DO NOT MERGE example of invalid configuration

.github/codeql/codeql-config.yml

@@ -1,4 +1,4 @@
-name: "CodeQL config"
+name: 1
 queries: 
   - name: Run custom queries
     uses: ./queries
@@ -11,4 +11,3 @@ queries:
   - uses: security-and-quality
 paths-ignore:
   - tests
-  - lib

.github/pull_request_template.md

@@ -1,4 +1,7 @@
 ### Merge / deployment checklist
 
+- Run test builds as necessary. Can be on this repository or elsewhere as needed in order to test the change - please include links to tests in other repos!
+  - [ ] CodeQL using init/analyze actions
+  - [ ] 3rd party tool using upload action
 - [ ] Confirm this change is backwards compatible with existing workflows.
 - [ ] Confirm the [readme](https://github.com/github/codeql-action/blob/master/README.md) has been updated if necessary.

.github/workflows/codeql.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v1
       with:
         # Must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head of the pull request.

.github/workflows/integration-testing.yml

@@ -36,7 +36,7 @@ jobs:
           exit 1
         fi
 
-  multi-language-repo_test-custom-queries-and-remote-config:
+  multi-language-repo_test-custom-queries:
     strategy:
       fail-fast: false
       matrix:
@@ -54,7 +54,7 @@ jobs:
     - uses: ./../action/init
       with:
         languages: cpp,csharp,java,javascript,python
-        config-file: github/codeql-action/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }}
+        config-file: ./.github/codeql/custom-queries.yml
     - name: Build code
       shell: bash
       run: ./build.sh
@@ -93,6 +93,7 @@ jobs:
       env:
         TEST_MODE: true
 
+
   multi-language-repo_rubocop:
     runs-on: ubuntu-latest
 
@@ -123,30 +124,3 @@ jobs:
         sarif_file: rubocop.sarif
       env:
         TEST_MODE: true
-
-  test-proxy:
-    runs-on: ubuntu-latest
-    container:
-      image: ubuntu:18.04
-      options: --dns 127.0.0.1
-    services:
-      squid-proxy:
-        image: datadog/squid:latest
-        ports:
-          - 3128:3128
-    env:
-      https_proxy: http://squid-proxy:3128
-    steps:
-    - uses: actions/checkout@v2
-    - name: Move codeql-action
-      shell: bash
-      run: |
-        mkdir ../action
-        mv * .github ../action/
-        mv ../action/tests/multi-language-repo/{*,.github} .
-    - uses: ./../action/init
-      with:
-        languages: javascript
-    - uses: ./../action/analyze
-      env:
-        TEST_MODE: true

.github/workflows/update-release-branch.yml

@@ -7,7 +7,6 @@ on:
     # curl -H "Authorization: Bearer <token>" -X POST https://api.github.com/repos/github/codeql-action/dispatches -d '{"event_type":"update-release-branch"}'
     # Replace <token> with a personal access token from this page: https://github.com/settings/tokens
     types: [update-release-branch]
-  workflow_dispatch:
 
 jobs:
   update:

CONTRIBUTING.md

@@ -10,32 +10,13 @@ Contributions to this project are [released](https://help.github.com/articles/gi
 
 Please note that this project is released with a [Contributor Code of Conduct][code-of-conduct]. By participating in this project you agree to abide by its terms.
 
-## Development and Testing
-
-Before you start, ensure that you have a recent version of node installed. You can see which version of node is used by the action in `init/action.yml`.
-
-### Common tasks
-
-* Transpile the TypeScript to JavaScript: `npm run build`.  Note that the JavaScript files are committed to git.
-* Run tests: `npm run test`.  You’ll need to ensure that the JavaScript files are up-to-date first by running the command above.
-* Run the linter: `npm run lint`.
-
-### Running the action
-
-To see the effect of your changes and to test them, push your changes in a branch and then look at the [Actions output](https://github.com/github/codeql-action/actions) for that branch.  You can also exercise the code locally by running the automated tests.
-
-### Integration tests
-
-As well as the unit tests (see _Common tasks_ above), there are integration tests, defined in `.github/workflows/integration-testing.yml`.  These are run by a CI check.  Depending on the change you’re making, you may want to add a test to this file or extend an existing one.
-
 ## Submitting a pull request
 
 1. [Fork][fork] and clone the repository
 2. Create a new branch: `git checkout -b my-branch-name`
 3. Make your change, add tests, and make sure the tests still pass
 4. Push to your fork and [submit a pull request][pr]
-5. Pat yourself on the back and wait for your pull request to be reviewed and merged.
-If you're a GitHub staff member, you can merge your own PR once it's approved; for external contributors, GitHub staff will merge your PR once it's approved.
+5. Pat your self on the back and wait for your pull request to be reviewed and merged.
 
 Here are a few things you can do that will increase the likelihood of your pull request being accepted:
 

README.md

@@ -26,6 +26,10 @@ on:
 
 jobs:
   CodeQL-Build:
+
+    strategy:
+      fail-fast: false
+
     # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
     runs-on: ubuntu-latest
 

init/action.yml

@@ -5,7 +5,7 @@ inputs:
   tools:
     description: URL of CodeQL tools
     required: false
-    default: https://github.com/github/codeql-action/releases/download/codeql-bundle-20200630/codeql-bundle.tar.gz
+    default: https://github.com/github/codeql-action/releases/download/codeql-bundle-20200601/codeql-bundle.tar.gz
   languages:
     description: The languages to be analysed
     required: false

lib/analysis-paths.js

@@ -8,50 +8,19 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
-function isInterpretedLanguage(language) {
-    return language === 'javascript' || language === 'python';
-}
-// Matches a string containing only characters that are legal to include in paths on windows.
-exports.legalWindowsPathCharactersRegex = /^[^<>:"\|?]*$/;
-// Builds an environment variable suitable for LGTM_INDEX_INCLUDE or LGTM_INDEX_EXCLUDE
-function buildIncludeExcludeEnvVar(paths) {
-    // Ignore anything containing a *
-    paths = paths.filter(p => p.indexOf('*') === -1);
-    // Some characters are illegal in path names in windows
-    if (process.platform === 'win32') {
-        paths = paths.filter(p => p.match(exports.legalWindowsPathCharactersRegex));
-    }
-    return paths.join('\n');
-}
 function includeAndExcludeAnalysisPaths(config, languages) {
-    // The 'LGTM_INDEX_INCLUDE' and 'LGTM_INDEX_EXCLUDE' environment variables
-    // control which files/directories are traversed when scanning.
-    // This allows including files that otherwise would not be scanned, or
-    // excluding and not traversing entire file subtrees.
-    // It does not understand globs or double-globs because that would require it to
-    // traverse the entire file tree to determine which files are matched.
-    // Any paths containing "*" are not included in these.
     if (config.paths.length !== 0) {
-        core.exportVariable('LGTM_INDEX_INCLUDE', buildIncludeExcludeEnvVar(config.paths));
+        core.exportVariable('LGTM_INDEX_INCLUDE', config.paths.join('\n'));
     }
     if (config.pathsIgnore.length !== 0) {
-        core.exportVariable('LGTM_INDEX_EXCLUDE', buildIncludeExcludeEnvVar(config.pathsIgnore));
+        core.exportVariable('LGTM_INDEX_EXCLUDE', config.pathsIgnore.join('\n'));
     }
-    // The 'LGTM_INDEX_FILTERS' environment variable controls which files are
-    // extracted or ignored. It does not control which directories are traversed.
-    // This does understand the glob and double-glob syntax.
-    const filters = [];
-    filters.push(...config.paths.map(p => 'include:' + p));
-    filters.push(...config.pathsIgnore.map(p => 'exclude:' + p));
-    if (filters.length !== 0) {
-        core.exportVariable('LGTM_INDEX_FILTERS', filters.join('\n'));
+    function isInterpretedLanguage(language) {
+        return language === 'javascript' || language === 'python';
     }
-    // Index include/exclude/filters only work in javascript and python.
-    // If any other languages are detected/configured then show a warning.
-    if ((config.paths.length !== 0 ||
-        config.pathsIgnore.length !== 0 ||
-        filters.length !== 0) &&
-        !languages.every(isInterpretedLanguage)) {
+    // Index include/exclude only work in javascript and python
+    // If some other language is detected/configured show a warning
+    if ((config.paths.length !== 0 || config.pathsIgnore.length !== 0) && !languages.every(isInterpretedLanguage)) {
         core.warning('The "paths"/"paths-ignore" fields of the config only have effect for Javascript and Python');
     }
 }

lib/analysis-paths.js.map

@@ -1 +1 @@
-{"version":3,"file":"analysis-paths.js","sourceRoot":"","sources":["../src/analysis-paths.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAItC,SAAS,qBAAqB,CAAC,QAAQ;IACrC,OAAO,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,QAAQ,CAAC;AAC5D,CAAC;AAED,6FAA6F;AAChF,QAAA,+BAA+B,GAAG,eAAe,CAAC;AAE/D,uFAAuF;AACvF,SAAS,yBAAyB,CAAC,KAAe;IAChD,iCAAiC;IACjC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEjD,uDAAuD;IACvD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QAChC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,uCAA+B,CAAC,CAAC,CAAC;KACrE;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,8BAA8B,CAAC,MAA0B,EAAE,SAAmB;IAC5F,0EAA0E;IAC1E,+DAA+D;IAC/D,sEAAsE;IACtE,qDAAqD;IACrD,gFAAgF;IAChF,sEAAsE;IACtE,sDAAsD;IACtD,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,yBAAyB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;KACpF;IACD,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;QACnC,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,yBAAyB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;KAC1F;IAED,yEAAyE;IACzE,6EAA6E;IAC7E,wDAAwD;IACxD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC;IACvD,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC;IAC7D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;QACxB,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;KAC/D;IAED,oEAAoE;IACpE,sEAAsE;IACtE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;QACxB,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;QAC/B,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC;QACvB,CAAC,SAAS,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE;QAC3C,IAAI,CAAC,OAAO,CAAC,4FAA4F,CAAC,CAAC;KAC5G;AACH,CAAC;AAjCD,wEAiCC"}
+{"version":3,"file":"analysis-paths.js","sourceRoot":"","sources":["../src/analysis-paths.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAItC,SAAgB,8BAA8B,CAAC,MAA0B,EAAE,SAAmB;IAC5F,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;KACpE;IAED,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;QACnC,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;KAC1E;IAED,SAAS,qBAAqB,CAAC,QAAQ;QACrC,OAAO,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,QAAQ,CAAC;IAC5D,CAAC;IAED,2DAA2D;IAC3D,+DAA+D;IAC/D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE;QAC7G,IAAI,CAAC,OAAO,CAAC,4FAA4F,CAAC,CAAC;KAC5G;AACH,CAAC;AAlBD,wEAkBC"}

lib/analysis-paths.test.js

@@ -14,21 +14,19 @@ const ava_1 = __importDefault(require("ava"));
 const analysisPaths = __importStar(require("./analysis-paths"));
 const configUtils = __importStar(require("./config-utils"));
 const testing_utils_1 = require("./testing-utils");
-testing_utils_1.setupTests(ava_1.default);
+testing_utils_1.silenceDebugOutput(ava_1.default);
 ava_1.default("emptyPaths", async (t) => {
     let config = new configUtils.Config();
     analysisPaths.includeAndExcludeAnalysisPaths(config, []);
     t.is(process.env['LGTM_INDEX_INCLUDE'], undefined);
     t.is(process.env['LGTM_INDEX_EXCLUDE'], undefined);
-    t.is(process.env['LGTM_INDEX_FILTERS'], undefined);
 });
 ava_1.default("nonEmptyPaths", async (t) => {
     let config = new configUtils.Config();
-    config.paths.push('path1', 'path2', '**/path3');
-    config.pathsIgnore.push('path4', 'path5', 'path6/**');
+    config.paths.push('path1', 'path2');
+    config.pathsIgnore.push('path3', 'path4');
     analysisPaths.includeAndExcludeAnalysisPaths(config, []);
     t.is(process.env['LGTM_INDEX_INCLUDE'], 'path1\npath2');
-    t.is(process.env['LGTM_INDEX_EXCLUDE'], 'path4\npath5');
-    t.is(process.env['LGTM_INDEX_FILTERS'], 'include:path1\ninclude:path2\ninclude:**/path3\nexclude:path4\nexclude:path5\nexclude:path6/**');
+    t.is(process.env['LGTM_INDEX_EXCLUDE'], 'path3\npath4');
 });
 //# sourceMappingURL=analysis-paths.test.js.map

lib/analysis-paths.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,gEAAkD;AAClD,4DAA8C;AAC9C,mDAA2C;AAE3C,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,YAAY,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAC3B,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,aAAa,CAAC,8BAA8B,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,eAAe,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAC9B,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;IAChD,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;IACtD,aAAa,CAAC,8BAA8B,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;IACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;IACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,gGAAgG,CAAC,CAAC;AAC5I,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,gEAAkD;AAClD,4DAA8C;AAC9C,mDAAmD;AAEnD,kCAAkB,CAAC,aAAI,CAAC,CAAC;AAEzB,aAAI,CAAC,YAAY,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAC3B,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,aAAa,CAAC,8BAA8B,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,eAAe,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAC9B,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACpC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1C,aAAa,CAAC,8BAA8B,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;IACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;AAC1D,CAAC,CAAC,CAAC"}

lib/api-client.js

@@ -1,22 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
-const github = __importStar(require("@actions/github"));
-const console_log_level_1 = __importDefault(require("console-log-level"));
-exports.getApiClient = function () {
-    return new github.GitHub(core.getInput('token'), {
-        userAgent: "CodeQL Action",
-        log: console_log_level_1.default({ level: "debug" })
-    });
-};
-//# sourceMappingURL=api-client.js.map

lib/api-client.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAAsC;AACtC,wDAA0C;AAC1C,0EAAgD;AAEnC,QAAA,YAAY,GAAG;IAC1B,OAAO,IAAI,MAAM,CAAC,MAAM,CACtB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EACtB;QACE,SAAS,EAAE,eAAe;QAC1B,GAAG,EAAE,2BAAe,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CAAC;AACP,CAAC,CAAC"}

lib/autobuild.js

@@ -8,7 +8,8 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
-const codeql_1 = require("./codeql");
+const exec = __importStar(require("@actions/exec"));
+const path = __importStar(require("path"));
 const sharedEnv = __importStar(require("./shared-environment"));
 const util = __importStar(require("./util"));
 async function run() {
@@ -32,8 +33,18 @@ async function run() {
             core.warning(`We will only automatically build ${language} code. If you wish to scan ${autobuildLanguages.slice(1).join(' and ')}, you must replace this block with custom build steps.`);
         }
         core.startGroup(`Attempting to automatically build ${language} code`);
-        const codeQL = codeql_1.getCodeQL();
-        await codeQL.runAutobuild(language);
+        // TODO: share config accross actions better via env variables
+        const codeqlCmd = util.getRequiredEnvParam(sharedEnv.CODEQL_ACTION_CMD);
+        const cmdName = process.platform === 'win32' ? 'autobuild.cmd' : 'autobuild.sh';
+        const autobuildCmd = path.join(path.dirname(codeqlCmd), language, 'tools', cmdName);
+        // Update JAVA_TOOL_OPTIONS to contain '-Dhttp.keepAlive=false'
+        // This is because of an issue with Azure pipelines timing out connections after 4 minutes
+        // and Maven not properly handling closed connections
+        // Otherwise long build processes will timeout when pulling down Java packages
+        // https://developercommunity.visualstudio.com/content/problem/292284/maven-hosted-agent-connection-timeout.html
+        let javaToolOptions = process.env['JAVA_TOOL_OPTIONS'] || "";
+        process.env['JAVA_TOOL_OPTIONS'] = [...javaToolOptions.split(/\s+/), '-Dhttp.keepAlive=false', '-Dmaven.wagon.http.pool=false'].join(' ');
+        await exec.exec(autobuildCmd);
         core.endGroup();
     }
     catch (error) {

