diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 99d289f8f..70418568c 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -117083,9 +117083,6 @@ function wrapError(error2) { function getErrorMessage(error2) { return error2 instanceof Error ? error2.message : String(error2); } -function cloneObject(obj) { - return JSON.parse(JSON.stringify(obj)); -} async function asyncSome(array, predicate) { const results = await Promise.all(array.map(predicate)); return results.some((result) => result); @@ -117243,9 +117240,9 @@ async function getGitHubVersion() { } // src/codeql.ts -var fs4 = __toESM(require("fs")); -var path4 = __toESM(require("path")); -var core10 = __toESM(require_core()); +var fs3 = __toESM(require("fs")); +var path3 = __toESM(require("path")); +var core9 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -117485,22 +117482,6 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } -// src/config-utils.ts -var fs3 = __toESM(require("fs")); -var path3 = __toESM(require("path")); -var semver4 = __toESM(require_semver2()); - -// src/analyses.ts -var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { - AnalysisKind2["CodeScanning"] = "code-scanning"; - AnalysisKind2["CodeQuality"] = "code-quality"; - return AnalysisKind2; -})(AnalysisKind || {}); -var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); - -// src/caching-utils.ts -var core6 = __toESM(require_core()); - // src/feature-flags.ts var semver3 = __toESM(require_semver2()); @@ -117510,13 +117491,13 @@ var path2 = __toESM(require("path")); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core7 = __toESM(require_core()); +var core6 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); var runGitCommand = async function(workingDirectory, args, customErrorMessage) { let stdout = ""; let stderr = ""; - core7.debug(`Running git command: git ${args.join(" ")}`); + core6.debug(`Running git command: git ${args.join(" ")}`); try { await new toolrunner2.ToolRunner(await io3.which("git", true), args, { silent: true, @@ -117536,7 +117517,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) { if (stderr.includes("not a git repository")) { reason = "The checkout path provided to the action does not appear to be a git repository."; } - core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`); throw error2; } }; @@ -117647,7 +117628,7 @@ async function getRef() { ) !== head; if (hasChangedRef) { const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core7.debug( + core6.debug( `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); return newRef; @@ -117673,16 +117654,16 @@ async function isAnalyzingDefaultBranch() { } // src/logging.ts -var core8 = __toESM(require_core()); +var core7 = __toESM(require_core()); function getActionsLogger() { - return core8; + return core7; } function withGroup(groupName, f) { - core8.startGroup(groupName); + core7.startGroup(groupName); try { return f(); } finally { - core8.endGroup(); + core7.endGroup(); } } @@ -117917,126 +117898,23 @@ var featureConfig = { } }; -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); - -// src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path3.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs3.existsSync(configFile)) { - return void 0; - } - const configString = fs3.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} -function generateCodeScanningConfig(originalUserInput, augmentationProperties) { - const augmentedConfig = cloneObject(originalUserInput); - if (augmentationProperties.queriesInput) { - if (augmentationProperties.queriesInputCombines) { - augmentedConfig.queries = (augmentedConfig.queries || []).concat( - augmentationProperties.queriesInput - ); - } else { - augmentedConfig.queries = augmentationProperties.queriesInput; - } - } - if (augmentedConfig.queries?.length === 0) { - delete augmentedConfig.queries; - } - if (augmentationProperties.packsInput) { - if (augmentationProperties.packsInputCombines) { - if (Array.isArray(augmentedConfig.packs)) { - augmentedConfig.packs = (augmentedConfig.packs || []).concat( - augmentationProperties.packsInput - ); - } else if (!augmentedConfig.packs) { - augmentedConfig.packs = augmentationProperties.packsInput; - } else { - const language = Object.keys(augmentedConfig.packs)[0]; - augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(augmentationProperties.packsInput); - } - } else { - augmentedConfig.packs = augmentationProperties.packsInput; - } - } - if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) { - delete augmentedConfig.packs; - } - augmentedConfig["query-filters"] = [ - // Ordering matters. If the first filter is an inclusion, it implicitly - // excludes all queries that are not included. If it is an exclusion, - // it implicitly includes all queries that are not excluded. So user - // filters (if any) should always be first to preserve intent. - ...augmentedConfig["query-filters"] || [], - ...augmentationProperties.extraQueryExclusions - ]; - if (augmentedConfig["query-filters"]?.length === 0) { - delete augmentedConfig["query-filters"]; - } - return augmentedConfig; -} - // src/setup-codeql.ts var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver7 = __toESM(require_semver2()); +var semver6 = __toESM(require_semver2()); // src/tar.ts var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); var toolcache = __toESM(require_tool_cache()); -var semver5 = __toESM(require_semver2()); +var semver4 = __toESM(require_semver2()); // src/tools-download.ts -var core9 = __toESM(require_core()); +var core8 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver6 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; // src/tracer-config.ts @@ -118094,12 +117972,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path4.join( + const tracingConfigPath = path3.join( extractorPath, "tools", "tracing-config.lua" ); - return fs4.existsSync(tracingConfigPath); + return fs3.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -118170,7 +118048,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path4.join( + const autobuildCmd = path3.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -118491,12 +118369,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core10.warning( + core9.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core9.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -118548,17 +118426,13 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(augmentedConfig)); + logger.info(dump(config.computedConfig)); logger.endGroup(); - fs4.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs3.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -118581,7 +118455,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path4.resolve(config.tempDir, "user-config.yaml"); + return path3.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -118601,6 +118475,79 @@ async function getJobRunUuidSarifOptions(codeql) { ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } +// src/config-utils.ts +var fs4 = __toESM(require("fs")); +var path4 = __toESM(require("path")); +var semver7 = __toESM(require_semver2()); + +// src/analyses.ts +var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { + AnalysisKind2["CodeScanning"] = "code-scanning"; + AnalysisKind2["CodeQuality"] = "code-quality"; + return AnalysisKind2; +})(AnalysisKind || {}); +var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); + +// src/caching-utils.ts +var core10 = __toESM(require_core()); + +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); + +// src/config-utils.ts +var defaultAugmentationProperties = { + queriesInputCombines: false, + packsInputCombines: false, + packsInput: void 0, + queriesInput: void 0, + extraQueryExclusions: [], + overlayDatabaseMode: "none" /* None */, + useOverlayDatabaseCaching: false +}; +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path4.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs4.existsSync(configFile)) { + return void 0; + } + const configString = fs4.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} + // src/debug-artifacts.ts var fs5 = __toESM(require("fs")); var path5 = __toESM(require("path")); diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 29aef44a7..ead5a6e9a 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -89845,9 +89845,6 @@ function satisfiesGHESVersion(ghesVersion, range, defaultIfInvalid) { semverVersion.prerelease = []; return semver.satisfies(semverVersion, range); } -function cloneObject(obj) { - return JSON.parse(JSON.stringify(obj)); -} async function checkSipEnablement(logger) { if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; @@ -90287,12 +90284,12 @@ function wrapApiConfigurationError(e) { } // src/autobuild.ts -var core11 = __toESM(require_core()); +var core10 = __toESM(require_core()); // src/codeql.ts -var fs14 = __toESM(require("fs")); -var path14 = __toESM(require("path")); -var core10 = __toESM(require_core()); +var fs12 = __toESM(require("fs")); +var path12 = __toESM(require("path")); +var core9 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -90532,27 +90529,6 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } -// src/config-utils.ts -var fs9 = __toESM(require("fs")); -var path10 = __toESM(require("path")); -var semver4 = __toESM(require_semver2()); - -// src/caching-utils.ts -var core6 = __toESM(require_core()); -async function getTotalCacheSize(paths, logger, quiet = false) { - const sizes = await Promise.all( - paths.map((cacheDir) => tryGetFolderBytes(cacheDir, logger, quiet)) - ); - return sizes.map((a) => a || 0).reduce((a, b) => a + b, 0); -} -function shouldStoreCache(kind) { - return kind === "full" /* Full */ || kind === "store" /* Store */; -} - -// src/diff-informed-analysis-utils.ts -var fs8 = __toESM(require("fs")); -var path9 = __toESM(require("path")); - // src/feature-flags.ts var fs7 = __toESM(require("fs")); var path8 = __toESM(require("path")); @@ -90568,13 +90544,13 @@ var path7 = __toESM(require("path")); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core7 = __toESM(require_core()); +var core6 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); var runGitCommand = async function(workingDirectory, args, customErrorMessage) { let stdout = ""; let stderr = ""; - core7.debug(`Running git command: git ${args.join(" ")}`); + core6.debug(`Running git command: git ${args.join(" ")}`); try { await new toolrunner2.ToolRunner(await io3.which("git", true), args, { silent: true, @@ -90594,7 +90570,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) { if (stderr.includes("not a git repository")) { reason = "The checkout path provided to the action does not appear to be a git repository."; } - core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`); throw error2; } }; @@ -90739,7 +90715,7 @@ async function getRef() { ) !