Merge branch 'master' into analysisName

lib/autobuild.js

@@ -22,12 +22,16 @@ async function run() {
         // We want pick the dominant language in the repo from the ones we're able to build
         // The languages are sorted in order specified by user or by lines of code if we got
         // them from the GitHub API, so try to build the first language on the list.
-        const language = (_a = process.env[sharedEnv.CODEQL_ACTION_TRACED_LANGUAGES]) === null || _a === void 0 ? void 0 : _a.split(',')[0];
+        const autobuildLanguages = ((_a = process.env[sharedEnv.CODEQL_ACTION_TRACED_LANGUAGES]) === null || _a === void 0 ? void 0 : _a.split(',')) || [];
+        const language = autobuildLanguages[0];
         if (!language) {
             core.info("None of the languages in this project require extra build steps");
             return;
         }
         core.debug(`Detected dominant traced language: ${language}`);
+        if (autobuildLanguages.length > 1) {
+            core.warning(`We will only automatically build ${language} code. If you wish to scan ${autobuildLanguages.slice(1).join(' and ')}, you must replace this block with custom build steps.`);
+        }
         core.startGroup(`Attempting to automatically build ${language} code`);
         // TODO: share config accross actions better via env variables
         const codeqlCmd = util.getRequiredEnvParam(sharedEnv.CODEQL_ACTION_CMD);
@@ -44,13 +48,13 @@ async function run() {
         core.endGroup();
     }
     catch (error) {
-        core.setFailed(error.message);
+        core.setFailed("We were unable to automatically build your code. Please replace the call to the autobuild action with your custom build steps.  " + error.message);
         await util.reportActionFailed('autobuild', error.message, error.stack);
         return;
     }
     await util.reportActionSucceeded('autobuild');
 }
 run().catch(e => {
-    core.setFailed("autobuild action failed: " + e);
+    core.setFailed("autobuild action failed.  " + e);
     console.log(e);
 });

lib/external-queries.js

@@ -11,8 +11,9 @@ const core = __importStar(require("@actions/core"));
 const exec = __importStar(require("@actions/exec"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const util = __importStar(require("./util"));
 async function checkoutExternalQueries(config) {
-    const folder = process.env['RUNNER_WORKSPACE'] || '/tmp/codeql-action';
+    const folder = util.getRequiredEnvParam('RUNNER_WORKSPACE');
     for (const externalQuery of config.externalQueries) {
         core.info('Checking out ' + externalQuery.repository);
         const checkoutLocation = path.join(folder, externalQuery.repository);

lib/finalize-db.js

@@ -125,7 +125,10 @@ async function run() {
         core.info('Analyzing database');
         await runQueries(codeqlCmd, databaseFolder, sarifFolder, config);
         if ('true' === core.getInput('upload')) {
-            await upload_lib.upload(sarifFolder);
+            if (!await upload_lib.upload(sarifFolder)) {
+                await util.reportActionFailed('failed', 'upload');
+                return;
+            }
         }
     }
     catch (error) {

