diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 927bbd8f7..a7c2703c0 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -92051,7 +92051,10 @@ function sanitizeUrlForStatusReport(url2) { // src/setup-codeql.ts var CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action"; +var CODEQL_NIGHTLIES_REPOSITORY_OWNER = "dsp-testing"; +var CODEQL_NIGHTLIES_REPOSITORY_NAME = "codeql-cli-nightlies"; var CODEQL_BUNDLE_VERSION_ALIAS = ["linked", "latest"]; +var CODEQL_NIGHTLY_TOOLS_INPUTS = ["nightly", "nightly-latest"]; function getCodeQLBundleExtension(compressionMethod) { switch (compressionMethod) { case "gzip": @@ -92194,7 +92197,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { return void 0; } async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, logger) { - if (toolsInput && !CODEQL_BUNDLE_VERSION_ALIAS.includes(toolsInput) && !toolsInput.startsWith("http")) { + if (toolsInput && !CODEQL_BUNDLE_VERSION_ALIAS.includes(toolsInput) && !CODEQL_NIGHTLY_TOOLS_INPUTS.includes(toolsInput) && !toolsInput.startsWith("http")) { logger.info(`Using CodeQL CLI from local path ${toolsInput}`); const compressionMethod2 = inferCompressionMethod(toolsInput); if (compressionMethod2 === void 0) { @@ -92223,6 +92226,9 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian let cliVersion2; let tagName; let url2; + if (toolsInput !== void 0 && CODEQL_NIGHTLY_TOOLS_INPUTS.includes(toolsInput)) { + toolsInput = await getNightlyToolsUrl(logger); + } if (forceShippedTools) { cliVersion2 = cliVersion; tagName = bundleVersion; @@ -92506,6 +92512,25 @@ async function useZstdBundle(cliVersion2, tarSupportsZstd) { function getTempExtractionDir(tempDir) { return path12.join(tempDir, v4_default()); } +async function getNightlyToolsUrl(logger) { + const zstdAvailability = await isZstdAvailable(logger); + const compressionMethod = await useZstdBundle( + CODEQL_VERSION_ZSTD_BUNDLE, + zstdAvailability.available + ) ? "zstd" : "gzip"; + const release3 = await getApiClient().rest.repos.listReleases({ + owner: CODEQL_NIGHTLIES_REPOSITORY_OWNER, + repo: CODEQL_NIGHTLIES_REPOSITORY_NAME, + per_page: 1, + page: 1, + prerelease: true + }); + const latestRelease = release3.data[0]; + if (!latestRelease) { + throw new Error("Could not find latest nightly release."); + } + return `https://github.com/${CODEQL_NIGHTLIES_REPOSITORY_OWNER}/${CODEQL_NIGHTLIES_REPOSITORY_NAME}/releases/download/${latestRelease.tag_name}/${getCodeQLBundleName(compressionMethod)}`; +} // src/tracer-config.ts var fs13 = __toESM(require("fs")); diff --git a/lib/init-action-post.js b/lib/init-action-post.js index bc86cec13..a3efb7b37 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -129994,7 +129994,10 @@ function sanitizeUrlForStatusReport(url2) { // src/setup-codeql.ts var CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action"; +var CODEQL_NIGHTLIES_REPOSITORY_OWNER = "dsp-testing"; +var CODEQL_NIGHTLIES_REPOSITORY_NAME = "codeql-cli-nightlies"; var CODEQL_BUNDLE_VERSION_ALIAS = ["linked", "latest"]; +var CODEQL_NIGHTLY_TOOLS_INPUTS = ["nightly", "nightly-latest"]; function getCodeQLBundleExtension(compressionMethod) { switch (compressionMethod) { case "gzip": @@ -130137,7 +130140,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { return void 0; } async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, logger) { - if (toolsInput && !CODEQL_BUNDLE_VERSION_ALIAS.includes(toolsInput) && !toolsInput.startsWith("http")) { + if (toolsInput && !CODEQL_BUNDLE_VERSION_ALIAS.includes(toolsInput) && !CODEQL_NIGHTLY_TOOLS_INPUTS.includes(toolsInput) && !toolsInput.startsWith("http")) { logger.info(`Using CodeQL CLI from local path ${toolsInput}`); const compressionMethod2 = inferCompressionMethod(toolsInput); if (compressionMethod2 === void 0) { @@ -130166,6 +130169,9 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian let cliVersion2; let tagName; let url2; + if (toolsInput !