== head; if (hasChangedRef) { const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core7.debug( + core6.debug( `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); return newRef; @@ -90765,16 +90741,16 @@ async function isAnalyzingDefaultBranch() { } // src/logging.ts -var core8 = __toESM(require_core()); +var core7 = __toESM(require_core()); function getActionsLogger() { - return core8; + return core7; } async function withGroupAsync(groupName, f) { - core8.startGroup(groupName); + core7.startGroup(groupName); try { return await f(); } finally { - core8.endGroup(); + core7.endGroup(); } } function formatDuration(durationMs) { @@ -91376,280 +91352,12 @@ var GitHubFeatureFlags = class { } }; -// src/diff-informed-analysis-utils.ts -async function getDiffInformedAnalysisBranches(codeql, features, logger) { - if (!await features.getValue("diff_informed_queries" /* DiffInformedQueries */, codeql)) { - return void 0; - } - const gitHubVersion = await getGitHubVersion(); - if (gitHubVersion.type === 1 /* GHES */ && satisfiesGHESVersion(gitHubVersion.version, "<3.19", true)) { - return void 0; - } - const branches = getPullRequestBranches(); - if (!branches) { - logger.info( - "Not performing diff-informed analysis because we are not analyzing a pull request." - ); - } - return branches; -} -function getDiffRangesJsonFilePath() { - return path9.join(getTemporaryDirectory(), "pr-diff-range.json"); -} -function writeDiffRangesJsonFile(logger, ranges) { - const jsonContents = JSON.stringify(ranges, null, 2); - const jsonFilePath = getDiffRangesJsonFilePath(); - fs8.writeFileSync(jsonFilePath, jsonContents); - logger.debug( - `Wrote pr-diff-range JSON file to ${jsonFilePath}: -${jsonContents}` - ); -} -function readDiffRangesJsonFile(logger) { - const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs8.existsSync(jsonFilePath)) { - logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); - return void 0; - } - const jsonContents = fs8.readFileSync(jsonFilePath, "utf8"); - logger.debug( - `Read pr-diff-range JSON file from ${jsonFilePath}: -${jsonContents}` - ); - return JSON.parse(jsonContents); -} - -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); -var CACHE_VERSION2 = 1; -var CODEQL_TRAP_CACHE_PREFIX = "codeql-trap"; -var MINIMUM_CACHE_MB_TO_UPLOAD = 10; -var MAX_CACHE_OPERATION_MS2 = 12e4; -async function uploadTrapCaches(codeql, config, logger) { - if (!await isAnalyzingDefaultBranch()) return false; - for (const language of config.languages) { - const cacheDir = config.trapCaches[language]; - if (cacheDir === void 0) continue; - const trapFolderSize = await tryGetFolderBytes(cacheDir, logger); - if (trapFolderSize === void 0) { - logger.info( - `Skipping upload of TRAP cache for ${language} as we couldn't determine its size` - ); - continue; - } - if (trapFolderSize < MINIMUM_CACHE_MB_TO_UPLOAD * 1048576) { - logger.info( - `Skipping upload of TRAP cache for ${language} as it is too small` - ); - continue; - } - const key = await cacheKey( - codeql, - language, - process.env.GITHUB_SHA || "unknown" - ); - logger.info(`Uploading TRAP cache to Actions cache with key ${key}`); - await withTimeout( - MAX_CACHE_OPERATION_MS2, - actionsCache2.saveCache([cacheDir], key), - () => { - logger.info( - `Timed out waiting for TRAP cache for ${language} to upload, will continue without uploading` - ); - } - ); - } - return true; -} -async function cleanupTrapCaches(config, features, logger) { - if (!await features.getValue("cleanup_trap_caches" /* CleanupTrapCaches */)) { - return { - trap_cache_cleanup_skipped_because: "feature disabled" - }; - } - if (!await isAnalyzingDefaultBranch()) { - return { - trap_cache_cleanup_skipped_because: "not analyzing default branch" - }; - } - try { - let totalBytesCleanedUp = 0; - const allCaches = await listActionsCaches( - CODEQL_TRAP_CACHE_PREFIX, - await getRef() - ); - for (const language of config.languages) { - if (config.trapCaches[language]) { - const cachesToRemove = await getTrapCachesForLanguage( - allCaches, - language, - logger - ); - cachesToRemove.sort((a, b) => a.created_at.localeCompare(b.created_at)); - const mostRecentCache = cachesToRemove.pop(); - logger.debug( - `Keeping most recent TRAP cache (${JSON.stringify(mostRecentCache)})` - ); - if (cachesToRemove.length === 0) { - logger.info(`No TRAP caches to clean up for ${language}.`); - continue; - } - for (const cache of cachesToRemove) { - logger.debug(`Cleaning up TRAP cache (${JSON.stringify(cache)})`); - await deleteActionsCache(cache.id); - } - const bytesCleanedUp = cachesToRemove.reduce( - (acc, item) => acc + item.size_in_bytes, - 0 - ); - totalBytesCleanedUp += bytesCleanedUp; - const megabytesCleanedUp = (bytesCleanedUp / (1024 * 1024)).toFixed(2); - logger.info( - `Cleaned up ${megabytesCleanedUp} MiB of old TRAP caches for ${language}.` - ); - } - } - return { trap_cache_cleanup_size_bytes: totalBytesCleanedUp }; - } catch (e) { - if (isHTTPError(e) && e.status === 403) { - logger.warning( - `Could not cleanup TRAP caches as the token did not have the required permissions. To clean up TRAP caches, ensure the token has the "actions:write" permission. See ${"https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs" /* ASSIGNING_PERMISSIONS_TO_JOBS */} for more information.` - ); - } else { - logger.info(`Failed to cleanup TRAP caches, continuing. Details: ${e}`); - } - return { trap_cache_cleanup_error: getErrorMessage(e) }; - } -} -async function getTrapCachesForLanguage(allCaches, language, logger) { - logger.debug(`Listing TRAP caches for ${language}`); - for (const cache of allCaches) { - if (!cache.created_at || !cache.id || !cache.key || !cache.size_in_bytes) { - throw new Error( - `An unexpected cache item was returned from the API that was missing one or more required fields: ${JSON.stringify(cache)}` - ); - } - } - return allCaches.filter((cache) => { - return cache.key?.includes(`-${language}-`); - }); -} -async function cacheKey(codeql, language, baseSha) { - return `${await cachePrefix(codeql, language)}${baseSha}`; -} -async function cachePrefix(codeql, language) { - return `${CODEQL_TRAP_CACHE_PREFIX}-${CACHE_VERSION2}-${(await codeql.getVersion()).version}-${language}-`; -} - -// src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path10.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs9.existsSync(configFile)) { - return void 0; - } - const configString = fs9.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} -function generateCodeScanningConfig(originalUserInput, augmentationProperties) { - const augmentedConfig = cloneObject(originalUserInput); - if (augmentationProperties.queriesInput) { - if (augmentationProperties.queriesInputCombines) { - augmentedConfig.queries = (augmentedConfig.queries || []).concat( - augmentationProperties.queriesInput - ); - } else { - augmentedConfig.queries = augmentationProperties.queriesInput; - } - } - if (augmentedConfig.queries?.length === 0) { - delete augmentedConfig.queries; - } - if (augmentationProperties.packsInput) { - if (augmentationProperties.packsInputCombines) { - if (Array.isArray(augmentedConfig.packs)) { - augmentedConfig.packs = (augmentedConfig.packs || []).concat( - augmentationProperties.packsInput - ); - } else if (!augmentedConfig.packs) { - augmentedConfig.packs = augmentationProperties.packsInput; - } else { - const language = Object.keys(augmentedConfig.packs)[0]; - augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(augmentationProperties.packsInput); - } - } else { - augmentedConfig.packs = augmentationProperties.packsInput; - } - } - if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) { - delete augmentedConfig.packs; - } - augmentedConfig["query-filters"] = [ - // Ordering matters. If the first filter is an inclusion, it implicitly - // excludes all queries that are not included. If it is an exclusion, - // it implicitly includes all queries that are not excluded. So user - // filters (if any) should always be first to preserve intent. - ...augmentedConfig["query-filters"] || [], - ...augmentationProperties.extraQueryExclusions - ]; - if (augmentedConfig["query-filters"]?.length === 0) { - delete augmentedConfig["query-filters"]; - } - return augmentedConfig; -} -function isCodeQualityEnabled(config) { - return config.analysisKinds.includes("code-quality" /* CodeQuality */); -} - // src/setup-codeql.ts -var fs12 = __toESM(require("fs")); -var path12 = __toESM(require("path")); +var fs10 = __toESM(require("fs")); +var path10 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver7 = __toESM(require_semver2()); +var semver6 = __toESM(require_semver2()); // node_modules/uuid/dist/esm/stringify.js var byteToHex = []; @@ -91704,12 +91412,12 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs10 = __toESM(require("fs")); +var fs8 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); var toolcache = __toESM(require_tool_cache()); -var semver5 = __toESM(require_semver2()); +var semver4 = __toESM(require_semver2()); var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3"; var MIN_REQUIRED_GNU_TAR_VERSION = "1.31"; async function getTarVersion() { @@ -91751,9 +91459,9 @@ async function isZstdAvailable(logger) { case "gnu": return { available: foundZstdBinary && // GNU tar only uses major and minor version numbers - semver5.gte( - semver5.coerce(version), - semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION) + semver4.gte( + semver4.coerce(version), + semver4.coerce(MIN_REQUIRED_GNU_TAR_VERSION) ), foundZstdBinary, version: tarVersion @@ -91762,7 +91470,7 @@ async function isZstdAvailable(logger) { return { available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain // a patch version number. - semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), + semver4.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), foundZstdBinary, version: tarVersion }; @@ -91777,7 +91485,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs10.mkdirSync(dest, { recursive: true }); + fs8.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -91861,15 +91569,15 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs11 = __toESM(require("fs")); +var fs9 = __toESM(require("fs")); var os2 = __toESM(require("os")); -var path11 = __toESM(require("path")); +var path9 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); -var core9 = __toESM(require_core()); +var core8 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver6 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; var TOOLCACHE_TOOL_NAME = "CodeQL"; function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) { @@ -91919,10 +91627,10 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } } catch (e) { - core9.warning( + core8.warning( `Failed to download and extract CodeQL bundle using streaming with error: ${getErrorMessage(e)}` ); - core9.warning(`Falling back to downloading the bundle before extracting.`); + core8.warning(`Falling back to downloading the bundle before extracting.`); await cleanUpGlob(dest, "CodeQL bundle", logger); } const toolsDownloadStart = import_perf_hooks.performance.now(); @@ -91968,7 +91676,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs11.mkdirSync(dest, { recursive: true }); + fs9.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -91996,16 +91704,16 @@ async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorizatio await extractTarZst(response, dest, tarVersion, logger); } function getToolcacheDirectory(version) { - return path11.join( + return path9.join( getRequiredEnvParam("RUNNER_TOOL_CACHE"), TOOLCACHE_TOOL_NAME, - semver6.clean(version) || version, + semver5.clean(version) || version, os2.arch() || "" ); } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs11.writeFileSync(markerFilePath, ""); + fs9.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -92120,13 +91828,13 @@ function tryGetTagNameFromUrl(url2, logger) { return match[1]; } function convertToSemVer(version, logger) { - if (!semver7.valid(version)) { + if (!semver6.valid(version)) { logger.debug( `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.` ); version = `0.0.0-${version}`; } - const s = semver7.clean(version); + const s = semver6.clean(version); if (!s) { throw new Error(`Bundle version ${version} is not in SemVer format.`); } @@ -92136,7 +91844,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs12.existsSync(path12.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs10.existsSync(path10.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -92196,7 +91904,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian url2 = toolsInput; if (tagName) { const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger); - if (bundleVersion3 && semver7.valid(bundleVersion3)) { + if (bundleVersion3 && semver6.valid(bundleVersion3)) { cliVersion2 = convertToSemVer(bundleVersion3, logger); } } @@ -92465,16 +92173,16 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau async function useZstdBundle(cliVersion2, tarSupportsZstd) { return ( // In testing, gzip performs better than zstd on Windows. - process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) + process.platform !== "win32" && tarSupportsZstd && semver6.