fix tslint member-ordering to conform to schema

Use bundle URL version as the cache version

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,5 @@
+blank_issues_enabled: true
+contact_links:
+  - name: Contact GitHub Support
+    url: https://support.github.com/contact?subject=Code+Scanning+Beta+Support&tags=code-scanning-support
+    about: Contact Support about code scanning

.github/codeql/codeql-config.yml

@@ -2,5 +2,12 @@ name: "CodeQL config"
 queries: 
   - name: Run custom queries
     uses: ./queries
+  # Run all extra query suites, both because we want to
+  # and because it'll act as extra testing. This is why
+  # we include both even though one is a superset of the
+  # other, because we're testing the parsing logic and
+  # that the suites exist in the codeql bundle.
+  - uses: security-extended
+  - uses: security-and-quality
 paths-ignore:
   - tests

.github/update-release-branch.py

@@ -0,0 +1,178 @@
+import datetime
+from github import Github
+import random
+import requests
+import subprocess
+import sys
+
+# The branch being merged from.
+# This is the one that contains day-to-day development work.
+MASTER_BRANCH = 'master'
+# The branch being merged into.
+# This is the release branch that users reference.
+LATEST_RELEASE_BRANCH = 'v1'
+# Name of the remote
+ORIGIN = 'origin'
+
+# Runs git with the given args and returns the stdout.
+# Raises an error if git does not exit successfully.
+def run_git(*args):
+  cmd = ['git', *args]
+  p = subprocess.run(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
+  if (p.returncode != 0):
+    raise Exception('Call to ' + ' '.join(cmd) + ' exited with code ' + str(p.returncode) + ' stderr:' + p.stderr.decode('ascii'))
+  return p.stdout.decode('ascii')
+
+# Returns true if the given branch exists on the origin remote
+def branch_exists_on_remote(branch_name):
+  return run_git('ls-remote', '--heads', ORIGIN, branch_name).strip() != ''
+
+# Opens a PR from the given branch to the release branch
+def open_pr(repo, all_commits, short_master_sha, branch_name):
+  # Sort the commits into the pull requests that introduced them,
+  # and any commits that don't have a pull request
+  pull_requests = []
+  commits_without_pull_requests = []
+  for commit in all_commits:
+    pr = get_pr_for_commit(repo, commit)
+    
+    if pr is None:
+      commits_without_pull_requests.append(commit)
+    elif not any(p for p in pull_requests if p.number == pr.number):
+      pull_requests.append(pr)
+
+  print('Found ' + str(len(pull_requests)) + ' pull requests')
+  print('Found ' + str(len(commits_without_pull_requests)) + ' commits not in a pull request')
+
+  # Sort PRs and commits by age
+  sorted(pull_requests, key=lambda pr: pr.number)
+  sorted(commits_without_pull_requests, key=lambda c: c.commit.author.date)
+  
+  # Start constructing the body text
+  body = 'Merging ' + short_master_sha + ' into ' + LATEST_RELEASE_BRANCH
+
+  conductor = get_conductor(repo, pull_requests, commits_without_pull_requests)
+  body += '\n\nConductor for this PR is @' + conductor
+
+  # List all PRs merged
+  if len(pull_requests) > 0:
+    body += '\n\nContains the following pull requests:'
+    for pr in pull_requests:
+      merger = get_merger_of_pr(repo, pr)
+      body += '\n- #' + str(pr.number)
+      body += ' - ' + pr.title
+      body += ' (@' + merger + ')'
+  
+  # List all commits not part of a PR
+  if len(commits_without_pull_requests) > 0:
+    body += '\n\nContains the following commits not from a pull request:'
+    for commit in commits_without_pull_requests:
+      body += '\n- ' + commit.sha
+      body += ' - ' + get_truncated_commit_message(commit)
+      body += ' (@' + commit.author.login + ')'
+
+  title = 'Merge ' + MASTER_BRANCH + ' into ' + LATEST_RELEASE_BRANCH
+
+  # Create the pull request
+  pr = repo.create_pull(title=title, body=body, head=branch_name, base=LATEST_RELEASE_BRANCH)
+  print('Created PR #' + str(pr.number))
+
+  # Assign the conductor
+  pr.add_to_assignees(conductor)
+  print('Assigned PR to ' + conductor)
+
+# Gets the person who should be in charge of the mergeback PR
+def get_conductor(repo, pull_requests, other_commits):
+  # If there are any PRs then use whoever merged the last one
+  if len(pull_requests) > 0:
+    return get_merger_of_pr(repo, pull_requests[-1])
+  
+  # Otherwise take the author of the latest commit
+  return other_commits[-1].author.login
+
+# Gets a list of the SHAs of all commits that have happened on master
+# since the release branched off.
+# This will not include any commits that exist on the release branch
+# that aren't on master.
+def get_commit_difference(repo):
+  commits = run_git('log', '--pretty=format:%H', ORIGIN + '/' + LATEST_RELEASE_BRANCH + '...' + MASTER_BRANCH).strip().split('\n')
+
+  # Convert to full-fledged commit objects
+  commits = [repo.get_commit(c) for c in commits]
+
+  # Filter out merge commits for PRs
+  return list(filter(lambda c: not is_pr_merge_commit(c), commits))
+
+# Is the given commit the automatic merge commit from when merging a PR
+def is_pr_merge_commit(commit):
+  return commit.committer.login == 'web-flow' and len(commit.parents) > 1
+
+# Gets a copy of the commit message that should display nicely
+def get_truncated_commit_message(commit):
+  message = commit.commit.message.split('\n')[0]
+  if len(message) > 60:
+    return message[:57] + '...'
+  else:
+    return message
+
+# Converts a commit into the PR that introduced it to the master branch.
+# Returns the PR object, or None if no PR could be found.
+def get_pr_for_commit(repo, commit):
+  prs = commit.get_pulls()
+  
+  if prs.totalCount > 0:
+    # In the case that there are multiple PRs, return the earliest one
+    prs = list(prs)
+    sorted(prs, key=lambda pr: int(pr.number))
+    return prs[0]
+  else:
+    return None
+
+# Get the person who merged the pull request.
+# For most cases this will be the same as the author, but for PRs opened
+# by external contributors getting the merger will get us the GitHub
+# employee who reviewed and merged the PR.
+def get_merger_of_pr(repo, pr):
+  return repo.get_commit(pr.merge_commit_sha).author.login
+
+def main():
+  if len(sys.argv) != 3:
+    raise Exception('Usage: update-release.branch.py <github token> <repository nwo>')
+  github_token = sys.argv[1]
+  repository_nwo = sys.argv[2]
+
+  repo = Github(github_token).get_repo(repository_nwo)
+
+  # Print what we intend to go
+  print('Considering difference between ' + MASTER_BRANCH + ' and ' + LATEST_RELEASE_BRANCH)
+  short_master_sha = run_git('rev-parse', '--short', MASTER_BRANCH).strip()
+  print('Current head of ' + MASTER_BRANCH + ' is ' + short_master_sha)
+
+  # See if there are any commits to merge in
+  commits = get_commit_difference(repo)
+  if len(commits) == 0:
+    print('No commits to merge from ' + MASTER_BRANCH + ' to ' + LATEST_RELEASE_BRANCH)
+    return
+
+  # The branch name is based off of the name of branch being merged into
+  # and the SHA of the branch being merged from. Thus if the branch already
+  # exists we can assume we don't need to recreate it.
+  new_branch_name = 'update-' + LATEST_RELEASE_BRANCH + '-' + short_master_sha
+  print('Branch name is ' + new_branch_name)
+
+  # Check if the branch already exists. If so we can abort as this script
+  # has already run on this combination of branches.
+  if branch_exists_on_remote(new_branch_name):
+    print('Branch ' + new_branch_name + ' already exists. Nothing to do.')
+    return
+  
+  # Create the new branch and push it to the remote
+  print('Creating branch ' + new_branch_name)
+  run_git('checkout', '-b', new_branch_name, MASTER_BRANCH)
+  run_git('push', ORIGIN, new_branch_name)
+
+  # Open a PR to update the branch
+  open_pr(repo, commits, short_master_sha, new_branch_name)
+
+if __name__ == '__main__':
+  main()

