will start with:
+
+```Text
+Usage: my-command [global options] command
+```
+
+### .help(cb)
+
+Output help information and exit immediately. Optional callback cb allows post-processing of help text before it is displayed.
+
+### .outputHelp(cb)
 
 Output help information without exiting.
 Optional callback cb allows post-processing of help text before it is displayed.
 
-If you want to display help by default (e.g. if no command was provided), you can use something like:
+### .helpInformation()
+
+Get the command help information as a string for processing or displaying yourself. (The text does not include the custom help
+from `--help` listeners.)
+
+### .helpOption(flags, description)
+
+Override the default help flags and description.
 
 ```js
-var program = require('commander');
-var colors = require('colors');
-
 program
-  .version('0.1.0')
-  .command('getstream [url]', 'get stream URL')
-  .parse(process.argv);
-
-if (!process.argv.slice(2).length) {
-  program.outputHelp(make_red);
-}
-
-function make_red(txt) {
-  return colors.red(txt); //display the help text in red on the console
-}
+  .helpOption('-e, --HELP', 'read more information');
 ```
 
-## .help(cb)
+### .addHelpCommand()
 
-  Output help information and exit immediately.
-  Optional callback cb allows post-processing of help text before it is displayed.
+You can explicitly turn on or off the implicit help command with `.addHelpCommand()` and `.addHelpCommand(false)`.
 
+You can both turn on and customise the help command by supplying the name and description:
+
+```js
+program.addHelpCommand('assist [command]', 'show assistance');
+```
 
 ## Custom event listeners
- You can execute custom actions by listening to command and option events.
+
+You can execute custom actions by listening to command and option events.
 
 ```js
 program.on('option:verbose', function () {
   process.env.VERBOSE = this.verbose;
 });
 
-// error on unknown commands
-program.on('command:*', function () {
-  console.error('Invalid command: %s\nSee --help for a list of available commands.', program.args.join(' '));
-  process.exit(1);
+program.on('command:*', function (operands) {
+  console.error(`error: unknown command '${operands[0]}'`);
+  const availableCommands = program.commands.map(cmd => cmd.name());
+  mySuggestBestMatch(operands[0], availableCommands);
+  process.exitCode = 1;
 });
 ```
 
+## Bits and pieces
+
+### .parse() and .parseAsync()
+
+The first argument to `.parse` is the array of strings to parse. You may omit the parameter to implicitly use `process.argv`.
+
+If the arguments follow different conventions than node you can pass a `from` option in the second parameter:
+
+- 'node': default, `argv[0]` is the application and `argv[1]` is the script being run, with user parameters after that
+- 'electron': `argv[1]` varies depending on whether the electron application is packaged
+- 'user': all of the arguments from the user
+
+For example:
+
+```js
+program.parse(process.argv); // Explicit, node conventions
+program.parse(); // Implicit, and auto-detect electron
+program.parse(['-f', 'filename'], { from: 'user' });
+```
+
+### Avoiding option name clashes
+
+The original and default behaviour is that the option values are stored
+as properties on the program, and the action handler is passed a
+command object with the options values stored as properties.
+This is very convenient to code, but the downside is possible clashes with
+existing properties of Command.
+
+There are two new routines to change the behaviour, and the default behaviour may change in the future:
+
+- `storeOptionsAsProperties`: whether to store option values as properties on command object, or store separately (specify false) and access using `.opts()`
+- `passCommandToAction`: whether to pass command to action handler,
+or just the options (specify false)
+
+Example file: [storeOptionsAsProperties-action.js](./examples/storeOptionsAsProperties-action.js)
+
+```js
+program
+  .storeOptionsAsProperties(false)
+  .passCommandToAction(false);
+
+program
+  .name('my-program-name')
+  .option('-n,--name <name>');
+
+program
+  .command('show')
+  .option('-a,--action <action>')
+  .action((options) => {
+    console.log(options.action);
+  });
+
+program.parse(process.argv);
+
+const programOptions = program.opts();
+console.log(programOptions.name);
+```
+
+### TypeScript
+
+The Commander package includes its TypeScript Definition file.
+
+If you use `ts-node` and  stand-alone executable subcommands written as `.ts` files, you need to call your program through node to get the subcommands called correctly. e.g.
+
+```bash
+node -r ts-node/register pm.ts
+```
+
+### createCommand()
+
+This factory function creates a new command. It is exported and may be used instead of using `new`, like:
+
+```js
+const { createCommand } = require('commander');
+const program = createCommand();
+```
+
+`createCommand` is also a method of the Command object, and creates a new command rather than a subcommand. This gets used internally
+when creating subcommands using `.command()`, and you may override it to
+customise the new subcommand (examples using [subclass](./examples/custom-command-class.js) and [function](./examples/custom-command-function.js)).
+
+### Import into ECMAScript Module
+
+Commander is currently a CommonJS package, and the default export can be imported into an ES Module:
+
+```js
+// index.mjs
+import commander from 'commander';
+const program = commander.program;
+const newCommand = new commander.Command();
+```
+
+### Node options such as `--harmony`
+
+You can enable `--harmony` option in two ways:
+
+- Use `#! /usr/bin/env node --harmony` in the subcommands scripts. (Note Windows does not support this pattern.)
+- Use the `--harmony` option when call the command, like `node --harmony examples/pm publish`. The `--harmony` option will be preserved when spawning subcommand process.
+
+### Debugging stand-alone executable subcommands
+
+An executable subcommand is launched as a separate child process.
+
+If you are using the node inspector for [debugging](https://nodejs.org/en/docs/guides/debugging-getting-started/) executable subcommands using `node --inspect` et al,
+the inspector port is incremented by 1 for the spawned subcommand.
+
+If you are using VSCode to debug executable subcommands you need to set the `"autoAttachChildProcesses": true` flag in your launch.json configuration.
+
+### Override exit handling
+
+By default Commander calls `process.exit` when it detects errors, or after displaying the help or version. You can override
+this behaviour and optionally supply a callback. The default override throws a `CommanderError`.
+
+The override callback is passed a `CommanderError` with properties `exitCode` number, `code` string, and `message`. The default override behaviour is to throw the error, except for async handling of executable subcommand completion which carries on. The normal display of error messages or version or help
+is not affected by the override which is called after the display.
+
+```js
+program.exitOverride();
+
+try {
+  program.parse(process.argv);
+} catch (err) {
+  // custom processing...
+}
+```
+
 ## Examples
 
+Example file: [deploy](./examples/deploy)
+
 ```js
-var program = require('commander');
+const { program } = require('commander');
 
 program
   .version('0.1.0')
@@ -392,7 +744,7 @@ program
   .description('run setup commands for all envs')
   .option("-s, --setup_mode [mode]", "Which setup mode to use")
   .action(function(env, options){
-    var mode = options.setup_mode || "normal";
+    const mode = options.setup_mode || "normal";
     env = env || 'all';
     console.log('setup for %s env(s) with %s mode', env, mode);
   });
@@ -412,17 +764,20 @@ program
     console.log('  $ deploy exec async');
   });
 
-program
-  .command('*')
-  .action(function(env){
-    console.log('deploying "%s"', env);
-  });
-
 program.parse(process.argv);
 ```
 
 More Demos can be found in the [examples](https://github.com/tj/commander.js/tree/master/examples) directory.
 
-## License
+## Support
 
-[MIT](https://github.com/tj/commander.js/blob/master/LICENSE)
+The current version of Commander is fully supported on Long Term Support versions of Node, and is likely to work with Node 6 but not tested.
+(For versions of Node below Node 6, use Commander 3.x or 2.x.)
+
+The main forum for free and community support is the project [Issues](https://github.com/tj/commander.js/issues) on GitHub.
+
+### Commander for enterprise
+
+Available as part of the Tidelift Subscription
+
+The maintainers of Commander and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source dependencies you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact dependencies you use. [Learn more.](https://tidelift.com/subscription/pkg/npm-commander?utm_source=npm-commander&utm_medium=referral&utm_campaign=enterprise&utm_term=repo)

node_modules/commander/package.json

@@ -1,12 +1,16 @@
 {
   "name": "commander",
-  "version": "2.20.3",
+  "version": "6.0.0",
   "description": "the complete solution for node.js command-line programs",
   "keywords": [
     "commander",
     "command",
     "option",
-    "parser"
+    "parser",
+    "cli",
+    "argument",
+    "args",
+    "argv"
   ],
   "author": "TJ Holowaychuk <tj@vision-media.ca>",
   "license": "MIT",
@@ -15,8 +19,9 @@
     "url": "https://github.com/tj/commander.js.git"
   },
   "scripts": {
-    "lint": "eslint index.js",
-    "test": "node test/run.js && npm run test-typings",
+    "lint": "eslint index.js \"tests/**/*.js\"",
+    "typescript-lint": "eslint typings/*.ts",
+    "test": "jest && npm run test-typings",
     "test-typings": "tsc -p tsconfig.json"
   },
   "main": "index",
@@ -26,13 +31,18 @@
   ],
   "dependencies": {},
   "devDependencies": {
-    "@types/node": "^12.7.8",
-    "eslint": "^6.4.0",
-    "should": "^13.2.3",
-    "sinon": "^7.5.0",
-    "standard": "^14.3.1",
-    "ts-node": "^8.4.1",
-    "typescript": "^3.6.3"
+    "@types/jest": "^26.0.5",
+    "@types/node": "^14.0.23",
+    "@typescript-eslint/eslint-plugin": "^2.34.0",
+    "eslint": "^6.8.0",
+    "eslint-config-standard-with-typescript": "^16.0.0",
+    "eslint-plugin-jest": "^23.18.0",
+    "jest": "^26.1.0",
+    "standard": "^14.3.4",
+    "typescript": "^3.9.7"
   },
-  "typings": "typings/index.d.ts"
+  "typings": "typings/index.d.ts",
+  "engines": {
+    "node": ">= 6"
+  }
 }

node_modules/commander/typings/index.d.ts

@@ -1,39 +1,38 @@
-// Type definitions for commander 2.11
-// Project: https://github.com/visionmedia/commander.js
-// Definitions by: Alan Agius <https://github.com/alan-agius4>, Marcelo Dezem <https://github.com/mdezem>, vvakame <https://github.com/vvakame>, Jules Randolph <https://github.com/sveinburne>
-// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
+// Type definitions for commander
+// Original definitions by: Alan Agius <https://github.com/alan-agius4>, Marcelo Dezem <https://github.com/mdezem>, vvakame <https://github.com/vvakame>, Jules Randolph <https://github.com/sveinburne>
 
-declare namespace local {
+declare namespace commander {
 
-  class Option {
+  interface CommanderError extends Error {
+    code: string;
+    exitCode: number;
+    message: string;
+    nestedError?: string;
+  }
+  type CommanderErrorConstructor = new (exitCode: number, code: string, message: string) => CommanderError;
+
+  interface Option {
     flags: string;
-    required: boolean;
-    optional: boolean;
+    required: boolean; // A value must be supplied when the option is specified.
+    optional: boolean; // A value is optional when the option is specified.
+    mandatory: boolean; // The option must have a value after parsing, which usually means it must be specified on command line.
     bool: boolean;
     short?: string;
     long: string;
     description: string;
+  }
+  type OptionConstructor = new (flags: string, description?: string) => Option;
 
-    /**
-     * Initialize a new `Option` with the given `flags` and `description`.
-     *
-     * @param {string} flags
-     * @param {string} [description]
-     */
-    constructor(flags: string, description?: string);
+  interface ParseOptions {
+    from: 'node' | 'electron' | 'user';
   }
 
-  class Command extends NodeJS.EventEmitter {
-    [key: string]: any;
+  interface Command {
+    [key: string]: any; // options as properties
 
     args: string[];
 
-    /**
-     * Initialize a new `Command`.
-     *
-     * @param {string} [name]
-     */
-    constructor(name?: string);
+    commands: Command[];
 
     /**
      * Set the program version to `str`.
@@ -41,90 +40,79 @@ declare namespace local {
      * This method auto-registers the "-V, --version" flag
      * which will print the version number when passed.
      *
-     * @param {string} str
-     * @param {string} [flags]
-     * @returns {Command} for chaining
+     * You can optionally supply the  flags and description to override the defaults.
      */
-    version(str: string, flags?: string): Command;
+    version(str: string, flags?: string, description?: string): this;
 
     /**
-     * Add command `name`.
+     * Define a command, implemented using an action handler.
      *
-     * The `.action()` callback is invoked when the
-     * command `name` is specified via __ARGV__,
-     * and the remaining arguments are applied to the
-     * function for access.
-     *
-     * When the `name` is "*" an un-matched command
-     * will be passed as the first arg, followed by
-     * the rest of __ARGV__ remaining.
+     * @remarks
+     * The command description is supplied using `.description`, not as a parameter to `.command`.
      *
      * @example
-     *      program
-     *        .version('0.0.1')
-     *        .option('-C, --chdir <path>', 'change the working directory')
-     *        .option('-c, --config <path>', 'set config path. defaults to ./deploy.conf')
-     *        .option('-T, --no-tests', 'ignore test hook')
+     * ```ts
+     *  program
+     *    .command('clone <source> [destination]')
+     *    .description('clone a repository into a newly created directory')
+     *    .action((source, destination) => {
+     *      console.log('clone command called');
+     *    });
+     * ```
      *
-     *      program
-     *        .command('setup')
-     *        .description('run remote setup commands')
-     *        .action(function() {
-     *          console.log('setup');
-     *        });
-     *
-     *      program
-     *        .command('exec <cmd>')
-     *        .description('run the given remote command')
-     *        .action(function(cmd) {
-     *          console.log('exec "%s"', cmd);
-     *        });
-     *
-     *      program
-     *        .command('teardown <dir> [otherDirs...]')
-     *        .description('run teardown commands')
-     *        .action(function(dir, otherDirs) {
-     *          console.log('dir "%s"', dir);
-     *          if (otherDirs) {
-     *            otherDirs.forEach(function (oDir) {
-     *              console.log('dir "%s"', oDir);
-     *            });
-     *          }
-     *        });
-     *
-     *      program
-     *        .command('*')
-     *        .description('deploy the given env')
-     *        .action(function(env) {
-     *          console.log('deploying "%s"', env);
-     *        });
-     *
-     *      program.parse(process.argv);
-     *
-     * @param {string} name
-     * @param {string} [desc] for git-style sub-commands
-     * @param {CommandOptions} [opts] command options
-     * @returns {Command} the new command
+     * @param nameAndArgs - command name and arguments, args are  `<required>` or `[optional]` and last may also be `variadic...`
+     * @param opts - configuration options
+     * @returns new command
      */
-    command(name: string, desc?: string, opts?: commander.CommandOptions): Command;
+    command(nameAndArgs: string, opts?: CommandOptions): ReturnType<this['createCommand']>;
+    /**
+     * Define a command, implemented in a separate executable file.
+     *
+     * @remarks
+     * The command description is supplied as the second parameter to `.command`.
+     *
+     * @example
+     * ```ts
+     *  program
+     *    .command('start <service>', 'start named service')
+     *    .command('stop [service]', 'stop named service, or all if no name supplied');
+     * ```
+     *
+     * @param nameAndArgs - command name and arguments, args are  `<required>` or `[optional]` and last may also be `variadic...`
+     * @param description - description of executable command
+     * @param opts - configuration options
+     * @returns `this` command for chaining
+     */
+    command(nameAndArgs: string, description: string, opts?: commander.ExecutableCommandOptions): this;
 
     /**
-     * Define argument syntax for the top-level command.
+     * Factory routine to create a new unattached command.
      *
-     * @param {string} desc
-     * @returns {Command} for chaining
+     * See .command() for creating an attached subcommand, which uses this routine to
+     * create the command. You can override createCommand to customise subcommands.
      */
-    arguments(desc: string): Command;
+    createCommand(name?: string): Command;
 