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) ); } function getTempExtractionDir(tempDir) { - return path12.join(tempDir, v4_default()); + return path10.join(tempDir, v4_default()); } // src/tracer-config.ts -var fs13 = __toESM(require("fs")); -var path13 = __toESM(require("path")); +var fs11 = __toESM(require("fs")); +var path11 = __toESM(require("path")); async function shouldEnableIndirectTracing(codeql, config) { if (config.buildMode === "none" /* None */) { return false; @@ -92489,18 +92197,18 @@ async function endTracingForCluster(codeql, config, logger) { logger.info( "Unsetting build tracing environment variables. Subsequent steps of this job will not be traced." ); - const envVariablesFile = path13.resolve( + const envVariablesFile = path11.resolve( config.dbLocation, "temp/tracingEnvironment/end-tracing.json" ); - if (!fs13.existsSync(envVariablesFile)) { + if (!fs11.existsSync(envVariablesFile)) { throw new Error( `Environment file for ending tracing not found: ${envVariablesFile}` ); } try { const endTracingEnvVariables = JSON.parse( - fs13.readFileSync(envVariablesFile, "utf8") + fs11.readFileSync(envVariablesFile, "utf8") ); for (const [key, value] of Object.entries(endTracingEnvVariables)) { if (value !== null) { @@ -92545,7 +92253,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV toolsDownloadStatusReport )}` ); - let codeqlCmd = path14.join(codeqlFolder, "codeql", "codeql"); + let codeqlCmd = path12.join(codeqlFolder, "codeql", "codeql"); if (process.platform === "win32") { codeqlCmd += ".exe"; } else if (process.platform !== "linux" && process.platform !== "darwin") { @@ -92606,12 +92314,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path14.join( + const tracingConfigPath = path12.join( extractorPath, "tools", "tracing-config.lua" ); - return fs14.existsSync(tracingConfigPath); + return fs12.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -92682,7 +92390,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path14.join( + const autobuildCmd = path12.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -93003,12 +92711,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core10.warning( + core9.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core9.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -93060,17 +92768,13 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(augmentedConfig)); + logger.info(dump(config.computedConfig)); logger.endGroup(); - fs14.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs12.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -93093,7 +92797,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path14.resolve(config.tempDir, "user-config.yaml"); + return path12.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -93130,16 +92834,16 @@ async function setupCppAutobuild(codeql, logger) { logger.info( `Disabling ${featureName} as we are on a self-hosted runner.${getWorkflowEventName() !== "dynamic" ? ` To override this, set the ${envVar} environment variable to 'true' in your workflow. See ${"https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow" /* DEFINE_ENV_VARIABLES */} for more information.` : ""}` ); - core11.exportVariable(envVar, "false"); + core10.exportVariable(envVar, "false"); } else { logger.info( `Enabling ${featureName}. This can be disabled by setting the ${envVar} environment variable to 'false'. See ${"https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow" /* DEFINE_ENV_VARIABLES */} for more information.` ); - core11.exportVariable(envVar, "true"); + core10.exportVariable(envVar, "true"); } } else { logger.info(`Disabling ${featureName}.`); - core11.exportVariable(envVar, "false"); + core10.exportVariable(envVar, "false"); } } async function runAutobuild(config, language, logger) { @@ -93154,11 +92858,252 @@ async function runAutobuild(config, language, logger) { await codeQL.runAutobuild(config, language); } if (language === "go" /* go */) { - core11.exportVariable("CODEQL_ACTION_DID_AUTOBUILD_GOLANG" /* DID_AUTOBUILD_GOLANG */, "true"); + core10.exportVariable("CODEQL_ACTION_DID_AUTOBUILD_GOLANG" /* DID_AUTOBUILD_GOLANG */, "true"); } logger.endGroup(); } +// src/config-utils.ts +var fs14 = __toESM(require("fs")); +var path14 = __toESM(require("path")); +var semver7 = __toESM(require_semver2()); + +// src/caching-utils.ts +var core11 = __toESM(require_core()); +async function getTotalCacheSize(paths, logger, quiet = false) { + const sizes = await Promise.all( + paths.map((cacheDir) => tryGetFolderBytes(cacheDir, logger, quiet)) + ); + return sizes.map((a) => a || 0).reduce((a, b) => a + b, 0); +} +function shouldStoreCache(kind) { + return kind === "full" /* Full */ || kind === "store" /* Store */; +} + +// src/diff-informed-analysis-utils.ts +var fs13 = __toESM(require("fs")); +var path13 = __toESM(require("path")); +async function getDiffInformedAnalysisBranches(codeql, features, logger) { + if (!await features.getValue("diff_informed_queries" /* DiffInformedQueries */, codeql)) { + return void 0; + } + const gitHubVersion = await getGitHubVersion(); + if (gitHubVersion.type === 1 /* GHES */ && satisfiesGHESVersion(gitHubVersion.version, "<3.19", true)) { + return void 0; + } + const branches = getPullRequestBranches(); + if (!branches) { + logger.info( + "Not performing diff-informed analysis because we are not analyzing a pull request." + ); + } + return branches; +} +function getDiffRangesJsonFilePath() { + return path13.join(getTemporaryDirectory(), "pr-diff-range.json"); +} +function writeDiffRangesJsonFile(logger, ranges) { + const jsonContents = JSON.stringify(ranges, null, 2); + const jsonFilePath = getDiffRangesJsonFilePath(); + fs13.writeFileSync(jsonFilePath, jsonContents); + logger.debug( + `Wrote pr-diff-range JSON file to ${jsonFilePath}: +${jsonContents}` + ); +} +function readDiffRangesJsonFile(logger) { + const jsonFilePath = getDiffRangesJsonFilePath(); + if (!fs13.existsSync(jsonFilePath)) { + logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); + return void 0; + } + const jsonContents = fs13.readFileSync(jsonFilePath, "utf8"); + logger.debug( + `Read pr-diff-range JSON file from ${jsonFilePath}: +${jsonContents}` + ); + return JSON.parse(jsonContents); +} + +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); +var CACHE_VERSION2 = 1; +var CODEQL_TRAP_CACHE_PREFIX = "codeql-trap"; +var MINIMUM_CACHE_MB_TO_UPLOAD = 10; +var MAX_CACHE_OPERATION_MS2 = 12e4; +async function uploadTrapCaches(codeql, config, logger) { + if (!await isAnalyzingDefaultBranch()) return false; + for (const language of config.languages) { + const cacheDir = config.trapCaches[language]; + if (cacheDir === void 0) continue; + const trapFolderSize = await tryGetFolderBytes(cacheDir, logger); + if (trapFolderSize === void 0) { + logger.info( + `Skipping upload of TRAP cache for ${language} as we couldn't determine its size` + ); + continue; + } + if (trapFolderSize < MINIMUM_CACHE_MB_TO_UPLOAD * 1048576) { + logger.info( + `Skipping upload of TRAP cache for ${language} as it is too small` + ); + continue; + } + const key = await cacheKey( + codeql, + language, + process.env.GITHUB_SHA || "unknown" + ); + logger.info(`Uploading TRAP cache to Actions cache with key ${key}`); + await withTimeout( + MAX_CACHE_OPERATION_MS2, + actionsCache2.saveCache([cacheDir], key), + () => { + logger.info( + `Timed out waiting for TRAP cache for ${language} to upload, will continue without uploading` + ); + } + ); + } + return true; +} +async function cleanupTrapCaches(config, features, logger) { + if (!await features.getValue("cleanup_trap_caches" /* CleanupTrapCaches */)) { + return { + trap_cache_cleanup_skipped_because: "feature disabled" + }; + } + if (!await isAnalyzingDefaultBranch()) { + return { + trap_cache_cleanup_skipped_because: "not analyzing default branch" + }; + } + try { + let totalBytesCleanedUp = 0; + const allCaches = await listActionsCaches( + CODEQL_TRAP_CACHE_PREFIX, + await getRef() + ); + for (const language of config.languages) { + if (config.trapCaches[language]) { + const cachesToRemove = await getTrapCachesForLanguage( + allCaches, + language, + logger + ); + cachesToRemove.sort((a, b) => a.created_at.localeCompare(b.created_at)); + const mostRecentCache = cachesToRemove.pop(); + logger.debug( + `Keeping most recent TRAP cache (${JSON.stringify(mostRecentCache)})` + ); + if (cachesToRemove.length === 0) { + logger.info(`No TRAP caches to clean up for ${language}.`); + continue; + } + for (const cache of cachesToRemove) { + logger.debug(`Cleaning up TRAP cache (${JSON.stringify(cache)})`); + await deleteActionsCache(cache.id); + } + const bytesCleanedUp = cachesToRemove.reduce( + (acc, item) => acc + item.size_in_bytes, + 0 + ); + totalBytesCleanedUp += bytesCleanedUp; + const megabytesCleanedUp = (bytesCleanedUp / (1024 * 1024)).toFixed(2); + logger.info( + `Cleaned up ${megabytesCleanedUp} MiB of old TRAP caches for ${language}.` + ); + } + } + return { trap_cache_cleanup_size_bytes: totalBytesCleanedUp }; + } catch (e) { + if (isHTTPError(e) && e.status === 403) { + logger.warning( + `Could not cleanup TRAP caches as the token did not have the required permissions. To clean up TRAP caches, ensure the token has the "actions:write" permission. See ${"https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs" /* ASSIGNING_PERMISSIONS_TO_JOBS */} for more information.` + ); + } else { + logger.info(`Failed to cleanup TRAP caches, continuing. Details: ${e}`); + } + return { trap_cache_cleanup_error: getErrorMessage(e) }; + } +} +async function getTrapCachesForLanguage(allCaches, language, logger) { + logger.debug(`Listing TRAP caches for ${language}`); + for (const cache of allCaches) { + if (!cache.created_at || !cache.id || !cache.key || !cache.size_in_bytes) { + throw new Error( + `An unexpected cache item was returned from the API that was missing one or more required fields: ${JSON.stringify(cache)}` + ); + } + } + return allCaches.filter((cache) => { + return cache.key?.includes(`-${language}-`); + }); +} +async function cacheKey(codeql, language, baseSha) { + return `${await cachePrefix(codeql, language)}${baseSha}`; +} +async function cachePrefix(codeql, language) { + return `${CODEQL_TRAP_CACHE_PREFIX}-${CACHE_VERSION2}-${(await codeql.getVersion()).version}-${language}-`; +} + +// src/config-utils.ts +var defaultAugmentationProperties = { + queriesInputCombines: false, + packsInputCombines: false, + packsInput: void 0, + queriesInput: void 0, + extraQueryExclusions: [], + overlayDatabaseMode: "none" /* None */, + useOverlayDatabaseCaching: false +}; +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path14.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs14.existsSync(configFile)) { + return void 0; + } + const configString = fs14.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} +function isCodeQualityEnabled(config) { + return config.analysisKinds.includes("code-quality" /* CodeQuality */); +} + // src/dependency-caching.ts var os3 = __toESM(require("os")); var import_path = require("path"); diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index ca18e315a..04f82f84f 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -77708,9 +77708,6 @@ function checkActionVersion(version, githubVersion) { } } } -function cloneObject(obj) { - return JSON.parse(JSON.stringify(obj)); -} async function checkSipEnablement(logger) { if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; @@ -77982,12 +77979,12 @@ async function getAnalysisKey() { } // src/autobuild.ts -var core11 = __toESM(require_core()); +var core10 = __toESM(require_core()); // src/codeql.ts -var fs6 = __toESM(require("fs")); -var path6 = __toESM(require("path")); -var core10 = __toESM(require_core()); +var fs5 = __toESM(require("fs")); +var path5 = __toESM(require("path")); +var core9 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -78227,22 +78224,6 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } -// src/config-utils.ts -var fs4 = __toESM(require("fs")); -var path4 = __toESM(require("path")); -var semver4 = __toESM(require_semver2()); - -// src/analyses.ts -var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { - AnalysisKind2["CodeScanning"] = "code-scanning"; - AnalysisKind2["CodeQuality"] = "code-quality"; - return AnalysisKind2; -})(AnalysisKind || {}); -var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); - -// src/caching-utils.ts -var core6 = __toESM(require_core()); - // src/feature-flags.ts var fs3 = __toESM(require("fs")); var path3 = __toESM(require("path")); @@ -78258,13 +78239,13 @@ var path2 = __toESM(require("path")); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core7 = __toESM(require_core()); +var core6 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); var runGitCommand = async function(workingDirectory, args, customErrorMessage) { let stdout = ""; let stderr = ""; - core7.debug(`Running git command: git ${args.join(" ")}`); + core6.debug(`Running git command: git ${args.join(" ")}`); try { await new toolrunner2.ToolRunner(await io3.which("git", true), args, { silent: true, @@ -78284,7 +78265,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) { if (stderr.includes("not a git repository")) { reason = "The checkout path provided to the action does not appear to be a git repository."; } - core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`); throw error2; } }; @@ -78395,7 +78376,7 @@ async function getRef() { ) !