mirror of
https://github.com/github/codeql-action.git
synced 2026-01-04 21:50:17 +08:00
When downloading the CodeQL bundle, only use the GitHub AE endpoint on GitHub AE, and check it first.
This commit is contained in:
Chris Gavin
@@ -17,6 +17,11 @@ const sampleApiDetails = {
|
||||
url: "https://github.com",
|
||||
};
|
||||
|
||||
const sampleGHAEApiDetails = {
|
||||
auth: "token",
|
||||
url: "https://example.githubenterprise.com",
|
||||
};
|
||||
|
||||
test("download codeql bundle cache", async (t) => {
|
||||
await util.withTmpDir(async (tmpDir) => {
|
||||
const versions = ["20200601", "20200610"];
|
||||
@@ -37,6 +42,7 @@ test("download codeql bundle cache", async (t) => {
|
||||
tmpDir,
|
||||
tmpDir,
|
||||
"runner",
|
||||
util.GitHubVariant.DOTCOM,
|
||||
getRunnerLogger(true)
|
||||
);
|
||||
|
||||
@@ -64,6 +70,7 @@ test("download codeql bundle cache explicitly requested with pinned different ve
|
||||
tmpDir,
|
||||
tmpDir,
|
||||
"runner",
|
||||
util.GitHubVariant.DOTCOM,
|
||||
getRunnerLogger(true)
|
||||
);
|
||||
|
||||
@@ -82,6 +89,7 @@ test("download codeql bundle cache explicitly requested with pinned different ve
|
||||
tmpDir,
|
||||
tmpDir,
|
||||
"runner",
|
||||
util.GitHubVariant.DOTCOM,
|
||||
getRunnerLogger(true)
|
||||
);
|
||||
|
||||
@@ -104,6 +112,7 @@ test("don't download codeql bundle cache with pinned different version cached",
|
||||
tmpDir,
|
||||
tmpDir,
|
||||
"runner",
|
||||
util.GitHubVariant.DOTCOM,
|
||||
getRunnerLogger(true)
|
||||
);
|
||||
|
||||
@@ -115,6 +124,7 @@ test("don't download codeql bundle cache with pinned different version cached",
|
||||
tmpDir,
|
||||
tmpDir,
|
||||
"runner",
|
||||
util.GitHubVariant.DOTCOM,
|
||||
getRunnerLogger(true)
|
||||
);
|
||||
|
||||
@@ -139,6 +149,7 @@ test("download codeql bundle cache with different version cached (not pinned)",
|
||||
tmpDir,
|
||||
tmpDir,
|
||||
"runner",
|
||||
util.GitHubVariant.DOTCOM,
|
||||
getRunnerLogger(true)
|
||||
);
|
||||
|
||||
@@ -165,6 +176,7 @@ test("download codeql bundle cache with different version cached (not pinned)",
|
||||
tmpDir,
|
||||
tmpDir,
|
||||
"runner",
|
||||
util.GitHubVariant.DOTCOM,
|
||||
getRunnerLogger(true)
|
||||
);
|
||||
|
||||
@@ -189,6 +201,7 @@ test('download codeql bundle cache with pinned different version cached if "late
|
||||
tmpDir,
|
||||
tmpDir,
|
||||
"runner",
|
||||
util.GitHubVariant.DOTCOM,
|
||||
getRunnerLogger(true)
|
||||
);
|
||||
|
||||
@@ -216,6 +229,7 @@ test('download codeql bundle cache with pinned different version cached if "late
|
||||
tmpDir,
|
||||
tmpDir,
|
||||
"runner",
|
||||
util.GitHubVariant.DOTCOM,
|
||||
getRunnerLogger(true)
|
||||
);
|
||||
|
||||
@@ -225,6 +239,58 @@ test('download codeql bundle cache with pinned different version cached if "late
|
||||
});
|
||||
});
|
||||
|
||||
test("download codeql bundle from github ae endpoint", async (t) => {
|
||||
await util.withTmpDir(async (tmpDir) => {
|
||||
const bundleAssetID = 10;
|
||||
|
||||
const platform =
|
||||
process.platform === "win32"
|
||||
? "win64"
|
||||
: process.platform === "linux"
|
||||
? "linux64"
|
||||
: "osx64";
|
||||
const codeQLBundleName = `codeql-bundle-${platform}.tar.gz`;