     /**
-     * Parse expected `args`.
+     * Add a prepared subcommand.
      *
-     * For example `["[type]"]` becomes `[{ required: false, name: 'type' }]`.
+     * See .command() for creating an attached subcommand which inherits settings from its parent.
      *
-     * @param {string[]} args
-     * @returns {Command} for chaining
+     * @returns `this` command for chaining
      */
-    parseExpectedArgs(args: string[]): Command;
+    addCommand(cmd: Command, opts?: CommandOptions): this;
+
+    /**
+     * Define argument syntax for command.
+     *
+     * @returns `this` command for chaining
+     */
+    arguments(desc: string): this;
+
+    /**
+     * Register callback to use as replacement for calling process.exit.
+     */
+    exitOverride(callback?: (err: CommanderError) => never|void): this;
 
     /**
      * Register callback `fn` for the command.
@@ -137,10 +125,9 @@ declare namespace local {
      *           // output help here
      *        });
      *
-     * @param {(...args: any[]) => void} fn
-     * @returns {Command} for chaining
+     * @returns `this` command for chaining
      */
-    action(fn: (...args: any[]) => void): Command;
+    action(fn: (...args: any[]) => void | Promise<void>): this;
 
     /**
      * Define option with `flags`, `description` and optional
@@ -182,129 +169,218 @@ declare namespace local {
      *     // optional argument
      *     program.option('-c, --cheese [type]', 'add cheese [marble]');
      *
-     * @param {string} flags
-     * @param {string} [description]
-     * @param {((arg1: any, arg2: any) => void) | RegExp} [fn] function or default
-     * @param {*} [defaultValue]
-     * @returns {Command} for chaining
+     * @returns `this` command for chaining
      */
-    option(flags: string, description?: string, fn?: ((arg1: any, arg2: any) => void) | RegExp, defaultValue?: any): Command;
-    option(flags: string, description?: string, defaultValue?: any): Command;
+    option(flags: string, description?: string, defaultValue?: string | boolean): this;
+    option(flags: string, description: string, regexp: RegExp, defaultValue?: string | boolean): this;
+    option<T>(flags: string, description: string, fn: (value: string, previous: T) => T, defaultValue?: T): this;
+
+    /**
+     * Define a required option, which must have a value after parsing. This usually means
+     * the option must be specified on the command line. (Otherwise the same as .option().)
+     *
+     * The `flags` string should contain both the short and long flags, separated by comma, a pipe or space.
+     */
+    requiredOption(flags: string, description?: string, defaultValue?: string | boolean): this;
+    requiredOption(flags: string, description: string, regexp: RegExp, defaultValue?: string | boolean): this;
+    requiredOption<T>(flags: string, description: string, fn: (value: string, previous: T) => T, defaultValue?: T): this;
+
+    /**
+     * Whether to store option values as properties on command object,
+     * or store separately (specify false). In both cases the option values can be accessed using .opts().
+     *
+     * @returns `this` command for chaining
+     */
+    storeOptionsAsProperties(value?: boolean): this;
+
+    /**
+     * Whether to pass command to action handler,
+     * or just the options (specify false).
+     *
+     * @returns `this` command for chaining
+     */
+    passCommandToAction(value?: boolean): this;
 
     /**
      * Allow unknown options on the command line.
      *
-     * @param {boolean} [arg] if `true` or omitted, no error will be thrown for unknown options.
-     * @returns {Command} for chaining
+     * @param [arg] if `true` or omitted, no error will be thrown for unknown options.
+     * @returns `this` command for chaining
      */
-    allowUnknownOption(arg?: boolean): Command;
+    allowUnknownOption(arg?: boolean): this;
 
     /**
-     * Parse `argv`, settings options and invoking commands when defined.
+     * Parse `argv`, setting options and invoking commands when defined.
      *
-     * @param {string[]} argv
-     * @returns {Command} for chaining
+     * The default expectation is that the arguments are from node and have the application as argv[0]
+     * and the script being run in argv[1], with user parameters after that.
+     *
+     * Examples:
+     *
+     *      program.parse(process.argv);
+     *      program.parse(); // implicitly use process.argv and auto-detect node vs electron conventions
+     *      program.parse(my-args, { from: 'user' }); // just user supplied arguments, nothing special about argv[0]
+     *
+     * @returns `this` command for chaining
      */
-    parse(argv: string[]): Command;
+    parse(argv?: string[], options?: ParseOptions): this;
 
     /**
-     * Parse options from `argv` returning `argv` void of these options.
+     * Parse `argv`, setting options and invoking commands when defined.
      *
-     * @param {string[]} argv
-     * @returns {ParseOptionsResult}
+     * Use parseAsync instead of parse if any of your action handlers are async. Returns a Promise.
+     *
+     * The default expectation is that the arguments are from node and have the application as argv[0]
+     * and the script being run in argv[1], with user parameters after that.
+     *
+     * Examples:
+     *
+     *      program.parseAsync(process.argv);
+     *      program.parseAsync(); // implicitly use process.argv and auto-detect node vs electron conventions
+     *      program.parseAsync(my-args, { from: 'user' }); // just user supplied arguments, nothing special about argv[0]
+     *
+     * @returns Promise
+     */
+    parseAsync(argv?: string[], options?: ParseOptions): Promise<this>;
+
+    /**
+     * Parse options from `argv` removing known options,
+     * and return argv split into operands and unknown arguments.
+     *
+     * @example
+     *    argv => operands, unknown
+     *    --known kkk op => [op], []
+     *    op --known kkk => [op], []
+     *    sub --unknown uuu op => [sub], [--unknown uuu op]
+     *    sub -- --unknown uuu op => [sub --unknown uuu op], []
      */
     parseOptions(argv: string[]): commander.ParseOptionsResult;
 
     /**
      * Return an object containing options as key-value pairs
-     *
-     * @returns {{[key: string]: any}}
      */
     opts(): { [key: string]: any };
 
     /**
-     * Set the description to `str`.
+     * Set the description.
      *
-     * @param {string} str
-     * @param {{[argName: string]: string}} argsDescription
-     * @return {(Command | string)}
+     * @returns `this` command for chaining
+     */
+    description(str: string, argsDescription?: {[argName: string]: string}): this;
+    /**
+     * Get the description.
      */
-    description(str: string, argsDescription?: {[argName: string]: string}): Command;
     description(): string;
 
     /**
      * Set an alias for the command.
      *
-     * @param {string} alias
-     * @return {(Command | string)}
+     * You may call more than once to add multiple aliases. Only the first alias is shown in the auto-generated help.
+     *
+     * @returns `this` command for chaining
+     */
+    alias(alias: string): this;
+    /**
+     * Get alias for the command.
      */
-    alias(alias: string): Command;
     alias(): string;
 
     /**
-     * Set or get the command usage.
+     * Set aliases for the command.
      *
-     * @param {string} str
-     * @return {(Command | string)}
+     * Only the first alias is shown in the auto-generated help.
+     *
+     * @returns `this` command for chaining
+     */
+    aliases(aliases: string[]): this;
+    /**
+     * Get aliases for the command.
+     */
+    aliases(): string[];
+
+    /**
+     * Set the command usage.
+     *
+     * @returns `this` command for chaining
+     */
+    usage(str: string): this;
+    /**
+     * Get the command usage.
      */
-    usage(str: string): Command;
     usage(): string;
 
     /**
      * Set the name of the command.
      *
-     * @param {string} str
-     * @return {Command}
+     * @returns `this` command for chaining
      */
-    name(str: string): Command;
-
+    name(str: string): this;
     /**
      * Get the name of the command.
-     *
-     * @return {string}
      */
     name(): string;
 
     /**
      * Output help information for this command.
      *
-     * @param {(str: string) => string} [cb]
+     * When listener(s) are available for the helpLongFlag
+     * those callbacks are invoked.
      */
     outputHelp(cb?: (str: string) => string): void;
 
-    /** Output help information and exit.
-     *
-     * @param {(str: string) => string} [cb]
+    /**
+     * Return command help documentation.
+     */
+    helpInformation(): string;
+
+    /**
+     * You can pass in flags and a description to override the help
+     * flags and help description for your command.
+     */
+    helpOption(flags?: string, description?: string): this;
+
+    /**
+     * Output help information and exit.
      */
     help(cb?: (str: string) => string): never;
+
+    /**
+     * Add a listener (callback) for when events occur. (Implemented using EventEmitter.)
+     *
+     * @example
+     *     program
+     *       .on('--help', () -> {
+     *         console.log('See web site for more information.');
+     *     });
+     */
+    on(event: string | symbol, listener: (...args: any[]) => void): this;
+  }
+  type CommandConstructor = new (name?: string) => Command;
+
+  interface CommandOptions {
+    noHelp?: boolean; // old name for hidden
+    hidden?: boolean;
+    isDefault?: boolean;
+  }
+  interface ExecutableCommandOptions extends CommandOptions {
+    executableFile?: string;
+  }
+
+  interface ParseOptionsResult {
+    operands: string[];
+    unknown: string[];
+  }
+
+  interface CommanderStatic extends Command {
+    program: Command;
+    Command: CommandConstructor;
+    Option: OptionConstructor;
+    CommanderError: CommanderErrorConstructor;
   }
 
 }
 
-declare namespace commander {
-
-    type Command = local.Command
-
-    type Option = local.Option
-
-    interface CommandOptions {
-        noHelp?: boolean;
-        isDefault?: boolean;
-    }
-
-    interface ParseOptionsResult {
-        args: string[];
-        unknown: string[];
-    }
-
-    interface CommanderStatic extends Command {
-        Command: typeof local.Command;
-        Option: typeof local.Option;
-        CommandOptions: CommandOptions;
-        ParseOptionsResult: ParseOptionsResult;
-    }
-
-}
-
+// Declaring namespace AND global
+// eslint-disable-next-line no-redeclare
 declare const commander: commander.CommanderStatic;
 export = commander;

node_modules/tslint/node_modules/commander/CHANGELOG.md

@@ -0,0 +1,419 @@
+2.20.3 / 2019-10-11
+==================
+
+  * Support Node.js 0.10 (Revert #1059)
+  * Ran "npm unpublish commander@2.20.2". There is no 2.20.2.
+
+2.20.1 / 2019-09-29
+==================
+
+  * Improve executable subcommand tracking
+  * Update dev dependencies
+
+2.20.0 / 2019-04-02
+==================
+
+  * fix: resolve symbolic links completely when hunting for subcommands (#935)
+  * Update index.d.ts (#930)
+  * Update Readme.md (#924)
+  * Remove --save option as it isn't required anymore (#918)
+  * Add link to the license file (#900)
+  * Added example of receiving args from options (#858)
+  * Added missing semicolon (#882)
+  * Add extension to .eslintrc (#876)
+
+2.19.0 / 2018-10-02
+==================
+
+  * Removed newline after Options and Commands headers (#864)
+  * Bugfix - Error output (#862)
+  * Fix to change default value to string (#856)
+
+2.18.0 / 2018-09-07
+==================
+
+  * Standardize help output (#853)
+  * chmod 644 travis.yml (#851)
+  * add support for execute typescript subcommand via ts-node (#849)
+
+2.17.1 / 2018-08-07
+==================
+
+  * Fix bug in command emit (#844)
+
+2.17.0 / 2018-08-03
+==================
+
+  * fixed newline output after help information (#833)
+  * Fix to emit the action even without command (#778)
+  * npm update (#823)
+
+2.16.0 / 2018-06-29
+==================
+
+  * Remove Makefile and `test/run` (#821)
+  * Make 'npm test' run on Windows (#820)
+  * Add badge to display install size (#807)
+  * chore: cache node_modules (#814)
+  * chore: remove Node.js 4 (EOL), add Node.js 10 (#813)
+  * fixed typo in readme (#812)
+  * Fix types (#804)
+  * Update eslint to resolve vulnerabilities in lodash (#799)
+  * updated readme with custom event listeners. (#791)
+  * fix tests (#794)
+
+2.15.0 / 2018-03-07
+==================
+
+  * Update downloads badge to point to graph of downloads over time instead of duplicating link to npm
+  * Arguments description
+
+2.14.1 / 2018-02-07
+==================
+
+  * Fix typing of help function
+
+2.14.0 / 2018-02-05
+==================
+
+  * only register the option:version event once
+  * Fixes issue #727: Passing empty string for option on command is set to undefined
+  * enable eqeqeq rule
+  * resolves #754 add linter configuration to project
+  * resolves #560 respect custom name for version option
+  * document how to override the version flag
+  * document using options per command
+
+2.13.0 / 2018-01-09
+==================
+
+  * Do not print default for --no-
+  * remove trailing spaces in command help
+  * Update CI's Node.js to LTS and latest version
+  * typedefs: Command and Option types added to commander namespace
+
+2.12.2 / 2017-11-28
+==================
+
+  * fix: typings are not shipped
+
+2.12.1 / 2017-11-23
+==================
+
+  * Move @types/node to dev dependency
+
+2.12.0 / 2017-11-22
+==================
+
+  * add attributeName() method to Option objects
+  * Documentation updated for options with --no prefix
+  * typings: `outputHelp` takes a string as the first parameter
+  * typings: use overloads
+  * feat(typings): update to match js api
+  * Print default value in option help
+  * Fix translation error
+  * Fail when using same command and alias (#491)
+  * feat(typings): add help callback
+  * fix bug when description is add after command with options (#662)
+  * Format js code
+  * Rename History.md to CHANGELOG.md (#668)
+  * feat(typings): add typings to support TypeScript (#646)
+  * use current node
+
+2.11.0 / 2017-07-03
+==================
+
+  * Fix help section order and padding (#652)
+  * feature: support for signals to subcommands (#632)
+  * Fixed #37, --help should not display first (#447)
+  * Fix translation errors. (#570)
+  * Add package-lock.json
+  * Remove engines
+  * Upgrade package version
+  * Prefix events to prevent conflicts between commands and options (#494)
+  * Removing dependency on graceful-readlink
+  * Support setting name in #name function and make it chainable
+  * Add .vscode directory to .gitignore (Visual Studio Code metadata)
+  * Updated link to ruby commander in readme files
+
+2.10.0 / 2017-06-19
+==================
+
+  * Update .travis.yml. drop support for older node.js versions.
+  * Fix require arguments in README.md
+  * On SemVer you do not start from 0.0.1
+  * Add missing semi colon in readme
+  * Add save param to npm install
+  * node v6 travis test
+  * Update Readme_zh-CN.md
+  * Allow literal '--' to be passed-through as an argument
+  * Test subcommand alias help
+  * link build badge to master branch
+  * Support the alias of Git style sub-command
+  * added keyword commander for better search result on npm
+  * Fix Sub-Subcommands
+  * test node.js stable
+  * Fixes TypeError when a command has an option called `--description`
+  * Update README.md to make it beginner friendly and elaborate on the difference between angled and square brackets.
+  * Add chinese Readme file
+
+2.9.0 / 2015-10-13
+==================
+
+  * Add option `isDefault` to set default subcommand #415 @Qix-
+  * Add callback to allow filtering or post-processing of help text #434 @djulien
+  * Fix `undefined` text in help information close #414 #416 @zhiyelee
+
+2.8.1 / 2015-04-22
+==================
+
+ * Back out `support multiline description` Close #396 #397
+
+2.8.0 / 2015-04-07
+==================
+
+  * Add `process.execArg` support, execution args like `--harmony` will be passed to sub-commands #387 @DigitalIO @zhiyelee
+  * Fix bug in Git-style sub-commands #372 @zhiyelee
+  * Allow commands to be hidden from help #383 @tonylukasavage
+  * When git-style sub-commands are in use, yet none are called, display help #382 @claylo
+  * Add ability to specify arguments syntax for top-level command #258 @rrthomas
+  * Support multiline descriptions #208 @zxqfox
+
+2.7.1 / 2015-03-11
+==================
+
+ * Revert #347 (fix collisions when option and first arg have same name) which causes a bug in #367.
+
+2.7.0 / 2015-03-09
+==================
+
+ * Fix git-style bug when installed globally. Close #335 #349 @zhiyelee
+ * Fix collisions when option and first arg have same name. Close #346 #347 @tonylukasavage
+ * Add support for camelCase on `opts()`. Close #353  @nkzawa
+ * Add node.js 0.12 and io.js to travis.yml
+ * Allow RegEx options. #337 @palanik
+ * Fixes exit code when sub-command failing.  Close #260 #332 @pirelenito
+ * git-style `bin` files in $PATH make sense. Close #196 #327  @zhiyelee
+
+2.6.0 / 2014-12-30
+==================
+
+  * added `Command#allowUnknownOption` method. Close #138 #318 @doozr @zhiyelee
+  * Add application description to the help msg. Close #112 @dalssoft
+
+2.5.1 / 2014-12-15
+==================
+
+  * fixed two bugs incurred by variadic arguments. Close #291 @Quentin01 #302 @zhiyelee
+
+2.5.0 / 2014-10-24
+==================
+
+ * add support for variadic arguments. Closes #277 @whitlockjc
+
+2.4.0 / 2014-10-17
+==================
+
+ * fixed a bug on executing the coercion function of subcommands option. Closes #270
+ * added `Command.prototype.name` to retrieve command name. Closes #264 #266 @tonylukasavage
+ * added `Command.prototype.opts` to retrieve all the options as a simple object of key-value pairs. Closes #262 @tonylukasavage
+ * fixed a bug on subcommand name. Closes #248 @jonathandelgado
+ * fixed function normalize doesn’t honor option terminator. Closes #216 @abbr
+
+2.3.0 / 2014-07-16
+==================
+
+ * add command alias'. Closes PR #210
+ * fix: Typos. Closes #99
+ * fix: Unused fs module. Closes #217
+
+2.2.0 / 2014-03-29
+==================
+
+ * add passing of previous option value
+ * fix: support subcommands on windows. Closes #142
+ * Now the defaultValue passed as the second argument of the coercion function.
+
+2.1.0 / 2013-11-21
+==================
+
+ * add: allow cflag style option params, unit test, fixes #174
+
+2.0.0 / 2013-07-18
+==================
+
+ * remove input methods (.prompt, .confirm, etc)
+
+1.3.2 / 2013-07-18
+==================
+
+ * add support for sub-commands to co-exist with the original command
+
+1.3.1 / 2013-07-18
+==================
+
+ * add quick .runningCommand hack so you can opt-out of other logic when running a sub command
+
+1.3.0 / 2013-07-09
+==================
+
+ * add EACCES error handling
+ * fix sub-command --help
+
+1.2.0 / 2013-06-13
+==================
+
+ * allow "-" hyphen as an option argument
+ * support for RegExp coercion
+
+1.1.1 / 2012-11-20
+==================
+
+  * add more sub-command padding
+  * fix .usage() when args are present. Closes #106
+
+1.1.0 / 2012-11-16
+==================
+
+  * add git-style executable subcommand support. Closes #94
+
+1.0.5 / 2012-10-09
+==================
+
+  * fix `--name` clobbering. Closes #92
+  * fix examples/help. Closes #89
+
+1.0.4 / 2012-09-03
+==================
+
+  * add `outputHelp()` method.
+
+1.0.3 / 2012-08-30
+==================
+
+  * remove invalid .version() defaulting
+
+1.0.2 / 2012-08-24
+==================
+
+  * add `--foo=bar` support [arv]
+  * fix password on node 0.8.8. Make backward compatible with 0.6 [focusaurus]
+
+1.0.1 / 2012-08-03
+==================
+
+  * fix issue #56
+  * fix tty.setRawMode(mode) was moved to tty.ReadStream#setRawMode() (i.e. process.stdin.setRawMode())
+
+1.0.0 / 2012-07-05
+==================
+
+  * add support for optional option descriptions
+  * add defaulting of `.version()` to package.json's version
+
+0.6.1 / 2012-06-01
+==================
+
+  * Added: append (yes or no) on confirmation
+  * Added: allow node.js v0.7.x
+
+0.6.0 / 2012-04-10
+==================
+
+  * Added `.prompt(obj, callback)` support. Closes #49
+  * Added default support to .choose(). Closes #41
+  * Fixed the choice example
+
+0.5.1 / 2011-12-20
+==================
+
+  * Fixed `password()` for recent nodes. Closes #36
+
+0.5.0 / 2011-12-04
+==================
+
+  * Added sub-command option support [itay]
+
+0.4.3 / 2011-12-04
+==================
+
+  * Fixed custom help ordering. Closes #32
+
+0.4.2 / 2011-11-24
+==================
+
+  * Added travis support
+  * Fixed: line-buffered input automatically trimmed. Closes #31
+
+0.4.1 / 2011-11-18
+==================
+
+  * Removed listening for "close" on --help
+
+0.4.0 / 2011-11-15
+==================
+
+  * Added support for `--`. Closes #24
+
+0.3.3 / 2011-11-14
+==================
+
+  * Fixed: wait for close event when writing help info [Jerry Hamlet]
+
+0.3.2 / 2011-11-01
+==================
+
+  * Fixed long flag definitions with values [felixge]
+
+0.3.1 / 2011-10-31
+==================
+
+  * Changed `--version` short flag to `-V` from `-v`
+  * Changed `.version()` so it's configurable [felixge]
+
+0.3.0 / 2011-10-31
+==================
+
+  * Added support for long flags only. Closes #18
+
+0.2.1 / 2011-10-24
+==================
+
+  * "node": ">= 0.4.x < 0.7.0". Closes #20
+
+0.2.0 / 2011-09-26
+==================
+
+  * Allow for defaults that are not just boolean. Default peassignment only occurs for --no-*, optional, and required arguments. [Jim Isaacs]
+
+0.1.0 / 2011-08-24
+==================
+
+  * Added support for custom `--help` output
+
+0.0.5 / 2011-08-18
+==================
+
+  * Changed: when the user enters nothing prompt for password again
+  * Fixed issue with passwords beginning with numbers [NuckChorris]
+
+0.0.4 / 2011-08-15
+==================
+
+  * Fixed `Commander#args`
+
+0.0.3 / 2011-08-15
+==================
+
+  * Added default option value support
+
+0.0.2 / 2011-08-15
+==================
+
+  * Added mask support to `Command#password(str[, mask], fn)`
+  * Added `Command#password(str, fn)`
+
+0.0.1 / 2010-01-03
+==================
+
+  * Initial release

