github/codeql-action
1
0
Fork 0
mirror of https://github.com/github/codeql-action.git synced 2026-01-05 14:10:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into henrymercer/drop-codeql-v2.11.5

Browse Source
This commit is contained in:
Henry Mercer
2024-01-02 18:03:32 +00:00
parent 5dc8134adc ee9b8ab1f1
commit 35b10b5ff7
619 changed files with 68850 additions and 7145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/actions-util.ts
View File

@@ -187,7 +187,7 @@ export async function getRef(): Promise<string> {
const hasShaInput = !!shaInput;
// If one of 'ref' or 'sha' are provided, both are required
if ((hasRefInput || hasShaInput) && !(hasRefInput && hasShaInput)) {
throw new Error(
throw new UserError(
"Both 'ref' and 'sha' are required if one of them is provided.",
);
}

7
src/analyze.ts
View File

@@ -25,6 +25,7 @@ import { DatabaseCreationTimings, EventReport } from "./status-report";
import { endTracingForCluster } from "./tracer-config";
import { validateSarifFileSchema } from "./upload-lib";
import * as util from "./util";
import { UserError } from "./util";
export class CodeQLAnalysisError extends Error {
queriesStatusReport: QueriesStatusReport;
@@ -297,7 +298,7 @@ export async function runQueries(
!hasCustomQueries &&
!hasPackWithCustomQueries
) {
throw new Error(
throw new UserError(
`Unable to analyze ${language} as no queries were selected for this language`,
);
}
@@ -614,7 +615,7 @@ export function validateQueryFilters(queryFilters?: configUtils.QueryFilter[]) {
}
if (!Array.isArray(queryFilters)) {
throw new Error(
throw new UserError(
`Query filters must be an array of "include" or "exclude" entries. Found ${typeof queryFilters}`,
);
}
@@ -637,7 +638,7 @@ export function validateQueryFilters(queryFilters?: configUtils.QueryFilter[]) {
}
if (errors.length) {
throw new Error(`Invalid query filter.\n${errors.join("\n")}`);
throw new UserError(`Invalid query filter.\n${errors.join("\n")}`);
}
return queryFilters;

2
src/api-compatibility.json
View File

@@ -1 +1 @@
{"maximumVersion": "3.11", "minimumVersion": "3.7"}
{"maximumVersion": "3.12", "minimumVersion": "3.7"}

6
src/autobuild.ts
View File

@@ -38,11 +38,11 @@ export async function determineAutobuildLanguages(
* For example, consider a user with the following workflow file:
*
* ```yml
* - uses: github/codeql-action/init@v2
* - uses: github/codeql-action/init@v3
* with:
* languages: go, java
* - uses: github/codeql-action/autobuild@v2
* - uses: github/codeql-action/analyze@v2
* - uses: github/codeql-action/autobuild@v3
* - uses: github/codeql-action/analyze@v3
* ```
*
* - With Go extraction disabled, we will run the Java autobuilder in the

21
src/codeql.ts
View File

@@ -410,7 +410,7 @@ export async function setupCodeQL(
if (process.platform === "win32") {
codeqlCmd += ".exe";
} else if (process.platform !== "linux" && process.platform !== "darwin") {
throw new Error(`Unsupported platform: ${process.platform}`);
throw new util.UserError(`Unsupported platform: ${process.platform}`);
}
cachedCodeQL = await getCodeQLForCmd(codeqlCmd, checkVersion);
@@ -684,24 +684,13 @@ export async function getCodeQLForCmd(
await runTool(autobuildCmd);
},
async extractScannedLanguage(config: Config, language: Language) {
const databasePath = util.getCodeQLDatabasePath(config, language);
// Set trace command
const ext = process.platform === "win32" ? ".cmd" : ".sh";
const traceCommand = path.resolve(
await this.resolveExtractor(language),
"tools",
`autobuild${ext}`,
);
// Run trace command
await runTool(cmd, [
"database",
"trace-command",
"--index-traceless-dbs",
...(await getTrapCachingExtractorConfigArgsForLang(config, language)),
...getExtraOptionsFromEnv(["database", "trace-command"]),
databasePath,
"--",
traceCommand,
util.getCodeQLDatabasePath(config, language),
]);
},
async finalizeDatabase(
@@ -1135,7 +1124,7 @@ export async function getCodeQLForCmd(
checkVersion &&
!(await util.codeQlVersionAbove(codeql, CODEQL_MINIMUM_VERSION))
) {
throw new Error(
throw new util.UserError(
`Expected a CodeQL CLI with version at least ${CODEQL_MINIMUM_VERSION} but got version ${
(await codeql.getVersion()).version
}`,
@@ -1155,7 +1144,7 @@ export async function getCodeQLForCmd(
"version of the CLI using the 'tools' input to the 'init' Action, you can remove this " +
"input to use the default version.\n\n" +
"Alternatively, if you want to continue using CodeQL CLI version " +
`${result.version}, you can replace 'github/codeql-action/*@v2' by ` +
`${result.version}, you can replace 'github/codeql-action/*@v3' by ` +
`'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to ` +
"continue using this version of the CodeQL Action.",
);

