Add ql pack dependancy

.editorconfig

@@ -1,10 +0,0 @@
-root = true
-
-[*]
-end_of_line = lf
-insert_final_newline = true
-trim_trailing_whitespace = true
-
-[*.ts]
-indent_style = space
-indent_size = 2

.github/ISSUE_TEMPLATE/config.yml

@@ -1,5 +0,0 @@
-blank_issues_enabled: true
-contact_links:
-  - name: Contact GitHub Support
-    url: https://support.github.com/contact?subject=Code+Scanning+Beta+Support&tags=code-scanning-support
-    about: Contact Support about code scanning

.github/codeql/codeql-config.yml

@@ -2,13 +2,5 @@ name: "CodeQL config"
 queries: 
   - name: Run custom queries
     uses: ./queries
-  # Run all extra query suites, both because we want to
-  # and because it'll act as extra testing. This is why
-  # we include both even though one is a superset of the
-  # other, because we're testing the parsing logic and
-  # that the suites exist in the codeql bundle.
-  - uses: security-extended
-  - uses: security-and-quality
 paths-ignore:
-  - tests
-  - lib
+  - tests

.github/pull_request_template.md

@@ -1,4 +1,7 @@
 ### Merge / deployment checklist
 
+- Run test builds as necessary. Can be on this repository or elsewhere as needed in order to test the change - please include links to tests in other repos!
+  - [ ] CodeQL using init/analyze actions
+  - [ ] 3rd party tool using upload action
 - [ ] Confirm this change is backwards compatible with existing workflows.
 - [ ] Confirm the [readme](https://github.com/github/codeql-action/blob/master/README.md) has been updated if necessary.

.github/update-release-branch.py

@@ -1,178 +0,0 @@
-import datetime
-from github import Github
-import random
-import requests
-import subprocess
-import sys
-
-# The branch being merged from.
-# This is the one that contains day-to-day development work.
-MAIN_BRANCH = 'main'
-# The branch being merged into.
-# This is the release branch that users reference.
-LATEST_RELEASE_BRANCH = 'v1'
-# Name of the remote
-ORIGIN = 'origin'
-
-# Runs git with the given args and returns the stdout.
-# Raises an error if git does not exit successfully.
-def run_git(*args):
-  cmd = ['git', *args]
-  p = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
-  if (p.returncode != 0):
-    raise Exception('Call to ' + ' '.join(cmd) + ' exited with code ' + str(p.returncode) + ' stderr:' + p.stderr.decode('ascii'))
-  return p.stdout.decode('ascii')
-
-# Returns true if the given branch exists on the origin remote
-def branch_exists_on_remote(branch_name):
-  return run_git('ls-remote', '--heads', ORIGIN, branch_name).strip() != ''
-
-# Opens a PR from the given branch to the release branch
-def open_pr(repo, all_commits, short_main_sha, branch_name):
-  # Sort the commits into the pull requests that introduced them,
-  # and any commits that don't have a pull request
-  pull_requests = []
-  commits_without_pull_requests = []
-  for commit in all_commits:
-    pr = get_pr_for_commit(repo, commit)
-    
-    if pr is None:
-      commits_without_pull_requests.append(commit)
-    elif not any(p for p in pull_requests if p.number == pr.number):
-      pull_requests.append(pr)
-
-  print('Found ' + str(len(pull_requests)) + ' pull requests')
-  print('Found ' + str(len(commits_without_pull_requests)) + ' commits not in a pull request')
-
-  # Sort PRs and commits by age
-  pull_requests = sorted(pull_requests, key=lambda pr: pr.number)
-  commits_without_pull_requests = sorted(commits_without_pull_requests, key=lambda c: c.commit.author.date)
-  
-  # Start constructing the body text
-  body = 'Merging ' + short_main_sha + ' into ' + LATEST_RELEASE_BRANCH
-
-  conductor = get_conductor(repo, pull_requests, commits_without_pull_requests)
-  body += '\n\nConductor for this PR is @' + conductor
-
-  # List all PRs merged
-  if len(pull_requests) > 0:
-    body += '\n\nContains the following pull requests:'
-    for pr in pull_requests:
-      merger = get_merger_of_pr(repo, pr)
-      body += '\n- #' + str(pr.number)
-      body += ' - ' + pr.title
-      body += ' (@' + merger + ')'
-  
-  # List all commits not part of a PR
-  if len(commits_without_pull_requests) > 0:
-    body += '\n\nContains the following commits not from a pull request:'
-    for commit in commits_without_pull_requests:
-      body += '\n- ' + commit.sha
-      body += ' - ' + get_truncated_commit_message(commit)
-      body += ' (@' + commit.author.login + ')'
-
-  title = 'Merge ' + MAIN_BRANCH + ' into ' + LATEST_RELEASE_BRANCH
-
-  # Create the pull request
-  pr = repo.create_pull(title=title, body=body, head=branch_name, base=LATEST_RELEASE_BRANCH)
-  print('Created PR #' + str(pr.number))
-
-  # Assign the conductor
-  pr.add_to_assignees(conductor)
-  print('Assigned PR to ' + conductor)
-
-# Gets the person who should be in charge of the mergeback PR
-def get_conductor(repo, pull_requests, other_commits):
-  # If there are any PRs then use whoever merged the last one
-  if len(pull_requests) > 0:
-    return get_merger_of_pr(repo, pull_requests[-1])
-  
-  # Otherwise take the author of the latest commit
-  return other_commits[-1].author.login
-
-# Gets a list of the SHAs of all commits that have happened on main
-# since the release branched off.
-# This will not include any commits that exist on the release branch
-# that aren't on main.
-def get_commit_difference(repo):
-  commits = run_git('log', '--pretty=format:%H', ORIGIN + '/' + LATEST_RELEASE_BRANCH + '...' + MAIN_BRANCH).strip().split('\n')
-
-  # Convert to full-fledged commit objects
-  commits = [repo.get_commit(c) for c in commits]
-
-  # Filter out merge commits for PRs
-  return list(filter(lambda c: not is_pr_merge_commit(c), commits))
-
-# Is the given commit the automatic merge commit from when merging a PR
-def is_pr_merge_commit(commit):
-  return commit.committer.login == 'web-flow' and len(commit.parents) > 1
-
-# Gets a copy of the commit message that should display nicely
-def get_truncated_commit_message(commit):
-  message = commit.commit.message.split('\n')[0]
-  if len(message) > 60:
-    return message[:57] + '...'
-  else:
-    return message
-
-# Converts a commit into the PR that introduced it to the main branch.
-# Returns the PR object, or None if no PR could be found.
-def get_pr_for_commit(repo, commit):
-  prs = commit.get_pulls()
-  
-  if prs.totalCount > 0:
-    # In the case that there are multiple PRs, return the earliest one
-    prs = list(prs)
-    sorted(prs, key=lambda pr: int(pr.number))
-    return prs[0]
-  else:
-    return None
-
-# Get the person who merged the pull request.
-# For most cases this will be the same as the author, but for PRs opened
-# by external contributors getting the merger will get us the GitHub
-# employee who reviewed and merged the PR.
-def get_merger_of_pr(repo, pr):
-  return repo.get_commit(pr.merge_commit_sha).author.login
-
-def main():
-  if len(sys.argv) != 3:
-    raise Exception('Usage: update-release.branch.py <github token> <repository nwo>')
-  github_token = sys.argv[1]
-  repository_nwo = sys.argv[2]
-
-  repo = Github(github_token).get_repo(repository_nwo)
-
-  # Print what we intend to go
-  print('Considering difference between ' + MAIN_BRANCH + ' and ' + LATEST_RELEASE_BRANCH)
-  short_main_sha = run_git('rev-parse', '--short', MAIN_BRANCH).strip()
-  print('Current head of ' + MAIN_BRANCH + ' is ' + short_main_sha)
-
-  # See if there are any commits to merge in
-  commits = get_commit_difference(repo)
-  if len(commits) == 0:
-    print('No commits to merge from ' + MAIN_BRANCH + ' to ' + LATEST_RELEASE_BRANCH)
-    return
-
-  # The branch name is based off of the name of branch being merged into
-  # and the SHA of the branch being merged from. Thus if the branch already
-  # exists we can assume we don't need to recreate it.
-  new_branch_name = 'update-' + LATEST_RELEASE_BRANCH + '-' + short_main_sha
-  print('Branch name is ' + new_branch_name)
-
-  # Check if the branch already exists. If so we can abort as this script
-  # has already run on this combination of branches.
-  if branch_exists_on_remote(new_branch_name):
-    print('Branch ' + new_branch_name + ' already exists. Nothing to do.')
-    return
-  
-  # Create the new branch and push it to the remote
-  print('Creating branch ' + new_branch_name)
-  run_git('checkout', '-b', new_branch_name, MAIN_BRANCH)
-  run_git('push', ORIGIN, new_branch_name)
-
-  # Open a PR to update the branch
-  open_pr(repo, commits, short_main_sha, new_branch_name)
-
-if __name__ == '__main__':
-  main()

.github/workflows/codeql.yml

@@ -1,6 +1,6 @@
 name: "CodeQL action"
 
-on: [push, pull_request]
+on: [push]
 
 jobs:
   build:
@@ -10,17 +10,7 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     steps:
-    - uses: actions/checkout@v2
-      with:
-        # Must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head of the pull request.
-        fetch-depth: 2
-
-    # If this run was triggered by a pull request event then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
-
+    - uses: actions/checkout@v1
     - uses: ./init
       with:
         languages: javascript

.github/workflows/integration-testing.yml

@@ -1,10 +1,14 @@
 name: "Integration Testing"
 
-on: [push, pull_request]
+on: [push]
 
 jobs:
   multi-language-repo_test-autodetect-languages:
-    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ubuntu-latest, windows-latest]
+    runs-on: ${{ matrix.os }}
 
     steps:
     - uses: actions/checkout@v2
@@ -12,8 +16,9 @@ jobs:
       shell: bash
       run: |
         mkdir ../action
-        mv * .github ../action/
-        mv ../action/tests/multi-language-repo/{*,.github} .
+        shopt -s dotglob
+        mv * ../action/
+        mv ../action/tests/multi-language-repo/* .
     - uses: ./../action/init
     - name: Build code
       shell: bash
@@ -21,22 +26,8 @@ jobs:
     - uses: ./../action/analyze
       env:
         TEST_MODE: true
-    - run: |
-        cd "$CODEQL_ACTION_DATABASE_DIR"
-        # List all directories as there will be precisely one directory per database
-        # but there may be other files in this directory such as query suites.
-        if [ "$(ls -d */ | wc -l)" != 6 ] || \
-           [[ ! -d cpp ]] || \
-           [[ ! -d csharp ]] || \
-           [[ ! -d go ]] || \
-           [[ ! -d java ]] || \
-           [[ ! -d javascript ]] || \
-           [[ ! -d python ]]; then
-          echo "Did not find expected number of databases. Database dir contains: $(ls)"
-          exit 1
-        fi
 
-  multi-language-repo_test-custom-queries-and-remote-config:
+  multi-language-repo_test-custom-queries:
     strategy:
       fail-fast: false
       matrix:
@@ -49,12 +40,13 @@ jobs:
       shell: bash
       run: |
         mkdir ../action
-        mv * .github ../action/
-        mv ../action/tests/multi-language-repo/{*,.github} .
+        shopt -s dotglob
+        mv * ../action/
+        mv ../action/tests/multi-language-repo/* .
     - uses: ./../action/init
       with:
         languages: cpp,csharp,java,javascript,python
-        config-file: github/codeql-action/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }}
+        config-file: ./.github/codeql/custom-queries.yml
     - name: Build code
       shell: bash
       run: ./build.sh
@@ -80,8 +72,9 @@ jobs:
       shell: bash
       run: |
         mkdir ../action
-        mv * .github ../action/
-        mv ../action/tests/multi-language-repo/{*,.github} .
+        shopt -s dotglob
+        mv * ../action/
+        mv ../action/tests/multi-language-repo/* .
     - uses: ./../action/init
       with:
         languages: go
@@ -93,6 +86,7 @@ jobs:
       env:
         TEST_MODE: true
 
+
   multi-language-repo_rubocop:
     runs-on: ubuntu-latest
 
@@ -102,14 +96,15 @@ jobs:
       shell: bash
       run: |
         mkdir ../action
-        mv * .github ../action/
-        mv ../action/tests/multi-language-repo/{*,.github} .
+        shopt -s dotglob
+        mv * ../action/
+        mv ../action/tests/multi-language-repo/* .
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
         ruby-version: 2.6
     - name: Install Code Scanning integration
-      run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install
+      run: bundle add code-scanning-rubocop --version 0.2.0 --skip-install
     - name: Install dependencies
       run: bundle install
     - name: Rubocop run
@@ -122,31 +117,4 @@ jobs:
       with:
         sarif_file: rubocop.sarif
       env:
-        TEST_MODE: true
-
-  test-proxy:
-    runs-on: ubuntu-latest
-    container:
-      image: ubuntu:18.04
-      options: --dns 127.0.0.1
-    services:
-      squid-proxy:
-        image: datadog/squid:latest
-        ports:
-          - 3128:3128
-    env:
-      https_proxy: http://squid-proxy:3128
-    steps:
-    - uses: actions/checkout@v2
-    - name: Move codeql-action
-      shell: bash
-      run: |
-        mkdir ../action
-        mv * .github ../action/
-        mv ../action/tests/multi-language-repo/{*,.github} .
-    - uses: ./../action/init
-      with:
-        languages: javascript
-    - uses: ./../action/analyze
-      env:
-        TEST_MODE: true
+        TEST_MODE: true

.github/workflows/update-release-branch.yml

@@ -1,32 +0,0 @@
-name: Update release branch
-on:
-  schedule:
-    - cron: 0 9 * * 1
-  repository_dispatch:
-    # Example of how to trigger this:
-    # curl -H "Authorization: Bearer <token>" -X POST https://api.github.com/repos/github/codeql-action/dispatches -d '{"event_type":"update-release-branch"}'
-    # Replace <token> with a personal access token from this page: https://github.com/settings/tokens
-    types: [update-release-branch]
-  workflow_dispatch:
-
-jobs:
-  update:
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v2
-      with:
-        # Need full history so we calculate diffs
-        fetch-depth: 0
-
-    - name: Set up Python
-      uses: actions/setup-python@v2
-      with:
-        python-version: 3.5
-
-    - name: Install dependencies
-      run: |
-        python -m pip install --upgrade pip
-        pip install PyGithub==1.51 requests
-
-    - name: Update release branch
-      run: python .github/update-release-branch.py ${{ secrets.GITHUB_TOKEN }} ${{ github.repository }}

.vscode/settings.json

@@ -1,10 +0,0 @@
-{
-  "files.exclude": {
-    // include the defaults from VS Code
-    "**/.git": true,
-    "**/.DS_Store": true,
-
-    // transpiled JavaScript
-    "lib": true,
-  }
-}

CONTRIBUTING.md

@@ -10,32 +10,13 @@ Contributions to this project are [released](https://help.github.com/articles/gi
 
 Please note that this project is released with a [Contributor Code of Conduct][code-of-conduct]. By participating in this project you agree to abide by its terms.
 
-## Development and Testing
-
-Before you start, ensure that you have a recent version of node installed. You can see which version of node is used by the action in `init/action.yml`.
-
-### Common tasks
-
-* Transpile the TypeScript to JavaScript: `npm run build`.  Note that the JavaScript files are committed to git.
-* Run tests: `npm run test`.  You’ll need to ensure that the JavaScript files are up-to-date first by running the command above.
-* Run the linter: `npm run lint`.
-
-### Running the action
-
-To see the effect of your changes and to test them, push your changes in a branch and then look at the [Actions output](https://github.com/github/codeql-action/actions) for that branch.  You can also exercise the code locally by running the automated tests.
-
-### Integration tests
-
-As well as the unit tests (see _Common tasks_ above), there are integration tests, defined in `.github/workflows/integration-testing.yml`.  These are run by a CI check.  Depending on the change you’re making, you may want to add a test to this file or extend an existing one.
-
 ## Submitting a pull request
 
 1. [Fork][fork] and clone the repository
 2. Create a new branch: `git checkout -b my-branch-name`
 3. Make your change, add tests, and make sure the tests still pass
 4. Push to your fork and [submit a pull request][pr]
-5. Pat yourself on the back and wait for your pull request to be reviewed and merged.
-If you're a GitHub staff member, you can merge your own PR once it's approved; for external contributors, GitHub staff will merge your PR once it's approved.
+5. Pat your self on the back and wait for your pull request to be reviewed and merged.
 
 Here are a few things you can do that will increase the likelihood of your pull request being accepted:
 

README.md

@@ -1,6 +1,6 @@
 # CodeQL Action
 
-This action runs GitHub's industry-leading static analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed in the repository's security tab. CodeQL runs an extensible set of [queries](https://github.com/github/codeql), which have been developed by the community and the [GitHub Security Lab](https://securitylab.github.com/) to find common vulnerabilities in your code.
+This action runs GitHub's industry-leading static analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed in the repository's security tab. CodeQL runs an extensible set of [queries](https://github.com/semmle/ql), which have been developed by the community and the [GitHub Security Lab](https://securitylab.github.com/) to find common vulnerabilities in your code.
 
 ## License
 
@@ -10,8 +10,6 @@ The underlying CodeQL CLI, used in this action, is licensed under the [GitHub Co
 
 ## Usage
 
-This is a short walkthrough, but for more information read [configuring code scanning](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning).
-
 To get code scanning results from CodeQL analysis on your repo you can use the following workflow as a template:
 
 ```yaml
@@ -20,29 +18,21 @@ name: "Code Scanning - Action"
 
 on:
   push:
-  pull_request:
   schedule:
     - cron: '0 0 * * 0'
 
 jobs:
   CodeQL-Build:
+
+    strategy:
+      fail-fast: false
+
     # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
     runs-on: ubuntu-latest
 
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
-        with:
-          # Must fetch at least the immediate parents so that if this is
-          # a pull request then we can checkout the head of the pull request.
-          # Only include this option if you are running this workflow on pull requests.
-          fetch-depth: 2
-
-      # If this run was triggered by a pull request event then checkout
-      # the head of the pull request instead of the merge commit.
-      # Only include this step if you are running this workflow on pull requests.
-      - run: git checkout HEAD^2
-        if: ${{ github.event_name == 'pull_request' }}
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
@@ -88,9 +78,24 @@ If you prefer to integrate this within an existing CI workflow, it should end up
   uses: github/codeql-action/analyze@v1
 ```
 
-### Configuration file
+### Actions triggers
 
-Use the `config-file` parameter of the `init` action to enable the configuration file. The value of `config-file` is the path to the configuration file you want to use. This example loads the configuration file `./.github/codeql/codeql-config.yml`.
+The CodeQL action should be run on `push` events, and on a `schedule`. `Push` events allow us to do a detailed analysis of the delta in a pull request, while the `schedule` event ensures that GitHub regularly scans the repository for the latest vulnerabilities, even if the repository becomes inactive. This action does not support the `pull_request` event.
+
+### Configuration
+
+You may optionally specify additional queries for CodeQL to execute by using a config file. The queries must belong to a [QL pack](https://help.semmle.com/codeql/codeql-cli/reference/qlpack-overview.html) and can be in your repository or any public repository. You can choose a single .ql file, a folder containing multiple .ql files, a .qls [query suite](https://help.semmle.com/codeql/codeql-cli/procedures/query-suites.html) file, or any combination of the above. To use queries from other repositories use the same syntax as when [using an action](https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsuses).
+
+You can disable the default queries using `disable-default-queries: true`.
+
+You can choose to ignore some files or folders from the analysis, or include additional files/folders for analysis. This *only* works for Javascript and Python analysis.
+Identifying potential files for extraction:
+
+- Scans each folder that's defined as `paths` in turn, traversing subfolders, and looking for relevant files.
+- If it finds a subfolder that's defined as `paths-ignore`, stop traversing.
+- If a file or folder is both in `paths` and `paths-ignore`, the `paths-ignore` is ignored.
+
+Use the `config-file` parameter of the init action to enable the configuration file. For example:
 
 ```yaml
 - uses: github/codeql-action/init@v1
@@ -98,8 +103,72 @@ Use the `config-file` parameter of the `init` action to enable the configuration
     config-file: ./.github/codeql/codeql-config.yml
 ```
 
-The configuration file must be located within the local repository. For information on how to write a configuration file, see "[Using a custom configuration](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#using-a-custom-configuration)."
+A config file looks like this:
+
+```yaml
+name: "My CodeQL config"
+
+disable-default-queries: true
+
+queries:
+  - name: In-repo queries (Runs the queries located in the my-queries folder of the repo)
+    uses: ./my-queries
+  - name: External Javascript QL pack (Runs a QL pack located in an external repo)
+    uses: /Semmle/ql/javascript/ql/src/Electron@master
+  - name: External query (Runs a single query located in an external QL pack)
+    uses: Semmle/ql/javascript/ql/src/AngularJS/DeadAngularJSEventListener.ql@master
+  - name: Select query suite (Runs a query suites)
+    uses: ./codeql-querypacks/complex-python-querypack/rootAndBar.qls
+
+paths:
+  - src/util.ts
+
+paths-ignore:
+  - src
+  - lib
+```
 
 ## Troubleshooting
 
-Read about [troubleshooting code scanning](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning).
+### Trouble with Go dependencies
+
+#### If you use a vendor directory
+
+Try passing
+
+```yaml
+env:
+  GOFLAGS: "-mod=vendor"
+```
+
+to `github/codeql-action/analyze`.
+
+#### If you do not use a vendor directory
+
+Dependencies on public repositories should just work. If you have dependencies on private repositories, one option is to use `git config` and a [personal access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) to authenticate when downloading dependencies. Add a section like
+
+```yaml
+steps:
+  - name: Configure git private repo access
+    env:
+      TOKEN: ${{ secrets.GITHUB_PAT }}
+    run: |
+      git config --global url."https://${TOKEN}@github.com/foo/bar".insteadOf "https://github.com/foo/bar"
+      git config --global url."https://${TOKEN}@github.com/foo/baz".insteadOf "https://github.com/foo/baz"
+```
+
+before any codeql actions. A similar thing can also be done with an SSH key or deploy key.
+
+### C# using dotnet version 2 on linux
+
+This currently requires invoking `dotnet` with the `/p:UseSharedCompilation=false` flag. For example:
+
+```shell
+dotnet build /p:UseSharedCompilation=false
+```
+
+Version 3 does not require the additional flag.
+
+### Analysing Go together with other languages on `macos-latest`
+
+When running on macos it is currently not possible to analyze Go in conjunction with any of Java, C/C++, or C#. Each language can still be analyzed separately.