node_modules/tslint/node_modules/commander/LICENSE

@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2011 TJ Holowaychuk <tj@vision-media.ca>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

node_modules/tslint/node_modules/commander/Readme.md

@@ -0,0 +1,428 @@
+# Commander.js
+
+
+[![Build Status](https://api.travis-ci.org/tj/commander.js.svg?branch=master)](http://travis-ci.org/tj/commander.js)
+[![NPM Version](http://img.shields.io/npm/v/commander.svg?style=flat)](https://www.npmjs.org/package/commander)
+[![NPM Downloads](https://img.shields.io/npm/dm/commander.svg?style=flat)](https://npmcharts.com/compare/commander?minimal=true)
+[![Install Size](https://packagephobia.now.sh/badge?p=commander)](https://packagephobia.now.sh/result?p=commander)
+[![Join the chat at https://gitter.im/tj/commander.js](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/tj/commander.js?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+
+  The complete solution for [node.js](http://nodejs.org) command-line interfaces, inspired by Ruby's [commander](https://github.com/commander-rb/commander).  
+  [API documentation](http://tj.github.com/commander.js/)
+
+
+## Installation
+
+    $ npm install commander
+
+## Option parsing
+
+Options with commander are defined with the `.option()` method, also serving as documentation for the options. The example below parses args and options from `process.argv`, leaving remaining args as the `program.args` array which were not consumed by options.
+
+```js
+#!/usr/bin/env node
+
+/**
+ * Module dependencies.
+ */
+
+var program = require('commander');
+
+program
+  .version('0.1.0')
+  .option('-p, --peppers', 'Add peppers')
+  .option('-P, --pineapple', 'Add pineapple')
+  .option('-b, --bbq-sauce', 'Add bbq sauce')
+  .option('-c, --cheese [type]', 'Add the specified type of cheese [marble]', 'marble')
+  .parse(process.argv);
+
+console.log('you ordered a pizza with:');
+if (program.peppers) console.log('  - peppers');
+if (program.pineapple) console.log('  - pineapple');
+if (program.bbqSauce) console.log('  - bbq');
+console.log('  - %s cheese', program.cheese);
+```
+
+Short flags may be passed as a single arg, for example `-abc` is equivalent to `-a -b -c`. Multi-word options such as "--template-engine" are camel-cased, becoming `program.templateEngine` etc.
+
+Note that multi-word options starting with `--no` prefix negate the boolean value of the following word. For example, `--no-sauce` sets the value of `program.sauce` to false.
+
+```js
+#!/usr/bin/env node
+
+/**
+ * Module dependencies.
+ */
+
+var program = require('commander');
+
+program
+  .option('--no-sauce', 'Remove sauce')
+  .parse(process.argv);
+
+console.log('you ordered a pizza');
+if (program.sauce) console.log('  with sauce');
+else console.log(' without sauce');
+```
+
+To get string arguments from options you will need to use angle brackets <> for required inputs or square brackets [] for optional inputs. 
+
+e.g. ```.option('-m --myarg [myVar]', 'my super cool description')```
+
+Then to access the input if it was passed in.
+
+e.g. ```var myInput = program.myarg```
+
+**NOTE**: If you pass a argument without using brackets the example above will return true and not the value passed in.
+
+
+## Version option
+
+Calling the `version` implicitly adds the `-V` and `--version` options to the command.
+When either of these options is present, the command prints the version number and exits.
+
+    $ ./examples/pizza -V
+    0.0.1
+
+If you want your program to respond to the `-v` option instead of the `-V` option, simply pass custom flags to the `version` method using the same syntax as the `option` method.
+
+```js
+program
+  .version('0.0.1', '-v, --version')
+```
+
+The version flags can be named anything, but the long option is required.
+
+## Command-specific options
+
+You can attach options to a command.
+
+```js
+#!/usr/bin/env node
+
+var program = require('commander');
+
+program
+  .command('rm <dir>')
+  .option('-r, --recursive', 'Remove recursively')
+  .action(function (dir, cmd) {
+    console.log('remove ' + dir + (cmd.recursive ? ' recursively' : ''))
+  })
+
+program.parse(process.argv)
+```
+
+A command's options are validated when the command is used. Any unknown options will be reported as an error. However, if an action-based command does not define an action, then the options are not validated.
+
+## Coercion
+
+```js
+function range(val) {
+  return val.split('..').map(Number);
+}
+
+function list(val) {
+  return val.split(',');
+}
+
+function collect(val, memo) {
+  memo.push(val);
+  return memo;
+}
+
+function increaseVerbosity(v, total) {
+  return total + 1;
+}
+
+program
+  .version('0.1.0')
+  .usage('[options] <file ...>')
+  .option('-i, --integer <n>', 'An integer argument', parseInt)
+  .option('-f, --float <n>', 'A float argument', parseFloat)
+  .option('-r, --range <a>..<b>', 'A range', range)
+  .option('-l, --list <items>', 'A list', list)
+  .option('-o, --optional [value]', 'An optional value')
+  .option('-c, --collect [value]', 'A repeatable value', collect, [])
+  .option('-v, --verbose', 'A value that can be increased', increaseVerbosity, 0)
+  .parse(process.argv);
+
+console.log(' int: %j', program.integer);
+console.log(' float: %j', program.float);
+console.log(' optional: %j', program.optional);
+program.range = program.range || [];
+console.log(' range: %j..%j', program.range[0], program.range[1]);
+console.log(' list: %j', program.list);
+console.log(' collect: %j', program.collect);
+console.log(' verbosity: %j', program.verbose);
+console.log(' args: %j', program.args);
+```
+
+## Regular Expression
+```js
+program
+  .version('0.1.0')
+  .option('-s --size <size>', 'Pizza size', /^(large|medium|small)$/i, 'medium')
+  .option('-d --drink [drink]', 'Drink', /^(coke|pepsi|izze)$/i)
+  .parse(process.argv);
+
+console.log(' size: %j', program.size);
+console.log(' drink: %j', program.drink);
+```
+
+## Variadic arguments
+
+ The last argument of a command can be variadic, and only the last argument.  To make an argument variadic you have to
+ append `...` to the argument name.  Here is an example:
+
+```js
+#!/usr/bin/env node
+
+/**
+ * Module dependencies.
+ */
+
+var program = require('commander');
+
+program
+  .version('0.1.0')
+  .command('rmdir <dir> [otherDirs...]')
+  .action(function (dir, otherDirs) {
+    console.log('rmdir %s', dir);
+    if (otherDirs) {
+      otherDirs.forEach(function (oDir) {
+        console.log('rmdir %s', oDir);
+      });
+    }
+  });
+
+program.parse(process.argv);
+```
+
+ An `Array` is used for the value of a variadic argument.  This applies to `program.args` as well as the argument passed
+ to your action as demonstrated above.
+
+## Specify the argument syntax
+
+```js
+#!/usr/bin/env node
+
+var program = require('commander');
+
+program
+  .version('0.1.0')
+  .arguments('<cmd> [env]')
+  .action(function (cmd, env) {
+     cmdValue = cmd;
+     envValue = env;
+  });
+
+program.parse(process.argv);
+
+if (typeof cmdValue === 'undefined') {
+   console.error('no command given!');
+   process.exit(1);
+}
+console.log('command:', cmdValue);
+console.log('environment:', envValue || "no environment given");
+```
+Angled brackets (e.g. `<cmd>`) indicate required input. Square brackets (e.g. `[env]`) indicate optional input.
+
+## Git-style sub-commands
+
+```js
+// file: ./examples/pm
+var program = require('commander');
+
+program
+  .version('0.1.0')
+  .command('install [name]', 'install one or more packages')
+  .command('search [query]', 'search with optional query')
+  .command('list', 'list packages installed', {isDefault: true})
+  .parse(process.argv);
+```
+
+When `.command()` is invoked with a description argument, no `.action(callback)` should be called to handle sub-commands, otherwise there will be an error. This tells commander that you're going to use separate executables for sub-commands, much like `git(1)` and other popular tools.  
+The commander will try to search the executables in the directory of the entry script (like `./examples/pm`) with the name `program-command`, like `pm-install`, `pm-search`.
+
+Options can be passed with the call to `.command()`. Specifying `true` for `opts.noHelp` will remove the subcommand from the generated help output. Specifying `true` for `opts.isDefault` will run the subcommand if no other subcommand is specified.
+
+If the program is designed to be installed globally, make sure the executables have proper modes, like `755`.
+
+### `--harmony`
+
+You can enable `--harmony` option in two ways:
+* Use `#! /usr/bin/env node --harmony` in the sub-commands scripts. Note some os version don’t support this pattern.
+* Use the `--harmony` option when call the command, like `node --harmony examples/pm publish`. The `--harmony` option will be preserved when spawning sub-command process.
+
+## Automated --help
+
+ The help information is auto-generated based on the information commander already knows about your program, so the following `--help` info is for free:
+
+```  
+$ ./examples/pizza --help
+Usage: pizza [options]
+
+An application for pizzas ordering
+
+Options:
+  -h, --help           output usage information
+  -V, --version        output the version number
+  -p, --peppers        Add peppers
+  -P, --pineapple      Add pineapple
+  -b, --bbq            Add bbq sauce
+  -c, --cheese <type>  Add the specified type of cheese [marble]
+  -C, --no-cheese      You do not want any cheese
+```
+
+## Custom help
+
+ You can display arbitrary `-h, --help` information
+ by listening for "--help". Commander will automatically
+ exit once you are done so that the remainder of your program
+ does not execute causing undesired behaviors, for example
+ in the following executable "stuff" will not output when
+ `--help` is used.
+
+```js
+#!/usr/bin/env node
+
+/**
+ * Module dependencies.
+ */
+
+var program = require('commander');
+
+program
+  .version('0.1.0')
+  .option('-f, --foo', 'enable some foo')
+  .option('-b, --bar', 'enable some bar')
+  .option('-B, --baz', 'enable some baz');
+
+// must be before .parse() since
+// node's emit() is immediate
+
+program.on('--help', function(){
+  console.log('')
+  console.log('Examples:');
+  console.log('  $ custom-help --help');
+  console.log('  $ custom-help -h');
+});
+
+program.parse(process.argv);
+
+console.log('stuff');
+```
+
+Yields the following help output when `node script-name.js -h` or `node script-name.js --help` are run:
+
+```
+Usage: custom-help [options]
+
+Options:
+  -h, --help     output usage information
+  -V, --version  output the version number
+  -f, --foo      enable some foo
+  -b, --bar      enable some bar
+  -B, --baz      enable some baz
+
+Examples:
+  $ custom-help --help
+  $ custom-help -h
+```
+
+## .outputHelp(cb)
+
+Output help information without exiting.
+Optional callback cb allows post-processing of help text before it is displayed.
+
+If you want to display help by default (e.g. if no command was provided), you can use something like:
+
+```js
+var program = require('commander');
+var colors = require('colors');
+
+program
+  .version('0.1.0')
+  .command('getstream [url]', 'get stream URL')
+  .parse(process.argv);
+
+if (!process.argv.slice(2).length) {
+  program.outputHelp(make_red);
+}
+
+function make_red(txt) {
+  return colors.red(txt); //display the help text in red on the console
+}
+```
+
+## .help(cb)
+
+  Output help information and exit immediately.
+  Optional callback cb allows post-processing of help text before it is displayed.
+
+
+## Custom event listeners
+ You can execute custom actions by listening to command and option events.
+
+```js
+program.on('option:verbose', function () {
+  process.env.VERBOSE = this.verbose;
+});
+
+// error on unknown commands
+program.on('command:*', function () {
+  console.error('Invalid command: %s\nSee --help for a list of available commands.', program.args.join(' '));
+  process.exit(1);
+});
+```
+
+## Examples
+
+```js
+var program = require('commander');
+
+program
+  .version('0.1.0')
+  .option('-C, --chdir <path>', 'change the working directory')
+  .option('-c, --config <path>', 'set config path. defaults to ./deploy.conf')
+  .option('-T, --no-tests', 'ignore test hook');
+
+program
+  .command('setup [env]')
+  .description('run setup commands for all envs')
+  .option("-s, --setup_mode [mode]", "Which setup mode to use")
+  .action(function(env, options){
+    var mode = options.setup_mode || "normal";
+    env = env || 'all';
+    console.log('setup for %s env(s) with %s mode', env, mode);
+  });
+
+program
+  .command('exec <cmd>')
+  .alias('ex')
+  .description('execute the given remote cmd')
+  .option("-e, --exec_mode <mode>", "Which exec mode to use")
+  .action(function(cmd, options){
+    console.log('exec "%s" using %s mode', cmd, options.exec_mode);
+  }).on('--help', function() {
+    console.log('');
+    console.log('Examples:');
+    console.log('');
+    console.log('  $ deploy exec sequential');
+    console.log('  $ deploy exec async');
+  });
+
+program
+  .command('*')
+  .action(function(env){
+    console.log('deploying "%s"', env);
+  });
+
+program.parse(process.argv);
+```
+
+More Demos can be found in the [examples](https://github.com/tj/commander.js/tree/master/examples) directory.
+
+## License
+
+[MIT](https://github.com/tj/commander.js/blob/master/LICENSE)