lib/upload-lib.js

@@ -54,23 +54,77 @@ function combineSarifFiles(sarifFiles) {
     return JSON.stringify(combinedSarif);
 }
 exports.combineSarifFiles = combineSarifFiles;
+// Upload the given payload.
+// If the request fails then this will retry a small number of times.
+async function uploadPayload(payload) {
+    core.info('Uploading results');
+    const githubToken = core.getInput('token');
+    const ph = new auth.BearerCredentialHandler(githubToken);
+    const client = new http.HttpClient('Code Scanning : Upload SARIF', [ph]);
+    const url = 'https://api.github.com/repos/' + process.env['GITHUB_REPOSITORY'] + '/code-scanning/analysis';
+    // Make up to 4 attempts to upload, and sleep for these
+    // number of seconds between each attempt.
+    // We don't want to backoff too much to avoid wasting action
+    // minutes, but just waiting a little bit could maybe help.
+    const backoffPeriods = [1, 5, 15];
+    for (let attempt = 0; attempt <= backoffPeriods.length; attempt++) {
+        const res = await client.put(url, payload);
+        core.debug('response status: ' + res.message.statusCode);
+        const statusCode = res.message.statusCode;
+        if (statusCode === 202) {
+            core.info("Successfully uploaded results");
+            return true;
+        }
+        const requestID = res.message.headers["x-github-request-id"];
+        // On any other status code that's not 5xx mark the upload as failed
+        if (!statusCode || statusCode < 500 || statusCode >= 600) {
+            core.setFailed('Upload failed (' + requestID + '): (' + statusCode + ') ' + await res.readBody());
+            return false;
+        }
+        // On a 5xx status code we may retry the request
+        if (attempt < backoffPeriods.length) {
+            // Log the failure as a warning but don't mark the action as failed yet
+            core.warning('Upload attempt (' + (attempt + 1) + ' of ' + (backoffPeriods.length + 1) +
+                ') failed (' + requestID + '). Retrying in ' + backoffPeriods[attempt] +
+                ' seconds: (' + statusCode + ') ' + await res.readBody());
+            // Sleep for the backoff period
+            await new Promise(r => setTimeout(r, backoffPeriods[attempt] * 1000));
+            continue;
+        }
+        else {
+            // If the upload fails with 5xx then we assume it is a temporary problem
+            // and not an error that the user has caused or can fix.
+            // We avoid marking the job as failed to avoid breaking CI workflows.
+            core.error('Upload failed (' + requestID + '): (' + statusCode + ') ' + await res.readBody());
+            return false;
+        }
+    }
+    return false;
+}
 // Uploads a single sarif file or a directory of sarif files
 // depending on what the path happens to refer to.
+// Returns true iff the upload occurred and succeeded
 async function upload(input) {
     if (fs.lstatSync(input).isDirectory()) {
         const sarifFiles = fs.readdirSync(input)
             .filter(f => f.endsWith(".sarif"))
             .map(f => path.resolve(input, f));
-        await uploadFiles(sarifFiles);
+        if (sarifFiles.length === 0) {
+            core.setFailed("No SARIF files found to upload in \"" + input + "\".");
+            return false;
+        }
+        return await uploadFiles(sarifFiles);
     }
     else {
-        await uploadFiles([input]);
+        return await uploadFiles([input]);
     }
 }
 exports.upload = upload;
 // Uploads the given set of sarif files.
+// Returns true iff the upload occurred and succeeded
 async function uploadFiles(sarifFiles) {
     core.startGroup("Uploading results");
+    let succeeded = false;
     try {
         // Check if an upload has happened before. If so then abort.
         // This is intended to catch when the finish and upload-sarif actions
@@ -78,7 +132,7 @@ async function uploadFiles(sarifFiles) {
         const sentinelFile = await getSentinelFilePath();
         if (fs.existsSync(sentinelFile)) {
             core.info("Aborting as an upload has already happened from this job");
-            return;
+            return false;
         }
         const commitOid = util.getRequiredEnvParam('GITHUB_SHA');
         const workflowRunIDStr = util.getRequiredEnvParam('GITHUB_RUN_ID');
@@ -86,7 +140,7 @@ async function uploadFiles(sarifFiles) {
         const analysisKey = await util.getAnalysisKey();
         const analysisName = util.getRequiredEnvParam('GITHUB_WORKFLOW');
         const startedAt = process.env[sharedEnv.CODEQL_ACTION_STARTED_AT];
-        core.debug("Uploading sarif files: " + JSON.stringify(sarifFiles));
+        core.info("Uploading sarif files: " + JSON.stringify(sarifFiles));
         let sarifPayload = combineSarifFiles(sarifFiles);
         sarifPayload = fingerprints.addFingerprints(sarifPayload);
         const zipped_sarif = zlib_1.default.gzipSync(sarifPayload).toString('base64');
@@ -95,7 +149,7 @@ async function uploadFiles(sarifFiles) {
         const workflowRunID = parseInt(workflowRunIDStr, 10);
         if (Number.isNaN(workflowRunID)) {
             core.setFailed('GITHUB_RUN_ID must define a non NaN workflow run ID');
-            return;
+            return false;
         }
         let matrix = core.getInput('matrix');
         if (matrix === "null" || matrix === "") {
@@ -114,26 +168,8 @@ async function uploadFiles(sarifFiles) {
             "started_at": startedAt,
             "tool_names": toolNames,
         });
-        core.info('Uploading results');
-        const githubToken = core.getInput('token');
-        const ph = new auth.BearerCredentialHandler(githubToken);
-        const client = new http.HttpClient('Code Scanning : Upload SARIF', [ph]);
-        const url = 'https://api.github.com/repos/' + process.env['GITHUB_REPOSITORY'] + '/code-scanning/analysis';
-        const res = await client.put(url, payload);
-        const requestID = res.message.headers["x-github-request-id"];
-        core.debug('response status: ' + res.message.statusCode);
-        if (res.message.statusCode === 500) {
-            // If the upload fails with 500 then we assume it is a temporary problem
-            // with turbo-scan and not an error that the user has caused or can fix.
-            // We avoid marking the job as failed to avoid breaking CI workflows.
-            core.error('Upload failed (' + requestID + '): ' + await res.readBody());
-        }
-        else if (res.message.statusCode !== 202) {
-            core.setFailed('Upload failed (' + requestID + '): ' + await res.readBody());
-        }
-        else {
-            core.info("Successfully uploaded results");
-        }
+        // Make the upload
+        succeeded = await uploadPayload(payload);
         // Mark that we have made an upload
         fs.writeFileSync(sentinelFile, '');
     }
@@ -141,4 +177,5 @@ async function uploadFiles(sarifFiles) {
         core.setFailed(error.message);
     }
     core.endGroup();
+    return succeeded;
 }