== head; if (hasChangedRef) { const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core7.debug( + core6.debug( `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); return newRef; @@ -78421,9 +78402,9 @@ async function isAnalyzingDefaultBranch() { } // src/logging.ts -var core8 = __toESM(require_core()); +var core7 = __toESM(require_core()); function getActionsLogger() { - return core8; + return core7; } // src/overlay-database-utils.ts @@ -78919,131 +78900,28 @@ var GitHubFeatureFlags = class { } }; -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); - -// src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path4.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs4.existsSync(configFile)) { - return void 0; - } - const configString = fs4.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} -function generateCodeScanningConfig(originalUserInput, augmentationProperties) { - const augmentedConfig = cloneObject(originalUserInput); - if (augmentationProperties.queriesInput) { - if (augmentationProperties.queriesInputCombines) { - augmentedConfig.queries = (augmentedConfig.queries || []).concat( - augmentationProperties.queriesInput - ); - } else { - augmentedConfig.queries = augmentationProperties.queriesInput; - } - } - if (augmentedConfig.queries?.length === 0) { - delete augmentedConfig.queries; - } - if (augmentationProperties.packsInput) { - if (augmentationProperties.packsInputCombines) { - if (Array.isArray(augmentedConfig.packs)) { - augmentedConfig.packs = (augmentedConfig.packs || []).concat( - augmentationProperties.packsInput - ); - } else if (!augmentedConfig.packs) { - augmentedConfig.packs = augmentationProperties.packsInput; - } else { - const language = Object.keys(augmentedConfig.packs)[0]; - augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(augmentationProperties.packsInput); - } - } else { - augmentedConfig.packs = augmentationProperties.packsInput; - } - } - if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) { - delete augmentedConfig.packs; - } - augmentedConfig["query-filters"] = [ - // Ordering matters. If the first filter is an inclusion, it implicitly - // excludes all queries that are not included. If it is an exclusion, - // it implicitly includes all queries that are not excluded. So user - // filters (if any) should always be first to preserve intent. - ...augmentedConfig["query-filters"] || [], - ...augmentationProperties.extraQueryExclusions - ]; - if (augmentedConfig["query-filters"]?.length === 0) { - delete augmentedConfig["query-filters"]; - } - return augmentedConfig; -} - // src/setup-codeql.ts var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver7 = __toESM(require_semver2()); +var semver6 = __toESM(require_semver2()); // src/tar.ts var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); var toolcache = __toESM(require_tool_cache()); -var semver5 = __toESM(require_semver2()); +var semver4 = __toESM(require_semver2()); // src/tools-download.ts -var core9 = __toESM(require_core()); +var core8 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver6 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; // src/tracer-config.ts -var fs5 = __toESM(require("fs")); -var path5 = __toESM(require("path")); +var fs4 = __toESM(require("fs")); +var path4 = __toESM(require("path")); async function shouldEnableIndirectTracing(codeql, config) { if (config.buildMode === "none" /* None */) { return false; @@ -79058,18 +78936,18 @@ async function endTracingForCluster(codeql, config, logger) { logger.info( "Unsetting build tracing environment variables. Subsequent steps of this job will not be traced." ); - const envVariablesFile = path5.resolve( + const envVariablesFile = path4.resolve( config.dbLocation, "temp/tracingEnvironment/end-tracing.json" ); - if (!fs5.existsSync(envVariablesFile)) { + if (!fs4.existsSync(envVariablesFile)) { throw new Error( `Environment file for ending tracing not found: ${envVariablesFile}` ); } try { const endTracingEnvVariables = JSON.parse( - fs5.readFileSync(envVariablesFile, "utf8") + fs4.readFileSync(envVariablesFile, "utf8") ); for (const [key, value] of Object.entries(endTracingEnvVariables)) { if (value !== null) { @@ -79129,12 +79007,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path6.join( + const tracingConfigPath = path5.join( extractorPath, "tools", "tracing-config.lua" ); - return fs6.existsSync(tracingConfigPath); + return fs5.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -79205,7 +79083,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path6.join( + const autobuildCmd = path5.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -79526,12 +79404,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core10.warning( + core9.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core9.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -79583,17 +79461,13 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(augmentedConfig)); + logger.info(dump(config.computedConfig)); logger.endGroup(); - fs6.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs5.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -79616,7 +79490,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path6.resolve(config.tempDir, "user-config.yaml"); + return path5.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -79692,16 +79566,16 @@ async function setupCppAutobuild(codeql, logger) { logger.info( `Disabling ${featureName} as we are on a self-hosted runner.${getWorkflowEventName() !== "dynamic" ? ` To override this, set the ${envVar} environment variable to 'true' in your workflow. See ${"https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow" /* DEFINE_ENV_VARIABLES */} for more information.` : ""}` ); - core11.exportVariable(envVar, "false"); + core10.exportVariable(envVar, "false"); } else { logger.info( `Enabling ${featureName}. This can be disabled by setting the ${envVar} environment variable to 'false'. See ${"https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow" /* DEFINE_ENV_VARIABLES */} for more information.` ); - core11.exportVariable(envVar, "true"); + core10.exportVariable(envVar, "true"); } } else { logger.info(`Disabling ${featureName}.`); - core11.exportVariable(envVar, "false"); + core10.exportVariable(envVar, "false"); } } async function runAutobuild(config, language, logger) { @@ -79716,11 +79590,84 @@ async function runAutobuild(config, language, logger) { await codeQL.runAutobuild(config, language); } if (language === "go" /* go */) { - core11.exportVariable("CODEQL_ACTION_DID_AUTOBUILD_GOLANG" /* DID_AUTOBUILD_GOLANG */, "true"); + core10.exportVariable("CODEQL_ACTION_DID_AUTOBUILD_GOLANG" /* DID_AUTOBUILD_GOLANG */, "true"); } logger.endGroup(); } +// src/config-utils.ts +var fs6 = __toESM(require("fs")); +var path6 = __toESM(require("path")); +var semver7 = __toESM(require_semver2()); + +// src/analyses.ts +var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { + AnalysisKind2["CodeScanning"] = "code-scanning"; + AnalysisKind2["CodeQuality"] = "code-quality"; + return AnalysisKind2; +})(AnalysisKind || {}); +var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); + +// src/caching-utils.ts +var core11 = __toESM(require_core()); + +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); + +// src/config-utils.ts +var defaultAugmentationProperties = { + queriesInputCombines: false, + packsInputCombines: false, + packsInput: void 0, + queriesInput: void 0, + extraQueryExclusions: [], + overlayDatabaseMode: "none" /* None */, + useOverlayDatabaseCaching: false +}; +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path6.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs6.existsSync(configFile)) { + return void 0; + } + const configString = fs6.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} + // src/status-report.ts var os = __toESM(require("os")); var core12 = __toESM(require_core()); diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 1995591ed..22cd2bec5 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -128114,9 +128114,6 @@ function satisfiesGHESVersion(ghesVersion, range, defaultIfInvalid) { semverVersion.prerelease = []; return semver.satisfies(semverVersion, range); } -function cloneObject(obj) { - return JSON.parse(JSON.stringify(obj)); -} async function checkSipEnablement(logger) { if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; @@ -128502,9 +128499,9 @@ function wrapApiConfigurationError(e) { } // src/codeql.ts -var fs13 = __toESM(require("fs")); -var path13 = __toESM(require("path")); -var core10 = __toESM(require_core()); +var fs11 = __toESM(require("fs")); +var path11 = __toESM(require("path")); +var core9 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -128744,26 +128741,6 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } -// src/config-utils.ts -var fs9 = __toESM(require("fs")); -var path10 = __toESM(require("path")); -var semver4 = __toESM(require_semver2()); - -// src/analyses.ts -var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { - AnalysisKind2["CodeScanning"] = "code-scanning"; - AnalysisKind2["CodeQuality"] = "code-quality"; - return AnalysisKind2; -})(AnalysisKind || {}); -var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); - -// src/caching-utils.ts -var core6 = __toESM(require_core()); - -// src/diff-informed-analysis-utils.ts -var fs8 = __toESM(require("fs")); -var path9 = __toESM(require("path")); - // src/feature-flags.ts var fs7 = __toESM(require("fs")); var path8 = __toESM(require("path")); @@ -128779,13 +128756,13 @@ var path7 = __toESM(require("path")); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core7 = __toESM(require_core()); +var core6 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); var runGitCommand = async function(workingDirectory, args, customErrorMessage) { let stdout = ""; let stderr = ""; - core7.debug(`Running git command: git ${args.join(" ")}`); + core6.debug(`Running git command: git ${args.join(" ")}`); try { await new toolrunner2.ToolRunner(await io3.which("git", true), args, { silent: true, @@ -128805,7 +128782,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) { if (stderr.includes("not a git repository")) { reason = "The checkout path provided to the action does not appear to be a git repository."; } - core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`); throw error2; } }; @@ -128950,7 +128927,7 @@ async function getRef() { ) !== head; if (hasChangedRef) { const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core7.debug( + core6.debug( `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); return newRef; @@ -128976,16 +128953,16 @@ async function isAnalyzingDefaultBranch() { } // src/logging.ts -var core8 = __toESM(require_core()); +var core7 = __toESM(require_core()); function getActionsLogger() { - return core8; + return core7; } function withGroup(groupName, f) { - core8.startGroup(groupName); + core7.startGroup(groupName); try { return f(); } finally { - core8.endGroup(); + core7.endGroup(); } } function formatDuration(durationMs) { @@ -129498,133 +129475,12 @@ var GitHubFeatureFlags = class { } }; -// src/diff-informed-analysis-utils.ts -function getDiffRangesJsonFilePath() { - return path9.join(getTemporaryDirectory(), "pr-diff-range.json"); -} -function readDiffRangesJsonFile(logger) { - const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs8.existsSync(jsonFilePath)) { - logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); - return void 0; - } - const jsonContents = fs8.readFileSync(jsonFilePath, "utf8"); - logger.debug( - `Read pr-diff-range JSON file from ${jsonFilePath}: -${jsonContents}` - ); - return JSON.parse(jsonContents); -} - -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); - -// src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path10.