8
src/defaults.json
View File

@@ -1,6 +1,6 @@
{
"bundleVersion": "codeql-bundle-v2.15.3",
"cliVersion": "2.15.3",
"priorBundleVersion": "codeql-bundle-v2.15.2",
"priorCliVersion": "2.15.2"
"bundleVersion": "codeql-bundle-v2.15.5",
"cliVersion": "2.15.5",
"priorBundleVersion": "codeql-bundle-v2.15.4",
"priorCliVersion": "2.15.4"
}

3
src/external-queries.ts
View File

@@ -6,6 +6,7 @@ import * as safeWhich from "@chrisgavin/safe-which";
import { GitHubApiExternalRepoDetails } from "./api-client";
import { Logger } from "./logging";
import { UserError } from "./util";
/**
* Check out repository at the given ref, and return the directory of the checkout.
@@ -23,7 +24,7 @@ export async function checkoutExternalRepository(
if (!checkoutLocation.startsWith(tempDir)) {
// this still permits locations that mess with sibling repositories in `tempDir`, but that is acceptable
throw new Error(
throw new UserError(
`'${repository}@${ref}' is not a valid repository and reference.`,
);
}

24
src/init-action-post-helper.test.ts
View File

@@ -91,14 +91,14 @@ test("uploads failed SARIF run with `diagnostics export` if feature flag is off"
},
{
name: "Initialize CodeQL",
uses: "github/codeql-action/init@v2",
uses: "github/codeql-action/init@v3",
with: {
languages: "javascript",
},
},
{
name: "Perform CodeQL Analysis",
uses: "github/codeql-action/analyze@v2",
uses: "github/codeql-action/analyze@v3",
with: {
category: "my-category",
},
@@ -115,14 +115,14 @@ test("uploads failed SARIF run with `diagnostics export` if the database doesn't
},
{
name: "Initialize CodeQL",
uses: "github/codeql-action/init@v2",
uses: "github/codeql-action/init@v3",
with: {
languages: "javascript",
},
},
{
name: "Perform CodeQL Analysis",
uses: "github/codeql-action/analyze@v2",
uses: "github/codeql-action/analyze@v3",
with: {
category: "my-category",
},
@@ -142,14 +142,14 @@ test("uploads failed SARIF run with database export-diagnostics if the database
},
{
name: "Initialize CodeQL",
uses: "github/codeql-action/init@v2",
uses: "github/codeql-action/init@v3",
with: {
languages: "javascript",
},
},
{
name: "Perform CodeQL Analysis",
uses: "github/codeql-action/analyze@v2",
uses: "github/codeql-action/analyze@v3",
with: {
category: "my-category",
},
@@ -199,14 +199,14 @@ for (const { uploadInput, shouldUpload } of UPLOAD_INPUT_TEST_CASES) {
},
{
name: "Initialize CodeQL",
uses: "github/codeql-action/init@v2",
uses: "github/codeql-action/init@v3",
with: {
languages: "javascript",
},
},
{
name: "Perform CodeQL Analysis",
uses: "github/codeql-action/analyze@v2",
uses: "github/codeql-action/analyze@v3",
with: {
category: "my-category",
upload: uploadInput,
@@ -234,14 +234,14 @@ test("uploading failed SARIF run succeeds when workflow uses an input with a mat
},
{
name: "Initialize CodeQL",
uses: "github/codeql-action/init@v2",
uses: "github/codeql-action/init@v3",
with: {
languages: "javascript",
},
},
{
name: "Perform CodeQL Analysis",
uses: "github/codeql-action/analyze@v2",
uses: "github/codeql-action/analyze@v3",
with: {
category: "/language:${{ matrix.language }}",
},
@@ -261,14 +261,14 @@ test("uploading failed SARIF run fails when workflow uses a complex upload input
},
{
name: "Initialize CodeQL",
uses: "github/codeql-action/init@v2",
uses: "github/codeql-action/init@v3",
with: {
languages: "javascript",
},
},
{
name: "Perform CodeQL Analysis",
uses: "github/codeql-action/analyze@v2",
uses: "github/codeql-action/analyze@v3",
with: {
upload: "${{ matrix.language != 'csharp' }}",
},

