add first_party_analysis boolean to all status reports

2026-01-02 12:40:21 +08:00 · 2024-02-01 16:02:52 +00:00
parent 592977e6ae
commit a7dc229496
15 changed files with 126 additions and 6 deletions
--- a/src/actions-util.ts
+++ b/src/actions-util.ts
@@ -7,6 +7,7 @@ import * as safeWhich from "@chrisgavin/safe-which";
 import { JSONSchemaForNPMPackageJsonFiles } from "@schemastore/package";

 import type { Config } from "./config-utils";
+import { EnvVar } from "./environment";
 import {
  doesDirectoryExist,
  getCodeQLDatabasePath,
@@ -259,6 +260,17 @@ export function getActionVersion(): string {
  return pkg.version!;
 }

+/**
+ * @returns a boolean indicating whether the analysis is considered to be first party.
+ *
+ * This is based on whether the init action has been used, which is only used for first party analysis.
+ * When a SARIF file has been generated by other means and submitted using the upload action, this is
+ * considered to be a third party analysis and is treated differently when calculating SLOs.
+ */
+export function isFirstPartyAnalysis(): boolean {
+  return process.env[EnvVar.INIT_ACTION_HAS_RUN] === "true";
+}
+
 /**
 * Returns the name of the event that triggered this workflow.
 *
--- a/src/environment.ts
+++ b/src/environment.ts
@@ -41,6 +41,9 @@ export enum EnvVar {
  /** Whether the CodeQL Action has already warned the user about low disk space. */
  HAS_WARNED_ABOUT_DISK_SPACE = "CODEQL_ACTION_HAS_WARNED_ABOUT_DISK_SPACE",

+  /** Whether the init action has been run. */
+  INIT_ACTION_HAS_RUN = "CODEQL_INIT_ACTION_HAS_RUN",
+
  /** UUID representing the current job run. */
  JOB_RUN_UUID = "JOB_RUN_UUID",

--- a/src/init-action.ts
+++ b/src/init-action.ts
@@ -227,6 +227,7 @@ async function run() {
  );

  core.exportVariable(EnvVar.JOB_RUN_UUID, uuidV4());
+  core.exportVariable(EnvVar.INIT_ACTION_HAS_RUN, "true");

  try {
    await sendStatusReport(
--- a/src/status-report.test.ts
+++ b/src/status-report.test.ts
@@ -58,3 +58,66 @@ test("createStatusReportBase", async (t) => {
    t.is(statusReport.workflow_run_id, 100);
  });
 });
+
+test("createStatusReportBase_firstParty", async (t) => {
+  await withTmpDir(async (tmpDir: string) => {
+    setupActionsVars(tmpDir, tmpDir);
+
+    process.env["CODEQL_ACTION_ANALYSIS_KEY"] = "analysis-key";
+    process.env["GITHUB_REF"] = "refs/heads/main";
+    process.env["GITHUB_REPOSITORY"] = "octocat/HelloWorld";
+    process.env["GITHUB_RUN_ATTEMPT"] = "2";
+    process.env["GITHUB_RUN_ID"] = "100";
+    process.env["GITHUB_SHA"] = "a".repeat(40);
+    process.env["ImageVersion"] = "2023.05.19.1";
+    process.env["RUNNER_OS"] = "macOS";
+    process.env["RUNNER_TEMP"] = tmpDir;
+
+    const getRequiredInput = sinon.stub(actionsUtil, "getRequiredInput");
+    getRequiredInput.withArgs("matrix").resolves("input/matrix");
+
+    t.is(
+      (
+        await createStatusReportBase(
+          "init",
+          "failure",
+          new Date("May 19, 2023 05:19:00"),
+          { numAvailableBytes: 100, numTotalBytes: 500 },
+          "failure cause",
+          "exception stack trace",
+        )
+      ).first_party_analysis,
+      false,
+    );
+
+    process.env["CODEQL_INIT_ACTION_HAS_RUN"] = "foobar";
+    t.is(
+      (
+        await createStatusReportBase(
+          "init",
+          "failure",
+          new Date("May 19, 2023 05:19:00"),
+          { numAvailableBytes: 100, numTotalBytes: 500 },
+          "failure cause",
+          "exception stack trace",
+        )
+      ).first_party_analysis,
+      false,
+    );
+
+    process.env["CODEQL_INIT_ACTION_HAS_RUN"] = "true";
+    t.is(
+      (
+        await createStatusReportBase(
+          "init",
+          "failure",
+          new Date("May 19, 2023 05:19:00"),
+          { numAvailableBytes: 100, numTotalBytes: 500 },
+          "failure cause",
+          "exception stack trace",
+        )
+      ).first_party_analysis,
+      true,
+    );
+  });
+});
--- a/src/status-report.ts
+++ b/src/status-report.ts
@@ -10,6 +10,7 @@ import {
  getWorkflowRunAttempt,
  getActionVersion,
  getRequiredInput,
+  isFirstPartyAnalysis,
 } from "./actions-util";
 import { getAnalysisKey, getApiClient } from "./api-client";
 import { EnvVar } from "./environment";
@@ -69,6 +70,8 @@ export interface StatusReportBase {
  completed_at?: string;
  /** Stack trace of the failure (or undefined if status is not failure). */
  exception?: string;
+  /** Whether this is a first-party (CodeQL) run of the action. */
+  first_party_analysis: boolean;
  /** Job name from the workflow. */
  job_name: string;
  /**
@@ -227,6 +230,7 @@ export async function createStatusReportBase(
    action_version: getActionVersion(),
    analysis_key,
    commit_oid: commitOid,
+    first_party_analysis: isFirstPartyAnalysis(),
    job_name: jobName,
    job_run_uuid: jobRunUUID,
    ref,