mirror of
https://github.com/github/codeql-action.git
synced 2025-12-07 08:18:08 +08:00
Compare commits
21 Commits
codeql-bun
...
v3.28.3
| Author | SHA1 | Date | |
|---|---|---|---|
|
dd196fa9ce | ||
|
|
23d07bb885 | ||
|
|
23ec3afaf8 | ||
|
|
519de26711 | ||
|
|
7e4b683a3d | ||
|
|
3505f8142a | ||
|
|
1645dbd3bf | ||
|
|
4b7c237f3d | ||
|
|
924ef8f189 | ||
|
|
140c5ea762 | ||
|
|
c34eb63970 | ||
|
|
07d32980ce | ||
|
|
20bbc8f5b5 | ||
|
|
d23f49f56f | ||
|
|
f89b8a7d52 | ||
|
|
86400836d1 | ||
|
|
6fee807c9b | ||
|
|
d68b2d4edb | ||
|
|
ea23796445 | ||
|
|
a0c2b7d296 | ||
|
|
aa76523503 |
@@ -2,7 +2,13 @@
|
||||
|
||||
See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs.
|
||||
|
||||
## [UNRELEASED]
|
||||
## 3.28.3 - 22 Jan 2025
|
||||
|
||||
- Update default CodeQL bundle version to 2.20.2. [#2707](https://github.com/github/codeql-action/pull/2707)
|
||||
- Fix an issue downloading the CodeQL Bundle from a GitHub Enterprise Server instance which occurred when the CodeQL Bundle had been synced to the instance using the [CodeQL Action sync tool](https://github.com/github/codeql-action-sync-tool) and the Actions runner did not have Zstandard installed. [#2710](https://github.com/github/codeql-action/pull/2710)
|
||||
- Uploading debug artifacts for CodeQL analysis is temporarily disabled. [#2712](https://github.com/github/codeql-action/pull/2712)
|
||||
|
||||
## 3.28.2 - 21 Jan 2025
|
||||
|
||||
No user facing changes.
|
||||
|
||||
|
||||
2
lib/debug-artifacts.js
generated
2
lib/debug-artifacts.js
generated
@@ -190,6 +190,8 @@ async function uploadDebugArtifacts(logger, toUpload, rootDir, artifactName, ghV
|
||||
if (toUpload.length === 0) {
|
||||
return;
|
||||
}
|
||||
logger.info("Uploading debug artifacts is temporarily disabled");
|
||||
return;
|
||||
let suffix = "";
|
||||
const matrix = (0, actions_util_1.getRequiredInput)("matrix");
|
||||
if (matrix) {
|
||||
|
||||
File diff suppressed because one or more lines are too long
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"bundleVersion": "codeql-bundle-v2.20.1",
|
||||
"cliVersion": "2.20.1",
|
||||
"priorBundleVersion": "codeql-bundle-v2.20.0",
|
||||
"priorCliVersion": "2.20.0"
|
||||
"bundleVersion": "codeql-bundle-v2.20.2",
|
||||
"cliVersion": "2.20.2",
|
||||
"priorBundleVersion": "codeql-bundle-v2.20.1",
|
||||
"priorCliVersion": "2.20.1"
|
||||
}
|
||||
|
||||
56
lib/setup-codeql.js
generated
56
lib/setup-codeql.js
generated
@@ -70,11 +70,18 @@ var ToolsSource;
|
||||
})(ToolsSource || (exports.ToolsSource = ToolsSource = {}));
|
||||
exports.CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
|
||||
const CODEQL_BUNDLE_VERSION_ALIAS = ["linked", "latest"];
|
||||
function getCodeQLBundleExtension(useZstd) {
|
||||
return useZstd ? ".tar.zst" : ".tar.gz";
|
||||
function getCodeQLBundleExtension(compressionMethod) {
|
||||
switch (compressionMethod) {
|
||||
case "gzip":
|
||||
return ".tar.gz";
|
||||
case "zstd":
|
||||
return ".tar.zst";
|
||||
default:
|
||||
util.assertNever(compressionMethod);
|
||||
}
|
||||
}
|
||||
function getCodeQLBundleName(useZstd) {
|
||||
const extension = getCodeQLBundleExtension(useZstd);
|
||||
function getCodeQLBundleName(compressionMethod) {
|
||||
const extension = getCodeQLBundleExtension(compressionMethod);
|
||||
let platform;
|
||||
if (process.platform === "win32") {
|
||||
platform = "win64";
|
||||
@@ -100,7 +107,7 @@ function getCodeQLActionRepository(logger) {
|
||||
}
|
||||
return util.getRequiredEnvParam("GITHUB_ACTION_REPOSITORY");
|
||||
}
|
||||
async function getCodeQLBundleDownloadURL(tagName, apiDetails, useZstd, logger) {
|
||||
async function getCodeQLBundleDownloadURL(tagName, apiDetails, compressionMethod, logger) {
|
||||
const codeQLActionRepository = getCodeQLActionRepository(logger);
|
||||
const potentialDownloadSources = [
|
||||
// This GitHub instance, and this Action.
|
||||
@@ -115,7 +122,7 @@ async function getCodeQLBundleDownloadURL(tagName, apiDetails, useZstd, logger)
|
||||
const uniqueDownloadSources = potentialDownloadSources.filter((source, index, self) => {
|
||||
return !self.slice(0, index).some((other) => (0, fast_deep_equal_1.default)(source, other));
|
||||
});
|
||||
const codeQLBundleName = getCodeQLBundleName(useZstd);
|
||||
const codeQLBundleName = getCodeQLBundleName(compressionMethod);
|
||||
for (const downloadSource of uniqueDownloadSources) {
|
||||
const [apiURL, repository] = downloadSource;
|
||||
// If we've reached the final case, short-circuit the API check since we know the bundle exists and is public.