analyze/action.yml

@@ -4,7 +4,6 @@ author: 'GitHub'
 inputs:
   check_name:
     description: The name of the check run to add text to.
-    required: false
   output:
     description: The path of the directory in which to save the SARIF results
     required: false
@@ -12,14 +11,7 @@ inputs:
   upload:
     description: Upload the SARIF file
     required: false
-    default: "true"
-  ram:
-    description: Override the amount of memory in MB to be used by CodeQL. By default, almost all the memory of the machine is used.
-    required: false
-  threads:
-    description: The number of threads to be used by CodeQL.
-    required: false
-    default: "1"
+    default: true
   token:
     default: ${{ github.token }}
   matrix:

init/action.yml

@@ -5,14 +5,12 @@ inputs:
   tools:
     description: URL of CodeQL tools
     required: false
-    default: https://github.com/github/codeql-action/releases/download/codeql-bundle-20200630/codeql-bundle.tar.gz
+    default: https://github.com/github/codeql-action/releases/download/codeql-bundle-20200427/codeql-bundle.tar.gz
   languages:
     description: The languages to be analysed
     required: false
   token:
     default: ${{ github.token }}
-  matrix:
-    default: ${{ toJson(matrix) }}
   config-file:
     description: Path of the config file to use
     required: false

jest.config.js

@@ -0,0 +1,11 @@
+module.exports = {
+  clearMocks: true,
+  moduleFileExtensions: ['js', 'ts'],
+  testEnvironment: 'node',
+  testMatch: ['**/*.test.ts'],
+  testRunner: 'jest-circus/runner',
+  transform: {
+    '^.+\\.ts$': 'ts-jest'
+  },
+  verbose: true
+}

lib/analysis-paths.js

@@ -8,50 +8,19 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
-function isInterpretedLanguage(language) {
-    return language === 'javascript' || language === 'python';
-}
-// Matches a string containing only characters that are legal to include in paths on windows.
-exports.legalWindowsPathCharactersRegex = /^[^<>:"\|?]*$/;
-// Builds an environment variable suitable for LGTM_INDEX_INCLUDE or LGTM_INDEX_EXCLUDE
-function buildIncludeExcludeEnvVar(paths) {
-    // Ignore anything containing a *
-    paths = paths.filter(p => p.indexOf('*') === -1);
-    // Some characters are illegal in path names in windows
-    if (process.platform === 'win32') {
-        paths = paths.filter(p => p.match(exports.legalWindowsPathCharactersRegex));
-    }
-    return paths.join('\n');
-}
 function includeAndExcludeAnalysisPaths(config, languages) {
-    // The 'LGTM_INDEX_INCLUDE' and 'LGTM_INDEX_EXCLUDE' environment variables
-    // control which files/directories are traversed when scanning.
-    // This allows including files that otherwise would not be scanned, or
-    // excluding and not traversing entire file subtrees.
-    // It does not understand globs or double-globs because that would require it to
-    // traverse the entire file tree to determine which files are matched.
-    // Any paths containing "*" are not included in these.
     if (config.paths.length !== 0) {
-        core.exportVariable('LGTM_INDEX_INCLUDE', buildIncludeExcludeEnvVar(config.paths));
+        core.exportVariable('LGTM_INDEX_INCLUDE', config.paths.join('\n'));
     }
     if (config.pathsIgnore.length !== 0) {
-        core.exportVariable('LGTM_INDEX_EXCLUDE', buildIncludeExcludeEnvVar(config.pathsIgnore));
+        core.exportVariable('LGTM_INDEX_EXCLUDE', config.pathsIgnore.join('\n'));
     }
-    // The 'LGTM_INDEX_FILTERS' environment variable controls which files are
-    // extracted or ignored. It does not control which directories are traversed.
-    // This does understand the glob and double-glob syntax.
-    const filters = [];
-    filters.push(...config.paths.map(p => 'include:' + p));
-    filters.push(...config.pathsIgnore.map(p => 'exclude:' + p));
-    if (filters.length !== 0) {
-        core.exportVariable('LGTM_INDEX_FILTERS', filters.join('\n'));
+    function isInterpretedLanguage(language) {
+        return language === 'javascript' && language === 'python';
     }
-    // Index include/exclude/filters only work in javascript and python.
-    // If any other languages are detected/configured then show a warning.
-    if ((config.paths.length !== 0 ||
-        config.pathsIgnore.length !== 0 ||
-        filters.length !== 0) &&
-        !languages.every(isInterpretedLanguage)) {
+    // Index include/exclude only work in javascript and python
+    // If some other language is detected/configured show a warning
+    if ((config.paths.length !== 0 || config.pathsIgnore.length !== 0) && !languages.every(isInterpretedLanguage)) {
         core.warning('The "paths"/"paths-ignore" fields of the config only have effect for Javascript and Python');
     }
 }

lib/analysis-paths.js.map

@@ -1 +1 @@
-{"version":3,"file":"analysis-paths.js","sourceRoot":"","sources":["../src/analysis-paths.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAItC,SAAS,qBAAqB,CAAC,QAAQ;IACrC,OAAO,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,QAAQ,CAAC;AAC5D,CAAC;AAED,6FAA6F;AAChF,QAAA,+BAA+B,GAAG,eAAe,CAAC;AAE/D,uFAAuF;AACvF,SAAS,yBAAyB,CAAC,KAAe;IAChD,iCAAiC;IACjC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEjD,uDAAuD;IACvD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QAChC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,uCAA+B,CAAC,CAAC,CAAC;KACrE;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,8BAA8B,CAAC,MAA0B,EAAE,SAAmB;IAC5F,0EAA0E;IAC1E,+DAA+D;IAC/D,sEAAsE;IACtE,qDAAqD;IACrD,gFAAgF;IAChF,sEAAsE;IACtE,sDAAsD;IACtD,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAC7B,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,yBAAyB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;KACpF;IACD,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;QACnC,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,yBAAyB,CAAC,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC;KAC1F;IAED,yEAAyE;IACzE,6EAA6E;IAC7E,wDAAwD;IACxD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC;IACvD,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC;IAC7D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;QACxB,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;KAC/D;IAED,oEAAoE;IACpE,sEAAsE;IACtE,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC;QACxB,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC;QAC/B,OAAO,CAAC,MAAM,KAAK,CAAC,CAAC;QACvB,CAAC,SAAS,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE;QAC3C,IAAI,CAAC,OAAO,CAAC,4FAA4F,CAAC,CAAC;KAC5G;AACH,CAAC;AAjCD,wEAiCC"}
+{"version":3,"file":"analysis-paths.js","sourceRoot":"","sources":["../src/analysis-paths.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAItC,SAAgB,8BAA8B,CAAC,MAA0B,EAAE,SAAmB;IAC1F,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAC3B,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;KACtE;IAED,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;QACjC,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;KAC5E;IAED,SAAS,qBAAqB,CAAC,QAAQ;QACnC,OAAO,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,QAAQ,CAAC;IAC9D,CAAC;IAED,2DAA2D;IAC3D,+DAA+D;IAC/D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE;QAC3G,IAAI,CAAC,OAAO,CAAC,4FAA4F,CAAC,CAAC;KAC9G;AACL,CAAC;AAlBD,wEAkBC"}

lib/analysis-paths.test.js

@@ -13,22 +13,18 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const ava_1 = __importDefault(require("ava"));
 const analysisPaths = __importStar(require("./analysis-paths"));
 const configUtils = __importStar(require("./config-utils"));
-const testing_utils_1 = require("./testing-utils");
-testing_utils_1.setupTests(ava_1.default);
 ava_1.default("emptyPaths", async (t) => {
     let config = new configUtils.Config();
     analysisPaths.includeAndExcludeAnalysisPaths(config, []);
     t.is(process.env['LGTM_INDEX_INCLUDE'], undefined);
     t.is(process.env['LGTM_INDEX_EXCLUDE'], undefined);
-    t.is(process.env['LGTM_INDEX_FILTERS'], undefined);
 });
 ava_1.default("nonEmptyPaths", async (t) => {
     let config = new configUtils.Config();
-    config.paths.push('path1', 'path2', '**/path3');
-    config.pathsIgnore.push('path4', 'path5', 'path6/**');
+    config.paths.push('path1', 'path2');
+    config.pathsIgnore.push('path3', 'path4');
     analysisPaths.includeAndExcludeAnalysisPaths(config, []);
     t.is(process.env['LGTM_INDEX_INCLUDE'], 'path1\npath2');
-    t.is(process.env['LGTM_INDEX_EXCLUDE'], 'path4\npath5');
-    t.is(process.env['LGTM_INDEX_FILTERS'], 'include:path1\ninclude:path2\ninclude:**/path3\nexclude:path4\nexclude:path5\nexclude:path6/**');
+    t.is(process.env['LGTM_INDEX_EXCLUDE'], 'path3\npath4');
 });
 //# sourceMappingURL=analysis-paths.test.js.map

lib/analysis-paths.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,gEAAkD;AAClD,4DAA8C;AAC9C,mDAA2C;AAE3C,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,YAAY,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAC3B,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,aAAa,CAAC,8BAA8B,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;AACrD,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,eAAe,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAC9B,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;IAChD,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC,CAAC;IACtD,aAAa,CAAC,8BAA8B,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;IACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;IACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,gGAAgG,CAAC,CAAC;AAC5I,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,gEAAkD;AAClD,4DAA8C;AAE9C,aAAI,CAAC,YAAY,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IACzB,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,aAAa,CAAC,8BAA8B,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,eAAe,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAC5B,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACpC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1C,aAAa,CAAC,8BAA8B,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;IACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;AAC5D,CAAC,CAAC,CAAC"}

lib/api-client.js

@@ -1,22 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
-const github = __importStar(require("@actions/github"));
-const console_log_level_1 = __importDefault(require("console-log-level"));
-exports.getApiClient = function () {
-    return new github.GitHub(core.getInput('token'), {
-        userAgent: "CodeQL Action",
-        log: console_log_level_1.default({ level: "debug" })
-    });
-};
-//# sourceMappingURL=api-client.js.map

lib/api-client.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAAsC;AACtC,wDAA0C;AAC1C,0EAAgD;AAEnC,QAAA,YAAY,GAAG;IAC1B,OAAO,IAAI,MAAM,CAAC,MAAM,CACtB,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,EACtB;QACE,SAAS,EAAE,eAAe;QAC1B,GAAG,EAAE,2BAAe,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CAAC;AACP,CAAC,CAAC"}

lib/autobuild.js

@@ -8,7 +8,8 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
-const codeql_1 = require("./codeql");
+const exec = __importStar(require("@actions/exec"));
+const path = __importStar(require("path"));
 const sharedEnv = __importStar(require("./shared-environment"));
 const util = __importStar(require("./util"));
 async function run() {
@@ -32,8 +33,18 @@ async function run() {
             core.warning(`We will only automatically build ${language} code. If you wish to scan ${autobuildLanguages.slice(1).join(' and ')}, you must replace this block with custom build steps.`);
         }
         core.startGroup(`Attempting to automatically build ${language} code`);
-        const codeQL = codeql_1.getCodeQL();
-        await codeQL.runAutobuild(language);
+        // TODO: share config accross actions better via env variables
+        const codeqlCmd = util.getRequiredEnvParam(sharedEnv.CODEQL_ACTION_CMD);
+        const cmdName = process.platform === 'win32' ? 'autobuild.cmd' : 'autobuild.sh';
+        const autobuildCmd = path.join(path.dirname(codeqlCmd), language, 'tools', cmdName);
+        // Update JAVA_TOOL_OPTIONS to contain '-Dhttp.keepAlive=false'
+        // This is because of an issue with Azure pipelines timing out connections after 4 minutes
+        // and Maven not properly handling closed connections
+        // Otherwise long build processes will timeout when pulling down Java packages
+        // https://developercommunity.visualstudio.com/content/problem/292284/maven-hosted-agent-connection-timeout.html
+        let javaToolOptions = process.env['JAVA_TOOL_OPTIONS'] || "";
+        process.env['JAVA_TOOL_OPTIONS'] = [...javaToolOptions.split(/\s+/), '-Dhttp.keepAlive=false', '-Dmaven.wagon.http.pool=false'].join(' ');
+        await exec.exec(autobuildCmd);
         core.endGroup();
     }
     catch (error) {

lib/autobuild.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAEtC,qCAAqC;AACrC,gEAAkD;AAClD,6CAA+B;AAE/B,KAAK,UAAU,GAAG;;IAChB,IAAI;QACF,IAAI,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,EAAE;YACzF,OAAO;SACR;QAED,0CAA0C;QAC1C,mFAAmF;QACnF,oFAAoF;QACpF,4EAA4E;QAC5E,MAAM,kBAAkB,GAAG,OAAA,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,8BAA8B,CAAC,0CAAE,KAAK,CAAC,GAAG,MAAK,EAAE,CAAC;QACnG,MAAM,QAAQ,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;QAEvC,IAAI,CAAC,QAAQ,EAAE;YACb,IAAI,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;YAC7E,OAAO;SACR;QAED,IAAI,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;QAE7D,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE;YACjC,IAAI,CAAC,OAAO,CAAC,oCAAoC,QAAQ,8BAA8B,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,wDAAwD,CAAC,CAAC;SAC3L;QAED,IAAI,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;QACtE,MAAM,MAAM,GAAG,kBAAS,EAAE,CAAC;QAC3B,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;QAEpC,IAAI,CAAC,QAAQ,EAAE,CAAC;KAEjB;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,kIAAkI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACnK,MAAM,IAAI,CAAC,kBAAkB,CAAC,WAAW,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QACvE,OAAO;KACR;IAED,MAAM,IAAI,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;AAChD,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,GAAG,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,oDAAsC;AACtC,2CAA6B;AAE7B,gEAAkD;AAClD,6CAA+B;AAE/B,KAAK,UAAU,GAAG;;IAChB,IAAI;QACF,IAAI,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,EAAE;YACzF,OAAO;SACR;QAED,0CAA0C;QAC1C,mFAAmF;QACnF,oFAAoF;QACpF,4EAA4E;QAC5E,MAAM,kBAAkB,GAAG,OAAA,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,8BAA8B,CAAC,0CAAE,KAAK,CAAC,GAAG,MAAK,EAAE,CAAC;QACnG,MAAM,QAAQ,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;QAEvC,IAAI,CAAC,QAAQ,EAAE;YACb,IAAI,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;YAC7E,OAAO;SACR;QAED,IAAI,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;QAE7D,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE;YACjC,IAAI,CAAC,OAAO,CAAC,oCAAoC,QAAQ,8BAA8B,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,wDAAwD,CAAC,CAAC;SAC3L;QAED,IAAI,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;QACtE,8DAA8D;QAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAExE,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,cAAc,CAAC;QAChF,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAGpF,+DAA+D;QAC/D,0FAA0F;QAC1F,qDAAqD;QACrD,8EAA8E;QAC9E,gHAAgH;QAChH,IAAI,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,EAAE,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,wBAAwB,EAAE,+BAA+B,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAE1I,MAAM,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9B,IAAI,CAAC,QAAQ,EAAE,CAAC;KAEjB;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,kIAAkI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACnK,MAAM,IAAI,CAAC,kBAAkB,CAAC,WAAW,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QACvE,OAAO;KACR;IAED,MAAM,IAAI,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;AAChD,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,GAAG,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}

lib/codeql.js

@@ -1,184 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
-const exec = __importStar(require("@actions/exec"));
-const toolcache = __importStar(require("@actions/tool-cache"));
-const fs = __importStar(require("fs"));
-const path = __importStar(require("path"));
-const semver = __importStar(require("semver"));
-const util = __importStar(require("./util"));
-/**
- * Environment variable used to store the location of the CodeQL CLI executable.
- * Value is set by setupCodeQL and read by getCodeQL.
- */
-const CODEQL_ACTION_CMD = "CODEQL_ACTION_CMD";
-async function setupCodeQL() {
-    try {
-        const codeqlURL = core.getInput('tools', { required: true });
-        const codeqlURLVersion = getCodeQLURLVersion(codeqlURL);
-        let codeqlFolder = toolcache.find('CodeQL', codeqlURLVersion);
-        if (codeqlFolder) {
-            core.debug(`CodeQL found in cache ${codeqlFolder}`);
-        }
-        else {
-            const codeqlPath = await toolcache.downloadTool(codeqlURL);
-            const codeqlExtracted = await toolcache.extractTar(codeqlPath);
-            codeqlFolder = await toolcache.cacheDir(codeqlExtracted, 'CodeQL', codeqlURLVersion);
-        }
-        let codeqlCmd = path.join(codeqlFolder, 'codeql', 'codeql');
-        if (process.platform === 'win32') {
-            codeqlCmd += ".exe";
-        }
-        else if (process.platform !== 'linux' && process.platform !== 'darwin') {
-            throw new Error("Unsupported plaform: " + process.platform);
-        }
-        core.exportVariable(CODEQL_ACTION_CMD, codeqlCmd);
-        return getCodeQLForCmd(codeqlCmd);
-    }
-    catch (e) {
-        core.error(e);
-        throw new Error("Unable to download and extract CodeQL CLI");
-    }
-}
-exports.setupCodeQL = setupCodeQL;
-function getCodeQLURLVersion(url) {
-    const match = url.match(/\/codeql-bundle-(.*)\//);
-    if (match === null || match.length < 2) {
-        throw new Error(`Malformed tools url: ${url}. Version could not be inferred`);
-    }
-    let version = match[1];
-    if (!semver.valid(version)) {
-        core.debug(`Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`);
-        version = '0.0.0-' + version;
-    }
-    const s = semver.clean(version);
-    if (!s) {
-        throw new Error(`Malformed tools url ${url}. Version should be in SemVer format but have ${version} instead`);
-    }
-    return s;
-}
-exports.getCodeQLURLVersion = getCodeQLURLVersion;
-function getCodeQL() {
-    const codeqlCmd = util.getRequiredEnvParam(CODEQL_ACTION_CMD);
-    return getCodeQLForCmd(codeqlCmd);
-}
-exports.getCodeQL = getCodeQL;
-function getCodeQLForCmd(cmd) {
-    return {
-        getDir: function () {
-            return path.dirname(cmd);
-        },
-        printVersion: async function () {
-            await exec.exec(cmd, [
-                'version',
-                '--format=json'
-            ]);
-        },
-        getTracerEnv: async function (databasePath, compilerSpec) {
-            let envFile = path.resolve(databasePath, 'working', 'env.tmp');
-            const compilerSpecArg = compilerSpec ? ["--compiler-spec=" + compilerSpec] : [];
-            await exec.exec(cmd, [
-                'database',
-                'trace-command',
-                databasePath,
-                ...compilerSpecArg,
-                process.execPath,
-                path.resolve(__dirname, 'tracer-env.js'),
-                envFile
-            ]);
-            return JSON.parse(fs.readFileSync(envFile, 'utf-8'));
-        },
-        databaseInit: async function (databasePath, language, sourceRoot) {
-            await exec.exec(cmd, [
-                'database',
-                'init',
-                databasePath,
-                '--language=' + language,
-                '--source-root=' + sourceRoot,
-            ]);
-        },
-        runAutobuild: async function (language) {
-            const cmdName = process.platform === 'win32' ? 'autobuild.cmd' : 'autobuild.sh';
-            const autobuildCmd = path.join(path.dirname(cmd), language, 'tools', cmdName);
-            // Update JAVA_TOOL_OPTIONS to contain '-Dhttp.keepAlive=false'
-            // This is because of an issue with Azure pipelines timing out connections after 4 minutes
-            // and Maven not properly handling closed connections
-            // Otherwise long build processes will timeout when pulling down Java packages
-            // https://developercommunity.visualstudio.com/content/problem/292284/maven-hosted-agent-connection-timeout.html
-            let javaToolOptions = process.env['JAVA_TOOL_OPTIONS'] || "";
-            process.env['JAVA_TOOL_OPTIONS'] = [...javaToolOptions.split(/\s+/), '-Dhttp.keepAlive=false', '-Dmaven.wagon.http.pool=false'].join(' ');
-            await exec.exec(autobuildCmd);
-        },
-        extractScannedLanguage: async function (databasePath, language) {
-            // Get extractor location
-            let extractorPath = '';
-            await exec.exec(cmd, [
-                'resolve',
-                'extractor',
-                '--format=json',
-                '--language=' + language
-            ], {
-                silent: true,
-                listeners: {
-                    stdout: (data) => { extractorPath += data.toString(); },
-                    stderr: (data) => { process.stderr.write(data); }
-                }
-            });
-            // Set trace command
-            const ext = process.platform === 'win32' ? '.cmd' : '.sh';
-            const traceCommand = path.resolve(JSON.parse(extractorPath), 'tools', 'autobuild' + ext);
-            // Run trace command
-            await exec.exec(cmd, [
-                'database',
-                'trace-command',
-                databasePath,
-                '--',
-                traceCommand
-            ]);
-        },
-        finalizeDatabase: async function (databasePath) {
-            await exec.exec(cmd, [
-                'database',
-                'finalize',
-                databasePath
-            ]);
-        },
-        resolveQueries: async function (queries) {
-            let output = '';
-            await exec.exec(cmd, [
-                'resolve',
-                'queries',
-                ...queries,
-                '--format=bylanguage'
-            ], {
-                listeners: {
-                    stdout: (data) => {
-                        output += data.toString();
-                    }
-                }
-            });
-            return JSON.parse(output);
-        },
-        databaseAnalyze: async function (databasePath, sarifFile, querySuite) {
-            await exec.exec(cmd, [
-                'database',
-                'analyze',
-                util.getMemoryFlag(),
-                util.getThreadsFlag(),
-                databasePath,
-                '--format=sarif-latest',
-                '--output=' + sarifFile,
-                '--no-sarif-add-snippets',
-                querySuite
-            ]);
-        }
-    };
-}
-//# sourceMappingURL=codeql.js.map

lib/codeql.test.js

@@ -1,60 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const toolcache = __importStar(require("@actions/tool-cache"));
-const ava_1 = __importDefault(require("ava"));
-const nock_1 = __importDefault(require("nock"));
-const path = __importStar(require("path"));
-const codeql = __importStar(require("./codeql"));
-const testing_utils_1 = require("./testing-utils");
-const util = __importStar(require("./util"));
-testing_utils_1.setupTests(ava_1.default);
-ava_1.default('download codeql bundle cache', async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        process.env['RUNNER_TEMP'] = path.join(tmpDir, 'temp');
-        process.env['RUNNER_TOOL_CACHE'] = path.join(tmpDir, 'cache');
-        const versions = ['20200601', '20200610'];
-        for (let i = 0; i < versions.length; i++) {
-            const version = versions[i];
-            nock_1.default('https://example.com')
-                .get(`/download/codeql-bundle-${version}/codeql-bundle.tar.gz`)
-                .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle.tar.gz`));
-            process.env['INPUT_TOOLS'] = `https://example.com/download/codeql-bundle-${version}/codeql-bundle.tar.gz`;
-            await codeql.setupCodeQL();
-            t.assert(toolcache.find('CodeQL', `0.0.0-${version}`));
-        }
-        const cachedVersions = toolcache.findAllVersions('CodeQL');
-        t.is(cachedVersions.length, 2);
-    });
-});
-ava_1.default('parse codeql bundle url version', t => {
-    const tests = {
-        '20200601': '0.0.0-20200601',
-        '20200601.0': '0.0.0-20200601.0',
-        '20200601.0.0': '20200601.0.0',
-        '1.2.3': '1.2.3',
-        '1.2.3-alpha': '1.2.3-alpha',
-        '1.2.3-beta.1': '1.2.3-beta.1',
-    };
-    for (const [version, expectedVersion] of Object.entries(tests)) {
-        const url = `https://github.com/.../codeql-bundle-${version}/...`;
-        try {
-            const parsedVersion = codeql.getCodeQLURLVersion(url);
-            t.deepEqual(parsedVersion, expectedVersion);
-        }
-        catch (e) {
-            t.fail(e.message);
-        }
-    }
-});
-//# sourceMappingURL=codeql.test.js.map