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs9.existsSync(configFile)) { - return void 0; - } - const configString = fs9.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} -function generateCodeScanningConfig(originalUserInput, augmentationProperties) { - const augmentedConfig = cloneObject(originalUserInput); - if (augmentationProperties.queriesInput) { - if (augmentationProperties.queriesInputCombines) { - augmentedConfig.queries = (augmentedConfig.queries || []).concat( - augmentationProperties.queriesInput - ); - } else { - augmentedConfig.queries = augmentationProperties.queriesInput; - } - } - if (augmentedConfig.queries?.length === 0) { - delete augmentedConfig.queries; - } - if (augmentationProperties.packsInput) { - if (augmentationProperties.packsInputCombines) { - if (Array.isArray(augmentedConfig.packs)) { - augmentedConfig.packs = (augmentedConfig.packs || []).concat( - augmentationProperties.packsInput - ); - } else if (!augmentedConfig.packs) { - augmentedConfig.packs = augmentationProperties.packsInput; - } else { - const language = Object.keys(augmentedConfig.packs)[0]; - augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(augmentationProperties.packsInput); - } - } else { - augmentedConfig.packs = augmentationProperties.packsInput; - } - } - if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) { - delete augmentedConfig.packs; - } - augmentedConfig["query-filters"] = [ - // Ordering matters. If the first filter is an inclusion, it implicitly - // excludes all queries that are not included. If it is an exclusion, - // it implicitly includes all queries that are not excluded. So user - // filters (if any) should always be first to preserve intent. - ...augmentedConfig["query-filters"] || [], - ...augmentationProperties.extraQueryExclusions - ]; - if (augmentedConfig["query-filters"]?.length === 0) { - delete augmentedConfig["query-filters"]; - } - return augmentedConfig; -} - // src/setup-codeql.ts -var fs12 = __toESM(require("fs")); -var path12 = __toESM(require("path")); +var fs10 = __toESM(require("fs")); +var path10 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver7 = __toESM(require_semver2()); +var semver6 = __toESM(require_semver2()); // node_modules/uuid/dist/esm/stringify.js var byteToHex = []; @@ -129679,12 +129535,12 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs10 = __toESM(require("fs")); +var fs8 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); var toolcache = __toESM(require_tool_cache()); -var semver5 = __toESM(require_semver2()); +var semver4 = __toESM(require_semver2()); var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3"; var MIN_REQUIRED_GNU_TAR_VERSION = "1.31"; async function getTarVersion() { @@ -129726,9 +129582,9 @@ async function isZstdAvailable(logger) { case "gnu": return { available: foundZstdBinary && // GNU tar only uses major and minor version numbers - semver5.gte( - semver5.coerce(version), - semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION) + semver4.gte( + semver4.coerce(version), + semver4.coerce(MIN_REQUIRED_GNU_TAR_VERSION) ), foundZstdBinary, version: tarVersion @@ -129737,7 +129593,7 @@ async function isZstdAvailable(logger) { return { available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain // a patch version number. - semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), + semver4.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), foundZstdBinary, version: tarVersion }; @@ -129752,7 +129608,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs10.mkdirSync(dest, { recursive: true }); + fs8.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -129836,15 +129692,15 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs11 = __toESM(require("fs")); +var fs9 = __toESM(require("fs")); var os = __toESM(require("os")); -var path11 = __toESM(require("path")); +var path9 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); -var core9 = __toESM(require_core()); +var core8 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver6 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; var TOOLCACHE_TOOL_NAME = "CodeQL"; function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) { @@ -129894,10 +129750,10 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } } catch (e) { - core9.warning( + core8.warning( `Failed to download and extract CodeQL bundle using streaming with error: ${getErrorMessage(e)}` ); - core9.warning(`Falling back to downloading the bundle before extracting.`); + core8.warning(`Falling back to downloading the bundle before extracting.`); await cleanUpGlob(dest, "CodeQL bundle", logger); } const toolsDownloadStart = import_perf_hooks.performance.now(); @@ -129943,7 +129799,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs11.mkdirSync(dest, { recursive: true }); + fs9.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -129971,16 +129827,16 @@ async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorizatio await extractTarZst(response, dest, tarVersion, logger); } function getToolcacheDirectory(version) { - return path11.join( + return path9.join( getRequiredEnvParam("RUNNER_TOOL_CACHE"), TOOLCACHE_TOOL_NAME, - semver6.clean(version) || version, + semver5.clean(version) || version, os.arch() || "" ); } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs11.writeFileSync(markerFilePath, ""); + fs9.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -130095,13 +129951,13 @@ function tryGetTagNameFromUrl(url2, logger) { return match[1]; } function convertToSemVer(version, logger) { - if (!semver7.valid(version)) { + if (!semver6.valid(version)) { logger.debug( `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.` ); version = `0.0.0-${version}`; } - const s = semver7.clean(version); + const s = semver6.clean(version); if (!s) { throw new Error(`Bundle version ${version} is not in SemVer format.`); } @@ -130111,7 +129967,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs12.existsSync(path12.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs10.existsSync(path10.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -130171,7 +130027,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian url2 = toolsInput; if (tagName) { const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger); - if (bundleVersion3 && semver7.valid(bundleVersion3)) { + if (bundleVersion3 && semver6.valid(bundleVersion3)) { cliVersion2 = convertToSemVer(bundleVersion3, logger); } } @@ -130440,11 +130296,11 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau async function useZstdBundle(cliVersion2, tarSupportsZstd) { return ( // In testing, gzip performs better than zstd on Windows. - process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) + process.platform !== "win32" && tarSupportsZstd && semver6.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) ); } function getTempExtractionDir(tempDir) { - return path12.join(tempDir, v4_default()); + return path10.join(tempDir, v4_default()); } // src/tracer-config.ts @@ -130487,7 +130343,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV toolsDownloadStatusReport )}` ); - let codeqlCmd = path13.join(codeqlFolder, "codeql", "codeql"); + let codeqlCmd = path11.join(codeqlFolder, "codeql", "codeql"); if (process.platform === "win32") { codeqlCmd += ".exe"; } else if (process.platform !== "linux" && process.platform !== "darwin") { @@ -130548,12 +130404,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path13.join( + const tracingConfigPath = path11.join( extractorPath, "tools", "tracing-config.lua" ); - return fs13.existsSync(tracingConfigPath); + return fs11.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -130624,7 +130480,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path13.join( + const autobuildCmd = path11.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -130945,12 +130801,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core10.warning( + core9.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core9.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -131002,17 +130858,13 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(augmentedConfig)); + logger.info(dump(config.computedConfig)); logger.endGroup(); - fs13.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs11.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -131035,7 +130887,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path13.resolve(config.tempDir, "user-config.yaml"); + return path11.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -131055,6 +130907,99 @@ async function getJobRunUuidSarifOptions(codeql) { ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } +// src/config-utils.ts +var fs13 = __toESM(require("fs")); +var path13 = __toESM(require("path")); +var semver7 = __toESM(require_semver2()); + +// src/analyses.ts +var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { + AnalysisKind2["CodeScanning"] = "code-scanning"; + AnalysisKind2["CodeQuality"] = "code-quality"; + return AnalysisKind2; +})(AnalysisKind || {}); +var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); + +// src/caching-utils.ts +var core10 = __toESM(require_core()); + +// src/diff-informed-analysis-utils.ts +var fs12 = __toESM(require("fs")); +var path12 = __toESM(require("path")); +function getDiffRangesJsonFilePath() { + return path12.join(getTemporaryDirectory(), "pr-diff-range.json"); +} +function readDiffRangesJsonFile(logger) { + const jsonFilePath = getDiffRangesJsonFilePath(); + if (!fs12.existsSync(jsonFilePath)) { + logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); + return void 0; + } + const jsonContents = fs12.readFileSync(jsonFilePath, "utf8"); + logger.debug( + `Read pr-diff-range JSON file from ${jsonFilePath}: +${jsonContents}` + ); + return JSON.parse(jsonContents); +} + +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); + +// src/config-utils.ts +var defaultAugmentationProperties = { + queriesInputCombines: false, + packsInputCombines: false, + packsInput: void 0, + queriesInput: void 0, + extraQueryExclusions: [], + overlayDatabaseMode: "none" /* None */, + useOverlayDatabaseCaching: false +}; +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path13.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs13.existsSync(configFile)) { + return void 0; + } + const configString = fs13.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} + // src/debug-artifacts.ts var fs15 = __toESM(require("fs")); var path15 = __toESM(require("path")); diff --git a/lib/init-action.js b/lib/init-action.js index 2edef1980..42f001de7 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -87301,6 +87301,7 @@ async function getDefaultConfig({ languages, buildMode, originalUserInput: {}, + computedConfig: {}, tempDir, codeQLCmd: codeql.getPath(), gitHubVersion: githubVersion, @@ -87612,6 +87613,10 @@ async function initConfig(inputs) { const config = await getDefaultConfig(inputs); const augmentationProperties = config.augmentationProperties; config.originalUserInput = userConfig; + config.computedConfig = generateCodeScanningConfig( + userConfig, + config.augmentationProperties + ); const { overlayDatabaseMode, useOverlayDatabaseCaching } = await getOverlayDatabaseMode( inputs.codeql, inputs.repository, @@ -87619,7 +87624,7 @@ async function initConfig(inputs) { config.languages, inputs.sourceRoot, config.buildMode, - generateCodeScanningConfig(userConfig, augmentationProperties), + config.computedConfig, logger ); logger.info( @@ -89606,17 +89611,13 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(augmentedConfig)); + logger.info(dump(config.computedConfig)); logger.endGroup(); - fs14.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs14.