== void 0 && CODEQL_NIGHTLY_TOOLS_INPUTS.includes(toolsInput)) { + toolsInput = await getNightlyToolsUrl(logger); + } if (forceShippedTools) { cliVersion2 = cliVersion; tagName = bundleVersion; @@ -130449,6 +130455,25 @@ async function useZstdBundle(cliVersion2, tarSupportsZstd) { function getTempExtractionDir(tempDir) { return path12.join(tempDir, v4_default()); } +async function getNightlyToolsUrl(logger) { + const zstdAvailability = await isZstdAvailable(logger); + const compressionMethod = await useZstdBundle( + CODEQL_VERSION_ZSTD_BUNDLE, + zstdAvailability.available + ) ? "zstd" : "gzip"; + const release3 = await getApiClient().rest.repos.listReleases({ + owner: CODEQL_NIGHTLIES_REPOSITORY_OWNER, + repo: CODEQL_NIGHTLIES_REPOSITORY_NAME, + per_page: 1, + page: 1, + prerelease: true + }); + const latestRelease = release3.data[0]; + if (!latestRelease) { + throw new Error("Could not find latest nightly release."); + } + return `https://github.com/${CODEQL_NIGHTLIES_REPOSITORY_OWNER}/${CODEQL_NIGHTLIES_REPOSITORY_NAME}/releases/download/${latestRelease.tag_name}/${getCodeQLBundleName(compressionMethod)}`; +} // src/tracer-config.ts async function shouldEnableIndirectTracing(codeql, config) { diff --git a/lib/init-action.js b/lib/init-action.js index 51b9c5feb..7f3ed776a 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -88668,7 +88668,10 @@ function sanitizeUrlForStatusReport(url) { // src/setup-codeql.ts var CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action"; +var CODEQL_NIGHTLIES_REPOSITORY_OWNER = "dsp-testing"; +var CODEQL_NIGHTLIES_REPOSITORY_NAME = "codeql-cli-nightlies"; var CODEQL_BUNDLE_VERSION_ALIAS = ["linked", "latest"]; +var CODEQL_NIGHTLY_TOOLS_INPUTS = ["nightly", "nightly-latest"]; function getCodeQLBundleExtension(compressionMethod) { switch (compressionMethod) { case "gzip": @@ -88811,7 +88814,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { return void 0; } async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, logger) { - if (toolsInput && !CODEQL_BUNDLE_VERSION_ALIAS.includes(toolsInput) && !toolsInput.startsWith("http")) { + if (toolsInput && !CODEQL_BUNDLE_VERSION_ALIAS.includes(toolsInput) && !CODEQL_NIGHTLY_TOOLS_INPUTS.includes(toolsInput) && !toolsInput.startsWith("http")) { logger.info(`Using CodeQL CLI from local path ${toolsInput}`); const compressionMethod2 = inferCompressionMethod(toolsInput); if (compressionMethod2 === void 0) { @@ -88840,6 +88843,9 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian let cliVersion2; let tagName; let url; + if (toolsInput !== void 0 && CODEQL_NIGHTLY_TOOLS_INPUTS.includes(toolsInput)) { + toolsInput = await getNightlyToolsUrl(logger); + } if (forceShippedTools) { cliVersion2 = cliVersion; tagName = bundleVersion; @@ -89123,6 +89129,25 @@ async function useZstdBundle(cliVersion2, tarSupportsZstd) { function getTempExtractionDir(tempDir) { return path13.join(tempDir, v4_default()); } +async function getNightlyToolsUrl(logger) { + const zstdAvailability = await isZstdAvailable(logger); + const compressionMethod = await useZstdBundle( + CODEQL_VERSION_ZSTD_BUNDLE, + zstdAvailability.available + ) ? "zstd" : "gzip"; + const release3 = await getApiClient().rest.repos.listReleases({ + owner: CODEQL_NIGHTLIES_REPOSITORY_OWNER, + repo: CODEQL_NIGHTLIES_REPOSITORY_NAME, + per_page: 1, + page: 1, + prerelease: true + }); + const latestRelease = release3.data[0]; + if (!latestRelease) { + throw new Error("Could not find latest nightly release."); + } + return `https://github.com/${CODEQL_NIGHTLIES_REPOSITORY_OWNER}/${CODEQL_NIGHTLIES_REPOSITORY_NAME}/releases/download/${latestRelease.tag_name}/${getCodeQLBundleName(compressionMethod)}`; +} // src/tracer-config.ts var fs13 = __toESM(require("fs")); diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 88dc2d589..dc229aa91 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -89822,7 +89822,10 @@ function sanitizeUrlForStatusReport(url2) { // src/setup-codeql.ts var CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action"; +var CODEQL_NIGHTLIES_REPOSITORY_OWNER = "dsp-testing"; +var CODEQL_NIGHTLIES_REPOSITORY_NAME = "codeql-cli-nightlies"; var CODEQL_BUNDLE_VERSION_ALIAS = ["linked", "latest"]; +var CODEQL_NIGHTLY_TOOLS_INPUTS = ["nightly", "nightly-latest"]; function getCodeQLBundleExtension(compressionMethod) { switch (compressionMethod) { case "gzip": @@ -89965,7 +89968,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { return void 0; } async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, logger) { - if (toolsInput && !CODEQL_BUNDLE_VERSION_ALIAS.includes(toolsInput) && !toolsInput.startsWith("http")) { + if (toolsInput && !CODEQL_BUNDLE_VERSION_ALIAS.includes(toolsInput) && !CODEQL_NIGHTLY_TOOLS_INPUTS.includes(toolsInput) && !toolsInput.startsWith("http")) { logger.info(`Using CodeQL CLI from local path ${toolsInput}`); const compressionMethod2 = inferCompressionMethod(toolsInput); if (compressionMethod2 === void 0) { @@ -89994,6 +89997,9 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian let cliVersion2; let tagName; let url2; + if (toolsInput !== void 0 && CODEQL_NIGHTLY_TOOLS_INPUTS.includes(toolsInput)) { + toolsInput = await getNightlyToolsUrl(logger); + } if (forceShippedTools) { cliVersion2 = cliVersion; tagName = bundleVersion; @@ -90277,6 +90283,25 @@ async function useZstdBundle(cliVersion2, tarSupportsZstd) { function getTempExtractionDir(tempDir) { return path11.join(tempDir, v4_default()); } +async function getNightlyToolsUrl(logger) { + const zstdAvailability = await isZstdAvailable(logger); + const compressionMethod = await useZstdBundle( + CODEQL_VERSION_ZSTD_BUNDLE, + zstdAvailability.available + ) ? "zstd" : "gzip"; + const release = await getApiClient().rest.repos.listReleases({ + owner: CODEQL_NIGHTLIES_REPOSITORY_OWNER, + repo: CODEQL_NIGHTLIES_REPOSITORY_NAME, + per_page: 1, + page: 1, + prerelease: true + }); + const latestRelease = release.data[0]; + if (!latestRelease) { + throw new Error("Could not find latest nightly release."); + } + return `https://github.com/${CODEQL_NIGHTLIES_REPOSITORY_OWNER}/${CODEQL_NIGHTLIES_REPOSITORY_NAME}/releases/download/${latestRelease.tag_name}/${getCodeQLBundleName(compressionMethod)}`; +} // src/tracer-config.ts async function shouldEnableIndirectTracing(codeql, config) { diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index f603d0aa1..b568039b7 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -90523,7 +90523,10 @@ function sanitizeUrlForStatusReport(url2) { // src/setup-codeql.ts var CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action"; +var CODEQL_NIGHTLIES_REPOSITORY_OWNER = "dsp-testing"; +var CODEQL_NIGHTLIES_REPOSITORY_NAME = "codeql-cli-nightlies"; var CODEQL_BUNDLE_VERSION_ALIAS = ["linked", "latest"]; +var CODEQL_NIGHTLY_TOOLS_INPUTS = ["nightly", "nightly-latest"]; function getCodeQLBundleExtension(compressionMethod) { switch (compressionMethod) { case "gzip": @@ -90666,7 +90669,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { return void 0; } async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, variant, tarSupportsZstd, logger) { - if (toolsInput && !CODEQL_BUNDLE_VERSION_ALIAS.includes(toolsInput) && !toolsInput.startsWith("http")) { + if (toolsInput && !CODEQL_BUNDLE_VERSION_ALIAS.includes(toolsInput) && !CODEQL_NIGHTLY_TOOLS_INPUTS.includes(toolsInput) && !toolsInput.startsWith("http")) { logger.info(`Using CodeQL CLI from local path ${toolsInput}`); const compressionMethod2 = inferCompressionMethod(toolsInput); if (compressionMethod2 === void 0) { @@ -90695,6 +90698,9 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian let cliVersion2; let tagName; let url2; + if (toolsInput !