lib/autobuild.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAEtC,qCAAqC;AACrC,gEAAkD;AAClD,6CAA+B;AAE/B,KAAK,UAAU,GAAG;;IAChB,IAAI;QACF,IAAI,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,EAAE;YACzF,OAAO;SACR;QAED,0CAA0C;QAC1C,mFAAmF;QACnF,oFAAoF;QACpF,4EAA4E;QAC5E,MAAM,kBAAkB,GAAG,OAAA,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,8BAA8B,CAAC,0CAAE,KAAK,CAAC,GAAG,MAAK,EAAE,CAAC;QACnG,MAAM,QAAQ,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;QAEvC,IAAI,CAAC,QAAQ,EAAE;YACb,IAAI,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;YAC7E,OAAO;SACR;QAED,IAAI,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;QAE7D,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE;YACjC,IAAI,CAAC,OAAO,CAAC,oCAAoC,QAAQ,8BAA8B,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,wDAAwD,CAAC,CAAC;SAC3L;QAED,IAAI,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;QACtE,MAAM,MAAM,GAAG,kBAAS,EAAE,CAAC;QAC3B,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAEpC,IAAI,CAAC,QAAQ,EAAE,CAAC;KAEjB;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,kIAAkI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACnK,MAAM,IAAI,CAAC,kBAAkB,CAAC,WAAW,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QACvE,OAAO;KACR;IAED,MAAM,IAAI,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;AAChD,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,GAAG,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,oDAAsC;AACtC,2CAA6B;AAE7B,gEAAkD;AAClD,6CAA+B;AAE/B,KAAK,UAAU,GAAG;;IAChB,IAAI;QACF,IAAI,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,EAAE;YACzF,OAAO;SACR;QAED,0CAA0C;QAC1C,mFAAmF;QACnF,oFAAoF;QACpF,4EAA4E;QAC5E,MAAM,kBAAkB,GAAG,OAAA,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,8BAA8B,CAAC,0CAAE,KAAK,CAAC,GAAG,MAAK,EAAE,CAAC;QACnG,MAAM,QAAQ,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;QAEvC,IAAI,CAAC,QAAQ,EAAE;YACb,IAAI,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;YAC7E,OAAO;SACR;QAED,IAAI,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;QAE7D,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE;YACjC,IAAI,CAAC,OAAO,CAAC,oCAAoC,QAAQ,8BAA8B,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,wDAAwD,CAAC,CAAC;SAC3L;QAED,IAAI,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;QACtE,8DAA8D;QAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAExE,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,cAAc,CAAC;QAChF,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAGpF,+DAA+D;QAC/D,0FAA0F;QAC1F,qDAAqD;QACrD,8EAA8E;QAC9E,gHAAgH;QAChH,IAAI,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,EAAE,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,wBAAwB,EAAE,+BAA+B,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAE1I,MAAM,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9B,IAAI,CAAC,QAAQ,EAAE,CAAC;KAEjB;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,kIAAkI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACnK,MAAM,IAAI,CAAC,kBAAkB,CAAC,WAAW,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QACvE,OAAO;KACR;IAED,MAAM,IAAI,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;AAChD,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,GAAG,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}

lib/codeql.js

@@ -1,184 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
-const exec = __importStar(require("@actions/exec"));
-const toolcache = __importStar(require("@actions/tool-cache"));
-const fs = __importStar(require("fs"));
-const path = __importStar(require("path"));
-const semver = __importStar(require("semver"));
-const util = __importStar(require("./util"));
-/**
- * Environment variable used to store the location of the CodeQL CLI executable.
- * Value is set by setupCodeQL and read by getCodeQL.
- */
-const CODEQL_ACTION_CMD = "CODEQL_ACTION_CMD";
-async function setupCodeQL() {
-    try {
-        const codeqlURL = core.getInput('tools', { required: true });
-        const codeqlURLVersion = getCodeQLURLVersion(codeqlURL);
-        let codeqlFolder = toolcache.find('CodeQL', codeqlURLVersion);
-        if (codeqlFolder) {
-            core.debug(`CodeQL found in cache ${codeqlFolder}`);
-        }
-        else {
-            const codeqlPath = await toolcache.downloadTool(codeqlURL);
-            const codeqlExtracted = await toolcache.extractTar(codeqlPath);
-            codeqlFolder = await toolcache.cacheDir(codeqlExtracted, 'CodeQL', codeqlURLVersion);
-        }
-        let codeqlCmd = path.join(codeqlFolder, 'codeql', 'codeql');
-        if (process.platform === 'win32') {
-            codeqlCmd += ".exe";
-        }
-        else if (process.platform !== 'linux' && process.platform !== 'darwin') {
-            throw new Error("Unsupported plaform: " + process.platform);
-        }
-        core.exportVariable(CODEQL_ACTION_CMD, codeqlCmd);
-        return getCodeQLForCmd(codeqlCmd);
-    }
-    catch (e) {
-        core.error(e);
-        throw new Error("Unable to download and extract CodeQL CLI");
-    }
-}
-exports.setupCodeQL = setupCodeQL;
-function getCodeQLURLVersion(url) {
-    const match = url.match(/\/codeql-bundle-(.*)\//);
-    if (match === null || match.length < 2) {
-        throw new Error(`Malformed tools url: ${url}. Version could not be inferred`);
-    }
-    let version = match[1];
-    if (!semver.valid(version)) {
-        core.debug(`Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`);
-        version = '0.0.0-' + version;
-    }
-    const s = semver.clean(version);
-    if (!s) {
-        throw new Error(`Malformed tools url ${url}. Version should be in SemVer format but have ${version} instead`);
-    }
-    return s;
-}
-exports.getCodeQLURLVersion = getCodeQLURLVersion;
-function getCodeQL() {
-    const codeqlCmd = util.getRequiredEnvParam(CODEQL_ACTION_CMD);
-    return getCodeQLForCmd(codeqlCmd);
-}
-exports.getCodeQL = getCodeQL;
-function getCodeQLForCmd(cmd) {
-    return {
-        getDir: function () {
-            return path.dirname(cmd);
-        },
-        printVersion: async function () {
-            await exec.exec(cmd, [
-                'version',
-                '--format=json'
-            ]);
-        },
-        getTracerEnv: async function (databasePath, compilerSpec) {
-            let envFile = path.resolve(databasePath, 'working', 'env.tmp');
-            const compilerSpecArg = compilerSpec ? ["--compiler-spec=" + compilerSpec] : [];
-            await exec.exec(cmd, [
-                'database',
-                'trace-command',
-                databasePath,
-                ...compilerSpecArg,
-                process.execPath,
-                path.resolve(__dirname, 'tracer-env.js'),
-                envFile
-            ]);
-            return JSON.parse(fs.readFileSync(envFile, 'utf-8'));
-        },
-        databaseInit: async function (databasePath, language, sourceRoot) {
-            await exec.exec(cmd, [
-                'database',
-                'init',
-                databasePath,
-                '--language=' + language,
-                '--source-root=' + sourceRoot,
-            ]);
-        },
-        runAutobuild: async function (language) {
-            const cmdName = process.platform === 'win32' ? 'autobuild.cmd' : 'autobuild.sh';
-            const autobuildCmd = path.join(path.dirname(cmd), language, 'tools', cmdName);
-            // Update JAVA_TOOL_OPTIONS to contain '-Dhttp.keepAlive=false'
-            // This is because of an issue with Azure pipelines timing out connections after 4 minutes
-            // and Maven not properly handling closed connections
-            // Otherwise long build processes will timeout when pulling down Java packages
-            // https://developercommunity.visualstudio.com/content/problem/292284/maven-hosted-agent-connection-timeout.html
-            let javaToolOptions = process.env['JAVA_TOOL_OPTIONS'] || "";
-            process.env['JAVA_TOOL_OPTIONS'] = [...javaToolOptions.split(/\s+/), '-Dhttp.keepAlive=false', '-Dmaven.wagon.http.pool=false'].join(' ');
-            await exec.exec(autobuildCmd);
-        },
-        extractScannedLanguage: async function (databasePath, language) {
-            // Get extractor location
-            let extractorPath = '';
-            await exec.exec(cmd, [
-                'resolve',
-                'extractor',
-                '--format=json',
-                '--language=' + language
-            ], {
-                silent: true,
-                listeners: {
-                    stdout: (data) => { extractorPath += data.toString(); },
-                    stderr: (data) => { process.stderr.write(data); }
-                }
-            });
-            // Set trace command
-            const ext = process.platform === 'win32' ? '.cmd' : '.sh';
-            const traceCommand = path.resolve(JSON.parse(extractorPath), 'tools', 'autobuild' + ext);
-            // Run trace command
-            await exec.exec(cmd, [
-                'database',
-                'trace-command',
-                databasePath,
-                '--',
-                traceCommand
-            ]);
-        },
-        finalizeDatabase: async function (databasePath) {
-            await exec.exec(cmd, [
-                'database',
-                'finalize',
-                databasePath
-            ]);
-        },
-        resolveQueries: async function (queries) {
-            let output = '';
-            await exec.exec(cmd, [
-                'resolve',
-                'queries',
-                ...queries,
-                '--format=bylanguage'
-            ], {
-                listeners: {
-                    stdout: (data) => {
-                        output += data.toString();
-                    }
-                }
-            });
-            return JSON.parse(output);
-        },
-        databaseAnalyze: async function (databasePath, sarifFile, querySuite) {
-            await exec.exec(cmd, [
-                'database',
-                'analyze',
-                util.getMemoryFlag(),
-                util.getThreadsFlag(),
-                databasePath,
-                '--format=sarif-latest',
-                '--output=' + sarifFile,
-                '--no-sarif-add-snippets',
-                querySuite
-            ]);
-        }
-    };
-}
-//# sourceMappingURL=codeql.js.map

lib/codeql.test.js

@@ -1,60 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const toolcache = __importStar(require("@actions/tool-cache"));
-const ava_1 = __importDefault(require("ava"));
-const nock_1 = __importDefault(require("nock"));
-const path = __importStar(require("path"));
-const codeql = __importStar(require("./codeql"));
-const testing_utils_1 = require("./testing-utils");
-const util = __importStar(require("./util"));
-testing_utils_1.setupTests(ava_1.default);
-ava_1.default('download codeql bundle cache', async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        process.env['RUNNER_TEMP'] = path.join(tmpDir, 'temp');
-        process.env['RUNNER_TOOL_CACHE'] = path.join(tmpDir, 'cache');
-        const versions = ['20200601', '20200610'];
-        for (let i = 0; i < versions.length; i++) {
-            const version = versions[i];
-            nock_1.default('https://example.com')
-                .get(`/download/codeql-bundle-${version}/codeql-bundle.tar.gz`)
-                .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle.tar.gz`));
-            process.env['INPUT_TOOLS'] = `https://example.com/download/codeql-bundle-${version}/codeql-bundle.tar.gz`;
-            await codeql.setupCodeQL();
-            t.assert(toolcache.find('CodeQL', `0.0.0-${version}`));
-        }
-        const cachedVersions = toolcache.findAllVersions('CodeQL');
-        t.is(cachedVersions.length, 2);
-    });
-});
-ava_1.default('parse codeql bundle url version', t => {
-    const tests = {
-        '20200601': '0.0.0-20200601',
-        '20200601.0': '0.0.0-20200601.0',
-        '20200601.0.0': '20200601.0.0',
-        '1.2.3': '1.2.3',
-        '1.2.3-alpha': '1.2.3-alpha',
-        '1.2.3-beta.1': '1.2.3-beta.1',
-    };
-    for (const [version, expectedVersion] of Object.entries(tests)) {
-        const url = `https://github.com/.../codeql-bundle-${version}/...`;
-        try {
-            const parsedVersion = codeql.getCodeQLURLVersion(url);
-            t.deepEqual(parsedVersion, expectedVersion);
-        }
-        catch (e) {
-            t.fail(e.message);
-        }
-    }
-});
-//# sourceMappingURL=codeql.test.js.map

lib/codeql.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"codeql.test.js","sourceRoot":"","sources":["../src/codeql.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+DAAiD;AACjD,8CAAuB;AACvB,gDAAwB;AACxB,2CAA6B;AAE7B,iDAAmC;AACnC,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,8BAA8B,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAE7C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QAEnC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,MAAM,CAAC;QAEzC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAE9D,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YACxC,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YAE5B,cAAI,CAAC,qBAAqB,CAAC;iBACxB,GAAG,CAAC,2BAA2B,OAAO,uBAAuB,CAAC;iBAC9D,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,uCAAuC,CAAC,CAAC,CAAC;YAGrF,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,8CAA8C,OAAO,uBAAuB,CAAC;YAE1G,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC;YAE3B,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,OAAO,EAAE,CAAC,CAAC,CAAC;SACxD;QAED,MAAM,cAAc,GAAG,SAAS,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAE3D,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAE1C,MAAM,KAAK,GAAG;QACZ,UAAU,EAAE,gBAAgB;QAC5B,YAAY,EAAE,kBAAkB;QAChC,cAAc,EAAE,cAAc;QAC9B,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,aAAa;QAC5B,cAAc,EAAE,cAAc;KAC/B,CAAC;IAEF,KAAK,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAC9D,MAAM,GAAG,GAAG,wCAAwC,OAAO,MAAM,CAAC;QAElE,IAAI;YACF,MAAM,aAAa,GAAG,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YACtD,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SAC7C;QAAC,OAAO,CAAC,EAAE;YACV,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;SACnB;KACF;AACH,CAAC,CAAC,CAAC"}

lib/config-utils.js

@@ -12,7 +12,6 @@ const io = __importStar(require("@actions/io"));
 const fs = __importStar(require("fs"));
 const yaml = __importStar(require("js-yaml"));
 const path = __importStar(require("path"));
-const api = __importStar(require("./api-client"));
 const util = __importStar(require("./util"));
 const NAME_PROPERTY = 'name';
 const DISPLAY_DEFAULT_QUERIES_PROPERTY = 'disable-default-queries';
@@ -105,52 +104,6 @@ class Config {
     }
 }
 exports.Config = Config;
-// Regex validating stars in paths or paths-ignore entries.
-// The intention is to only allow ** to appear when immediately
-// preceded and followed by a slash.
-const pathStarsRegex = /.*(?:\*\*[^/].*|\*\*$|[^/]\*\*.*)/;
-// Characters that are supported by filters in workflows, but not by us.
-// See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
-const filterPatternCharactersRegex = /.*[\?\+\[\]!].*/;
-// Checks that a paths of paths-ignore entry is valid, possibly modifying it
-// to make it valid, or if not possible then throws an error.
-function validateAndSanitisePath(originalPath, propertyName, configFile) {
-    // Take a copy so we don't modify the original path, so we can still construct error messages
-    let path = originalPath;
-    // All paths are relative to the src root, so strip off leading slashes.
-    while (path.charAt(0) === '/') {
-        path = path.substring(1);
-    }
-    // Trailing ** are redundant, so strip them off
-    if (path.endsWith('/**')) {
-        path = path.substring(0, path.length - 2);
-    }
-    // An empty path is not allowed as it's meaningless
-    if (path === '') {
-        throw new Error(getConfigFilePropertyError(configFile, propertyName, '"' + originalPath + '" is not an invalid path. ' +
-            'It is not necessary to include it, and it is not allowed to exclude it.'));
-    }
-    // Check for illegal uses of **
-    if (path.match(pathStarsRegex)) {
-        throw new Error(getConfigFilePropertyError(configFile, propertyName, '"' + originalPath + '" contains an invalid "**" wildcard. ' +
-            'They must be immediately preceeded and followed by a slash as in "/**/", or come at the start or end.'));
-    }
-    // Check for other regex characters that we don't support.
-    // Output a warning so the user knows, but otherwise continue normally.
-    if (path.match(filterPatternCharactersRegex)) {
-        core.warning(getConfigFilePropertyError(configFile, propertyName, '"' + originalPath + '" contains an unsupported character. ' +
-            'The filter pattern characters ?, +, [, ], ! are not supported and will be matched literally.'));
-    }
-    // Ban any uses of backslash for now.
-    // This may not play nicely with project layouts.
-    // This restriction can be lifted later if we determine they are ok.
-    if (path.indexOf('\\') !== -1) {
-        throw new Error(getConfigFilePropertyError(configFile, propertyName, '"' + originalPath + '" contains an "\\" character. These are not allowed in filters. ' +
-            'If running on windows we recommend using "/" instead for path filters.'));
-    }
-    return path;
-}
-exports.validateAndSanitisePath = validateAndSanitisePath;
 function getNameInvalid(configFile) {
     return getConfigFilePropertyError(configFile, NAME_PROPERTY, 'must be a non-empty string');
 }
@@ -193,24 +146,10 @@ function getConfigFileDoesNotExistErrorMessage(configFile) {
     return 'The configuration file "' + configFile + '" does not exist';
 }
 exports.getConfigFileDoesNotExistErrorMessage = getConfigFileDoesNotExistErrorMessage;
-function getConfigFileRepoFormatInvalidMessage(configFile) {
-    let error = 'The configuration file "' + configFile + '" is not a supported remote file reference.';
-    error += ' Expected format <owner>/<repository>/<file-path>@<ref>';
-    return error;
-}
-exports.getConfigFileRepoFormatInvalidMessage = getConfigFileRepoFormatInvalidMessage;
-function getConfigFileFormatInvalidMessage(configFile) {
-    return 'The configuration file "' + configFile + '" could not be read';
-}
-exports.getConfigFileFormatInvalidMessage = getConfigFileFormatInvalidMessage;
-function getConfigFileDirectoryGivenMessage(configFile) {
-    return 'The configuration file "' + configFile + '" looks like a directory, not a file';
-}
-exports.getConfigFileDirectoryGivenMessage = getConfigFileDirectoryGivenMessage;
 function getConfigFilePropertyError(configFile, property, error) {
     return 'The configuration file "' + configFile + '" is invalid: property "' + property + '" ' + error;
 }
-async function initConfig() {
+function initConfig() {
     let configFile = core.getInput('config-file');
     const config = new Config();
     // If no config file was provided create an empty one
@@ -218,16 +157,18 @@ async function initConfig() {
         core.debug('No configuration file was provided');
         return config;
     }
-    let parsedYAML;
-    if (isLocal(configFile)) {
-        // Treat the config file as relative to the workspace
-        const workspacePath = util.getRequiredEnvParam('GITHUB_WORKSPACE');
-        configFile = path.resolve(workspacePath, configFile);
-        parsedYAML = getLocalConfig(configFile, workspacePath);
+    // Treat the config file as relative to the workspace
+    const workspacePath = util.getRequiredEnvParam('GITHUB_WORKSPACE');
+    configFile = path.resolve(workspacePath, configFile);
+    // Error if the config file is now outside of the workspace
+    if (!(configFile + path.sep).startsWith(workspacePath + path.sep)) {
+        throw new Error(getConfigFileOutsideWorkspaceErrorMessage(configFile));
     }
-    else {
-        parsedYAML = await getRemoteConfig(configFile);
+    // Error if the file does not exist
+    if (!fs.existsSync(configFile)) {
+        throw new Error(getConfigFileDoesNotExistErrorMessage(configFile));
     }
+    const parsedYAML = yaml.safeLoad(fs.readFileSync(configFile, 'utf8'));
     if (NAME_PROPERTY in parsedYAML) {
         if (typeof parsedYAML[NAME_PROPERTY] !== "string") {
             throw new Error(getNameInvalid(configFile));
@@ -262,7 +203,7 @@ async function initConfig() {
             if (typeof path !== "string" || path === '') {
                 throw new Error(getPathsIgnoreInvalid(configFile));
             }
-            config.pathsIgnore.push(validateAndSanitisePath(path, PATHS_IGNORE_PROPERTY, configFile));
+            config.pathsIgnore.push(path);
         });
     }
     if (PATHS_PROPERTY in parsedYAML) {
@@ -273,55 +214,11 @@ async function initConfig() {
             if (typeof path !== "string" || path === '') {
                 throw new Error(getPathsInvalid(configFile));
             }
-            config.paths.push(validateAndSanitisePath(path, PATHS_PROPERTY, configFile));
+            config.paths.push(path);
         });
     }
     return config;
 }
-function isLocal(configPath) {
-    // If the path starts with ./, look locally
-    if (configPath.indexOf("./") === 0) {
-        return true;
-    }
-    return (configPath.indexOf("@") === -1);
-}
-function getLocalConfig(configFile, workspacePath) {
-    // Error if the config file is now outside of the workspace
-    if (!(configFile + path.sep).startsWith(workspacePath + path.sep)) {
-        throw new Error(getConfigFileOutsideWorkspaceErrorMessage(configFile));
-    }
-    // Error if the file does not exist
-    if (!fs.existsSync(configFile)) {
-        throw new Error(getConfigFileDoesNotExistErrorMessage(configFile));
-    }
-    return yaml.safeLoad(fs.readFileSync(configFile, 'utf8'));
-}
-async function getRemoteConfig(configFile) {
-    // retrieve the various parts of the config location, and ensure they're present
-    const format = new RegExp('(?<owner>[^/]+)/(?<repo>[^/]+)/(?<path>[^@]+)@(?<ref>.*)');
-    const pieces = format.exec(configFile);
-    // 5 = 4 groups + the whole expression
-    if (pieces === null || pieces.groups === undefined || pieces.length < 5) {
-        throw new Error(getConfigFileRepoFormatInvalidMessage(configFile));
-    }
-    const response = await api.getApiClient().repos.getContents({
-        owner: pieces.groups.owner,
-        repo: pieces.groups.repo,
-        path: pieces.groups.path,
-        ref: pieces.groups.ref,
-    });
-    let fileContents;
-    if ("content" in response.data && response.data.content !== undefined) {
-        fileContents = response.data.content;
-    }
-    else if (Array.isArray(response.data)) {
-        throw new Error(getConfigFileDirectoryGivenMessage(configFile));
-    }
-    else {
-        throw new Error(getConfigFileFormatInvalidMessage(configFile));
-    }
-    return yaml.safeLoad(Buffer.from(fileContents, 'base64').toString('binary'));
-}
 function getConfigFolder() {
     return util.getRequiredEnvParam('RUNNER_TEMP');
 }
@@ -345,7 +242,7 @@ async function loadConfig() {
         return JSON.parse(configString);
     }
     else {
-        const config = await initConfig();
+        const config = initConfig();
         core.debug('Initialized config:');
         core.debug(JSON.stringify(config));
         await saveConfig(config);