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 7c46b8092..f7dec10bb 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -77720,9 +77720,6 @@ function checkActionVersion(version, githubVersion) { } } } -function cloneObject(obj) { - return JSON.parse(JSON.stringify(obj)); -} async function checkSipEnablement(logger) { if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; @@ -78702,52 +78699,6 @@ async function getConfig(tempDir, logger) { logger.debug(configString); return JSON.parse(configString); } -function generateCodeScanningConfig(originalUserInput, augmentationProperties) { - const augmentedConfig = cloneObject(originalUserInput); - if (augmentationProperties.queriesInput) { - if (augmentationProperties.queriesInputCombines) { - augmentedConfig.queries = (augmentedConfig.queries || []).concat( - augmentationProperties.queriesInput - ); - } else { - augmentedConfig.queries = augmentationProperties.queriesInput; - } - } - if (augmentedConfig.queries?.length === 0) { - delete augmentedConfig.queries; - } - if (augmentationProperties.packsInput) { - if (augmentationProperties.packsInputCombines) { - if (Array.isArray(augmentedConfig.packs)) { - augmentedConfig.packs = (augmentedConfig.packs || []).concat( - augmentationProperties.packsInput - ); - } else if (!augmentedConfig.packs) { - augmentedConfig.packs = augmentationProperties.packsInput; - } else { - const language = Object.keys(augmentedConfig.packs)[0]; - augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(augmentationProperties.packsInput); - } - } else { - augmentedConfig.packs = augmentationProperties.packsInput; - } - } - if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) { - delete augmentedConfig.packs; - } - augmentedConfig["query-filters"] = [ - // Ordering matters. If the first filter is an inclusion, it implicitly - // excludes all queries that are not included. If it is an exclusion, - // it implicitly includes all queries that are not excluded. So user - // filters (if any) should always be first to preserve intent. - ...augmentedConfig["query-filters"] || [], - ...augmentationProperties.extraQueryExclusions - ]; - if (augmentedConfig["query-filters"]?.length === 0) { - delete augmentedConfig["query-filters"]; - } - return augmentedConfig; -} // src/codeql.ts var fs4 = __toESM(require("fs")); @@ -79283,17 +79234,13 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(augmentedConfig)); + logger.info(dump(config.computedConfig)); logger.endGroup(); - fs4.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs4.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 825744e8d..921a9ab3a 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -88331,9 +88331,6 @@ function satisfiesGHESVersion(ghesVersion, range, defaultIfInvalid) { semverVersion.prerelease = []; return semver.satisfies(semverVersion, range); } -function cloneObject(obj) { - return JSON.parse(JSON.stringify(obj)); -} async function cleanUpGlob(glob, name, logger) { logger.debug(`Cleaning up ${name}.`); try { @@ -88632,9 +88629,9 @@ function wrapApiConfigurationError(e) { } // src/codeql.ts -var fs11 = __toESM(require("fs")); -var path12 = __toESM(require("path")); -var core10 = __toESM(require_core()); +var fs9 = __toESM(require("fs")); +var path10 = __toESM(require("path")); +var core9 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -88874,26 +88871,6 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } -// src/config-utils.ts -var fs7 = __toESM(require("fs")); -var path9 = __toESM(require("path")); -var semver4 = __toESM(require_semver2()); - -// src/analyses.ts -var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { - AnalysisKind2["CodeScanning"] = "code-scanning"; - AnalysisKind2["CodeQuality"] = "code-quality"; - return AnalysisKind2; -})(AnalysisKind || {}); -var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); - -// src/caching-utils.ts -var core6 = __toESM(require_core()); - -// src/diff-informed-analysis-utils.ts -var fs6 = __toESM(require("fs")); -var path8 = __toESM(require("path")); - // src/feature-flags.ts var semver3 = __toESM(require_semver2()); @@ -88907,13 +88884,13 @@ var path7 = __toESM(require("path")); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core7 = __toESM(require_core()); +var core6 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); var runGitCommand = async function(workingDirectory, args, customErrorMessage) { let stdout = ""; let stderr = ""; - core7.debug(`Running git command: git ${args.join(" ")}`); + core6.debug(`Running git command: git ${args.join(" ")}`); try { await new toolrunner2.ToolRunner(await io3.which("git", true), args, { silent: true, @@ -88933,7 +88910,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) { if (stderr.includes("not a git repository")) { reason = "The checkout path provided to the action does not appear to be a git repository."; } - core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`); throw error2; } }; @@ -89078,7 +89055,7 @@ async function getRef() { ) !== head; if (hasChangedRef) { const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core7.debug( + core6.debug( `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); return newRef; @@ -89104,7 +89081,7 @@ async function isAnalyzingDefaultBranch() { } // src/logging.ts -var core8 = __toESM(require_core()); +var core7 = __toESM(require_core()); function formatDuration(durationMs) { if (durationMs < 1e3) { return `${durationMs}ms`; @@ -89345,133 +89322,12 @@ var featureConfig = { } }; -// src/diff-informed-analysis-utils.ts -function getDiffRangesJsonFilePath() { - return path8.join(getTemporaryDirectory(), "pr-diff-range.json"); -} -function readDiffRangesJsonFile(logger) { - const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs6.existsSync(jsonFilePath)) { - logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); - return void 0; - } - const jsonContents = fs6.readFileSync(jsonFilePath, "utf8"); - logger.debug( - `Read pr-diff-range JSON file from ${jsonFilePath}: -${jsonContents}` - ); - return JSON.parse(jsonContents); -} - -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); - -// src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path9.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs7.existsSync(configFile)) { - return void 0; - } - const configString = fs7.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} -function generateCodeScanningConfig(originalUserInput, augmentationProperties) { - const augmentedConfig = cloneObject(originalUserInput); - if (augmentationProperties.queriesInput) { - if (augmentationProperties.queriesInputCombines) { - augmentedConfig.queries = (augmentedConfig.queries || []).concat( - augmentationProperties.queriesInput - ); - } else { - augmentedConfig.queries = augmentationProperties.queriesInput; - } - } - if (augmentedConfig.queries?.length === 0) { - delete augmentedConfig.queries; - } - if (augmentationProperties.packsInput) { - if (augmentationProperties.packsInputCombines) { - if (Array.isArray(augmentedConfig.packs)) { - augmentedConfig.packs = (augmentedConfig.packs || []).concat( - augmentationProperties.packsInput - ); - } else if (!augmentedConfig.packs) { - augmentedConfig.packs = augmentationProperties.packsInput; - } else { - const language = Object.keys(augmentedConfig.packs)[0]; - augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(augmentationProperties.packsInput); - } - } else { - augmentedConfig.packs = augmentationProperties.packsInput; - } - } - if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) { - delete augmentedConfig.packs; - } - augmentedConfig["query-filters"] = [ - // Ordering matters. If the first filter is an inclusion, it implicitly - // excludes all queries that are not included. If it is an exclusion, - // it implicitly includes all queries that are not excluded. So user - // filters (if any) should always be first to preserve intent. - ...augmentedConfig["query-filters"] || [], - ...augmentationProperties.extraQueryExclusions - ]; - if (augmentedConfig["query-filters"]?.length === 0) { - delete augmentedConfig["query-filters"]; - } - return augmentedConfig; -} - // src/setup-codeql.ts -var fs10 = __toESM(require("fs")); -var path11 = __toESM(require("path")); +var fs8 = __toESM(require("fs")); +var path9 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver7 = __toESM(require_semver2()); +var semver6 = __toESM(require_semver2()); // node_modules/uuid/dist/esm/stringify.js var byteToHex = []; @@ -89526,12 +89382,12 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs8 = __toESM(require("fs")); +var fs6 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); var toolcache = __toESM(require_tool_cache()); -var semver5 = __toESM(require_semver2()); +var semver4 = __toESM(require_semver2()); var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3"; var MIN_REQUIRED_GNU_TAR_VERSION = "1.31"; async function getTarVersion() { @@ -89573,9 +89429,9 @@ async function isZstdAvailable(logger) { case "gnu": return { available: foundZstdBinary && // GNU tar only uses major and minor version numbers - semver5.gte( - semver5.coerce(version), - semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION) + semver4.gte( + semver4.coerce(version), + semver4.coerce(MIN_REQUIRED_GNU_TAR_VERSION) ), foundZstdBinary, version: tarVersion @@ -89584,7 +89440,7 @@ async function isZstdAvailable(logger) { return { available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain // a patch version number. - semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), + semver4.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), foundZstdBinary, version: tarVersion }; @@ -89599,7 +89455,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs8.mkdirSync(dest, { recursive: true }); + fs6.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -89683,15 +89539,15 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs9 = __toESM(require("fs")); +var fs7 = __toESM(require("fs")); var os = __toESM(require("os")); -var path10 = __toESM(require("path")); +var path8 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); -var core9 = __toESM(require_core()); +var core8 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver6 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; var TOOLCACHE_TOOL_NAME = "CodeQL"; function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) { @@ -89741,10 +89597,10 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } } catch (e) { - core9.warning( + core8.warning( `Failed to download and extract CodeQL bundle using streaming with error: ${getErrorMessage(e)}` ); - core9.warning(`Falling back to downloading the bundle before extracting.`); + core8.warning(`Falling back to downloading the bundle before extracting.`); await cleanUpGlob(dest, "CodeQL bundle", logger); } const toolsDownloadStart = import_perf_hooks.performance.now(); @@ -89790,7 +89646,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs9.mkdirSync(dest, { recursive: true }); + fs7.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -89818,16 +89674,16 @@ async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorizatio await extractTarZst(response, dest, tarVersion, logger); } function getToolcacheDirectory(version) { - return path10.join( + return path8.join( getRequiredEnvParam("RUNNER_TOOL_CACHE"), TOOLCACHE_TOOL_NAME, - semver6.clean(version) || version, + semver5.clean(version) || version, os.arch() || "" ); } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs9.writeFileSync(markerFilePath, ""); + fs7.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -89942,13 +89798,13 @@ function tryGetTagNameFromUrl(url2, logger) { return match[1]; } function convertToSemVer(version, logger) { - if (!semver7.valid(version)) { + if (!semver6.valid(version)) { logger.debug( `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.` ); version = `0.0.0-${version}`; } - const s = semver7.clean(version); + const s = semver6.clean(version); if (!s) { throw new Error(`Bundle version ${version} is not in SemVer format.`); } @@ -89958,7 +89814,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs10.existsSync(path11.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs8.existsSync(path9.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -90018,7 +89874,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian url2 = toolsInput; if (tagName) { const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger); - if (bundleVersion3 && semver7.valid(bundleVersion3)) { + if (bundleVersion3 && semver6.valid(bundleVersion3)) { cliVersion2 = convertToSemVer(bundleVersion3, logger); } } @@ -90287,11 +90143,11 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau async function useZstdBundle(cliVersion2, tarSupportsZstd) { return ( // In testing, gzip performs better than zstd on Windows. - process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) + process.platform !