.github/workflows/codeql.yml

@@ -1,6 +1,6 @@
 name: "CodeQL action"
 
-on: [push]
+on: [push, pull_request]
 
 jobs:
   build:
@@ -11,6 +11,16 @@ jobs:
 
     steps:
     - uses: actions/checkout@v1
+      with:
+        # Must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head of the pull request.
+        fetch-depth: 2
+
+    # If this run was triggered by a pull request event then checkout
+    # the head of the pull request instead of the merge commit.
+    - run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
+
     - uses: ./init
       with:
         languages: javascript

.github/workflows/integration-testing.yml

@@ -1,14 +1,10 @@
 name: "Integration Testing"
 
-on: [push]
+on: [push, pull_request]
 
 jobs:
   multi-language-repo_test-autodetect-languages:
-    strategy:
-      fail-fast: false
-      matrix:
-        os: [ubuntu-latest, windows-latest]
-    runs-on: ${{ matrix.os }}
+    runs-on: ubuntu-latest
 
     steps:
     - uses: actions/checkout@v2
@@ -16,9 +12,8 @@ jobs:
       shell: bash
       run: |
         mkdir ../action
-        shopt -s dotglob
-        mv * ../action/
-        mv ../action/tests/multi-language-repo/* .
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
     - uses: ./../action/init
     - name: Build code
       shell: bash
@@ -26,6 +21,20 @@ jobs:
     - uses: ./../action/analyze
       env:
         TEST_MODE: true
+    - run: |
+        cd "$CODEQL_ACTION_DATABASE_DIR"
+        # List all directories as there will be precisely one directory per database
+        # but there may be other files in this directory such as query suites.
+        if [ "$(ls -d */ | wc -l)" != 6 ] || \
+           [[ ! -d cpp ]] || \
+           [[ ! -d csharp ]] || \
+           [[ ! -d go ]] || \
+           [[ ! -d java ]] || \
+           [[ ! -d javascript ]] || \
+           [[ ! -d python ]]; then
+          echo "Did not find expected number of databases. Database dir contains: $(ls)"
+          exit 1
+        fi
 
   multi-language-repo_test-custom-queries:
     strategy:
@@ -40,9 +49,8 @@ jobs:
       shell: bash
       run: |
         mkdir ../action
-        shopt -s dotglob
-        mv * ../action/
-        mv ../action/tests/multi-language-repo/* .
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
     - uses: ./../action/init
       with:
         languages: cpp,csharp,java,javascript,python
@@ -72,9 +80,8 @@ jobs:
       shell: bash
       run: |
         mkdir ../action
-        shopt -s dotglob
-        mv * ../action/
-        mv ../action/tests/multi-language-repo/* .
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
     - uses: ./../action/init
       with:
         languages: go
@@ -96,15 +103,14 @@ jobs:
       shell: bash
       run: |
         mkdir ../action
-        shopt -s dotglob
-        mv * ../action/
-        mv ../action/tests/multi-language-repo/* .
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
     - name: Set up Ruby
       uses: ruby/setup-ruby@v1
       with:
         ruby-version: 2.6
     - name: Install Code Scanning integration
-      run: bundle add code-scanning-rubocop --version 0.2.0 --skip-install
+      run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install
     - name: Install dependencies
       run: bundle install
     - name: Rubocop run
@@ -117,4 +123,4 @@ jobs:
       with:
         sarif_file: rubocop.sarif
       env:
-        TEST_MODE: true
+        TEST_MODE: true

.github/workflows/update-release-branch.yml

@@ -0,0 +1,31 @@
+name: Update release branch
+on:
+  schedule:
+    - cron: 0 9 * * 1
+  repository_dispatch:
+    # Example of how to trigger this:
+    # curl -H "Authorization: Bearer <token>" -X POST https://api.github.com/repos/github/codeql-action/dispatches -d '{"event_type":"update-release-branch"}'
+    # Replace <token> with a personal access token from this page: https://github.com/settings/tokens
+    types: [update-release-branch]
+
+jobs:
+  update:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+      with:
+        # Need full history so we calculate diffs
+        fetch-depth: 0
+
+    - name: Set up Python
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.5
+
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install PyGithub==1.51 requests
+
+    - name: Update release branch
+      run: python .github/update-release-branch.py ${{ secrets.GITHUB_TOKEN }} ${{ github.repository }}