4
src/repository.ts
View File

@@ -1,3 +1,5 @@
import { UserError } from "./util";
// A repository name with owner, parsed into its two parts
export interface RepositoryNwo {
owner: string;
@@ -7,7 +9,7 @@ export interface RepositoryNwo {
export function parseRepositoryNwo(input: string): RepositoryNwo {
const parts = input.split("/");
if (parts.length !== 2) {
throw new Error(`"${input}" is not a valid repository name`);
throw new UserError(`"${input}" is not a valid repository name`);
}
return {
owner: parts[0],

4
src/resolve-environment.ts
View File

@@ -27,7 +27,9 @@ export async function runResolveBuildEnvironment(
) {
const parsedLanguage = parseLanguage(languageInput)?.toString();
if (parsedLanguage === undefined) {
throw new Error(`Did not recognize the language '${languageInput}'.`);
throw new util.UserError(
`Did not recognize the language '${languageInput}'.`,
);
}
language = parsedLanguage;
}

2
src/setup-codeql.ts
View File

@@ -647,7 +647,7 @@ export async function downloadCodeQL(
export function getCodeQLURLVersion(url: string): string {
const match = url.match(/\/codeql-bundle-(.*)\//);
if (match === null || match.length < 2) {
throw new Error(
throw new util.UserError(
`Malformed tools url: ${url}. Version could not be inferred`,
);
}

10
src/util.ts
View File

@@ -120,7 +120,7 @@ export function getExtraOptionsEnvParam(): object {
return JSON.parse(raw);
} catch (unwrappedError) {
const error = wrapError(unwrappedError);
throw new Error(
throw new UserError(
`${varName} environment variable is set, but does not contain valid JSON: ${error.message}`,
);
}
@@ -204,7 +204,7 @@ export function getMemoryFlagValueForPlatform(
if (userInput) {
memoryToUseMegaBytes = Number(userInput);
if (Number.isNaN(memoryToUseMegaBytes) || memoryToUseMegaBytes <= 0) {
throw new Error(`Invalid RAM setting "${userInput}", specified.`);
throw new UserError(`Invalid RAM setting "${userInput}", specified.`);
}
} else {
const totalMemoryMegaBytes = totalMemoryBytes / (1024 * 1024);
@@ -358,7 +358,7 @@ export function getThreadsFlagValue(
if (userInput) {
numThreads = Number(userInput);
if (Number.isNaN(numThreads)) {
throw new Error(`Invalid threads setting "${userInput}", specified.`);
throw new UserError(`Invalid threads setting "${userInput}", specified.`);
}
if (numThreads > maxThreads) {
logger.info(
@@ -412,14 +412,14 @@ export function parseGitHubUrl(inputUrl: string): string {
inputUrl = `https://${inputUrl}`;
}
if (!inputUrl.startsWith("http://") && !inputUrl.startsWith("https://")) {
throw new Error(`"${originalUrl}" is not a http or https URL`);
throw new UserError(`"${originalUrl}" is not a http or https URL`);
}
let url: URL;
try {
url = new URL(inputUrl);
} catch (e) {
throw new Error(`"${originalUrl}" is not a valid URL`);
throw new UserError(`"${originalUrl}" is not a valid URL`);
}
// If we detect this is trying to be to github.com

