Restore compatibility with GHES 3.1

src/actions-util.ts

@@ -12,6 +12,7 @@ import * as sharedEnv from "./shared-environment";
 import {
   getRequiredEnvParam,
   GITHUB_DOTCOM_URL,
+  isGitHubGhesVersionBelow,
   isHTTPError,
   UserError,
 } from "./util";
@@ -600,7 +601,7 @@ export interface StatusReportBase {
   /** Action runner operating system (context runner.os). */
   runner_os: string;
   /** Action runner hardware architecture (context runner.arch). */
-  runner_arch: string;
+  runner_arch?: string;
   /** Action runner operating system release (x.y.z from os.release()). */
   runner_os_release?: string;
 }
@@ -651,7 +652,6 @@ export async function createStatusReportBase(
     );
   }
   const runnerOs = getRequiredEnvParam("RUNNER_OS");
-  const runnerArch = getRequiredEnvParam("RUNNER_ARCH");
 
   // If running locally then the GITHUB_ACTION_REF cannot be trusted as it may be for the previous action
   // See https://github.com/actions/runner/issues/803
@@ -673,7 +673,6 @@ export async function createStatusReportBase(
     action_started_at: actionStartedAt.toISOString(),
     status,
     runner_os: runnerOs,
-    runner_arch: runnerArch,
   };
 
   // Add optional parameters
@@ -695,6 +694,10 @@ export async function createStatusReportBase(
   if (matrix) {
     statusReport.matrix_vars = matrix;
   }
+  if ("RUNNER_ARCH" in process.env) {
+    // RUNNER_ARCH is available only in GHES 3.4 and later
+    statusReport.runner_arch = process.env["RUNNER_ARCH"];
+  }
   if (runnerOs === "Windows" || runnerOs === "macOS") {
     statusReport.runner_os_release = os.release();
   }
@@ -723,6 +726,14 @@ const INCOMPATIBLE_MSG =
 export async function sendStatusReport<S extends StatusReportBase>(
   statusReport: S
 ): Promise<boolean> {
+  const gitHubVersion = await api.getGitHubVersion();
+  if (isGitHubGhesVersionBelow(gitHubVersion, "3.2.0")) {
+    // GHES 3.1 and earlier versions reject unexpected properties, which means
+    // that they will reject status reports with newly added properties.
+    // Inhibiting status reporting for GHES < 3.2 avoids such failures.
+    return true;
+  }
+
   const statusReportJSON = JSON.stringify(statusReport);
   core.debug(`Sending status report: ${statusReportJSON}`);
   // If in test mode we don't want to upload the results

src/api-client.ts

@@ -5,7 +5,8 @@ import * as retry from "@octokit/plugin-retry";
 import consoleLogLevel from "console-log-level";
 
 import { getRequiredInput } from "./actions-util";
-import { getMode, getRequiredEnvParam } from "./util";
+import * as util from "./util";
+import { getMode, getRequiredEnvParam, GitHubVersion } from "./util";
 
 // eslint-disable-next-line import/no-commonjs
 const pkg = require("../package.json");
@@ -58,14 +59,36 @@ function getApiUrl(githubUrl: string): string {
   return url.toString();
 }
 
+function getApiDetails() {
+  return {
+    auth: getRequiredInput("token"),
+    url: getRequiredEnvParam("GITHUB_SERVER_URL"),
+  };
+}
+
 // Temporary function to aid in the transition to running on and off of github actions.
 // Once all code has been converted this function should be removed or made canonical
 // and called only from the action entrypoints.
 export function getActionsApiClient() {
-  const apiDetails = {
-    auth: getRequiredInput("token"),
-    url: getRequiredEnvParam("GITHUB_SERVER_URL"),
-  };
-
-  return getApiClient(apiDetails);
+  return getApiClient(getApiDetails());
+}
+
+let cachedGitHubVersion: GitHubVersion | undefined = undefined;
+
+/**
+ * Report the GitHub server version. This is a wrapper around
+ * util.getGitHubVersion() that automatically supplies GitHub API details using
+ * GitHub Action inputs. If you need to get the GitHub server version from the
+ * action runner, please call util.getGitHubVersion() instead.
+ *
+ * @returns GitHub version
+ */
+export async function getGitHubVersion(): Promise<GitHubVersion> {
+  if (!util.isActions) {
+    throw new Error("This getGitHubVersion() function works only in an action");
+  }
+  if (cachedGitHubVersion === undefined) {
+    cachedGitHubVersion = await util.getGitHubVersion(getApiDetails());
+  }
+  return cachedGitHubVersion;
 }

