This commit centralizes how feature flags are handled. All feature flags
must now add an entry in the `featureFlagConfig` dictionary. This
dictionary associates the flag with an environment variable name and
optionally a minimum version for CodeQL.
The new logic is:
- if the environment variable is set to false: disabled
- if the minimum version requirement specified and met: disabled
- if the environment variable is set to true: enable
- Otherwise check feature flag enablement from the server
This change adds:
- new `registries` block allowed in code scanning config file
- new `registries-auth-tokens` input in init action
- Change the downloadPacks function so that it accepts new parameters:
- registries block
- api auth
- Generate a qlconfig.yml file with the registries block if one is
supplied. Use this file when downloading packs.
- temporarily set the `GITHUB_TOKEN` and `CODEQL_REGISTRIES_AUTH` based
on api auth
TODO:
1. integration test
2. handle pack downloads when the config is generated by the CLI
This decorator enabled us to use the functionality of the Actions
toolcache within the runner too.
Now that we've deleted the runner we no longer need it.
.substr() is deprecated so we replace it with .slice() which works similarily but isn't deprecated
Signed-off-by: Tobias Speicher <rootcommander@gmail.com>
This commit adds a `UserError` class that should be thrown when the
cause of an error is fundamentally from user configuration.
When sending status reports, avoid sending a `failure` for `UserError`s.
This will prevent our diagnostics from pinging us for errors outside of
our control.
The new name `ml_powered_javascript_queries` is more consistent with
status report fields for analysis and interpretation duration metrics.
This isn't a breaking change since the old name never made it into the
GitHub API.
And add a better error message.
By using `void` instead of `await`, any error thrown is not caught
by surrounding try-catch blocks.
I could continue to use `void` and explicitly handle any thrown errors
by using `.catch`, but most likely the time savings is minimal and
this makes the code more complex.
4.4.2 introduces a breaking change that the variable in a catch clause
is now `unknown` type. So, we need to cast the `e`, `err`, or `error`
variables to type `Error`.
In the previous commit, the default value of the input is ${{ github.workspace }}
which means that most uses of this input would probably prefix their paths with
${{ github.workspace }}, especially since actions/checkout's 'path' input
must be under ${{ github.workspace }}. Therefore, it doesn't make much sense for
this to be an absolute file path.
Instead, it's more intuitive to make this relative to the repository.
This input is exposed in the CodeQL CLI as the flag --source-root, allowing
users of the CLI to set --source-root different from --working-dir. However,
in codeql-action, these two paths are conflated and it poses problems for
users with complicated build environments, in which a source root may be
a child of the working directory.
Most users should not notice this, as the default value is
${{ github.workspace }}, as it is implied now (`path.resolve()`).
This input allows users to specify which packs to run. It works in
unison with the packs block of the config file and it is similar to
how `queries` works. They both use `+` in the same way.
Note that the `#TODO` in the pr check is still around, but the CLI
is available. I will remove the TODO in the next commit.
This PR ensures environment variables are set before any invocation of
the CLI. Here is a list of vars that are set:
https://github.com/github/codeql-coreql-team/issues/1124#issuecomment-852463521
This ensures the CLI knows the features and versions of the containing
actions/runner.
Additionally:
- Fix the user agent so that it more closely aligns with user agent
spec
- Refactor environment variable initialization so that it all happens in
one place and call.
- Move Mode, getRequiredEnvParam, setMode, getMode out of actions-util
and into util. actions-util is meant for utils only called by the
action, not the runner.
The `prepareLocalRunEnvironment()` method is most likely deprecated and
should be removed. I originally added it because I had a way of working
where I would run the action from my local machine to test out changes,
but this was always a little flaky. So, I no longer use this way of
working. I will probably remove it soon.
This commit changes the way the action determines if running in action
or runner mode. There is now an environment variable that is set at the
beginning of the process and elsewhere in the process, we can check to
see if the variable is set.
