remove direct accesses to RUNNER_TEMP

src/config-utils.ts

@@ -214,7 +214,12 @@ async function addLocalQueries(
 /**
  * Retrieve the set of queries at the referenced remote repo and add them to resultMap.
  */
-async function addRemoteQueries(configFile: string, resultMap: { [language: string]: string[] }, queryUses: string) {
+async function addRemoteQueries(
+  configFile: string,
+  resultMap: { [language: string]: string[] },
+  queryUses: string,
+  tempDir: string) {
+
   let tok = queryUses.split('@');
   if (tok.length !== 2) {
     throw new Error(getQueryUsesInvalid(configFile, queryUses));
@@ -236,7 +241,7 @@ async function addRemoteQueries(configFile: string, resultMap: { [language: stri
   const nwo = tok[0] + '/' + tok[1];
 
   // Checkout the external repository
-  const rootOfRepo = await externalQueries.checkoutExternalRepository(nwo, ref);
+  const rootOfRepo = await externalQueries.checkoutExternalRepository(nwo, ref, tempDir);
 
   const queryPath = tok.length > 2
     ? path.join(rootOfRepo, tok.slice(2).join('/'))
@@ -257,7 +262,8 @@ async function parseQueryUses(
   configFile: string,
   languages: string[],
   resultMap: { [language: string]: string[] },
-  queryUses: string) {
+  queryUses: string,
+  tempDir: string) {
 
   queryUses = queryUses.trim();
   if (queryUses === "") {
@@ -277,7 +283,7 @@ async function parseQueryUses(
   }
 
   // Otherwise, must be a reference to another repo
-  await addRemoteQueries(configFile, resultMap, queryUses);
+  await addRemoteQueries(configFile, resultMap, queryUses, tempDir);
 }
 
 // Regex validating stars in paths or paths-ignore entries.
@@ -600,7 +606,7 @@ async function loadConfig(configFile: string, tempDir: string, toolCacheDir: str
       if (!(QUERIES_USES_PROPERTY in query) || typeof query[QUERIES_USES_PROPERTY] !== "string") {
         throw new Error(getQueryUsesInvalid(configFile));
       }
-      await parseQueryUses(configFile, languages, queries, query[QUERIES_USES_PROPERTY]);
+      await parseQueryUses(configFile, languages, queries, query[QUERIES_USES_PROPERTY], tempDir);
     }
   }
 

src/external-queries.test.ts

@@ -10,8 +10,10 @@ setupTests(test);
 
 test("checkoutExternalQueries", async t => {
   await util.withTmpDir(async tmpDir => {
-    process.env["RUNNER_TEMP"] = tmpDir;
-    await externalQueries.checkoutExternalRepository("github/codeql-go", "df4c6869212341b601005567381944ed90906b6b");
+    await externalQueries.checkoutExternalRepository(
+      "github/codeql-go",
+      "df4c6869212341b601005567381944ed90906b6b",
+      tmpDir);
 
     // COPYRIGHT file existed in df4c6869212341b601005567381944ed90906b6b but not in the default branch
     t.true(fs.existsSync(path.join(tmpDir, "github", "codeql-go", "COPYRIGHT")));

src/external-queries.ts

@@ -3,17 +3,13 @@ import * as exec from '@actions/exec';
 import * as fs from 'fs';
 import * as path from 'path';
 
-import * as util from './util';
-
 /**
  * Check out repository at the given ref, and return the directory of the checkout.
  */
-export async function checkoutExternalRepository(repository: string, ref: string): Promise<string> {
-  const folder = util.getRequiredEnvParam('RUNNER_TEMP');
-
+export async function checkoutExternalRepository(repository: string, ref: string, tempDir: string): Promise<string> {
   core.info('Checking out ' + repository);
 
-  const checkoutLocation = path.join(folder, repository);
+  const checkoutLocation = path.join(tempDir, repository);
   if (!fs.existsSync(checkoutLocation)) {
     const repoURL = 'https://github.com/' + repository + '.git';
     await exec.exec('git', ['clone', repoURL, checkoutLocation]);

src/finalize-db.ts

@@ -134,7 +134,7 @@ async function run() {
     core.exportVariable(sharedEnv.ODASA_TRACER_CONFIGURATION, '');
     delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
 
