Enable mapping from CLI version to bundle tag name

2025-12-31 03:30:14 +08:00 · 2023-01-06 21:01:01 +00:00
parent a6dff04fe1
commit a76fe4f9bd
6 changed files with 168 additions and 3 deletions
--- a/src/codeql.test.ts
+++ b/src/codeql.test.ts
@@ -11,6 +11,7 @@ import nock from "nock";
 import * as sinon from "sinon";

 import * as actionsUtil from "./actions-util";
+import * as api from "./api-client";
 import { GitHubApiDetails } from "./api-client";
 import * as codeql from "./codeql";
 import { AugmentationProperties, Config } from "./config-utils";
@@ -929,6 +930,60 @@ test("databaseInterpretResults() does not set --sarif-add-baseline-file-info for
  );
 });

+test("findCodeQLBundleTagDotcomOnly() matches GitHub Release with marker file", async (t) => {
+  // Look for GitHub Releases in github/codeql-action
+  sinon.stub(actionsUtil, "isRunningLocalAction").resolves(true);
+  sinon.stub(api, "getApiClient").value(() => ({
+    repos: {
+      listReleases: sinon.stub().resolves(undefined),
+    },
+    paginate: sinon.stub().resolves([
+      {
+        assets: [
+          {
+            name: "cli-version-2.12.0.txt",
+          },
+        ],
+        tag_name: "codeql-bundle-20230106",
+      },
+    ]),
+  }));
+  t.is(
+    await codeql.findCodeQLBundleTagDotcomOnly("2.12.0", getRunnerLogger(true)),
+    "codeql-bundle-20230106"
+  );
+});
+
+test("findCodeQLBundleTagDotcomOnly() errors if no GitHub Release matches marker file", async (t) => {
+  // Look for GitHub Releases in github/codeql-action
+  sinon.stub(actionsUtil, "isRunningLocalAction").resolves(true);
+  sinon.stub(api, "getApiClient").value(() => ({
+    repos: {
+      listReleases: sinon.stub().resolves(undefined),
+    },
+    paginate: sinon.stub().resolves([
+      {
+        assets: [
+          {
+            name: "cli-version-2.12.0.txt",
+          },
+        ],
+        tag_name: "codeql-bundle-20230106",
+      },
+    ]),
+  }));
+  await t.throwsAsync(
+    async () =>
+      await codeql.findCodeQLBundleTagDotcomOnly(
+        "2.12.1",
+        getRunnerLogger(true)
+      ),
+    {
+      message: "Failed to find a CodeQL bundle release for CLI version 2.12.1.",
+    }
+  );
+});
+
 export function stubToolRunnerConstructor(): sinon.SinonStub<
  any[],
  toolrunner.ToolRunner
--- a/src/codeql.ts
+++ b/src/codeql.ts
@@ -314,6 +314,45 @@ export function getCodeQLActionRepository(logger: Logger): string {
  return util.getRequiredEnvParam("GITHUB_ACTION_REPOSITORY");
 }

+export async function findCodeQLBundleTagDotcomOnly(
+  cliVersion: string,
+  logger: Logger
+): Promise<string> {
+  const apiClient = api.getApiClient();
+  const codeQLActionRepository = getCodeQLActionRepository(logger);
+  const releases = await apiClient.paginate(apiClient.repos.listReleases, {
+    owner: codeQLActionRepository.split("/")[0],
+    repo: codeQLActionRepository.split("/")[1],
+  });
+  logger.debug(`Found ${releases.length} releases.`);
+
+  for (const release of releases) {
+    const cliVersionFileVersions = release.assets
+      .map((asset) => asset.name.match(/cli-version-(.*)\.txt/)?.[1])
+      .filter((v) => v)
+      .map((v) => v as string);
+
+    if (cliVersionFileVersions.length === 0) {
+      logger.debug(
+        `Ignoring release ${release.tag_name} with no CLI version marker file.`
+      );
+      continue;
+    }
+    if (cliVersionFileVersions.length > 1) {
+      logger.warning(
+        `Ignoring release ${release.tag_name} with multiple CLI version marker files.`
+      );
+      continue;
+    }
+    if (cliVersionFileVersions[0] === cliVersion) {
+      return release.tag_name;
+    }
+  }
+  throw new Error(
+    `Failed to find a CodeQL bundle release for CLI version ${cliVersion}.`
+  );
+}
+
 async function getCodeQLBundleDownloadURL(
  apiDetails: api.GitHubApiDetails,
  variant: util.GitHubVariant,