lib/codeql.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"codeql.test.js","sourceRoot":"","sources":["../src/codeql.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+DAAiD;AACjD,8CAAuB;AACvB,gDAAwB;AACxB,2CAA6B;AAE7B,iDAAmC;AACnC,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,8BAA8B,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAE7C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QAEnC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,MAAM,CAAC;QAEzC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAE9D,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YACxC,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YAE5B,cAAI,CAAC,qBAAqB,CAAC;iBACxB,GAAG,CAAC,2BAA2B,OAAO,uBAAuB,CAAC;iBAC9D,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,uCAAuC,CAAC,CAAC,CAAC;YAGrF,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,8CAA8C,OAAO,uBAAuB,CAAC;YAE1G,MAAM,MAAM,CAAC,WAAW,EAAE,CAAC;YAE3B,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,OAAO,EAAE,CAAC,CAAC,CAAC;SACxD;QAED,MAAM,cAAc,GAAG,SAAS,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAE3D,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAE1C,MAAM,KAAK,GAAG;QACZ,UAAU,EAAE,gBAAgB;QAC5B,YAAY,EAAE,kBAAkB;QAChC,cAAc,EAAE,cAAc;QAC9B,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,aAAa;QAC5B,cAAc,EAAE,cAAc;KAC/B,CAAC;IAEF,KAAK,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAC9D,MAAM,GAAG,GAAG,wCAAwC,OAAO,MAAM,CAAC;QAElE,IAAI;YACF,MAAM,aAAa,GAAG,MAAM,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YACtD,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SAC7C;QAAC,OAAO,CAAC,EAAE;YACV,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;SACnB;KACF;AACH,CAAC,CAAC,CAAC"}

lib/config-utils.js

@@ -12,14 +12,6 @@ const io = __importStar(require("@actions/io"));
 const fs = __importStar(require("fs"));
 const yaml = __importStar(require("js-yaml"));
 const path = __importStar(require("path"));
-const api = __importStar(require("./api-client"));
-const util = __importStar(require("./util"));
-const NAME_PROPERTY = 'name';
-const DISPLAY_DEFAULT_QUERIES_PROPERTY = 'disable-default-queries';
-const QUERIES_PROPERTY = 'queries';
-const QUERIES_USES_PROPERTY = 'uses';
-const PATHS_IGNORE_PROPERTY = 'paths-ignore';
-const PATHS_PROPERTY = 'paths';
 class ExternalQuery {
     constructor(repository, ref) {
         this.path = '';
@@ -28,74 +20,39 @@ class ExternalQuery {
     }
 }
 exports.ExternalQuery = ExternalQuery;
-// The set of acceptable values for built-in suites from the codeql bundle
-const builtinSuites = ['security-extended', 'security-and-quality'];
 class Config {
     constructor() {
         this.name = "";
         this.disableDefaultQueries = false;
         this.additionalQueries = [];
         this.externalQueries = [];
-        this.additionalSuites = [];
         this.pathsIgnore = [];
         this.paths = [];
     }
-    addQuery(configFile, queryUses) {
+    addQuery(queryUses) {
         // The logic for parsing the string is based on what actions does for
         // parsing the 'uses' actions in the workflow file
-        queryUses = queryUses.trim();
         if (queryUses === "") {
-            throw new Error(getQueryUsesInvalid(configFile));
+            throw '"uses" value for queries cannot be blank';
         }
-        // Check for the local path case before we start trying to parse the repository name
         if (queryUses.startsWith("./")) {
-            const localQueryPath = queryUses.slice(2);
-            // Resolve the local path against the workspace so that when this is
-            // passed to codeql it resolves to exactly the path we expect it to resolve to.
-            const workspacePath = fs.realpathSync(util.getRequiredEnvParam('GITHUB_WORKSPACE'));
-            let absoluteQueryPath = path.join(workspacePath, localQueryPath);
-            // Check the file exists
-            if (!fs.existsSync(absoluteQueryPath)) {
-                throw new Error(getLocalPathDoesNotExist(configFile, localQueryPath));
-            }
-            // Call this after checking file exists, because it'll fail if file doesn't exist
-            absoluteQueryPath = fs.realpathSync(absoluteQueryPath);
-            // Check the local path doesn't jump outside the repo using '..' or symlinks
-            if (!(absoluteQueryPath + path.sep).startsWith(workspacePath + path.sep)) {
-                throw new Error(getLocalPathOutsideOfRepository(configFile, localQueryPath));
-            }
-            this.additionalQueries.push(absoluteQueryPath);
+            this.additionalQueries.push(queryUses.slice(2));
             return;
         }
-        // Check for one of the builtin suites
-        if (queryUses.indexOf('/') === -1 && queryUses.indexOf('@') === -1) {
-            const suite = builtinSuites.find((suite) => suite === queryUses);
-            if (suite) {
-                this.additionalSuites.push(suite);
-                return;
-            }
-            else {
-                throw new Error(getQueryUsesInvalid(configFile, queryUses));
-            }
-        }
         let tok = queryUses.split('@');
         if (tok.length !== 2) {
-            throw new Error(getQueryUsesInvalid(configFile, queryUses));
+            throw '"uses" value for queries must be a path, or owner/repo@ref \n Found: ' + queryUses;
         }
         const ref = tok[1];
         tok = tok[0].split('/');
         // The first token is the owner
         // The second token is the repo
         // The rest is a path, if there is more than one token combine them to form the full path
-        if (tok.length < 2) {
-            throw new Error(getQueryUsesInvalid(configFile, queryUses));
-        }
         if (tok.length > 3) {
             tok = [tok[0], tok[1], tok.slice(2).join('/')];
         }
-        // Check none of the parts of the repository name are empty
-        if (tok[0].trim() === '' || tok[1].trim() === '') {
-            throw new Error(getQueryUsesInvalid(configFile, queryUses));
+        if (tok.length < 2) {
+            throw '"uses" value for queries must be a path, or owner/repo@ref \n Found: ' + queryUses;
         }
         let external = new ExternalQuery(tok[0] + '/' + tok[1], ref);
         if (tok.length === 3) {
@@ -105,239 +62,62 @@ class Config {
     }
 }
 exports.Config = Config;
-// Regex validating stars in paths or paths-ignore entries.
-// The intention is to only allow ** to appear when immediately
-// preceded and followed by a slash.
-const pathStarsRegex = /.*(?:\*\*[^/].*|\*\*$|[^/]\*\*.*)/;
-// Characters that are supported by filters in workflows, but not by us.
-// See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
-const filterPatternCharactersRegex = /.*[\?\+\[\]!].*/;
-// Checks that a paths of paths-ignore entry is valid, possibly modifying it
-// to make it valid, or if not possible then throws an error.
-function validateAndSanitisePath(originalPath, propertyName, configFile) {
-    // Take a copy so we don't modify the original path, so we can still construct error messages
-    let path = originalPath;
-    // All paths are relative to the src root, so strip off leading slashes.
-    while (path.charAt(0) === '/') {
-        path = path.substring(1);
-    }
-    // Trailing ** are redundant, so strip them off
-    if (path.endsWith('/**')) {
-        path = path.substring(0, path.length - 2);
-    }
-    // An empty path is not allowed as it's meaningless
-    if (path === '') {
-        throw new Error(getConfigFilePropertyError(configFile, propertyName, '"' + originalPath + '" is not an invalid path. ' +
-            'It is not necessary to include it, and it is not allowed to exclude it.'));
-    }
-    // Check for illegal uses of **
-    if (path.match(pathStarsRegex)) {
-        throw new Error(getConfigFilePropertyError(configFile, propertyName, '"' + originalPath + '" contains an invalid "**" wildcard. ' +
-            'They must be immediately preceeded and followed by a slash as in "/**/", or come at the start or end.'));
-    }
-    // Check for other regex characters that we don't support.
-    // Output a warning so the user knows, but otherwise continue normally.
-    if (path.match(filterPatternCharactersRegex)) {
-        core.warning(getConfigFilePropertyError(configFile, propertyName, '"' + originalPath + '" contains an unsupported character. ' +
-            'The filter pattern characters ?, +, [, ], ! are not supported and will be matched literally.'));
-    }
-    // Ban any uses of backslash for now.
-    // This may not play nicely with project layouts.
-    // This restriction can be lifted later if we determine they are ok.
-    if (path.indexOf('\\') !== -1) {
-        throw new Error(getConfigFilePropertyError(configFile, propertyName, '"' + originalPath + '" contains an "\\" character. These are not allowed in filters. ' +
-            'If running on windows we recommend using "/" instead for path filters.'));
-    }
-    return path;
-}
-exports.validateAndSanitisePath = validateAndSanitisePath;
-function getNameInvalid(configFile) {
-    return getConfigFilePropertyError(configFile, NAME_PROPERTY, 'must be a non-empty string');
-}
-exports.getNameInvalid = getNameInvalid;
-function getDisableDefaultQueriesInvalid(configFile) {
-    return getConfigFilePropertyError(configFile, DISPLAY_DEFAULT_QUERIES_PROPERTY, 'must be a boolean');
-}
-exports.getDisableDefaultQueriesInvalid = getDisableDefaultQueriesInvalid;
-function getQueriesInvalid(configFile) {
-    return getConfigFilePropertyError(configFile, QUERIES_PROPERTY, 'must be an array');
-}
-exports.getQueriesInvalid = getQueriesInvalid;
-function getQueryUsesInvalid(configFile, queryUses) {
-    return getConfigFilePropertyError(configFile, QUERIES_PROPERTY + '.' + QUERIES_USES_PROPERTY, 'must be a built-in suite (' + builtinSuites.join(' or ') +
-        '), a relative path, or be of the form "owner/repo[/path]@ref"' +
-        (queryUses !== undefined ? '\n Found: ' + queryUses : ''));
-}
-exports.getQueryUsesInvalid = getQueryUsesInvalid;
-function getPathsIgnoreInvalid(configFile) {
-    return getConfigFilePropertyError(configFile, PATHS_IGNORE_PROPERTY, 'must be an array of non-empty strings');
-}
-exports.getPathsIgnoreInvalid = getPathsIgnoreInvalid;
-function getPathsInvalid(configFile) {
-    return getConfigFilePropertyError(configFile, PATHS_PROPERTY, 'must be an array of non-empty strings');
-}
-exports.getPathsInvalid = getPathsInvalid;
-function getLocalPathOutsideOfRepository(configFile, localPath) {
-    return getConfigFilePropertyError(configFile, QUERIES_PROPERTY + '.' + QUERIES_USES_PROPERTY, 'is invalid as the local path "' + localPath + '" is outside of the repository');
-}
-exports.getLocalPathOutsideOfRepository = getLocalPathOutsideOfRepository;
-function getLocalPathDoesNotExist(configFile, localPath) {
-    return getConfigFilePropertyError(configFile, QUERIES_PROPERTY + '.' + QUERIES_USES_PROPERTY, 'is invalid as the local path "' + localPath + '" does not exist in the repository');
-}
-exports.getLocalPathDoesNotExist = getLocalPathDoesNotExist;
-function getConfigFileOutsideWorkspaceErrorMessage(configFile) {
-    return 'The configuration file "' + configFile + '" is outside of the workspace';
-}
-exports.getConfigFileOutsideWorkspaceErrorMessage = getConfigFileOutsideWorkspaceErrorMessage;
-function getConfigFileDoesNotExistErrorMessage(configFile) {
-    return 'The configuration file "' + configFile + '" does not exist';
-}
-exports.getConfigFileDoesNotExistErrorMessage = getConfigFileDoesNotExistErrorMessage;
-function getConfigFileRepoFormatInvalidMessage(configFile) {
-    let error = 'The configuration file "' + configFile + '" is not a supported remote file reference.';
-    error += ' Expected format <owner>/<repository>/<file-path>@<ref>';
-    return error;
-}
-exports.getConfigFileRepoFormatInvalidMessage = getConfigFileRepoFormatInvalidMessage;
-function getConfigFileFormatInvalidMessage(configFile) {
-    return 'The configuration file "' + configFile + '" could not be read';
-}
-exports.getConfigFileFormatInvalidMessage = getConfigFileFormatInvalidMessage;
-function getConfigFileDirectoryGivenMessage(configFile) {
-    return 'The configuration file "' + configFile + '" looks like a directory, not a file';
-}
-exports.getConfigFileDirectoryGivenMessage = getConfigFileDirectoryGivenMessage;
-function getConfigFilePropertyError(configFile, property, error) {
-    return 'The configuration file "' + configFile + '" is invalid: property "' + property + '" ' + error;
-}
-async function initConfig() {
-    let configFile = core.getInput('config-file');
+const configFolder = process.env['RUNNER_WORKSPACE'] || '/tmp/codeql-action';
+function initConfig() {
+    const configFile = core.getInput('config-file');
     const config = new Config();
     // If no config file was provided create an empty one
     if (configFile === '') {
         core.debug('No configuration file was provided');
         return config;
     }
-    let parsedYAML;
-    if (isLocal(configFile)) {
-        // Treat the config file as relative to the workspace
-        const workspacePath = util.getRequiredEnvParam('GITHUB_WORKSPACE');
-        configFile = path.resolve(workspacePath, configFile);
-        parsedYAML = getLocalConfig(configFile, workspacePath);
-    }
-    else {
-        parsedYAML = await getRemoteConfig(configFile);
-    }
-    if (NAME_PROPERTY in parsedYAML) {
-        if (typeof parsedYAML[NAME_PROPERTY] !== "string") {
-            throw new Error(getNameInvalid(configFile));
+    try {
+        const parsedYAML = yaml.safeLoad(fs.readFileSync(configFile, 'utf8'));
+        if (parsedYAML.name && typeof parsedYAML.name === "string") {
+            config.name = parsedYAML.name;
         }
-        if (parsedYAML[NAME_PROPERTY].length === 0) {
-            throw new Error(getNameInvalid(configFile));
+        if (parsedYAML['disable-default-queries'] && typeof parsedYAML['disable-default-queries'] === "boolean") {
+            config.disableDefaultQueries = parsedYAML['disable-default-queries'];
+        }
+        const queries = parsedYAML.queries;
+        if (queries && queries instanceof Array) {
+            queries.forEach(query => {
+                if (query.uses && typeof query.uses === "string") {
+                    config.addQuery(query.uses);
+                }
+            });
+        }
+        const pathsIgnore = parsedYAML['paths-ignore'];
+        if (pathsIgnore && pathsIgnore instanceof Array) {
+            pathsIgnore.forEach(path => {
+                if (typeof path === "string") {
+                    config.pathsIgnore.push(path);
+                }
+            });
+        }
+        const paths = parsedYAML.paths;
+        if (paths && paths instanceof Array) {
+            paths.forEach(path => {
+                if (typeof path === "string") {
+                    config.paths.push(path);
+                }
+            });
         }
-        config.name = parsedYAML[NAME_PROPERTY];
     }
-    if (DISPLAY_DEFAULT_QUERIES_PROPERTY in parsedYAML) {
-        if (typeof parsedYAML[DISPLAY_DEFAULT_QUERIES_PROPERTY] !== "boolean") {
-            throw new Error(getDisableDefaultQueriesInvalid(configFile));
-        }
-        config.disableDefaultQueries = parsedYAML[DISPLAY_DEFAULT_QUERIES_PROPERTY];
-    }
-    if (QUERIES_PROPERTY in parsedYAML) {
-        if (!(parsedYAML[QUERIES_PROPERTY] instanceof Array)) {
-            throw new Error(getQueriesInvalid(configFile));
-        }
-        parsedYAML[QUERIES_PROPERTY].forEach(query => {
-            if (!(QUERIES_USES_PROPERTY in query) || typeof query[QUERIES_USES_PROPERTY] !== "string") {
-                throw new Error(getQueryUsesInvalid(configFile));
-            }
-            config.addQuery(configFile, query[QUERIES_USES_PROPERTY]);
-        });
-    }
-    if (PATHS_IGNORE_PROPERTY in parsedYAML) {
-        if (!(parsedYAML[PATHS_IGNORE_PROPERTY] instanceof Array)) {
-            throw new Error(getPathsIgnoreInvalid(configFile));
-        }
-        parsedYAML[PATHS_IGNORE_PROPERTY].forEach(path => {
-            if (typeof path !== "string" || path === '') {
-                throw new Error(getPathsIgnoreInvalid(configFile));
-            }
-            config.pathsIgnore.push(validateAndSanitisePath(path, PATHS_IGNORE_PROPERTY, configFile));
-        });
-    }
-    if (PATHS_PROPERTY in parsedYAML) {
-        if (!(parsedYAML[PATHS_PROPERTY] instanceof Array)) {
-            throw new Error(getPathsInvalid(configFile));
-        }
-        parsedYAML[PATHS_PROPERTY].forEach(path => {
-            if (typeof path !== "string" || path === '') {
-                throw new Error(getPathsInvalid(configFile));
-            }
-            config.paths.push(validateAndSanitisePath(path, PATHS_PROPERTY, configFile));
-        });
+    catch (err) {
+        core.setFailed(err);
     }
     return config;
 }
-function isLocal(configPath) {
-    // If the path starts with ./, look locally
-    if (configPath.indexOf("./") === 0) {
-        return true;
-    }
-    return (configPath.indexOf("@") === -1);
-}
-function getLocalConfig(configFile, workspacePath) {
-    // Error if the config file is now outside of the workspace
-    if (!(configFile + path.sep).startsWith(workspacePath + path.sep)) {
-        throw new Error(getConfigFileOutsideWorkspaceErrorMessage(configFile));
-    }
-    // Error if the file does not exist
-    if (!fs.existsSync(configFile)) {
-        throw new Error(getConfigFileDoesNotExistErrorMessage(configFile));
-    }
-    return yaml.safeLoad(fs.readFileSync(configFile, 'utf8'));
-}
-async function getRemoteConfig(configFile) {
-    // retrieve the various parts of the config location, and ensure they're present
-    const format = new RegExp('(?<owner>[^/]+)/(?<repo>[^/]+)/(?<path>[^@]+)@(?<ref>.*)');
-    const pieces = format.exec(configFile);
-    // 5 = 4 groups + the whole expression
-    if (pieces === null || pieces.groups === undefined || pieces.length < 5) {
-        throw new Error(getConfigFileRepoFormatInvalidMessage(configFile));
-    }
-    const response = await api.getApiClient().repos.getContents({
-        owner: pieces.groups.owner,
-        repo: pieces.groups.repo,
-        path: pieces.groups.path,
-        ref: pieces.groups.ref,
-    });
-    let fileContents;
-    if ("content" in response.data && response.data.content !== undefined) {
-        fileContents = response.data.content;
-    }
-    else if (Array.isArray(response.data)) {
-        throw new Error(getConfigFileDirectoryGivenMessage(configFile));
-    }
-    else {
-        throw new Error(getConfigFileFormatInvalidMessage(configFile));
-    }
-    return yaml.safeLoad(Buffer.from(fileContents, 'base64').toString('binary'));
-}
-function getConfigFolder() {
-    return util.getRequiredEnvParam('RUNNER_TEMP');
-}
-function getConfigFile() {
-    return path.join(getConfigFolder(), 'config');
-}
-exports.getConfigFile = getConfigFile;
 async function saveConfig(config) {
     const configString = JSON.stringify(config);
-    await io.mkdirP(getConfigFolder());
-    fs.writeFileSync(getConfigFile(), configString, 'utf8');
+    await io.mkdirP(configFolder);
+    fs.writeFileSync(path.join(configFolder, 'config'), configString, 'utf8');
     core.debug('Saved config:');
     core.debug(configString);
 }
 async function loadConfig() {
-    const configFile = getConfigFile();
+    const configFile = path.join(configFolder, 'config');
     if (fs.existsSync(configFile)) {
         const configString = fs.readFileSync(configFile, 'utf8');
         core.debug('Loaded config:');
@@ -345,7 +125,7 @@ async function loadConfig() {
         return JSON.parse(configString);
     }
     else {
-        const config = await initConfig();
+        const config = initConfig();
         core.debug('Initialized config:');
         core.debug(JSON.stringify(config));
         await saveConfig(config);