lib/config-utils.test.js

@@ -1,4 +1,7 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 var __importStar = (this && this.__importStar) || function (mod) {
     if (mod && mod.__esModule) return mod;
     var result = {};
@@ -6,20 +9,14 @@ var __importStar = (this && this.__importStar) || function (mod) {
     result["default"] = mod;
     return result;
 };
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-const github = __importStar(require("@actions/github"));
 const ava_1 = __importDefault(require("ava"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const sinon_1 = __importDefault(require("sinon"));
-const api = __importStar(require("./api-client"));
 const configUtils = __importStar(require("./config-utils"));
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
-testing_utils_1.setupTests(ava_1.default);
+testing_utils_1.silenceDebugOutput(ava_1.default);
 function setInput(name, value) {
     // Transformation copied from
     // https://github.com/actions/toolkit/blob/05e39f551d33e1688f61b209ab5cdd335198f1b8/packages/core/src/core.ts#L69
@@ -31,16 +28,6 @@ function setInput(name, value) {
         delete process.env[envVar];
     }
 }
-function mockGetContents(content) {
-    // Passing an auth token is required, so we just use a dummy value
-    let client = new github.GitHub('123');
-    const response = {
-        data: content
-    };
-    const spyGetContents = sinon_1.default.stub(client.repos, "getContents").resolves(response);
-    sinon_1.default.stub(api, "getApiClient").value(() => client);
-    return spyGetContents;
-}
 ava_1.default("load empty config", async (t) => {
     return await util.withTmpDir(async (tmpDir) => {
         process.env['RUNNER_TEMP'] = tmpDir;
@@ -78,21 +65,6 @@ ava_1.default("load input outside of workspace", async (t) => {
         }
     });
 });
-ava_1.default("load non-local input with invalid repo syntax", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        // no filename given, just a repo
-        setInput('config-file', 'octo-org/codeql-config@main');
-        try {
-            await configUtils.loadConfig();
-            throw new Error('loadConfig did not throw error');
-        }
-        catch (err) {
-            t.deepEqual(err, new Error(configUtils.getConfigFileRepoFormatInvalidMessage('octo-org/codeql-config@main')));
-        }
-    });
-});
 ava_1.default("load non-existent input", async (t) => {
     return await util.withTmpDir(async (tmpDir) => {
         process.env['RUNNER_TEMP'] = tmpDir;
@@ -142,65 +114,6 @@ ava_1.default("load non-empty input", async (t) => {
         t.deepEqual(actualConfig, expectedConfig);
     });
 });
-ava_1.default("API client used when reading remote config", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        const inputFileContents = `
-      name: my config
-      disable-default-queries: true
-      queries:
-        - uses: ./
-      paths-ignore:
-        - a
-        - b
-      paths:
-        - c/d`;
-        const dummyResponse = {
-            content: Buffer.from(inputFileContents).toString("base64"),
-        };
-        const spyGetContents = mockGetContents(dummyResponse);
-        setInput('config-file', 'octo-org/codeql-config/config.yaml@main');
-        await configUtils.loadConfig();
-        t.assert(spyGetContents.called);
-    });
-});
-ava_1.default("Remote config handles the case where a directory is provided", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        const dummyResponse = []; // directories are returned as arrays
-        mockGetContents(dummyResponse);
-        const repoReference = 'octo-org/codeql-config/config.yaml@main';
-        setInput('config-file', repoReference);
-        try {
-            await configUtils.loadConfig();
-            throw new Error('loadConfig did not throw error');
-        }
-        catch (err) {
-            t.deepEqual(err, new Error(configUtils.getConfigFileDirectoryGivenMessage(repoReference)));
-        }
-    });
-});
-ava_1.default("Invalid format of remote config handled correctly", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        const dummyResponse = {
-        // note no "content" property here
-        };
-        mockGetContents(dummyResponse);
-        const repoReference = 'octo-org/codeql-config/config.yaml@main';
-        setInput('config-file', repoReference);
-        try {
-            await configUtils.loadConfig();
-            throw new Error('loadConfig did not throw error');
-        }
-        catch (err) {
-            t.deepEqual(err, new Error(configUtils.getConfigFileFormatInvalidMessage(repoReference)));
-        }
-    });
-});
 function doInvalidInputTest(testName, inputFileContents, expectedErrorMessageGenerator) {
     ava_1.default("load invalid input - " + testName, async (t) => {
         return await util.withTmpDir(async (tmpDir) => {
@@ -248,41 +161,4 @@ doInvalidQueryUsesTest("foo@master", c => configUtils.getQueryUsesInvalid(c, "fo
 doInvalidQueryUsesTest("https://github.com/foo/bar@master", c => configUtils.getQueryUsesInvalid(c, "https://github.com/foo/bar@master"));
 doInvalidQueryUsesTest("./foo", c => configUtils.getLocalPathDoesNotExist(c, "foo"));
 doInvalidQueryUsesTest("./..", c => configUtils.getLocalPathOutsideOfRepository(c, ".."));
-const validPaths = [
-    'foo',
-    'foo/',
-    'foo/**',
-    'foo/**/',
-    'foo/**/**',
-    'foo/**/bar/**/baz',
-    '**/',
-    '**/foo',
-    '/foo',
-];
-const invalidPaths = [
-    'a/***/b',
-    'a/**b',
-    'a/b**',
-    '**',
-];
-ava_1.default('path validations', t => {
-    // Dummy values to pass to validateAndSanitisePath
-    const propertyName = 'paths';
-    const configFile = './.github/codeql/config.yml';
-    for (const path of validPaths) {
-        t.truthy(configUtils.validateAndSanitisePath(path, propertyName, configFile));
-    }
-    for (const path of invalidPaths) {
-        t.throws(() => configUtils.validateAndSanitisePath(path, propertyName, configFile));
-    }
-});
-ava_1.default('path sanitisation', t => {
-    // Dummy values to pass to validateAndSanitisePath
-    const propertyName = 'paths';
-    const configFile = './.github/codeql/config.yml';
-    // Valid paths are not modified
-    t.deepEqual(configUtils.validateAndSanitisePath('foo/bar', propertyName, configFile), 'foo/bar');
-    // Trailing stars are stripped
-    t.deepEqual(configUtils.validateAndSanitisePath('foo/**', propertyName, configFile), 'foo/');
-});
 //# sourceMappingURL=config-utils.test.js.map

lib/external-queries.test.js

@@ -17,7 +17,7 @@ const configUtils = __importStar(require("./config-utils"));
 const externalQueries = __importStar(require("./external-queries"));
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
-testing_utils_1.setupTests(ava_1.default);
+testing_utils_1.silenceDebugOutput(ava_1.default);
 ava_1.default("checkoutExternalQueries", async (t) => {
     let config = new configUtils.Config();
     config.externalQueries = [

lib/external-queries.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oEAAsD;AACtD,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IACxC,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,MAAM,CAAC,eAAe,GAAG;QACvB,IAAI,WAAW,CAAC,aAAa,CAAC,kBAAkB,EAAE,0CAA0C,CAAC;KAC9F,CAAC;IAEF,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QACnC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QACpC,MAAM,eAAe,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtD,uFAAuF;QACvF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC/E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oEAAsD;AACtD,mDAAmD;AACnD,6CAA+B;AAE/B,kCAAkB,CAAC,aAAI,CAAC,CAAC;AAEzB,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IACxC,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,MAAM,CAAC,eAAe,GAAG;QACvB,IAAI,WAAW,CAAC,aAAa,CAAC,kBAAkB,EAAE,0CAA0C,CAAC;KAC9F,CAAC;IAEF,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QACnC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QACpC,MAAM,eAAe,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtD,uFAAuF;QACvF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC/E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/finalize-db.js

@@ -8,10 +8,10 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
+const exec = __importStar(require("@actions/exec"));
 const io = __importStar(require("@actions/io"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
 const externalQueries = __importStar(require("./external-queries"));
 const sharedEnv = __importStar(require("./shared-environment"));
@@ -36,30 +36,57 @@ function queryIsDisabled(language, query) {
     return (DISABLED_BUILTIN_QUERIES[language] || [])
         .some(disabledQuery => query.endsWith(disabledQuery));
 }
-async function createdDBForScannedLanguages(databaseFolder) {
+async function createdDBForScannedLanguages(codeqlCmd, databaseFolder) {
     const scannedLanguages = process.env[sharedEnv.CODEQL_ACTION_SCANNED_LANGUAGES];
     if (scannedLanguages) {
-        const codeql = codeql_1.getCodeQL();
         for (const language of scannedLanguages.split(',')) {
             core.startGroup('Extracting ' + language);
-            await codeql.extractScannedLanguage(path.join(databaseFolder, language), language);
+            // Get extractor location
+            let extractorPath = '';
+            await exec.exec(codeqlCmd, ['resolve', 'extractor', '--format=json', '--language=' + language], {
+                silent: true,
+                listeners: {
+                    stdout: (data) => { extractorPath += data.toString(); },
+                    stderr: (data) => { process.stderr.write(data); }
+                }
+            });
+            // Set trace command
+            const ext = process.platform === 'win32' ? '.cmd' : '.sh';
+            const traceCommand = path.resolve(JSON.parse(extractorPath), 'tools', 'autobuild' + ext);
+            // Run trace command
+            await exec.exec(codeqlCmd, ['database', 'trace-command', path.join(databaseFolder, language), '--', traceCommand]);
             core.endGroup();
         }
     }
 }
-async function finalizeDatabaseCreation(databaseFolder) {
-    await createdDBForScannedLanguages(databaseFolder);
+async function finalizeDatabaseCreation(codeqlCmd, databaseFolder) {
+    await createdDBForScannedLanguages(codeqlCmd, databaseFolder);
     const languages = process.env[sharedEnv.CODEQL_ACTION_LANGUAGES] || '';
-    const codeql = codeql_1.getCodeQL();
     for (const language of languages.split(',')) {
         core.startGroup('Finalizing ' + language);
-        await codeql.finalizeDatabase(path.join(databaseFolder, language));
+        await exec.exec(codeqlCmd, ['database', 'finalize', path.join(databaseFolder, language)]);
         core.endGroup();
     }
 }
-async function resolveQueryLanguages(config) {
+async function runResolveQueries(codeqlCmd, queries) {
+    let output = '';
+    const options = {
+        listeners: {
+            stdout: (data) => {
+                output += data.toString();
+            }
+        }
+    };
+    await exec.exec(codeqlCmd, [
+        'resolve',
+        'queries',
+        ...queries,
+        '--format=bylanguage'
+    ], options);
+    return JSON.parse(output);
+}
+async function resolveQueryLanguages(codeqlCmd, config) {
     let res = new Map();
-    const codeql = codeql_1.getCodeQL();
     if (!config.disableDefaultQueries || config.additionalSuites.length !== 0) {
         const suites = [];
         for (const language of await util.getLanguages()) {
@@ -70,7 +97,7 @@ async function resolveQueryLanguages(config) {
                 suites.push(language + '-' + additionalSuite + '.qls');
             }
         }
-        const resolveQueriesOutputObject = await codeql.resolveQueries(suites);
+        const resolveQueriesOutputObject = await runResolveQueries(codeqlCmd, suites);
         for (const [language, queries] of Object.entries(resolveQueriesOutputObject.byLanguage)) {
             if (res[language] === undefined) {
                 res[language] = [];
@@ -79,7 +106,7 @@ async function resolveQueryLanguages(config) {
         }
     }
     if (config.additionalQueries.length !== 0) {
-        const resolveQueriesOutputObject = await codeql.resolveQueries(config.additionalQueries);
+        const resolveQueriesOutputObject = await runResolveQueries(codeqlCmd, config.additionalQueries);
         for (const [language, queries] of Object.entries(resolveQueriesOutputObject.byLanguage)) {
             if (res[language] === undefined) {
                 res[language] = [];
@@ -100,9 +127,8 @@ async function resolveQueryLanguages(config) {
     return res;
 }
 // Runs queries and creates sarif files in the given folder
-async function runQueries(databaseFolder, sarifFolder, config) {
-    const queriesPerLanguage = await resolveQueryLanguages(config);
-    const codeql = codeql_1.getCodeQL();
+async function runQueries(codeqlCmd, databaseFolder, sarifFolder, config) {
+    const queriesPerLanguage = await resolveQueryLanguages(codeqlCmd, config);
     for (let database of fs.readdirSync(databaseFolder)) {
         core.startGroup('Analyzing ' + database);
         const queries = queriesPerLanguage[database] || [];
@@ -116,7 +142,17 @@ async function runQueries(databaseFolder, sarifFolder, config) {
         fs.writeFileSync(querySuite, querySuiteContents);
         core.debug('Query suite file for ' + database + '...\n' + querySuiteContents);
         const sarifFile = path.join(sarifFolder, database + '.sarif');
-        await codeql.databaseAnalyze(path.join(databaseFolder, database), sarifFile, querySuite);
+        await exec.exec(codeqlCmd, [
+            'database',
+            'analyze',
+            util.getMemoryFlag(),
+            util.getThreadsFlag(),
+            path.join(databaseFolder, database),
+            '--format=sarif-latest',
+            '--output=' + sarifFile,
+            '--no-sarif-add-snippets',
+            querySuite
+        ]);
         core.debug('SARIF results for database ' + database + ' created at "' + sarifFile + '"');
         core.endGroup();
     }
@@ -129,14 +165,15 @@ async function run() {
         const config = await configUtils.loadConfig();
         core.exportVariable(sharedEnv.ODASA_TRACER_CONFIGURATION, '');
         delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
+        const codeqlCmd = util.getRequiredEnvParam(sharedEnv.CODEQL_ACTION_CMD);
         const databaseFolder = util.getRequiredEnvParam(sharedEnv.CODEQL_ACTION_DATABASE_DIR);
         const sarifFolder = core.getInput('output');
         await io.mkdirP(sarifFolder);
         core.info('Finalizing database creation');
-        await finalizeDatabaseCreation(databaseFolder);
+        await finalizeDatabaseCreation(codeqlCmd, databaseFolder);
         await externalQueries.checkoutExternalQueries(config);
         core.info('Analyzing database');
-        await runQueries(databaseFolder, sarifFolder, config);
+        await runQueries(codeqlCmd, databaseFolder, sarifFolder, config);
         if ('true' === core.getInput('upload')) {
             if (!await upload_lib.upload(sarifFolder)) {
                 await util.reportActionFailed('finish', 'upload');