== void 0 && CODEQL_NIGHTLY_TOOLS_INPUTS.includes(toolsInput)) { + toolsInput = await getNightlyToolsUrl(logger); + } if (forceShippedTools) { cliVersion2 = cliVersion; tagName = bundleVersion; @@ -90978,6 +90984,25 @@ async function useZstdBundle(cliVersion2, tarSupportsZstd) { function getTempExtractionDir(tempDir) { return path12.join(tempDir, v4_default()); } +async function getNightlyToolsUrl(logger) { + const zstdAvailability = await isZstdAvailable(logger); + const compressionMethod = await useZstdBundle( + CODEQL_VERSION_ZSTD_BUNDLE, + zstdAvailability.available + ) ? "zstd" : "gzip"; + const release3 = await getApiClient().rest.repos.listReleases({ + owner: CODEQL_NIGHTLIES_REPOSITORY_OWNER, + repo: CODEQL_NIGHTLIES_REPOSITORY_NAME, + per_page: 1, + page: 1, + prerelease: true + }); + const latestRelease = release3.data[0]; + if (!latestRelease) { + throw new Error("Could not find latest nightly release."); + } + return `https://github.com/${CODEQL_NIGHTLIES_REPOSITORY_OWNER}/${CODEQL_NIGHTLIES_REPOSITORY_NAME}/releases/download/${latestRelease.tag_name}/${getCodeQLBundleName(compressionMethod)}`; +} // src/tracer-config.ts async function shouldEnableIndirectTracing(codeql, config) { diff --git a/src/setup-codeql.ts b/src/setup-codeql.ts index e64a032c9..eb115cc01 100644 --- a/src/setup-codeql.ts +++ b/src/setup-codeql.ts @@ -33,8 +33,11 @@ export enum ToolsSource { } export const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action"; +const CODEQL_NIGHTLIES_REPOSITORY_OWNER = "dsp-testing"; +const CODEQL_NIGHTLIES_REPOSITORY_NAME = "codeql-cli-nightlies"; const CODEQL_BUNDLE_VERSION_ALIAS: string[] = ["linked", "latest"]; +const CODEQL_NIGHTLY_TOOLS_INPUTS = ["nightly", "nightly-latest"]; function getCodeQLBundleExtension( compressionMethod: tar.CompressionMethod, @@ -277,6 +280,7 @@ export async function getCodeQLSource( if ( toolsInput && !CODEQL_BUNDLE_VERSION_ALIAS.includes(toolsInput) && + !CODEQL_NIGHTLY_TOOLS_INPUTS.includes(toolsInput) && !toolsInput.startsWith("http") ) { logger.info(`Using CodeQL CLI from local path ${toolsInput}`); @@ -331,6 +335,13 @@ export async function getCodeQLSource( */ let url: string | undefined; + if ( + toolsInput !== undefined && + CODEQL_NIGHTLY_TOOLS_INPUTS.includes(toolsInput) + ) { + toolsInput = await getNightlyToolsUrl(logger); + } + if (forceShippedTools) { cliVersion = defaults.cliVersion; tagName = defaults.bundleVersion; @@ -771,3 +782,35 @@ async function useZstdBundle( function getTempExtractionDir(tempDir: string) { return path.join(tempDir, uuidV4()); } + +/** + * Get the URL of the latest nightly CodeQL bundle. + */ +async function getNightlyToolsUrl(logger: Logger) { + const zstdAvailability = await tar.isZstdAvailable(logger); + // The nightly is guaranteed to have a zstd bundle + const compressionMethod = (await useZstdBundle( + CODEQL_VERSION_ZSTD_BUNDLE, + zstdAvailability.available, + )) + ? "zstd" + : "gzip"; + + // Since nightlies are prereleases, we can't just download the latest release + // on the repository. So instead we need to find the latest pre-release + // version and construct the download URL from that. + const release = await api.getApiClient().rest.repos.listReleases({ + owner: CODEQL_NIGHTLIES_REPOSITORY_OWNER, + repo: CODEQL_NIGHTLIES_REPOSITORY_NAME, + per_page: 1, + page: 1, + prerelease: true, + }); + + const latestRelease = release.data[0]; + if (!latestRelease) { + throw new Error("Could not find latest nightly release."); + } + + return `https://github.com/${CODEQL_NIGHTLIES_REPOSITORY_OWNER}/${CODEQL_NIGHTLIES_REPOSITORY_NAME}/releases/download/${latestRelease.tag_name}/${getCodeQLBundleName(compressionMethod)}`; +}