lib/config-utils.test.js

@@ -1,288 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const github = __importStar(require("@actions/github"));
-const ava_1 = __importDefault(require("ava"));
-const fs = __importStar(require("fs"));
-const path = __importStar(require("path"));
-const sinon_1 = __importDefault(require("sinon"));
-const api = __importStar(require("./api-client"));
-const configUtils = __importStar(require("./config-utils"));
-const testing_utils_1 = require("./testing-utils");
-const util = __importStar(require("./util"));
-testing_utils_1.setupTests(ava_1.default);
-function setInput(name, value) {
-    // Transformation copied from
-    // https://github.com/actions/toolkit/blob/05e39f551d33e1688f61b209ab5cdd335198f1b8/packages/core/src/core.ts#L69
-    const envVar = `INPUT_${name.replace(/ /g, '_').toUpperCase()}`;
-    if (value !== undefined) {
-        process.env[envVar] = value;
-    }
-    else {
-        delete process.env[envVar];
-    }
-}
-function mockGetContents(content) {
-    // Passing an auth token is required, so we just use a dummy value
-    let client = new github.GitHub('123');
-    const response = {
-        data: content
-    };
-    const spyGetContents = sinon_1.default.stub(client.repos, "getContents").resolves(response);
-    sinon_1.default.stub(api, "getApiClient").value(() => client);
-    return spyGetContents;
-}
-ava_1.default("load empty config", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        setInput('config-file', undefined);
-        const config = await configUtils.loadConfig();
-        t.deepEqual(config, new configUtils.Config());
-    });
-});
-ava_1.default("loading config saves config", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        const configFile = configUtils.getConfigFile();
-        // Sanity check the saved config file does not already exist
-        t.false(fs.existsSync(configFile));
-        const config = await configUtils.loadConfig();
-        // The saved config file should now exist
-        t.true(fs.existsSync(configFile));
-        // And the contents should parse correctly to the config that was returned
-        t.deepEqual(fs.readFileSync(configFile, 'utf8'), JSON.stringify(config));
-    });
-});
-ava_1.default("load input outside of workspace", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        setInput('config-file', '../input');
-        try {
-            await configUtils.loadConfig();
-            throw new Error('loadConfig did not throw error');
-        }
-        catch (err) {
-            t.deepEqual(err, new Error(configUtils.getConfigFileOutsideWorkspaceErrorMessage(path.join(tmpDir, '../input'))));
-        }
-    });
-});
-ava_1.default("load non-local input with invalid repo syntax", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        // no filename given, just a repo
-        setInput('config-file', 'octo-org/codeql-config@main');
-        try {
-            await configUtils.loadConfig();
-            throw new Error('loadConfig did not throw error');
-        }
-        catch (err) {
-            t.deepEqual(err, new Error(configUtils.getConfigFileRepoFormatInvalidMessage('octo-org/codeql-config@main')));
-        }
-    });
-});
-ava_1.default("load non-existent input", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        t.false(fs.existsSync(path.join(tmpDir, 'input')));
-        setInput('config-file', 'input');
-        try {
-            await configUtils.loadConfig();
-            throw new Error('loadConfig did not throw error');
-        }
-        catch (err) {
-            t.deepEqual(err, new Error(configUtils.getConfigFileDoesNotExistErrorMessage(path.join(tmpDir, 'input'))));
-        }
-    });
-});
-ava_1.default("load non-empty input", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        // Just create a generic config object with non-default values for all fields
-        const inputFileContents = `
-      name: my config
-      disable-default-queries: true
-      queries:
-        - uses: ./
-        - uses: ./foo
-        - uses: foo/bar@dev
-      paths-ignore:
-        - a
-        - b
-      paths:
-        - c/d`;
-        fs.mkdirSync(path.join(tmpDir, 'foo'));
-        // And the config we expect it to parse to
-        const expectedConfig = new configUtils.Config();
-        expectedConfig.name = 'my config';
-        expectedConfig.disableDefaultQueries = true;
-        expectedConfig.additionalQueries.push(fs.realpathSync(tmpDir));
-        expectedConfig.additionalQueries.push(fs.realpathSync(path.join(tmpDir, 'foo')));
-        expectedConfig.externalQueries = [new configUtils.ExternalQuery('foo/bar', 'dev')];
-        expectedConfig.pathsIgnore = ['a', 'b'];
-        expectedConfig.paths = ['c/d'];
-        fs.writeFileSync(path.join(tmpDir, 'input'), inputFileContents, 'utf8');
-        setInput('config-file', 'input');
-        const actualConfig = await configUtils.loadConfig();
-        // Should exactly equal the object we constructed earlier
-        t.deepEqual(actualConfig, expectedConfig);
-    });
-});
-ava_1.default("API client used when reading remote config", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        const inputFileContents = `
-      name: my config
-      disable-default-queries: true
-      queries:
-        - uses: ./
-      paths-ignore:
-        - a
-        - b
-      paths:
-        - c/d`;
-        const dummyResponse = {
-            content: Buffer.from(inputFileContents).toString("base64"),
-        };
-        const spyGetContents = mockGetContents(dummyResponse);
-        setInput('config-file', 'octo-org/codeql-config/config.yaml@main');
-        await configUtils.loadConfig();
-        t.assert(spyGetContents.called);
-    });
-});
-ava_1.default("Remote config handles the case where a directory is provided", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        const dummyResponse = []; // directories are returned as arrays
-        mockGetContents(dummyResponse);
-        const repoReference = 'octo-org/codeql-config/config.yaml@main';
-        setInput('config-file', repoReference);
-        try {
-            await configUtils.loadConfig();
-            throw new Error('loadConfig did not throw error');
-        }
-        catch (err) {
-            t.deepEqual(err, new Error(configUtils.getConfigFileDirectoryGivenMessage(repoReference)));
-        }
-    });
-});
-ava_1.default("Invalid format of remote config handled correctly", async (t) => {
-    return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        const dummyResponse = {
-        // note no "content" property here
-        };
-        mockGetContents(dummyResponse);
-        const repoReference = 'octo-org/codeql-config/config.yaml@main';
-        setInput('config-file', repoReference);
-        try {
-            await configUtils.loadConfig();
-            throw new Error('loadConfig did not throw error');
-        }
-        catch (err) {
-            t.deepEqual(err, new Error(configUtils.getConfigFileFormatInvalidMessage(repoReference)));
-        }
-    });
-});
-function doInvalidInputTest(testName, inputFileContents, expectedErrorMessageGenerator) {
-    ava_1.default("load invalid input - " + testName, async (t) => {
-        return await util.withTmpDir(async (tmpDir) => {
-            process.env['RUNNER_TEMP'] = tmpDir;
-            process.env['GITHUB_WORKSPACE'] = tmpDir;
-            const inputFile = path.join(tmpDir, 'input');
-            fs.writeFileSync(inputFile, inputFileContents, 'utf8');
-            setInput('config-file', 'input');
-            try {
-                await configUtils.loadConfig();
-                throw new Error('loadConfig did not throw error');
-            }
-            catch (err) {
-                t.deepEqual(err, new Error(expectedErrorMessageGenerator(inputFile)));
-            }
-        });
-    });
-}
-doInvalidInputTest('name invalid type', `
-  name:
-    - foo: bar`, configUtils.getNameInvalid);
-doInvalidInputTest('disable-default-queries invalid type', `disable-default-queries: 42`, configUtils.getDisableDefaultQueriesInvalid);
-doInvalidInputTest('queries invalid type', `queries: foo`, configUtils.getQueriesInvalid);
-doInvalidInputTest('paths-ignore invalid type', `paths-ignore: bar`, configUtils.getPathsIgnoreInvalid);
-doInvalidInputTest('paths invalid type', `paths: 17`, configUtils.getPathsInvalid);
-doInvalidInputTest('queries uses invalid type', `
-  queries:
-  - uses:
-      - hello: world`, configUtils.getQueryUsesInvalid);
-function doInvalidQueryUsesTest(input, expectedErrorMessageGenerator) {
-    // Invalid contents of a "queries.uses" field.
-    // Should fail with the expected error message
-    const inputFileContents = `
-    name: my config
-    queries:
-      - name: foo
-        uses: ` + input;
-    doInvalidInputTest("queries uses \"" + input + "\"", inputFileContents, expectedErrorMessageGenerator);
-}
-// Various "uses" fields, and the errors they should produce
-doInvalidQueryUsesTest("''", c => configUtils.getQueryUsesInvalid(c, undefined));
-doInvalidQueryUsesTest("foo/bar", c => configUtils.getQueryUsesInvalid(c, "foo/bar"));
-doInvalidQueryUsesTest("foo/bar@v1@v2", c => configUtils.getQueryUsesInvalid(c, "foo/bar@v1@v2"));
-doInvalidQueryUsesTest("foo@master", c => configUtils.getQueryUsesInvalid(c, "foo@master"));
-doInvalidQueryUsesTest("https://github.com/foo/bar@master", c => configUtils.getQueryUsesInvalid(c, "https://github.com/foo/bar@master"));
-doInvalidQueryUsesTest("./foo", c => configUtils.getLocalPathDoesNotExist(c, "foo"));
-doInvalidQueryUsesTest("./..", c => configUtils.getLocalPathOutsideOfRepository(c, ".."));
-const validPaths = [
-    'foo',
-    'foo/',
-    'foo/**',
-    'foo/**/',
-    'foo/**/**',
-    'foo/**/bar/**/baz',
-    '**/',
-    '**/foo',
-    '/foo',
-];
-const invalidPaths = [
-    'a/***/b',
-    'a/**b',
-    'a/b**',
-    '**',
-];
-ava_1.default('path validations', t => {
-    // Dummy values to pass to validateAndSanitisePath
-    const propertyName = 'paths';
-    const configFile = './.github/codeql/config.yml';
-    for (const path of validPaths) {
-        t.truthy(configUtils.validateAndSanitisePath(path, propertyName, configFile));
-    }
-    for (const path of invalidPaths) {
-        t.throws(() => configUtils.validateAndSanitisePath(path, propertyName, configFile));
-    }
-});
-ava_1.default('path sanitisation', t => {
-    // Dummy values to pass to validateAndSanitisePath
-    const propertyName = 'paths';
-    const configFile = './.github/codeql/config.yml';
-    // Valid paths are not modified
-    t.deepEqual(configUtils.validateAndSanitisePath('foo/bar', propertyName, configFile), 'foo/bar');
-    // Trailing stars are stripped
-    t.deepEqual(configUtils.validateAndSanitisePath('foo/**', propertyName, configFile), 'foo/');
-});
-//# sourceMappingURL=config-utils.test.js.map

lib/external-queries.js

@@ -13,7 +13,7 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const util = __importStar(require("./util"));
 async function checkoutExternalQueries(config) {
-    const folder = util.getRequiredEnvParam('RUNNER_TEMP');
+    const folder = util.getRequiredEnvParam('RUNNER_WORKSPACE');
     for (const externalQuery of config.externalQueries) {
         core.info('Checking out ' + externalQuery.repository);
         const checkoutLocation = path.join(folder, externalQuery.repository);

lib/external-queries.js.map

@@ -1 +1 @@
-{"version":3,"file":"external-queries.js","sourceRoot":"","sources":["../src/external-queries.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,oDAAsC;AACtC,uCAAyB;AACzB,2CAA6B;AAG7B,6CAA+B;AAExB,KAAK,UAAU,uBAAuB,CAAC,MAA0B;IACtE,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC;IAEvD,KAAK,MAAM,aAAa,IAAI,MAAM,CAAC,eAAe,EAAE;QAClD,IAAI,CAAC,IAAI,CAAC,eAAe,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;QAEtD,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC;QACrE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE;YACpC,MAAM,OAAO,GAAG,qBAAqB,GAAG,aAAa,CAAC,UAAU,GAAG,MAAM,CAAC;YAC1E,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC;YAC7D,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE;gBACrB,cAAc,GAAG,gBAAgB;gBACjC,YAAY,GAAG,gBAAgB,GAAG,OAAO;gBACzC,UAAU,EAAE,aAAa,CAAC,GAAG;aAC9B,CAAC,CAAC;SACJ;QAED,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;KAChF;AACH,CAAC;AAnBD,0DAmBC"}
+{"version":3,"file":"external-queries.js","sourceRoot":"","sources":["../src/external-queries.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,oDAAsC;AACtC,uCAAyB;AACzB,2CAA6B;AAG7B,6CAA+B;AAExB,KAAK,UAAU,uBAAuB,CAAC,MAA0B;IACtE,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,kBAAkB,CAAC,CAAC;IAE5D,KAAK,MAAM,aAAa,IAAI,MAAM,CAAC,eAAe,EAAE;QAClD,IAAI,CAAC,IAAI,CAAC,eAAe,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;QAEtD,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC;QACrE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE;YACpC,MAAM,OAAO,GAAG,qBAAqB,GAAG,aAAa,CAAC,UAAU,GAAG,MAAM,CAAC;YAC1E,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC;YAC7D,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE;gBACrB,cAAc,GAAG,gBAAgB;gBACjC,YAAY,GAAG,gBAAgB,GAAG,OAAO;gBACzC,UAAU,EAAE,aAAa,CAAC,GAAG;aAC9B,CAAC,CAAC;SACJ;QAED,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;KAChF;AACH,CAAC;AAnBD,0DAmBC"}

lib/external-queries.test.js

@@ -15,16 +15,14 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const configUtils = __importStar(require("./config-utils"));
 const externalQueries = __importStar(require("./external-queries"));
-const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
-testing_utils_1.setupTests(ava_1.default);
 ava_1.default("checkoutExternalQueries", async (t) => {
     let config = new configUtils.Config();
     config.externalQueries = [
         new configUtils.ExternalQuery("github/codeql-go", "df4c6869212341b601005567381944ed90906b6b"),
     ];
     await util.withTmpDir(async (tmpDir) => {
-        process.env["RUNNER_TEMP"] = tmpDir;
+        process.env["RUNNER_WORKSPACE"] = tmpDir;
         await externalQueries.checkoutExternalQueries(config);
         // COPYRIGHT file existed in df4c6869212341b601005567381944ed90906b6b but not in master
         t.true(fs.existsSync(path.join(tmpDir, "github", "codeql-go", "COPYRIGHT")));

lib/external-queries.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oEAAsD;AACtD,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IACxC,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,MAAM,CAAC,eAAe,GAAG;QACvB,IAAI,WAAW,CAAC,aAAa,CAAC,kBAAkB,EAAE,0CAA0C,CAAC;KAC9F,CAAC;IAEF,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QACnC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QACpC,MAAM,eAAe,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtD,uFAAuF;QACvF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IAC/E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
+{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oEAAsD;AACtD,6CAA+B;AAE/B,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IACtC,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,MAAM,CAAC,eAAe,GAAG;QACrB,IAAI,WAAW,CAAC,aAAa,CAAC,kBAAkB,EAAE,0CAA0C,CAAC;KAChG,CAAC;IAEF,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QACjC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,MAAM,CAAC;QACzC,MAAM,eAAe,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtD,uFAAuF;QACvF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IACjF,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

lib/finalize-db.js

@@ -8,83 +8,67 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
+const exec = __importStar(require("@actions/exec"));
 const io = __importStar(require("@actions/io"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
 const externalQueries = __importStar(require("./external-queries"));
 const sharedEnv = __importStar(require("./shared-environment"));
 const upload_lib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
-/**
- * A list of queries from https://github.com/github/codeql that
- * we don't want to run. Disabling them here is a quicker alternative to
- * disabling them in the code scanning query suites. Queries should also
- * be disabled in the suites, and removed from this list here once the
- * bundle is updated to make those suite changes live.
- *
- * Format is a map from language to an array of path suffixes of .ql files.
- */
-const DISABLED_BUILTIN_QUERIES = {
-    'csharp': [
-        'ql/src/Security Features/CWE-937/VulnerablePackage.ql',
-        'ql/src/Security Features/CWE-451/MissingXFrameOptions.ql',
-    ]
-};
-function queryIsDisabled(language, query) {
-    return (DISABLED_BUILTIN_QUERIES[language] || [])
-        .some(disabledQuery => query.endsWith(disabledQuery));
-}
-async function createdDBForScannedLanguages(databaseFolder) {
+async function createdDBForScannedLanguages(codeqlCmd, databaseFolder) {
     const scannedLanguages = process.env[sharedEnv.CODEQL_ACTION_SCANNED_LANGUAGES];
     if (scannedLanguages) {
-        const codeql = codeql_1.getCodeQL();
         for (const language of scannedLanguages.split(',')) {
             core.startGroup('Extracting ' + language);
-            await codeql.extractScannedLanguage(path.join(databaseFolder, language), language);
+            // Get extractor location
+            let extractorPath = '';
+            await exec.exec(codeqlCmd, ['resolve', 'extractor', '--format=json', '--language=' + language], {
+                silent: true,
+                listeners: {
+                    stdout: (data) => { extractorPath += data.toString(); },
+                    stderr: (data) => { process.stderr.write(data); }
+                }
+            });
+            // Set trace command
+            const ext = process.platform === 'win32' ? '.cmd' : '.sh';
+            const traceCommand = path.resolve(JSON.parse(extractorPath), 'tools', 'autobuild' + ext);
+            // Run trace command
+            await exec.exec(codeqlCmd, ['database', 'trace-command', path.join(databaseFolder, language), '--', traceCommand]);
             core.endGroup();
         }
     }
 }
-async function finalizeDatabaseCreation(databaseFolder) {
-    await createdDBForScannedLanguages(databaseFolder);
+async function finalizeDatabaseCreation(codeqlCmd, databaseFolder) {
+    await createdDBForScannedLanguages(codeqlCmd, databaseFolder);
     const languages = process.env[sharedEnv.CODEQL_ACTION_LANGUAGES] || '';
-    const codeql = codeql_1.getCodeQL();
     for (const language of languages.split(',')) {
         core.startGroup('Finalizing ' + language);
-        await codeql.finalizeDatabase(path.join(databaseFolder, language));
+        await exec.exec(codeqlCmd, ['database', 'finalize', path.join(databaseFolder, language)]);
         core.endGroup();
     }
 }
-async function resolveQueryLanguages(config) {
+async function resolveQueryLanguages(codeqlCmd, config) {
     let res = new Map();
-    const codeql = codeql_1.getCodeQL();
-    if (!config.disableDefaultQueries || config.additionalSuites.length !== 0) {
-        const suites = [];
-        for (const language of await util.getLanguages()) {
-            if (!config.disableDefaultQueries) {
-                suites.push(language + '-code-scanning.qls');
-            }
-            for (const additionalSuite of config.additionalSuites) {
-                suites.push(language + '-' + additionalSuite + '.qls');
-            }
-        }
-        const resolveQueriesOutputObject = await codeql.resolveQueries(suites);
-        for (const [language, queries] of Object.entries(resolveQueriesOutputObject.byLanguage)) {
-            if (res[language] === undefined) {
-                res[language] = [];
-            }
-            res[language].push(...Object.keys(queries).filter(q => !queryIsDisabled(language, q)));
-        }
-    }
     if (config.additionalQueries.length !== 0) {
-        const resolveQueriesOutputObject = await codeql.resolveQueries(config.additionalQueries);
-        for (const [language, queries] of Object.entries(resolveQueriesOutputObject.byLanguage)) {
-            if (res[language] === undefined) {
-                res[language] = [];
+        let resolveQueriesOutput = '';
+        const options = {
+            listeners: {
+                stdout: (data) => {
+                    resolveQueriesOutput += data.toString();
+                }
             }
-            res[language].push(...Object.keys(queries));
+        };
+        await exec.exec(codeqlCmd, [
+            'resolve',
+            'queries',
+            ...config.additionalQueries,
+            '--format=bylanguage'
+        ], options);
+        const resolveQueriesOutputObject = JSON.parse(resolveQueriesOutput);
+        for (const [language, queries] of Object.entries(resolveQueriesOutputObject.byLanguage)) {
+            res[language] = Object.keys(queries);
         }
         const noDeclaredLanguage = resolveQueriesOutputObject.noDeclaredLanguage;
         const noDeclaredLanguageQueries = Object.keys(noDeclaredLanguage);
@@ -100,23 +84,25 @@ async function resolveQueryLanguages(config) {
     return res;
 }
 // Runs queries and creates sarif files in the given folder
-async function runQueries(databaseFolder, sarifFolder, config) {
-    const queriesPerLanguage = await resolveQueryLanguages(config);
-    const codeql = codeql_1.getCodeQL();
+async function runQueries(codeqlCmd, databaseFolder, sarifFolder, config) {
+    const queriesPerLanguage = await resolveQueryLanguages(codeqlCmd, config);
     for (let database of fs.readdirSync(databaseFolder)) {
         core.startGroup('Analyzing ' + database);
-        const queries = queriesPerLanguage[database] || [];
-        if (queries.length === 0) {
-            throw new Error('Unable to analyse ' + database + ' as no queries were selected for this language');
+        const queries = [];
+        if (!config.disableDefaultQueries) {
+            queries.push(database + '-code-scanning.qls');
         }
-        // Pass the queries to codeql using a file instead of using the command
-        // line to avoid command line length restrictions, particularly on windows.
-        const querySuite = path.join(databaseFolder, database + '-queries.qls');
-        const querySuiteContents = queries.map(q => '- query: ' + q).join('\n');
-        fs.writeFileSync(querySuite, querySuiteContents);
-        core.debug('Query suite file for ' + database + '...\n' + querySuiteContents);
+        queries.push(...(queriesPerLanguage[database] || []));
         const sarifFile = path.join(sarifFolder, database + '.sarif');
-        await codeql.databaseAnalyze(path.join(databaseFolder, database), sarifFile, querySuite);
+        await exec.exec(codeqlCmd, [
+            'database',
+            'analyze',
+            path.join(databaseFolder, database),
+            '--format=sarif-latest',
+            '--output=' + sarifFile,
+            '--no-sarif-add-snippets',
+            ...queries
+        ]);
         core.debug('SARIF results for database ' + database + ' created at "' + sarifFile + '"');
         core.endGroup();
     }
@@ -129,17 +115,18 @@ async function run() {
         const config = await configUtils.loadConfig();
         core.exportVariable(sharedEnv.ODASA_TRACER_CONFIGURATION, '');
         delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
+        const codeqlCmd = util.getRequiredEnvParam(sharedEnv.CODEQL_ACTION_CMD);
         const databaseFolder = util.getRequiredEnvParam(sharedEnv.CODEQL_ACTION_DATABASE_DIR);
         const sarifFolder = core.getInput('output');
         await io.mkdirP(sarifFolder);
         core.info('Finalizing database creation');
-        await finalizeDatabaseCreation(databaseFolder);
+        await finalizeDatabaseCreation(codeqlCmd, databaseFolder);
         await externalQueries.checkoutExternalQueries(config);
         core.info('Analyzing database');
-        await runQueries(databaseFolder, sarifFolder, config);
+        await runQueries(codeqlCmd, databaseFolder, sarifFolder, config);
         if ('true' === core.getInput('upload')) {
             if (!await upload_lib.upload(sarifFolder)) {
-                await util.reportActionFailed('finish', 'upload');
+                await util.reportActionFailed('failed', 'upload');
                 return;
             }
         }

lib/finalize-db.test.js

@@ -1,2 +0,0 @@
-"use strict";
-//# sourceMappingURL=finalize-db.test.js.map

lib/finalize-db.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"finalize-db.test.js","sourceRoot":"","sources":["../src/finalize-db.test.ts"],"names":[],"mappings":""}

lib/fingerprints.test.js

@@ -14,8 +14,6 @@ const ava_1 = __importDefault(require("ava"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const fingerprints = __importStar(require("./fingerprints"));
-const testing_utils_1 = require("./testing-utils");
-testing_utils_1.setupTests(ava_1.default);
 function testHash(t, input, expectedHashes) {
     let index = 0;
     let callback = function (lineNumber, hash) {

lib/setup-tools.js

@@ -10,7 +10,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const toolcache = __importStar(require("@actions/tool-cache"));
 const path = __importStar(require("path"));
-const semver = __importStar(require("semver"));
 class CodeQLSetup {
     constructor(codeqlDist) {
         this.dist = codeqlDist;
@@ -20,7 +19,7 @@ class CodeQLSetup {
         if (process.platform === 'win32') {
             this.platform = 'win64';
             if (this.cmd.endsWith('codeql')) {
-                this.cmd += ".exe";
+                this.cmd += ".cmd";
             }
         }
         else if (process.platform === 'linux') {
@@ -36,17 +35,17 @@ class CodeQLSetup {
 }
 exports.CodeQLSetup = CodeQLSetup;
 async function setupCodeQL() {
+    const version = '1.0.0';
+    const codeqlURL = core.getInput('tools', { required: true });
     try {
-        const codeqlURL = core.getInput('tools', { required: true });
-        const codeqlURLVersion = getCodeQLURLVersion(codeqlURL);
-        let codeqlFolder = toolcache.find('CodeQL', codeqlURLVersion);
+        let codeqlFolder = toolcache.find('CodeQL', version);
         if (codeqlFolder) {
             core.debug(`CodeQL found in cache ${codeqlFolder}`);
         }
         else {
             const codeqlPath = await toolcache.downloadTool(codeqlURL);
             const codeqlExtracted = await toolcache.extractTar(codeqlPath);
-            codeqlFolder = await toolcache.cacheDir(codeqlExtracted, 'CodeQL', codeqlURLVersion);
+            codeqlFolder = await toolcache.cacheDir(codeqlExtracted, 'CodeQL', version);
         }
         return new CodeQLSetup(path.join(codeqlFolder, 'codeql'));
     }
@@ -56,21 +55,4 @@ async function setupCodeQL() {
     }
 }
 exports.setupCodeQL = setupCodeQL;
-function getCodeQLURLVersion(url) {
-    const match = url.match(/\/codeql-bundle-(.*)\//);
-    if (match === null || match.length < 2) {
-        throw new Error(`Malformed tools url: ${url}. Version could not be inferred`);
-    }
-    let version = match[1];
-    if (!semver.valid(version)) {
-        core.debug(`Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`);
-        version = '0.0.0-' + version;
-    }
-    const s = semver.clean(version);
-    if (!s) {
-        throw new Error(`Malformed tools url ${url}. Version should be in SemVer format but have ${version} instead`);
-    }
-    return s;
-}
-exports.getCodeQLURLVersion = getCodeQLURLVersion;
 //# sourceMappingURL=setup-tools.js.map