node_modules/tslint/node_modules/commander/package.json

@@ -0,0 +1,38 @@
+{
+  "name": "commander",
+  "version": "2.20.3",
+  "description": "the complete solution for node.js command-line programs",
+  "keywords": [
+    "commander",
+    "command",
+    "option",
+    "parser"
+  ],
+  "author": "TJ Holowaychuk <tj@vision-media.ca>",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/tj/commander.js.git"
+  },
+  "scripts": {
+    "lint": "eslint index.js",
+    "test": "node test/run.js && npm run test-typings",
+    "test-typings": "tsc -p tsconfig.json"
+  },
+  "main": "index",
+  "files": [
+    "index.js",
+    "typings/index.d.ts"
+  ],
+  "dependencies": {},
+  "devDependencies": {
+    "@types/node": "^12.7.8",
+    "eslint": "^6.4.0",
+    "should": "^13.2.3",
+    "sinon": "^7.5.0",
+    "standard": "^14.3.1",
+    "ts-node": "^8.4.1",
+    "typescript": "^3.6.3"
+  },
+  "typings": "typings/index.d.ts"
+}

node_modules/tslint/node_modules/commander/typings/index.d.ts

@@ -0,0 +1,310 @@
+// Type definitions for commander 2.11
+// Project: https://github.com/visionmedia/commander.js
+// Definitions by: Alan Agius <https://github.com/alan-agius4>, Marcelo Dezem <https://github.com/mdezem>, vvakame <https://github.com/vvakame>, Jules Randolph <https://github.com/sveinburne>
+// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped
+
+declare namespace local {
+
+  class Option {
+    flags: string;
+    required: boolean;
+    optional: boolean;
+    bool: boolean;
+    short?: string;
+    long: string;
+    description: string;
+
+    /**
+     * Initialize a new `Option` with the given `flags` and `description`.
+     *
+     * @param {string} flags
+     * @param {string} [description]
+     */
+    constructor(flags: string, description?: string);
+  }
+
+  class Command extends NodeJS.EventEmitter {
+    [key: string]: any;
+
+    args: string[];
+
+    /**
+     * Initialize a new `Command`.
+     *
+     * @param {string} [name]
+     */
+    constructor(name?: string);
+
+    /**
+     * Set the program version to `str`.
+     *
+     * This method auto-registers the "-V, --version" flag
+     * which will print the version number when passed.
+     *
+     * @param {string} str
+     * @param {string} [flags]
+     * @returns {Command} for chaining
+     */
+    version(str: string, flags?: string): Command;
+
+    /**
+     * Add command `name`.
+     *
+     * The `.action()` callback is invoked when the
+     * command `name` is specified via __ARGV__,
+     * and the remaining arguments are applied to the
+     * function for access.
+     *
+     * When the `name` is "*" an un-matched command
+     * will be passed as the first arg, followed by
+     * the rest of __ARGV__ remaining.
+     *
+     * @example
+     *      program
+     *        .version('0.0.1')
+     *        .option('-C, --chdir <path>', 'change the working directory')
+     *        .option('-c, --config <path>', 'set config path. defaults to ./deploy.conf')
+     *        .option('-T, --no-tests', 'ignore test hook')
+     *
+     *      program
+     *        .command('setup')
+     *        .description('run remote setup commands')
+     *        .action(function() {
+     *          console.log('setup');
+     *        });
+     *
+     *      program
+     *        .command('exec <cmd>')
+     *        .description('run the given remote command')
+     *        .action(function(cmd) {
+     *          console.log('exec "%s"', cmd);
+     *        });
+     *
+     *      program
+     *        .command('teardown <dir> [otherDirs...]')
+     *        .description('run teardown commands')
+     *        .action(function(dir, otherDirs) {
+     *          console.log('dir "%s"', dir);
+     *          if (otherDirs) {
+     *            otherDirs.forEach(function (oDir) {
+     *              console.log('dir "%s"', oDir);
+     *            });
+     *          }
+     *        });
+     *
+     *      program
+     *        .command('*')
+     *        .description('deploy the given env')
+     *        .action(function(env) {
+     *          console.log('deploying "%s"', env);
+     *        });
+     *
+     *      program.parse(process.argv);
+     *
+     * @param {string} name
+     * @param {string} [desc] for git-style sub-commands
+     * @param {CommandOptions} [opts] command options
+     * @returns {Command} the new command
+     */
+    command(name: string, desc?: string, opts?: commander.CommandOptions): Command;
+
+    /**
+     * Define argument syntax for the top-level command.
+     *
+     * @param {string} desc
+     * @returns {Command} for chaining
+     */
+    arguments(desc: string): Command;
+
+    /**
+     * Parse expected `args`.
+     *
+     * For example `["[type]"]` becomes `[{ required: false, name: 'type' }]`.
+     *
+     * @param {string[]} args
+     * @returns {Command} for chaining
+     */
+    parseExpectedArgs(args: string[]): Command;
+
+    /**
+     * Register callback `fn` for the command.
+     *
+     * @example
+     *      program
+     *        .command('help')
+     *        .description('display verbose help')
+     *        .action(function() {
+     *           // output help here
+     *        });
+     *
+     * @param {(...args: any[]) => void} fn
+     * @returns {Command} for chaining
+     */
+    action(fn: (...args: any[]) => void): Command;
+
+    /**
+     * Define option with `flags`, `description` and optional
+     * coercion `fn`.
+     *
+     * The `flags` string should contain both the short and long flags,
+     * separated by comma, a pipe or space. The following are all valid
+     * all will output this way when `--help` is used.
+     *
+     *    "-p, --pepper"
+     *    "-p|--pepper"
+     *    "-p --pepper"
+     *
+     * @example
+     *     // simple boolean defaulting to false
+     *     program.option('-p, --pepper', 'add pepper');
+     *
+     *     --pepper
+     *     program.pepper
+     *     // => Boolean
+     *
+     *     // simple boolean defaulting to true
+     *     program.option('-C, --no-cheese', 'remove cheese');
+     *
+     *     program.cheese
+     *     // => true
+     *
+     *     --no-cheese
+     *     program.cheese
+     *     // => false
+     *
+     *     // required argument
+     *     program.option('-C, --chdir <path>', 'change the working directory');
+     *
+     *     --chdir /tmp
+     *     program.chdir
+     *     // => "/tmp"
+     *
+     *     // optional argument
+     *     program.option('-c, --cheese [type]', 'add cheese [marble]');
+     *
+     * @param {string} flags
+     * @param {string} [description]
+     * @param {((arg1: any, arg2: any) => void) | RegExp} [fn] function or default
+     * @param {*} [defaultValue]
+     * @returns {Command} for chaining
+     */
+    option(flags: string, description?: string, fn?: ((arg1: any, arg2: any) => void) | RegExp, defaultValue?: any): Command;
+    option(flags: string, description?: string, defaultValue?: any): Command;
+
+    /**
+     * Allow unknown options on the command line.
+     *
+     * @param {boolean} [arg] if `true` or omitted, no error will be thrown for unknown options.
+     * @returns {Command} for chaining
+     */
+    allowUnknownOption(arg?: boolean): Command;
+
+    /**
+     * Parse `argv`, settings options and invoking commands when defined.
+     *
+     * @param {string[]} argv
+     * @returns {Command} for chaining
+     */
+    parse(argv: string[]): Command;
+
+    /**
+     * Parse options from `argv` returning `argv` void of these options.
+     *
+     * @param {string[]} argv
+     * @returns {ParseOptionsResult}
+     */
+    parseOptions(argv: string[]): commander.ParseOptionsResult;
+
+    /**
+     * Return an object containing options as key-value pairs
+     *
+     * @returns {{[key: string]: any}}
+     */
+    opts(): { [key: string]: any };
+
+    /**
+     * Set the description to `str`.
+     *
+     * @param {string} str
+     * @param {{[argName: string]: string}} argsDescription
+     * @return {(Command | string)}
+     */
+    description(str: string, argsDescription?: {[argName: string]: string}): Command;
+    description(): string;
+
+    /**
+     * Set an alias for the command.
+     *
+     * @param {string} alias
+     * @return {(Command | string)}
+     */
+    alias(alias: string): Command;
+    alias(): string;
+
+    /**
+     * Set or get the command usage.
+     *
+     * @param {string} str
+     * @return {(Command | string)}
+     */
+    usage(str: string): Command;
+    usage(): string;
+
+    /**
+     * Set the name of the command.
+     *
+     * @param {string} str
+     * @return {Command}
+     */
+    name(str: string): Command;
+
+    /**
+     * Get the name of the command.
+     *
+     * @return {string}
+     */
+    name(): string;
+
+    /**
+     * Output help information for this command.
+     *
+     * @param {(str: string) => string} [cb]
+     */
+    outputHelp(cb?: (str: string) => string): void;
+
+    /** Output help information and exit.
+     *
+     * @param {(str: string) => string} [cb]
+     */
+    help(cb?: (str: string) => string): never;
+  }
+
+}
+
+declare namespace commander {
+
+    type Command = local.Command
+
+    type Option = local.Option
+
+    interface CommandOptions {
+        noHelp?: boolean;
+        isDefault?: boolean;
+    }
+
+    interface ParseOptionsResult {
+        args: string[];
+        unknown: string[];
+    }
+
+    interface CommanderStatic extends Command {
+        Command: typeof local.Command;
+        Option: typeof local.Option;
+        CommandOptions: CommandOptions;
+        ParseOptionsResult: ParseOptionsResult;
+    }
+
+}
+
+declare const commander: commander.CommanderStatic;
+export = commander;

package-lock.json

@@ -1010,10 +1010,9 @@
       "dev": true
     },
     "commander": {
-      "version": "2.20.3",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
-      "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==",
-      "dev": true
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/commander/-/commander-6.0.0.tgz",
+      "integrity": "sha512-s7EA+hDtTYNhuXkTlhqew4txMZVdszBmKWSPEMxGr8ru8JXR7bLUFIAtPhcSuFdJQ0ILMxnJi8GkQL0yvDy/YA=="
     },
     "common-path-prefix": {
       "version": "3.0.0",
@@ -3008,6 +3007,12 @@
         "tsutils": "^2.29.0"
       },
       "dependencies": {
+        "commander": {
+          "version": "2.20.3",
+          "resolved": "https://registry.npmjs.org/commander/-/commander-2.20.3.tgz",
+          "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ==",
+          "dev": true
+        },
         "semver": {
           "version": "5.7.1",
           "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",

package.json

@@ -23,6 +23,7 @@
     "@actions/github": "^2.2.0",
     "@actions/http-client": "^1.0.8",
     "@actions/tool-cache": "^1.5.5",
+    "commander": "^6.0.0",
     "console-log-level": "^1.4.1",
     "file-url": "^3.0.0",
     "fs": "0.0.1-security",

queries/unguarded-action-lib.ql

@@ -0,0 +1,108 @@
+/**
+ * @name Unguarded actions library use
+ * @description Code that runs outside of GitHub Actions tries to use a library that should only be used when running on actions.
+ * @kind problem
+ * @problem.severity error
+ * @id javascript/codeql-action/unguarded-action-lib
+ */
+
+import javascript
+
+/**
+ * An import from a library that is meant for GitHub Actions and
+ * we do not want to be using outside of actions.
+ */
+class ActionsLibImport extends ImportDeclaration {
+  ActionsLibImport() {
+    getImportedPath().getValue().matches("@actions/%")
+  }
+
+  string getName() {
+    result = getImportedPath().getValue()
+  }
+
+  Variable getAProvidedVariable() {
+    result = getASpecifier().getLocal().getVariable()
+  }
+}
+
+/**
+ * An entrypoint to the CodeQL runner.
+ */
+class RunnerEntrypoint extends Function {
+  RunnerEntrypoint() {
+    getFile().getAbsolutePath().matches("%/runner.ts")
+  }
+}
+
+/**
+ * A check of whether we are in actions mode or runner mode.
+ */
+class ModeGuard extends IfStmt {
+  ModeGuard() {
+    getCondition().(EqualityTest).getAnOperand().(StringLiteral).getValue() = "actions" or
+    getCondition().(EqualityTest).getAnOperand().(StringLiteral).getValue() = "runner"
+  }
+
+  string getOperand() {
+    result = getCondition().(EqualityTest).getAnOperand().(StringLiteral).getValue()
+  }
+
+  predicate isPositive() {
+    getCondition().(EqualityTest).getPolarity() = true
+  }
+
+  /**
+   * Get the then or else block that is the "actions" path.
+   */
+  Stmt getActionsBlock() {
+    (getOperand() = "actions" and isPositive() and result = getThen())
+    or
+    (getOperand() = "runner" and not isPositive() and result = getThen())
+    or
+    (getOperand() = "actions" and not isPositive() and result = getElse())
+    or
+    (getOperand() = "runner" and isPositive() and result = getElse())
+  }
+
+  /**
+   * Get an expr that is only executed on actions
+   */
+  Expr getAnActionsExpr() {
+    getActionsBlock().getAChildStmt*().getAChildExpr*() = result
+  }
+}
+
+/**
+ * Any expr that is a transitive child of the given function
+ * and is not only called on actions.
+ */
+Expr getAFunctionChildExpr(Function f) {
+  not exists(ModeGuard guard | guard.getAnActionsExpr() = result) and
+  result.getContainer() = f
+}
+
+/*
+ * Result is a function that is called from the body of the given function `f`
+ * and is not only called on actions.
+ */
+Function calledBy(Function f) {
+  exists(InvokeExpr invokeExpr |
+    invokeExpr = getAFunctionChildExpr(f) and
+    invokeExpr.getResolvedCallee() = result and
+    not exists(ModeGuard guard | guard.getAnActionsExpr() = invokeExpr)
+  )
+  or
+  // Assume outer function causes inner function to be called
+  (result instanceof Expr and
+  result.getEnclosingContainer() = f and
+  not exists(ModeGuard guard | guard.getAnActionsExpr() = result))
+}
+
+from VarAccess v, ActionsLibImport actionsLib, RunnerEntrypoint runnerEntry 
+where actionsLib.getAProvidedVariable() = v.getVariable()
+  and getAFunctionChildExpr(calledBy*(runnerEntry)) = v
+select v, "$@ is imported from $@ and this code can be called from $@",
+  v, v.getName(),
+  actionsLib, actionsLib.getName(),
+  runnerEntry, "the runner"

