codeql-action/lib/analyze-action.js

import { createRequire as __codeqlCreateRequire } from "module";import { fileURLToPath as __codeqlFileURLToPath } from "url";import { dirname as __codeqlDirname } from "path";var require = __codeqlCreateRequire(import.meta.url);var __filename = __codeqlFileURLToPath(import.meta.url);var __dirname = __codeqlDirname(__filename);
import{a as ye}from"./chunks/chunk-3ABJF3VX.js";import{o as me}from"./chunks/chunk-XFYKKQKY.js";import{a as P,b as Ce,c as we,d as _e,e as De,f as Ue}from"./chunks/chunk-5ZRYQL45.js";import{c as he}from"./chunks/chunk-U2JW7LOC.js";import{d as Re}from"./chunks/chunk-HIJVM6IW.js";import"./chunks/chunk-2R674E4A.js";import{c as be,e as F,f as A,h as ge}from"./chunks/chunk-B34OPX2S.js";import{c as ce,h as fe}from"./chunks/chunk-LYJYPMC2.js";import{Bb as ue,D as H,F as B,G as v,I as V,Ka as Z,L as N,O as k,Oa as x,P as $,Pa as J,Qa as ee,Ra as te,S as q,Ta as ae,U as K,X as U,Yb as de,Zb as le,ab as ne,c as ke,ca as W,cc as pe,db as ie,ea as Y,fa as w,ga as G,ha as X,k as Ge,lb as oe,ra as h,sa as f,ta as z,tb as se,ua as Q,ub as re,ya as j,zb as T}from"./chunks/chunk-V6LGBXSF.js";var m=ke(Ge());import*as E from"fs";import Oe from"path";import{performance as Te}from"perf_hooks";import*as O from"fs";async function Se(n,t,i,a,d,o){if(h("upload-database")!=="true")return o.debug("Database upload disabled in workflow. Skipping upload."),[];if(!i.analysisKinds.includes("code-scanning"))return o.debug("Not uploading database because 'analysis-kinds: code-scanning' is not enabled."),[];if(U())return o.debug("In test mode. Skipping database upload."),[];if(i.gitHubVersion.type!=="GitHub.com"&&i.gitHubVersion.type!=="GitHub Enterprise Cloud with data residency")return o.debug("Not running against github.com or GHEC-DR. Skipping upload."),[];if(!await ie())return o.debug("Not analyzing default branch. Skipping upload."),[];let p=i.overlayDatabaseMode==="overlay-base"&&await d.getValue("upload_overlay_db_to_api",t),l=p?"overlay":"clear";await ue("Cleaning up databases",async()=>{await t.databaseCleanupCluster(i,l)});let u=[];for(let s of i.languages){let e;try{let c=await K(i,s,t,s,{includeDiagnostics:!1});e=O.statSync(c).size;let r=await ne(h("checkout_path")),y=4,b;for(let g=1;g<=y;g++)try{b=await Fe(n,s,r,c,e,a);break}catch(R){let _=$(R);if(!_||!J.includes(_.status)){if(g===y)throw o.error(`Maximum retry attempts exhausted (${g}), aborting database upload`),R}else throw R;let D=15e3*Math.pow(2,g-1);o.debug(`Database upload attempt ${g} of ${y} failed for ${s}: ${w(R)}. Retrying in ${D/1e3}s...`),await new Promise(L=>setTimeout(L,D))}u.push({language:s,zipped_upload_size_bytes:e,is_overlay_base:p,upload_duration_ms:b}),o.debug(`Successfully uploaded database for ${s}`)}catch(c){o.warning(`Failed to upload database for ${s}: ${w(c)}`),u.push({language:s,error:w(c),...e!==void 0?{zipped_upload_size_bytes:e}:{}})}}return u}async function Fe(n,t,i,a,d,o){let p=te(),l=new URL(V(o.url));l.hostname=`uploads.${l.hostname}`;let u=l.toString();u.endsWith("/")&&(u=u.slice(0,-1));let s=O.createReadStream(a);try{let e=performance.now();return await p.request("POST /repos/:owner/:repo/code-scanning/codeql/databases/:language?name=:name&commit_oid=:commit_oid",{baseUrl:u,owner:n.owner,repo:n.repo,language:t,name:`${t}-database`,commit_oid:i,data:s,headers:{authorization:`token ${o.auth}`,"Content-Type":"application/zip","Content-Length":d},request:{retries:0}}),performance.now()-e}finally{s.close()}}async function I(n,t,i,a,d,o,p,l,u,s,e){let c=be(a,i?.analyze_failure_language),r=await F("finish",c,n,t,await G(e),e,a?.message,a?.stack);if(r!==void 0){let y={...r,...i||{},...o||{},...l||{},dependency_caching_upload_results:u,database_upload_results:s};if(t&&p){let b={...y,trap_cache_upload_duration_ms:Math.round(d||0),trap_cache_upload_size_bytes:Math.round(await se(Object.values(t.trapCaches),e))};await A(b)}else await A(y)}}function Ae(){return f("expect-error")!