Merge pull request #1019 from github/update-v2.1.7-9cab82f2

Merge main into v2

CHANGELOG.md

@@ -1,8 +1,8 @@
 # CodeQL Action Changelog
 
-## [UNRELEASED]
+## 2.1.7 - 05 Apr 2022
 
-No user facing changes.
+- A bug where additional queries specified in the workflow file would sometimes not be respected has been fixed. [#1018](https://github.com/github/codeql-action/pull/1018)
 
 ## 2.1.6 - 30 Mar 2022
 

lib/analyze.js

@@ -133,8 +133,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag,
         }
         const codeql = await (0, codeql_1.getCodeQL)(config.codeQLCmd);
         try {
-            if (hasPackWithCustomQueries &&
-                !(await util.codeQlVersionAbove(codeql, codeql_1.CODEQL_VERSION_CONFIG_FILES))) {
+            if (hasPackWithCustomQueries) {
                 logger.info("Performing analysis with custom CodeQL Packs.");
                 logger.startGroup(`Downloading custom packs for ${language}`);
                 const results = await codeql.packDownload(packsWithVersion);

lib/codeql.js

@@ -22,12 +22,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.getExtraOptions = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.convertToSemVer = exports.getCodeQLURLVersion = exports.setupCodeQL = exports.getCodeQLActionRepository = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_ML_POWERED_QUERIES = exports.CODEQL_VERSION_CONFIG_FILES = exports.CODEQL_VERSION_COUNTS_LINES = exports.CommandInvocationError = void 0;
+exports.getExtraOptions = exports.getCodeQLForTesting = exports.getCachedCodeQL = exports.setCodeQL = exports.getCodeQL = exports.convertToSemVer = exports.getCodeQLURLVersion = exports.setupCodeQL = exports.getCodeQLActionRepository = exports.CODEQL_VERSION_NEW_TRACING = exports.CODEQL_VERSION_ML_POWERED_QUERIES = exports.CODEQL_VERSION_COUNTS_LINES = exports.CommandInvocationError = void 0;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const toolrunner = __importStar(require("@actions/exec/lib/toolrunner"));
 const fast_deep_equal_1 = __importDefault(require("fast-deep-equal"));
-const yaml = __importStar(require("js-yaml"));
 const query_string_1 = __importDefault(require("query-string"));
 const semver = __importStar(require("semver"));
 const actions_util_1 = require("./actions-util");
@@ -76,7 +75,6 @@ const CODEQL_VERSION_GROUP_RULES = "2.5.5";
 const CODEQL_VERSION_SARIF_GROUP = "2.5.3";
 exports.CODEQL_VERSION_COUNTS_LINES = "2.6.2";
 const CODEQL_VERSION_CUSTOM_QUERY_HELP = "2.7.1";
-exports.CODEQL_VERSION_CONFIG_FILES = "2.8.2"; // Versions before 2.8.2 weren't tolerant to unknown properties
 exports.CODEQL_VERSION_ML_POWERED_QUERIES = "2.7.5";
 /**
  * This variable controls using the new style of tracing from the CodeQL
@@ -468,28 +466,6 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                     extraArgs.push(`--trace-process-level=${processLevel || 3}`);
                 }
             }
-            if (await util.codeQlVersionAbove(codeql, exports.CODEQL_VERSION_CONFIG_FILES)) {
-                const configLocation = path.resolve(config.tempDir, "user-config.yaml");
-                const augmentedConfig = config.originalUserInput;
-                if (config.injectedMlQueries) {
-                    // We need to inject the ML queries into the original user input before
-                    // we pass this on to the CLI, to make sure these get run.
-                    const pack = await util.getMlPoweredJsQueriesPack(codeql);
-                    const packString = pack.packName + (pack.version ? `@${pack.version}` : "");
-                    if (augmentedConfig.packs === undefined)
-                        augmentedConfig.packs = [];
-                    if (Array.isArray(augmentedConfig.packs)) {
-                        augmentedConfig.packs.push(packString);
-                    }
-                    else {
-                        if (!augmentedConfig.packs.javascript)
-                            augmentedConfig.packs["javascript"] = [];
-                        augmentedConfig.packs["javascript"].push(packString);
-                    }
-                }
-                fs.writeFileSync(configLocation, yaml.dump(augmentedConfig));
-                extraArgs.push(`--codescanning-config=${configLocation}`);
-            }
             await runTool(cmd, [
                 "database",
                 "init",
@@ -610,9 +586,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
             if (extraSearchPath !== undefined) {
                 codeqlArgs.push("--additional-packs", extraSearchPath);
             }
-            if (!(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_CONFIG_FILES))) {
             codeqlArgs.push(querySuitePath);
-            }
             await runTool(cmd, codeqlArgs);
         },
         async databaseInterpretResults(databasePath, querySuitePaths, sarifFile, addSnippetsFlag, threadsFlag, automationDetailsId) {
@@ -639,9 +613,7 @@ async function getCodeQLForCmd(cmd, checkVersion) {
                 codeqlArgs.push("--sarif-category", automationDetailsId);
             }
             codeqlArgs.push(databasePath);
-            if (!(await util.codeQlVersionAbove(this, exports.CODEQL_VERSION_CONFIG_FILES))) {
             codeqlArgs.push(...querySuitePaths);
-            }
             // capture stdout, which contains analysis summaries
             return await runTool(cmd, codeqlArgs);
         },