|
||||
@@ -132,13 +139,13 @@ async function getCodeQLBundleDownloadURL(tagName, apiDetails, useZstd, logger)
|
||||
});
|
||||
for (const asset of release.data.assets) {
|
||||
if (asset.name === codeQLBundleName) {
|
||||
logger.info(`Found CodeQL bundle in ${downloadSource[1]} on ${downloadSource[0]} with URL ${asset.url}.`);
|
||||
logger.info(`Found CodeQL bundle ${codeQLBundleName} in ${repository} on ${apiURL} with URL ${asset.url}.`);
|
||||
return asset.url;
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (e) {
|
||||
logger.info(`Looked for CodeQL bundle in ${downloadSource[1]} on ${downloadSource[0]} but got error ${e}.`);
|
||||
logger.info(`Looked for CodeQL bundle ${codeQLBundleName} in ${repository} on ${apiURL} but got error ${e}.`);
|
||||
}
|
||||
}
|
||||
return `https://github.com/${exports.CODEQL_DEFAULT_ACTION_REPOSITORY}/releases/download/${tagName}/${codeQLBundleName}`;
|
||||
@@ -221,8 +228,14 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
|
||||
!CODEQL_BUNDLE_VERSION_ALIAS.includes(toolsInput) &&
|
||||
!toolsInput.startsWith("http")) {
|
||||
logger.info(`Using CodeQL CLI from local path ${toolsInput}`);
|
||||
const compressionMethod = tar.inferCompressionMethod(toolsInput);
|
||||
if (compressionMethod === undefined) {
|
||||
throw new util.ConfigurationError(`Could not infer compression method from path ${toolsInput}. Please specify a path ` +
|
||||
"ending in '.tar.gz' or '.tar.zst'.");
|
||||
}
|
||||
return {
|
||||
codeqlTarPath: toolsInput,
|
||||
compressionMethod,
|
||||
sourceType: "local",
|
||||
toolsVersion: "local",
|
||||
};
|
||||
@@ -356,9 +369,22 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
|
||||
return result;
|
||||
}
|
||||
}
|
||||
let compressionMethod;
|
||||
if (!url) {
|
||||
url = await getCodeQLBundleDownloadURL(tagName, apiDetails, cliVersion !== undefined &&
|
||||
(await useZstdBundle(cliVersion, tarSupportsZstd)), logger);
|
||||
compressionMethod =
|
||||
cliVersion !== undefined &&
|
||||
(await useZstdBundle(cliVersion, tarSupportsZstd))
|
||||
? "zstd"
|
||||
: "gzip";
|
||||
url = await getCodeQLBundleDownloadURL(tagName, apiDetails, compressionMethod, logger);
|
||||
}
|
||||
else {
|
||||
const method = tar.inferCompressionMethod(url);
|
||||
if (method === undefined) {
|
||||
throw new util.ConfigurationError(`Could not infer compression method from URL ${url}. Please specify a URL ` +
|
||||
"ending in '.tar.gz' or '.tar.zst'.");
|
||||
}
|
||||
compressionMethod = method;
|
||||
}
|
||||
if (cliVersion) {
|
||||
logger.info(`Using CodeQL CLI version ${cliVersion} sourced from ${url} .`);
|
||||
@@ -370,6 +396,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian
|
||||
bundleVersion: tagName && tryGetBundleVersionFromTagName(tagName, logger),
|
||||
cliVersion,
|
||||
codeqlURL: url,
|
||||
compressionMethod,
|
||||
sourceType: "download",
|
||||
toolsVersion: cliVersion ?? humanReadableVersion,
|
||||
};
|
||||
@@ -390,7 +417,7 @@ async function tryGetFallbackToolcacheVersion(cliVersion, tagName, logger) {
|
||||
}
|
||||
// Exported using `export const` for testing purposes. Specifically, we want to
|
||||
// be able to stub this function and have other functions in this file use that stub.
|
||||
const downloadCodeQL = async function (codeqlURL, maybeBundleVersion, maybeCliVersion, apiDetails, tarVersion, tempDir, features, logger) {
|
||||
const downloadCodeQL = async function (codeqlURL, compressionMethod, maybeBundleVersion, maybeCliVersion, apiDetails, tarVersion, tempDir, features, logger) {
|
||||
const parsedCodeQLURL = new URL(codeqlURL);
|
||||
const searchParams = new URLSearchParams(parsedCodeQLURL.search);
|
||||
const headers = {
|
||||
@@ -417,7 +444,7 @@ const downloadCodeQL = async function (codeqlURL, maybeBundleVersion, maybeCliVe
|
||||
const extractedBundlePath = extractToToolcache
|
||||
? toolcacheInfo.path
|
||||
: getTempExtractionDir(tempDir);
|
||||
let statusReport = await (0, tools_download_1.downloadAndExtract)(codeqlURL, extractedBundlePath, authorization, { "User-Agent": "CodeQL Action", ...headers }, tarVersion, logger);
|
||||
let statusReport = await (0, tools_download_1.downloadAndExtract)(codeqlURL, compressionMethod, extractedBundlePath, authorization, { "User-Agent": "CodeQL Action", ...headers }, tarVersion, logger);
|
||||
if (!toolcacheInfo) {
|
||||
logger.debug("Could not cache CodeQL tools because we could not determine the bundle version from the " +
|
||||
`URL ${codeqlURL}.`);
|
||||
@@ -509,8 +536,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, featu
|
||||
let toolsSource;
|
||||
switch (source.sourceType) {
|
||||
case "local": {
|
||||
const compressionMethod = tar.inferCompressionMethod(source.codeqlTarPath);
|
||||
codeqlFolder = await tar.extract(source.codeqlTarPath, getTempExtractionDir(tempDir), compressionMethod, zstdAvailability.version, logger);
|
||||
codeqlFolder = await tar.extract(source.codeqlTarPath, getTempExtractionDir(tempDir), source.compressionMethod, zstdAvailability.version, logger);
|
||||
toolsSource = ToolsSource.Local;
|
||||
break;
|
||||
}
|
||||
@@ -520,7 +546,7 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, featu
|
||||
toolsSource = ToolsSource.Toolcache;
|
||||
break;
|
||||
case "download": {
|
||||
const result = await (0, exports.downloadCodeQL)(source.codeqlURL, source.bundleVersion, source.cliVersion, apiDetails, zstdAvailability.version, tempDir, features, logger);
|
||||
const result = await (0, exports.downloadCodeQL)(source.codeqlURL, source.compressionMethod, source.bundleVersion, source.cliVersion, apiDetails, zstdAvailability.version, tempDir, features, logger);
|
||||
toolsVersion = result.toolsVersion;
|
||||
codeqlFolder = result.codeqlFolder;
|
||||
toolsDownloadStatusReport = result.statusReport;
|
||||
|
||||
File diff suppressed because one or more lines are too long
22
lib/tar.js
generated
22
lib/tar.js
generated
@@ -43,6 +43,7 @@ const stream = __importStar(require("stream"));
|
||||
const toolrunner_1 = require("@actions/exec/lib/toolrunner");
|
||||
const io = __importStar(require("@actions/io"));
|
||||
const toolcache = __importStar(require("@actions/tool-cache"));
|
||||
const semver = __importStar(require("semver"));
|
||||
const actions_util_1 = require("./actions-util");
|
||||
const util_1 = require("./util");
|
||||
const MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3";
|
||||
@@ -88,13 +89,18 @@ async function isZstdAvailable(logger) {
|
||||
switch (type) {
|
||||
case "gnu":
|
||||
return {
|
||||
available: foundZstdBinary && version >= MIN_REQUIRED_GNU_TAR_VERSION,
|
||||
available: foundZstdBinary &&
|
||||
// GNU tar only uses major and minor version numbers
|
||||
semver.gte(semver.coerce(version), semver.coerce(MIN_REQUIRED_GNU_TAR_VERSION)),
|
||||
foundZstdBinary,
|
||||
version: tarVersion,
|
||||
};
|
||||
case "bsd":
|
||||
return {
|
||||
available: foundZstdBinary && version >= MIN_REQUIRED_BSD_TAR_VERSION,
|
||||
available: foundZstdBinary &&
|
||||
// Do a loose comparison since these version numbers don't contain
|
||||
// a patch version number.