lib/fingerprints.test.js

@@ -15,7 +15,7 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const fingerprints = __importStar(require("./fingerprints"));
 const testing_utils_1 = require("./testing-utils");
-testing_utils_1.setupTests(ava_1.default);
+testing_utils_1.silenceDebugOutput(ava_1.default);
 function testHash(t, input, expectedHashes) {
     let index = 0;
     let callback = function (lineNumber, hash) {

lib/setup-tracer.js

@@ -13,8 +13,8 @@ const io = __importStar(require("@actions/io"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const analysisPaths = __importStar(require("./analysis-paths"));
-const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
+const setuptools = __importStar(require("./setup-tools"));
 const sharedEnv = __importStar(require("./shared-environment"));
 const util = __importStar(require("./util"));
 const CRITICAL_TRACER_VARS = new Set(['SEMMLE_PRELOAD_libtrace',
@@ -28,7 +28,12 @@ const CRITICAL_TRACER_VARS = new Set(['SEMMLE_PRELOAD_libtrace',
     'SEMMLE_JAVA_TOOL_OPTIONS'
 ]);
 async function tracerConfig(codeql, database, compilerSpec) {
-    const env = await codeql.getTracerEnv(database, compilerSpec);
+    const compilerSpecArg = compilerSpec ? ["--compiler-spec=" + compilerSpec] : [];
+    let envFile = path.resolve(database, 'working', 'env.tmp');
+    await exec.exec(codeql.cmd, ['database', 'trace-command', database,
+        ...compilerSpecArg,
+        process.execPath, path.resolve(__dirname, 'tracer-env.js'), envFile]);
+    const env = JSON.parse(fs.readFileSync(envFile, 'utf-8'));
     const config = env['ODASA_TRACER_CONFIGURATION'];
     const info = { spec: config, env: {} };
     // Extract critical tracer variables from the environment
@@ -146,8 +151,8 @@ async function run() {
     try {
         const sourceRoot = path.resolve();
         core.startGroup('Setup CodeQL tools');
-        const codeql = await codeql_1.setupCodeQL();
-        await codeql.printVersion();
+        const codeqlSetup = await setuptools.setupCodeQL();
+        await exec.exec(codeqlSetup.cmd, ['version', '--format=json']);
         core.endGroup();
         // Forward Go flags
         const goFlags = process.env['GOFLAGS'];
@@ -166,10 +171,16 @@ async function run() {
         for (let language of languages) {
             const languageDatabase = path.join(databaseFolder, language);
             // Init language database
-            await codeql.databaseInit(languageDatabase, language, sourceRoot);
+            await exec.exec(codeqlSetup.cmd, [
+                'database',
+                'init',
+                languageDatabase,
+                '--language=' + language,
+                '--source-root=' + sourceRoot,
+            ]);
             // TODO: add better detection of 'traced languages' instead of using a hard coded list
             if (['cpp', 'java', 'csharp'].includes(language)) {
-                const config = await tracerConfig(codeql, languageDatabase);
+                const config = await tracerConfig(codeqlSetup, languageDatabase);
                 tracedLanguages[language] = config;
             }
             else {
@@ -185,16 +196,16 @@ async function run() {
                 }
                 core.exportVariable('ODASA_TRACER_CONFIGURATION', mainTracerConfig.spec);
                 if (process.platform === 'darwin') {
-                    core.exportVariable('DYLD_INSERT_LIBRARIES', path.join(codeql.getDir(), 'tools', 'osx64', 'libtrace.dylib'));
+                    core.exportVariable('DYLD_INSERT_LIBRARIES', path.join(codeqlSetup.tools, 'osx64', 'libtrace.dylib'));
                 }
                 else if (process.platform === 'win32') {
                     await exec.exec('powershell', [
                         path.resolve(__dirname, '..', 'src', 'inject-tracer.ps1'),
-                        path.resolve(codeql.getDir(), 'tools', 'win64', 'tracer.exe'),
+                        path.resolve(codeqlSetup.tools, 'win64', 'tracer.exe'),
                     ], { env: { 'ODASA_TRACER_CONFIGURATION': mainTracerConfig.spec } });
                 }
                 else {
-                    core.exportVariable('LD_PRELOAD', path.join(codeql.getDir(), 'tools', 'linux64', '${LIB}trace.so'));
+                    core.exportVariable('LD_PRELOAD', path.join(codeqlSetup.tools, 'linux64', '${LIB}trace.so'));
                 }
             }
         }
@@ -202,6 +213,7 @@ async function run() {
         core.exportVariable(sharedEnv.CODEQL_ACTION_TRACED_LANGUAGES, tracedLanguageKeys.join(','));
         // TODO: make this a "private" environment variable of the action
         core.exportVariable(sharedEnv.CODEQL_ACTION_DATABASE_DIR, databaseFolder);
+        core.exportVariable(sharedEnv.CODEQL_ACTION_CMD, codeqlSetup.cmd);
     }
     catch (error) {
         core.setFailed(error.message);

lib/shared-environment.js

@@ -1,5 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.CODEQL_ACTION_CMD = 'CODEQL_ACTION_CMD';
 exports.CODEQL_ACTION_DATABASE_DIR = 'CODEQL_ACTION_DATABASE_DIR';
 exports.CODEQL_ACTION_LANGUAGES = 'CODEQL_ACTION_LANGUAGES';
 exports.CODEQL_ACTION_ANALYSIS_KEY = 'CODEQL_ACTION_ANALYSIS_KEY';

lib/shared-environment.js.map

@@ -1 +1 @@
-{"version":3,"file":"shared-environment.js","sourceRoot":"","sources":["../src/shared-environment.ts"],"names":[],"mappings":";;AAAa,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,uBAAuB,GAAG,yBAAyB,CAAC;AACpD,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,+BAA+B,GAAG,iCAAiC,CAAC;AACpE,QAAA,8BAA8B,GAAG,gCAAgC,CAAC;AAC/E,wEAAwE;AACxE,2EAA2E;AAC3E,4EAA4E;AAC5E,2EAA2E;AAC3E,+BAA+B;AAClB,QAAA,wBAAwB,GAAG,0BAA0B,CAAC;AACnE,wDAAwD;AAC3C,QAAA,4BAA4B,GAAG,8BAA8B,CAAC"}
+{"version":3,"file":"shared-environment.js","sourceRoot":"","sources":["../src/shared-environment.ts"],"names":[],"mappings":";;AAAa,QAAA,iBAAiB,GAAG,mBAAmB,CAAC;AACxC,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,uBAAuB,GAAG,yBAAyB,CAAC;AACpD,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,+BAA+B,GAAG,iCAAiC,CAAC;AACpE,QAAA,8BAA8B,GAAG,gCAAgC,CAAC;AAC/E,wEAAwE;AACxE,2EAA2E;AAC3E,4EAA4E;AAC5E,2EAA2E;AAC3E,+BAA+B;AAClB,QAAA,wBAAwB,GAAG,0BAA0B,CAAC;AACnE,wDAAwD;AAC3C,QAAA,4BAA4B,GAAG,8BAA8B,CAAC"}

lib/testing-utils.js

@@ -1,9 +1,5 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-const sinon_1 = __importDefault(require("sinon"));
 function wrapOutput(context) {
     // Function signature taken from Socket.write.
     // Note there are two overloads:
@@ -29,7 +25,7 @@ function wrapOutput(context) {
         return true;
     };
 }
-function setupTests(test) {
+function silenceDebugOutput(test) {
     const typedTest = test;
     typedTest.beforeEach(t => {
         t.context.testOutput = "";
@@ -47,9 +43,6 @@ function setupTests(test) {
             process.stdout.write(t.context.testOutput);
         }
     });
-    typedTest.afterEach.always(() => {
-        sinon_1.default.restore();
-    });
 }
-exports.setupTests = setupTests;
+exports.silenceDebugOutput = silenceDebugOutput;
 //# sourceMappingURL=testing-utils.js.map

lib/testing-utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"testing-utils.js","sourceRoot":"","sources":["../src/testing-utils.ts"],"names":[],"mappings":";;;;;AACA,kDAA0B;AAI1B,SAAS,UAAU,CAAC,OAAoB;IACtC,8CAA8C;IAC9C,gCAAgC;IAChC,2EAA2E;IAC3E,2FAA2F;IAC3F,OAAO,CAAC,KAA0B,EAAE,QAAiB,EAAE,EAA0B,EAAW,EAAE;QAC5F,2CAA2C;QAC3C,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,QAAQ,KAAK,UAAU,EAAE;YACtD,EAAE,GAAG,QAAQ,CAAC;YACd,QAAQ,GAAG,SAAS,CAAC;SACtB;QAED,oBAAoB;QACpB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC7B,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;SAC7B;aAAM;YACL,OAAO,CAAC,UAAU,IAAI,IAAI,WAAW,CAAC,QAAQ,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;SAC1E;QAED,iDAAiD;QACjD,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,EAAE,KAAK,UAAU,EAAE;YAChD,EAAE,EAAE,CAAC;SACN;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAED,SAAgB,UAAU,CAAC,IAAwB;IACjD,MAAM,SAAS,GAAG,IAAkC,CAAC;IAErD,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;QACvB,CAAC,CAAC,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC;QAE1B,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QAEpD,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAE7C,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE;YACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;SAC5C;IACH,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE;QAC9B,eAAK,CAAC,OAAO,EAAE,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;AA3BD,gCA2BC"}
+{"version":3,"file":"testing-utils.js","sourceRoot":"","sources":["../src/testing-utils.ts"],"names":[],"mappings":";;AAIA,SAAS,UAAU,CAAC,OAAoB;IACtC,8CAA8C;IAC9C,gCAAgC;IAChC,2EAA2E;IAC3E,2FAA2F;IAC3F,OAAO,CAAC,KAA0B,EAAE,QAAiB,EAAE,EAA0B,EAAW,EAAE;QAC5F,2CAA2C;QAC3C,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,QAAQ,KAAK,UAAU,EAAE;YACtD,EAAE,GAAG,QAAQ,CAAC;YACd,QAAQ,GAAG,SAAS,CAAC;SACtB;QAED,oBAAoB;QACpB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC7B,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;SAC7B;aAAM;YACL,OAAO,CAAC,UAAU,IAAI,IAAI,WAAW,CAAC,QAAQ,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;SAC1E;QAED,iDAAiD;QACjD,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,EAAE,KAAK,UAAU,EAAE;YAChD,EAAE,EAAE,CAAC;SACN;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAED,SAAgB,kBAAkB,CAAC,IAAwB;IACzD,MAAM,SAAS,GAAG,IAAkC,CAAC;IAErD,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;QACvB,CAAC,CAAC,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC;QAE1B,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QAEpD,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAE7C,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE;YACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;SAC5C;IACH,CAAC,CAAC,CAAC;AACL,CAAC;AAvBD,gDAuBC"}

lib/upload-lib.js

@@ -11,12 +11,13 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
+const http = __importStar(require("@actions/http-client"));
+const auth = __importStar(require("@actions/http-client/auth"));
 const file_url_1 = __importDefault(require("file-url"));
 const fs = __importStar(require("fs"));
 const jsonschema = __importStar(require("jsonschema"));
 const path = __importStar(require("path"));
 const zlib_1 = __importDefault(require("zlib"));
-const api = __importStar(require("./api-client"));
 const fingerprints = __importStar(require("./fingerprints"));
 const sharedEnv = __importStar(require("./shared-environment"));
 const util = __importStar(require("./util"));
@@ -50,28 +51,27 @@ async function uploadPayload(payload) {
     if (testMode) {
         return true;
     }
-    const [owner, repo] = util.getRequiredEnvParam("GITHUB_REPOSITORY").split("/");
+    const githubToken = core.getInput('token');
+    const ph = new auth.BearerCredentialHandler(githubToken);
+    const client = new http.HttpClient('Code Scanning : Upload SARIF', [ph]);
+    const url = 'https://api.github.com/repos/' + process.env['GITHUB_REPOSITORY'] + '/code-scanning/analysis';
     // Make up to 4 attempts to upload, and sleep for these
     // number of seconds between each attempt.
     // We don't want to backoff too much to avoid wasting action
     // minutes, but just waiting a little bit could maybe help.
     const backoffPeriods = [1, 5, 15];
     for (let attempt = 0; attempt <= backoffPeriods.length; attempt++) {
-        const response = await api.getApiClient().request("PUT /repos/:owner/:repo/code-scanning/analysis", ({
-            owner: owner,
-            repo: repo,
-            data: payload,
-        }));
-        core.debug('response status: ' + response.status);
-        const statusCode = response.status;
+        const res = await client.put(url, payload);
+        core.debug('response status: ' + res.message.statusCode);
+        const statusCode = res.message.statusCode;
         if (statusCode === 202) {
             core.info("Successfully uploaded results");
             return true;
         }
-        const requestID = response.headers["x-github-request-id"];
+        const requestID = res.message.headers["x-github-request-id"];
         // On any other status code that's not 5xx mark the upload as failed
         if (!statusCode || statusCode < 500 || statusCode >= 600) {
-            core.setFailed('Upload failed (' + requestID + '): (' + statusCode + ') ' + JSON.stringify(response.data));
+            core.setFailed('Upload failed (' + requestID + '): (' + statusCode + ') ' + await res.readBody());
             return false;
         }
         // On a 5xx status code we may retry the request
@@ -79,7 +79,7 @@ async function uploadPayload(payload) {
             // Log the failure as a warning but don't mark the action as failed yet
             core.warning('Upload attempt (' + (attempt + 1) + ' of ' + (backoffPeriods.length + 1) +
                 ') failed (' + requestID + '). Retrying in ' + backoffPeriods[attempt] +
-                ' seconds: (' + statusCode + ') ' + JSON.stringify(response.data));
+                ' seconds: (' + statusCode + ') ' + await res.readBody());
             // Sleep for the backoff period
             await new Promise(r => setTimeout(r, backoffPeriods[attempt] * 1000));
             continue;
@@ -88,7 +88,7 @@ async function uploadPayload(payload) {
             // If the upload fails with 5xx then we assume it is a temporary problem
             // and not an error that the user has caused or can fix.
             // We avoid marking the job as failed to avoid breaking CI workflows.
-            core.error('Upload failed (' + requestID + '): (' + statusCode + ') ' + JSON.stringify(response.data));
+            core.error('Upload failed (' + requestID + '): (' + statusCode + ') ' + await res.readBody());
             return false;
         }
     }

lib/upload-lib.test.js

@@ -13,7 +13,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const ava_1 = __importDefault(require("ava"));
 const testing_utils_1 = require("./testing-utils");
 const uploadLib = __importStar(require("./upload-lib"));
-testing_utils_1.setupTests(ava_1.default);
+testing_utils_1.silenceDebugOutput(ava_1.default);
 ava_1.default('validateSarifFileSchema - valid', t => {
     const inputFile = __dirname + '/../src/testdata/valid-sarif.sarif';
     t.true(uploadLib.validateSarifFileSchema(inputFile));