lib/upload-sarif.js

@@ -15,16 +15,20 @@ async function run() {
         return;
     }
     try {
-        await upload_lib.upload(core.getInput('sarif_file'));
+        if (await upload_lib.upload(core.getInput('sarif_file'))) {
+            await util.reportActionSucceeded('upload-sarif');
+        }
+        else {
+            await util.reportActionFailed('upload-sarif', 'upload');
+        }
     }
     catch (error) {
         core.setFailed(error.message);
         await util.reportActionFailed('upload-sarif', error.message, error.stack);
         return;
     }
-    await util.reportActionSucceeded('upload-sarif');
 }
 run().catch(e => {
-    core.setFailed("upload-sarif action failed: " + e);
+    core.setFailed("codeql/upload-sarif action failed: " + e);
     console.log(e);
 });

lib/util.js

@@ -15,6 +15,8 @@ const http = __importStar(require("@actions/http-client"));
 const auth = __importStar(require("@actions/http-client/auth"));
 const octokit = __importStar(require("@octokit/rest"));
 const console_log_level_1 = __importDefault(require("console-log-level"));
+const fs = __importStar(require("fs"));
+const os = __importStar(require("os"));
 const path = __importStar(require("path"));
 const sharedEnv = __importStar(require("./shared-environment"));
 /**
@@ -321,3 +323,11 @@ function getToolNames(sarifContents) {
     return Object.keys(toolNames);
 }
 exports.getToolNames = getToolNames;
+// Creates a random temporary directory, runs the given body, and then deletes the directory.
+// Mostly intended for use within tests.
+async function withTmpDir(body) {
+    const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'codeql-action-'));
+    await body(tmpDir);
+    fs.rmdirSync(tmpDir, { recursive: true });
+}
+exports.withTmpDir = withTmpDir;