58
src/workflow.test.ts
View File

@@ -396,9 +396,9 @@ async function testLanguageAliases(
},
},
steps: [
{ uses: "actions/checkout@v2" },
{ uses: "github/codeql-action/init@v2" },
{ uses: "github/codeql-action/analyze@v2" },
{ uses: "actions/checkout@v3" },
{ uses: "github/codeql-action/init@v3" },
{ uses: "github/codeql-action/analyze@v3" },
],
},
},
@@ -516,11 +516,11 @@ test("getWorkflowErrors() should only report the current job's CheckoutWrongHead
test:
steps:
- run: "git checkout HEAD^2"
test2:
steps:
- run: "git checkout HEAD^2"
test3:
steps: []
`) as Workflow,
@@ -546,11 +546,11 @@ test("getWorkflowErrors() should not report a different job's CheckoutWrongHead"
test:
steps:
- run: "git checkout HEAD^2"
test2:
steps:
- run: "git checkout HEAD^2"
test3:
steps: []
`) as Workflow,
@@ -652,9 +652,9 @@ test("getCategoryInputOrThrow returns category for simple workflow with category
analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: github/codeql-action/init@v2
- uses: github/codeql-action/analyze@v2
- uses: actions/checkout@v3
- uses: github/codeql-action/init@v3
- uses: github/codeql-action/analyze@v3
with:
category: some-category
`) as Workflow,
@@ -674,9 +674,9 @@ test("getCategoryInputOrThrow returns undefined for simple workflow without cate
analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: github/codeql-action/init@v2
- uses: github/codeql-action/analyze@v2
- uses: actions/checkout@v3
- uses: github/codeql-action/init@v3
- uses: github/codeql-action/analyze@v3
`) as Workflow,
"analysis",
{},
@@ -694,19 +694,19 @@ test("getCategoryInputOrThrow returns category for workflow with multiple jobs",
foo:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: github/codeql-action/init@v2
- uses: actions/checkout@v3
- uses: github/codeql-action/init@v3
- runs: ./build foo
- uses: github/codeql-action/analyze@v2
- uses: github/codeql-action/analyze@v3
with:
category: foo-category
bar:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: github/codeql-action/init@v2
- uses: actions/checkout@v3
- uses: github/codeql-action/init@v3
- runs: ./build bar
- uses: github/codeql-action/analyze@v2
- uses: github/codeql-action/analyze@v3
with:
category: bar-category
`) as Workflow,
@@ -729,11 +729,11 @@ test("getCategoryInputOrThrow finds category for workflow with language matrix",
matrix:
language: [javascript, python]
steps:
- uses: actions/checkout@v2
- uses: github/codeql-action/init@v2
- uses: actions/checkout@v3
- uses: github/codeql-action/init@v3
with:
language: \${{ matrix.language }}
- uses: github/codeql-action/analyze@v2
- uses: github/codeql-action/analyze@v3
with:
category: "/language:\${{ matrix.language }}"
`) as Workflow,
@@ -753,9 +753,9 @@ test("getCategoryInputOrThrow throws error for workflow with dynamic category",
jobs:
analysis:
steps:
- uses: actions/checkout@v2
- uses: github/codeql-action/init@v2
- uses: github/codeql-action/analyze@v2
- uses: actions/checkout@v3
- uses: github/codeql-action/init@v3
- uses: github/codeql-action/analyze@v3
with:
category: "\${{ github.workflow }}"
`) as Workflow,
@@ -780,12 +780,12 @@ test("getCategoryInputOrThrow throws error for workflow with multiple calls to a
analysis:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: github/codeql-action/init@v2
- uses: github/codeql-action/analyze@v2
- uses: actions/checkout@v3
- uses: github/codeql-action/init@v3
- uses: github/codeql-action/analyze@v3
with:
category: some-category
- uses: github/codeql-action/analyze@v2
- uses: github/codeql-action/analyze@v3
with:
category: another-category
`) as Workflow,