This works by moving the logic to check for toolcache bypass out of
creating the codeql instance. The logic now _may_ perform an API request
in order to check what languages are in the repository. This check is
redundant because the same call is being made later in the action when
the actual list of languages is calculated.
Avoid usage of "Feature Flag" unless we are talking specifically about
the response from github features api. Otherwise, use terms like
"Toggleable features".
Note both "toggleable" and "togglable" appear to be valid spellings of
the word. I chose the first for no good reason.
This commit centralizes how feature flags are handled. All feature flags
must now add an entry in the `featureFlagConfig` dictionary. This
dictionary associates the flag with an environment variable name and
optionally a minimum version for CodeQL.
The new logic is:
- if the environment variable is set to false: disabled
- if the minimum version requirement specified and met: disabled
- if the environment variable is set to true: enable
- Otherwise check feature flag enablement from the server
* Correctly report CodeQL version when using cache
* Add JS generated files
* Add test for return value of `setupCodeQL`
* Fill in missing return value comment
This change adds:
- new `registries` block allowed in code scanning config file
- new `registries-auth-tokens` input in init action
- Change the downloadPacks function so that it accepts new parameters:
- registries block
- api auth
- Generate a qlconfig.yml file with the registries block if one is
supplied. Use this file when downloading packs.
- temporarily set the `GITHUB_TOKEN` and `CODEQL_REGISTRIES_AUTH` based
on api auth
TODO:
1. integration test
2. handle pack downloads when the config is generated by the CLI
This commit prints diagnostic messages to the Actions log when debug
logging is enabled by passing `debug: true` to `codeql-action/init` or
enabling Actions step debug logging.
This decorator enabled us to use the functionality of the Actions
toolcache within the runner too.
Now that we've deleted the runner we no longer need it.
This commit adds the packs and queries from the actions input to the
config file used by the CodeQL CLI.
When the `+` is used, the actions input value is combined with the
config value and when it is not used, the input value overrides the
config value.
This commit also adds a bunch of integration tests for this feature.
In order to avoid adding too many new jobs, all of the tests are
run sequentially in a single job (matrixed across relevant operating
systems and OSes).
4.4.2 introduces a breaking change that the variable in a catch clause
is now `unknown` type. So, we need to cast the `e`, `err`, or `error`
variables to type `Error`.
This PR ensures environment variables are set before any invocation of
the CLI. Here is a list of vars that are set:
https://github.com/github/codeql-coreql-team/issues/1124#issuecomment-852463521
This ensures the CLI knows the features and versions of the containing
actions/runner.
Additionally:
- Fix the user agent so that it more closely aligns with user agent
spec
- Refactor environment variable initialization so that it all happens in
one place and call.
- Move Mode, getRequiredEnvParam, setMode, getMode out of actions-util
and into util. actions-util is meant for utils only called by the
action, not the runner.
The `prepareLocalRunEnvironment()` method is most likely deprecated and
should be removed. I originally added it because I had a way of working
where I would run the action from my local machine to test out changes,
but this was always a little flaky. So, I no longer use this way of
working. I will probably remove it soon.
This commit changes the way the action determines if running in action
or runner mode. There is now an environment variable that is set at the
beginning of the process and elsewhere in the process, we can check to
see if the variable is set.