runner/package.json

@@ -0,0 +1,17 @@
+{
+  "name": "codeql-runner",
+  "version": "0.0.0",
+  "private": true,
+  "description": "CodeQL runner",
+  "scripts": {
+    "build-runner": "webpack --mode production && pkg dist/codeql-runner.js  --out-path dist"
+  },
+  "license": "MIT",
+  "dependencies": {},
+  "devDependencies": {
+    "pkg": "^4.4.9",
+    "ts-loader": "8.0.2",
+    "webpack": "^4.44.1",
+    "webpack-cli": "^3.3.12"
+  }
+}

runner/webpack.config.js

@@ -0,0 +1,25 @@
+const path = require('path');
+
+module.exports = {
+  entry: '../src/runner.ts',
+  module: {
+    rules: [
+      {
+        test: /\.ts$/,
+        use: 'ts-loader',
+        exclude: /node_modules/,
+      },
+    ],
+  },
+  target: 'node',
+  resolve: {
+    extensions: [ '.ts', '.js' ],
+  },
+  output: {
+    filename: 'codeql-runner.js',
+    path: path.resolve(__dirname, 'dist'),
+  },
+  optimization: {
+		minimize: false
+	},
+};

src/analysis-paths.test.ts

@@ -2,33 +2,44 @@ import test from 'ava';
 
 import * as analysisPaths from './analysis-paths';
 import {setupTests} from './testing-utils';
+import * as util from './util';
 
 setupTests(test);
 
 test("emptyPaths", async t => {
-  const config = {
-    languages: [],
-    queries: {},
-    pathsIgnore: [],
-    paths: [],
-    originalUserInput: {},
-  };
-  analysisPaths.includeAndExcludeAnalysisPaths(config);
-  t.is(process.env['LGTM_INDEX_INCLUDE'], undefined);
-  t.is(process.env['LGTM_INDEX_EXCLUDE'], undefined);
-  t.is(process.env['LGTM_INDEX_FILTERS'], undefined);
+  return await util.withTmpDir(async tmpDir => {
+    const config = {
+      languages: [],
+      queries: {},
+      pathsIgnore: [],
+      paths: [],
+      originalUserInput: {},
+      tempDir: tmpDir,
+      toolCacheDir: tmpDir,
+      codeQLCmd: '',
+    };
+    analysisPaths.includeAndExcludeAnalysisPaths(config);
+    t.is(process.env['LGTM_INDEX_INCLUDE'], undefined);
+    t.is(process.env['LGTM_INDEX_EXCLUDE'], undefined);
+    t.is(process.env['LGTM_INDEX_FILTERS'], undefined);
+  });
 });
 
 test("nonEmptyPaths", async t => {
-  const config = {
-    languages: [],
-    queries: {},
-    paths: ['path1', 'path2', '**/path3'],
-    pathsIgnore: ['path4', 'path5', 'path6/**'],
-    originalUserInput: {},
-  };
-  analysisPaths.includeAndExcludeAnalysisPaths(config);
-  t.is(process.env['LGTM_INDEX_INCLUDE'], 'path1\npath2');
-  t.is(process.env['LGTM_INDEX_EXCLUDE'], 'path4\npath5');
-  t.is(process.env['LGTM_INDEX_FILTERS'], 'include:path1\ninclude:path2\ninclude:**/path3\nexclude:path4\nexclude:path5\nexclude:path6/**');
+  return await util.withTmpDir(async tmpDir => {
+    const config = {
+      languages: [],
+      queries: {},
+      paths: ['path1', 'path2', '**/path3'],
+      pathsIgnore: ['path4', 'path5', 'path6/**'],
+      originalUserInput: {},
+      tempDir: tmpDir,
+      toolCacheDir: tmpDir,
+      codeQLCmd: '',
+    };
+    analysisPaths.includeAndExcludeAnalysisPaths(config);
+    t.is(process.env['LGTM_INDEX_INCLUDE'], 'path1\npath2');
+    t.is(process.env['LGTM_INDEX_EXCLUDE'], 'path4\npath5');
+    t.is(process.env['LGTM_INDEX_FILTERS'], 'include:path1\ninclude:path2\ninclude:**/path3\nexclude:path4\nexclude:path5\nexclude:path6/**');
+  });
 });

src/analyze-action.ts

@@ -2,8 +2,11 @@ import * as core from '@actions/core';
 import * as fs from 'fs';
 import * as path from 'path';
 
-import { getCodeQL, isScannedLanguage } from './codeql';
+import { getCodeQL } from './codeql';
 import * as configUtils from './config-utils';
+import { isScannedLanguage } from './languages';
+import { getActionsLogger } from './logging';
+import { parseRepositoryNwo } from './repository';
 import * as sharedEnv from './shared-environment';
 import * as upload_lib from './upload-lib';
 import * as util from './util';
@@ -55,36 +58,35 @@ async function sendStatusReport(
   await util.sendStatusReport(statusReport);
 }
 
-async function createdDBForScannedLanguages(databaseFolder: string, config: configUtils.Config) {
-  const codeql = getCodeQL();
+async function createdDBForScannedLanguages(config: configUtils.Config) {
+  const codeql = getCodeQL(config.codeQLCmd);
   for (const language of config.languages) {
     if (isScannedLanguage(language)) {
       core.startGroup('Extracting ' + language);
-      await codeql.extractScannedLanguage(path.join(databaseFolder, language), language);
+      await codeql.extractScannedLanguage(util.getCodeQLDatabasePath(config.tempDir, language), language);
       core.endGroup();
     }
   }
 }
 
-async function finalizeDatabaseCreation(databaseFolder: string, config: configUtils.Config) {
-  await createdDBForScannedLanguages(databaseFolder, config);
+async function finalizeDatabaseCreation(config: configUtils.Config) {
+  await createdDBForScannedLanguages(config);
 
-  const codeql = getCodeQL();
+  const codeql = getCodeQL(config.codeQLCmd);
   for (const language of config.languages) {
     core.startGroup('Finalizing ' + language);
-    await codeql.finalizeDatabase(path.join(databaseFolder, language));
+    await codeql.finalizeDatabase(util.getCodeQLDatabasePath(config.tempDir, language));
     core.endGroup();
   }
 }
 
 // Runs queries and creates sarif files in the given folder
 async function runQueries(
-  databaseFolder: string,
   sarifFolder: string,
   config: configUtils.Config): Promise<QueriesStatusReport> {
 
-  const codeql = getCodeQL();
-  for (let language of fs.readdirSync(databaseFolder)) {
+  const codeql = getCodeQL(config.codeQLCmd);
+  for (let language of config.languages) {
     core.startGroup('Analyzing ' + language);
 
     const queries = config.queries[language] || [];
@@ -93,16 +95,17 @@ async function runQueries(
     }
 
     try {
+      const databasePath = util.getCodeQLDatabasePath(config.tempDir, language);
       // Pass the queries to codeql using a file instead of using the command
       // line to avoid command line length restrictions, particularly on windows.
-      const querySuite = path.join(databaseFolder, language + '-queries.qls');
+      const querySuite = databasePath + '-queries.qls';
       const querySuiteContents = queries.map(q => '- query: ' + q).join('\n');
       fs.writeFileSync(querySuite, querySuiteContents);
       core.debug('Query suite file for ' + language + '...\n' + querySuiteContents);
 
       const sarifFile = path.join(sarifFolder, language + '.sarif');
 
-      await codeql.databaseAnalyze(path.join(databaseFolder, language), sarifFile, querySuite);
+      await codeql.databaseAnalyze(databasePath, sarifFile, querySuite);
 
       core.debug('SARIF results for database ' + language + ' created at "' + sarifFile + '"');
       core.endGroup();
@@ -127,24 +130,35 @@ async function run() {
     if (!await util.sendStatusReport(await util.createStatusReportBase('finish', 'starting', startedAt), true)) {
       return;
     }
-    const config = await configUtils.getConfig();
+    const config = await configUtils.getConfig(util.getRequiredEnvParam('RUNNER_TEMP'));
 
     core.exportVariable(sharedEnv.ODASA_TRACER_CONFIGURATION, '');
     delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
 
-    const databaseFolder = util.getCodeQLDatabasesDir();
-
     const sarifFolder = core.getInput('output');
     fs.mkdirSync(sarifFolder, { recursive: true });
 
     core.info('Finalizing database creation');
-    await finalizeDatabaseCreation(databaseFolder, config);
+    await finalizeDatabaseCreation(config);
 
     core.info('Analyzing database');
-    queriesStats = await runQueries(databaseFolder, sarifFolder, config);
+    queriesStats = await runQueries(sarifFolder, config);
 
     if ('true' === core.getInput('upload')) {
-      uploadStats = await upload_lib.upload(sarifFolder);
+      uploadStats = await upload_lib.upload(
+        sarifFolder,
+        parseRepositoryNwo(util.getRequiredEnvParam('GITHUB_REPOSITORY')),
+        await util.getCommitOid(),
+        util.getRef(),
+        await util.getAnalysisKey(),
+        util.getRequiredEnvParam('GITHUB_WORKFLOW'),
+        util.getWorkflowRunID(),
+        core.getInput('checkout_path'),
+        core.getInput('matrix'),
+        core.getInput('token'),
+        util.getRequiredEnvParam('GITHUB_API_URL'),
+        'actions',
+        getActionsLogger());
     }
 
   } catch (error) {

src/api-client.ts

@@ -2,16 +2,40 @@ import * as core from "@actions/core";
 import * as github from "@actions/github";
 import consoleLogLevel from "console-log-level";
 
-import { isLocalRun } from "./util";
+import { getRequiredEnvParam, isLocalRun } from "./util";
 
-export const getApiClient = function(allowLocalRun = false) {
+export const getApiClient = function(githubAuth: string, githubApiUrl: string, allowLocalRun = false) {
   if (isLocalRun() && !allowLocalRun) {
     throw new Error('Invalid API call in local run');
   }
   return new github.GitHub(
-    core.getInput('token'),
     {
+      auth: parseAuth(githubAuth),
+      baseUrl: githubApiUrl,
       userAgent: "CodeQL Action",
       log: consoleLogLevel({ level: "debug" })
     });
 };
+
+// Parses the user input as either a single token,
+// or a username and password / PAT.
+function parseAuth(auth: string): string {
+  // Check if it's a username:password pair
+  const c = auth.indexOf(':');
+  if (c !== -1) {
+    return 'basic ' + Buffer.from(auth).toString('base64');
+  }
+
+  // Otherwise use the token as it is
+  return auth;
+}
+
+// Temporary function to aid in the transition to running on and off of github actions.
+// Once all code has been coverted this function should be removed or made canonical
+// and called only from the action entrypoints.
+export function getActionsApiClient(allowLocalRun = false) {
+  return getApiClient(
+    core.getInput('token'),
+    getRequiredEnvParam('GITHUB_API_URL'),
+    allowLocalRun);
+}

src/autobuild-action.ts

@@ -1,7 +1,8 @@
 import * as core from '@actions/core';
 
-import { getCodeQL, isTracedLanguage } from './codeql';
+import { getCodeQL } from './codeql';
 import * as config_utils from './config-utils';
+import { isTracedLanguage } from './languages';
 import * as util from './util';
 
 interface AutobuildStatusReport extends util.StatusReportBase {
@@ -41,7 +42,7 @@ async function run() {
       return;
     }
 
-    const config = await config_utils.getConfig();
+    const config = await config_utils.getConfig(util.getRequiredEnvParam('RUNNER_TEMP'));
 
     // Attempt to find a language to autobuild
     // We want pick the dominant language in the repo from the ones we're able to build
@@ -62,7 +63,7 @@ async function run() {
     }
 
     core.startGroup(`Attempting to automatically build ${language} code`);
-    const codeQL = getCodeQL();
+    const codeQL = getCodeQL(config.codeQLCmd);
     await codeQL.runAutobuild(language);
 
     core.endGroup();

src/codeql.test.ts

@@ -63,3 +63,35 @@ test('parse codeql bundle url version', t => {
     }
   }
 });
+
+test('getExtraOptions works for explicit paths', t => {
+  t.deepEqual(codeql.getExtraOptions({}, ['foo'], []), []);
+
+  t.deepEqual(codeql.getExtraOptions({foo: [42]}, ['foo'], []), ['42']);
+
+  t.deepEqual(codeql.getExtraOptions({foo: {bar: [42]}}, ['foo', 'bar'], []), ['42']);
+});
+
+test('getExtraOptions works for wildcards', t => {
+  t.deepEqual(codeql.getExtraOptions({'*': [42]}, ['foo'], []), ['42']);
+});
+
+test('getExtraOptions works for wildcards and explicit paths', t => {
+  let o1 = {'*': [42], foo: [87]};
+  t.deepEqual(codeql.getExtraOptions(o1, ['foo'], []), ['42', '87']);
+
+  let o2 = {'*': [42], foo: [87]};
+  t.deepEqual(codeql.getExtraOptions(o2, ['foo', 'bar'], []), ['42']);
+
+  let o3 = {'*': [42], foo: { '*': [87], bar: [99]}};
+  let p = ['foo', 'bar'];
+  t.deepEqual(codeql.getExtraOptions(o3, p, []), ['42', '87', '99']);
+});
+
+test('getExtraOptions throws for bad content', t => {
+  t.throws(() => codeql.getExtraOptions({'*': 42}, ['foo'], []));
+
+  t.throws(() => codeql.getExtraOptions({foo: 87}, ['foo'], []));
+
+  t.throws(() => codeql.getExtraOptions({'*': [42], foo: { '*': 87, bar: [99]}}, ['foo', 'bar'], []));
+});

src/codeql.ts

@@ -11,13 +11,36 @@ import * as globalutil from 'util';
 import uuidV4 from 'uuid/v4';
 
 import * as api from './api-client';
+import * as defaults from './defaults.json'; // Referenced from codeql-action-sync-tool!
+import { Language } from './languages';
 import * as util from './util';
 