|
||||
semver.gte(version, MIN_REQUIRED_BSD_TAR_VERSION),
|
||||
foundZstdBinary,
|
||||
version: tarVersion,
|
||||
};
|
||||
@@ -179,10 +185,16 @@ async function extractTarZst(tar, dest, tarVersion, logger) {
|
||||
throw e;
|
||||
}
|
||||
}
|
||||
const KNOWN_EXTENSIONS = {
|
||||
"tar.gz": "gzip",
|
||||
"tar.zst": "zstd",
|
||||
};
|
||||
function inferCompressionMethod(tarPath) {
|
||||
if (tarPath.endsWith(".tar.gz")) {
|
||||
return "gzip";
|
||||
for (const [ext, method] of Object.entries(KNOWN_EXTENSIONS)) {
|
||||
if (tarPath.endsWith(`.${ext}`)) {
|
||||
return method;
|
||||
}
|
||||
}
|
||||
return "zstd";
|
||||
return undefined;
|
||||
}
|
||||
//# sourceMappingURL=tar.js.map
|
||||
File diff suppressed because one or more lines are too long
3
lib/tools-download.js
generated
3
lib/tools-download.js
generated
@@ -73,9 +73,8 @@ function makeStreamedToolsDownloadDurations(combinedDurationMs) {
|
||||
streamExtraction: true,
|
||||
};
|
||||
}
|
||||
async function downloadAndExtract(codeqlURL, dest, authorization, headers, tarVersion, logger) {
|
||||
async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorization, headers, tarVersion, logger) {
|
||||
logger.info(`Downloading CodeQL tools from ${codeqlURL} . This may take a while.`);
|
||||
const compressionMethod = tar.inferCompressionMethod(codeqlURL);
|
||||
try {
|
||||
if (compressionMethod === "zstd" && process.platform === "linux") {
|
||||
logger.info(`Streaming the extraction of the CodeQL bundle.`);
|
||||
|
||||
@@ -1 +1 @@
|
||||
{"version":3,"file":"tools-download.js","sourceRoot":"","sources":["../src/tools-download.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkFA,gDAmGC;AA8CD,sDAOC;AAED,4DAOC;AAnPD,uCAAyB;AAEzB,uCAAyB;AACzB,2CAA6B;AAC7B,2CAAyC;AAEzC,oDAAsC;AACtC,sDAAkD;AAClD,+DAAiD;AACjD,uDAAyC;AACzC,+CAAiC;AAEjC,uCAAmD;AACnD,2CAA6B;AAC7B,iCAA2E;AAE3E;;GAEG;AACU,QAAA,8BAA8B,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,QAAQ;AAEvE;;GAEG;AACH,MAAM,mBAAmB,GAAG,QAAQ,CAAC;AAarC,SAAS,uCAAuC,CAC9C,kBAA0B,EAC1B,oBAA4B;IAE5B,OAAO;QACL,kBAAkB,EAAE,kBAAkB,GAAG,oBAAoB;QAC7D,kBAAkB;QAClB,oBAAoB;QACpB,gBAAgB,EAAE,KAAK;KACxB,CAAC;AACJ,CAAC;AAaD,SAAS,kCAAkC,CACzC,kBAA0B;IAE1B,OAAO;QACL,kBAAkB;QAClB,kBAAkB,EAAE,SAAS;QAC7B,oBAAoB,EAAE,SAAS;QAC/B,gBAAgB,EAAE,IAAI;KACvB,CAAC;AACJ,CAAC;AAaM,KAAK,UAAU,kBAAkB,CACtC,SAAiB,EACjB,IAAY,EACZ,aAAiC,EACjC,OAA4B,EAC5B,UAAsC,EACtC,MAAc;IAEd,MAAM,CAAC,IAAI,CACT,iCAAiC,SAAS,2BAA2B,CACtE,CAAC;IAEF,MAAM,iBAAiB,GAAG,GAAG,CAAC,sBAAsB,CAAC,SAAS,CAAC,CAAC;IAEhE,IAAI,CAAC;QACH,IAAI,iBAAiB,KAAK,MAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjE,MAAM,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;YAE9D,MAAM,iBAAiB,GAAG,wBAAW,CAAC,GAAG,EAAE,CAAC;YAC5C,MAAM,mCAAmC,CACvC,SAAS,EACT,IAAI,EACJ,aAAa,EACb,OAAO,EACP,UAAW,EACX,MAAM,CACP,CAAC;YAEF,MAAM,kBAAkB,GAAG,IAAI,CAAC,KAAK,CACnC,wBAAW,CAAC,GAAG,EAAE,GAAG,iBAAiB,CACtC,CAAC;YACF,MAAM,CAAC,IAAI,CACT,wDAAwD,IAAI,KAAK,IAAA,wBAAc,EAC7E,kBAAkB,CACnB,IAAI,CACN,CAAC;YAEF,OAAO;gBACL,iBAAiB;gBACjB,QAAQ,EAAE,0BAA0B,CAAC,SAAS,CAAC;gBAC/C,GAAG,kCAAkC,CAAC,kBAAkB,CAAC;aAC1D,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,OAAO,CACV,4EAA4E,IAAA,sBAAe,EAAC,CAAC,CAAC,EAAE,CACjG,CAAC;QACF,IAAI,CAAC,OAAO,CAAC,2DAA2D,CAAC,CAAC;QAE1E,gFAAgF;QAChF,uBAAuB;QACvB,MAAM,IAAA,kBAAW,EAAC,IAAI,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,kBAAkB,GAAG,wBAAW,CAAC,GAAG,EAAE,CAAC;IAC7C,MAAM,kBAAkB,GAAG,MAAM,SAAS,CAAC,YAAY,CACrD,SAAS,EACT,SAAS,EACT,aAAa,EACb,OAAO,CACR,CAAC;IACF,MAAM,kBAAkB,GAAG,IAAI,CAAC,KAAK,CAAC,wBAAW,CAAC,GAAG,EAAE,GAAG,kBAAkB,CAAC,CAAC;IAE9E,MAAM,CAAC,IAAI,CACT,yCAAyC,kBAAkB,KAAK,IAAA,wBAAc,EAC5E,kBAAkB,CACnB,IAAI,CACN,CAAC;IAEF,IAAI,oBAA4B,CAAC;IAEjC,IAAI,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QACzC,MAAM,eAAe,GAAG,wBAAW,CAAC,GAAG,EAAE,CAAC;QAC1C,MAAM,GAAG,CAAC,OAAO,CACf,kBAAkB,EAClB,IAAI,EACJ,iBAAiB,EACjB,UAAU,EACV,MAAM,CACP,CAAC;QACF,oBAAoB,GAAG,IAAI,CAAC,KAAK,CAAC,wBAAW,CAAC,GAAG,EAAE,GAAG,eAAe,CAAC,CAAC;QACvE,MAAM,CAAC,IAAI,CACT,wCAAwC,IAAI,KAAK,IAAA,wBAAc,EAC7D,oBAAoB,CACrB,IAAI,CACN,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,MAAM,IAAA,kBAAW,EAAC,kBAAkB,EAAE,uBAAuB,EAAE,MAAM,CAAC,CAAC;IACzE,CAAC;IAED,OAAO;QACL,iBAAiB;QACjB,QAAQ,EAAE,0BAA0B,CAAC,SAAS,CAAC;QAC/C,GAAG,uCAAuC,CACxC,kBAAkB,EAClB,oBAAoB,CACrB;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,mCAAmC,CAChD,SAAiB,EACjB,IAAY,EACZ,aAAiC,EACjC,OAA4B,EAC5B,UAA0B,EAC1B,MAAc;IAEd,4BAA4B;IAC5B,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAExC,mDAAmD;IACnD,MAAM,KAAK,GAAG,IAAI,wBAAU,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAEnD,8DAA8D;IAC9D,OAAO,GAAG,MAAM,CAAC,MAAM,CACrB,EAAE,YAAY,EAAE,eAAe,EAAE,EACjC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,EACtC,OAAO,CACR,CAAC;IACF,MAAM,QAAQ,GAAG,MAAM,IAAI,OAAO,CAAkB,CAAC,OAAO,EAAE,EAAE,CAC9D,wBAAK,CAAC,GAAG,CACP,SAAS,EACT;QACE,OAAO;QACP,uDAAuD;QACvD,aAAa,EAAE,sCAA8B;QAC7C,2CAA2C;QAC3C,KAAK;KACuB,EAC9B,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAClB,CACF,CAAC;IAEF,IAAI,QAAQ,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CACb,yCAAyC,SAAS,uBAAuB,QAAQ,CAAC,UAAU,GAAG,CAChG,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;AAC9D,CAAC;AAED,8FAA8F;AAC9F,SAAgB,qBAAqB,CAAC,OAAe;IACnD,OAAO,IAAI,CAAC,IAAI,CACd,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,EACxC,mBAAmB,EACnB,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,OAAO,EAChC,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,CAChB,CAAC;AACJ,CAAC;AAED,SAAgB,wBAAwB,CACtC,aAAqB,EACrB,MAAc;IAEd,MAAM,cAAc,GAAG,GAAG,aAAa,WAAW,CAAC;IACnD,EAAE,CAAC,aAAa,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;IACrC,MAAM,CAAC,IAAI,CAAC,iCAAiC,cAAc,EAAE,CAAC,CAAC;AACjE,CAAC;AAED,SAAS,0BAA0B,CAAC,GAAW;IAC7C,OAAO,CAAC,sBAAsB,EAAE,kCAAkC,CAAC,CAAC,IAAI,CACtE,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,sBAAsB,IAAI,qBAAqB,CAAC,CAC1E;QACC,CAAC,CAAC,GAAG;QACL,CAAC,CAAC,iBAAiB,CAAC;AACxB,CAAC"}
|
||||
{"version":3,"file":"tools-download.js","sourceRoot":"","sources":["../src/tools-download.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAkFA,gDAkGC;AA8CD,sDAOC;AAED,4DAOC;AAlPD,uCAAyB;AAEzB,uCAAyB;AACzB,2CAA6B;AAC7B,2CAAyC;AAEzC,oDAAsC;AACtC,sDAAkD;AAClD,+DAAiD;AACjD,uDAAyC;AACzC,+CAAiC;AAEjC,uCAAmD;AACnD,2CAA6B;AAC7B,iCAA2E;AAE3E;;GAEG;AACU,QAAA,8BAA8B,GAAG,CAAC,GAAG,IAAI,GAAG,IAAI,CAAC,CAAC,QAAQ;AAEvE;;GAEG;AACH,MAAM,mBAAmB,GAAG,QAAQ,CAAC;AAarC,SAAS,uCAAuC,CAC9C,kBAA0B,EAC1B,oBAA4B;IAE5B,OAAO;QACL,kBAAkB,EAAE,kBAAkB,GAAG,oBAAoB;QAC7D,kBAAkB;QAClB,oBAAoB;QACpB,gBAAgB,EAAE,KAAK;KACxB,CAAC;AACJ,CAAC;AAaD,SAAS,kCAAkC,CACzC,kBAA0B;IAE1B,OAAO;QACL,kBAAkB;QAClB,kBAAkB,EAAE,SAAS;QAC7B,oBAAoB,EAAE,SAAS;QAC/B,gBAAgB,EAAE,IAAI;KACvB,CAAC;AACJ,CAAC;AAaM,KAAK,UAAU,kBAAkB,CACtC,SAAiB,EACjB,iBAAwC,EACxC,IAAY,EACZ,aAAiC,EACjC,OAA4B,EAC5B,UAAsC,EACtC,MAAc;IAEd,MAAM,CAAC,IAAI,CACT,iCAAiC,SAAS,2BAA2B,CACtE,CAAC;IAEF,IAAI,CAAC;QACH,IAAI,iBAAiB,KAAK,MAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE,CAAC;YACjE,MAAM,CAAC,IAAI,CAAC,gDAAgD,CAAC,CAAC;YAE9D,MAAM,iBAAiB,GAAG,wBAAW,CAAC,GAAG,EAAE,CAAC;YAC5C,MAAM,mCAAmC,CACvC,SAAS,EACT,IAAI,EACJ,aAAa,EACb,OAAO,EACP,UAAW,EACX,MAAM,CACP,CAAC;YAEF,MAAM,kBAAkB,GAAG,IAAI,CAAC,KAAK,CACnC,wBAAW,CAAC,GAAG,EAAE,GAAG,iBAAiB,CACtC,CAAC;YACF,MAAM,CAAC,IAAI,CACT,wDAAwD,IAAI,KAAK,IAAA,wBAAc,EAC7E,kBAAkB,CACnB,IAAI,CACN,CAAC;YAEF,OAAO;gBACL,iBAAiB;gBACjB,QAAQ,EAAE,0BAA0B,CAAC,SAAS,CAAC;gBAC/C,GAAG,kCAAkC,CAAC,kBAAkB,CAAC;aAC1D,CAAC;QACJ,CAAC;IACH,CAAC;IAAC,OAAO,CAAC,EAAE,CAAC;QACX,IAAI,CAAC,OAAO,CACV,4EAA4E,IAAA,sBAAe,EAAC,CAAC,CAAC,EAAE,CACjG,CAAC;QACF,IAAI,CAAC,OAAO,CAAC,2DAA2D,CAAC,CAAC;QAE1E,gFAAgF;QAChF,uBAAuB;QACvB,MAAM,IAAA,kBAAW,EAAC,IAAI,EAAE,eAAe,EAAE,MAAM,CAAC,CAAC;IACnD,CAAC;IAED,MAAM,kBAAkB,GAAG,wBAAW,CAAC,GAAG,EAAE,CAAC;IAC7C,MAAM,kBAAkB,GAAG,MAAM,SAAS,CAAC,YAAY,CACrD,SAAS,EACT,SAAS,EACT,aAAa,EACb,OAAO,CACR,CAAC;IACF,MAAM,kBAAkB,GAAG,IAAI,CAAC,KAAK,CAAC,wBAAW,CAAC,GAAG,EAAE,GAAG,kBAAkB,CAAC,CAAC;IAE9E,MAAM,CAAC,IAAI,CACT,yCAAyC,kBAAkB,KAAK,IAAA,wBAAc,EAC5E,kBAAkB,CACnB,IAAI,CACN,CAAC;IAEF,IAAI,oBAA4B,CAAC;IAEjC,IAAI,CAAC;QACH,MAAM,CAAC,IAAI,CAAC,2BAA2B,CAAC,CAAC;QACzC,MAAM,eAAe,GAAG,wBAAW,CAAC,GAAG,EAAE,CAAC;QAC1C,MAAM,GAAG,CAAC,OAAO,CACf,kBAAkB,EAClB,IAAI,EACJ,iBAAiB,EACjB,UAAU,EACV,MAAM,CACP,CAAC;QACF,oBAAoB,GAAG,IAAI,CAAC,KAAK,CAAC,wBAAW,CAAC,GAAG,EAAE,GAAG,eAAe,CAAC,CAAC;QACvE,MAAM,CAAC,IAAI,CACT,wCAAwC,IAAI,KAAK,IAAA,wBAAc,EAC7D,oBAAoB,CACrB,IAAI,CACN,CAAC;IACJ,CAAC;YAAS,CAAC;QACT,MAAM,IAAA,kBAAW,EAAC,kBAAkB,EAAE,uBAAuB,EAAE,MAAM,CAAC,CAAC;IACzE,CAAC;IAED,OAAO;QACL,iBAAiB;QACjB,QAAQ,EAAE,0BAA0B,CAAC,SAAS,CAAC;QAC/C,GAAG,uCAAuC,CACxC,kBAAkB,EAClB,oBAAoB,CACrB;KACF,CAAC;AACJ,CAAC;AAED,KAAK,UAAU,mCAAmC,CAChD,SAAiB,EACjB,IAAY,EACZ,aAAiC,EACjC,OAA4B,EAC5B,UAA0B,EAC1B,MAAc;IAEd,4BAA4B;IAC5B,EAAE,CAAC,SAAS,CAAC,IAAI,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAExC,mDAAmD;IACnD,MAAM,KAAK,GAAG,IAAI,wBAAU,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC;IAEnD,8DAA8D;IAC9D,OAAO,GAAG,MAAM,CAAC,MAAM,CACrB,EAAE,YAAY,EAAE,eAAe,EAAE,EACjC,aAAa,CAAC,CAAC,CAAC,EAAE,aAAa,EAAE,CAAC,CAAC,CAAC,EAAE,EACtC,OAAO,CACR,CAAC;IACF,MAAM,QAAQ,GAAG,MAAM,IAAI,OAAO,CAAkB,CAAC,OAAO,EAAE,EAAE,CAC9D,wBAAK,CAAC,GAAG,CACP,SAAS,EACT;QACE,OAAO;QACP,uDAAuD;QACvD,aAAa,EAAE,sCAA8B;QAC7C,2CAA2C;QAC3C,KAAK;KACuB,EAC9B,CAAC,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,CAAC,CAAC,CAClB,CACF,CAAC;IAEF,IAAI,QAAQ,CAAC,UAAU,KAAK,GAAG,EAAE,CAAC;QAChC,MAAM,IAAI,KAAK,CACb,yCAAyC,SAAS,uBAAuB,QAAQ,CAAC,UAAU,GAAG,CAChG,CAAC;IACJ,CAAC;IAED,MAAM,GAAG,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,CAAC,CAAC;AAC9D,CAAC;AAED,8FAA8F;AAC9F,SAAgB,qBAAqB,CAAC,OAAe;IACnD,OAAO,IAAI,CAAC,IAAI,CACd,IAAA,0BAAmB,EAAC,mBAAmB,CAAC,EACxC,mBAAmB,EACnB,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,OAAO,EAChC,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,CAChB,CAAC;AACJ,CAAC;AAED,SAAgB,wBAAwB,CACtC,aAAqB,EACrB,MAAc;IAEd,MAAM,cAAc,GAAG,GAAG,aAAa,WAAW,CAAC;IACnD,EAAE,CAAC,aAAa,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;IACrC,MAAM,CAAC,IAAI,CAAC,iCAAiC,cAAc,EAAE,CAAC,CAAC;AACjE,CAAC;AAED,SAAS,0BAA0B,CAAC,GAAW;IAC7C,OAAO,CAAC,sBAAsB,EAAE,kCAAkC,CAAC,CAAC,IAAI,CACtE,CAAC,IAAI,EAAE,EAAE,CAAC,GAAG,CAAC,UAAU,CAAC,sBAAsB,IAAI,qBAAqB,CAAC,CAC1E;QACC,CAAC,CAAC,GAAG;QACL,CAAC,CAAC,iBAAiB,CAAC;AACxB,CAAC"}
|
||||
9
node_modules/.package-lock.json
generated
vendored
9
node_modules/.package-lock.json
generated
vendored
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "codeql",
|
||||
"version": "3.28.2",
|
||||
"version": "3.28.3",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
@@ -7568,9 +7568,10 @@
|
||||
}
|
||||
},
|
||||
"node_modules/undici": {
|
||||
"version": "5.28.4",
|
||||
"resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz",
|
||||
"integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==",
|
||||
"version": "5.28.5",
|
||||
"resolved": "https://registry.npmjs.org/undici/-/undici-5.28.5.tgz",
|
||||
"integrity": "sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@fastify/busboy": "^2.0.0"
|
||||
},
|
||||
|
||||
10
node_modules/undici/lib/fetch/body.js
generated
vendored
10
node_modules/undici/lib/fetch/body.js
generated
vendored
@@ -22,6 +22,14 @@ const { isUint8Array, isArrayBuffer } = require('util/types')
|
||||
const { File: UndiciFile } = require('./file')
|
||||
const { parseMIMEType, serializeAMimeType } = require('./dataURL')
|
||||
|
||||
let random
|
||||
try {
|
||||
const crypto = require('node:crypto')
|
||||
random = (max) => crypto.randomInt(0, max)
|
||||
} catch {
|
||||
random = (max) => Math.floor(Math.random(max))
|
||||
}
|
||||
|
||||
let ReadableStream = globalThis.ReadableStream
|
||||
|
||||
/** @type {globalThis['File']} */
|
||||
@@ -107,7 +115,7 @@ function extractBody (object, keepalive = false) {
|
||||
// Set source to a copy of the bytes held by object.
|
||||
source = new Uint8Array(object.buffer.slice(object.byteOffset, object.byteOffset + object.byteLength))
|
||||
} else if (util.isFormDataLike(object)) {
|
||||
const boundary = `----formdata-undici-0${`${Math.floor(Math.random() * 1e11)}`.padStart(11, '0')}`
|
||||