lib/upload-lib.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"upload-lib.test.js","sourceRoot":"","sources":["../src/upload-lib.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,mDAA2C;AAC3C,wDAA0C;AAE1C,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAC1C,MAAM,SAAS,GAAG,SAAS,GAAG,oCAAoC,CAAC;IACnE,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,mCAAmC,EAAE,CAAC,CAAC,EAAE;IAC5C,MAAM,SAAS,GAAG,SAAS,GAAG,sCAAsC,CAAC;IACrE,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC;IACtD,iFAAiF;IACjF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"upload-lib.test.js","sourceRoot":"","sources":["../src/upload-lib.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,mDAAmD;AACnD,wDAA0C;AAE1C,kCAAkB,CAAC,aAAI,CAAC,CAAC;AAEzB,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAC1C,MAAM,SAAS,GAAG,SAAS,GAAG,oCAAoC,CAAC;IACnE,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,mCAAmC,EAAE,CAAC,CAAC,EAAE;IAC5C,MAAM,SAAS,GAAG,SAAS,GAAG,sCAAsC,CAAC;IACrE,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC;IACtD,iFAAiF;IACjF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC"}

lib/util.js

@@ -6,13 +6,19 @@ var __importStar = (this && this.__importStar) || function (mod) {
     result["default"] = mod;
     return result;
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const exec = __importStar(require("@actions/exec"));
+const http = __importStar(require("@actions/http-client"));
+const auth = __importStar(require("@actions/http-client/auth"));
+const octokit = __importStar(require("@octokit/rest"));
+const console_log_level_1 = __importDefault(require("console-log-level"));
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
-const api = __importStar(require("./api-client"));
 const sharedEnv = __importStar(require("./shared-environment"));
 /**
  * Should the current action be aborted?
@@ -41,7 +47,7 @@ exports.should_abort = should_abort;
  */
 function getRequiredEnvParam(paramName) {
     const value = process.env[paramName];
-    if (value === undefined || value.length === 0) {
+    if (value === undefined) {
         throw new Error(paramName + ' environment variable must be set');
     }
     core.debug(paramName + '=' + value);
@@ -69,7 +75,12 @@ async function getLanguagesInRepo() {
         let owner = repo_nwo[0];
         let repo = repo_nwo[1];
         core.debug(`GitHub repo ${owner} ${repo}`);
-        const response = await api.getApiClient().request("GET /repos/:owner/:repo/languages", ({
+        let ok = new octokit.Octokit({
+            auth: core.getInput('token'),
+            userAgent: "CodeQL Action",
+            log: console_log_level_1.default({ level: "debug" })
+        });
+        const response = await ok.request("GET /repos/:owner/:repo/languages", ({
             owner,
             repo
         }));
@@ -129,28 +140,15 @@ exports.getLanguages = getLanguages;
  * Gets the SHA of the commit that is currently checked out.
  */
 async function getCommitOid() {
-    // Try to use git to get the current commit SHA. If that fails then
-    // log but otherwise silently fall back to using the SHA from the environment.
-    // The only time these two values will differ is during analysis of a PR when
-    // the workflow has changed the current commit to the head commit instead of
-    // the merge commit, which must mean that git is available.
-    // Even if this does go wrong, it's not a huge problem for the alerts to
-    // reported on the merge commit.
-    try {
-        let commitOid = '';
-        await exec.exec('git', ['rev-parse', 'HEAD'], {
-            silent: true,
-            listeners: {
-                stdout: (data) => { commitOid += data.toString(); },
-                stderr: (data) => { process.stderr.write(data); }
-            }
-        });
-        return commitOid.trim();
-    }
-    catch (e) {
-        core.info("Failed to call git to get current commit. Continuing with data from environment: " + e);
-        return getRequiredEnvParam('GITHUB_SHA');
-    }
+    let commitOid = '';
+    await exec.exec('git', ['rev-parse', 'HEAD'], {
+        silent: true,
+        listeners: {
+            stdout: (data) => { commitOid += data.toString(); },
+            stderr: (data) => { process.stderr.write(data); }
+        }
+    });
+    return commitOid.trim();
 }
 exports.getCommitOid = getCommitOid;
 /**
@@ -160,15 +158,19 @@ async function getWorkflowPath() {
     const repo_nwo = getRequiredEnvParam('GITHUB_REPOSITORY').split("/");
     const owner = repo_nwo[0];
     const repo = repo_nwo[1];
-    const run_id = Number(getRequiredEnvParam('GITHUB_RUN_ID'));
-    const apiClient = api.getApiClient();
-    const runsResponse = await apiClient.request('GET /repos/:owner/:repo/actions/runs/:run_id', {
+    const run_id = getRequiredEnvParam('GITHUB_RUN_ID');
+    const ok = new octokit.Octokit({
+        auth: core.getInput('token'),
+        userAgent: "CodeQL Action",
+        log: console_log_level_1.default({ level: 'debug' })
+    });
+    const runsResponse = await ok.request('GET /repos/:owner/:repo/actions/runs/:run_id', {
         owner,
         repo,
         run_id
     });
     const workflowUrl = runsResponse.data.workflow_url;
-    const workflowResponse = await apiClient.request('GET ' + workflowUrl);
+    const workflowResponse = await ok.request('GET ' + workflowUrl);
     return workflowResponse.data.path;
 }
 /**
@@ -228,7 +230,6 @@ async function createStatusReport(actionName, status, cause, exception) {
     }
     const workflowName = process.env['GITHUB_WORKFLOW'] || '';
     const jobName = process.env['GITHUB_JOB'] || '';
-    const analysis_key = await getAnalysisKey();
     const languages = (await getLanguages()).sort().join(',');
     const startedAt = process.env[sharedEnv.CODEQL_ACTION_STARTED_AT] || new Date().toISOString();
     core.exportVariable(sharedEnv.CODEQL_ACTION_STARTED_AT, startedAt);
@@ -236,7 +237,6 @@ async function createStatusReport(actionName, status, cause, exception) {
         workflow_run_id: workflowRunID,
         workflow_name: workflowName,
         job_name: jobName,
-        analysis_key: analysis_key,
         languages: languages,
         commit_oid: commitOid,
         ref: ref,
@@ -252,7 +252,7 @@ async function createStatusReport(actionName, status, cause, exception) {
     if (exception) {
         statusReport.exception = exception;
     }
-    if (status === 'success' || status === 'failure' || status === 'aborted') {
+    if (status === 'success' || status === 'failure') {
         statusReport.completed_at = new Date().toISOString();
     }
     let matrix = core.getInput('matrix');
@@ -264,19 +264,21 @@ async function createStatusReport(actionName, status, cause, exception) {
 /**
  * Send a status report to the code_scanning/analysis/status endpoint.
  *
- * Returns the status code of the response to the status request.
+ * Returns the status code of the response to the status request, or
+ * undefined if the given statusReport is undefined or no response was
+ * received.
  */
 async function sendStatusReport(statusReport) {
+    var _a;
     const statusReportJSON = JSON.stringify(statusReport);
     core.debug('Sending status report: ' + statusReportJSON);
-    const nwo = getRequiredEnvParam("GITHUB_REPOSITORY");
-    const [owner, repo] = nwo.split("/");
-    const statusResponse = await api.getApiClient().request('PUT /repos/:owner/:repo/code-scanning/analysis/status', {
-        owner: owner,
-        repo: repo,
-        data: statusReportJSON,
-    });
-    return statusResponse.status;
+    const githubToken = core.getInput('token');
+    const ph = new auth.BearerCredentialHandler(githubToken);
+    const client = new http.HttpClient('Code Scanning : Status Report', [ph]);
+    const url = 'https://api.github.com/repos/' + process.env['GITHUB_REPOSITORY']
+        + '/code-scanning/analysis/status';
+    const res = await client.put(url, statusReportJSON);
+    return (_a = res.message) === null || _a === void 0 ? void 0 : _a.statusCode;
 }
 /**
  * Send a status report that an action is starting.

lib/util.test.js

@@ -15,7 +15,7 @@ const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
-testing_utils_1.setupTests(ava_1.default);
+testing_utils_1.silenceDebugOutput(ava_1.default);
 ava_1.default('getToolNames', t => {
     const input = fs.readFileSync(__dirname + '/../src/testdata/tool-names.sarif', 'utf8');
     const toolNames = util.getToolNames(input);
@@ -53,12 +53,10 @@ ava_1.default('getThreadsFlag() should return the correct --threads flag', t =>
         t.deepEqual(flag, expectedFlag);
     }
 });
-ava_1.default('getThreadsFlag() throws if the threads input is not an integer', t => {
-    process.env['INPUT_THREADS'] = "hello!";
-    t.throws(util.getThreadsFlag);
-});
-ava_1.default('getRef() throws on the empty string', t => {
-    process.env["GITHUB_REF"] = "";
-    t.throws(util.getRef);
+ava_1.default('getThreadsFlag() throws if the ram input is < 0 or NaN', t => {
+    for (const input of ["hello!"]) {
+        process.env['INPUT_THREADS'] = input;
+        t.throws(util.getThreadsFlag);
+    }
 });
 //# sourceMappingURL=util.test.js.map

lib/util.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"util.test.js","sourceRoot":"","sources":["../src/util.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,uCAAyB;AAEzB,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE;IACvB,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,GAAG,mCAAmC,EAAE,MAAM,CAAC,CAAC;IACvF,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,+BAA+B,EAAE,QAAQ,CAAC,CAAC,CAAC;AACtE,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,sDAAsD,EAAE,CAAC,CAAC,EAAE;IAE/D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC;IAE3D,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,SAAS,QAAQ,GAAG,GAAG,EAAE;QAC7B,KAAK,EAAE,WAAW;KACnB,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAEzD,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;QAEjC,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,uDAAuD,EAAE,CAAC,CAAC,EAAE;IAChE,KAAK,MAAM,KAAK,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE;QACpC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;QACjC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;KAC9B;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,2DAA2D,EAAE,CAAC,CAAC,EAAE;IAEpE,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC;IAEjC,MAAM,KAAK,GAAG;QACZ,GAAG,EAAE,aAAa;QAClB,GAAG,EAAE,aAAa;QAClB,CAAC,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,OAAO,EAAE;QAC1C,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,OAAO,EAAE;KAC7C,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAEzD,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC;QAErC,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACnC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,gEAAgE,EAAE,CAAC,CAAC,EAAE;IACzE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,QAAQ,CAAC;IACxC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;AAChC,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,qCAAqC,EAAE,CAAC,CAAC,EAAE;IAC9C,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC;IAC/B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"util.test.js","sourceRoot":"","sources":["../src/util.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,uCAAyB;AAEzB,mDAAmD;AACnD,6CAA+B;AAE/B,kCAAkB,CAAC,aAAI,CAAC,CAAC;AAEzB,aAAI,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE;IACvB,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,GAAG,mCAAmC,EAAE,MAAM,CAAC,CAAC;IACvF,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,+BAA+B,EAAE,QAAQ,CAAC,CAAC,CAAC;AACtE,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,sDAAsD,EAAE,CAAC,CAAC,EAAE;IAE/D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC;IAE3D,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,SAAS,QAAQ,GAAG,GAAG,EAAE;QAC7B,KAAK,EAAE,WAAW;KACnB,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAEzD,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;QAEjC,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,uDAAuD,EAAE,CAAC,CAAC,EAAE;IAChE,KAAK,MAAM,KAAK,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE;QACpC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;QACjC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;KAC9B;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,2DAA2D,EAAE,CAAC,CAAC,EAAE;IAEpE,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC;IAEjC,MAAM,KAAK,GAAG;QACZ,GAAG,EAAE,aAAa;QAClB,GAAG,EAAE,aAAa;QAClB,CAAC,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,OAAO,EAAE;QAC1C,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,OAAO,EAAE;KAC7C,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAEzD,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC;QAErC,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACnC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,wDAAwD,EAAE,CAAC,CAAC,EAAE;IACjE,KAAK,MAAM,KAAK,IAAI,CAAC,QAAQ,CAAC,EAAE;QAC9B,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC;QACrC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;KAC/B;AACH,CAAC,CAAC,CAAC"}

node_modules/@actions/github/README.md

@@ -1,74 +0,0 @@
-# `@actions/github`
-
-> A hydrated Octokit client.
-
-## Usage
-
-Returns an authenticated Octokit client that follows the machine [proxy settings](https://help.github.com/en/actions/hosting-your-own-runners/using-a-proxy-server-with-self-hosted-runners). See https://octokit.github.io/rest.js for the API.
-
-```js
-const github = require('@actions/github');
-const core = require('@actions/core');
-
-async function run() {
-    // This should be a token with access to your repository scoped in as a secret.
-    // The YML workflow will need to set myToken with the GitHub Secret Token
-    // myToken: ${{ secrets.GITHUB_TOKEN }}
-    // https://help.github.com/en/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token#about-the-github_token-secret
-    const myToken = core.getInput('myToken');
-
-    const octokit = new github.GitHub(myToken);
-
-    const { data: pullRequest } = await octokit.pulls.get({
-        owner: 'octokit',
-        repo: 'rest.js',
-        pull_number: 123,
-        mediaType: {
-          format: 'diff'
-        }
-    });
-
-    console.log(pullRequest);
-}
-
-run();
-```
-
-You can pass client options, as specified by [Octokit](https://octokit.github.io/rest.js/), as a second argument to the `GitHub` constructor.
-
-You can also make GraphQL requests. See https://github.com/octokit/graphql.js for the API.
-
-```js
-const result = await octokit.graphql(query, variables);
-```
-
-Finally, you can get the context of the current action:
-
-```js
-const github = require('@actions/github');
-
-const context = github.context;
-
-const newIssue = await octokit.issues.create({
-  ...context.repo,
-  title: 'New issue!',
-  body: 'Hello Universe!'
-});
-```
-
-## Webhook payload typescript definitions
-
-The npm module `@octokit/webhooks` provides type definitions for the response payloads. You can cast the payload to these types for better type information.
-
-First, install the npm module `npm install @octokit/webhooks`
-
-Then, assert the type based on the eventName
-```ts
-import * as core from '@actions/core'
-import * as github from '@actions/github'
-import * as Webhooks from '@octokit/webhooks'
-if (github.context.eventName === 'push') {
-  const pushPayload = github.context.payload as Webhooks.WebhookPayloadPush
-  core.info(`The head commit is: ${pushPayload.head}`)
-}
-```

node_modules/@actions/github/lib/context.d.ts

@@ -1,26 +0,0 @@
-import { WebhookPayload } from './interfaces';
-export declare class Context {
-    /**
-     * Webhook payload object that triggered the workflow
-     */
-    payload: WebhookPayload;
-    eventName: string;
-    sha: string;
-    ref: string;
-    workflow: string;
-    action: string;
-    actor: string;
-    /**
-     * Hydrate the context from the environment
-     */
-    constructor();
-    get issue(): {
-        owner: string;
-        repo: string;
-        number: number;
-    };
-    get repo(): {
-        owner: string;
-        repo: string;
-    };
-}

node_modules/@actions/github/lib/context.js

@@ -1,46 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const fs_1 = require("fs");
-const os_1 = require("os");
-class Context {
-    /**
-     * Hydrate the context from the environment
-     */
-    constructor() {
-        this.payload = {};
-        if (process.env.GITHUB_EVENT_PATH) {
-            if (fs_1.existsSync(process.env.GITHUB_EVENT_PATH)) {
-                this.payload = JSON.parse(fs_1.readFileSync(process.env.GITHUB_EVENT_PATH, { encoding: 'utf8' }));
-            }
-            else {
-                const path = process.env.GITHUB_EVENT_PATH;
-                process.stdout.write(`GITHUB_EVENT_PATH ${path} does not exist${os_1.EOL}`);
-            }
-        }
-        this.eventName = process.env.GITHUB_EVENT_NAME;
-        this.sha = process.env.GITHUB_SHA;
-        this.ref = process.env.GITHUB_REF;
-        this.workflow = process.env.GITHUB_WORKFLOW;
-        this.action = process.env.GITHUB_ACTION;
-        this.actor = process.env.GITHUB_ACTOR;
-    }
-    get issue() {
-        const payload = this.payload;
-        return Object.assign(Object.assign({}, this.repo), { number: (payload.issue || payload.pull_request || payload).number });
-    }
-    get repo() {
-        if (process.env.GITHUB_REPOSITORY) {
-            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');
-            return { owner, repo };
-        }
-        if (this.payload.repository) {
-            return {
-                owner: this.payload.repository.owner.login,
-                repo: this.payload.repository.name
-            };
-        }
-        throw new Error("context.repo requires a GITHUB_REPOSITORY environment variable like 'owner/repo'");
-    }
-}
-exports.Context = Context;
-//# sourceMappingURL=context.js.map