.vscode/settings.json

@@ -0,0 +1,10 @@
+{
+  "files.exclude": {
+    // include the defaults from VS Code
+    "**/.git": true,
+    "**/.DS_Store": true,
+
+    // transpiled JavaScript
+    "lib": true,
+  }
+}

README.md

@@ -1,6 +1,6 @@
 # CodeQL Action
 
-This action runs GitHub's industry-leading static analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed in the repository's security tab. CodeQL runs an extensible set of [queries](https://github.com/semmle/ql), which have been developed by the community and the [GitHub Security Lab](https://securitylab.github.com/) to find common vulnerabilities in your code.
+This action runs GitHub's industry-leading static analysis engine, CodeQL, against a repository's source code to find security vulnerabilities. It then automatically uploads the results to GitHub so they can be displayed in the repository's security tab. CodeQL runs an extensible set of [queries](https://github.com/github/codeql), which have been developed by the community and the [GitHub Security Lab](https://securitylab.github.com/) to find common vulnerabilities in your code.
 
 ## License
 
@@ -10,6 +10,8 @@ The underlying CodeQL CLI, used in this action, is licensed under the [GitHub Co
 
 ## Usage
 
+This is a short walkthrough, but for more information read [configuring code scanning](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning).
+
 To get code scanning results from CodeQL analysis on your repo you can use the following workflow as a template:
 
 ```yaml
@@ -18,6 +20,7 @@ name: "Code Scanning - Action"
 
 on:
   push:
+  pull_request:
   schedule:
     - cron: '0 0 * * 0'
 
@@ -33,6 +36,17 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
+        with:
+          # Must fetch at least the immediate parents so that if this is
+          # a pull request then we can checkout the head of the pull request.
+          # Only include this option if you are running this workflow on pull requests.
+          fetch-depth: 2
+
+      # If this run was triggered by a pull request event then checkout
+      # the head of the pull request instead of the merge commit.
+      # Only include this step if you are running this workflow on pull requests.
+      - run: git checkout HEAD^2
+        if: ${{ github.event_name == 'pull_request' }}
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
@@ -78,24 +92,9 @@ If you prefer to integrate this within an existing CI workflow, it should end up
   uses: github/codeql-action/analyze@v1
 ```
 
-### Actions triggers
+### Configuration file
 
-The CodeQL action should be run on `push` events, and on a `schedule`. `Push` events allow us to do a detailed analysis of the delta in a pull request, while the `schedule` event ensures that GitHub regularly scans the repository for the latest vulnerabilities, even if the repository becomes inactive. This action does not support the `pull_request` event.
-
-### Configuration
-
-You may optionally specify additional queries for CodeQL to execute by using a config file. The queries must belong to a [QL pack](https://help.semmle.com/codeql/codeql-cli/reference/qlpack-overview.html) and can be in your repository or any public repository. You can choose a single .ql file, a folder containing multiple .ql files, a .qls [query suite](https://help.semmle.com/codeql/codeql-cli/procedures/query-suites.html) file, or any combination of the above. To use queries from other repositories use the same syntax as when [using an action](https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions#jobsjob_idstepsuses).
-
-You can disable the default queries using `disable-default-queries: true`.
-
-You can choose to ignore some files or folders from the analysis, or include additional files/folders for analysis. This *only* works for Javascript and Python analysis.
-Identifying potential files for extraction:
-
-- Scans each folder that's defined as `paths` in turn, traversing subfolders, and looking for relevant files.
-- If it finds a subfolder that's defined as `paths-ignore`, stop traversing.
-- If a file or folder is both in `paths` and `paths-ignore`, the `paths-ignore` is ignored.
-
-Use the `config-file` parameter of the init action to enable the configuration file. For example:
+Use the `config-file` parameter of the `init` action to enable the configuration file. The value of `config-file` is the path to the configuration file you want to use. This example loads the configuration file `./.github/codeql/codeql-config.yml`.
 
 ```yaml
 - uses: github/codeql-action/init@v1
@@ -103,72 +102,8 @@ Use the `config-file` parameter of the init action to enable the configuration f
     config-file: ./.github/codeql/codeql-config.yml
 ```
 
-A config file looks like this:
-
-```yaml
-name: "My CodeQL config"
-
-disable-default-queries: true
-
-queries:
-  - name: In-repo queries (Runs the queries located in the my-queries folder of the repo)
-    uses: ./my-queries
-  - name: External Javascript QL pack (Runs a QL pack located in an external repo)
-    uses: /Semmle/ql/javascript/ql/src/Electron@master
-  - name: External query (Runs a single query located in an external QL pack)
-    uses: Semmle/ql/javascript/ql/src/AngularJS/DeadAngularJSEventListener.ql@master
-  - name: Select query suite (Runs a query suites)
-    uses: ./codeql-querypacks/complex-python-querypack/rootAndBar.qls
-
-paths:
-  - src/util.ts
-
-paths-ignore:
-  - src
-  - lib
-```
+The configuration file must be located within the local repository. For information on how to write a configuration file, see "[Using a custom configuration](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#using-a-custom-configuration)."
 
 ## Troubleshooting
 
-### Trouble with Go dependencies
-
-#### If you use a vendor directory
-
-Try passing
-
-```yaml
-env:
-  GOFLAGS: "-mod=vendor"
-```
-
-to `github/codeql-action/analyze`.
-
-#### If you do not use a vendor directory
-
-Dependencies on public repositories should just work. If you have dependencies on private repositories, one option is to use `git config` and a [personal access token](https://help.github.com/en/github/authenticating-to-github/creating-a-personal-access-token-for-the-command-line) to authenticate when downloading dependencies. Add a section like
-
-```yaml
-steps:
-  - name: Configure git private repo access
-    env:
-      TOKEN: ${{ secrets.GITHUB_PAT }}
-    run: |
-      git config --global url."https://${TOKEN}@github.com/foo/bar".insteadOf "https://github.com/foo/bar"
-      git config --global url."https://${TOKEN}@github.com/foo/baz".insteadOf "https://github.com/foo/baz"
-```
-
-before any codeql actions. A similar thing can also be done with an SSH key or deploy key.
-
-### C# using dotnet version 2 on linux
-
-This currently requires invoking `dotnet` with the `/p:UseSharedCompilation=false` flag. For example:
-
-```shell
-dotnet build /p:UseSharedCompilation=false
-```
-
-Version 3 does not require the additional flag.
-
-### Analysing Go together with other languages on `macos-latest`
-
-When running on macos it is currently not possible to analyze Go in conjunction with any of Java, C/C++, or C#. Each language can still be analyzed separately.
+Read about [troubleshooting code scanning](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning).