const boundary = `----formdata-undici-0${`${random(1e11)}`.padStart(11, '0')}`
|
||||
const prefix = `--${boundary}\r\nContent-Disposition: form-data`
|
||||
|
||||
/*! formdata-polyfill. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> */
|
||||
|
||||
2
node_modules/undici/package.json
generated
vendored
2
node_modules/undici/package.json
generated
vendored
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "undici",
|
||||
"version": "5.28.4",
|
||||
"version": "5.28.5",
|
||||
"description": "An HTTP/1.1 client, written from scratch for Node.js",
|
||||
"homepage": "https://undici.nodejs.org",
|
||||
"bugs": {
|
||||
|
||||
11
package-lock.json
generated
11
package-lock.json
generated
@@ -1,12 +1,12 @@
|
||||
{
|
||||
"name": "codeql",
|
||||
"version": "3.28.2",
|
||||
"version": "3.28.3",
|
||||
"lockfileVersion": 3,
|
||||
"requires": true,
|
||||
"packages": {
|
||||
"": {
|
||||
"name": "codeql",
|
||||
"version": "3.28.2",
|
||||
"version": "3.28.3",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@actions/artifact": "^2.1.9",
|
||||
@@ -7636,9 +7636,10 @@
|
||||
}
|
||||
},
|
||||
"node_modules/undici": {
|
||||
"version": "5.28.4",
|
||||
"resolved": "https://registry.npmjs.org/undici/-/undici-5.28.4.tgz",
|
||||
"integrity": "sha512-72RFADWFqKmUb2hmmvNODKL3p9hcB6Gt2DOQMis1SEBaV6a4MH8soBvzg+95CYhCKPFedut2JY9bMfrDl9D23g==",
|
||||
"version": "5.28.5",
|
||||
"resolved": "https://registry.npmjs.org/undici/-/undici-5.28.5.tgz",
|
||||
"integrity": "sha512-zICwjrDrcrUE0pyyJc1I2QzBkLM8FINsgOrt6WjA+BgajVq9Nxu2PbFFXUrAggLfDXlZGZBVZYw7WNV5KiBiBA==",
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@fastify/busboy": "^2.0.0"
|
||||
},
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "codeql",
|
||||
"version": "3.28.2",
|
||||
"version": "3.28.3",
|
||||
"private": true,
|
||||
"description": "CodeQL action",
|
||||
"scripts": {
|
||||
|
||||
@@ -242,6 +242,9 @@ export async function uploadDebugArtifacts(
|
||||
if (toUpload.length === 0) {
|
||||
return;
|
||||
}
|
||||
logger.info("Uploading debug artifacts is temporarily disabled");
|
||||
return;
|
||||
|
||||
let suffix = "";
|
||||
const matrix = getRequiredInput("matrix");
|
||||
if (matrix) {
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"bundleVersion": "codeql-bundle-v2.20.1",
|
||||
"cliVersion": "2.20.1",
|
||||
"priorBundleVersion": "codeql-bundle-v2.20.0",
|
||||
"priorCliVersion": "2.20.0"
|
||||
"bundleVersion": "codeql-bundle-v2.20.2",
|
||||
"cliVersion": "2.20.2",
|
||||
"priorBundleVersion": "codeql-bundle-v2.20.1",
|
||||
"priorCliVersion": "2.20.1"
|
||||
}
|
||||
|
||||
@@ -39,12 +39,21 @@ export const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
|
||||
|
||||
const CODEQL_BUNDLE_VERSION_ALIAS: string[] = ["linked", "latest"];
|
||||
|
||||
function getCodeQLBundleExtension(useZstd: boolean): string {
|
||||
return useZstd ? ".tar.zst" : ".tar.gz";
|
||||
function getCodeQLBundleExtension(
|
||||
compressionMethod: tar.CompressionMethod,
|
||||
): string {
|
||||
switch (compressionMethod) {
|
||||
case "gzip":
|
||||
return ".tar.gz";
|
||||
case "zstd":
|
||||
return ".tar.zst";
|
||||
default:
|
||||
util.assertNever(compressionMethod);
|
||||
}
|
||||
}
|
||||
|
||||
function getCodeQLBundleName(useZstd: boolean): string {
|
||||
const extension = getCodeQLBundleExtension(useZstd);
|
||||
function getCodeQLBundleName(compressionMethod: tar.CompressionMethod): string {
|
||||
const extension = getCodeQLBundleExtension(compressionMethod);
|
||||
|
||||
let platform: string;
|
||||
if (process.platform === "win32") {
|
||||
@@ -76,7 +85,7 @@ export function getCodeQLActionRepository(logger: Logger): string {
|
||||
async function getCodeQLBundleDownloadURL(
|
||||
tagName: string,
|
||||
apiDetails: api.GitHubApiDetails,
|
||||
useZstd: boolean,
|
||||
compressionMethod: tar.CompressionMethod,
|
||||
logger: Logger,
|
||||
): Promise<string> {
|
||||
const codeQLActionRepository = getCodeQLActionRepository(logger);
|
||||
@@ -95,7 +104,7 @@ async function getCodeQLBundleDownloadURL(