-    const databaseFolder = util.getCodeQLDatabasesDir();
+    const databaseFolder = util.getCodeQLDatabasesDir(config.tempDir);
 
     const sarifFolder = core.getInput('output');
     fs.mkdirSync(sarifFolder, { recursive: true });

src/setup-tracer.ts

@@ -52,7 +52,7 @@ async function tracerConfig(
   return info;
 }
 
-function concatTracerConfigs(configs: TracerConfig[]): TracerConfig {
+function concatTracerConfigs(tracerConfigs: TracerConfig[], config: configUtils.Config): TracerConfig {
   // A tracer config is a map containing additional environment variables and a tracer 'spec' file.
   // A tracer 'spec' file has the following format [log_file, number_of_blocks, blocks_text]
 
@@ -60,7 +60,7 @@ function concatTracerConfigs(configs: TracerConfig[]): TracerConfig {
   const env: { [key: string]: string; } = {};
   let copyExecutables = false;
   let envSize = 0;
-  for (const v of configs) {
+  for (const v of tracerConfigs) {
     for (let e of Object.entries(v.env)) {
       const name = e[0];
       const value = e[1];
@@ -80,7 +80,7 @@ function concatTracerConfigs(configs: TracerConfig[]): TracerConfig {
   }
 
   // Concatenate spec files into a new spec file
-  let languages = Object.keys(configs);
+  let languages = Object.keys(tracerConfigs);
   const cppIndex = languages.indexOf('cpp');
   // Make sure cpp is the last language, if it's present since it must be concatenated last
   if (cppIndex !== -1) {
@@ -92,16 +92,15 @@ function concatTracerConfigs(configs: TracerConfig[]): TracerConfig {
   let totalLines: string[] = [];
   let totalCount = 0;
   for (let lang of languages) {
-    const lines = fs.readFileSync(configs[lang].spec, 'utf8').split(/\r?\n/);
+    const lines = fs.readFileSync(tracerConfigs[lang].spec, 'utf8').split(/\r?\n/);
     const count = parseInt(lines[1], 10);
     totalCount += count;
     totalLines.push(...lines.slice(2));
   }
 
-  const tempFolder = util.getRequiredEnvParam('RUNNER_TEMP');
-  const newLogFilePath = path.resolve(tempFolder, 'compound-build-tracer.log');
-  const spec = path.resolve(tempFolder, 'compound-spec');
-  const compoundTempFolder = path.resolve(tempFolder, 'compound-temp');
+  const newLogFilePath = path.resolve(config.tempDir, 'compound-build-tracer.log');
+  const spec = path.resolve(config.tempDir, 'compound-spec');
+  const compoundTempFolder = path.resolve(config.tempDir, 'compound-temp');
   const newSpecContent = [newLogFilePath, totalCount.toString(10), ...totalLines];
 
   if (copyExecutables) {
@@ -214,7 +213,7 @@ async function run() {
     const codeqlRam = process.env['CODEQL_RAM'] || '6500';
     core.exportVariable('CODEQL_RAM', codeqlRam);
 
-    const databaseFolder = util.getCodeQLDatabasesDir();
+    const databaseFolder = util.getCodeQLDatabasesDir(config.tempDir);
     fs.mkdirSync(databaseFolder, { recursive: true });
 
     let tracedLanguageConfigs: TracerConfig[] = [];
@@ -231,7 +230,7 @@ async function run() {
       }
     }
     if (tracedLanguageConfigs.length > 0) {
-      const mainTracerConfig = concatTracerConfigs(tracedLanguageConfigs);
+      const mainTracerConfig = concatTracerConfigs(tracedLanguageConfigs, config);
       if (mainTracerConfig.spec) {
         for (let entry of Object.entries(mainTracerConfig.env)) {
           core.exportVariable(entry[0], entry[1]);

src/util.ts

@@ -430,6 +430,6 @@ export function getThreadsFlag(): string {
 /**
  * Get the directory where CodeQL databases should be placed.
  */
-export function getCodeQLDatabasesDir() {
-  return path.resolve(getRequiredEnvParam('RUNNER_TEMP'), 'codeql_databases');
+export function getCodeQLDatabasesDir(tempDir: string) {
+  return path.resolve(tempDir, 'codeql_databases');
 }