analyze/action.yml

@@ -12,6 +12,9 @@ inputs:
     description: Upload the SARIF file
     required: false
     default: true
+  ram:
+    description: Override the amount of memory in MB to be used by CodeQL. By default, almost all the memory of the machine is used.
+    required: false
   token:
     default: ${{ github.token }}
   matrix:

init/action.yml

@@ -5,12 +5,14 @@ inputs:
   tools:
     description: URL of CodeQL tools
     required: false
-    default: https://github.com/github/codeql-action/releases/download/codeql-bundle-20200427/codeql-bundle.tar.gz
+    default: https://github.com/github/codeql-action/releases/download/codeql-bundle-20200601/codeql-bundle.tar.gz
   languages:
     description: The languages to be analysed
     required: false
   token:
     default: ${{ github.token }}
+  matrix:
+    default: ${{ toJson(matrix) }}
   config-file:
     description: Path of the config file to use
     required: false

jest.config.js

@@ -1,11 +0,0 @@
-module.exports = {
-  clearMocks: true,
-  moduleFileExtensions: ['js', 'ts'],
-  testEnvironment: 'node',
-  testMatch: ['**/*.test.ts'],
-  testRunner: 'jest-circus/runner',
-  transform: {
-    '^.+\\.ts$': 'ts-jest'
-  },
-  verbose: true
-}

lib/analysis-paths.js

@@ -16,7 +16,7 @@ function includeAndExcludeAnalysisPaths(config, languages) {
         core.exportVariable('LGTM_INDEX_EXCLUDE', config.pathsIgnore.join('\n'));
     }
     function isInterpretedLanguage(language) {
-        return language === 'javascript' && language === 'python';
+        return language === 'javascript' || language === 'python';
     }
     // Index include/exclude only work in javascript and python
     // If some other language is detected/configured show a warning