== "win32" && tarSupportsZstd && semver6.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) ); } function getTempExtractionDir(tempDir) { - return path11.join(tempDir, v4_default()); + return path9.join(tempDir, v4_default()); } // src/tracer-config.ts @@ -90334,7 +90190,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV toolsDownloadStatusReport )}` ); - let codeqlCmd = path12.join(codeqlFolder, "codeql", "codeql"); + let codeqlCmd = path10.join(codeqlFolder, "codeql", "codeql"); if (process.platform === "win32") { codeqlCmd += ".exe"; } else if (process.platform !== "linux" && process.platform !== "darwin") { @@ -90395,12 +90251,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path12.join( + const tracingConfigPath = path10.join( extractorPath, "tools", "tracing-config.lua" ); - return fs11.existsSync(tracingConfigPath); + return fs9.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -90471,7 +90327,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path12.join( + const autobuildCmd = path10.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -90792,12 +90648,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core10.warning( + core9.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core9.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -90849,17 +90705,13 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(augmentedConfig)); + logger.info(dump(config.computedConfig)); logger.endGroup(); - fs11.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs9.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -90882,7 +90734,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path12.resolve(config.tempDir, "user-config.yaml"); + return path10.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -90902,6 +90754,99 @@ async function getJobRunUuidSarifOptions(codeql) { ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } +// src/config-utils.ts +var fs11 = __toESM(require("fs")); +var path12 = __toESM(require("path")); +var semver7 = __toESM(require_semver2()); + +// src/analyses.ts +var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { + AnalysisKind2["CodeScanning"] = "code-scanning"; + AnalysisKind2["CodeQuality"] = "code-quality"; + return AnalysisKind2; +})(AnalysisKind || {}); +var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); + +// src/caching-utils.ts +var core10 = __toESM(require_core()); + +// src/diff-informed-analysis-utils.ts +var fs10 = __toESM(require("fs")); +var path11 = __toESM(require("path")); +function getDiffRangesJsonFilePath() { + return path11.join(getTemporaryDirectory(), "pr-diff-range.json"); +} +function readDiffRangesJsonFile(logger) { + const jsonFilePath = getDiffRangesJsonFilePath(); + if (!fs10.existsSync(jsonFilePath)) { + logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); + return void 0; + } + const jsonContents = fs10.readFileSync(jsonFilePath, "utf8"); + logger.debug( + `Read pr-diff-range JSON file from ${jsonFilePath}: +${jsonContents}` + ); + return JSON.parse(jsonContents); +} + +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); + +// src/config-utils.ts +var defaultAugmentationProperties = { + queriesInputCombines: false, + packsInputCombines: false, + packsInput: void 0, + queriesInput: void 0, + extraQueryExclusions: [], + overlayDatabaseMode: "none" /* None */, + useOverlayDatabaseCaching: false +}; +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path12.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs11.existsSync(configFile)) { + return void 0; + } + const configString = fs11.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} + // src/fingerprints.ts var fs12 = __toESM(require("fs")); var import_path = __toESM(require("path")); diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 4e569eb51..80c1b4690 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -117149,10 +117149,10 @@ var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); // src/autobuild.ts -var core11 = __toESM(require_core()); +var core10 = __toESM(require_core()); // src/codeql.ts -var core10 = __toESM(require_core()); +var core9 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -117288,12 +117288,6 @@ var cliErrorsConfig = { } }; -// src/config-utils.ts -var semver4 = __toESM(require_semver2()); - -// src/caching-utils.ts -var core6 = __toESM(require_core()); - // src/feature-flags.ts var semver3 = __toESM(require_semver2()); @@ -117301,21 +117295,21 @@ var semver3 = __toESM(require_semver2()); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core7 = __toESM(require_core()); +var core6 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); // src/logging.ts -var core8 = __toESM(require_core()); +var core7 = __toESM(require_core()); function getActionsLogger() { - return core8; + return core7; } function withGroup(groupName, f) { - core8.startGroup(groupName); + core7.startGroup(groupName); try { return f(); } finally { - core8.endGroup(); + core7.endGroup(); } } @@ -117491,6 +117485,31 @@ var featureConfig = { } }; +// src/setup-codeql.ts +var toolcache3 = __toESM(require_tool_cache()); +var import_fast_deep_equal = __toESM(require_fast_deep_equal()); +var semver6 = __toESM(require_semver2()); + +// src/tar.ts +var import_toolrunner = __toESM(require_toolrunner()); +var io4 = __toESM(require_io()); +var toolcache = __toESM(require_tool_cache()); +var semver4 = __toESM(require_semver2()); + +// src/tools-download.ts +var core8 = __toESM(require_core()); +var import_http_client = __toESM(require_lib()); +var toolcache2 = __toESM(require_tool_cache()); +var import_follow_redirects = __toESM(require_follow_redirects()); +var semver5 = __toESM(require_semver2()); +var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; + +// src/config-utils.ts +var semver7 = __toESM(require_semver2()); + +// src/caching-utils.ts +var core11 = __toESM(require_core()); + // src/trap-caching.ts var actionsCache2 = __toESM(require_cache3()); @@ -117535,25 +117554,6 @@ var PACK_IDENTIFIER_PATTERN = (function() { return new RegExp(`^${component}/${component}$`); })(); -// src/setup-codeql.ts -var toolcache3 = __toESM(require_tool_cache()); -var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver7 = __toESM(require_semver2()); - -// src/tar.ts -var import_toolrunner = __toESM(require_toolrunner()); -var io4 = __toESM(require_io()); -var toolcache = __toESM(require_tool_cache()); -var semver5 = __toESM(require_semver2()); - -// src/tools-download.ts -var core9 = __toESM(require_core()); -var import_http_client = __toESM(require_lib()); -var toolcache2 = __toESM(require_tool_cache()); -var import_follow_redirects = __toESM(require_follow_redirects()); -var semver6 = __toESM(require_semver2()); -var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; - // src/dependency-caching.ts var actionsCache3 = __toESM(require_cache3()); var glob = __toESM(require_glob3()); diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index e785cef37..01f4f470d 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -88491,9 +88491,6 @@ function satisfiesGHESVersion(ghesVersion, range, defaultIfInvalid) { semverVersion.prerelease = []; return semver.satisfies(semverVersion, range); } -function cloneObject(obj) { - return JSON.parse(JSON.stringify(obj)); -} async function checkSipEnablement(logger) { if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; @@ -89765,9 +89762,9 @@ var core12 = __toESM(require_core()); var jsonschema = __toESM(require_lib2()); // src/codeql.ts -var fs12 = __toESM(require("fs")); -var path13 = __toESM(require("path")); -var core11 = __toESM(require_core()); +var fs10 = __toESM(require("fs")); +var path11 = __toESM(require("path")); +var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -90007,151 +90004,12 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } -// src/config-utils.ts -var fs8 = __toESM(require("fs")); -var path10 = __toESM(require("path")); -var semver4 = __toESM(require_semver2()); - -// src/analyses.ts -var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { - AnalysisKind2["CodeScanning"] = "code-scanning"; - AnalysisKind2["CodeQuality"] = "code-quality"; - return AnalysisKind2; -})(AnalysisKind || {}); -var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); - -// src/caching-utils.ts -var core9 = __toESM(require_core()); - -// src/diff-informed-analysis-utils.ts -var fs7 = __toESM(require("fs")); -var path9 = __toESM(require("path")); -function getDiffRangesJsonFilePath() { - return path9.join(getTemporaryDirectory(), "pr-diff-range.json"); -} -function readDiffRangesJsonFile(logger) { - const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs7.existsSync(jsonFilePath)) { - logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); - return void 0; - } - const jsonContents = fs7.readFileSync(jsonFilePath, "utf8"); - logger.debug( - `Read pr-diff-range JSON file from ${jsonFilePath}: -${jsonContents}` - ); - return JSON.parse(jsonContents); -} - -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); - -// src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path10.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs8.existsSync(configFile)) { - return void 0; - } - const configString = fs8.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} -function generateCodeScanningConfig(originalUserInput, augmentationProperties) { - const augmentedConfig = cloneObject(originalUserInput); - if (augmentationProperties.queriesInput) { - if (augmentationProperties.queriesInputCombines) { - augmentedConfig.queries = (augmentedConfig.queries || []).concat( - augmentationProperties.queriesInput - ); - } else { - augmentedConfig.queries = augmentationProperties.queriesInput; - } - } - if (augmentedConfig.queries?.length === 0) { - delete augmentedConfig.queries; - } - if (augmentationProperties.packsInput) { - if (augmentationProperties.packsInputCombines) { - if (Array.isArray(augmentedConfig.packs)) { - augmentedConfig.packs = (augmentedConfig.packs || []).concat( - augmentationProperties.packsInput - ); - } else if (!augmentedConfig.packs) { - augmentedConfig.packs = augmentationProperties.packsInput; - } else { - const language = Object.keys(augmentedConfig.packs)[0]; - augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(augmentationProperties.packsInput); - } - } else { - augmentedConfig.packs = augmentationProperties.packsInput; - } - } - if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) { - delete augmentedConfig.packs; - } - augmentedConfig["query-filters"] = [ - // Ordering matters. If the first filter is an inclusion, it implicitly - // excludes all queries that are not included. If it is an exclusion, - // it implicitly includes all queries that are not excluded. So user - // filters (if any) should always be first to preserve intent. - ...augmentedConfig["query-filters"] || [], - ...augmentationProperties.extraQueryExclusions - ]; - if (augmentedConfig["query-filters"]?.length === 0) { - delete augmentedConfig["query-filters"]; - } - return augmentedConfig; -} - // src/setup-codeql.ts -var fs11 = __toESM(require("fs")); -var path12 = __toESM(require("path")); +var fs9 = __toESM(require("fs")); +var path10 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver7 = __toESM(require_semver2()); +var semver6 = __toESM(require_semver2()); // node_modules/uuid/dist/esm/stringify.js var byteToHex = []; @@ -90206,12 +90064,12 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs9 = __toESM(require("fs")); +var fs7 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); var toolcache = __toESM(require_tool_cache()); -var semver5 = __toESM(require_semver2()); +var semver4 = __toESM(require_semver2()); var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3"; var MIN_REQUIRED_GNU_TAR_VERSION = "1.31"; async function getTarVersion() { @@ -90253,9 +90111,9 @@ async function isZstdAvailable(logger) { case "gnu": return { available: foundZstdBinary && // GNU tar only uses major and minor version numbers - semver5.gte( - semver5.coerce(version), - semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION) + semver4.gte( + semver4.coerce(version), + semver4.coerce(MIN_REQUIRED_GNU_TAR_VERSION) ), foundZstdBinary, version: tarVersion @@ -90264,7 +90122,7 @@ async function isZstdAvailable(logger) { return { available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain // a patch version number. - semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), + semver4.