This decorator enabled us to use the functionality of the Actions
toolcache within the runner too.
Now that we've deleted the runner we no longer need it.
This change adds a `query-filters` property to the codeql-config file.
This property is an array of `exclude`/`include` entries for a query
suite. These filters are appended to the generated query suite files
and used to filter queries after they are selected.
A related change is that now, all pack references are run in a single
query suite, which has the query filters appended to them.
We now limit the cardinality of the ML-powered JS queries status report
field server-side. With no need for a limit on the cardinality of the
status report client-side, we can simplify how we produce it.
Some platforms that ingest this status report charge based on the
cardinality of the fields, so here we restrict the version strings we
support to a fixed set.
Turboscan only allows a single combination of tool name and automation
details id for testing category uniqueness.
Previously, the check in the action was not entirely correct since it
only looked at the _category_ and not the combination of the category
and the tool name.
It's even more precise now since it is looking at the actual, computed
value of the automation details id, rather than an inputted value of
the category.
This change also includes a refactoring where the action is now avoiding
multiple parsing/stringifying of the sarif files. Instead, sarif is
parsed once at the start of the process and stringified once, after
sarif processing is completely finished.
4.4.2 introduces a breaking change that the variable in a catch clause
is now `unknown` type. So, we need to cast the `e`, `err`, or `error`
variables to type `Error`.
This is a functionality that never worked perfectly and hasn't been
used for a while.
This allows developers to run the action on their local machine, but
the run was always flaky and never 100% mirrored what was happening on
the actions runner.
This PR ensures environment variables are set before any invocation of
the CLI. Here is a list of vars that are set:
https://github.com/github/codeql-coreql-team/issues/1124#issuecomment-852463521
This ensures the CLI knows the features and versions of the containing
actions/runner.
Additionally:
- Fix the user agent so that it more closely aligns with user agent
spec
- Refactor environment variable initialization so that it all happens in
one place and call.
- Move Mode, getRequiredEnvParam, setMode, getMode out of actions-util
and into util. actions-util is meant for utils only called by the
action, not the runner.
The `prepareLocalRunEnvironment()` method is most likely deprecated and
should be removed. I originally added it because I had a way of working
where I would run the action from my local machine to test out changes,
but this was always a little flaky. So, I no longer use this way of
working. I will probably remove it soon.
Mitigation for OOM errors (137/SIGKILL) seen by users when we overcommit the available memory.
For Unix, reserve 1GB.
For Windows, reserve 1.5GB, as the OS needs more memory and estimates inaccurately.
This commit adds two new ways of specifying GitHub auth:
1. from the GITHUB_TOKEN environment variable
2. from standard input
This commit does not include any documentation changes and the
descriptions of new command line options will need to be tweaked.
* Allow the codeql-action to be run locally
This change allows the codeql-action to be run locally through
[act](https://github.com/nektos/act).
In order to run the action locally, you need to do two things:
1. Add the `CODEQL_LOCAL_RUN: true` environment variable. The only way
I could figure out how to do this was to add it directly in the
workflow file in an `env` block. It _should_ be possible to add it
through a `.env` file and pass it to `act`, but I couldn't get it
working.
2. Run this command `act -j codeql -s GITHUB_TOKEN=<MY_PAT>`
Setting the `CODEQL_LOCAL_RUN` env var will fill in missing env vars
that the action needs, but isn't set by `act`. It will also avoid
making api calls to github that would fail locally.
This is a refactoring discussed in
https://github.com/github/dsp-codeql/issues/36