lib/config-utils.js

@@ -12,6 +12,13 @@ const io = __importStar(require("@actions/io"));
 const fs = __importStar(require("fs"));
 const yaml = __importStar(require("js-yaml"));
 const path = __importStar(require("path"));
+const util = __importStar(require("./util"));
+const NAME_PROPERTY = 'name';
+const DISPLAY_DEFAULT_QUERIES_PROPERTY = 'disable-default-queries';
+const QUERIES_PROPERTY = 'queries';
+const QUERIES_USES_PROPERTY = 'uses';
+const PATHS_IGNORE_PROPERTY = 'paths-ignore';
+const PATHS_PROPERTY = 'paths';
 class ExternalQuery {
     constructor(repository, ref) {
         this.path = '';
@@ -20,39 +27,74 @@ class ExternalQuery {
     }
 }
 exports.ExternalQuery = ExternalQuery;
+// The set of acceptable values for built-in suites from the codeql bundle
+const builtinSuites = ['security-extended', 'security-and-quality'];
 class Config {
     constructor() {
         this.name = "";
         this.disableDefaultQueries = false;
         this.additionalQueries = [];
         this.externalQueries = [];
+        this.additionalSuites = [];
         this.pathsIgnore = [];
         this.paths = [];
     }
-    addQuery(queryUses) {
+    addQuery(configFile, queryUses) {
         // The logic for parsing the string is based on what actions does for
         // parsing the 'uses' actions in the workflow file
+        queryUses = queryUses.trim();
         if (queryUses === "") {
-            throw '"uses" value for queries cannot be blank';
+            throw new Error(getQueryUsesInvalid(configFile));
         }
+        // Check for the local path case before we start trying to parse the repository name
         if (queryUses.startsWith("./")) {
-            this.additionalQueries.push(queryUses.slice(2));
+            const localQueryPath = queryUses.slice(2);
+            // Resolve the local path against the workspace so that when this is
+            // passed to codeql it resolves to exactly the path we expect it to resolve to.
+            const workspacePath = fs.realpathSync(util.getRequiredEnvParam('GITHUB_WORKSPACE'));
+            let absoluteQueryPath = path.join(workspacePath, localQueryPath);
+            // Check the file exists
+            if (!fs.existsSync(absoluteQueryPath)) {
+                throw new Error(getLocalPathDoesNotExist(configFile, localQueryPath));
+            }
+            // Call this after checking file exists, because it'll fail if file doesn't exist
+            absoluteQueryPath = fs.realpathSync(absoluteQueryPath);
+            // Check the local path doesn't jump outside the repo using '..' or symlinks
+            if (!(absoluteQueryPath + path.sep).startsWith(workspacePath + path.sep)) {
+                throw new Error(getLocalPathOutsideOfRepository(configFile, localQueryPath));
+            }
+            this.additionalQueries.push(absoluteQueryPath);
             return;
         }
+        // Check for one of the builtin suites
+        if (queryUses.indexOf('/') === -1 && queryUses.indexOf('@') === -1) {
+            const suite = builtinSuites.find((suite) => suite === queryUses);
+            if (suite) {
+                this.additionalSuites.push(suite);
+                return;
+            }
+            else {
+                throw new Error(getQueryUsesInvalid(configFile, queryUses));
+            }
+        }
         let tok = queryUses.split('@');
         if (tok.length !== 2) {
-            throw '"uses" value for queries must be a path, or owner/repo@ref \n Found: ' + queryUses;
+            throw new Error(getQueryUsesInvalid(configFile, queryUses));
         }
         const ref = tok[1];
         tok = tok[0].split('/');
         // The first token is the owner
         // The second token is the repo
         // The rest is a path, if there is more than one token combine them to form the full path
+        if (tok.length < 2) {
+            throw new Error(getQueryUsesInvalid(configFile, queryUses));
+        }
         if (tok.length > 3) {
             tok = [tok[0], tok[1], tok.slice(2).join('/')];
         }
-        if (tok.length < 2) {
-            throw '"uses" value for queries must be a path, or owner/repo@ref \n Found: ' + queryUses;
+        // Check none of the parts of the repository name are empty
+        if (tok[0].trim() === '' || tok[1].trim() === '') {
+            throw new Error(getQueryUsesInvalid(configFile, queryUses));
         }
         let external = new ExternalQuery(tok[0] + '/' + tok[1], ref);
         if (tok.length === 3) {
@@ -62,62 +104,137 @@ class Config {
     }
 }
 exports.Config = Config;
-const configFolder = process.env['RUNNER_WORKSPACE'] || '/tmp/codeql-action';
+function getNameInvalid(configFile) {
+    return getConfigFilePropertyError(configFile, NAME_PROPERTY, 'must be a non-empty string');
+}
+exports.getNameInvalid = getNameInvalid;
+function getDisableDefaultQueriesInvalid(configFile) {
+    return getConfigFilePropertyError(configFile, DISPLAY_DEFAULT_QUERIES_PROPERTY, 'must be a boolean');
+}
+exports.getDisableDefaultQueriesInvalid = getDisableDefaultQueriesInvalid;
+function getQueriesInvalid(configFile) {
+    return getConfigFilePropertyError(configFile, QUERIES_PROPERTY, 'must be an array');
+}
+exports.getQueriesInvalid = getQueriesInvalid;
+function getQueryUsesInvalid(configFile, queryUses) {
+    return getConfigFilePropertyError(configFile, QUERIES_PROPERTY + '.' + QUERIES_USES_PROPERTY, 'must be a built-in suite (' + builtinSuites.join(' or ') +
+        '), a relative path, or be of the form "owner/repo[/path]@ref"' +
+        (queryUses !== undefined ? '\n Found: ' + queryUses : ''));
+}
+exports.getQueryUsesInvalid = getQueryUsesInvalid;
+function getPathsIgnoreInvalid(configFile) {
+    return getConfigFilePropertyError(configFile, PATHS_IGNORE_PROPERTY, 'must be an array of non-empty strings');
+}
+exports.getPathsIgnoreInvalid = getPathsIgnoreInvalid;
+function getPathsInvalid(configFile) {
+    return getConfigFilePropertyError(configFile, PATHS_PROPERTY, 'must be an array of non-empty strings');
+}
+exports.getPathsInvalid = getPathsInvalid;
+function getLocalPathOutsideOfRepository(configFile, localPath) {
+    return getConfigFilePropertyError(configFile, QUERIES_PROPERTY + '.' + QUERIES_USES_PROPERTY, 'is invalid as the local path "' + localPath + '" is outside of the repository');
+}