node_modules/.package-lock.json

@@ -893,6 +893,14 @@
         "node": ">=8"
       }
     },
+    "node_modules/array-uniq": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/array-uniq/-/array-uniq-1.0.3.tgz",
+      "integrity": "sha1-r2rId6Jcx/dOBYiUdThY39sk/bY=",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/array.prototype.flat": {
       "version": "1.2.4",
       "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.2.4.tgz",
@@ -2788,6 +2796,17 @@
         "loc": "dist/cli.js"
       }
     },
+    "node_modules/github-linguist/node_modules/array-union": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/array-union/-/array-union-1.0.2.tgz",
+      "integrity": "sha1-mjRBDk9OPaI96jdb5b5w8kd47Dk=",
+      "dependencies": {
+        "array-uniq": "^1.0.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/github-linguist/node_modules/commander": {
       "version": "2.20.3",
       "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="

node_modules/array-uniq/index.js

@@ -0,0 +1,62 @@
+'use strict';
+
+// there's 3 implementations written in increasing order of efficiency
+
+// 1 - no Set type is defined
+function uniqNoSet(arr) {
+	var ret = [];
+
+	for (var i = 0; i < arr.length; i++) {
+		if (ret.indexOf(arr[i]) === -1) {
+			ret.push(arr[i]);
+		}
+	}
+
+	return ret;
+}
+
+// 2 - a simple Set type is defined
+function uniqSet(arr) {
+	var seen = new Set();
+	return arr.filter(function (el) {
+		if (!seen.has(el)) {
+			seen.add(el);
+			return true;
+		}
+
+		return false;
+	});
+}
+
+// 3 - a standard Set type is defined and it has a forEach method
+function uniqSetWithForEach(arr) {
+	var ret = [];
+
+	(new Set(arr)).forEach(function (el) {
+		ret.push(el);
+	});
+
+	return ret;
+}
+
+// V8 currently has a broken implementation
+// https://github.com/joyent/node/issues/8449
+function doesForEachActuallyWork() {
+	var ret = false;
+
+	(new Set([true])).forEach(function (el) {
+		ret = el;
+	});
+
+	return ret === true;
+}
+
+if ('Set' in global) {
+	if (typeof Set.prototype.forEach === 'function' && doesForEachActuallyWork()) {
+		module.exports = uniqSetWithForEach;
+	} else {
+		module.exports = uniqSet;
+	}
+} else {
+	module.exports = uniqNoSet;
+}

node_modules/array-uniq/license

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

node_modules/array-uniq/package.json

@@ -0,0 +1,37 @@
+{
+  "name": "array-uniq",
+  "version": "1.0.3",
+  "description": "Create an array without duplicates",
+  "license": "MIT",
+  "repository": "sindresorhus/array-uniq",
+  "author": {
+    "name": "Sindre Sorhus",
+    "email": "sindresorhus@gmail.com",
+    "url": "sindresorhus.com"
+  },
+  "engines": {
+    "node": ">=0.10.0"
+  },
+  "scripts": {
+    "test": "xo && ava"
+  },
+  "files": [
+    "index.js"
+  ],
+  "keywords": [
+    "array",
+    "arr",
+    "set",
+    "uniq",
+    "unique",
+    "es6",
+    "duplicate",
+    "remove"
+  ],
+  "devDependencies": {
+    "ava": "*",
+    "es6-set": "^0.1.0",
+    "require-uncached": "^1.0.2",
+    "xo": "*"
+  }
+}