lib/setup-tools.js.map

@@ -1 +1 @@
-{"version":3,"file":"setup-tools.js","sourceRoot":"","sources":["../src/setup-tools.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,+DAAiD;AACjD,2CAA6B;AAC7B,+CAAiC;AAEjC,MAAa,WAAW;IAMtB,YAAY,UAAkB;QAC5B,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;QACvB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC3C,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAC3C,4BAA4B;QAC5B,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;YACxB,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;gBAC/B,IAAI,CAAC,GAAG,IAAI,MAAM,CAAC;aACpB;SACF;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YACvC,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC;SAC3B;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE;YACxC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;SACzB;aAAM;YACL,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;SAC7D;IACH,CAAC;CACF;AAxBD,kCAwBC;AAEM,KAAK,UAAU,WAAW;IAC/B,IAAI;QACF,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7D,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAExD,IAAI,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAC9D,IAAI,YAAY,EAAE;YAChB,IAAI,CAAC,KAAK,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;SACrD;aAAM;YACL,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YAC3D,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC/D,YAAY,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;SACtF;QACD,OAAO,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC;KAE3D;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;KAC9D;AACH,CAAC;AAnBD,kCAmBC;AAED,SAAgB,mBAAmB,CAAC,GAAW;IAE7C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAClD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;QACtC,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,iCAAiC,CAAC,CAAC;KAC/E;IAED,IAAI,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAEvB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE;QAC1B,IAAI,CAAC,KAAK,CAAC,kBAAkB,OAAO,gEAAgE,OAAO,GAAG,CAAC,CAAC;QAChH,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC;KAC9B;IAED,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAChC,IAAI,CAAC,CAAC,EAAE;QACN,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,iDAAiD,OAAO,UAAU,CAAC,CAAC;KAC/G;IAED,OAAO,CAAC,CAAC;AACX,CAAC;AApBD,kDAoBC"}
+{"version":3,"file":"setup-tools.js","sourceRoot":"","sources":["../src/setup-tools.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,+DAAiD;AACjD,2CAA6B;AAE7B,MAAa,WAAW;IAMpB,YAAY,UAAkB;QAC1B,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;QACvB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC3C,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAC3C,4BAA4B;QAC5B,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAC9B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;YACxB,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;gBAC7B,IAAI,CAAC,GAAG,IAAI,MAAM,CAAC;aACtB;SACJ;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YACrC,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC;SAC7B;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE;YACtC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;SAC3B;aAAM;YACH,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;SAC/D;IACL,CAAC;CACJ;AAxBD,kCAwBC;AAEM,KAAK,UAAU,WAAW;IAC7B,MAAM,OAAO,GAAG,OAAO,CAAC;IACxB,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IAE7D,IAAI;QACA,IAAI,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACrD,IAAI,YAAY,EAAE;YACd,IAAI,CAAC,KAAK,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;SACvD;aAAM;YACH,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YAC3D,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC/D,YAAY,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;SAC/E;QACD,OAAO,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC;KAE7D;IAAC,OAAO,CAAC,EAAE;QACR,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;KAChE;AACL,CAAC;AAnBD,kCAmBC"}

lib/setup-tools.test.js

@@ -1,60 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const toolcache = __importStar(require("@actions/tool-cache"));
-const ava_1 = __importDefault(require("ava"));
-const nock_1 = __importDefault(require("nock"));
-const path = __importStar(require("path"));
-const setupTools = __importStar(require("./setup-tools"));
-const testing_utils_1 = require("./testing-utils");
-const util = __importStar(require("./util"));
-testing_utils_1.silenceDebugOutput(ava_1.default);
-ava_1.default('download codeql bundle cache', async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        process.env['RUNNER_TEMP'] = path.join(tmpDir, 'temp');
-        process.env['RUNNER_TOOL_CACHE'] = path.join(tmpDir, 'cache');
-        const versions = ['20200601', '20200610'];
-        for (let i = 0; i < versions.length; i++) {
-            const version = versions[i];
-            nock_1.default('https://example.com')
-                .get(`/download/codeql-bundle-${version}/codeql-bundle.tar.gz`)
-                .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle.tar.gz`));
-            process.env['INPUT_TOOLS'] = `https://example.com/download/codeql-bundle-${version}/codeql-bundle.tar.gz`;
-            await setupTools.setupCodeQL();
-            t.assert(toolcache.find('CodeQL', `0.0.0-${version}`));
-        }
-        const cachedVersions = toolcache.findAllVersions('CodeQL');
-        t.is(cachedVersions.length, 2);
-    });
-});
-ava_1.default('parse codeql bundle url version', t => {
-    const tests = {
-        '20200601': '0.0.0-20200601',
-        '20200601.0': '0.0.0-20200601.0',
-        '20200601.0.0': '20200601.0.0',
-        '1.2.3': '1.2.3',
-        '1.2.3-alpha': '1.2.3-alpha',
-        '1.2.3-beta.1': '1.2.3-beta.1',
-    };
-    for (const [version, expectedVersion] of Object.entries(tests)) {
-        const url = `https://github.com/.../codeql-bundle-${version}/...`;
-        try {
-            const parsedVersion = setupTools.getCodeQLURLVersion(url);
-            t.deepEqual(parsedVersion, expectedVersion);
-        }
-        catch (e) {
-            t.fail(e.message);
-        }
-    }
-});
-//# sourceMappingURL=setup-tools.test.js.map

lib/setup-tools.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"setup-tools.test.js","sourceRoot":"","sources":["../src/setup-tools.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+DAAiD;AACjD,8CAAuB;AACvB,gDAAwB;AACxB,2CAA6B;AAE7B,0DAA4C;AAC5C,mDAAmD;AACnD,6CAA+B;AAE/B,kCAAkB,CAAC,aAAI,CAAC,CAAC;AAEzB,aAAI,CAAC,8BAA8B,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAE7C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QAEnC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,MAAM,CAAC;QAEzC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAE9D,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YACxC,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YAE5B,cAAI,CAAC,qBAAqB,CAAC;iBACxB,GAAG,CAAC,2BAA2B,OAAO,uBAAuB,CAAC;iBAC9D,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,uCAAuC,CAAC,CAAC,CAAC;YAGrF,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,8CAA8C,OAAO,uBAAuB,CAAC;YAE1G,MAAM,UAAU,CAAC,WAAW,EAAE,CAAC;YAE/B,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,OAAO,EAAE,CAAC,CAAC,CAAC;SACxD;QAED,MAAM,cAAc,GAAG,SAAS,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAE3D,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAE1C,MAAM,KAAK,GAAG;QACZ,UAAU,EAAE,gBAAgB;QAC5B,YAAY,EAAE,kBAAkB;QAChC,cAAc,EAAE,cAAc;QAC9B,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,aAAa;QAC5B,cAAc,EAAE,cAAc;KAC/B,CAAC;IAEF,KAAK,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAC9D,MAAM,GAAG,GAAG,wCAAwC,OAAO,MAAM,CAAC;QAElE,IAAI;YACF,MAAM,aAAa,GAAG,UAAU,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAC1D,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SAC7C;QAAC,OAAO,CAAC,EAAE;YACV,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;SACnB;KACF;AACH,CAAC,CAAC,CAAC"}

lib/setup-tracer.js

@@ -13,8 +13,8 @@ const io = __importStar(require("@actions/io"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const analysisPaths = __importStar(require("./analysis-paths"));
-const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
+const setuptools = __importStar(require("./setup-tools"));
 const sharedEnv = __importStar(require("./shared-environment"));
 const util = __importStar(require("./util"));
 const CRITICAL_TRACER_VARS = new Set(['SEMMLE_PRELOAD_libtrace',
@@ -28,7 +28,12 @@ const CRITICAL_TRACER_VARS = new Set(['SEMMLE_PRELOAD_libtrace',
     'SEMMLE_JAVA_TOOL_OPTIONS'
 ]);
 async function tracerConfig(codeql, database, compilerSpec) {
-    const env = await codeql.getTracerEnv(database, compilerSpec);
+    const compilerSpecArg = compilerSpec ? ["--compiler-spec=" + compilerSpec] : [];
+    let envFile = path.resolve(database, 'working', 'env.tmp');
+    await exec.exec(codeql.cmd, ['database', 'trace-command', database,
+        ...compilerSpecArg,
+        process.execPath, path.resolve(__dirname, 'tracer-env.js'), envFile]);
+    const env = JSON.parse(fs.readFileSync(envFile, 'utf-8'));
     const config = env['ODASA_TRACER_CONFIGURATION'];
     const info = { spec: config, env: {} };
     // Extract critical tracer variables from the environment
@@ -95,13 +100,12 @@ function concatTracerConfigs(configs) {
         totalCount += count;
         totalLines.push(...lines.slice(2));
     }
-    const tempFolder = util.getRequiredEnvParam('RUNNER_TEMP');
-    const newLogFilePath = path.resolve(tempFolder, 'compound-build-tracer.log');
-    const spec = path.resolve(tempFolder, 'compound-spec');
-    const compoundTempFolder = path.resolve(tempFolder, 'compound-temp');
+    const newLogFilePath = path.resolve(util.workspaceFolder(), 'compound-build-tracer.log');
+    const spec = path.resolve(util.workspaceFolder(), 'compound-spec');
+    const tempFolder = path.resolve(util.workspaceFolder(), 'compound-temp');
     const newSpecContent = [newLogFilePath, totalCount.toString(10), ...totalLines];
     if (copyExecutables) {
-        env['SEMMLE_COPY_EXECUTABLES_ROOT'] = compoundTempFolder;
+        env['SEMMLE_COPY_EXECUTABLES_ROOT'] = tempFolder;
         envSize += 1;
     }
     fs.writeFileSync(spec, newSpecContent.join('\n'));
@@ -122,32 +126,26 @@ function concatTracerConfigs(configs) {
     return { env, spec };
 }
 async function run() {
-    let languages;
     try {
         if (util.should_abort('init', false) || !await util.reportActionStarting('init')) {
             return;
         }
-        core.startGroup('Load language configuration');
+        // The config file MUST be parsed in the init action
         const config = await configUtils.loadConfig();
-        languages = await util.getLanguages();
+        core.startGroup('Load language configuration');
+        const languages = await util.getLanguages();
         // If the languages parameter was not given and no languages were
         // detected then fail here as this is a workflow configuration error.
         if (languages.length === 0) {
-            throw new Error("Did not detect any languages to analyze. Please update input in workflow.");
+            core.setFailed("Did not detect any languages to analyze. Please update input in workflow.");
+            return;
         }
-        analysisPaths.includeAndExcludeAnalysisPaths(config, languages);
         core.endGroup();
-    }
-    catch (e) {
-        core.setFailed(e.message);
-        await util.reportActionAborted('init', e.message);
-        return;
-    }
-    try {
+        analysisPaths.includeAndExcludeAnalysisPaths(config, languages);
         const sourceRoot = path.resolve();
         core.startGroup('Setup CodeQL tools');
-        const codeql = await codeql_1.setupCodeQL();
-        await codeql.printVersion();
+        const codeqlSetup = await setuptools.setupCodeQL();
+        await exec.exec(codeqlSetup.cmd, ['version', '--format=json']);
         core.endGroup();
         // Forward Go flags
         const goFlags = process.env['GOFLAGS'];
@@ -158,7 +156,7 @@ async function run() {
         // Setup CODEQL_RAM flag (todo improve this https://github.com/github/dsp-code-scanning/issues/935)
         const codeqlRam = process.env['CODEQL_RAM'] || '6500';
         core.exportVariable('CODEQL_RAM', codeqlRam);
-        const databaseFolder = path.resolve(util.getRequiredEnvParam('RUNNER_TEMP'), 'codeql_databases');
+        const databaseFolder = path.resolve(util.workspaceFolder(), 'codeql_databases');
         await io.mkdirP(databaseFolder);
         let tracedLanguages = {};
         let scannedLanguages = [];
@@ -166,10 +164,10 @@ async function run() {
         for (let language of languages) {
             const languageDatabase = path.join(databaseFolder, language);
             // Init language database
-            await codeql.databaseInit(languageDatabase, language, sourceRoot);
+            await exec.exec(codeqlSetup.cmd, ['database', 'init', languageDatabase, '--language=' + language, '--source-root=' + sourceRoot]);
             // TODO: add better detection of 'traced languages' instead of using a hard coded list
             if (['cpp', 'java', 'csharp'].includes(language)) {
-                const config = await tracerConfig(codeql, languageDatabase);
+                const config = await tracerConfig(codeqlSetup, languageDatabase);
                 tracedLanguages[language] = config;
             }
             else {
@@ -185,16 +183,14 @@ async function run() {
                 }
                 core.exportVariable('ODASA_TRACER_CONFIGURATION', mainTracerConfig.spec);
                 if (process.platform === 'darwin') {
-                    core.exportVariable('DYLD_INSERT_LIBRARIES', path.join(codeql.getDir(), 'tools', 'osx64', 'libtrace.dylib'));
+                    core.exportVariable('DYLD_INSERT_LIBRARIES', path.join(codeqlSetup.tools, 'osx64', 'libtrace.dylib'));
                 }
                 else if (process.platform === 'win32') {
-                    await exec.exec('powershell', [
-                        path.resolve(__dirname, '..', 'src', 'inject-tracer.ps1'),
-                        path.resolve(codeql.getDir(), 'tools', 'win64', 'tracer.exe'),
-                    ], { env: { 'ODASA_TRACER_CONFIGURATION': mainTracerConfig.spec } });
+                    await exec.exec('powershell', [path.resolve(__dirname, '..', 'src', 'inject-tracer.ps1'),
+                        path.resolve(codeqlSetup.tools, 'win64', 'tracer.exe')], { env: { 'ODASA_TRACER_CONFIGURATION': mainTracerConfig.spec } });
                 }
                 else {
-                    core.exportVariable('LD_PRELOAD', path.join(codeql.getDir(), 'tools', 'linux64', '${LIB}trace.so'));
+                    core.exportVariable('LD_PRELOAD', path.join(codeqlSetup.tools, 'linux64', '${LIB}trace.so'));
                 }
             }
         }
@@ -202,14 +198,15 @@ async function run() {
         core.exportVariable(sharedEnv.CODEQL_ACTION_TRACED_LANGUAGES, tracedLanguageKeys.join(','));
         // TODO: make this a "private" environment variable of the action
         core.exportVariable(sharedEnv.CODEQL_ACTION_DATABASE_DIR, databaseFolder);
+        core.exportVariable(sharedEnv.CODEQL_ACTION_CMD, codeqlSetup.cmd);
     }
     catch (error) {
         core.setFailed(error.message);
         await util.reportActionFailed('init', error.message, error.stack);
         return;
     }
-    await util.reportActionSucceeded('init');
     core.exportVariable(sharedEnv.CODEQL_ACTION_INIT_COMPLETED, 'true');
+    await util.reportActionSucceeded('init');
 }
 run().catch(e => {
     core.setFailed("init action failed: " + e);

lib/shared-environment.js

@@ -1,5 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
+exports.CODEQL_ACTION_CMD = 'CODEQL_ACTION_CMD';
 exports.CODEQL_ACTION_DATABASE_DIR = 'CODEQL_ACTION_DATABASE_DIR';
 exports.CODEQL_ACTION_LANGUAGES = 'CODEQL_ACTION_LANGUAGES';
 exports.CODEQL_ACTION_ANALYSIS_KEY = 'CODEQL_ACTION_ANALYSIS_KEY';

lib/shared-environment.js.map

@@ -1 +1 @@
-{"version":3,"file":"shared-environment.js","sourceRoot":"","sources":["../src/shared-environment.ts"],"names":[],"mappings":";;AAAa,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,uBAAuB,GAAG,yBAAyB,CAAC;AACpD,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,+BAA+B,GAAG,iCAAiC,CAAC;AACpE,QAAA,8BAA8B,GAAG,gCAAgC,CAAC;AAC/E,wEAAwE;AACxE,2EAA2E;AAC3E,4EAA4E;AAC5E,2EAA2E;AAC3E,+BAA+B;AAClB,QAAA,wBAAwB,GAAG,0BAA0B,CAAC;AACnE,wDAAwD;AAC3C,QAAA,4BAA4B,GAAG,8BAA8B,CAAC"}
+{"version":3,"file":"shared-environment.js","sourceRoot":"","sources":["../src/shared-environment.ts"],"names":[],"mappings":";;AAAa,QAAA,iBAAiB,GAAG,mBAAmB,CAAC;AACxC,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,uBAAuB,GAAG,yBAAyB,CAAC;AACpD,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,+BAA+B,GAAG,iCAAiC,CAAC;AACpE,QAAA,8BAA8B,GAAG,gCAAgC,CAAC;AAC/E,wEAAwE;AACxE,2EAA2E;AAC3E,4EAA4E;AAC5E,2EAA2E;AAC3E,+BAA+B;AAClB,QAAA,wBAAwB,GAAG,0BAA0B,CAAC;AACnE,wDAAwD;AAC3C,QAAA,4BAA4B,GAAG,8BAA8B,CAAC"}

lib/test-utils.js

@@ -1,22 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-function silenceDebugOutput(test) {
-    const typedTest = test;
-    typedTest.beforeEach(t => {
-        const processStdoutWrite = process.stdout.write.bind(process.stdout);
-        t.context.write = processStdoutWrite;
-        process.stdout.write = (str, encoding, cb) => {
-            // Core library will directly call process.stdout.write for commands
-            // We don't want :: commands to be executed by the runner during tests
-            if (!str.match(/^::/)) {
-                processStdoutWrite(str, encoding, cb);
-            }
-            return true;
-        };
-    });
-    typedTest.afterEach(t => {
-        process.stdout.write = t.context.write;
-    });
-}
-exports.silenceDebugOutput = silenceDebugOutput;
-//# sourceMappingURL=test-utils.js.map

lib/test-utils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"test-utils.js","sourceRoot":"","sources":["../src/test-utils.ts"],"names":[],"mappings":";;AAEA,SAAgB,kBAAkB,CAAC,IAAwB;IACzD,MAAM,SAAS,GAAG,IAAmC,CAAC;IAEtD,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;QACrB,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,KAAK,GAAG,kBAAkB,CAAC;QACrC,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,GAAQ,EAAE,QAAc,EAAE,EAA0B,EAAE,EAAE;YAC5E,oEAAoE;YACpE,sEAAsE;YACtE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;gBACnB,kBAAkB,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;aACzC;YACD,OAAO,IAAI,CAAC;QAChB,CAAC,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE;QACpB,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC;AAnBD,gDAmBC"}

lib/testing-utils.js

@@ -1,55 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const sinon_1 = __importDefault(require("sinon"));
-function wrapOutput(context) {
-    // Function signature taken from Socket.write.
-    // Note there are two overloads:
-    // write(buffer: Uint8Array | string, cb?: (err?: Error) => void): boolean;
-    // write(str: Uint8Array | string, encoding?: string, cb?: (err?: Error) => void): boolean;
-    return (chunk, encoding, cb) => {
-        // Work out which method overload we are in
-        if (cb === undefined && typeof encoding === 'function') {
-            cb = encoding;
-            encoding = undefined;
-        }
-        // Record the output
-        if (typeof chunk === 'string') {
-            context.testOutput += chunk;
-        }
-        else {
-            context.testOutput += new TextDecoder(encoding || 'utf-8').decode(chunk);
-        }
-        // Satisfy contract by calling callback when done
-        if (cb !== undefined && typeof cb === 'function') {
-            cb();
-        }
-        return true;
-    };
-}
-function setupTests(test) {
-    const typedTest = test;
-    typedTest.beforeEach(t => {
-        t.context.testOutput = "";
-        const processStdoutWrite = process.stdout.write.bind(process.stdout);
-        t.context.stdoutWrite = processStdoutWrite;
-        process.stdout.write = wrapOutput(t.context);
-        const processStderrWrite = process.stderr.write.bind(process.stderr);
-        t.context.stderrWrite = processStderrWrite;
-        process.stderr.write = wrapOutput(t.context);
-    });
-    typedTest.afterEach.always(t => {
-        process.stdout.write = t.context.stdoutWrite;
-        process.stderr.write = t.context.stderrWrite;
-        if (!t.passed) {
-            process.stdout.write(t.context.testOutput);
-        }
-    });
-    typedTest.afterEach.always(() => {
-        sinon_1.default.restore();
-    });
-}
-exports.setupTests = setupTests;
-//# sourceMappingURL=testing-utils.js.map

lib/testing-utils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"testing-utils.js","sourceRoot":"","sources":["../src/testing-utils.ts"],"names":[],"mappings":";;;;;AACA,kDAA0B;AAI1B,SAAS,UAAU,CAAC,OAAoB;IACtC,8CAA8C;IAC9C,gCAAgC;IAChC,2EAA2E;IAC3E,2FAA2F;IAC3F,OAAO,CAAC,KAA0B,EAAE,QAAiB,EAAE,EAA0B,EAAW,EAAE;QAC5F,2CAA2C;QAC3C,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,QAAQ,KAAK,UAAU,EAAE;YACtD,EAAE,GAAG,QAAQ,CAAC;YACd,QAAQ,GAAG,SAAS,CAAC;SACtB;QAED,oBAAoB;QACpB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC7B,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;SAC7B;aAAM;YACL,OAAO,CAAC,UAAU,IAAI,IAAI,WAAW,CAAC,QAAQ,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;SAC1E;QAED,iDAAiD;QACjD,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,EAAE,KAAK,UAAU,EAAE;YAChD,EAAE,EAAE,CAAC;SACN;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAED,SAAgB,UAAU,CAAC,IAAwB;IACjD,MAAM,SAAS,GAAG,IAAkC,CAAC;IAErD,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;QACvB,CAAC,CAAC,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC;QAE1B,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QAEpD,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;IACtD,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE;QAC7B,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAE7C,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE;YACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;SAC5C;IACH,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,EAAE;QAC9B,eAAK,CAAC,OAAO,EAAE,CAAC;IAClB,CAAC,CAAC,CAAC;AACL,CAAC;AA3BD,gCA2BC"}

lib/tracer-env.js.map

@@ -1 +1 @@
-{"version":3,"file":"tracer-env.js","sourceRoot":"","sources":["../src/tracer-env.ts"],"names":[],"mappings":";;;;;;;;;AAAA,uCAAyB;AAEzB,MAAM,GAAG,GAAG,EAAE,CAAC;AACf,KAAK,IAAI,KAAK,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;IAC7C,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACrB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,IAAI,OAAO,KAAK,KAAK,WAAW,IAAI,GAAG,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE;QACtF,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;KAClB;CACF;AACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AACtC,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,OAAO,CAAC,CAAC"}
+{"version":3,"file":"tracer-env.js","sourceRoot":"","sources":["../src/tracer-env.ts"],"names":[],"mappings":";;;;;;;;;AAAA,uCAAyB;AAEzB,MAAM,GAAG,GAAG,EAAE,CAAC;AACf,KAAK,IAAI,KAAK,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;IAC3C,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACrB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,IAAI,OAAO,KAAK,KAAK,WAAW,IAAI,GAAG,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE;QACpF,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;KACpB;CACJ;AACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AACtC,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,OAAO,CAAC,CAAC"}