+exports.getLocalPathOutsideOfRepository = getLocalPathOutsideOfRepository;
+function getLocalPathDoesNotExist(configFile, localPath) {
+    return getConfigFilePropertyError(configFile, QUERIES_PROPERTY + '.' + QUERIES_USES_PROPERTY, 'is invalid as the local path "' + localPath + '" does not exist in the repository');
+}
+exports.getLocalPathDoesNotExist = getLocalPathDoesNotExist;
+function getConfigFileOutsideWorkspaceErrorMessage(configFile) {
+    return 'The configuration file "' + configFile + '" is outside of the workspace';
+}
+exports.getConfigFileOutsideWorkspaceErrorMessage = getConfigFileOutsideWorkspaceErrorMessage;
+function getConfigFileDoesNotExistErrorMessage(configFile) {
+    return 'The configuration file "' + configFile + '" does not exist';
+}
+exports.getConfigFileDoesNotExistErrorMessage = getConfigFileDoesNotExistErrorMessage;
+function getConfigFilePropertyError(configFile, property, error) {
+    return 'The configuration file "' + configFile + '" is invalid: property "' + property + '" ' + error;
+}
 function initConfig() {
-    const configFile = core.getInput('config-file');
+    let configFile = core.getInput('config-file');
     const config = new Config();
     // If no config file was provided create an empty one
     if (configFile === '') {
         core.debug('No configuration file was provided');
         return config;
     }
-    try {
-        const parsedYAML = yaml.safeLoad(fs.readFileSync(configFile, 'utf8'));
-        if (parsedYAML.name && typeof parsedYAML.name === "string") {
-            config.name = parsedYAML.name;
-        }
-        if (parsedYAML['disable-default-queries'] && typeof parsedYAML['disable-default-queries'] === "boolean") {
-            config.disableDefaultQueries = parsedYAML['disable-default-queries'];
-        }
-        const queries = parsedYAML.queries;
-        if (queries && queries instanceof Array) {
-            queries.forEach(query => {
-                if (query.uses && typeof query.uses === "string") {
-                    config.addQuery(query.uses);
-                }
-            });
-        }
-        const pathsIgnore = parsedYAML['paths-ignore'];
-        if (pathsIgnore && pathsIgnore instanceof Array) {
-            pathsIgnore.forEach(path => {
-                if (typeof path === "string") {
-                    config.pathsIgnore.push(path);
-                }
-            });
-        }
-        const paths = parsedYAML.paths;
-        if (paths && paths instanceof Array) {
-            paths.forEach(path => {
-                if (typeof path === "string") {
-                    config.paths.push(path);
-                }
-            });
-        }
+    // Treat the config file as relative to the workspace
+    const workspacePath = util.getRequiredEnvParam('GITHUB_WORKSPACE');
+    configFile = path.resolve(workspacePath, configFile);
+    // Error if the config file is now outside of the workspace
+    if (!(configFile + path.sep).startsWith(workspacePath + path.sep)) {
+        throw new Error(getConfigFileOutsideWorkspaceErrorMessage(configFile));
     }
-    catch (err) {
-        core.setFailed(err);
+    // Error if the file does not exist
+    if (!fs.existsSync(configFile)) {
+        throw new Error(getConfigFileDoesNotExistErrorMessage(configFile));
+    }
+    const parsedYAML = yaml.safeLoad(fs.readFileSync(configFile, 'utf8'));
+    if (NAME_PROPERTY in parsedYAML) {
+        if (typeof parsedYAML[NAME_PROPERTY] !== "string") {
+            throw new Error(getNameInvalid(configFile));
+        }
+        if (parsedYAML[NAME_PROPERTY].length === 0) {
+            throw new Error(getNameInvalid(configFile));
+        }
+        config.name = parsedYAML[NAME_PROPERTY];
+    }
+    if (DISPLAY_DEFAULT_QUERIES_PROPERTY in parsedYAML) {
+        if (typeof parsedYAML[DISPLAY_DEFAULT_QUERIES_PROPERTY] !== "boolean") {
+            throw new Error(getDisableDefaultQueriesInvalid(configFile));
+        }
+        config.disableDefaultQueries = parsedYAML[DISPLAY_DEFAULT_QUERIES_PROPERTY];
+    }
+    if (QUERIES_PROPERTY in parsedYAML) {
+        if (!(parsedYAML[QUERIES_PROPERTY] instanceof Array)) {
+            throw new Error(getQueriesInvalid(configFile));
+        }
+        parsedYAML[QUERIES_PROPERTY].forEach(query => {
+            if (!(QUERIES_USES_PROPERTY in query) || typeof query[QUERIES_USES_PROPERTY] !== "string") {
+                throw new Error(getQueryUsesInvalid(configFile));
+            }
+            config.addQuery(configFile, query[QUERIES_USES_PROPERTY]);
+        });
+    }
+    if (PATHS_IGNORE_PROPERTY in parsedYAML) {
+        if (!(parsedYAML[PATHS_IGNORE_PROPERTY] instanceof Array)) {
+            throw new Error(getPathsIgnoreInvalid(configFile));
+        }
+        parsedYAML[PATHS_IGNORE_PROPERTY].forEach(path => {
+            if (typeof path !== "string" || path === '') {
+                throw new Error(getPathsIgnoreInvalid(configFile));
+            }
+            config.pathsIgnore.push(path);
+        });
+    }
+    if (PATHS_PROPERTY in parsedYAML) {
+        if (!(parsedYAML[PATHS_PROPERTY] instanceof Array)) {
+            throw new Error(getPathsInvalid(configFile));
+        }
+        parsedYAML[PATHS_PROPERTY].forEach(path => {
+            if (typeof path !== "string" || path === '') {
+                throw new Error(getPathsInvalid(configFile));
+            }
+            config.paths.push(path);
+        });
     }
     return config;
 }
+function getConfigFolder() {
+    return util.getRequiredEnvParam('RUNNER_TEMP');
+}
+function getConfigFile() {
+    return path.join(getConfigFolder(), 'config');
+}
+exports.getConfigFile = getConfigFile;
 async function saveConfig(config) {
     const configString = JSON.stringify(config);
-    await io.mkdirP(configFolder);
-    fs.writeFileSync(path.join(configFolder, 'config'), configString, 'utf8');
+    await io.mkdirP(getConfigFolder());
+    fs.writeFileSync(getConfigFile(), configString, 'utf8');
     core.debug('Saved config:');
     core.debug(configString);
 }
 async function loadConfig() {
-    const configFile = path.join(configFolder, 'config');
+    const configFile = getConfigFile();
     if (fs.existsSync(configFile)) {
         const configString = fs.readFileSync(configFile, 'utf8');
         core.debug('Loaded config:');