node_modules/@actions/github/lib/context.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"context.js","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":";;AAEA,2BAA2C;AAC3C,2BAAsB;AAEtB,MAAa,OAAO;IAalB;;OAEG;IACH;QACE,IAAI,CAAC,OAAO,GAAG,EAAE,CAAA;QACjB,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;YACjC,IAAI,eAAU,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE;gBAC7C,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,KAAK,CACvB,iBAAY,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,EAAC,QAAQ,EAAE,MAAM,EAAC,CAAC,CAChE,CAAA;aACF;iBAAM;gBACL,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;gBAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,IAAI,kBAAkB,QAAG,EAAE,CAAC,CAAA;aACvE;SACF;QACD,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAA2B,CAAA;QACxD,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,UAAoB,CAAA;QAC3C,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,UAAoB,CAAA;QAC3C,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAyB,CAAA;QACrD,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAuB,CAAA;QACjD,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,YAAsB,CAAA;IACjD,CAAC;IAED,IAAI,KAAK;QACP,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAA;QAE5B,uCACK,IAAI,CAAC,IAAI,KACZ,MAAM,EAAE,CAAC,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,CAAC,MAAM,IAClE;IACH,CAAC;IAED,IAAI,IAAI;QACN,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;YACjC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YAC9D,OAAO,EAAC,KAAK,EAAE,IAAI,EAAC,CAAA;SACrB;QAED,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE;YAC3B,OAAO;gBACL,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK;gBAC1C,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI;aACnC,CAAA;SACF;QAED,MAAM,IAAI,KAAK,CACb,kFAAkF,CACnF,CAAA;IACH,CAAC;CACF;AA9DD,0BA8DC"}

node_modules/@actions/github/lib/github.d.ts

@@ -1,27 +0,0 @@
-import { graphql as GraphQL } from '@octokit/graphql/dist-types/types';
-import { Octokit } from '@octokit/rest';
-import * as Context from './context';
-export declare const context: Context.Context;
-export declare class GitHub extends Octokit {
-    graphql: GraphQL;
-    /**
-     * Sets up the REST client and GraphQL client with auth and proxy support.
-     * The parameter `token` or `opts.auth` must be supplied. The GraphQL client
-     * authorization is not setup when `opts.auth` is a function or object.
-     *
-     * @param token  Auth token
-     * @param opts   Octokit options
-     */
-    constructor(token: string, opts?: Omit<Octokit.Options, 'auth'>);
-    constructor(opts: Octokit.Options);
-    /**
-     * Disambiguates the constructor overload parameters
-     */
-    private static disambiguate;
-    private static getOctokitOptions;
-    private static getGraphQL;
-    private static getAuthString;
-    private static getProxyAgent;
-    private static getApiBaseUrl;
-    private static getGraphQLBaseUrl;
-}

node_modules/@actions/github/lib/github.js

@@ -1,108 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-// Originally pulled from https://github.com/JasonEtco/actions-toolkit/blob/master/src/github.ts
-const graphql_1 = require("@octokit/graphql");
-const rest_1 = require("@octokit/rest");
-const Context = __importStar(require("./context"));
-const httpClient = __importStar(require("@actions/http-client"));
-// We need this in order to extend Octokit
-rest_1.Octokit.prototype = new rest_1.Octokit();
-exports.context = new Context.Context();
-class GitHub extends rest_1.Octokit {
-    constructor(token, opts) {
-        super(GitHub.getOctokitOptions(GitHub.disambiguate(token, opts)));
-        this.graphql = GitHub.getGraphQL(GitHub.disambiguate(token, opts));
-    }
-    /**
-     * Disambiguates the constructor overload parameters
-     */
-    static disambiguate(token, opts) {
-        return [
-            typeof token === 'string' ? token : '',
-            typeof token === 'object' ? token : opts || {}
-        ];
-    }
-    static getOctokitOptions(args) {
-        const token = args[0];
-        const options = Object.assign({}, args[1]); // Shallow clone - don't mutate the object provided by the caller
-        // Base URL - GHES or Dotcom
-        options.baseUrl = options.baseUrl || this.getApiBaseUrl();
-        // Auth
-        const auth = GitHub.getAuthString(token, options);
-        if (auth) {
-            options.auth = auth;
-        }
-        // Proxy
-        const agent = GitHub.getProxyAgent(options.baseUrl, options);
-        if (agent) {
-            // Shallow clone - don't mutate the object provided by the caller
-            options.request = options.request ? Object.assign({}, options.request) : {};
-            // Set the agent
-            options.request.agent = agent;
-        }
-        return options;
-    }
-    static getGraphQL(args) {
-        const defaults = {};
-        defaults.baseUrl = this.getGraphQLBaseUrl();
-        const token = args[0];
-        const options = args[1];
-        // Authorization
-        const auth = this.getAuthString(token, options);
-        if (auth) {
-            defaults.headers = {
-                authorization: auth
-            };
-        }
-        // Proxy
-        const agent = GitHub.getProxyAgent(defaults.baseUrl, options);
-        if (agent) {
-            defaults.request = { agent };
-        }
-        return graphql_1.graphql.defaults(defaults);
-    }
-    static getAuthString(token, options) {
-        // Validate args
-        if (!token && !options.auth) {
-            throw new Error('Parameter token or opts.auth is required');
-        }
-        else if (token && options.auth) {
-            throw new Error('Parameters token and opts.auth may not both be specified');
-        }
-        return typeof options.auth === 'string' ? options.auth : `token ${token}`;
-    }
-    static getProxyAgent(destinationUrl, options) {
-        var _a;
-        if (!((_a = options.request) === null || _a === void 0 ? void 0 : _a.agent)) {
-            if (httpClient.getProxyUrl(destinationUrl)) {
-                const hc = new httpClient.HttpClient();
-                return hc.getAgent(destinationUrl);
-            }
-        }
-        return undefined;
-    }
-    static getApiBaseUrl() {
-        return process.env['GITHUB_API_URL'] || 'https://api.github.com';
-    }
-    static getGraphQLBaseUrl() {
-        let url = process.env['GITHUB_GRAPHQL_URL'] || 'https://api.github.com/graphql';
-        // Shouldn't be a trailing slash, but remove if so
-        if (url.endsWith('/')) {
-            url = url.substr(0, url.length - 1);
-        }
-        // Remove trailing "/graphql"
-        if (url.toUpperCase().endsWith('/GRAPHQL')) {
-            url = url.substr(0, url.length - '/graphql'.length);
-        }
-        return url;
-    }
-}
-exports.GitHub = GitHub;
-//# sourceMappingURL=github.js.map

node_modules/@actions/github/lib/github.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"github.js","sourceRoot":"","sources":["../src/github.ts"],"names":[],"mappings":";;;;;;;;;AAAA,gGAAgG;AAChG,8CAAwC;AAUxC,wCAAqC;AACrC,mDAAoC;AAEpC,iEAAkD;AAElD,0CAA0C;AAC1C,cAAO,CAAC,SAAS,GAAG,IAAI,cAAO,EAAE,CAAA;AAEpB,QAAA,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,EAAE,CAAA;AAE5C,MAAa,MAAO,SAAQ,cAAO;IAiBjC,YAAY,KAA+B,EAAE,IAAsB;QACjE,KAAK,CAAC,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAA;QAEjE,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAA;IACpE,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,YAAY,CACzB,KAA+B,EAC/B,IAAsB;QAEtB,OAAO;YACL,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;YACtC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE;SAC/C,CAAA;IACH,CAAC;IAEO,MAAM,CAAC,iBAAiB,CAC9B,IAA+B;QAE/B,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,OAAO,qBAAO,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA,CAAC,iEAAiE;QAE9F,4BAA4B;QAC5B,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,aAAa,EAAE,CAAA;QAEzD,OAAO;QACP,MAAM,IAAI,GAAG,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;QACjD,IAAI,IAAI,EAAE;YACR,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;SACpB;QAED,QAAQ;QACR,MAAM,KAAK,GAAG,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAC5D,IAAI,KAAK,EAAE;YACT,iEAAiE;YACjE,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,mBAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,CAAA;YAE7D,gBAAgB;YAChB,OAAO,CAAC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAA;SAC9B;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;IAEO,MAAM,CAAC,UAAU,CAAC,IAA+B;QACvD,MAAM,QAAQ,GAA6B,EAAE,CAAA;QAC7C,QAAQ,CAAC,OAAO,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAA;QAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QAEvB,gBAAgB;QAChB,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;QAC/C,IAAI,IAAI,EAAE;YACR,QAAQ,CAAC,OAAO,GAAG;gBACjB,aAAa,EAAE,IAAI;aACpB,CAAA;SACF;QAED,QAAQ;QACR,MAAM,KAAK,GAAG,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAC7D,IAAI,KAAK,EAAE;YACT,QAAQ,CAAC,OAAO,GAAG,EAAC,KAAK,EAAC,CAAA;SAC3B;QAED,OAAO,iBAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACnC,CAAC;IAEO,MAAM,CAAC,aAAa,CAC1B,KAAa,EACb,OAAwB;QAExB,gBAAgB;QAChB,IAAI,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;YAC3B,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;SAC5D;aAAM,IAAI,KAAK,IAAI,OAAO,CAAC,IAAI,EAAE;YAChC,MAAM,IAAI,KAAK,CACb,0DAA0D,CAC3D,CAAA;SACF;QAED,OAAO,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,KAAK,EAAE,CAAA;IAC3E,CAAC;IAEO,MAAM,CAAC,aAAa,CAC1B,cAAsB,EACtB,OAAwB;;QAExB,IAAI,QAAC,OAAO,CAAC,OAAO,0CAAE,KAAK,CAAA,EAAE;YAC3B,IAAI,UAAU,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE;gBAC1C,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,UAAU,EAAE,CAAA;gBACtC,OAAO,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;aACnC;SACF;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAEO,MAAM,CAAC,aAAa;QAC1B,OAAO,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,wBAAwB,CAAA;IAClE,CAAC;IAEO,MAAM,CAAC,iBAAiB;QAC9B,IAAI,GAAG,GACL,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,gCAAgC,CAAA;QAEvE,kDAAkD;QAClD,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;YACrB,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;SACpC;QAED,6BAA6B;QAC7B,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE;YAC1C,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAA;SACpD;QACD,OAAO,GAAG,CAAA;IACZ,CAAC;CACF;AAxID,wBAwIC"}

node_modules/@actions/github/lib/interfaces.d.ts

@@ -1,36 +0,0 @@
-export interface PayloadRepository {
-    [key: string]: any;
-    full_name?: string;
-    name: string;
-    owner: {
-        [key: string]: any;
-        login: string;
-        name?: string;
-    };
-    html_url?: string;
-}
-export interface WebhookPayload {
-    [key: string]: any;
-    repository?: PayloadRepository;
-    issue?: {
-        [key: string]: any;
-        number: number;
-        html_url?: string;
-        body?: string;
-    };
-    pull_request?: {
-        [key: string]: any;
-        number: number;
-        html_url?: string;
-        body?: string;
-    };
-    sender?: {
-        [key: string]: any;
-        type: string;
-    };
-    action?: string;
-    installation?: {
-        id: number;
-        [key: string]: any;
-    };
-}

node_modules/@actions/github/lib/interfaces.js

@@ -1,4 +0,0 @@
-"use strict";
-/* eslint-disable @typescript-eslint/no-explicit-any */
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=interfaces.js.map

node_modules/@actions/github/lib/interfaces.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"interfaces.js","sourceRoot":"","sources":["../src/interfaces.ts"],"names":[],"mappings":";AAAA,uDAAuD"}

node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/version.js

@@ -1 +0,0 @@
-export const VERSION = "1.1.2";

node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/version.d.ts

@@ -1 +0,0 @@
-export declare const VERSION = "1.1.2";

node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js

@@ -1,38 +0,0 @@
-import { Deprecation } from "deprecation";
-import endpointsByScope from "./generated/endpoints";
-import { VERSION } from "./version";
-import { registerEndpoints } from "./register-endpoints";
-/**
- * This plugin is a 1:1 copy of internal @octokit/rest plugins. The primary
- * goal is to rebuild @octokit/rest on top of @octokit/core. Once that is
- * done, we will remove the registerEndpoints methods and return the methods
- * directly as with the other plugins. At that point we will also remove the
- * legacy workarounds and deprecations.
- *
- * See the plan at
- * https://github.com/octokit/plugin-rest-endpoint-methods.js/pull/1
- */
-export function restEndpointMethods(octokit) {
-    // @ts-ignore
-    octokit.registerEndpoints = registerEndpoints.bind(null, octokit);
-    registerEndpoints(octokit, endpointsByScope);
-    // Aliasing scopes for backward compatibility
-    // See https://github.com/octokit/rest.js/pull/1134
-    [
-        ["gitdata", "git"],
-        ["authorization", "oauthAuthorizations"],
-        ["pullRequests", "pulls"]
-    ].forEach(([deprecatedScope, scope]) => {
-        Object.defineProperty(octokit, deprecatedScope, {
-            get() {
-                octokit.log.warn(
-                // @ts-ignore
-                new Deprecation(`[@octokit/plugin-rest-endpoint-methods] "octokit.${deprecatedScope}.*" methods are deprecated, use "octokit.${scope}.*" instead`));
-                // @ts-ignore
-                return octokit[scope];
-            }
-        });
-    });
-    return {};
-}
-restEndpointMethods.VERSION = VERSION;

node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/register-endpoints.js

@@ -1,60 +0,0 @@
-import { Deprecation } from "deprecation";
-export function registerEndpoints(octokit, routes) {
-    Object.keys(routes).forEach(namespaceName => {
-        if (!octokit[namespaceName]) {
-            octokit[namespaceName] = {};
-        }
-        Object.keys(routes[namespaceName]).forEach(apiName => {
-            const apiOptions = routes[namespaceName][apiName];
-            const endpointDefaults = ["method", "url", "headers"].reduce((map, key) => {
-                if (typeof apiOptions[key] !== "undefined") {
-                    map[key] = apiOptions[key];
-                }
-                return map;
-            }, {});
-            endpointDefaults.request = {
-                validate: apiOptions.params
-            };
-            let request = octokit.request.defaults(endpointDefaults);
-            // patch request & endpoint methods to support deprecated parameters.
-            // Not the most elegant solution, but we don’t want to move deprecation
-            // logic into octokit/endpoint.js as it’s out of scope
-            const hasDeprecatedParam = Object.keys(apiOptions.params || {}).find(key => apiOptions.params[key].deprecated);
-            if (hasDeprecatedParam) {
-                const patch = patchForDeprecation.bind(null, octokit, apiOptions);
-                request = patch(octokit.request.defaults(endpointDefaults), `.${namespaceName}.${apiName}()`);
-                request.endpoint = patch(request.endpoint, `.${namespaceName}.${apiName}.endpoint()`);
-                request.endpoint.merge = patch(request.endpoint.merge, `.${namespaceName}.${apiName}.endpoint.merge()`);
-            }
-            if (apiOptions.deprecated) {
-                octokit[namespaceName][apiName] = Object.assign(function deprecatedEndpointMethod() {
-                    octokit.log.warn(new Deprecation(`[@octokit/rest] ${apiOptions.deprecated}`));
-                    octokit[namespaceName][apiName] = request;
-                    return request.apply(null, arguments);
-                }, request);
-                return;
-            }
-            octokit[namespaceName][apiName] = request;
-        });
-    });
-}
-function patchForDeprecation(octokit, apiOptions, method, methodName) {
-    const patchedMethod = (options) => {
-        options = Object.assign({}, options);
-        Object.keys(options).forEach(key => {
-            if (apiOptions.params[key] && apiOptions.params[key].deprecated) {
-                const aliasKey = apiOptions.params[key].alias;
-                octokit.log.warn(new Deprecation(`[@octokit/rest] "${key}" parameter is deprecated for "${methodName}". Use "${aliasKey}" instead`));
-                if (!(aliasKey in options)) {
-                    options[aliasKey] = options[key];
-                }
-                delete options[key];
-            }
-        });
-        return method(options);
-    };
-    Object.keys(method).forEach(key => {
-        patchedMethod[key] = method[key];
-    });
-    return patchedMethod;
-}

node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js

@@ -1 +0,0 @@
-export const VERSION = "2.4.0";

node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/register-endpoints.d.ts