+type Options = (string|number|boolean)[];
+
+/**
+ * Extra command line options for the codeql commands.
+ */
+interface ExtraOptions {
+  '*'?: Options;
+  database?: {
+    '*'?: Options,
+    init?: Options,
+    'trace-command'?: Options,
+    analyze?: Options,
+    finalize?: Options
+  };
+  resolve?: {
+    '*'?: Options,
+    extractor?: Options,
+    queries?: Options
+  };
+}
+
 export interface CodeQL {
   /**
-   * Get the directory where the CodeQL executable is located.
+   * Get the path of the CodeQL executable.
    */
-  getDir(): string;
+  getPath(): string;
   /**
    * Print version information about CodeQL.
    */
@@ -26,20 +49,20 @@ export interface CodeQL {
    * Run 'codeql database trace-command' on 'tracer-env.js' and parse
    * the result to get environment variables set by CodeQL.
    */
-  getTracerEnv(databasePath: string, compilerSpec: string | undefined): Promise<{ [key: string]: string }>;
+  getTracerEnv(databasePath: string): Promise<{ [key: string]: string }>;
   /**
    * Run 'codeql database init'.
    */
-  databaseInit(databasePath: string, language: string, sourceRoot: string): Promise<void>;
+  databaseInit(databasePath: string, language: Language, sourceRoot: string): Promise<void>;
   /**
    * Runs the autobuilder for the given language.
    */
-  runAutobuild(language: string): Promise<void>;
+  runAutobuild(language: Language): Promise<void>;
   /**
    * Extract code for a scanned language using 'codeql database trace-command'
    * and running the language extracter.
    */
-  extractScannedLanguage(database: string, language: string): Promise<void>;
+  extractScannedLanguage(database: string, language: Language): Promise<void>;
   /**
    * Finalize a database using 'codeql database finalize'.
    */
@@ -74,13 +97,7 @@ export interface ResolveQueriesOutput {
  */
 let cachedCodeQL: CodeQL | undefined = undefined;
 
-/**
- * Environment variable used to store the location of the CodeQL CLI executable.
- * Value is set by setupCodeQL and read by getCodeQL.
- */
-const CODEQL_ACTION_CMD = "CODEQL_ACTION_CMD";
-
-const CODEQL_BUNDLE_VERSION = "codeql-bundle-20200630";
+const CODEQL_BUNDLE_VERSION = defaults.bundleVersion;
 const CODEQL_BUNDLE_NAME = "codeql-bundle.tar.gz";
 const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
 
@@ -121,7 +138,7 @@ async function getCodeQLBundleDownloadURL(): Promise<string> {
     }
     let [repositoryOwner, repositoryName] = repository.split("/");
     try {
-      const release = await api.getApiClient().repos.getReleaseByTag({
+      const release = await api.getActionsApiClient().repos.getReleaseByTag({
         owner: repositoryOwner,
         repo: repositoryName,
         tag: CODEQL_BUNDLE_VERSION
@@ -197,7 +214,6 @@ export async function setupCodeQL(): Promise<CodeQL> {
     }
 
     cachedCodeQL = getCodeQLForCmd(codeqlCmd);
-    core.exportVariable(CODEQL_ACTION_CMD, codeqlCmd);
     return cachedCodeQL;
 
   } catch (e) {
@@ -228,16 +244,24 @@ export function getCodeQLURLVersion(url: string): string {
   return s;
 }
 
-export function getCodeQL(): CodeQL {
+/**
+ * Use the CodeQL executable located at the given path.
+ */
+export function getCodeQL(cmd: string): CodeQL {
   if (cachedCodeQL === undefined) {
-    const codeqlCmd = util.getRequiredEnvParam(CODEQL_ACTION_CMD);
-    cachedCodeQL = getCodeQLForCmd(codeqlCmd);
+    cachedCodeQL = getCodeQLForCmd(cmd);
   }
   return cachedCodeQL;
 }
 
-function resolveFunction<T>(partialCodeql: Partial<CodeQL>, methodName: string): T {
+function resolveFunction<T>(
+  partialCodeql: Partial<CodeQL>,
+  methodName: string,
+  defaultImplementation?: T): T {
   if (typeof partialCodeql[methodName] !== 'function') {
+    if (defaultImplementation !== undefined) {
+      return defaultImplementation;
+    }
     const dummyMethod = () => {
       throw new Error('CodeQL ' + methodName + ' method not correctly defined');
     };
@@ -252,9 +276,9 @@ function resolveFunction<T>(partialCodeql: Partial<CodeQL>, methodName: string):
  * Accepts a partial object and any undefined methods will be implemented
  * to immediately throw an exception indicating which method is missing.
  */
-export function setCodeQL(partialCodeql: Partial<CodeQL>) {
+export function setCodeQL(partialCodeql: Partial<CodeQL>): CodeQL {
   cachedCodeQL = {
-    getDir: resolveFunction(partialCodeql, 'getDir'),
+    getPath: resolveFunction(partialCodeql, 'getPath', () => '/tmp/dummy-path'),
     printVersion: resolveFunction(partialCodeql, 'printVersion'),
     getTracerEnv: resolveFunction(partialCodeql, 'getTracerEnv'),
     databaseInit: resolveFunction(partialCodeql, 'databaseInit'),
@@ -264,12 +288,27 @@ export function setCodeQL(partialCodeql: Partial<CodeQL>) {
     resolveQueries: resolveFunction(partialCodeql, 'resolveQueries'),
     databaseAnalyze: resolveFunction(partialCodeql, 'databaseAnalyze')
   };
+  return cachedCodeQL;
+}
+
+/**
+ * Get the cached CodeQL object. Should only be used from tests.
+ *
+ * TODO: Work out a good way for tests to get this from the test context
+ * instead of having to have this method.
+ */
+export function getCachedCodeQL(): CodeQL {
+  if (cachedCodeQL === undefined) {
+    // Should never happen as setCodeQL is called by testing-utils.setupTests
+    throw new Error('cachedCodeQL undefined');
+  }
+  return cachedCodeQL;
 }
 
 function getCodeQLForCmd(cmd: string): CodeQL {
   return {
-    getDir: function() {
-      return path.dirname(cmd);
+    getPath: function() {
+      return cmd;
     },
     printVersion: async function() {
       await exec.exec(cmd, [
@@ -277,30 +316,30 @@ function getCodeQLForCmd(cmd: string): CodeQL {
         '--format=json'
       ]);
     },
-    getTracerEnv: async function(databasePath: string, compilerSpec: string | undefined) {
+    getTracerEnv: async function(databasePath: string) {
       let envFile = path.resolve(databasePath, 'working', 'env.tmp');
-      const compilerSpecArg = compilerSpec ? ["--compiler-spec=" + compilerSpec] : [];
       await exec.exec(cmd, [
         'database',
         'trace-command',
         databasePath,
-        ...compilerSpecArg,
+        ...getExtraOptionsFromEnv(['database', 'trace-command']),
         process.execPath,
         path.resolve(__dirname, 'tracer-env.js'),
         envFile
       ]);
       return JSON.parse(fs.readFileSync(envFile, 'utf-8'));
     },
-    databaseInit: async function(databasePath: string, language: string, sourceRoot: string) {
+    databaseInit: async function(databasePath: string, language: Language, sourceRoot: string) {
       await exec.exec(cmd, [
         'database',
         'init',
         databasePath,
         '--language=' + language,
         '--source-root=' + sourceRoot,
+        ...getExtraOptionsFromEnv(['database', 'init']),
       ]);
     },
-    runAutobuild: async function(language: string) {
+    runAutobuild: async function(language: Language) {
       const cmdName = process.platform === 'win32' ? 'autobuild.cmd' : 'autobuild.sh';
       const autobuildCmd = path.join(path.dirname(cmd), language, 'tools', cmdName);
 
@@ -314,7 +353,7 @@ function getCodeQLForCmd(cmd: string): CodeQL {
 
       await exec.exec(autobuildCmd);
     },
-    extractScannedLanguage: async function(databasePath: string, language: string) {
+    extractScannedLanguage: async function(databasePath: string, language: Language) {
       // Get extractor location
       let extractorPath = '';
       await exec.exec(
@@ -323,7 +362,8 @@ function getCodeQLForCmd(cmd: string): CodeQL {
           'resolve',
           'extractor',
           '--format=json',
-          '--language=' + language
+          '--language=' + language,
+          ...getExtraOptionsFromEnv(['resolve', 'extractor']),
         ],
         {
           silent: true,
@@ -341,6 +381,7 @@ function getCodeQLForCmd(cmd: string): CodeQL {
       await exec.exec(cmd, [
         'database',
         'trace-command',
+        ...getExtraOptionsFromEnv(['database', 'trace-command']),
         databasePath,
         '--',
         traceCommand
@@ -350,6 +391,7 @@ function getCodeQLForCmd(cmd: string): CodeQL {
       await exec.exec(cmd, [
         'database',
         'finalize',
+        ...getExtraOptionsFromEnv(['database', 'finalize']),
         databasePath
       ]);
     },
@@ -358,7 +400,8 @@ function getCodeQLForCmd(cmd: string): CodeQL {
         'resolve',
         'queries',
         ...queries,
-        '--format=bylanguage'
+        '--format=bylanguage',
+        ...getExtraOptionsFromEnv(['resolve', 'queries'])
       ];
       if (extraSearchPath !== undefined) {
         codeqlArgs.push('--search-path', extraSearchPath);
@@ -384,16 +427,58 @@ function getCodeQLForCmd(cmd: string): CodeQL {
         '--format=sarif-latest',
         '--output=' + sarifFile,
         '--no-sarif-add-snippets',
+        ...getExtraOptionsFromEnv(['database', 'analyze']),
         querySuite
       ]);
     }
   };
 }
 
-export function isTracedLanguage(language: string): boolean {
-  return ['cpp', 'java', 'csharp'].includes(language);
+/**
+ * Gets the options for `path` of `options` as an array of extra option strings.
+ */
+function getExtraOptionsFromEnv(path: string[]) {
+  let options: ExtraOptions = util.getExtraOptionsEnvParam();
+  return getExtraOptions(options, path, []);
 }
 
-export function isScannedLanguage(language: string): boolean {
-  return !isTracedLanguage(language);
+/**
+ * Gets the options for `path` of `options` as an array of extra option strings.
+ *
+ * - the special terminal step name '*' in `options` matches all path steps
+ * - throws an exception if this conversion is impossible.
+ */
+export /* exported for testing */ function getExtraOptions(
+  options: any,
+  path: string[],
+  pathInfo: string[]): string[] {
+  /**
+   * Gets `options` as an array of extra option strings.
+   *
+   * - throws an exception mentioning `pathInfo` if this conversion is impossible.
+   */
+  function asExtraOptions(options: any, pathInfo: string[]): string[] {
+    if (options === undefined) {
+      return [];
+    }
+    if (!Array.isArray(options)) {
+      const msg =
+        `The extra options for '${pathInfo.join('.')}' ('${JSON.stringify(options)}') are not in an array.`;
+      throw new Error(msg);
+    }
+    return options.map(o => {
+      const t = typeof o;
+      if (t !== 'string' && t !== 'number' && t !== 'boolean') {
+        const msg =
+          `The extra option for '${pathInfo.join('.')}' ('${JSON.stringify(o)}') is not a primitive value.`;
+        throw new Error(msg);
+      }
+      return o + '';
+    });
+  }
+  let all = asExtraOptions(options?.['*'], pathInfo.concat('*'));
+  let specific = path.length === 0 ?
+    asExtraOptions(options, pathInfo) :
+    getExtraOptions(options?.[path[0]], path?.slice(1), pathInfo.concat(path[0]));
+  return all.concat(specific);
 }

src/config-utils.test.ts

@@ -5,8 +5,9 @@ import * as path from 'path';
 import sinon from 'sinon';
 
 import * as api from './api-client';
-import * as CodeQL from './codeql';
+import { getCachedCodeQL, setCodeQL } from './codeql';
 import * as configUtils from './config-utils';
+import { Language } from "./languages";
 import {setupTests} from './testing-utils';
 import * as util from './util';
 
@@ -57,7 +58,7 @@ test("load empty config", async t => {
     setInput('config-file', undefined);
     setInput('languages', 'javascript,python');
 
-    CodeQL.setCodeQL({
+    const codeQL = setCodeQL({
       resolveQueries: async function() {
         return {
           byLanguage: {},
@@ -67,9 +68,9 @@ test("load empty config", async t => {
       },
     });
 
-    const config = await configUtils.initConfig();
+    const config = await configUtils.initConfig(tmpDir, tmpDir, codeQL);
 
-    t.deepEqual(config, await configUtils.getDefaultConfig());
+    t.deepEqual(config, await configUtils.getDefaultConfig(tmpDir, tmpDir, codeQL));
   });
 });
 
@@ -81,7 +82,7 @@ test("loading config saves config", async t => {
     setInput('config-file', undefined);
     setInput('languages', 'javascript,python');
 
-    CodeQL.setCodeQL({
+    const codeQL = setCodeQL({
       resolveQueries: async function() {
         return {
           byLanguage: {},
@@ -93,18 +94,18 @@ test("loading config saves config", async t => {
 
 
     // Sanity check the saved config file does not already exist
-    t.false(fs.existsSync(configUtils.getPathToParsedConfigFile()));
+    t.false(fs.existsSync(configUtils.getPathToParsedConfigFile(tmpDir)));
 
     // Sanity check that getConfig throws before we have called initConfig
-    await t.throwsAsync(configUtils.getConfig);
+    await t.throwsAsync(() => configUtils.getConfig(tmpDir));
 
-    const config1 = await configUtils.initConfig();
+    const config1 = await configUtils.initConfig(tmpDir, tmpDir, codeQL);
 
     // The saved config file should now exist
-    t.true(fs.existsSync(configUtils.getPathToParsedConfigFile()));
+    t.true(fs.existsSync(configUtils.getPathToParsedConfigFile(tmpDir)));
 
     // And that same newly-initialised config should now be returned by getConfig
-    const config2 = await configUtils.getConfig();
+    const config2 = await configUtils.getConfig(tmpDir);
     t.deepEqual(config1, config2);
   });
 });
@@ -117,7 +118,7 @@ test("load input outside of workspace", async t => {
     setInput('config-file', '../input');
 
     try {
-      await configUtils.initConfig();
+      await configUtils.initConfig(tmpDir, tmpDir, getCachedCodeQL());
       throw new Error('initConfig did not throw error');
     } catch (err) {
       t.deepEqual(err, new Error(configUtils.getConfigFileOutsideWorkspaceErrorMessage(path.join(tmpDir, '../input'))));
@@ -134,7 +135,7 @@ test("load non-local input with invalid repo syntax", async t => {
     setInput('config-file', 'octo-org/codeql-config@main');
 
     try {
-      await configUtils.initConfig();
+      await configUtils.initConfig(tmpDir, tmpDir, getCachedCodeQL());
       throw new Error('initConfig did not throw error');
     } catch (err) {
       t.deepEqual(err, new Error(configUtils.getConfigFileRepoFormatInvalidMessage('octo-org/codeql-config@main')));
@@ -152,7 +153,7 @@ test("load non-existent input", async t => {
     setInput('languages', 'javascript');
 
     try {
-      await configUtils.initConfig();
+      await configUtils.initConfig(tmpDir, tmpDir, getCachedCodeQL());
       throw new Error('initConfig did not throw error');
     } catch (err) {
       t.deepEqual(err, new Error(configUtils.getConfigFileDoesNotExistErrorMessage(path.join(tmpDir, 'input'))));
@@ -165,7 +166,7 @@ test("load non-empty input", async t => {
     process.env['RUNNER_TEMP'] = tmpDir;
     process.env['GITHUB_WORKSPACE'] = tmpDir;
 
-    CodeQL.setCodeQL({
+    const codeQL = setCodeQL({
       resolveQueries: async function() {
         return {
           byLanguage: {
@@ -196,7 +197,7 @@ test("load non-empty input", async t => {
 
     // And the config we expect it to parse to
     const expectedConfig: configUtils.Config = {
-      languages: ['javascript'],
+      languages: [Language.javascript],
       queries: {'javascript': ['/foo/a.ql', '/bar/b.ql']},
       pathsIgnore: ['a', 'b'],
       paths: ['c/d'],
@@ -207,13 +208,16 @@ test("load non-empty input", async t => {
         'paths-ignore': ['a', 'b'],
         paths: ['c/d'],
       },
+      tempDir: tmpDir,
+      toolCacheDir: tmpDir,
+      codeQLCmd: codeQL.getPath(),
     };
 
     fs.writeFileSync(path.join(tmpDir, 'input'), inputFileContents, 'utf8');
     setInput('config-file', 'input');
     setInput('languages', 'javascript');
 