lib/config-utils.test.js

@@ -0,0 +1,162 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const ava_1 = __importDefault(require("ava"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const configUtils = __importStar(require("./config-utils"));
+const util = __importStar(require("./util"));
+function setInput(name, value) {
+    // Transformation copied from
+    // https://github.com/actions/toolkit/blob/05e39f551d33e1688f61b209ab5cdd335198f1b8/packages/core/src/core.ts#L69
+    const envVar = `INPUT_${name.replace(/ /g, '_').toUpperCase()}`;
+    if (value !== undefined) {
+        process.env[envVar] = value;
+    }
+    else {
+        delete process.env[envVar];
+    }
+}
+ava_1.default("load empty config", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env['RUNNER_TEMP'] = tmpDir;
+        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        setInput('config-file', undefined);
+        const config = await configUtils.loadConfig();
+        t.deepEqual(config, new configUtils.Config());
+    });
+});
+ava_1.default("loading config saves config", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env['RUNNER_TEMP'] = tmpDir;
+        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        const configFile = configUtils.getConfigFile();
+        // Sanity check the saved config file does not already exist
+        t.false(fs.existsSync(configFile));
+        const config = await configUtils.loadConfig();
+        // The saved config file should now exist
+        t.true(fs.existsSync(configFile));
+        // And the contents should parse correctly to the config that was returned
+        t.deepEqual(fs.readFileSync(configFile, 'utf8'), JSON.stringify(config));
+    });
+});
+ava_1.default("load input outside of workspace", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env['RUNNER_TEMP'] = tmpDir;
+        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        setInput('config-file', '../input');
+        try {
+            await configUtils.loadConfig();
+            throw new Error('loadConfig did not throw error');
+        }
+        catch (err) {
+            t.deepEqual(err, new Error(configUtils.getConfigFileOutsideWorkspaceErrorMessage(path.join(tmpDir, '../input'))));
+        }
+    });
+});
+ava_1.default("load non-existent input", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env['RUNNER_TEMP'] = tmpDir;
+        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        t.false(fs.existsSync(path.join(tmpDir, 'input')));
+        setInput('config-file', 'input');
+        try {
+            await configUtils.loadConfig();
+            throw new Error('loadConfig did not throw error');
+        }
+        catch (err) {
+            t.deepEqual(err, new Error(configUtils.getConfigFileDoesNotExistErrorMessage(path.join(tmpDir, 'input'))));
+        }
+    });
+});
+ava_1.default("load non-empty input", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env['RUNNER_TEMP'] = tmpDir;
+        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        // Just create a generic config object with non-default values for all fields
+        const inputFileContents = `
+      name: my config
+      disable-default-queries: true
+      queries:
+        - uses: ./
+        - uses: ./foo
+        - uses: foo/bar@dev
+      paths-ignore:
+        - a
+        - b
+      paths:
+        - c/d`;
+        fs.mkdirSync(path.join(tmpDir, 'foo'));
+        // And the config we expect it to parse to
+        const expectedConfig = new configUtils.Config();
+        expectedConfig.name = 'my config';
+        expectedConfig.disableDefaultQueries = true;
+        expectedConfig.additionalQueries.push(fs.realpathSync(tmpDir));
+        expectedConfig.additionalQueries.push(fs.realpathSync(path.join(tmpDir, 'foo')));
+        expectedConfig.externalQueries = [new configUtils.ExternalQuery('foo/bar', 'dev')];
+        expectedConfig.pathsIgnore = ['a', 'b'];
+        expectedConfig.paths = ['c/d'];
+        fs.writeFileSync(path.join(tmpDir, 'input'), inputFileContents, 'utf8');
+        setInput('config-file', 'input');
+        const actualConfig = await configUtils.loadConfig();
+        // Should exactly equal the object we constructed earlier
+        t.deepEqual(actualConfig, expectedConfig);
+    });
+});
+function doInvalidInputTest(testName, inputFileContents, expectedErrorMessageGenerator) {
+    ava_1.default("load invalid input - " + testName, async (t) => {
+        return await util.withTmpDir(async (tmpDir) => {
+            process.env['RUNNER_TEMP'] = tmpDir;
+            process.env['GITHUB_WORKSPACE'] = tmpDir;
+            const inputFile = path.join(tmpDir, 'input');
+            fs.writeFileSync(inputFile, inputFileContents, 'utf8');
+            setInput('config-file', 'input');
+            try {
+                await configUtils.loadConfig();
+                throw new Error('loadConfig did not throw error');
+            }
+            catch (err) {
+                t.deepEqual(err, new Error(expectedErrorMessageGenerator(inputFile)));
+            }
+        });
+    });
+}
+doInvalidInputTest('name invalid type', `
+  name:
+    - foo: bar`, configUtils.getNameInvalid);
+doInvalidInputTest('disable-default-queries invalid type', `disable-default-queries: 42`, configUtils.getDisableDefaultQueriesInvalid);
+doInvalidInputTest('queries invalid type', `queries: foo`, configUtils.getQueriesInvalid);
+doInvalidInputTest('paths-ignore invalid type', `paths-ignore: bar`, configUtils.getPathsIgnoreInvalid);
+doInvalidInputTest('paths invalid type', `paths: 17`, configUtils.getPathsInvalid);
+doInvalidInputTest('queries uses invalid type', `
+  queries:
+  - uses:
+      - hello: world`, configUtils.getQueryUsesInvalid);
+function doInvalidQueryUsesTest(input, expectedErrorMessageGenerator) {
+    // Invalid contents of a "queries.uses" field.
+    // Should fail with the expected error message
+    const inputFileContents = `
+    name: my config
+    queries:
+      - name: foo
+        uses: ` + input;
+    doInvalidInputTest("queries uses \"" + input + "\"", inputFileContents, expectedErrorMessageGenerator);
+}
+// Various "uses" fields, and the errors they should produce
+doInvalidQueryUsesTest("''", c => configUtils.getQueryUsesInvalid(c, undefined));
+doInvalidQueryUsesTest("foo/bar", c => configUtils.getQueryUsesInvalid(c, "foo/bar"));
+doInvalidQueryUsesTest("foo/bar@v1@v2", c => configUtils.getQueryUsesInvalid(c, "foo/bar@v1@v2"));
+doInvalidQueryUsesTest("foo@master", c => configUtils.getQueryUsesInvalid(c, "foo@master"));
+doInvalidQueryUsesTest("https://github.com/foo/bar@master", c => configUtils.getQueryUsesInvalid(c, "https://github.com/foo/bar@master"));
+doInvalidQueryUsesTest("./foo", c => configUtils.getLocalPathDoesNotExist(c, "foo"));
+doInvalidQueryUsesTest("./..", c => configUtils.getLocalPathOutsideOfRepository(c, ".."));
+//# sourceMappingURL=config-utils.test.js.map

lib/external-queries.js

@@ -13,7 +13,7 @@ const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const util = __importStar(require("./util"));
 async function checkoutExternalQueries(config) {
-    const folder = util.getRequiredEnvParam('RUNNER_WORKSPACE');
+    const folder = util.getRequiredEnvParam('RUNNER_TEMP');
     for (const externalQuery of config.externalQueries) {
         core.info('Checking out ' + externalQuery.repository);
         const checkoutLocation = path.join(folder, externalQuery.repository);

lib/external-queries.js.map

@@ -1 +1 @@
-{"version":3,"file":"external-queries.js","sourceRoot":"","sources":["../src/external-queries.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,oDAAsC;AACtC,uCAAyB;AACzB,2CAA6B;AAG7B,6CAA+B;AAExB,KAAK,UAAU,uBAAuB,CAAC,MAA0B;IACtE,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,kBAAkB,CAAC,CAAC;IAE5D,KAAK,MAAM,aAAa,IAAI,MAAM,CAAC,eAAe,EAAE;QAClD,IAAI,CAAC,IAAI,CAAC,eAAe,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;QAEtD,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC;QACrE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE;YACpC,MAAM,OAAO,GAAG,qBAAqB,GAAG,aAAa,CAAC,UAAU,GAAG,MAAM,CAAC;YAC1E,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC;YAC7D,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE;gBACrB,cAAc,GAAG,gBAAgB;gBACjC,YAAY,GAAG,gBAAgB,GAAG,OAAO;gBACzC,UAAU,EAAE,aAAa,CAAC,GAAG;aAC9B,CAAC,CAAC;SACJ;QAED,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;KAChF;AACH,CAAC;AAnBD,0DAmBC"}
+{"version":3,"file":"external-queries.js","sourceRoot":"","sources":["../src/external-queries.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,oDAAsC;AACtC,uCAAyB;AACzB,2CAA6B;AAG7B,6CAA+B;AAExB,KAAK,UAAU,uBAAuB,CAAC,MAA0B;IACtE,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC;IAEvD,KAAK,MAAM,aAAa,IAAI,MAAM,CAAC,eAAe,EAAE;QAClD,IAAI,CAAC,IAAI,CAAC,eAAe,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;QAEtD,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC;QACrE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE;YACpC,MAAM,OAAO,GAAG,qBAAqB,GAAG,aAAa,CAAC,UAAU,GAAG,MAAM,CAAC;YAC1E,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC;YAC7D,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE;gBACrB,cAAc,GAAG,gBAAgB;gBACjC,YAAY,GAAG,gBAAgB,GAAG,OAAO;gBACzC,UAAU,EAAE,aAAa,CAAC,GAAG;aAC9B,CAAC,CAAC;SACJ;QAED,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;KAChF;AACH,CAAC;AAnBD,0DAmBC"}