|
||||
return !self.slice(0, index).some((other) => deepEqual(source, other));
|
||||
},
|
||||
);
|
||||
const codeQLBundleName = getCodeQLBundleName(useZstd);
|
||||
const codeQLBundleName = getCodeQLBundleName(compressionMethod);
|
||||
for (const downloadSource of uniqueDownloadSources) {
|
||||
const [apiURL, repository] = downloadSource;
|
||||
// If we've reached the final case, short-circuit the API check since we know the bundle exists and is public.
|
||||
@@ -115,14 +124,14 @@ async function getCodeQLBundleDownloadURL(
|
||||
for (const asset of release.data.assets) {
|
||||
if (asset.name === codeQLBundleName) {
|
||||
logger.info(
|
||||
`Found CodeQL bundle in ${downloadSource[1]} on ${downloadSource[0]} with URL ${asset.url}.`,
|
||||
`Found CodeQL bundle ${codeQLBundleName} in ${repository} on ${apiURL} with URL ${asset.url}.`,
|
||||
);
|
||||
return asset.url;
|
||||
}
|
||||
}
|
||||
} catch (e) {
|
||||
logger.info(
|
||||
`Looked for CodeQL bundle in ${downloadSource[1]} on ${downloadSource[0]} but got error ${e}.`,
|
||||
`Looked for CodeQL bundle ${codeQLBundleName} in ${repository} on ${apiURL} but got error ${e}.`,
|
||||
);
|
||||
}
|
||||
}
|
||||
@@ -198,6 +207,7 @@ export function convertToSemVer(version: string, logger: Logger): string {
|
||||
type CodeQLToolsSource =
|
||||
| {
|
||||
codeqlTarPath: string;
|
||||
compressionMethod: tar.CompressionMethod;
|
||||
sourceType: "local";
|
||||
/** Human-readable description of the source of the tools for telemetry purposes. */
|
||||
toolsVersion: "local";
|
||||
@@ -213,6 +223,7 @@ type CodeQLToolsSource =
|
||||
bundleVersion?: string;
|
||||
/** CLI version of the tools, if known. */
|
||||
cliVersion?: string;
|
||||
compressionMethod: tar.CompressionMethod;
|
||||
codeqlURL: string;
|
||||
sourceType: "download";
|
||||
/** Human-readable description of the source of the tools for telemetry purposes. */
|
||||
@@ -272,8 +283,16 @@ export async function getCodeQLSource(
|
||||
!toolsInput.startsWith("http")
|
||||
) {
|
||||
logger.info(`Using CodeQL CLI from local path ${toolsInput}`);
|
||||
const compressionMethod = tar.inferCompressionMethod(toolsInput);
|
||||
if (compressionMethod === undefined) {
|
||||
throw new util.ConfigurationError(
|
||||
`Could not infer compression method from path ${toolsInput}. Please specify a path ` +
|
||||
"ending in '.tar.gz' or '.tar.zst'.",
|
||||
);
|
||||
}
|
||||
return {
|
||||
codeqlTarPath: toolsInput,
|
||||
compressionMethod,
|
||||
sourceType: "local",
|
||||
toolsVersion: "local",
|
||||
};
|
||||
@@ -455,14 +474,30 @@ export async function getCodeQLSource(
|
||||
}
|
||||
}
|
||||
|
||||
let compressionMethod: tar.CompressionMethod;
|
||||
|
||||
if (!url) {
|
||||
compressionMethod =
|
||||
cliVersion !== undefined &&
|
||||
(await useZstdBundle(cliVersion, tarSupportsZstd))
|
||||
? "zstd"
|
||||
: "gzip";
|
||||
|
||||
url = await getCodeQLBundleDownloadURL(
|
||||
tagName!,
|
||||
apiDetails,
|
||||
cliVersion !== undefined &&
|
||||
(await useZstdBundle(cliVersion, tarSupportsZstd)),
|
||||
compressionMethod,
|
||||
logger,
|
||||
);
|
||||
} else {
|
||||
const method = tar.inferCompressionMethod(url);
|
||||
if (method === undefined) {
|
||||
throw new util.ConfigurationError(
|
||||
`Could not infer compression method from URL ${url}. Please specify a URL ` +
|
||||
"ending in '.tar.gz' or '.tar.zst'.",
|
||||
);
|
||||
}
|
||||
compressionMethod = method;
|
||||
}
|
||||
|
||||
if (cliVersion) {
|
||||
@@ -474,6 +509,7 @@ export async function getCodeQLSource(
|
||||
bundleVersion: tagName && tryGetBundleVersionFromTagName(tagName, logger),
|
||||
cliVersion,
|
||||
codeqlURL: url,
|
||||
compressionMethod,
|
||||
sourceType: "download",
|
||||
toolsVersion: cliVersion ?? humanReadableVersion,
|
||||
};
|
||||
@@ -504,6 +540,7 @@ export async function tryGetFallbackToolcacheVersion(
|
||||
// be able to stub this function and have other functions in this file use that stub.