@@ -1 +0,0 @@
-export declare function registerEndpoints(octokit: any, routes: any): void;

node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/types.d.ts

@@ -1,4 +0,0 @@
-import { RestEndpointMethods } from "./generated/rest-endpoint-methods-types";
-export declare type Api = {
-    registerEndpoints: (endpoints: any) => void;
-} & RestEndpointMethods;

node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/version.d.ts

@@ -1 +0,0 @@
-export declare const VERSION = "2.4.0";

node_modules/@actions/github/node_modules/@octokit/rest/index.js

@@ -1,43 +0,0 @@
-const { requestLog } = require("@octokit/plugin-request-log");
-const {
-  restEndpointMethods
-} = require("@octokit/plugin-rest-endpoint-methods");
-
-const Core = require("./lib/core");
-
-const CORE_PLUGINS = [
-  require("./plugins/authentication"),
-  require("./plugins/authentication-deprecated"), // deprecated: remove in v17
-  requestLog,
-  require("./plugins/pagination"),
-  restEndpointMethods,
-  require("./plugins/validate"),
-
-  require("octokit-pagination-methods") // deprecated: remove in v17
-];
-
-const OctokitRest = Core.plugin(CORE_PLUGINS);
-
-function DeprecatedOctokit(options) {
-  const warn =
-    options && options.log && options.log.warn
-      ? options.log.warn
-      : console.warn;
-  warn(
-    '[@octokit/rest] `const Octokit = require("@octokit/rest")` is deprecated. Use `const { Octokit } = require("@octokit/rest")` instead'
-  );
-  return new OctokitRest(options);
-}
-
-const Octokit = Object.assign(DeprecatedOctokit, {
-  Octokit: OctokitRest
-});
-
-Object.keys(OctokitRest).forEach(key => {
-  /* istanbul ignore else */
-  if (OctokitRest.hasOwnProperty(key)) {
-    Octokit[key] = OctokitRest[key];
-  }
-});
-
-module.exports = Octokit;

node_modules/@actions/github/node_modules/@octokit/rest/lib/constructor.js

@@ -1,29 +0,0 @@
-module.exports = Octokit;
-
-const { request } = require("@octokit/request");
-const Hook = require("before-after-hook");
-
-const parseClientOptions = require("./parse-client-options");
-
-function Octokit(plugins, options) {
-  options = options || {};
-  const hook = new Hook.Collection();
-  const log = Object.assign(
-    {
-      debug: () => {},
-      info: () => {},
-      warn: console.warn,
-      error: console.error
-    },
-    options && options.log
-  );
-  const api = {
-    hook,
-    log,
-    request: request.defaults(parseClientOptions(options, log, hook))
-  };
-
-  plugins.forEach(pluginFunction => pluginFunction(api, options));
-
-  return api;
-}

node_modules/@actions/github/node_modules/@octokit/rest/lib/core.js

@@ -1,3 +0,0 @@
-const factory = require("./factory");
-
-module.exports = factory();

node_modules/@actions/github/node_modules/@octokit/rest/lib/factory.js

@@ -1,10 +0,0 @@
-module.exports = factory;
-
-const Octokit = require("./constructor");
-const registerPlugin = require("./register-plugin");
-
-function factory(plugins) {
-  const Api = Octokit.bind(null, plugins || []);
-  Api.plugin = registerPlugin.bind(null, plugins || []);
-  return Api;
-}

node_modules/@actions/github/node_modules/@octokit/rest/lib/parse-client-options.js

@@ -1,89 +0,0 @@
-module.exports = parseOptions;
-
-const { Deprecation } = require("deprecation");
-const { getUserAgent } = require("universal-user-agent");
-const once = require("once");
-
-const pkg = require("../package.json");
-
-const deprecateOptionsTimeout = once((log, deprecation) =>
-  log.warn(deprecation)
-);
-const deprecateOptionsAgent = once((log, deprecation) => log.warn(deprecation));
-const deprecateOptionsHeaders = once((log, deprecation) =>
-  log.warn(deprecation)
-);
-
-function parseOptions(options, log, hook) {
-  if (options.headers) {
-    options.headers = Object.keys(options.headers).reduce((newObj, key) => {
-      newObj[key.toLowerCase()] = options.headers[key];
-      return newObj;
-    }, {});
-  }
-
-  const clientDefaults = {
-    headers: options.headers || {},
-    request: options.request || {},
-    mediaType: {
-      previews: [],
-      format: ""
-    }
-  };
-
-  if (options.baseUrl) {
-    clientDefaults.baseUrl = options.baseUrl;
-  }
-
-  if (options.userAgent) {
-    clientDefaults.headers["user-agent"] = options.userAgent;
-  }
-
-  if (options.previews) {
-    clientDefaults.mediaType.previews = options.previews;
-  }
-
-  if (options.timeZone) {
-    clientDefaults.headers["time-zone"] = options.timeZone;
-  }
-
-  if (options.timeout) {
-    deprecateOptionsTimeout(
-      log,
-      new Deprecation(
-        "[@octokit/rest] new Octokit({timeout}) is deprecated. Use {request: {timeout}} instead. See https://github.com/octokit/request.js#request"
-      )
-    );
-    clientDefaults.request.timeout = options.timeout;
-  }
-
-  if (options.agent) {
-    deprecateOptionsAgent(
-      log,
-      new Deprecation(
-        "[@octokit/rest] new Octokit({agent}) is deprecated. Use {request: {agent}} instead. See https://github.com/octokit/request.js#request"
-      )
-    );
-    clientDefaults.request.agent = options.agent;
-  }
-
-  if (options.headers) {
-    deprecateOptionsHeaders(
-      log,
-      new Deprecation(
-        "[@octokit/rest] new Octokit({headers}) is deprecated. Use {userAgent, previews} instead. See https://github.com/octokit/request.js#request"
-      )
-    );
-  }
-
-  const userAgentOption = clientDefaults.headers["user-agent"];
-  const defaultUserAgent = `octokit.js/${pkg.version} ${getUserAgent()}`;
-
-  clientDefaults.headers["user-agent"] = [userAgentOption, defaultUserAgent]
-    .filter(Boolean)
-    .join(" ");
-
-  clientDefaults.request.hook = hook.bind(null, "request");
-
-  return clientDefaults;
-}

node_modules/@actions/github/node_modules/@octokit/rest/lib/register-plugin.js

@@ -1,9 +0,0 @@
-module.exports = registerPlugin;
-
-const factory = require("./factory");
-
-function registerPlugin(plugins, pluginFunction) {
-  return factory(
-    plugins.includes(pluginFunction) ? plugins : plugins.concat(pluginFunction)
-  );
-}

node_modules/@actions/github/node_modules/@octokit/rest/package.json

@@ -1,140 +0,0 @@
-{
-  "name": "@octokit/rest",
-  "version": "16.43.2",
-  "publishConfig": {
-    "access": "public"
-  },
-  "description": "GitHub REST API client for Node.js",
-  "keywords": [
-    "octokit",
-    "github",
-    "rest",
-    "api-client"
-  ],
-  "author": "Gregor Martynus (https://github.com/gr2m)",
-  "contributors": [
-    {
-      "name": "Mike de Boer",
-      "email": "info@mikedeboer.nl"
-    },
-    {
-      "name": "Fabian Jakobs",
-      "email": "fabian@c9.io"
-    },
-    {
-      "name": "Joe Gallo",
-      "email": "joe@brassafrax.com"
-    },
-    {
-      "name": "Gregor Martynus",
-      "url": "https://github.com/gr2m"
-    }
-  ],
-  "repository": "https://github.com/octokit/rest.js",
-  "dependencies": {
-    "@octokit/auth-token": "^2.4.0",
-    "@octokit/plugin-paginate-rest": "^1.1.1",
-    "@octokit/plugin-request-log": "^1.0.0",
-    "@octokit/plugin-rest-endpoint-methods": "2.4.0",
-    "@octokit/request": "^5.2.0",
-    "@octokit/request-error": "^1.0.2",
-    "atob-lite": "^2.0.0",
-    "before-after-hook": "^2.0.0",
-    "btoa-lite": "^1.0.0",
-    "deprecation": "^2.0.0",
-    "lodash.get": "^4.4.2",
-    "lodash.set": "^4.3.2",
-    "lodash.uniq": "^4.5.0",
-    "octokit-pagination-methods": "^1.1.0",
-    "once": "^1.4.0",
-    "universal-user-agent": "^4.0.0"
-  },
-  "devDependencies": {
-    "@gimenete/type-writer": "^0.1.3",
-    "@octokit/auth": "^1.1.1",
-    "@octokit/fixtures-server": "^5.0.6",
-    "@octokit/graphql": "^4.2.0",
-    "@types/node": "^13.1.0",
-    "bundlesize": "^0.18.0",
-    "chai": "^4.1.2",
-    "compression-webpack-plugin": "^3.1.0",
-    "cypress": "^4.0.0",
-    "glob": "^7.1.2",
-    "http-proxy-agent": "^4.0.0",
-    "lodash.camelcase": "^4.3.0",
-    "lodash.merge": "^4.6.1",
-    "lodash.upperfirst": "^4.3.1",
-    "lolex": "^6.0.0",
-    "mkdirp": "^1.0.0",
-    "mocha": "^7.0.1",
-    "mustache": "^4.0.0",
-    "nock": "^11.3.3",
-    "npm-run-all": "^4.1.2",
-    "nyc": "^15.0.0",
-    "prettier": "^1.14.2",
-    "proxy": "^1.0.0",
-    "semantic-release": "^17.0.0",
-    "sinon": "^8.0.0",
-    "sinon-chai": "^3.0.0",
-    "sort-keys": "^4.0.0",
-    "string-to-arraybuffer": "^1.0.0",
-    "string-to-jsdoc-comment": "^1.0.0",
-    "typescript": "^3.3.1",
-    "webpack": "^4.0.0",
-    "webpack-bundle-analyzer": "^3.0.0",
-    "webpack-cli": "^3.0.0"
-  },
-  "types": "index.d.ts",
-  "scripts": {
-    "coverage": "nyc report --reporter=html && open coverage/index.html",
-    "lint": "prettier --check '{lib,plugins,scripts,test}/**/*.{js,json,ts}' 'docs/*.{js,json}' 'docs/src/**/*' index.js README.md package.json",
-    "lint:fix": "prettier --write '{lib,plugins,scripts,test}/**/*.{js,json,ts}' 'docs/*.{js,json}' 'docs/src/**/*' index.js README.md package.json",
-    "pretest": "npm run -s lint",
-    "test": "nyc mocha test/mocha-node-setup.js \"test/*/**/*-test.js\"",
-    "test:browser": "cypress run --browser chrome",
-    "build": "npm-run-all build:*",
-    "build:ts": "npm run -s update-endpoints:typescript",
-    "prebuild:browser": "mkdirp dist/",
-    "build:browser": "npm-run-all build:browser:*",
-    "build:browser:development": "webpack --mode development --entry . --output-library=Octokit --output=./dist/octokit-rest.js --profile --json > dist/bundle-stats.json",
-    "build:browser:production": "webpack --mode production --entry . --plugin=compression-webpack-plugin --output-library=Octokit --output-path=./dist --output-filename=octokit-rest.min.js --devtool source-map",
-    "generate-bundle-report": "webpack-bundle-analyzer dist/bundle-stats.json --mode=static --no-open --report dist/bundle-report.html",
-    "update-endpoints": "npm-run-all update-endpoints:*",
-    "update-endpoints:fetch-json": "node scripts/update-endpoints/fetch-json",
-    "update-endpoints:typescript": "node scripts/update-endpoints/typescript",
-    "prevalidate:ts": "npm run -s build:ts",
-    "validate:ts": "tsc --target es6 --noImplicitAny index.d.ts",
-    "postvalidate:ts": "tsc --noEmit --target es6 test/typescript-validate.ts",
-    "start-fixtures-server": "octokit-fixtures-server"
-  },
-  "license": "MIT",
-  "files": [
-    "index.js",
-    "index.d.ts",
-    "lib",
-    "plugins"
-  ],
-  "nyc": {
-    "ignore": [
-      "test"
-    ]
-  },
-  "release": {
-    "publish": [
-      "@semantic-release/npm",
-      {
-        "path": "@semantic-release/github",
-        "assets": [
-          "dist/*",
-          "!dist/*.map.gz"
-        ]
-      }
-    ]
-  },
-  "bundlesize": [
-    {
-      "path": "./dist/octokit-rest.min.js.gz",
-      "maxSize": "33 kB"
-    }
-  ]
-}

node_modules/@actions/github/node_modules/@octokit/rest/plugins/authentication-deprecated/authenticate.js

@@ -1,52 +0,0 @@
-module.exports = authenticate;
-
-const { Deprecation } = require("deprecation");
-const once = require("once");
-
-const deprecateAuthenticate = once((log, deprecation) => log.warn(deprecation));
-
-function authenticate(state, options) {
-  deprecateAuthenticate(
-    state.octokit.log,
-    new Deprecation(
-      '[@octokit/rest] octokit.authenticate() is deprecated. Use "auth" constructor option instead.'
-    )
-  );
-
-  if (!options) {
-    state.auth = false;
-    return;
-  }
-
-  switch (options.type) {
-    case "basic":
-      if (!options.username || !options.password) {
-        throw new Error(
-          "Basic authentication requires both a username and password to be set"
-        );
-      }
-      break;
-
-    case "oauth":
-      if (!options.token && !(options.key && options.secret)) {
-        throw new Error(
-          "OAuth2 authentication requires a token or key & secret to be set"
-        );
-      }
-      break;
-
-    case "token":
-    case "app":
-      if (!options.token) {
-        throw new Error("Token authentication requires a token to be set");
-      }
-      break;
-
-    default:
-      throw new Error(
-        "Invalid authentication type, must be 'basic', 'oauth', 'token' or 'app'"
-      );
-  }
-
-  state.auth = options;
-}

node_modules/@actions/github/node_modules/@octokit/rest/plugins/authentication-deprecated/before-request.js

@@ -1,43 +0,0 @@
-module.exports = authenticationBeforeRequest;
-
-const btoa = require("btoa-lite");
-const uniq = require("lodash.uniq");
-
-function authenticationBeforeRequest(state, options) {
-  if (!state.auth.type) {
-    return;
-  }
-
-  if (state.auth.type === "basic") {
-    const hash = btoa(`${state.auth.username}:${state.auth.password}`);
-    options.headers.authorization = `Basic ${hash}`;
-    return;
-  }
-
-  if (state.auth.type === "token") {
-    options.headers.authorization = `token ${state.auth.token}`;
-    return;
-  }
-
-  if (state.auth.type === "app") {
-    options.headers.authorization = `Bearer ${state.auth.token}`;
-    const acceptHeaders = options.headers.accept
-      .split(",")
-      .concat("application/vnd.github.machine-man-preview+json");
-    options.headers.accept = uniq(acceptHeaders)
-      .filter(Boolean)
-      .join(",");
-    return;
-  }
-
-  options.url += options.url.indexOf("?") === -1 ? "?" : "&";
-
-  if (state.auth.token) {
-    options.url += `access_token=${encodeURIComponent(state.auth.token)}`;
-    return;
-  }
-
-  const key = encodeURIComponent(state.auth.key);
-  const secret = encodeURIComponent(state.auth.secret);
-  options.url += `client_id=${key}&client_secret=${secret}`;
-}

node_modules/@actions/github/node_modules/@octokit/rest/plugins/authentication-deprecated/index.js

@@ -1,31 +0,0 @@
-module.exports = authenticationPlugin;
-
-const { Deprecation } = require("deprecation");
-const once = require("once");
-
-const deprecateAuthenticate = once((log, deprecation) => log.warn(deprecation));
-
-const authenticate = require("./authenticate");
-const beforeRequest = require("./before-request");
-const requestError = require("./request-error");
-
-function authenticationPlugin(octokit, options) {
-  if (options.auth) {
-    octokit.authenticate = () => {
-      deprecateAuthenticate(
-        octokit.log,
-        new Deprecation(
-          '[@octokit/rest] octokit.authenticate() is deprecated and has no effect when "auth" option is set on Octokit constructor'
-        )
-      );
-    };
-    return;
-  }
-  const state = {
-    octokit,
-    auth: false
-  };
-  octokit.authenticate = authenticate.bind(null, state);
-  octokit.hook.before("request", beforeRequest.bind(null, state));
-  octokit.hook.error("request", requestError.bind(null, state));
-}

node_modules/@actions/github/node_modules/@octokit/rest/plugins/authentication-deprecated/request-error.js

@@ -1,55 +0,0 @@
-module.exports = authenticationRequestError;
-
-const { RequestError } = require("@octokit/request-error");
-
-function authenticationRequestError(state, error, options) {
-  /* istanbul ignore next */
-  if (!error.headers) throw error;
-
-  const otpRequired = /required/.test(error.headers["x-github-otp"] || "");
-  // handle "2FA required" error only
-  if (error.status !== 401 || !otpRequired) {
-    throw error;
-  }
-
-  if (
-    error.status === 401 &&
-    otpRequired &&
-    error.request &&
-    error.request.headers["x-github-otp"]
-  ) {
-    throw new RequestError(
-      "Invalid one-time password for two-factor authentication",
-      401,
-      {
-        headers: error.headers,
-        request: options
-      }
-    );
-  }
-
-  if (typeof state.auth.on2fa !== "function") {
-    throw new RequestError(
-      "2FA required, but options.on2fa is not a function. See https://github.com/octokit/rest.js#authentication",
-      401,
-      {
-        headers: error.headers,
-        request: options
-      }
-    );
-  }
-
-  return Promise.resolve()
-    .then(() => {
-      return state.auth.on2fa();
-    })
-    .then(oneTimePassword => {
-      const newOptions = Object.assign(options, {
-        headers: Object.assign(
-          { "x-github-otp": oneTimePassword },
-          options.headers
-        )
-      });
-      return state.octokit.request(newOptions);
-    });
-}

node_modules/@actions/github/node_modules/@octokit/rest/plugins/authentication/before-request.js