node_modules/array-uniq/readme.md

@@ -0,0 +1,30 @@
+# array-uniq [![Build Status](https://travis-ci.org/sindresorhus/array-uniq.svg?branch=master)](https://travis-ci.org/sindresorhus/array-uniq)
+
+> Create an array without duplicates
+
+It's already pretty fast, but will be much faster when [Set](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Set) becomes available in V8 (especially with large arrays).
+
+
+## Install
+
+```
+$ npm install --save array-uniq
+```
+
+
+## Usage
+
+```js
+const arrayUniq = require('array-uniq');
+
+arrayUniq([1, 1, 2, 3, 3]);
+//=> [1, 2, 3]
+
+arrayUniq(['foo', 'foo', 'bar', 'foo']);
+//=> ['foo', 'bar']
+```
+
+
+## License
+
+MIT © [Sindre Sorhus](https://sindresorhus.com)

node_modules/github-linguist/node_modules/array-union/index.js

@@ -0,0 +1,6 @@
+'use strict';
+var arrayUniq = require('array-uniq');
+
+module.exports = function () {
+	return arrayUniq([].concat.apply([], arguments));
+};

node_modules/github-linguist/node_modules/array-union/license

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) Sindre Sorhus <sindresorhus@gmail.com> (sindresorhus.com)
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

node_modules/github-linguist/node_modules/array-union/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "array-union",
+  "version": "1.0.2",
+  "description": "Create an array of unique values, in order, from the input arrays",
+  "license": "MIT",
+  "repository": "sindresorhus/array-union",
+  "author": {
+    "name": "Sindre Sorhus",
+    "email": "sindresorhus@gmail.com",
+    "url": "sindresorhus.com"
+  },
+  "engines": {
+    "node": ">=0.10.0"
+  },
+  "scripts": {
+    "test": "xo && ava"
+  },
+  "files": [
+    "index.js"
+  ],
+  "keywords": [
+    "array",
+    "arr",
+    "set",
+    "uniq",
+    "unique",
+    "duplicate",
+    "remove",
+    "union",
+    "combine",
+    "merge"
+  ],
+  "dependencies": {
+    "array-uniq": "^1.0.1"
+  },
+  "devDependencies": {
+    "ava": "*",
+    "xo": "*"
+  }
+}

node_modules/github-linguist/node_modules/array-union/readme.md

@@ -0,0 +1,28 @@
+# array-union [![Build Status](https://travis-ci.org/sindresorhus/array-union.svg?branch=master)](https://travis-ci.org/sindresorhus/array-union)
+
+> Create an array of unique values, in order, from the input arrays
+
+
+## Install
+
+```
+$ npm install --save array-union
+```
+
+
+## Usage
+
+```js
+const arrayUnion = require('array-union');
+
+arrayUnion([1, 1, 2, 3], [2, 3]);
+//=> [1, 2, 3]
+
+arrayUnion(['foo', 'foo', 'bar'], ['foo']);
+//=> ['foo', 'bar']
+```
+
+
+## License
+
+MIT © [Sindre Sorhus](https://sindresorhus.com)

package-lock.json

@@ -946,6 +946,14 @@
         "node": ">=8"
       }
     },
+    "node_modules/array-uniq": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/array-uniq/-/array-uniq-1.0.3.tgz",
+      "integrity": "sha1-r2rId6Jcx/dOBYiUdThY39sk/bY=",
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/array.prototype.flat": {
       "version": "1.2.4",
       "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.2.4.tgz",
@@ -2841,6 +2849,17 @@
         "loc": "dist/cli.js"
       }
     },
+    "node_modules/github-linguist/node_modules/array-union": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/array-union/-/array-union-1.0.2.tgz",
+      "integrity": "sha1-mjRBDk9OPaI96jdb5b5w8kd47Dk=",
+      "dependencies": {
+        "array-uniq": "^1.0.1"
+      },
+      "engines": {
+        "node": ">=0.10.0"
+      }
+    },
     "node_modules/github-linguist/node_modules/commander": {
       "version": "2.20.3",
       "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="
@@ -6057,6 +6076,11 @@
       "version": "2.1.0",
       "integrity": "sha512-HGyxoOTYUyCM6stUe6EJgnd4EoewAI7zMdfqO+kGjnlZmBDz/cR5pf8r/cR4Wq60sL/p0IkcjUEEPwS3GFrIyw=="
     },
+    "array-uniq": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/array-uniq/-/array-uniq-1.0.3.tgz",
+      "integrity": "sha1-r2rId6Jcx/dOBYiUdThY39sk/bY="
+    },
     "array.prototype.flat": {
       "version": "1.2.4",
       "resolved": "https://registry.npmjs.org/array.prototype.flat/-/array.prototype.flat-1.2.4.tgz",
@@ -7422,6 +7446,14 @@
         "slash2": "^2.0.0"
       },
       "dependencies": {
+        "array-union": {
+          "version": "1.0.2",
+          "resolved": "https://registry.npmjs.org/array-union/-/array-union-1.0.2.tgz",
+          "integrity": "sha1-mjRBDk9OPaI96jdb5b5w8kd47Dk=",
+          "requires": {
+            "array-uniq": "^1.0.1"
+          }
+        },
         "commander": {
           "version": "2.20.3",
           "integrity": "sha512-GpVkmM8vF2vQUkj2LvZmD35JxeJOLCwJ9cUkugyk2nuhbv3+mJvpLYYt+0+USMxE+oj+ey/lJEnhZw75x/OMcQ=="