|
||||
|
||||
nock("https://example.githubenterprise.com")
|
||||
.get(
|
||||
`/api/v3/enterprise/code-scanning/codeql-bundle/find/${defaults.bundleVersion}`
|
||||
)
|
||||
.reply(200, {
|
||||
assets: { [codeQLBundleName]: bundleAssetID },
|
||||
});
|
||||
|
||||
nock("https://example.githubenterprise.com")
|
||||
.get(
|
||||
`/api/v3/enterprise/code-scanning/codeql-bundle/download/${bundleAssetID}`
|
||||
)
|
||||
.reply(200, {
|
||||
url: `https://example.githubenterprise.com/github/codeql-action/releases/download/${defaults.bundleVersion}/${codeQLBundleName}`,
|
||||
});
|
||||
|
||||
nock("https://example.githubenterprise.com")
|
||||
.get(
|
||||
`/github/codeql-action/releases/download/${defaults.bundleVersion}/${codeQLBundleName}`
|
||||
)
|
||||
.replyWithFile(
|
||||
200,
|
||||
path.join(__dirname, `/../src/testdata/codeql-bundle-pinned.tar.gz`)
|
||||
);
|
||||
|
||||
await codeql.setupCodeQL(
|
||||
undefined,
|
||||
sampleGHAEApiDetails,
|
||||
tmpDir,
|
||||
tmpDir,
|
||||
"runner",
|
||||
util.GitHubVariant.GHAE,
|
||||
getRunnerLogger(true)
|
||||
);
|
||||
|
||||
const cachedVersions = toolcache.findAllVersions("CodeQL");
|
||||
t.is(cachedVersions.length, 1);
|
||||
});
|
||||
});
|
||||
|
||||
test("parse codeql bundle url version", (t) => {
|
||||
t.deepEqual(
|
||||
codeql.getCodeQLURLVersion(
|
||||
|
||||
@@ -164,6 +164,7 @@ function getCodeQLActionRepository(mode: util.Mode, logger: Logger): string {
|
||||
async function getCodeQLBundleDownloadURL(
|
||||
apiDetails: api.GitHubApiDetails,
|
||||
mode: util.Mode,
|
||||
variant: util.GitHubVariant,
|
||||
logger: Logger
|
||||
): Promise<string> {
|
||||
const codeQLActionRepository = getCodeQLActionRepository(mode, logger);
|
||||
@@ -183,6 +184,39 @@ async function getCodeQLBundleDownloadURL(
|
||||
}
|
||||
);
|
||||
const codeQLBundleName = getCodeQLBundleName();
|
||||
if (variant === util.GitHubVariant.GHAE) {
|
||||
try {
|
||||
const release = await api
|
||||
.getApiClient(apiDetails)
|
||||
.request("GET /enterprise/code-scanning/codeql-bundle/find/{tag}", {
|
||||
tag: CODEQL_BUNDLE_VERSION,
|
||||
});
|
||||
const assetID = release.data.assets[codeQLBundleName];
|
||||
if (assetID !== undefined) {
|
||||
const download = await api
|
||||
.getApiClient(apiDetails)
|
||||
.request(
|
||||
"GET /enterprise/code-scanning/codeql-bundle/download/{asset_id}",
|
||||
{ asset_id: assetID }
|
||||
);
|
||||
const downloadURL = download.data.url;
|
||||
logger.info(
|
||||
`Found CodeQL bundle at GitHub AE endpoint with URL ${downloadURL}.`
|
||||
);
|
||||
return downloadURL;
|
||||
} else {
|
||||
logger.info(
|
||||
`Attempted to fetch bundle from GitHub AE endpoint but the bundle ${codeQLBundleName} was not found in the assets ${JSON.stringify(
|
||||
release.data.assets
|
||||
)}.`
|
||||
);
|
||||
}
|
||||
} catch (e) {
|
||||
logger.info(
|
||||
`Attempted to fetch bundle from GitHub AE endpoint but got error ${e}.`
|
||||
);
|
||||
}
|
||||
}
|
||||
for (const downloadSource of uniqueDownloadSources) {
|
||||
const [apiURL, repository] = downloadSource;
|
||||
// If we've reached the final case, short-circuit the API check since we know the bundle exists and is public.