@@ -1,53 +0,0 @@
-module.exports = authenticationBeforeRequest;
-
-const btoa = require("btoa-lite");
-
-const withAuthorizationPrefix = require("./with-authorization-prefix");
-
-function authenticationBeforeRequest(state, options) {
-  if (typeof state.auth === "string") {
-    options.headers.authorization = withAuthorizationPrefix(state.auth);
-    return;
-  }
-
-  if (state.auth.username) {
-    const hash = btoa(`${state.auth.username}:${state.auth.password}`);
-    options.headers.authorization = `Basic ${hash}`;
-    if (state.otp) {
-      options.headers["x-github-otp"] = state.otp;
-    }
-    return;
-  }
-
-  if (state.auth.clientId) {
-    // There is a special case for OAuth applications, when `clientId` and `clientSecret` is passed as
-    // Basic Authorization instead of query parameters. The only routes where that applies share the same
-    // URL though: `/applications/:client_id/tokens/:access_token`.
-    //
-    //  1. [Check an authorization](https://developer.github.com/v3/oauth_authorizations/#check-an-authorization)
-    //  2. [Reset an authorization](https://developer.github.com/v3/oauth_authorizations/#reset-an-authorization)
-    //  3. [Revoke an authorization for an application](https://developer.github.com/v3/oauth_authorizations/#revoke-an-authorization-for-an-application)
-    //
-    // We identify by checking the URL. It must merge both "/applications/:client_id/tokens/:access_token"
-    // as well as "/applications/123/tokens/token456"
-    if (/\/applications\/:?[\w_]+\/tokens\/:?[\w_]+($|\?)/.test(options.url)) {
-      const hash = btoa(`${state.auth.clientId}:${state.auth.clientSecret}`);
-      options.headers.authorization = `Basic ${hash}`;
-      return;
-    }
-
-    options.url += options.url.indexOf("?") === -1 ? "?" : "&";
-    options.url += `client_id=${state.auth.clientId}&client_secret=${state.auth.clientSecret}`;
-    return;
-  }
-
-  return Promise.resolve()
-
-    .then(() => {
-      return state.auth();
-    })
-
-    .then(authorization => {
-      options.headers.authorization = withAuthorizationPrefix(authorization);
-    });
-}

node_modules/@actions/github/node_modules/@octokit/rest/plugins/authentication/index.js

@@ -1,76 +0,0 @@
-module.exports = authenticationPlugin;
-
-const { createTokenAuth } = require("@octokit/auth-token");
-const { Deprecation } = require("deprecation");
-const once = require("once");
-
-const beforeRequest = require("./before-request");
-const requestError = require("./request-error");
-const validate = require("./validate");
-const withAuthorizationPrefix = require("./with-authorization-prefix");
-
-const deprecateAuthBasic = once((log, deprecation) => log.warn(deprecation));
-const deprecateAuthObject = once((log, deprecation) => log.warn(deprecation));
-
-function authenticationPlugin(octokit, options) {
-  // If `options.authStrategy` is set then use it and pass in `options.auth`
-  if (options.authStrategy) {
-    const auth = options.authStrategy(options.auth);
-    octokit.hook.wrap("request", auth.hook);
-    octokit.auth = auth;
-    return;
-  }
-
-  // If neither `options.authStrategy` nor `options.auth` are set, the `octokit` instance
-  // is unauthenticated. The `octokit.auth()` method is a no-op and no request hook is registred.
-  if (!options.auth) {
-    octokit.auth = () =>
-      Promise.resolve({
-        type: "unauthenticated"
-      });
-    return;
-  }
-
-  const isBasicAuthString =
-    typeof options.auth === "string" &&
-    /^basic/.test(withAuthorizationPrefix(options.auth));
-
-  // If only `options.auth` is set to a string, use the default token authentication strategy.
-  if (typeof options.auth === "string" && !isBasicAuthString) {
-    const auth = createTokenAuth(options.auth);
-    octokit.hook.wrap("request", auth.hook);
-    octokit.auth = auth;
-    return;
-  }
-
-  // Otherwise log a deprecation message
-  const [deprecationMethod, deprecationMessapge] = isBasicAuthString
-    ? [
-        deprecateAuthBasic,
-        'Setting the "new Octokit({ auth })" option to a Basic Auth string is deprecated. Use https://github.com/octokit/auth-basic.js instead. See (https://octokit.github.io/rest.js/#authentication)'
-      ]
-    : [
-        deprecateAuthObject,
-        'Setting the "new Octokit({ auth })" option to an object without also setting the "authStrategy" option is deprecated and will be removed in v17. See (https://octokit.github.io/rest.js/#authentication)'
-      ];
-  deprecationMethod(
-    octokit.log,
-    new Deprecation("[@octokit/rest] " + deprecationMessapge)
-  );
-
-  octokit.auth = () =>
-    Promise.resolve({
-      type: "deprecated",
-      message: deprecationMessapge
-    });
-
-  validate(options.auth);
-
-  const state = {
-    octokit,
-    auth: options.auth
-  };
-
-  octokit.hook.before("request", beforeRequest.bind(null, state));
-  octokit.hook.error("request", requestError.bind(null, state));
-}

node_modules/@actions/github/node_modules/@octokit/rest/plugins/authentication/request-error.js

@@ -1,61 +0,0 @@
-module.exports = authenticationRequestError;
-
-const { RequestError } = require("@octokit/request-error");
-
-function authenticationRequestError(state, error, options) {
-  if (!error.headers) throw error;
-
-  const otpRequired = /required/.test(error.headers["x-github-otp"] || "");
-  // handle "2FA required" error only
-  if (error.status !== 401 || !otpRequired) {
-    throw error;
-  }
-
-  if (
-    error.status === 401 &&
-    otpRequired &&
-    error.request &&
-    error.request.headers["x-github-otp"]
-  ) {
-    if (state.otp) {
-      delete state.otp; // no longer valid, request again
-    } else {
-      throw new RequestError(
-        "Invalid one-time password for two-factor authentication",
-        401,
-        {
-          headers: error.headers,
-          request: options
-        }
-      );
-    }
-  }
-
-  if (typeof state.auth.on2fa !== "function") {
-    throw new RequestError(
-      "2FA required, but options.on2fa is not a function. See https://github.com/octokit/rest.js#authentication",
-      401,
-      {
-        headers: error.headers,
-        request: options
-      }
-    );
-  }
-
-  return Promise.resolve()
-    .then(() => {
-      return state.auth.on2fa();
-    })
-    .then(oneTimePassword => {
-      const newOptions = Object.assign(options, {
-        headers: Object.assign(options.headers, {
-          "x-github-otp": oneTimePassword
-        })
-      });
-      return state.octokit.request(newOptions).then(response => {
-        // If OTP still valid, then persist it for following requests
-        state.otp = oneTimePassword;
-        return response;
-      });
-    });
-}

node_modules/@actions/github/node_modules/@octokit/rest/plugins/authentication/validate.js

@@ -1,21 +0,0 @@
-module.exports = validateAuth;
-
-function validateAuth(auth) {
-  if (typeof auth === "string") {
-    return;
-  }
-
-  if (typeof auth === "function") {
-    return;
-  }
-
-  if (auth.username && auth.password) {
-    return;
-  }
-
-  if (auth.clientId && auth.clientSecret) {
-    return;
-  }
-
-  throw new Error(`Invalid "auth" option: ${JSON.stringify(auth)}`);
-}

node_modules/@actions/github/node_modules/@octokit/rest/plugins/authentication/with-authorization-prefix.js

@@ -1,23 +0,0 @@
-module.exports = withAuthorizationPrefix;
-
-const atob = require("atob-lite");
-
-const REGEX_IS_BASIC_AUTH = /^[\w-]+:/;
-
-function withAuthorizationPrefix(authorization) {
-  if (/^(basic|bearer|token) /i.test(authorization)) {
-    return authorization;
-  }
-
-  try {
-    if (REGEX_IS_BASIC_AUTH.test(atob(authorization))) {
-      return `basic ${authorization}`;
-    }
-  } catch (error) {}
-
-  if (authorization.split(/\./).length === 3) {
-    return `bearer ${authorization}`;
-  }
-
-  return `token ${authorization}`;
-}

node_modules/@actions/github/node_modules/@octokit/rest/plugins/pagination/index.js

@@ -1,7 +0,0 @@
-module.exports = paginatePlugin;
-
-const { paginateRest } = require("@octokit/plugin-paginate-rest");
-
-function paginatePlugin(octokit) {
-  Object.assign(octokit, paginateRest(octokit));
-}

node_modules/@actions/github/node_modules/@octokit/rest/plugins/validate/index.js

@@ -1,7 +0,0 @@
-module.exports = octokitValidate;
-
-const validate = require("./validate");
-
-function octokitValidate(octokit) {
-  octokit.hook.before("request", validate.bind(null, octokit));
-}

node_modules/@actions/github/node_modules/@octokit/rest/plugins/validate/validate.js

@@ -1,151 +0,0 @@
-"use strict";
-
-module.exports = validate;
-
-const { RequestError } = require("@octokit/request-error");
-const get = require("lodash.get");
-const set = require("lodash.set");
-
-function validate(octokit, options) {
-  if (!options.request.validate) {
-    return;
-  }
-  const { validate: params } = options.request;
-
-  Object.keys(params).forEach(parameterName => {
-    const parameter = get(params, parameterName);
-
-    const expectedType = parameter.type;
-    let parentParameterName;
-    let parentValue;
-    let parentParamIsPresent = true;
-    let parentParameterIsArray = false;
-
-    if (/\./.test(parameterName)) {
-      parentParameterName = parameterName.replace(/\.[^.]+$/, "");
-      parentParameterIsArray = parentParameterName.slice(-2) === "[]";
-      if (parentParameterIsArray) {
-        parentParameterName = parentParameterName.slice(0, -2);
-      }
-      parentValue = get(options, parentParameterName);
-      parentParamIsPresent =
-        parentParameterName === "headers" ||
-        (typeof parentValue === "object" && parentValue !== null);
-    }
-
-    const values = parentParameterIsArray
-      ? (get(options, parentParameterName) || []).map(
-          value => value[parameterName.split(/\./).pop()]
-        )
-      : [get(options, parameterName)];
-
-    values.forEach((value, i) => {
-      const valueIsPresent = typeof value !== "undefined";
-      const valueIsNull = value === null;
-      const currentParameterName = parentParameterIsArray
-        ? parameterName.replace(/\[\]/, `[${i}]`)
-        : parameterName;
-
-      if (!parameter.required && !valueIsPresent) {
-        return;
-      }
-
-      // if the parent parameter is of type object but allows null
-      // then the child parameters can be ignored
-      if (!parentParamIsPresent) {
-        return;
-      }
-
-      if (parameter.allowNull && valueIsNull) {
-        return;
-      }
-
-      if (!parameter.allowNull && valueIsNull) {
-        throw new RequestError(
-          `'${currentParameterName}' cannot be null`,
-          400,
-          {
-            request: options
-          }
-        );
-      }
-
-      if (parameter.required && !valueIsPresent) {
-        throw new RequestError(
-          `Empty value for parameter '${currentParameterName}': ${JSON.stringify(
-            value
-          )}`,
-          400,
-          {
-            request: options
-          }
-        );
-      }
-
-      // parse to integer before checking for enum
-      // so that string "1" will match enum with number 1
-      if (expectedType === "integer") {
-        const unparsedValue = value;
-        value = parseInt(value, 10);
-        if (isNaN(value)) {
-          throw new RequestError(
-            `Invalid value for parameter '${currentParameterName}': ${JSON.stringify(
-              unparsedValue
-            )} is NaN`,
-            400,
-            {
-              request: options
-            }
-          );
-        }
-      }
-
-      if (parameter.enum && parameter.enum.indexOf(String(value)) === -1) {
-        throw new RequestError(
-          `Invalid value for parameter '${currentParameterName}': ${JSON.stringify(
-            value
-          )}`,
-          400,
-          {
-            request: options
-          }
-        );
-      }
-
-      if (parameter.validation) {
-        const regex = new RegExp(parameter.validation);
-        if (!regex.test(value)) {
-          throw new RequestError(
-            `Invalid value for parameter '${currentParameterName}': ${JSON.stringify(
-              value
-            )}`,
-            400,
-            {
-              request: options
-            }
-          );
-        }
-      }
-
-      if (expectedType === "object" && typeof value === "string") {
-        try {
-          value = JSON.parse(value);
-        } catch (exception) {
-          throw new RequestError(
-            `JSON parse error of value for parameter '${currentParameterName}': ${JSON.stringify(
-              value
-            )}`,
-            400,
-            {
-              request: options
-            }
-          );
-        }
-      }
-
-      set(options, parameter.mapTo || currentParameterName, value);
-    });
-  });
-
-  return options;
-}

node_modules/@actions/github/node_modules/universal-user-agent/LICENSE.md

@@ -1,7 +0,0 @@
-# [ISC License](https://spdx.org/licenses/ISC)
-
-Copyright (c) 2018, Gregor Martynus (https://github.com/gr2m)
-
-Permission to use, copy, modify, and/or distribute this software for any purpose with or without fee is hereby granted, provided that the above copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

node_modules/@actions/github/node_modules/universal-user-agent/README.md

@@ -1,25 +0,0 @@
-# universal-user-agent
-
-> Get a user agent string in both browser and node
-
-[![@latest](https://img.shields.io/npm/v/universal-user-agent.svg)](https://www.npmjs.com/package/universal-user-agent)
-[![Build Status](https://travis-ci.com/gr2m/universal-user-agent.svg?branch=master)](https://travis-ci.com/gr2m/universal-user-agent)
-[![Greenkeeper](https://badges.greenkeeper.io/gr2m/universal-user-agent.svg)](https://greenkeeper.io/)
-
-```js
-const { getUserAgent } = require("universal-user-agent");
-// or import { getUserAgent } from "universal-user-agent";
-
-const userAgent = getUserAgent();
-// userAgent will look like this
-// in browser: "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:61.0) Gecko/20100101 Firefox/61.0"
-// in node: Node.js/v8.9.4 (macOS High Sierra; x64)
-```
-
-## Credits
-
-The Node implementation was originally inspired by [default-user-agent](https://www.npmjs.com/package/default-user-agent).
-
-## License
-
-[ISC](LICENSE.md)

node_modules/@actions/github/node_modules/universal-user-agent/dist-node/index.js

@@ -1,22 +0,0 @@
-'use strict';
-
-Object.defineProperty(exports, '__esModule', { value: true });
-
-function _interopDefault (ex) { return (ex && (typeof ex === 'object') && 'default' in ex) ? ex['default'] : ex; }
-
-var osName = _interopDefault(require('os-name'));
-
-function getUserAgent() {
-  try {
-    return `Node.js/${process.version.substr(1)} (${osName()}; ${process.arch})`;
-  } catch (error) {
-    if (/wmic os get Caption/.test(error.message)) {
-      return "Windows <version undetectable>";
-    }
-
-    throw error;
-  }
-}
-
-exports.getUserAgent = getUserAgent;
-//# sourceMappingURL=index.js.map

node_modules/@actions/github/node_modules/universal-user-agent/dist-node/index.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"index.js","sources":["../dist-src/node.js"],"sourcesContent":["import osName from \"os-name\";\nexport function getUserAgent() {\n    try {\n        return `Node.js/${process.version.substr(1)} (${osName()}; ${process.arch})`;\n    }\n    catch (error) {\n        if (/wmic os get Caption/.test(error.message)) {\n            return \"Windows <version undetectable>\";\n        }\n        throw error;\n    }\n}\n"],"names":["getUserAgent","process","version","substr","osName","arch","error","test","message"],"mappings":";;;;;;;;AACO,SAASA,YAAT,GAAwB;MACvB;WACQ,WAAUC,OAAO,CAACC,OAAR,CAAgBC,MAAhB,CAAuB,CAAvB,CAA0B,KAAIC,MAAM,EAAG,KAAIH,OAAO,CAACI,IAAK,GAA1E;GADJ,CAGA,OAAOC,KAAP,EAAc;QACN,sBAAsBC,IAAtB,CAA2BD,KAAK,CAACE,OAAjC,CAAJ,EAA+C;aACpC,gCAAP;;;UAEEF,KAAN;;;;;;"}

node_modules/@actions/github/node_modules/universal-user-agent/dist-src/browser.js

@@ -1,8 +0,0 @@
-export function getUserAgent() {
-    try {
-        return navigator.userAgent;
-    }
-    catch (e) {
-        return "<environment unknown>";
-    }
-}

node_modules/@actions/github/node_modules/universal-user-agent/dist-src/index.js

@@ -1 +0,0 @@
-export { getUserAgent } from "./node";

node_modules/@actions/github/node_modules/universal-user-agent/dist-src/node.js

@@ -1,12 +0,0 @@
-import osName from "os-name";
-export function getUserAgent() {
-    try {
-        return `Node.js/${process.version.substr(1)} (${osName()}; ${process.arch})`;
-    }
-    catch (error) {
-        if (/wmic os get Caption/.test(error.message)) {
-            return "Windows <version undetectable>";
-        }
-        throw error;
-    }
-}

node_modules/@actions/github/node_modules/universal-user-agent/dist-types/browser.d.ts

@@ -1 +0,0 @@
-export declare function getUserAgent(): string;

node_modules/@actions/github/node_modules/universal-user-agent/dist-types/index.d.ts

@@ -1 +0,0 @@
-export { getUserAgent } from "./node";