lib/upload-lib.js

@@ -11,15 +11,28 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
+const http = __importStar(require("@actions/http-client"));
+const auth = __importStar(require("@actions/http-client/auth"));
+const io = __importStar(require("@actions/io"));
 const file_url_1 = __importDefault(require("file-url"));
 const fs = __importStar(require("fs"));
-const jsonschema = __importStar(require("jsonschema"));
 const path = __importStar(require("path"));
 const zlib_1 = __importDefault(require("zlib"));
-const api = __importStar(require("./api-client"));
 const fingerprints = __importStar(require("./fingerprints"));
 const sharedEnv = __importStar(require("./shared-environment"));
 const util = __importStar(require("./util"));
+// Construct the location of the sentinel file for detecting multiple uploads.
+// The returned location should be writable.
+async function getSentinelFilePath() {
+    // Use the temp dir instead of placing next to the sarif file because of
+    // issues with docker actions. The directory containing the sarif file
+    // may not be writable by us.
+    const uploadsTmpDir = path.join(process.env['RUNNER_TEMP'] || '/tmp/codeql-action', 'uploads');
+    await io.mkdirP(uploadsTmpDir);
+    // Hash the absolute path so we'll behave correctly in the unlikely
+    // scenario a file is referenced twice with different paths.
+    return path.join(uploadsTmpDir, 'codeql-action-upload-sentinel');
+}
 // Takes a list of paths to sarif files and combines them together,
 // returning the contents of the combined sarif file.
 function combineSarifFiles(sarifFiles) {
@@ -50,28 +63,27 @@ async function uploadPayload(payload) {
     if (testMode) {
         return true;
     }
-    const [owner, repo] = util.getRequiredEnvParam("GITHUB_REPOSITORY").split("/");
+    const githubToken = core.getInput('token');
+    const ph = new auth.BearerCredentialHandler(githubToken);
+    const client = new http.HttpClient('Code Scanning : Upload SARIF', [ph]);
+    const url = 'https://api.github.com/repos/' + process.env['GITHUB_REPOSITORY'] + '/code-scanning/analysis';
     // Make up to 4 attempts to upload, and sleep for these
     // number of seconds between each attempt.
     // We don't want to backoff too much to avoid wasting action
     // minutes, but just waiting a little bit could maybe help.
     const backoffPeriods = [1, 5, 15];
     for (let attempt = 0; attempt <= backoffPeriods.length; attempt++) {
-        const response = await api.getApiClient().request("PUT /repos/:owner/:repo/code-scanning/analysis", ({
-            owner: owner,
-            repo: repo,
-            data: payload,
-        }));
-        core.debug('response status: ' + response.status);
-        const statusCode = response.status;
+        const res = await client.put(url, payload);
+        core.debug('response status: ' + res.message.statusCode);
+        const statusCode = res.message.statusCode;
         if (statusCode === 202) {
             core.info("Successfully uploaded results");
             return true;
         }
-        const requestID = response.headers["x-github-request-id"];
+        const requestID = res.message.headers["x-github-request-id"];
         // On any other status code that's not 5xx mark the upload as failed
         if (!statusCode || statusCode < 500 || statusCode >= 600) {
-            core.setFailed('Upload failed (' + requestID + '): (' + statusCode + ') ' + JSON.stringify(response.data));
+            core.setFailed('Upload failed (' + requestID + '): (' + statusCode + ') ' + await res.readBody());
             return false;
         }
         // On a 5xx status code we may retry the request
@@ -79,7 +91,7 @@ async function uploadPayload(payload) {
             // Log the failure as a warning but don't mark the action as failed yet
             core.warning('Upload attempt (' + (attempt + 1) + ' of ' + (backoffPeriods.length + 1) +
                 ') failed (' + requestID + '). Retrying in ' + backoffPeriods[attempt] +
-                ' seconds: (' + statusCode + ') ' + JSON.stringify(response.data));
+                ' seconds: (' + statusCode + ') ' + await res.readBody());
             // Sleep for the backoff period
             await new Promise(r => setTimeout(r, backoffPeriods[attempt] * 1000));
             continue;
@@ -88,7 +100,7 @@ async function uploadPayload(payload) {
             // If the upload fails with 5xx then we assume it is a temporary problem
             // and not an error that the user has caused or can fix.
             // We avoid marking the job as failed to avoid breaking CI workflows.
-            core.error('Upload failed (' + requestID + '): (' + statusCode + ') ' + JSON.stringify(response.data));
+            core.error('Upload failed (' + requestID + '): (' + statusCode + ') ' + await res.readBody());
             return false;
         }
     }
@@ -113,96 +125,62 @@ async function upload(input) {
     }
 }
 exports.upload = upload;
-// Counts the number of results in the given SARIF file
-function countResultsInSarif(sarif) {
-    let numResults = 0;
-    for (const run of JSON.parse(sarif).runs) {
-        numResults += run.results.length;
-    }
-    return numResults;
-}
-exports.countResultsInSarif = countResultsInSarif;
-// Validates that the given file path refers to a valid SARIF file.
-// Returns a non-empty list of error message if the file is invalid,
-// otherwise returns the empty list if the file is valid.
-function validateSarifFileSchema(sarifFilePath) {
-    const sarif = JSON.parse(fs.readFileSync(sarifFilePath, 'utf8'));
-    const schema = JSON.parse(fs.readFileSync(__dirname + '/../src/sarif_v2.1.0_schema.json', 'utf8'));
-    const result = new jsonschema.Validator().validate(sarif, schema);
-    if (result.valid) {
-        return true;
-    }
-    else {
-        // Set the failure message to the stacks of all the errors.
-        // This should be of a manageable size and may even give enough to fix the error.
-        const errorMessages = result.errors.map(e => "- " + e.stack);
-        core.setFailed("Unable to upload \"" + sarifFilePath + "\" as it is not valid SARIF:\n" + errorMessages.join("\n"));
-        // Also output the more verbose error messages in groups as these may be very large.
-        for (const error of result.errors) {
-            core.startGroup("Error details: " + error.stack);
-            core.info(JSON.stringify(error, null, 2));
-            core.endGroup();
-        }
-        return false;
-    }
-}
-exports.validateSarifFileSchema = validateSarifFileSchema;
 // Uploads the given set of sarif files.
 // Returns true iff the upload occurred and succeeded
 async function uploadFiles(sarifFiles) {
     core.startGroup("Uploading results");
-    core.info("Uploading sarif files: " + JSON.stringify(sarifFiles));
-    const sentinelEnvVar = "CODEQL_UPLOAD_SARIF";
-    if (process.env[sentinelEnvVar]) {
-        core.error("Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job");
-        return false;
-    }
-    core.exportVariable(sentinelEnvVar, sentinelEnvVar);
-    // Validate that the files we were asked to upload are all valid SARIF files
-    for (const file of sarifFiles) {
-        if (!validateSarifFileSchema(file)) {
+    let succeeded = false;
+    try {
+        // Check if an upload has happened before. If so then abort.
+        // This is intended to catch when the finish and upload-sarif actions
+        // are used together, and then the upload-sarif action is invoked twice.
+        const sentinelFile = await getSentinelFilePath();
+        if (fs.existsSync(sentinelFile)) {
+            core.info("Aborting as an upload has already happened from this job");
             return false;
         }
+        const commitOid = util.getRequiredEnvParam('GITHUB_SHA');
+        const workflowRunIDStr = util.getRequiredEnvParam('GITHUB_RUN_ID');
+        const ref = util.getRef();
+        const analysisKey = await util.getAnalysisKey();
+        const analysisName = util.getRequiredEnvParam('GITHUB_WORKFLOW');
+        const startedAt = process.env[sharedEnv.CODEQL_ACTION_STARTED_AT];
+        core.info("Uploading sarif files: " + JSON.stringify(sarifFiles));
+        let sarifPayload = combineSarifFiles(sarifFiles);
+        sarifPayload = fingerprints.addFingerprints(sarifPayload);
+        const zipped_sarif = zlib_1.default.gzipSync(sarifPayload).toString('base64');
+        let checkoutPath = core.getInput('checkout_path');
+        let checkoutURI = file_url_1.default(checkoutPath);
+        const workflowRunID = parseInt(workflowRunIDStr, 10);
+        if (Number.isNaN(workflowRunID)) {
+            core.setFailed('GITHUB_RUN_ID must define a non NaN workflow run ID');
+            return false;
+        }
+        let matrix = core.getInput('matrix');
+        if (matrix === "null" || matrix === "") {
+            matrix = undefined;
+        }
+        const toolNames = util.getToolNames(sarifPayload);
+        const payload = JSON.stringify({
+            "commit_oid": commitOid,
+            "ref": ref,
+            "analysis_key": analysisKey,
+            "analysis_name": analysisName,
+            "sarif": zipped_sarif,
+            "workflow_run_id": workflowRunID,
+            "checkout_uri": checkoutURI,
+            "environment": matrix,
+            "started_at": startedAt,
+            "tool_names": toolNames,
+        });
+        // Make the upload
+        succeeded = await uploadPayload(payload);
+        // Mark that we have made an upload
+        fs.writeFileSync(sentinelFile, '');
     }
-    const commitOid = await util.getCommitOid();
-    const workflowRunIDStr = util.getRequiredEnvParam('GITHUB_RUN_ID');
-    const ref = util.getRef();
-    const analysisKey = await util.getAnalysisKey();
-    const analysisName = util.getRequiredEnvParam('GITHUB_WORKFLOW');
-    const startedAt = process.env[sharedEnv.CODEQL_ACTION_STARTED_AT];
-    let sarifPayload = combineSarifFiles(sarifFiles);
-    sarifPayload = fingerprints.addFingerprints(sarifPayload);
-    const zipped_sarif = zlib_1.default.gzipSync(sarifPayload).toString('base64');
-    let checkoutPath = core.getInput('checkout_path');
-    let checkoutURI = file_url_1.default(checkoutPath);
-    const workflowRunID = parseInt(workflowRunIDStr, 10);
-    if (Number.isNaN(workflowRunID)) {
-        core.setFailed('GITHUB_RUN_ID must define a non NaN workflow run ID');
-        return false;
+    catch (error) {
+        core.setFailed(error.message);
     }
-    let matrix = core.getInput('matrix');
-    if (matrix === "null" || matrix === "") {
-        matrix = undefined;
-    }
-    const toolNames = util.getToolNames(sarifPayload);
-    const payload = JSON.stringify({
-        "commit_oid": commitOid,
-        "ref": ref,
-        "analysis_key": analysisKey,
-        "analysis_name": analysisName,
-        "sarif": zipped_sarif,
-        "workflow_run_id": workflowRunID,
-        "checkout_uri": checkoutURI,
-        "environment": matrix,
-        "started_at": startedAt,
-        "tool_names": toolNames,
-    });
-    // Log some useful debug info about the info
-    core.debug("Raw upload size: " + sarifPayload.length + " bytes");
-    core.debug("Base64 zipped upload size: " + zipped_sarif.length + " bytes");
-    core.debug("Number of results in upload: " + countResultsInSarif(sarifPayload));
-    // Make the upload
-    const succeeded = await uploadPayload(payload);
     core.endGroup();
     return succeeded;
 }

lib/upload-lib.test.js

@@ -1,27 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const ava_1 = __importDefault(require("ava"));
-const testing_utils_1 = require("./testing-utils");
-const uploadLib = __importStar(require("./upload-lib"));
-testing_utils_1.setupTests(ava_1.default);
-ava_1.default('validateSarifFileSchema - valid', t => {
-    const inputFile = __dirname + '/../src/testdata/valid-sarif.sarif';
-    t.true(uploadLib.validateSarifFileSchema(inputFile));
-});
-ava_1.default('validateSarifFileSchema - invalid', t => {
-    const inputFile = __dirname + '/../src/testdata/invalid-sarif.sarif';
-    t.false(uploadLib.validateSarifFileSchema(inputFile));
-    // validateSarifFileSchema calls core.setFailed which sets the exit code on error
-    process.exitCode = 0;
-});
-//# sourceMappingURL=upload-lib.test.js.map

lib/upload-lib.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"upload-lib.test.js","sourceRoot":"","sources":["../src/upload-lib.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,mDAA2C;AAC3C,wDAA0C;AAE1C,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAC1C,MAAM,SAAS,GAAG,SAAS,GAAG,oCAAoC,CAAC;IACnE,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,mCAAmC,EAAE,CAAC,CAAC,EAAE;IAC5C,MAAM,SAAS,GAAG,SAAS,GAAG,sCAAsC,CAAC;IACrE,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC;IACtD,iFAAiF;IACjF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC"}

lib/upload-sarif.js.map

@@ -1 +1 @@
-{"version":3,"file":"upload-sarif.js","sourceRoot":"","sources":["../src/upload-sarif.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAEtC,yDAA2C;AAC3C,6CAA+B;AAE/B,KAAK,UAAU,GAAG;IAChB,IAAI,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,cAAc,CAAC,EAAE;QAChG,OAAO;KACR;IAED,IAAI;QACF,IAAI,MAAM,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,EAAE;YACxD,MAAM,IAAI,CAAC,qBAAqB,CAAC,cAAc,CAAC,CAAC;SAClD;aAAM;YACL,MAAM,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;SACzD;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,MAAM,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1E,OAAO;KACR;AACH,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,qCAAqC,GAAG,CAAC,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"upload-sarif.js","sourceRoot":"","sources":["../src/upload-sarif.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAEtC,yDAA2C;AAC3C,6CAA+B;AAE/B,KAAK,UAAU,GAAG;IACd,IAAI,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,cAAc,CAAC,EAAE;QAC9F,OAAO;KACV;IAED,IAAI;QACA,IAAI,MAAM,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,EAAE;YACtD,MAAM,IAAI,CAAC,qBAAqB,CAAC,cAAc,CAAC,CAAC;SACpD;aAAM;YACH,MAAM,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;SAC3D;KACJ;IAAC,OAAO,KAAK,EAAE;QACZ,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,MAAM,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1E,OAAO;KACV;AACL,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACZ,IAAI,CAAC,SAAS,CAAC,qCAAqC,GAAG,CAAC,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACnB,CAAC,CAAC,CAAC"}

lib/util.js

@@ -6,13 +6,18 @@ var __importStar = (this && this.__importStar) || function (mod) {
     result["default"] = mod;
     return result;
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
-const exec = __importStar(require("@actions/exec"));
+const http = __importStar(require("@actions/http-client"));
+const auth = __importStar(require("@actions/http-client/auth"));
+const octokit = __importStar(require("@octokit/rest"));
+const console_log_level_1 = __importDefault(require("console-log-level"));
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
-const api = __importStar(require("./api-client"));
 const sharedEnv = __importStar(require("./shared-environment"));
 /**
  * Should the current action be aborted?
@@ -28,6 +33,12 @@ function should_abort(actionName, requireInitActionHasRun) {
         core.setFailed('GITHUB_REF must be set.');
         return true;
     }
+    // Should abort if called on a merge commit for a pull request.
+    if (ref.startsWith('refs/pull/')) {
+        core.warning('The CodeQL ' + actionName + ' action is intended for workflows triggered on `push` events, '
+            + 'but the current workflow is running on a pull request. Aborting.');
+        return true;
+    }
     // If the init action is required, then check the it completed successfully.
     if (requireInitActionHasRun && process.env[sharedEnv.CODEQL_ACTION_INIT_COMPLETED] === undefined) {
         core.setFailed('The CodeQL ' + actionName + ' action cannot be used unless the CodeQL init action is run first. Aborting.');
@@ -36,12 +47,22 @@ function should_abort(actionName, requireInitActionHasRun) {
     return false;
 }
 exports.should_abort = should_abort;
+/**
+ * Resolve the path to the workspace folder.
+ */
+function workspaceFolder() {
+    let workspaceFolder = process.env['RUNNER_WORKSPACE'];
+    if (!workspaceFolder)
+        workspaceFolder = path.resolve('..');
+    return workspaceFolder;
+}
+exports.workspaceFolder = workspaceFolder;
 /**
  * Get an environment parameter, but throw an error if it is not set.
  */
 function getRequiredEnvParam(paramName) {
     const value = process.env[paramName];
-    if (value === undefined || value.length === 0) {
+    if (value === undefined) {
         throw new Error(paramName + ' environment variable must be set');
     }
     core.debug(paramName + '=' + value);
@@ -69,7 +90,12 @@ async function getLanguagesInRepo() {
         let owner = repo_nwo[0];
         let repo = repo_nwo[1];
         core.debug(`GitHub repo ${owner} ${repo}`);
-        const response = await api.getApiClient().request("GET /repos/:owner/:repo/languages", ({
+        let ok = new octokit.Octokit({
+            auth: core.getInput('token'),
+            userAgent: "CodeQL Action",
+            log: console_log_level_1.default({ level: "debug" })
+        });
+        const response = await ok.request("GET /repos/:owner/:repo/languages", ({
             owner,
             repo
         }));
@@ -125,34 +151,6 @@ async function getLanguages() {
     return languages;
 }
 exports.getLanguages = getLanguages;
-/**
- * Gets the SHA of the commit that is currently checked out.
- */
-async function getCommitOid() {
-    // Try to use git to get the current commit SHA. If that fails then
-    // log but otherwise silently fall back to using the SHA from the environment.
-    // The only time these two values will differ is during analysis of a PR when
-    // the workflow has changed the current commit to the head commit instead of
-    // the merge commit, which must mean that git is available.
-    // Even if this does go wrong, it's not a huge problem for the alerts to
-    // reported on the merge commit.
-    try {
-        let commitOid = '';
-        await exec.exec('git', ['rev-parse', 'HEAD'], {
-            silent: true,
-            listeners: {
-                stdout: (data) => { commitOid += data.toString(); },
-                stderr: (data) => { process.stderr.write(data); }
-            }
-        });
-        return commitOid.trim();
-    }
-    catch (e) {
-        core.info("Failed to call git to get current commit. Continuing with data from environment: " + e);
-        return getRequiredEnvParam('GITHUB_SHA');
-    }
-}
-exports.getCommitOid = getCommitOid;
 /**
  * Get the path of the currently executing workflow.
  */
@@ -160,15 +158,19 @@ async function getWorkflowPath() {
     const repo_nwo = getRequiredEnvParam('GITHUB_REPOSITORY').split("/");
     const owner = repo_nwo[0];
     const repo = repo_nwo[1];
-    const run_id = Number(getRequiredEnvParam('GITHUB_RUN_ID'));
-    const apiClient = api.getApiClient();
-    const runsResponse = await apiClient.request('GET /repos/:owner/:repo/actions/runs/:run_id', {
+    const run_id = getRequiredEnvParam('GITHUB_RUN_ID');
+    const ok = new octokit.Octokit({
+        auth: core.getInput('token'),
+        userAgent: "CodeQL Action",
+        log: console_log_level_1.default({ level: 'debug' })
+    });
+    const runsResponse = await ok.request('GET /repos/:owner/:repo/actions/runs/:run_id', {
         owner,
         repo,
         run_id
     });
     const workflowUrl = runsResponse.data.workflow_url;
-    const workflowResponse = await apiClient.request('GET ' + workflowUrl);
+    const workflowResponse = await ok.request('GET ' + workflowUrl);
     return workflowResponse.data.path;
 }
 /**
@@ -194,20 +196,8 @@ exports.getAnalysisKey = getAnalysisKey;
  * Get the ref currently being analyzed.
  */
 function getRef() {
-    // Will be in the form "refs/heads/master" on a push event
-    // or in the form "refs/pull/N/merge" on a pull_request event
-    const ref = getRequiredEnvParam('GITHUB_REF');
-    // For pull request refs we want to convert from the 'merge' ref
-    // to the 'head' ref, as that is what we want to analyse.
-    // There should have been some code earlier in the workflow to do
-    // the checkout, but we have no way of verifying that here.
-    const pull_ref_regex = /refs\/pull\/(\d+)\/merge/;
-    if (pull_ref_regex.test(ref)) {
-        return ref.replace(pull_ref_regex, 'refs/pull/$1/head');
-    }
-    else {
-        return ref;
-    }
+    // it's in the form "refs/heads/master"
+    return getRequiredEnvParam('GITHUB_REF');
 }
 exports.getRef = getRef;
 /**
@@ -228,7 +218,6 @@ async function createStatusReport(actionName, status, cause, exception) {
     }
     const workflowName = process.env['GITHUB_WORKFLOW'] || '';
     const jobName = process.env['GITHUB_JOB'] || '';
-    const analysis_key = await getAnalysisKey();
     const languages = (await getLanguages()).sort().join(',');
     const startedAt = process.env[sharedEnv.CODEQL_ACTION_STARTED_AT] || new Date().toISOString();
     core.exportVariable(sharedEnv.CODEQL_ACTION_STARTED_AT, startedAt);
@@ -236,7 +225,6 @@ async function createStatusReport(actionName, status, cause, exception) {
         workflow_run_id: workflowRunID,
         workflow_name: workflowName,
         job_name: jobName,
-        analysis_key: analysis_key,
         languages: languages,
         commit_oid: commitOid,
         ref: ref,
@@ -252,7 +240,7 @@ async function createStatusReport(actionName, status, cause, exception) {
     if (exception) {
         statusReport.exception = exception;
     }
-    if (status === 'success' || status === 'failure' || status === 'aborted') {
+    if (status === 'success' || status === 'failure') {
         statusReport.completed_at = new Date().toISOString();
     }
     let matrix = core.getInput('matrix');
@@ -264,19 +252,21 @@ async function createStatusReport(actionName, status, cause, exception) {
 /**
  * Send a status report to the code_scanning/analysis/status endpoint.
  *
- * Returns the status code of the response to the status request.
+ * Returns the status code of the response to the status request, or
+ * undefined if the given statusReport is undefined or no response was
+ * received.
  */
 async function sendStatusReport(statusReport) {
+    var _a;
     const statusReportJSON = JSON.stringify(statusReport);
     core.debug('Sending status report: ' + statusReportJSON);
-    const nwo = getRequiredEnvParam("GITHUB_REPOSITORY");
-    const [owner, repo] = nwo.split("/");
-    const statusResponse = await api.getApiClient().request('PUT /repos/:owner/:repo/code-scanning/analysis/status', {
-        owner: owner,
-        repo: repo,
-        data: statusReportJSON,
-    });
-    return statusResponse.status;
+    const githubToken = core.getInput('token');
+    const ph = new auth.BearerCredentialHandler(githubToken);
+    const client = new http.HttpClient('Code Scanning : Status Report', [ph]);
+    const url = 'https://api.github.com/repos/' + process.env['GITHUB_REPOSITORY']
+        + '/code-scanning/analysis/status';
+    const res = await client.put(url, statusReportJSON);
+    return (_a = res.message) === null || _a === void 0 ? void 0 : _a.statusCode;
 }
 /**
  * Send a status report that an action is starting.
@@ -325,16 +315,6 @@ async function reportActionSucceeded(action) {
     await sendStatusReport(await createStatusReport(action, 'success'));
 }
 exports.reportActionSucceeded = reportActionSucceeded;
-/**
- * Report that an action has been aborted.
- *
- * Note that the started_at date is always that of the `init` action, since
- * this is likely to give a more useful duration when inspecting events.
- */
-async function reportActionAborted(action, cause) {
-    await sendStatusReport(await createStatusReport(action, 'aborted', cause));
-}
-exports.reportActionAborted = reportActionAborted;
 /**
  * Get the array of all the tool names contained in the given sarif contents.
  *
@@ -357,63 +337,8 @@ exports.getToolNames = getToolNames;
 // Mostly intended for use within tests.
 async function withTmpDir(body) {
     const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'codeql-action-'));
-    const realSubdir = path.join(tmpDir, 'real');
-    fs.mkdirSync(realSubdir);
-    const symlinkSubdir = path.join(tmpDir, 'symlink');
-    fs.symlinkSync(realSubdir, symlinkSubdir, 'dir');
-    const result = await body(symlinkSubdir);
+    await body(tmpDir);
     fs.rmdirSync(tmpDir, { recursive: true });
-    return result;
 }
 exports.withTmpDir = withTmpDir;
-/**
- * Get the codeql `--ram` flag as configured by the `ram` input. If no value was
- * specified, the total available memory will be used minus 256 MB.
- *
- * @returns string
- */
-function getMemoryFlag() {
-    let memoryToUseMegaBytes;
-    const memoryToUseString = core.getInput("ram");
-    if (memoryToUseString) {
-        memoryToUseMegaBytes = Number(memoryToUseString);
-        if (Number.isNaN(memoryToUseMegaBytes) || memoryToUseMegaBytes <= 0) {
-            throw new Error("Invalid RAM setting \"" + memoryToUseString + "\", specified.");
-        }
-    }
-    else {
-        const totalMemoryBytes = os.totalmem();
-        const totalMemoryMegaBytes = totalMemoryBytes / (1024 * 1024);
-        const systemReservedMemoryMegaBytes = 256;
-        memoryToUseMegaBytes = totalMemoryMegaBytes - systemReservedMemoryMegaBytes;
-    }
-    return "--ram=" + Math.floor(memoryToUseMegaBytes);
-}
-exports.getMemoryFlag = getMemoryFlag;
-/**
- * Get the codeql `--threads` value specified for the `threads` input. The value
- * defaults to 1. The value will be capped to the number of available CPUs.
- *
- * @returns string
- */
-function getThreadsFlag() {
-    let numThreads = 1;
-    const numThreadsString = core.getInput("threads");
-    if (numThreadsString) {
-        numThreads = Number(numThreadsString);
-        if (Number.isNaN(numThreads)) {
-            throw new Error(`Invalid threads setting "${numThreadsString}", specified.`);
-        }
-        const maxThreads = os.cpus().length;
-        if (numThreads > maxThreads) {
-            numThreads = maxThreads;
-        }
-        const minThreads = -maxThreads;
-        if (numThreads < minThreads) {
-            numThreads = minThreads;
-        }
-    }
-    return `--threads=${numThreads}`;
-}
-exports.getThreadsFlag = getThreadsFlag;
 //# sourceMappingURL=util.js.map