-    const actualConfig = await configUtils.initConfig();
+    const actualConfig = await configUtils.initConfig(tmpDir, tmpDir, codeQL);
 
     // Should exactly equal the object we constructed earlier
     t.deepEqual(actualConfig, expectedConfig);
@@ -232,7 +236,7 @@ test("default queries are used", async t => {
     // with the correct arguments.
 
     const resolveQueriesArgs: {queries: string[], extraSearchPath: string | undefined}[] = [];
-    CodeQL.setCodeQL({
+    const codeQL = setCodeQL({
       resolveQueries: async function(queries: string[], extraSearchPath: string | undefined) {
         resolveQueriesArgs.push({queries, extraSearchPath});
         return {
@@ -260,7 +264,7 @@ test("default queries are used", async t => {
     setInput('config-file', 'input');
     setInput('languages', 'javascript');
 
-    await configUtils.initConfig();
+    await configUtils.initConfig(tmpDir, tmpDir, codeQL);
 
     // Check resolve queries was called correctly
     t.deepEqual(resolveQueriesArgs.length, 1);
@@ -269,12 +273,201 @@ test("default queries are used", async t => {
   });
 });
 
+test("Queries can be specified in config file", async t => {
+  return await util.withTmpDir(async tmpDir => {
+    process.env['RUNNER_TEMP'] = tmpDir;
+    process.env['GITHUB_WORKSPACE'] = tmpDir;
+
+    const inputFileContents = `
+      name: my config
+      queries:
+        - uses: ./foo`;
+
+    fs.writeFileSync(path.join(tmpDir, 'input'), inputFileContents, 'utf8');
+    setInput('config-file', 'input');
+
+    fs.mkdirSync(path.join(tmpDir, 'foo'));
+
+    const resolveQueriesArgs: {queries: string[], extraSearchPath: string | undefined}[] = [];
+    const codeQL = setCodeQL({
+      resolveQueries: async function(queries: string[], extraSearchPath: string | undefined) {
+        resolveQueriesArgs.push({queries, extraSearchPath});
+        // Return what we're given, just in the right format for a resolved query
+        // This way we can test by seeing which returned items are in the final
+        // configuration.
+        const dummyResolvedQueries = {};
+        queries.forEach(q => { dummyResolvedQueries[q] = {}; });
+        return {
+          byLanguage: {
+            'javascript': dummyResolvedQueries,
+          },
+          noDeclaredLanguage: {},
+          multipleDeclaredLanguages: {},
+        };
+      },
+    });
+
+    setInput('languages', 'javascript');
+
+    const config = await configUtils.initConfig(tmpDir, tmpDir, codeQL);
+
+    // Check resolveQueries was called correctly
+    // It'll be called once for the default queries
+    // and once for `./foo` from the config file.
+    t.deepEqual(resolveQueriesArgs.length, 2);
+    t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
+    t.regex(resolveQueriesArgs[1].queries[0], /.*\/foo$/);
+
+    // Now check that the end result contains the default queries and the query from config
+    t.deepEqual(config.queries['javascript'].length, 2);
+    t.regex(config.queries['javascript'][0], /javascript-code-scanning.qls$/);
+    t.regex(config.queries['javascript'][1], /.*\/foo$/);
+  });
+});
+
+test("Queries from config file can be overridden in workflow file", async t => {
+  return await util.withTmpDir(async tmpDir => {
+    process.env['RUNNER_TEMP'] = tmpDir;
+    process.env['GITHUB_WORKSPACE'] = tmpDir;
+
+    const inputFileContents = `
+      name: my config
+      queries:
+        - uses: ./foo`;
+
+    fs.writeFileSync(path.join(tmpDir, 'input'), inputFileContents, 'utf8');
+    setInput('config-file', 'input');
+
+    // This config item should take precedence over the config file but shouldn't affect the default queries.
+    setInput('queries', './override');
+
+    fs.mkdirSync(path.join(tmpDir, 'foo'));
+    fs.mkdirSync(path.join(tmpDir, 'override'));
+
+    const resolveQueriesArgs: {queries: string[], extraSearchPath: string | undefined}[] = [];
+    const codeQL = setCodeQL({
+      resolveQueries: async function(queries: string[], extraSearchPath: string | undefined) {
+        resolveQueriesArgs.push({queries, extraSearchPath});
+        // Return what we're given, just in the right format for a resolved query
+        // This way we can test overriding by seeing which returned items are in
+        // the final configuration.
+        const dummyResolvedQueries = {};
+        queries.forEach(q => { dummyResolvedQueries[q] = {}; });
+        return {
+          byLanguage: {
+            'javascript': dummyResolvedQueries,
+          },
+          noDeclaredLanguage: {},
+          multipleDeclaredLanguages: {},
+        };
+      },
+    });
+
+    setInput('languages', 'javascript');
+
+    const config = await configUtils.initConfig(tmpDir, tmpDir, codeQL);
+
+    // Check resolveQueries was called correctly
+    // It'll be called once for the default queries and once for `./override`,
+    // but won't be called for './foo' from the config file.
+    t.deepEqual(resolveQueriesArgs.length, 2);
+    t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
+    t.regex(resolveQueriesArgs[1].queries[0], /.*\/override$/);
+
+    // Now check that the end result contains only the default queries and the override query
+    t.deepEqual(config.queries['javascript'].length, 2);
+    t.regex(config.queries['javascript'][0], /javascript-code-scanning.qls$/);
+    t.regex(config.queries['javascript'][1], /.*\/override$/);
+  });
+});
+
+test("Multiple queries can be specified in workflow file, no config file required", async t => {
+  return await util.withTmpDir(async tmpDir => {
+    process.env['RUNNER_TEMP'] = tmpDir;
+    process.env['GITHUB_WORKSPACE'] = tmpDir;
+
+    fs.mkdirSync(path.join(tmpDir, 'override1'));
+    fs.mkdirSync(path.join(tmpDir, 'override2'));
+
+    setInput('queries', './override1,./override2');
+
+    const resolveQueriesArgs: {queries: string[], extraSearchPath: string | undefined}[] = [];
+    const codeQL = setCodeQL({
+      resolveQueries: async function(queries: string[], extraSearchPath: string | undefined) {
+        resolveQueriesArgs.push({queries, extraSearchPath});
+        // Return what we're given, just in the right format for a resolved query
+        // This way we can test overriding by seeing which returned items are in
+        // the final configuration.
+        const dummyResolvedQueries = {};
+        queries.forEach(q => { dummyResolvedQueries[q] = {}; });
+        return {
+          byLanguage: {
+            'javascript': dummyResolvedQueries,
+          },
+          noDeclaredLanguage: {},
+          multipleDeclaredLanguages: {},
+        };
+      },
+    });
+
+    setInput('languages', 'javascript');
+
+    const config = await configUtils.initConfig(tmpDir, tmpDir, codeQL);
+
+    // Check resolveQueries was called correctly:
+    // It'll be called once for the default queries,
+    // and then once for each of the two queries from the workflow
+    t.deepEqual(resolveQueriesArgs.length, 3);
+    t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
+    t.deepEqual(resolveQueriesArgs[2].queries.length, 1);
+    t.regex(resolveQueriesArgs[1].queries[0], /.*\/override1$/);
+    t.regex(resolveQueriesArgs[2].queries[0], /.*\/override2$/);
+
+    // Now check that the end result contains both the queries from the workflow, as well as the defaults
+    t.deepEqual(config.queries['javascript'].length, 3);
+    t.regex(config.queries['javascript'][0], /javascript-code-scanning.qls$/);
+    t.regex(config.queries['javascript'][1], /.*\/override1$/);
+    t.regex(config.queries['javascript'][2], /.*\/override2$/);
+  });
+});
+
+test("Invalid queries in workflow file handled correctly", async t => {
+  return await util.withTmpDir(async tmpDir => {
+    process.env['RUNNER_TEMP'] = tmpDir;
+    process.env['GITHUB_WORKSPACE'] = tmpDir;
+
+    setInput('queries', 'foo/bar@v1@v3');
+    setInput('languages', 'javascript');
+
+    // This function just needs to be type-correct; it doesn't need to do anything,
+    // since we're deliberately passing in invalid data
+    const codeQL = setCodeQL({
+      resolveQueries: async function(_queries: string[], _extraSearchPath: string | undefined) {
+        return {
+          byLanguage: {
+            'javascript': {},
+          },
+          noDeclaredLanguage: {},
+          multipleDeclaredLanguages: {},
+        };
+      },
+    });
+
+    try {
+      await configUtils.initConfig(tmpDir, tmpDir, codeQL);
+      t.fail('initConfig did not throw error');
+    } catch (err) {
+      t.deepEqual(err, new Error(configUtils.getQueryUsesInvalid(undefined, "foo/bar@v1@v3")));
+    }
+  });
+});
+
 test("API client used when reading remote config", async t => {
   return await util.withTmpDir(async tmpDir => {
     process.env['RUNNER_TEMP'] = tmpDir;
     process.env['GITHUB_WORKSPACE'] = tmpDir;
 
-    CodeQL.setCodeQL({
+    const codeQL = setCodeQL({
       resolveQueries: async function() {
         return {
           byLanguage: {
@@ -306,12 +499,12 @@ test("API client used when reading remote config", async t => {
     const spyGetContents = mockGetContents(dummyResponse);
 
     // Create checkout directory for remote queries repository
-    fs.mkdirSync(path.join(tmpDir, 'foo/bar'), { recursive: true });
+    fs.mkdirSync(path.join(tmpDir, 'foo/bar/dev'), { recursive: true });
 
     setInput('config-file', 'octo-org/codeql-config/config.yaml@main');
     setInput('languages', 'javascript');
 
-    await configUtils.initConfig();
+    await configUtils.initConfig(tmpDir, tmpDir, codeQL);
     t.assert(spyGetContents.called);
   });
 });
@@ -327,7 +520,7 @@ test("Remote config handles the case where a directory is provided", async t =>
     const repoReference = 'octo-org/codeql-config/config.yaml@main';
     setInput('config-file', repoReference);
     try {
-      await configUtils.initConfig();
+      await configUtils.initConfig(tmpDir, tmpDir, getCachedCodeQL());
       throw new Error('initConfig did not throw error');
     } catch (err) {
       t.deepEqual(err, new Error(configUtils.getConfigFileDirectoryGivenMessage(repoReference)));
@@ -348,7 +541,7 @@ test("Invalid format of remote config handled correctly", async t => {
     const repoReference = 'octo-org/codeql-config/config.yaml@main';
     setInput('config-file', repoReference);
     try {
-      await configUtils.initConfig();
+      await configUtils.initConfig(tmpDir, tmpDir, getCachedCodeQL());
       throw new Error('initConfig did not throw error');
     } catch (err) {
       t.deepEqual(err, new Error(configUtils.getConfigFileFormatInvalidMessage(repoReference)));
@@ -364,7 +557,7 @@ test("No detected languages", async t => {
     mockListLanguages([]);
 
     try {
-      await configUtils.initConfig();
+      await configUtils.initConfig(tmpDir, tmpDir, getCachedCodeQL());
       throw new Error('initConfig did not throw error');
     } catch (err) {
       t.deepEqual(err, new Error(configUtils.getNoLanguagesError()));
@@ -380,7 +573,7 @@ test("Unknown languages", async t => {
     setInput('languages', 'ruby,english');
 
     try {
-      await configUtils.initConfig();
+      await configUtils.initConfig(tmpDir, tmpDir, getCachedCodeQL());
       throw new Error('initConfig did not throw error');
     } catch (err) {
       t.deepEqual(err, new Error(configUtils.getUnknownLanguagesError(['ruby', 'english'])));
@@ -398,7 +591,7 @@ function doInvalidInputTest(
       process.env['RUNNER_TEMP'] = tmpDir;
       process.env['GITHUB_WORKSPACE'] = tmpDir;
 
-      CodeQL.setCodeQL({
+      const codeQL = setCodeQL({
         resolveQueries: async function() {
           return {
             byLanguage: {},
@@ -414,7 +607,7 @@ function doInvalidInputTest(
       setInput('languages', 'javascript');
 
       try {
-        await configUtils.initConfig();
+        await configUtils.initConfig(tmpDir, tmpDir, codeQL);
         throw new Error('initConfig did not throw error');
       } catch (err) {
         t.deepEqual(err, new Error(expectedErrorMessageGenerator(inputFile)));

src/config-utils.ts

@@ -4,8 +4,9 @@ import * as yaml from 'js-yaml';
 import * as path from 'path';
 
 import * as api from './api-client';
-import { getCodeQL, ResolveQueriesOutput } from './codeql';
+import { CodeQL, ResolveQueriesOutput } from './codeql';
 import * as externalQueries from "./external-queries";
+import { Language, parseLanguage } from "./languages";
 import * as util from './util';
 
 // Property names from the user-supplied config file.
@@ -16,16 +17,6 @@ const QUERIES_USES_PROPERTY = 'uses';
 const PATHS_IGNORE_PROPERTY = 'paths-ignore';
 const PATHS_PROPERTY = 'paths';
 
-// All the languages supported by CodeQL
-const ALL_LANGUAGES = ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] as const;
-type Language = (typeof ALL_LANGUAGES)[number];
-
-// Some alternate names for languages
-const LANGUAGE_ALIASES: {[name: string]: Language} = {
-  'c': 'cpp',
-  'typescript': 'javascript',
-};
-
 /**
  * Format of the config file supplied by the user.
  */
@@ -70,6 +61,20 @@ export interface Config {
    * top-level field above.
    */
   originalUserInput: UserConfig;
+  /**
+   * Directory to use for temporary files that should be
+   * deleted at the end of the job.
+   */
+  tempDir: string;
+  /**
+   * Directory to use for the tool cache.
+   * This may be persisted between jobs but this is not guaranteed.
+   */
+  toolCacheDir: string;
+  /**
+   * Path of the CodeQL executable.
+   */
+  codeQLCmd: string;
 }
 
 /**
@@ -119,13 +124,13 @@ function validateQueries(resolvedQueries: ResolveQueriesOutput) {
  * Run 'codeql resolve queries' and add the results to resultMap
  */
 async function runResolveQueries(
+  codeQL: CodeQL,
   resultMap: { [language: string]: string[] },
   toResolve: string[],
   extraSearchPath: string | undefined,
   errorOnInvalidQueries: boolean) {
 
-  const codeQl = getCodeQL();
-  const resolvedQueries = await codeQl.resolveQueries(toResolve, extraSearchPath);
+  const resolvedQueries = await codeQL.resolveQueries(toResolve, extraSearchPath);
 
   for (const [language, queries] of Object.entries(resolvedQueries.byLanguage)) {
     if (resultMap[language] === undefined) {
@@ -142,9 +147,9 @@ async function runResolveQueries(
 /**
  * Get the set of queries included by default.
  */
-async function addDefaultQueries(languages: string[], resultMap: { [language: string]: string[] }) {
+async function addDefaultQueries(codeQL: CodeQL, languages: string[], resultMap: { [language: string]: string[] }) {
   const suites = languages.map(l => l + '-code-scanning.qls');
-  await runResolveQueries(resultMap, suites, undefined, false);
+  await runResolveQueries(codeQL, resultMap, suites, undefined, false);
 }
 
 // The set of acceptable values for built-in suites from the codeql bundle
@@ -155,10 +160,11 @@ const builtinSuites = ['security-extended', 'security-and-quality'] as const;
  * Throws an error if suiteName is not a valid builtin suite.
  */
 async function addBuiltinSuiteQueries(
-  configFile: string,
   languages: string[],
+  codeQL: CodeQL,
   resultMap: { [language: string]: string[] },
-  suiteName: string) {
+  suiteName: string,
+  configFile?: string) {
 
   const suite = builtinSuites.find((suite) => suite === suiteName);
   if (!suite) {
@@ -166,16 +172,17 @@ async function addBuiltinSuiteQueries(
   }
 
   const suites = languages.map(l => l + '-' + suiteName + '.qls');
-  await runResolveQueries(resultMap, suites, undefined, false);
+  await runResolveQueries(codeQL, resultMap, suites, undefined, false);
 }
 
