This commit adds a `packs` option to the codeql-config.yml file. Users
can specify a list of ql packs to include in the analysis.
For a single language analysis, the packs property looks like this:
```yaml
packs:
- pack-scope/pack-name1@1.2.3
- pack-scope/pack-name2 # no explicit version means download the latest
```
For multi-language analysis, you must key the packs block by lanaguage:
```yaml
packs:
cpp:
- pack-scope/pack-name1@1.2.3
- pack-scope/pack-name2
java:
- pack-scope/pack-name3@1.2.3
- pack-scope/pack-name4
```
This implementation adds a new analysis run (alongside custom and
builtin runs). The unit tests indicate that the correct commands are
being run, but I have not actually tried this with a real CLI.
Also, convert `instanceof Array` to `Array.isArray` since that is
sightly better in some situations. See:
https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/isArray#instanceof_vs_isarray
This is a functionality that never worked perfectly and hasn't been
used for a while.
This allows developers to run the action on their local machine, but
the run was always flaky and never 100% mirrored what was happening on
the actions runner.
This PR ensures environment variables are set before any invocation of
the CLI. Here is a list of vars that are set:
https://github.com/github/codeql-coreql-team/issues/1124#issuecomment-852463521
This ensures the CLI knows the features and versions of the containing
actions/runner.
Additionally:
- Fix the user agent so that it more closely aligns with user agent
spec
- Refactor environment variable initialization so that it all happens in
one place and call.
- Move Mode, getRequiredEnvParam, setMode, getMode out of actions-util
and into util. actions-util is meant for utils only called by the
action, not the runner.
The `prepareLocalRunEnvironment()` method is most likely deprecated and
should be removed. I originally added it because I had a way of working
where I would run the action from my local machine to test out changes,
but this was always a little flaky. So, I no longer use this way of
working. I will probably remove it soon.
This commit changes the way the action determines if running in action
or runner mode. There is now an environment variable that is set at the
beginning of the process and elsewhere in the process, we can check to
see if the variable is set.
Fix grouping of the analysis logs, so that custom query logs also get grouped.
Capture the stdout of codeql database analyze, which contains the analysis summary
from summary and diagnostic queries.
Log this output in its own group, along with the baseline computed in the Action.
These warnings refer to a hack that was added to the CLI in
https://github.com/github/semmle-code/pull/39335
They can be removed again once the CLI has a more principled way for
the CLI to recognize that it's being invoked by the runner/action.
Previously, we were always using `**` in the include path. the
effect of this was to always count lines in the entire
repository unless explicitly added to the paths-ignore. This
was incorrect behaviour. Now we only using `**` if the include
path is otherwise empty.
Fixes a bug where we were looking for incorrect keys for metrics rules.
Previously, we were using full language names in the keys. Now, we use
the short language names in the metric ids. This is done through a
simplification of the code.
Also, this change does two smaller things:
1. Prints out the baseline count to the logs
2. Adds the `assertNever` function to ensure we never miss a case in
a switch statement. This function is borrowed from vscode-codeql.
We were inadvertently using codeql language ids instead of the action's
language ids. There is now a 3-way mapping between the ids used by
the lines counter library, the action, and codeql.
The SARIF that we are interpreting has moved away from using `metric`
to the more general term, `rule`. We need to adapt our baseline lines of
code counting to use `rule` as well.