lib/util.test.js

@@ -12,53 +12,10 @@ var __importStar = (this && this.__importStar) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const ava_1 = __importDefault(require("ava"));
 const fs = __importStar(require("fs"));
-const os = __importStar(require("os"));
-const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
-testing_utils_1.setupTests(ava_1.default);
 ava_1.default('getToolNames', t => {
     const input = fs.readFileSync(__dirname + '/../src/testdata/tool-names.sarif', 'utf8');
     const toolNames = util.getToolNames(input);
     t.deepEqual(toolNames, ["CodeQL command-line toolchain", "ESLint"]);
 });
-ava_1.default('getMemoryFlag() should return the correct --ram flag', t => {
-    const totalMem = Math.floor(os.totalmem() / (1024 * 1024));
-    const tests = {
-        "": `--ram=${totalMem - 256}`,
-        "512": "--ram=512",
-    };
-    for (const [input, expectedFlag] of Object.entries(tests)) {
-        process.env['INPUT_RAM'] = input;
-        const flag = util.getMemoryFlag();
-        t.deepEqual(flag, expectedFlag);
-    }
-});
-ava_1.default('getMemoryFlag() throws if the ram input is < 0 or NaN', t => {
-    for (const input of ["-1", "hello!"]) {
-        process.env['INPUT_RAM'] = input;
-        t.throws(util.getMemoryFlag);
-    }
-});
-ava_1.default('getThreadsFlag() should return the correct --threads flag', t => {
-    const numCpus = os.cpus().length;
-    const tests = {
-        "0": "--threads=0",
-        "1": "--threads=1",
-        [`${numCpus + 1}`]: `--threads=${numCpus}`,
-        [`${-numCpus - 1}`]: `--threads=${-numCpus}`
-    };
-    for (const [input, expectedFlag] of Object.entries(tests)) {
-        process.env['INPUT_THREADS'] = input;
-        const flag = util.getThreadsFlag();
-        t.deepEqual(flag, expectedFlag);
-    }
-});
-ava_1.default('getThreadsFlag() throws if the threads input is not an integer', t => {
-    process.env['INPUT_THREADS'] = "hello!";
-    t.throws(util.getThreadsFlag);
-});
-ava_1.default('getRef() throws on the empty string', t => {
-    process.env["GITHUB_REF"] = "";
-    t.throws(util.getRef);
-});
 //# sourceMappingURL=util.test.js.map

lib/util.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"util.test.js","sourceRoot":"","sources":["../src/util.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,uCAAyB;AAEzB,mDAA2C;AAC3C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE;IACvB,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,GAAG,mCAAmC,EAAE,MAAM,CAAC,CAAC;IACvF,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,+BAA+B,EAAE,QAAQ,CAAC,CAAC,CAAC;AACtE,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,sDAAsD,EAAE,CAAC,CAAC,EAAE;IAE/D,MAAM,QAAQ,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC,CAAC,CAAC;IAE3D,MAAM,KAAK,GAAG;QACZ,EAAE,EAAE,SAAS,QAAQ,GAAG,GAAG,EAAE;QAC7B,KAAK,EAAE,WAAW;KACnB,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAEzD,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;QAEjC,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,EAAE,CAAC;QAClC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,uDAAuD,EAAE,CAAC,CAAC,EAAE;IAChE,KAAK,MAAM,KAAK,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,EAAE;QACpC,OAAO,CAAC,GAAG,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC;QACjC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;KAC9B;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,2DAA2D,EAAE,CAAC,CAAC,EAAE;IAEpE,MAAM,OAAO,GAAG,EAAE,CAAC,IAAI,EAAE,CAAC,MAAM,CAAC;IAEjC,MAAM,KAAK,GAAG;QACZ,GAAG,EAAE,aAAa;QAClB,GAAG,EAAE,aAAa;QAClB,CAAC,GAAG,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,OAAO,EAAE;QAC1C,CAAC,GAAG,CAAC,OAAO,GAAG,CAAC,EAAE,CAAC,EAAE,aAAa,CAAC,OAAO,EAAE;KAC7C,CAAC;IAEF,KAAK,MAAM,CAAC,KAAK,EAAE,YAAY,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAEzD,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC;QAErC,MAAM,IAAI,GAAG,IAAI,CAAC,cAAc,EAAE,CAAC;QACnC,CAAC,CAAC,SAAS,CAAC,IAAI,EAAE,YAAY,CAAC,CAAC;KACjC;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,gEAAgE,EAAE,CAAC,CAAC,EAAE;IACzE,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,GAAG,QAAQ,CAAC;IACxC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,cAAc,CAAC,CAAC;AAChC,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,qCAAqC,EAAE,CAAC,CAAC,EAAE;IAC9C,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,EAAE,CAAC;IAC/B,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,CAAC;AACxB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"util.test.js","sourceRoot":"","sources":["../src/util.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AAEzB,6CAA+B;AAE/B,aAAI,CAAC,cAAc,EAAE,CAAC,CAAC,EAAE;IACvB,MAAM,KAAK,GAAG,EAAE,CAAC,YAAY,CAAC,SAAS,GAAG,mCAAmC,EAAE,MAAM,CAAC,CAAC;IACvF,MAAM,SAAS,GAAG,IAAI,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC;IAC3C,CAAC,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC,+BAA+B,EAAE,QAAQ,CAAC,CAAC,CAAC;AACtE,CAAC,CAAC,CAAC"}

node_modules/.bin/semver

@@ -1 +1 @@
-../semver/bin/semver.js
+../semver/bin/semver

node_modules/@actions/github/README.md

@@ -1,74 +0,0 @@
-# `@actions/github`
-
-> A hydrated Octokit client.
-
-## Usage
-
-Returns an authenticated Octokit client that follows the machine [proxy settings](https://help.github.com/en/actions/hosting-your-own-runners/using-a-proxy-server-with-self-hosted-runners). See https://octokit.github.io/rest.js for the API.
-
-```js
-const github = require('@actions/github');
-const core = require('@actions/core');
-
-async function run() {
-    // This should be a token with access to your repository scoped in as a secret.
-    // The YML workflow will need to set myToken with the GitHub Secret Token
-    // myToken: ${{ secrets.GITHUB_TOKEN }}
-    // https://help.github.com/en/actions/automating-your-workflow-with-github-actions/authenticating-with-the-github_token#about-the-github_token-secret
-    const myToken = core.getInput('myToken');
-
-    const octokit = new github.GitHub(myToken);
-
-    const { data: pullRequest } = await octokit.pulls.get({
-        owner: 'octokit',
-        repo: 'rest.js',
-        pull_number: 123,
-        mediaType: {
-          format: 'diff'
-        }
-    });
-
-    console.log(pullRequest);
-}
-
-run();
-```
-
-You can pass client options, as specified by [Octokit](https://octokit.github.io/rest.js/), as a second argument to the `GitHub` constructor.
-
-You can also make GraphQL requests. See https://github.com/octokit/graphql.js for the API.
-
-```js
-const result = await octokit.graphql(query, variables);
-```
-
-Finally, you can get the context of the current action:
-
-```js
-const github = require('@actions/github');
-
-const context = github.context;
-
-const newIssue = await octokit.issues.create({
-  ...context.repo,
-  title: 'New issue!',
-  body: 'Hello Universe!'
-});
-```
-
-## Webhook payload typescript definitions
-
-The npm module `@octokit/webhooks` provides type definitions for the response payloads. You can cast the payload to these types for better type information.
-
-First, install the npm module `npm install @octokit/webhooks`
-
-Then, assert the type based on the eventName
-```ts
-import * as core from '@actions/core'
-import * as github from '@actions/github'
-import * as Webhooks from '@octokit/webhooks'
-if (github.context.eventName === 'push') {
-  const pushPayload = github.context.payload as Webhooks.WebhookPayloadPush
-  core.info(`The head commit is: ${pushPayload.head}`)
-}
-```

node_modules/@actions/github/lib/context.d.ts

@@ -1,26 +0,0 @@
-import { WebhookPayload } from './interfaces';
-export declare class Context {
-    /**
-     * Webhook payload object that triggered the workflow
-     */
-    payload: WebhookPayload;
-    eventName: string;
-    sha: string;
-    ref: string;
-    workflow: string;
-    action: string;
-    actor: string;
-    /**
-     * Hydrate the context from the environment
-     */
-    constructor();
-    get issue(): {
-        owner: string;
-        repo: string;
-        number: number;
-    };
-    get repo(): {
-        owner: string;
-        repo: string;
-    };
-}

node_modules/@actions/github/lib/context.js

@@ -1,46 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-const fs_1 = require("fs");
-const os_1 = require("os");
-class Context {
-    /**
-     * Hydrate the context from the environment
-     */
-    constructor() {
-        this.payload = {};
-        if (process.env.GITHUB_EVENT_PATH) {
-            if (fs_1.existsSync(process.env.GITHUB_EVENT_PATH)) {
-                this.payload = JSON.parse(fs_1.readFileSync(process.env.GITHUB_EVENT_PATH, { encoding: 'utf8' }));
-            }
-            else {
-                const path = process.env.GITHUB_EVENT_PATH;
-                process.stdout.write(`GITHUB_EVENT_PATH ${path} does not exist${os_1.EOL}`);
-            }
-        }
-        this.eventName = process.env.GITHUB_EVENT_NAME;
-        this.sha = process.env.GITHUB_SHA;
-        this.ref = process.env.GITHUB_REF;
-        this.workflow = process.env.GITHUB_WORKFLOW;
-        this.action = process.env.GITHUB_ACTION;
-        this.actor = process.env.GITHUB_ACTOR;
-    }
-    get issue() {
-        const payload = this.payload;
-        return Object.assign(Object.assign({}, this.repo), { number: (payload.issue || payload.pull_request || payload).number });
-    }
-    get repo() {
-        if (process.env.GITHUB_REPOSITORY) {
-            const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/');
-            return { owner, repo };
-        }
-        if (this.payload.repository) {
-            return {
-                owner: this.payload.repository.owner.login,
-                repo: this.payload.repository.name
-            };
-        }
-        throw new Error("context.repo requires a GITHUB_REPOSITORY environment variable like 'owner/repo'");
-    }
-}
-exports.Context = Context;
-//# sourceMappingURL=context.js.map

node_modules/@actions/github/lib/context.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"context.js","sourceRoot":"","sources":["../src/context.ts"],"names":[],"mappings":";;AAEA,2BAA2C;AAC3C,2BAAsB;AAEtB,MAAa,OAAO;IAalB;;OAEG;IACH;QACE,IAAI,CAAC,OAAO,GAAG,EAAE,CAAA;QACjB,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;YACjC,IAAI,eAAU,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE;gBAC7C,IAAI,CAAC,OAAO,GAAG,IAAI,CAAC,KAAK,CACvB,iBAAY,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE,EAAC,QAAQ,EAAE,MAAM,EAAC,CAAC,CAChE,CAAA;aACF;iBAAM;gBACL,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAA;gBAC1C,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,qBAAqB,IAAI,kBAAkB,QAAG,EAAE,CAAC,CAAA;aACvE;SACF;QACD,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,iBAA2B,CAAA;QACxD,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,UAAoB,CAAA;QAC3C,IAAI,CAAC,GAAG,GAAG,OAAO,CAAC,GAAG,CAAC,UAAoB,CAAA;QAC3C,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,eAAyB,CAAA;QACrD,IAAI,CAAC,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,aAAuB,CAAA;QACjD,IAAI,CAAC,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,YAAsB,CAAA;IACjD,CAAC;IAED,IAAI,KAAK;QACP,MAAM,OAAO,GAAG,IAAI,CAAC,OAAO,CAAA;QAE5B,uCACK,IAAI,CAAC,IAAI,KACZ,MAAM,EAAE,CAAC,OAAO,CAAC,KAAK,IAAI,OAAO,CAAC,YAAY,IAAI,OAAO,CAAC,CAAC,MAAM,IAClE;IACH,CAAC;IAED,IAAI,IAAI;QACN,IAAI,OAAO,CAAC,GAAG,CAAC,iBAAiB,EAAE;YACjC,MAAM,CAAC,KAAK,EAAE,IAAI,CAAC,GAAG,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;YAC9D,OAAO,EAAC,KAAK,EAAE,IAAI,EAAC,CAAA;SACrB;QAED,IAAI,IAAI,CAAC,OAAO,CAAC,UAAU,EAAE;YAC3B,OAAO;gBACL,KAAK,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,KAAK,CAAC,KAAK;gBAC1C,IAAI,EAAE,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,IAAI;aACnC,CAAA;SACF;QAED,MAAM,IAAI,KAAK,CACb,kFAAkF,CACnF,CAAA;IACH,CAAC;CACF;AA9DD,0BA8DC"}

node_modules/@actions/github/lib/github.d.ts

@@ -1,27 +0,0 @@
-import { graphql as GraphQL } from '@octokit/graphql/dist-types/types';
-import { Octokit } from '@octokit/rest';
-import * as Context from './context';
-export declare const context: Context.Context;
-export declare class GitHub extends Octokit {
-    graphql: GraphQL;
-    /**
-     * Sets up the REST client and GraphQL client with auth and proxy support.
-     * The parameter `token` or `opts.auth` must be supplied. The GraphQL client
-     * authorization is not setup when `opts.auth` is a function or object.
-     *
-     * @param token  Auth token
-     * @param opts   Octokit options
-     */
-    constructor(token: string, opts?: Omit<Octokit.Options, 'auth'>);
-    constructor(opts: Octokit.Options);
-    /**
-     * Disambiguates the constructor overload parameters
-     */
-    private static disambiguate;
-    private static getOctokitOptions;
-    private static getGraphQL;
-    private static getAuthString;
-    private static getProxyAgent;
-    private static getApiBaseUrl;
-    private static getGraphQLBaseUrl;
-}

node_modules/@actions/github/lib/github.js

@@ -1,108 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-// Originally pulled from https://github.com/JasonEtco/actions-toolkit/blob/master/src/github.ts
-const graphql_1 = require("@octokit/graphql");
-const rest_1 = require("@octokit/rest");
-const Context = __importStar(require("./context"));
-const httpClient = __importStar(require("@actions/http-client"));
-// We need this in order to extend Octokit
-rest_1.Octokit.prototype = new rest_1.Octokit();
-exports.context = new Context.Context();
-class GitHub extends rest_1.Octokit {
-    constructor(token, opts) {
-        super(GitHub.getOctokitOptions(GitHub.disambiguate(token, opts)));
-        this.graphql = GitHub.getGraphQL(GitHub.disambiguate(token, opts));
-    }
-    /**
-     * Disambiguates the constructor overload parameters
-     */
-    static disambiguate(token, opts) {
-        return [
-            typeof token === 'string' ? token : '',
-            typeof token === 'object' ? token : opts || {}
-        ];
-    }
-    static getOctokitOptions(args) {
-        const token = args[0];
-        const options = Object.assign({}, args[1]); // Shallow clone - don't mutate the object provided by the caller
-        // Base URL - GHES or Dotcom
-        options.baseUrl = options.baseUrl || this.getApiBaseUrl();
-        // Auth
-        const auth = GitHub.getAuthString(token, options);
-        if (auth) {
-            options.auth = auth;
-        }
-        // Proxy
-        const agent = GitHub.getProxyAgent(options.baseUrl, options);
-        if (agent) {
-            // Shallow clone - don't mutate the object provided by the caller
-            options.request = options.request ? Object.assign({}, options.request) : {};
-            // Set the agent
-            options.request.agent = agent;
-        }
-        return options;
-    }
-    static getGraphQL(args) {
-        const defaults = {};
-        defaults.baseUrl = this.getGraphQLBaseUrl();
-        const token = args[0];
-        const options = args[1];
-        // Authorization
-        const auth = this.getAuthString(token, options);
-        if (auth) {
-            defaults.headers = {
-                authorization: auth
-            };
-        }
-        // Proxy
-        const agent = GitHub.getProxyAgent(defaults.baseUrl, options);
-        if (agent) {
-            defaults.request = { agent };
-        }
-        return graphql_1.graphql.defaults(defaults);
-    }
-    static getAuthString(token, options) {
-        // Validate args
-        if (!token && !options.auth) {
-            throw new Error('Parameter token or opts.auth is required');
-        }
-        else if (token && options.auth) {
-            throw new Error('Parameters token and opts.auth may not both be specified');
-        }
-        return typeof options.auth === 'string' ? options.auth : `token ${token}`;
-    }
-    static getProxyAgent(destinationUrl, options) {
-        var _a;
-        if (!((_a = options.request) === null || _a === void 0 ? void 0 : _a.agent)) {
-            if (httpClient.getProxyUrl(destinationUrl)) {
-                const hc = new httpClient.HttpClient();
-                return hc.getAgent(destinationUrl);
-            }
-        }
-        return undefined;
-    }
-    static getApiBaseUrl() {
-        return process.env['GITHUB_API_URL'] || 'https://api.github.com';
-    }
-    static getGraphQLBaseUrl() {
-        let url = process.env['GITHUB_GRAPHQL_URL'] || 'https://api.github.com/graphql';
-        // Shouldn't be a trailing slash, but remove if so
-        if (url.endsWith('/')) {
-            url = url.substr(0, url.length - 1);
-        }
-        // Remove trailing "/graphql"
-        if (url.toUpperCase().endsWith('/GRAPHQL')) {
-            url = url.substr(0, url.length - '/graphql'.length);
-        }
-        return url;
-    }
-}
-exports.GitHub = GitHub;
-//# sourceMappingURL=github.js.map