|
||||
@@ -213,31 +247,6 @@ async function getCodeQLBundleDownloadURL(
|
||||
);
|
||||
}
|
||||
}
|
||||
try {
|
||||
const release = await api
|
||||
.getApiClient(apiDetails)
|
||||
.request("GET /enterprise/code-scanning/codeql-bundle/find/{tag}", {
|
||||
tag: CODEQL_BUNDLE_VERSION,
|
||||
});
|
||||
const assetID = release.data.assets[codeQLBundleName];
|
||||
if (assetID !== undefined) {
|
||||
const download = await api
|
||||
.getApiClient(apiDetails)
|
||||
.request(
|
||||
"GET /enterprise/code-scanning/codeql-bundle/download/{asset_id}",
|
||||
{ asset_id: assetID }
|
||||
);
|
||||
const downloadURL = download.data.url;
|
||||
logger.info(
|
||||
`Found CodeQL bundle at GitHub AE endpoint with URL ${downloadURL}.`
|
||||
);
|
||||
return downloadURL;
|
||||
}
|
||||
} catch (e) {
|
||||
logger.info(
|
||||
`Attempted to fetch bundle from GitHub AE endpoint but got error ${e}.`
|
||||
);
|
||||
}
|
||||
return `https://github.com/${CODEQL_DEFAULT_ACTION_REPOSITORY}/releases/download/${CODEQL_BUNDLE_VERSION}/${codeQLBundleName}`;
|
||||
}
|
||||
|
||||
@@ -270,6 +279,7 @@ export async function setupCodeQL(
|
||||
tempDir: string,
|
||||
toolsDir: string,
|
||||
mode: util.Mode,
|
||||
variant: util.GitHubVariant,
|
||||
logger: Logger
|
||||
): Promise<{ codeql: CodeQL; toolsVersion: string }> {
|
||||
// Setting these two env vars makes the toolcache code safe to use outside,
|
||||
@@ -314,7 +324,12 @@ export async function setupCodeQL(
|
||||
logger.debug(`CodeQL found in cache ${codeqlFolder}`);
|
||||
} else {
|
||||
if (!codeqlURL) {
|
||||
codeqlURL = await getCodeQLBundleDownloadURL(apiDetails, mode, logger);
|
||||
codeqlURL = await getCodeQLBundleDownloadURL(
|
||||
apiDetails,
|
||||
mode,
|
||||
variant,
|
||||
logger
|
||||
);
|
||||
}
|
||||
|
||||
const parsedCodeQLURL = new URL(codeqlURL);
|
||||
|
||||
@@ -101,9 +101,7 @@ async function run() {
|
||||
};
|
||||
|
||||
const gitHubVersion = await getGitHubVersion(apiDetails);
|
||||
if (gitHubVersion !== undefined) {
|
||||
checkGitHubVersionInRange(gitHubVersion, "actions", logger);
|
||||
}
|
||||
checkGitHubVersionInRange(gitHubVersion, "actions", logger);
|
||||
|
||||
try {
|
||||
actionsUtil.prepareLocalRunEnvironment();
|
||||
@@ -129,6 +127,7 @@ async function run() {
|
||||
actionsUtil.getTemporaryDirectory(),
|
||||
actionsUtil.getRequiredEnvParam("RUNNER_TOOL_CACHE"),
|
||||
"actions",
|
||||
gitHubVersion.type,
|
||||
logger
|
||||
);
|
||||
codeql = initCodeQLResult.codeql;
|
||||
|
||||
@@ -19,6 +19,7 @@ export async function initCodeQL(
|
||||
tempDir: string,
|
||||
toolsDir: string,
|
||||
mode: util.Mode,
|
||||
variant: util.GitHubVariant,
|
||||
logger: Logger
|
||||
): Promise<{ codeql: CodeQL; toolsVersion: string }> {
|
||||
logger.startGroup("Setup CodeQL tools");
|
||||
@@ -28,6 +29,7 @@ export async function initCodeQL(
|
||||
tempDir,
|
||||
toolsDir,
|
||||
mode,
|
||||
variant,
|
||||
logger
|
||||
);
|
||||
await codeql.printVersion();
|
||||
|
||||
@@ -167,9 +167,7 @@ program
|
||||
};
|
||||
|
||||
const gitHubVersion = await getGitHubVersion(apiDetails);
|
||||
if (gitHubVersion !== undefined) {
|
||||
checkGitHubVersionInRange(gitHubVersion, "runner", logger);
|
||||
}
|
||||
checkGitHubVersionInRange(gitHubVersion, "runner", logger);
|
||||
|
||||
let codeql: CodeQL;
|
||||
if (cmd.codeqlPath !== undefined) {
|
||||
@@ -182,6 +180,7 @@ program
|
||||
tempDir,
|
||||
toolsDir,
|
||||
"runner",
|
||||
gitHubVersion.type,
|
||||
logger
|
||||
)
|
||||
).codeql;
|
||||
|
||||
Reference in New Issue
Block a user