=="false"&&!U()}function Pe(n){let t=v(n,"go"),i=Oe.join(t,"trap","go");return E.existsSync(i)&&E.readdirSync(i).some(a=>[".trap",".trap.gz",".trap.br",".trap.tar.gz",".trap.tar.br",".trap.tar"].some(d=>a.endsWith(d)))}async function Me(n,t){if(n.languages.includes("go")){if(n.buildMode){t.debug("Skipping legacy Go autobuild since a build mode has been specified.");return}if(process.env.CODEQL_ACTION_DID_AUTOBUILD_GOLANG==="true"){t.debug("Won't run Go autobuild since it has already been run.");return}if(Ce(n,"go",t)){t.debug("Won't run Go autobuild since there is already a finalized database for Go.");return}if(Pe(n)){t.debug("Won't run Go autobuild since at least one file of Go code has already been extracted."),"CODEQL_EXTRACTOR_GO_BUILD_TRACING"in process.env&&t.warning("The CODEQL_EXTRACTOR_GO_BUILD_TRACING environment variable has no effect on workflows with manual build steps, so we recommend that you remove it from your workflow.");return}t.debug("Running Go autobuild because extraction output (TRAP files) for Go code has not been found."),await he(n,"go",t)}}async function He(n){let t,i,a,d,o,p,l=!1,u,s=[],e=T();try{N(Q()),Z();let c=await F("finish","starting",n,a,await G(e),e);if(c!==void 0&&await A(c),a=await pe(z(),e),a===void 0)throw new k("Config file could not be found at expected location. Has the 'init' action been called?");let r=await fe(a.codeQLCmd);if(Ae())throw new k("`expect-error` input parameter is for internal use only. It should only be set by codeql-action or a fork.");process.env.CODEQL_PROXY_HOST===""&&!await q(r,"2.20.7")&&(delete process.env.CODEQL_PROXY_HOST,delete process.env.CODEQL_PROXY_PORT,delete process.env.CODEQL_PROXY_CA_CERTIFICATE),f("cleanup-level")&&e.info("The 'cleanup-level' input is ignored since the CodeQL Action now automatically manages database cleanup. This input can safely be removed from your workflow.");let y=ee(),b=h("output");m.exportVariable("CODEQL_ACTION_SARIF_RESULTS_OUTPUT_DIR",b);let g=B(f("threads")||process.env.CODEQL_THREADS,e),R=x(),_=await ae();X(Q(),_);let C=oe(_,R,z(),e),D=H(f("ram")||process.env.CODEQL_RAM,e),L=await we(e);await Ue(a,e),await Me(a,e),p=await De(C,b,g,D,r,a,e),h("skip-queries")!=="true"&&(f("add-snippets")!==void 0&&e.warning("The `add-snippets` input has been removed and no longer has any effect."),i=await _e(b,D,g,L,f("category"),r,a,e,C));let M={};for(let S of a.languages)M[S]=v(a,S);m.setOutput("db-locations",M),m.setOutput("sarif-output",Oe.resolve(b));let Ee=j(f("upload"));if(i){let S=h("checkout_path"),ve=f("category");t=await ye(e,C,Ee,S,b,ve,f("post-processed-sarif-path")),t["code-scanning"]!==void 0&&m.setOutput("sarif-id",t["code-scanning"].sarifID),t["code-quality"]!==void 0&&m.setOutput("quality-sarif-id",t["code-quality"].sarifID)}else e.info("Not uploading results");await ce(r,a,e),s=await Se(R,r,a,y,C,e);let Le=Te.now();l=await de(r,a,e),o=Te.now()-Le,d=await le(a,C,e),re(a.dependencyCachingEnabled)&&(u=await Re(r,C,a,e)),U()?e.debug("In test mode. Waiting for processing is disabled."):t?.["code-scanning"]!==void 0&&h("wait-for-processing")==="true"&&await me(x(),t["code-scanning"].sarifID,T()),f("expect-error")==="true"&&m.setFailed("expect-error input was set to true but no error was thrown."),m.exportVariable("CODEQL_ACTION_ANALYZE_DID_COMPLETE_SUCCESSFULLY","true")}catch(c){let r=Y(c);(f("expect-error")!=="true"||Ae())&&m.setFailed(r.message),await I(n,a,r instanceof P?r.queriesStatusReport:void 0,r instanceof P?r.error:r,o,p,l,d,u,s,e);return}i!==void 0&&t?.["code-scanning"]!==void 0?await I(n,a,{...i,...t["code-scanning"].statusReport},void 0,o,p,l,d,u,s,e):i!==void 0?await I(n,a,{...i},void 0,o,p,l,d,u,s,e):await I(n,a,void 0,void 0,o,p,l,d,u,s,e)}var Ie=new Date,Be=He(Ie);async function Ve(){let n=T();try{await Be}catch(t){m.setFailed(`analyze action failed: ${w(t)}`),await ge("finish",Ie,t,n)}await W()}Ve();export{Be as runPromise};