|
||||
export const downloadCodeQL = async function (
|
||||
codeqlURL: string,
|
||||
compressionMethod: tar.CompressionMethod,
|
||||
maybeBundleVersion: string | undefined,
|
||||
maybeCliVersion: string | undefined,
|
||||
apiDetails: api.GitHubApiDetails,
|
||||
@@ -552,6 +589,7 @@ export const downloadCodeQL = async function (
|
||||
|
||||
let statusReport = await downloadAndExtract(
|
||||
codeqlURL,
|
||||
compressionMethod,
|
||||
extractedBundlePath,
|
||||
authorization,
|
||||
{ "User-Agent": "CodeQL Action", ...headers },
|
||||
@@ -714,13 +752,10 @@ export async function setupCodeQLBundle(
|
||||
let toolsSource: ToolsSource;
|
||||
switch (source.sourceType) {
|
||||
case "local": {
|
||||
const compressionMethod = tar.inferCompressionMethod(
|
||||
source.codeqlTarPath,
|
||||
);
|
||||
codeqlFolder = await tar.extract(
|
||||
source.codeqlTarPath,
|
||||
getTempExtractionDir(tempDir),
|
||||
compressionMethod,
|
||||
source.compressionMethod,
|
||||
zstdAvailability.version,
|
||||
logger,
|
||||
);
|
||||
@@ -735,6 +770,7 @@ export async function setupCodeQLBundle(
|
||||
case "download": {
|
||||
const result = await downloadCodeQL(
|
||||
source.codeqlURL,
|
||||
source.compressionMethod,
|
||||
source.bundleVersion,
|
||||
source.cliVersion,
|
||||
apiDetails,
|
||||
|
||||
32
src/tar.ts
32
src/tar.ts
@@ -5,6 +5,7 @@ import * as stream from "stream";
|
||||
import { ToolRunner } from "@actions/exec/lib/toolrunner";
|
||||
import * as io from "@actions/io";
|
||||
import * as toolcache from "@actions/tool-cache";
|
||||
import * as semver from "semver";
|
||||
|
||||
import { CommandInvocationError } from "./actions-util";
|
||||
import { Logger } from "./logging";
|
||||
@@ -68,13 +69,23 @@ export async function isZstdAvailable(
|
||||
switch (type) {
|
||||
case "gnu":
|
||||
return {
|
||||
available: foundZstdBinary && version >= MIN_REQUIRED_GNU_TAR_VERSION,
|
||||
available:
|
||||
foundZstdBinary &&
|
||||
// GNU tar only uses major and minor version numbers
|
||||
semver.gte(
|
||||
semver.coerce(version)!,
|
||||
semver.coerce(MIN_REQUIRED_GNU_TAR_VERSION)!,
|
||||
),
|
||||
foundZstdBinary,
|
||||
version: tarVersion,
|
||||
};
|
||||
case "bsd":
|
||||
return {
|
||||
available: foundZstdBinary && version >= MIN_REQUIRED_BSD_TAR_VERSION,
|
||||
available:
|
||||
foundZstdBinary &&
|
||||
// Do a loose comparison since these version numbers don't contain
|
||||
// a patch version number.
|
||||
semver.gte(version, MIN_REQUIRED_BSD_TAR_VERSION),
|
||||
foundZstdBinary,
|
||||
version: tarVersion,
|
||||
};
|
||||
@@ -202,9 +213,18 @@ export async function extractTarZst(
|
||||
}
|
||||
}
|
||||
|
||||
export function inferCompressionMethod(tarPath: string): CompressionMethod {
|
||||
if (tarPath.endsWith(".tar.gz")) {
|
||||
return "gzip";
|
||||
const KNOWN_EXTENSIONS: Record<string, CompressionMethod> = {
|
||||
"tar.gz": "gzip",
|
||||
"tar.zst": "zstd",
|
||||
};
|
||||
|
||||
export function inferCompressionMethod(
|
||||
tarPath: string,
|
||||
): CompressionMethod | undefined {
|
||||
for (const [ext, method] of Object.entries(KNOWN_EXTENSIONS)) {
|
||||
if (tarPath.endsWith(`.${ext}`)) {
|
||||
return method;
|
||||
}
|
||||
}
|
||||
return "zstd";
|
||||
return undefined;
|
||||
}
|
||||
|
||||
@@ -82,6 +82,7 @@ export type ToolsDownloadStatusReport = {
|
||||
|
||||
export async function downloadAndExtract(
|
||||
codeqlURL: string,
|
||||
compressionMethod: tar.CompressionMethod,
|
||||
dest: string,
|
||||
authorization: string | undefined,
|
||||
headers: OutgoingHttpHeaders,
|
||||
@@ -92,8 +93,6 @@ export async function downloadAndExtract(
|
||||
`Downloading CodeQL tools from ${codeqlURL} . This may take a while.`,
|
||||
);
|
||||
|
||||
const compressionMethod = tar.inferCompressionMethod(codeqlURL);
|
||||
|
||||
try {
|
||||
if (compressionMethod === "zstd" && process.platform === "linux") {
|
||||
logger.info(`Streaming the extraction of the CodeQL bundle.`);
|
||||
|
||||
Reference in New Issue
Block a user