 /**
  * Retrieve the set of queries at localQueryPath and add them to resultMap.
  */
 async function addLocalQueries(
-  configFile: string,
+  codeQL: CodeQL,
   resultMap: { [language: string]: string[] },
-  localQueryPath: string) {
+  localQueryPath: string,
+  configFile?: string) {
 
   // Resolve the local path against the workspace so that when this is
   // passed to codeql it resolves to exactly the path we expect it to resolve to.
@@ -198,13 +205,19 @@ async function addLocalQueries(
   // Get the root of the current repo to use when resolving query dependencies
   const rootOfRepo = util.getRequiredEnvParam('GITHUB_WORKSPACE');
 
-  await runResolveQueries(resultMap, [absoluteQueryPath], rootOfRepo, true);
+  await runResolveQueries(codeQL, resultMap, [absoluteQueryPath], rootOfRepo, true);
 }
 
 /**
  * Retrieve the set of queries at the referenced remote repo and add them to resultMap.
  */
-async function addRemoteQueries(configFile: string, resultMap: { [language: string]: string[] }, queryUses: string) {
+async function addRemoteQueries(
+  codeQL: CodeQL,
+  resultMap: { [language: string]: string[] },
+  queryUses: string,
+  tempDir: string,
+  configFile?: string) {
+
   let tok = queryUses.split('@');
   if (tok.length !== 2) {
     throw new Error(getQueryUsesInvalid(configFile, queryUses));
@@ -226,13 +239,13 @@ async function addRemoteQueries(configFile: string, resultMap: { [language: stri
   const nwo = tok[0] + '/' + tok[1];
 
   // Checkout the external repository
-  const rootOfRepo = await externalQueries.checkoutExternalRepository(nwo, ref);
+  const rootOfRepo = await externalQueries.checkoutExternalRepository(nwo, ref, tempDir);
 
   const queryPath = tok.length > 2
     ? path.join(rootOfRepo, tok.slice(2).join('/'))
     : rootOfRepo;
 
-  await runResolveQueries(resultMap, [queryPath], rootOfRepo, true);
+  await runResolveQueries(codeQL, resultMap, [queryPath], rootOfRepo, true);
 }
 
 /**
@@ -244,10 +257,12 @@ async function addRemoteQueries(configFile: string, resultMap: { [language: stri
  * a finite set of hardcoded terms for builtin suites.
  */
 async function parseQueryUses(
-  configFile: string,
   languages: string[],
+  codeQL: CodeQL,
   resultMap: { [language: string]: string[] },
-  queryUses: string) {
+  queryUses: string,
+  tempDir: string,
+  configFile?: string) {
 
   queryUses = queryUses.trim();
   if (queryUses === "") {
@@ -256,18 +271,18 @@ async function parseQueryUses(
 
   // Check for the local path case before we start trying to parse the repository name
   if (queryUses.startsWith("./")) {
-    await addLocalQueries(configFile, resultMap, queryUses.slice(2));
+    await addLocalQueries(codeQL, resultMap, queryUses.slice(2), configFile);
     return;
   }
 
   // Check for one of the builtin suites
   if (queryUses.indexOf('/') === -1 && queryUses.indexOf('@') === -1) {
-    await addBuiltinSuiteQueries(configFile, languages, resultMap, queryUses);
+    await addBuiltinSuiteQueries(languages, codeQL, resultMap, queryUses, configFile);
     return;
   }
 
   // Otherwise, must be a reference to another repo
-  await addRemoteQueries(configFile, resultMap, queryUses);
+  await addRemoteQueries(codeQL, resultMap, queryUses, tempDir, configFile);
 }
 
 // Regex validating stars in paths or paths-ignore entries.
@@ -341,6 +356,9 @@ export function validateAndSanitisePath(
   return path;
 }
 
+// An undefined configFile in some of these functions indicates that
+// the property was in a workflow file, not a config file
+
 export function getNameInvalid(configFile: string): string {
   return getConfigFilePropertyError(configFile, NAME_PROPERTY, 'must be a non-empty string');
 }
@@ -353,7 +371,7 @@ export function getQueriesInvalid(configFile: string): string {
   return getConfigFilePropertyError(configFile, QUERIES_PROPERTY, 'must be an array');
 }
 
-export function getQueryUsesInvalid(configFile: string, queryUses?: string): string {
+export function getQueryUsesInvalid(configFile: string | undefined, queryUses?: string): string {
   return getConfigFilePropertyError(
     configFile,
     QUERIES_PROPERTY + '.' + QUERIES_USES_PROPERTY,
@@ -370,14 +388,14 @@ export function getPathsInvalid(configFile: string): string {
   return getConfigFilePropertyError(configFile, PATHS_PROPERTY, 'must be an array of non-empty strings');
 }
 
-export function getLocalPathOutsideOfRepository(configFile: string, localPath: string): string {
+export function getLocalPathOutsideOfRepository(configFile: string | undefined, localPath: string): string {
   return getConfigFilePropertyError(
     configFile,
     QUERIES_PROPERTY + '.' + QUERIES_USES_PROPERTY,
     'is invalid as the local path "' + localPath + '" is outside of the repository');
 }
 
-export function getLocalPathDoesNotExist(configFile: string, localPath: string): string {
+export function getLocalPathDoesNotExist(configFile: string | undefined, localPath: string): string {
   return getConfigFilePropertyError(
     configFile,
     QUERIES_PROPERTY + '.' + QUERIES_USES_PROPERTY,
@@ -407,8 +425,12 @@ export function getConfigFileDirectoryGivenMessage(configFile: string): string {
   return 'The configuration file "' + configFile + '" looks like a directory, not a file';
 }
 
-function getConfigFilePropertyError(configFile: string, property: string, error: string): string {
-  return 'The configuration file "' + configFile + '" is invalid: property "' + property + '" ' + error;
+function getConfigFilePropertyError(configFile: string | undefined, property: string, error: string): string {
+  if (configFile === undefined) {
+    return 'The workflow property "' + property + '" is invalid: ' + error;
+  } else {
+    return 'The configuration file "' + configFile + '" is invalid: property "' + property + '" ' + error;
+  }
 }
 
 export function getNoLanguagesError(): string {
@@ -424,24 +446,13 @@ export function getUnknownLanguagesError(languages: string[]): string {
  * Gets the set of languages in the current repository
  */
 async function getLanguagesInRepo(): Promise<Language[]> {
-  // Translate between GitHub's API names for languages and ours
-  const codeqlLanguages: {[lang: string]: Language} = {
-    'C': 'cpp',
-    'C++': 'cpp',
-    'C#': 'csharp',
-    'Go': 'go',
-    'Java': 'java',
-    'JavaScript': 'javascript',
-    'TypeScript': 'javascript',
-    'Python': 'python',
-  };
   let repo_nwo = process.env['GITHUB_REPOSITORY']?.split("/");
   if (repo_nwo) {
     let owner = repo_nwo[0];
     let repo = repo_nwo[1];
 
     core.debug(`GitHub repo ${owner} ${repo}`);
-    const response = await api.getApiClient(true).repos.listLanguages({
+    const response = await api.getActionsApiClient(true).repos.listLanguages({
       owner,
       repo
     });
@@ -453,9 +464,10 @@ async function getLanguagesInRepo(): Promise<Language[]> {
     // Since sets in javascript maintain insertion order, using a set here and then splatting it
     // into an array gives us an array of languages ordered by popularity
     let languages: Set<Language> = new Set();
-    for (let lang in response.data) {
-      if (lang in codeqlLanguages) {
-        languages.add(codeqlLanguages[lang]);
+    for (let lang of Object.keys(response.data)) {
+      let parsedLang = parseLanguage(lang);
+      if (parsedLang !== undefined) {
+        languages.add(parsedLang);
       }
     }
     return [...languages];
@@ -496,50 +508,69 @@ async function getLanguages(): Promise<Language[]> {
   }
 
   // Make sure they are supported
-  const checkedLanguages: Language[] = [];
+  const parsedLanguages: Language[] = [];
   const unknownLanguages: string[] = [];
   for (let language of languages) {
-    // Normalise to lower case
-    language = language.toLowerCase();
-    // Resolve any known aliases
-    if (language in LANGUAGE_ALIASES) {
-      language = LANGUAGE_ALIASES[language];
-    }
-
-    const checkedLanguage = ALL_LANGUAGES.find(l => l === language);
-    if (checkedLanguage === undefined) {
+    const parsedLanguage = parseLanguage(language);
+    if (parsedLanguage === undefined) {
       unknownLanguages.push(language);
-    } else if (checkedLanguages.indexOf(checkedLanguage) === -1) {
-      checkedLanguages.push(checkedLanguage);
+    } else if (parsedLanguages.indexOf(parsedLanguage) === -1) {
+      parsedLanguages.push(parsedLanguage);
     }
   }
   if (unknownLanguages.length > 0) {
     throw new Error(getUnknownLanguagesError(unknownLanguages));
   }
 
-  return checkedLanguages;
+  return parsedLanguages;
+}
+
+/**
+ * Returns true if queries were provided in the workflow file
+ * (and thus added), otherwise false
+ */
+async function addQueriesFromWorkflowIfRequired(
+  codeQL: CodeQL,
+  languages: string[],
+  resultMap: { [language: string]: string[] },
+  tempDir: string
+): Promise<boolean> {
+  const queryUses = core.getInput('queries');
+  if (queryUses) {
+    for (const query of queryUses.split(',')) {
+      await parseQueryUses(languages, codeQL, resultMap, query, tempDir);
+    }
+    return true;
+  }
+
+  return false;
 }
 
 /**
  * Get the default config for when the user has not supplied one.
  */
-export async function getDefaultConfig(): Promise<Config> {
+export async function getDefaultConfig(tempDir: string, toolCacheDir: string, codeQL: CodeQL): Promise<Config> {
   const languages = await getLanguages();
   const queries = {};
-  await addDefaultQueries(languages, queries);
+  await addDefaultQueries(codeQL, languages, queries);
+  await addQueriesFromWorkflowIfRequired(codeQL, languages, queries, tempDir);
+
   return {
     languages: languages,
     queries: queries,
     pathsIgnore: [],
     paths: [],
     originalUserInput: {},
+    tempDir,
+    toolCacheDir,
+    codeQLCmd: codeQL.getPath(),
   };
 }
 
 /**
  * Load the config from the given file.
  */
-async function loadConfig(configFile: string): Promise<Config> {
+async function loadConfig(configFile: string, tempDir: string, toolCacheDir: string, codeQL: CodeQL): Promise<Config> {
   let parsedYAML: UserConfig;
 
   if (isLocal(configFile)) {
@@ -577,10 +608,13 @@ async function loadConfig(configFile: string): Promise<Config> {
     disableDefaultQueries = parsedYAML[DISABLE_DEFAULT_QUERIES_PROPERTY]!;
   }
   if (!disableDefaultQueries) {
-    await addDefaultQueries(languages, queries);
+    await addDefaultQueries(codeQL, languages, queries);
   }
 
-  if (QUERIES_PROPERTY in parsedYAML) {
+  // If queries were provided using `with` in the action configuration,
+  // they should take precedence over the queries in the config file
+  const addedQueriesFromAction = await addQueriesFromWorkflowIfRequired(codeQL, languages, queries, tempDir);
+  if (!addedQueriesFromAction && QUERIES_PROPERTY in parsedYAML) {
     if (!(parsedYAML[QUERIES_PROPERTY] instanceof Array)) {
       throw new Error(getQueriesInvalid(configFile));
     }
@@ -588,7 +622,7 @@ async function loadConfig(configFile: string): Promise<Config> {
       if (!(QUERIES_USES_PROPERTY in query) || typeof query[QUERIES_USES_PROPERTY] !== "string") {
         throw new Error(getQueryUsesInvalid(configFile));
       }
-      await parseQueryUses(configFile, languages, queries, query[QUERIES_USES_PROPERTY]);
+      await parseQueryUses(languages, codeQL, queries, query[QUERIES_USES_PROPERTY], tempDir, configFile);
     }
   }
 
@@ -630,7 +664,10 @@ async function loadConfig(configFile: string): Promise<Config> {
     queries,
     pathsIgnore,
     paths,
-    originalUserInput: parsedYAML
+    originalUserInput: parsedYAML,
+    tempDir,
+    toolCacheDir,
+    codeQLCmd: codeQL.getPath(),
   };
 }
 
@@ -640,16 +677,16 @@ async function loadConfig(configFile: string): Promise<Config> {
  * This will parse the config from the user input if present, or generate
  * a default config. The parsed config is then stored to a known location.
  */
-export async function initConfig(): Promise<Config> {
+export async function initConfig(tempDir: string, toolCacheDir: string, codeQL: CodeQL): Promise<Config> {
   const configFile = core.getInput('config-file');
   let config: Config;
 
   // If no config file was provided create an empty one
   if (configFile === '') {
     core.debug('No configuration file was provided');
-    config = await getDefaultConfig();
+    config = await getDefaultConfig(tempDir, toolCacheDir, codeQL);
   } else {
-    config = await loadConfig(configFile);
+    config = await loadConfig(configFile, tempDir, toolCacheDir, codeQL);
   }
 
   // Save the config so we can easily access it again in the future
@@ -689,7 +726,7 @@ async function getRemoteConfig(configFile: string): Promise<UserConfig> {
     throw new Error(getConfigFileRepoFormatInvalidMessage(configFile));
   }
 
-  const response = await api.getApiClient(true).repos.getContents({
+  const response = await api.getActionsApiClient(true).repos.getContents({
     owner: pieces.groups.owner,
     repo: pieces.groups.repo,
     path: pieces.groups.path,
@@ -711,8 +748,8 @@ async function getRemoteConfig(configFile: string): Promise<UserConfig> {
 /**
  * Get the file path where the parsed config will be stored.
  */
-export function getPathToParsedConfigFile(): string {
-  return path.join(util.getRequiredEnvParam('RUNNER_TEMP'), 'config');
+export function getPathToParsedConfigFile(tempDir: string): string {
+  return path.join(tempDir, 'config');
 }
 
 /**
@@ -720,7 +757,7 @@ export function getPathToParsedConfigFile(): string {
  */
 async function saveConfig(config: Config) {
   const configString = JSON.stringify(config);
-  const configFile = getPathToParsedConfigFile();
+  const configFile = getPathToParsedConfigFile(config.tempDir);
   fs.mkdirSync(path.dirname(configFile), { recursive: true });
   fs.writeFileSync(configFile, configString, 'utf8');
   core.debug('Saved config:');
@@ -735,8 +772,8 @@ async function saveConfig(config: Config) {
  * stored to a known location. On the second and further calls, this will
  * return the contents of the parsed config from the known location.
  */
-export async function getConfig(): Promise<Config> {
-  const configFile = getPathToParsedConfigFile();
+export async function getConfig(tempDir: string): Promise<Config> {
+  const configFile = getPathToParsedConfigFile(tempDir);
   if (!fs.existsSync(configFile)) {
     throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");
   }

src/defaults.json

@@ -0,0 +1,3 @@
+{
+	"bundleVersion": "codeql-bundle-20200630"
+}

src/external-queries.test.ts

@@ -10,10 +10,13 @@ setupTests(test);
 
 test("checkoutExternalQueries", async t => {
   await util.withTmpDir(async tmpDir => {
-    process.env["RUNNER_TEMP"] = tmpDir;
-    await externalQueries.checkoutExternalRepository("github/codeql-go", "df4c6869212341b601005567381944ed90906b6b");
+    const ref = "df4c6869212341b601005567381944ed90906b6b";
+    await externalQueries.checkoutExternalRepository(
+      "github/codeql-go",
+      ref,
+      tmpDir);
 
     // COPYRIGHT file existed in df4c6869212341b601005567381944ed90906b6b but not in the default branch
-    t.true(fs.existsSync(path.join(tmpDir, "github", "codeql-go", "COPYRIGHT")));
+    t.true(fs.existsSync(path.join(tmpDir, "github", "codeql-go", ref, "COPYRIGHT")));
   });
 });