src/analyze.ts

@@ -6,7 +6,6 @@ import * as yaml from "js-yaml";
 
 import * as analysisPaths from "./analysis-paths";
 import {
-  CODEQL_VERSION_CONFIG_FILES,
   CODEQL_VERSION_COUNTS_LINES,
   CODEQL_VERSION_NEW_TRACING,
   getCodeQL,
@@ -238,10 +237,7 @@ export async function runQueries(
 
     const codeql = await getCodeQL(config.codeQLCmd);
     try {
-      if (
-        hasPackWithCustomQueries &&
-        !(await util.codeQlVersionAbove(codeql, CODEQL_VERSION_CONFIG_FILES))
-      ) {
+      if (hasPackWithCustomQueries) {
         logger.info("Performing analysis with custom CodeQL Packs.");
         logger.startGroup(`Downloading custom packs for ${language}`);
 

src/codeql.ts

@@ -4,7 +4,6 @@ import * as path from "path";
 import * as toolrunner from "@actions/exec/lib/toolrunner";
 import { IHeaders } from "@actions/http-client/interfaces";
 import { default as deepEqual } from "fast-deep-equal";
-import * as yaml from "js-yaml";
 import { default as queryString } from "query-string";
 import * as semver from "semver";
 
@@ -220,7 +219,6 @@ const CODEQL_VERSION_GROUP_RULES = "2.5.5";
 const CODEQL_VERSION_SARIF_GROUP = "2.5.3";
 export const CODEQL_VERSION_COUNTS_LINES = "2.6.2";
 const CODEQL_VERSION_CUSTOM_QUERY_HELP = "2.7.1";
-export const CODEQL_VERSION_CONFIG_FILES = "2.8.2"; // Versions before 2.8.2 weren't tolerant to unknown properties
 export const CODEQL_VERSION_ML_POWERED_QUERIES = "2.7.5";
 
 /**
@@ -735,28 +733,6 @@ async function getCodeQLForCmd(
           extraArgs.push(`--trace-process-level=${processLevel || 3}`);
         }
       }
-      if (await util.codeQlVersionAbove(codeql, CODEQL_VERSION_CONFIG_FILES)) {
-        const configLocation = path.resolve(config.tempDir, "user-config.yaml");
-        const augmentedConfig = config.originalUserInput;
-        if (config.injectedMlQueries) {
-          // We need to inject the ML queries into the original user input before
-          // we pass this on to the CLI, to make sure these get run.
-          const pack = await util.getMlPoweredJsQueriesPack(codeql);
-          const packString =
-            pack.packName + (pack.version ? `@${pack.version}` : "");
-
-          if (augmentedConfig.packs === undefined) augmentedConfig.packs = [];
-          if (Array.isArray(augmentedConfig.packs)) {
-            augmentedConfig.packs.push(packString);
-          } else {
-            if (!augmentedConfig.packs.javascript)
-              augmentedConfig.packs["javascript"] = [];
-            augmentedConfig.packs["javascript"].push(packString);
-          }
-        }
-        fs.writeFileSync(configLocation, yaml.dump(augmentedConfig));
-        extraArgs.push(`--codescanning-config=${configLocation}`);
-      }
       await runTool(cmd, [
         "database",
         "init",
@@ -914,9 +890,7 @@ async function getCodeQLForCmd(
       if (extraSearchPath !== undefined) {
         codeqlArgs.push("--additional-packs", extraSearchPath);
       }
-      if (!(await util.codeQlVersionAbove(this, CODEQL_VERSION_CONFIG_FILES))) {
       codeqlArgs.push(querySuitePath);
-      }
       await runTool(cmd, codeqlArgs);
     },
     async databaseInterpretResults(
@@ -952,9 +926,7 @@ async function getCodeQLForCmd(
         codeqlArgs.push("--sarif-category", automationDetailsId);
       }
       codeqlArgs.push(databasePath);
-      if (!(await util.codeQlVersionAbove(this, CODEQL_VERSION_CONFIG_FILES))) {
       codeqlArgs.push(...querySuitePaths);
-      }
       // capture stdout, which contains analysis summaries
       return await runTool(cmd, codeqlArgs);
     },