src/init-action.ts

@@ -13,6 +13,7 @@ import {
   StatusReportBase,
   validateWorkflow,
 } from "./actions-util";
+import { getGitHubVersion } from "./api-client";
 import { CodeQL, CODEQL_VERSION_NEW_TRACING } from "./codeql";
 import * as configUtils from "./config-utils";
 import { GitHubFeatureFlags } from "./feature-flags";
@@ -31,7 +32,6 @@ import {
   initializeEnvironment,
   Mode,
   checkGitHubVersionInRange,
-  getGitHubVersion,
   codeQlVersionAbove,
   enrichEnvironment,
   getMemoryFlagValue,
@@ -135,7 +135,7 @@ async function run() {
     url: getRequiredEnvParam("GITHUB_SERVER_URL"),
   };
 
-  const gitHubVersion = await getGitHubVersion(apiDetails);
+  const gitHubVersion = await getGitHubVersion();
   checkGitHubVersionInRange(gitHubVersion, logger, Mode.actions);
 
   const repositoryNwo = parseRepositoryNwo(

src/upload-sarif-action.ts

@@ -1,15 +1,11 @@
 import * as core from "@actions/core";
 
 import * as actionsUtil from "./actions-util";
+import { getGitHubVersion } from "./api-client";
 import { getActionsLogger } from "./logging";
 import { parseRepositoryNwo } from "./repository";
 import * as upload_lib from "./upload-lib";
-import {
-  getGitHubVersion,
-  getRequiredEnvParam,
-  initializeEnvironment,
-  Mode,
-} from "./util";
+import { getRequiredEnvParam, initializeEnvironment, Mode } from "./util";
 
 // eslint-disable-next-line import/no-commonjs
 const pkg = require("../package.json");
@@ -55,7 +51,7 @@ async function run() {
       url: getRequiredEnvParam("GITHUB_SERVER_URL"),
     };
 
-    const gitHubVersion = await getGitHubVersion(apiDetails);
+    const gitHubVersion = await getGitHubVersion();
 
     const uploadResult = await upload_lib.uploadFromActions(
       actionsUtil.getRequiredInput("sarif_file"),

src/util.test.ts

@@ -353,3 +353,30 @@ for (const [packs, expectedStatus] of ML_POWERED_JS_STATUS_TESTS) {
     });
   });
 }
+
+test("isGitHubGhesVersionBelow", async (t) => {
+  t.falsy(
+    util.isGitHubGhesVersionBelow({ type: util.GitHubVariant.DOTCOM }, "3.2.0")
+  );
+  t.falsy(
+    util.isGitHubGhesVersionBelow({ type: util.GitHubVariant.GHAE }, "3.2.0")
+  );
+  t.falsy(
+    util.isGitHubGhesVersionBelow(
+      { type: util.GitHubVariant.GHES, version: "3.3.0" },
+      "3.2.0"
+    )
+  );
+  t.falsy(
+    util.isGitHubGhesVersionBelow(
+      { type: util.GitHubVariant.GHES, version: "3.2.0" },
+      "3.2.0"
+    )
+  );
+  t.true(
+    util.isGitHubGhesVersionBelow(
+      { type: util.GitHubVariant.GHES, version: "3.1.2" },
+      "3.2.0"
+    )
+  );
+});

src/util.ts

@@ -594,6 +594,16 @@ export function isHTTPError(arg: any): arg is HTTPError {
   return arg?.status !== undefined && Number.isInteger(arg.status);
 }
 
+export function isGitHubGhesVersionBelow(
+  gitHubVersion: GitHubVersion,
+  expectedVersion: string
+): boolean {
+  return (
+    gitHubVersion.type === GitHubVariant.GHES &&
+    semver.lt(gitHubVersion.version, expectedVersion)
+  );
+}
+
 export async function codeQlVersionAbove(
   codeql: CodeQL,
   requiredVersion: string