node_modules/@actions/github/lib/github.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"github.js","sourceRoot":"","sources":["../src/github.ts"],"names":[],"mappings":";;;;;;;;;AAAA,gGAAgG;AAChG,8CAAwC;AAUxC,wCAAqC;AACrC,mDAAoC;AAEpC,iEAAkD;AAElD,0CAA0C;AAC1C,cAAO,CAAC,SAAS,GAAG,IAAI,cAAO,EAAE,CAAA;AAEpB,QAAA,OAAO,GAAG,IAAI,OAAO,CAAC,OAAO,EAAE,CAAA;AAE5C,MAAa,MAAO,SAAQ,cAAO;IAiBjC,YAAY,KAA+B,EAAE,IAAsB;QACjE,KAAK,CAAC,MAAM,CAAC,iBAAiB,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAC,CAAA;QAEjE,IAAI,CAAC,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,CAAC,YAAY,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,CAAA;IACpE,CAAC;IAED;;OAEG;IACK,MAAM,CAAC,YAAY,CACzB,KAA+B,EAC/B,IAAsB;QAEtB,OAAO;YACL,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;YACtC,OAAO,KAAK,KAAK,QAAQ,CAAC,CAAC,CAAC,KAAK,CAAC,CAAC,CAAC,IAAI,IAAI,EAAE;SAC/C,CAAA;IACH,CAAC;IAEO,MAAM,CAAC,iBAAiB,CAC9B,IAA+B;QAE/B,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,OAAO,qBAAO,IAAI,CAAC,CAAC,CAAC,CAAC,CAAA,CAAC,iEAAiE;QAE9F,4BAA4B;QAC5B,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,IAAI,IAAI,CAAC,aAAa,EAAE,CAAA;QAEzD,OAAO;QACP,MAAM,IAAI,GAAG,MAAM,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;QACjD,IAAI,IAAI,EAAE;YACR,OAAO,CAAC,IAAI,GAAG,IAAI,CAAA;SACpB;QAED,QAAQ;QACR,MAAM,KAAK,GAAG,MAAM,CAAC,aAAa,CAAC,OAAO,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAC5D,IAAI,KAAK,EAAE;YACT,iEAAiE;YACjE,OAAO,CAAC,OAAO,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC,mBAAK,OAAO,CAAC,OAAO,EAAE,CAAC,CAAC,EAAE,CAAA;YAE7D,gBAAgB;YAChB,OAAO,CAAC,OAAO,CAAC,KAAK,GAAG,KAAK,CAAA;SAC9B;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;IAEO,MAAM,CAAC,UAAU,CAAC,IAA+B;QACvD,MAAM,QAAQ,GAA6B,EAAE,CAAA;QAC7C,QAAQ,CAAC,OAAO,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAA;QAC3C,MAAM,KAAK,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QACrB,MAAM,OAAO,GAAG,IAAI,CAAC,CAAC,CAAC,CAAA;QAEvB,gBAAgB;QAChB,MAAM,IAAI,GAAG,IAAI,CAAC,aAAa,CAAC,KAAK,EAAE,OAAO,CAAC,CAAA;QAC/C,IAAI,IAAI,EAAE;YACR,QAAQ,CAAC,OAAO,GAAG;gBACjB,aAAa,EAAE,IAAI;aACpB,CAAA;SACF;QAED,QAAQ;QACR,MAAM,KAAK,GAAG,MAAM,CAAC,aAAa,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;QAC7D,IAAI,KAAK,EAAE;YACT,QAAQ,CAAC,OAAO,GAAG,EAAC,KAAK,EAAC,CAAA;SAC3B;QAED,OAAO,iBAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAA;IACnC,CAAC;IAEO,MAAM,CAAC,aAAa,CAC1B,KAAa,EACb,OAAwB;QAExB,gBAAgB;QAChB,IAAI,CAAC,KAAK,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE;YAC3B,MAAM,IAAI,KAAK,CAAC,0CAA0C,CAAC,CAAA;SAC5D;aAAM,IAAI,KAAK,IAAI,OAAO,CAAC,IAAI,EAAE;YAChC,MAAM,IAAI,KAAK,CACb,0DAA0D,CAC3D,CAAA;SACF;QAED,OAAO,OAAO,OAAO,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,KAAK,EAAE,CAAA;IAC3E,CAAC;IAEO,MAAM,CAAC,aAAa,CAC1B,cAAsB,EACtB,OAAwB;;QAExB,IAAI,QAAC,OAAO,CAAC,OAAO,0CAAE,KAAK,CAAA,EAAE;YAC3B,IAAI,UAAU,CAAC,WAAW,CAAC,cAAc,CAAC,EAAE;gBAC1C,MAAM,EAAE,GAAG,IAAI,UAAU,CAAC,UAAU,EAAE,CAAA;gBACtC,OAAO,EAAE,CAAC,QAAQ,CAAC,cAAc,CAAC,CAAA;aACnC;SACF;QAED,OAAO,SAAS,CAAA;IAClB,CAAC;IAEO,MAAM,CAAC,aAAa;QAC1B,OAAO,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,wBAAwB,CAAA;IAClE,CAAC;IAEO,MAAM,CAAC,iBAAiB;QAC9B,IAAI,GAAG,GACL,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,IAAI,gCAAgC,CAAA;QAEvE,kDAAkD;QAClD,IAAI,GAAG,CAAC,QAAQ,CAAC,GAAG,CAAC,EAAE;YACrB,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,CAAC,CAAC,CAAA;SACpC;QAED,6BAA6B;QAC7B,IAAI,GAAG,CAAC,WAAW,EAAE,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE;YAC1C,GAAG,GAAG,GAAG,CAAC,MAAM,CAAC,CAAC,EAAE,GAAG,CAAC,MAAM,GAAG,UAAU,CAAC,MAAM,CAAC,CAAA;SACpD;QACD,OAAO,GAAG,CAAA;IACZ,CAAC;CACF;AAxID,wBAwIC"}

node_modules/@actions/github/lib/interfaces.d.ts

@@ -1,36 +0,0 @@
-export interface PayloadRepository {
-    [key: string]: any;
-    full_name?: string;
-    name: string;
-    owner: {
-        [key: string]: any;
-        login: string;
-        name?: string;
-    };
-    html_url?: string;
-}
-export interface WebhookPayload {
-    [key: string]: any;
-    repository?: PayloadRepository;
-    issue?: {
-        [key: string]: any;
-        number: number;
-        html_url?: string;
-        body?: string;
-    };
-    pull_request?: {
-        [key: string]: any;
-        number: number;
-        html_url?: string;
-        body?: string;
-    };
-    sender?: {
-        [key: string]: any;
-        type: string;
-    };
-    action?: string;
-    installation?: {
-        id: number;
-        [key: string]: any;
-    };
-}

node_modules/@actions/github/lib/interfaces.js

@@ -1,4 +0,0 @@
-"use strict";
-/* eslint-disable @typescript-eslint/no-explicit-any */
-Object.defineProperty(exports, "__esModule", { value: true });
-//# sourceMappingURL=interfaces.js.map

node_modules/@actions/github/lib/interfaces.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"interfaces.js","sourceRoot":"","sources":["../src/interfaces.ts"],"names":[],"mappings":";AAAA,uDAAuD"}

node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-src/version.js

@@ -1 +0,0 @@
-export const VERSION = "1.1.2";

node_modules/@actions/github/node_modules/@octokit/plugin-paginate-rest/dist-types/version.d.ts

@@ -1 +0,0 @@
-export declare const VERSION = "1.1.2";

node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/index.js

@@ -1,38 +0,0 @@
-import { Deprecation } from "deprecation";
-import endpointsByScope from "./generated/endpoints";
-import { VERSION } from "./version";
-import { registerEndpoints } from "./register-endpoints";
-/**
- * This plugin is a 1:1 copy of internal @octokit/rest plugins. The primary
- * goal is to rebuild @octokit/rest on top of @octokit/core. Once that is
- * done, we will remove the registerEndpoints methods and return the methods
- * directly as with the other plugins. At that point we will also remove the
- * legacy workarounds and deprecations.
- *
- * See the plan at
- * https://github.com/octokit/plugin-rest-endpoint-methods.js/pull/1
- */
-export function restEndpointMethods(octokit) {
-    // @ts-ignore
-    octokit.registerEndpoints = registerEndpoints.bind(null, octokit);
-    registerEndpoints(octokit, endpointsByScope);
-    // Aliasing scopes for backward compatibility
-    // See https://github.com/octokit/rest.js/pull/1134
-    [
-        ["gitdata", "git"],
-        ["authorization", "oauthAuthorizations"],
-        ["pullRequests", "pulls"]
-    ].forEach(([deprecatedScope, scope]) => {
-        Object.defineProperty(octokit, deprecatedScope, {
-            get() {
-                octokit.log.warn(
-                // @ts-ignore
-                new Deprecation(`[@octokit/plugin-rest-endpoint-methods] "octokit.${deprecatedScope}.*" methods are deprecated, use "octokit.${scope}.*" instead`));
-                // @ts-ignore
-                return octokit[scope];
-            }
-        });
-    });
-    return {};
-}
-restEndpointMethods.VERSION = VERSION;

node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/register-endpoints.js

@@ -1,60 +0,0 @@
-import { Deprecation } from "deprecation";
-export function registerEndpoints(octokit, routes) {
-    Object.keys(routes).forEach(namespaceName => {
-        if (!octokit[namespaceName]) {
-            octokit[namespaceName] = {};
-        }
-        Object.keys(routes[namespaceName]).forEach(apiName => {
-            const apiOptions = routes[namespaceName][apiName];
-            const endpointDefaults = ["method", "url", "headers"].reduce((map, key) => {
-                if (typeof apiOptions[key] !== "undefined") {
-                    map[key] = apiOptions[key];
-                }
-                return map;
-            }, {});
-            endpointDefaults.request = {
-                validate: apiOptions.params
-            };
-            let request = octokit.request.defaults(endpointDefaults);
-            // patch request & endpoint methods to support deprecated parameters.
-            // Not the most elegant solution, but we don’t want to move deprecation
-            // logic into octokit/endpoint.js as it’s out of scope
-            const hasDeprecatedParam = Object.keys(apiOptions.params || {}).find(key => apiOptions.params[key].deprecated);
-            if (hasDeprecatedParam) {
-                const patch = patchForDeprecation.bind(null, octokit, apiOptions);
-                request = patch(octokit.request.defaults(endpointDefaults), `.${namespaceName}.${apiName}()`);
-                request.endpoint = patch(request.endpoint, `.${namespaceName}.${apiName}.endpoint()`);
-                request.endpoint.merge = patch(request.endpoint.merge, `.${namespaceName}.${apiName}.endpoint.merge()`);
-            }
-            if (apiOptions.deprecated) {
-                octokit[namespaceName][apiName] = Object.assign(function deprecatedEndpointMethod() {
-                    octokit.log.warn(new Deprecation(`[@octokit/rest] ${apiOptions.deprecated}`));
-                    octokit[namespaceName][apiName] = request;
-                    return request.apply(null, arguments);
-                }, request);
-                return;
-            }
-            octokit[namespaceName][apiName] = request;
-        });
-    });
-}
-function patchForDeprecation(octokit, apiOptions, method, methodName) {
-    const patchedMethod = (options) => {
-        options = Object.assign({}, options);
-        Object.keys(options).forEach(key => {
-            if (apiOptions.params[key] && apiOptions.params[key].deprecated) {
-                const aliasKey = apiOptions.params[key].alias;
-                octokit.log.warn(new Deprecation(`[@octokit/rest] "${key}" parameter is deprecated for "${methodName}". Use "${aliasKey}" instead`));
-                if (!(aliasKey in options)) {
-                    options[aliasKey] = options[key];
-                }
-                delete options[key];
-            }
-        });
-        return method(options);
-    };
-    Object.keys(method).forEach(key => {
-        patchedMethod[key] = method[key];
-    });
-    return patchedMethod;
-}

node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-src/version.js

@@ -1 +0,0 @@
-export const VERSION = "2.4.0";

node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/register-endpoints.d.ts

@@ -1 +0,0 @@
-export declare function registerEndpoints(octokit: any, routes: any): void;

node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/types.d.ts

@@ -1,4 +0,0 @@
-import { RestEndpointMethods } from "./generated/rest-endpoint-methods-types";
-export declare type Api = {
-    registerEndpoints: (endpoints: any) => void;
-} & RestEndpointMethods;

node_modules/@actions/github/node_modules/@octokit/plugin-rest-endpoint-methods/dist-types/version.d.ts

@@ -1 +0,0 @@
-export declare const VERSION = "2.4.0";

node_modules/@actions/github/node_modules/@octokit/rest/index.js

@@ -1,43 +0,0 @@
-const { requestLog } = require("@octokit/plugin-request-log");
-const {
-  restEndpointMethods
-} = require("@octokit/plugin-rest-endpoint-methods");
-
-const Core = require("./lib/core");
-
-const CORE_PLUGINS = [
-  require("./plugins/authentication"),
-  require("./plugins/authentication-deprecated"), // deprecated: remove in v17
-  requestLog,
-  require("./plugins/pagination"),
-  restEndpointMethods,
-  require("./plugins/validate"),
-
-  require("octokit-pagination-methods") // deprecated: remove in v17
-];
-
-const OctokitRest = Core.plugin(CORE_PLUGINS);
-
-function DeprecatedOctokit(options) {
-  const warn =
-    options && options.log && options.log.warn
-      ? options.log.warn
-      : console.warn;
-  warn(
-    '[@octokit/rest] `const Octokit = require("@octokit/rest")` is deprecated. Use `const { Octokit } = require("@octokit/rest")` instead'
-  );
-  return new OctokitRest(options);
-}
-
-const Octokit = Object.assign(DeprecatedOctokit, {
-  Octokit: OctokitRest
-});
-
-Object.keys(OctokitRest).forEach(key => {
-  /* istanbul ignore else */
-  if (OctokitRest.hasOwnProperty(key)) {
-    Octokit[key] = OctokitRest[key];
-  }
-});
-
-module.exports = Octokit;

node_modules/@actions/github/node_modules/@octokit/rest/lib/constructor.js

@@ -1,29 +0,0 @@
-module.exports = Octokit;
-
-const { request } = require("@octokit/request");
-const Hook = require("before-after-hook");
-
-const parseClientOptions = require("./parse-client-options");
-
-function Octokit(plugins, options) {
-  options = options || {};
-  const hook = new Hook.Collection();
-  const log = Object.assign(
-    {
-      debug: () => {},
-      info: () => {},
-      warn: console.warn,
-      error: console.error
-    },
-    options && options.log
-  );
-  const api = {
-    hook,
-    log,
-    request: request.defaults(parseClientOptions(options, log, hook))
-  };
-
-  plugins.forEach(pluginFunction => pluginFunction(api, options));
-
-  return api;
-}

node_modules/@actions/github/node_modules/@octokit/rest/lib/core.js

@@ -1,3 +0,0 @@
-const factory = require("./factory");
-
-module.exports = factory();

node_modules/@actions/github/node_modules/@octokit/rest/lib/factory.js

@@ -1,10 +0,0 @@
-module.exports = factory;
-
-const Octokit = require("./constructor");
-const registerPlugin = require("./register-plugin");
-
-function factory(plugins) {
-  const Api = Octokit.bind(null, plugins || []);
-  Api.plugin = registerPlugin.bind(null, plugins || []);
-  return Api;
-}

node_modules/@actions/github/node_modules/@octokit/rest/lib/parse-client-options.js

@@ -1,89 +0,0 @@
-module.exports = parseOptions;
-
-const { Deprecation } = require("deprecation");
-const { getUserAgent } = require("universal-user-agent");
-const once = require("once");
-
-const pkg = require("../package.json");
-
-const deprecateOptionsTimeout = once((log, deprecation) =>
-  log.warn(deprecation)
-);
-const deprecateOptionsAgent = once((log, deprecation) => log.warn(deprecation));
-const deprecateOptionsHeaders = once((log, deprecation) =>
-  log.warn(deprecation)
-);
-
-function parseOptions(options, log, hook) {
-  if (options.headers) {
-    options.headers = Object.keys(options.headers).reduce((newObj, key) => {
-      newObj[key.toLowerCase()] = options.headers[key];
-      return newObj;
-    }, {});
-  }
-
-  const clientDefaults = {
-    headers: options.headers || {},
-    request: options.request || {},
-    mediaType: {
-      previews: [],
-      format: ""
-    }
-  };
-
-  if (options.baseUrl) {
-    clientDefaults.baseUrl = options.baseUrl;
-  }
-
-  if (options.userAgent) {
-    clientDefaults.headers["user-agent"] = options.userAgent;
-  }
-
-  if (options.previews) {
-    clientDefaults.mediaType.previews = options.previews;
-  }
-
-  if (options.timeZone) {
-    clientDefaults.headers["time-zone"] = options.timeZone;
-  }
-
-  if (options.timeout) {
-    deprecateOptionsTimeout(
-      log,
-      new Deprecation(
-        "[@octokit/rest] new Octokit({timeout}) is deprecated. Use {request: {timeout}} instead. See https://github.com/octokit/request.js#request"
-      )
-    );
-    clientDefaults.request.timeout = options.timeout;
-  }
-
-  if (options.agent) {
-    deprecateOptionsAgent(
-      log,
-      new Deprecation(
-        "[@octokit/rest] new Octokit({agent}) is deprecated. Use {request: {agent}} instead. See https://github.com/octokit/request.js#request"
-      )
-    );
-    clientDefaults.request.agent = options.agent;
-  }
-
-  if (options.headers) {
-    deprecateOptionsHeaders(
-      log,
-      new Deprecation(
-        "[@octokit/rest] new Octokit({headers}) is deprecated. Use {userAgent, previews} instead. See https://github.com/octokit/request.js#request"
-      )
-    );
-  }
-
-  const userAgentOption = clientDefaults.headers["user-agent"];
-  const defaultUserAgent = `octokit.js/${pkg.version} ${getUserAgent()}`;
-
-  clientDefaults.headers["user-agent"] = [userAgentOption, defaultUserAgent]
-    .filter(Boolean)
-    .join(" ");
-
-  clientDefaults.request.hook = hook.bind(null, "request");
-
-  return clientDefaults;
-}

node_modules/@actions/github/node_modules/@octokit/rest/lib/register-plugin.js

@@ -1,9 +0,0 @@
-module.exports = registerPlugin;
-
-const factory = require("./factory");
-
-function registerPlugin(plugins, pluginFunction) {
-  return factory(
-    plugins.includes(pluginFunction) ? plugins : plugins.concat(pluginFunction)
-  );
-}

node_modules/@actions/github/node_modules/@octokit/rest/package.json

@@ -1,140 +0,0 @@
-{
-  "name": "@octokit/rest",
-  "version": "16.43.2",
-  "publishConfig": {
-    "access": "public"
-  },
-  "description": "GitHub REST API client for Node.js",
-  "keywords": [
-    "octokit",
-    "github",
-    "rest",
-    "api-client"
-  ],
-  "author": "Gregor Martynus (https://github.com/gr2m)",
-  "contributors": [
-    {
-      "name": "Mike de Boer",
-      "email": "info@mikedeboer.nl"
-    },
-    {
-      "name": "Fabian Jakobs",
-      "email": "fabian@c9.io"
-    },
-    {
-      "name": "Joe Gallo",
-      "email": "joe@brassafrax.com"
-    },
-    {
-      "name": "Gregor Martynus",
-      "url": "https://github.com/gr2m"
-    }
-  ],
-  "repository": "https://github.com/octokit/rest.js",
-  "dependencies": {
-    "@octokit/auth-token": "^2.4.0",
-    "@octokit/plugin-paginate-rest": "^1.1.1",
-    "@octokit/plugin-request-log": "^1.0.0",
-    "@octokit/plugin-rest-endpoint-methods": "2.4.0",
-    "@octokit/request": "^5.2.0",
-    "@octokit/request-error": "^1.0.2",
-    "atob-lite": "^2.0.0",
-    "before-after-hook": "^2.0.0",
-    "btoa-lite": "^1.0.0",
-    "deprecation": "^2.0.0",
-    "lodash.get": "^4.4.2",
-    "lodash.set": "^4.3.2",
-    "lodash.uniq": "^4.5.0",
-    "octokit-pagination-methods": "^1.1.0",
-    "once": "^1.4.0",
-    "universal-user-agent": "^4.0.0"
-  },
-  "devDependencies": {
-    "@gimenete/type-writer": "^0.1.3",
-    "@octokit/auth": "^1.1.1",
-    "@octokit/fixtures-server": "^5.0.6",
-    "@octokit/graphql": "^4.2.0",
-    "@types/node": "^13.1.0",
-    "bundlesize": "^0.18.0",
-    "chai": "^4.1.2",
-    "compression-webpack-plugin": "^3.1.0",
-    "cypress": "^4.0.0",
-    "glob": "^7.1.2",
-    "http-proxy-agent": "^4.0.0",
-    "lodash.camelcase": "^4.3.0",
-    "lodash.merge": "^4.6.1",
-    "lodash.upperfirst": "^4.3.1",
-    "lolex": "^6.0.0",
-    "mkdirp": "^1.0.0",
-    "mocha": "^7.0.1",
-    "mustache": "^4.0.0",
-    "nock": "^11.3.3",
-    "npm-run-all": "^4.1.2",
-    "nyc": "^15.0.0",
-    "prettier": "^1.14.2",
-    "proxy": "^1.0.0",
-    "semantic-release": "^17.0.0",
-    "sinon": "^8.0.0",
-    "sinon-chai": "^3.0.0",
-    "sort-keys": "^4.0.0",
-    "string-to-arraybuffer": "^1.0.0",
-    "string-to-jsdoc-comment": "^1.0.0",
-    "typescript": "^3.3.1",
-    "webpack": "^4.0.0",
-    "webpack-bundle-analyzer": "^3.0.0",
-    "webpack-cli": "^3.0.0"
-  },
-  "types": "index.d.ts",
-  "scripts": {
-    "coverage": "nyc report --reporter=html && open coverage/index.html",
-    "lint": "prettier --check '{lib,plugins,scripts,test}/**/*.{js,json,ts}' 'docs/*.{js,json}' 'docs/src/**/*' index.js README.md package.json",
-    "lint:fix": "prettier --write '{lib,plugins,scripts,test}/**/*.{js,json,ts}' 'docs/*.{js,json}' 'docs/src/**/*' index.js README.md package.json",
-    "pretest": "npm run -s lint",
-    "test": "nyc mocha test/mocha-node-setup.js \"test/*/**/*-test.js\"",
-    "test:browser": "cypress run --browser chrome",
-    "build": "npm-run-all build:*",
-    "build:ts": "npm run -s update-endpoints:typescript",
-    "prebuild:browser": "mkdirp dist/",
-    "build:browser": "npm-run-all build:browser:*",
-    "build:browser:development": "webpack --mode development --entry . --output-library=Octokit --output=./dist/octokit-rest.js --profile --json > dist/bundle-stats.json",
-    "build:browser:production": "webpack --mode production --entry . --plugin=compression-webpack-plugin --output-library=Octokit --output-path=./dist --output-filename=octokit-rest.min.js --devtool source-map",
-    "generate-bundle-report": "webpack-bundle-analyzer dist/bundle-stats.json --mode=static --no-open --report dist/bundle-report.html",
-    "update-endpoints": "npm-run-all update-endpoints:*",
-    "update-endpoints:fetch-json": "node scripts/update-endpoints/fetch-json",
-    "update-endpoints:typescript": "node scripts/update-endpoints/typescript",
-    "prevalidate:ts": "npm run -s build:ts",
-    "validate:ts": "tsc --target es6 --noImplicitAny index.d.ts",
-    "postvalidate:ts": "tsc --noEmit --target es6 test/typescript-validate.ts",
-    "start-fixtures-server": "octokit-fixtures-server"
-  },
-  "license": "MIT",
-  "files": [
-    "index.js",
-    "index.d.ts",
-    "lib",
-    "plugins"
-  ],
-  "nyc": {
-    "ignore": [
-      "test"
-    ]
-  },
-  "release": {
-    "publish": [
-      "@semantic-release/npm",
-      {
-        "path": "@semantic-release/github",
-        "assets": [
-          "dist/*",
-          "!dist/*.map.gz"
-        ]
-      }
-    ]
-  },
-  "bundlesize": [
-    {
-      "path": "./dist/octokit-rest.min.js.gz",
-      "maxSize": "33 kB"
-    }
-  ]
-}

node_modules/@actions/github/node_modules/@octokit/rest/plugins/authentication-deprecated/authenticate.js

@@ -1,52 +0,0 @@
-module.exports = authenticate;
-
-const { Deprecation } = require("deprecation");
-const once = require("once");
-
-const deprecateAuthenticate = once((log, deprecation) => log.warn(deprecation));
-
-function authenticate(state, options) {
-  deprecateAuthenticate(
-    state.octokit.log,
-    new Deprecation(
-      '[@octokit/rest] octokit.authenticate() is deprecated. Use "auth" constructor option instead.'
-    )
-  );
-
-  if (!options) {
-    state.auth = false;
-    return;
-  }
-
-  switch (options.type) {
-    case "basic":
-      if (!options.username || !options.password) {
-        throw new Error(
-          "Basic authentication requires both a username and password to be set"
-        );
-      }
-      break;
-
-    case "oauth":
-      if (!options.token && !(options.key && options.secret)) {
-        throw new Error(
-          "OAuth2 authentication requires a token or key & secret to be set"
-        );
-      }
-      break;
-
-    case "token":
-    case "app":
-      if (!options.token) {
-        throw new Error("Token authentication requires a token to be set");
-      }
-      break;
-
-    default:
-      throw new Error(
-        "Invalid authentication type, must be 'basic', 'oauth', 'token' or 'app'"
-      );
-  }
-
-  state.auth = options;
-}