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), foundZstdBinary, version: tarVersion }; @@ -90279,7 +90137,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs9.mkdirSync(dest, { recursive: true }); + fs7.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -90363,15 +90221,15 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs10 = __toESM(require("fs")); +var fs8 = __toESM(require("fs")); var os2 = __toESM(require("os")); -var path11 = __toESM(require("path")); +var path9 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); -var core10 = __toESM(require_core()); +var core9 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver6 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; var TOOLCACHE_TOOL_NAME = "CodeQL"; function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) { @@ -90421,10 +90279,10 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } } catch (e) { - core10.warning( + core9.warning( `Failed to download and extract CodeQL bundle using streaming with error: ${getErrorMessage(e)}` ); - core10.warning(`Falling back to downloading the bundle before extracting.`); + core9.warning(`Falling back to downloading the bundle before extracting.`); await cleanUpGlob(dest, "CodeQL bundle", logger); } const toolsDownloadStart = import_perf_hooks.performance.now(); @@ -90470,7 +90328,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs10.mkdirSync(dest, { recursive: true }); + fs8.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -90498,16 +90356,16 @@ async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorizatio await extractTarZst(response, dest, tarVersion, logger); } function getToolcacheDirectory(version) { - return path11.join( + return path9.join( getRequiredEnvParam("RUNNER_TOOL_CACHE"), TOOLCACHE_TOOL_NAME, - semver6.clean(version) || version, + semver5.clean(version) || version, os2.arch() || "" ); } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs10.writeFileSync(markerFilePath, ""); + fs8.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -90622,13 +90480,13 @@ function tryGetTagNameFromUrl(url2, logger) { return match[1]; } function convertToSemVer(version, logger) { - if (!semver7.valid(version)) { + if (!semver6.valid(version)) { logger.debug( `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.` ); version = `0.0.0-${version}`; } - const s = semver7.clean(version); + const s = semver6.clean(version); if (!s) { throw new Error(`Bundle version ${version} is not in SemVer format.`); } @@ -90638,7 +90496,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs11.existsSync(path12.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs9.existsSync(path10.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -90698,7 +90556,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian url2 = toolsInput; if (tagName) { const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger); - if (bundleVersion3 && semver7.valid(bundleVersion3)) { + if (bundleVersion3 && semver6.valid(bundleVersion3)) { cliVersion2 = convertToSemVer(bundleVersion3, logger); } } @@ -90967,11 +90825,11 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau async function useZstdBundle(cliVersion2, tarSupportsZstd) { return ( // In testing, gzip performs better than zstd on Windows. - process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) + process.platform !== "win32" && tarSupportsZstd && semver6.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) ); } function getTempExtractionDir(tempDir) { - return path12.join(tempDir, v4_default()); + return path10.join(tempDir, v4_default()); } // src/tracer-config.ts @@ -91014,7 +90872,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV toolsDownloadStatusReport )}` ); - let codeqlCmd = path13.join(codeqlFolder, "codeql", "codeql"); + let codeqlCmd = path11.join(codeqlFolder, "codeql", "codeql"); if (process.platform === "win32") { codeqlCmd += ".exe"; } else if (process.platform !== "linux" && process.platform !== "darwin") { @@ -91075,12 +90933,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path13.join( + const tracingConfigPath = path11.join( extractorPath, "tools", "tracing-config.lua" ); - return fs12.existsSync(tracingConfigPath); + return fs10.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -91151,7 +91009,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path13.join( + const autobuildCmd = path11.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -91472,12 +91330,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core11.warning( + core10.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core11.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -91529,17 +91387,13 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(augmentedConfig)); + logger.info(dump(config.computedConfig)); logger.endGroup(); - fs12.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs10.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -91562,7 +91416,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path13.resolve(config.tempDir, "user-config.yaml"); + return path11.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -91582,6 +91436,99 @@ async function getJobRunUuidSarifOptions(codeql) { ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } +// src/config-utils.ts +var fs12 = __toESM(require("fs")); +var path13 = __toESM(require("path")); +var semver7 = __toESM(require_semver2()); + +// src/analyses.ts +var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { + AnalysisKind2["CodeScanning"] = "code-scanning"; + AnalysisKind2["CodeQuality"] = "code-quality"; + return AnalysisKind2; +})(AnalysisKind || {}); +var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); + +// src/caching-utils.ts +var core11 = __toESM(require_core()); + +// src/diff-informed-analysis-utils.ts +var fs11 = __toESM(require("fs")); +var path12 = __toESM(require("path")); +function getDiffRangesJsonFilePath() { + return path12.join(getTemporaryDirectory(), "pr-diff-range.json"); +} +function readDiffRangesJsonFile(logger) { + const jsonFilePath = getDiffRangesJsonFilePath(); + if (!fs11.existsSync(jsonFilePath)) { + logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); + return void 0; + } + const jsonContents = fs11.readFileSync(jsonFilePath, "utf8"); + logger.debug( + `Read pr-diff-range JSON file from ${jsonFilePath}: +${jsonContents}` + ); + return JSON.parse(jsonContents); +} + +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); + +// src/config-utils.ts +var defaultAugmentationProperties = { + queriesInputCombines: false, + packsInputCombines: false, + packsInput: void 0, + queriesInput: void 0, + extraQueryExclusions: [], + overlayDatabaseMode: "none" /* None */, + useOverlayDatabaseCaching: false +}; +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path13.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs12.existsSync(configFile)) { + return void 0; + } + const configString = fs12.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} + // src/fingerprints.ts var fs13 = __toESM(require("fs")); var import_path = __toESM(require("path")); diff --git a/src/codeql.test.ts b/src/codeql.test.ts index 29e4b27ef..e6df746c7 100644 --- a/src/codeql.test.ts +++ b/src/codeql.test.ts @@ -18,6 +18,7 @@ import { AugmentationProperties, Config, defaultAugmentationProperties, + generateCodeScanningConfig, } from "./config-utils"; import * as defaults from "./defaults.json"; import { DocUrl } from "./doc-url"; @@ -504,6 +505,10 @@ const injectedConfigMacro = test.macro({ tempDir, augmentationProperties, }; + thisStubConfig.computedConfig = generateCodeScanningConfig( + thisStubConfig.originalUserInput, + thisStubConfig.augmentationProperties, + ); await codeqlObject.databaseInitCluster( thisStubConfig, diff --git a/src/codeql.ts b/src/codeql.ts index 81c8e3dec..820789bdd 100644 --- a/src/codeql.ts +++ b/src/codeql.ts @@ -13,7 +13,7 @@ import { } from "./actions-util"; import * as api from "./api-client"; import { CliError, wrapCliConfigurationError } from "./cli-errors"; -import { generateCodeScanningConfig, type Config } from "./config-utils"; +import { type Config } from "./config-utils"; import { DocUrl } from "./doc-url"; import { EnvVar } from "./environment"; import { @@ -1161,19 +1161,15 @@ async function writeCodeScanningConfigFile( logger: Logger, ): Promise { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties, - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}`, ); logger.startGroup("Augmented user configuration file contents"); - logger.info(yaml.dump(augmentedConfig)); + logger.info(yaml.dump(config.computedConfig)); logger.endGroup(); - fs.writeFileSync(codeScanningConfigFile, yaml.dump(augmentedConfig)); + fs.writeFileSync(codeScanningConfigFile, yaml.dump(config.computedConfig)); return codeScanningConfigFile; } diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index e57cb5f6f..a7b36df7a 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -322,18 +322,21 @@ test("load non-empty input", async (t) => { fs.mkdirSync(path.join(tempDir, "foo")); + const userConfig: configUtils.UserConfig = { + name: "my config", + "disable-default-queries": true, + queries: [{ uses: "./foo" }], + "paths-ignore": ["a", "b"], + paths: ["c/d"], + }; + // And the config we expect it to parse to const expectedConfig: configUtils.Config = { analysisKinds: [AnalysisKind.CodeScanning], languages: [KnownLanguage.javascript], buildMode: BuildMode.None, - originalUserInput: { - name: "my config", - "disable-default-queries": true, - queries: [{ uses: "./foo" }], - "paths-ignore": ["a", "b"], - paths: ["c/d"], - }, + originalUserInput: userConfig, + computedConfig: userConfig, tempDir, codeQLCmd: codeql.getPath(), gitHubVersion: githubVersion, diff --git a/src/config-utils.ts b/src/config-utils.ts index 477cb20e6..132526861 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -145,8 +145,17 @@ export interface Config { */ debugDatabaseName: string; + /** + * Describes how to augment the user configuration with inputs from the action. + */ augmentationProperties: AugmentationProperties; + /** + * The configuration we computed by combining `originalUserInput` with `augmentationProperties`, + * as well as adjustments made to it based on unsupported or required options. + */ + computedConfig: UserConfig; + /** * Partial map from languages to locations of TRAP caches for that language. * If a key is omitted, then TRAP caching should not be used for that language. @@ -576,6 +585,7 @@ export async function getDefaultConfig({ languages, buildMode, originalUserInput: {}, + computedConfig: {}, tempDir, codeQLCmd: codeql.getPath(), gitHubVersion: githubVersion, @@ -1101,6 +1111,13 @@ export async function initConfig(inputs: InitConfigInputs): Promise { const augmentationProperties = config.augmentationProperties; config.originalUserInput = userConfig; + // Compute the full Code Scanning configuration that combines the configuration from the + // configuration file / `config` input with other inputs, such as `queries`. + config.computedConfig = generateCodeScanningConfig( + userConfig, + config.augmentationProperties, + ); + // The choice of overlay database mode depends on the selection of languages // and queries, which in turn depends on the user config and the augmentation // properties. So we need to calculate the overlay database mode after the @@ -1113,7 +1130,7 @@ export async function initConfig(inputs: InitConfigInputs): Promise { config.languages, inputs.sourceRoot, config.buildMode, - generateCodeScanningConfig(userConfig, augmentationProperties), + config.computedConfig, logger, ); logger.info( diff --git a/src/testing-utils.ts b/src/testing-utils.ts index 624bb72cd..49b50cb21 100644 --- a/src/testing-utils.ts +++ b/src/testing-utils.ts @@ -360,6 +360,7 @@ export function createTestConfig(overrides: Partial): Config { languages: [], buildMode: undefined, originalUserInput: {}, + computedConfig: {}, tempDir: "", codeQLCmd: "", gitHubVersion: {