lib/external-queries.test.js

@@ -22,7 +22,7 @@ ava_1.default("checkoutExternalQueries", async (t) => {
         new configUtils.ExternalQuery("github/codeql-go", "df4c6869212341b601005567381944ed90906b6b"),
     ];
     await util.withTmpDir(async (tmpDir) => {
-        process.env["RUNNER_WORKSPACE"] = tmpDir;
+        process.env["RUNNER_TEMP"] = tmpDir;
         await externalQueries.checkoutExternalQueries(config);
         // COPYRIGHT file existed in df4c6869212341b601005567381944ed90906b6b but not in master
         t.true(fs.existsSync(path.join(tmpDir, "github", "codeql-go", "COPYRIGHT")));

lib/external-queries.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oEAAsD;AACtD,6CAA+B;AAE/B,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IACtC,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,MAAM,CAAC,eAAe,GAAG;QACrB,IAAI,WAAW,CAAC,aAAa,CAAC,kBAAkB,EAAE,0CAA0C,CAAC;KAChG,CAAC;IAEF,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QACjC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,MAAM,CAAC;QACzC,MAAM,eAAe,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtD,uFAAuF;QACvF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IACjF,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}
+{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oEAAsD;AACtD,6CAA+B;AAE/B,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IACtC,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,MAAM,CAAC,eAAe,GAAG;QACrB,IAAI,WAAW,CAAC,aAAa,CAAC,kBAAkB,EAAE,0CAA0C,CAAC;KAChG,CAAC;IAEF,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QACjC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QACpC,MAAM,eAAe,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtD,uFAAuF;QACvF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IACjF,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}

lib/finalize-db.js

@@ -11,12 +11,49 @@ const core = __importStar(require("@actions/core"));
 const exec = __importStar(require("@actions/exec"));
 const io = __importStar(require("@actions/io"));
 const fs = __importStar(require("fs"));
+const os = __importStar(require("os"));
 const path = __importStar(require("path"));
 const configUtils = __importStar(require("./config-utils"));
 const externalQueries = __importStar(require("./external-queries"));
 const sharedEnv = __importStar(require("./shared-environment"));
 const upload_lib = __importStar(require("./upload-lib"));
 const util = __importStar(require("./util"));
+/**
+ * A list of queries from https://github.com/github/codeql that
+ * we don't want to run. Disabling them here is a quicker alternative to
+ * disabling them in the code scanning query suites. Queries should also
+ * be disabled in the suites, and removed from this list here once the
+ * bundle is updated to make those suite changes live.
+ *
+ * Format is a map from language to an array of path suffixes of .ql files.
+ */
+const DISABLED_BUILTIN_QUERIES = {
+    'csharp': [
+        'ql/src/Security Features/CWE-937/VulnerablePackage.ql',
+        'ql/src/Security Features/CWE-451/MissingXFrameOptions.ql',
+    ]
+};
+function queryIsDisabled(language, query) {
+    return (DISABLED_BUILTIN_QUERIES[language] || [])
+        .some(disabledQuery => query.endsWith(disabledQuery));
+}
+function getMemoryFlag() {
+    let memoryToUseMegaBytes;
+    const memoryToUseString = core.getInput("ram");
+    if (memoryToUseString) {
+        memoryToUseMegaBytes = Number(memoryToUseString);
+        if (Number.isNaN(memoryToUseMegaBytes) || memoryToUseMegaBytes <= 0) {
+            throw new Error("Invalid RAM setting \"" + memoryToUseString + "\", specified.");
+        }
+    }
+    else {
+        const totalMemoryBytes = os.totalmem();
+        const totalMemoryMegaBytes = totalMemoryBytes / (1024 * 1024);
+        const systemReservedMemoryMegaBytes = 256;
+        memoryToUseMegaBytes = totalMemoryMegaBytes - systemReservedMemoryMegaBytes;
+    }
+    return "--ram=" + Math.floor(memoryToUseMegaBytes);
+}
 async function createdDBForScannedLanguages(codeqlCmd, databaseFolder) {
     const scannedLanguages = process.env[sharedEnv.CODEQL_ACTION_SCANNED_LANGUAGES];
     if (scannedLanguages) {
@@ -49,26 +86,50 @@ async function finalizeDatabaseCreation(codeqlCmd, databaseFolder) {
         core.endGroup();
     }
 }
+async function runResolveQueries(codeqlCmd, queries) {
+    let output = '';
+    const options = {
+        listeners: {
+            stdout: (data) => {
+                output += data.toString();
+            }
+        }
+    };
+    await exec.exec(codeqlCmd, [
+        'resolve',
+        'queries',
+        ...queries,
+        '--format=bylanguage'
+    ], options);
+    return JSON.parse(output);
+}
 async function resolveQueryLanguages(codeqlCmd, config) {
     let res = new Map();
-    if (config.additionalQueries.length !== 0) {
-        let resolveQueriesOutput = '';
-        const options = {
-            listeners: {
-                stdout: (data) => {
-                    resolveQueriesOutput += data.toString();
-                }
+    if (!config.disableDefaultQueries || config.additionalSuites.length !== 0) {
+        const suites = [];
+        for (const language of await util.getLanguages()) {
+            if (!config.disableDefaultQueries) {
+                suites.push(language + '-code-scanning.qls');
             }
-        };
-        await exec.exec(codeqlCmd, [
-            'resolve',
-            'queries',
-            ...config.additionalQueries,
-            '--format=bylanguage'
-        ], options);
-        const resolveQueriesOutputObject = JSON.parse(resolveQueriesOutput);
+            for (const additionalSuite of config.additionalSuites) {
+                suites.push(language + '-' + additionalSuite + '.qls');
+            }
+        }
+        const resolveQueriesOutputObject = await runResolveQueries(codeqlCmd, suites);
         for (const [language, queries] of Object.entries(resolveQueriesOutputObject.byLanguage)) {
-            res[language] = Object.keys(queries);
+            if (res[language] === undefined) {
+                res[language] = [];
+            }
+            res[language].push(...Object.keys(queries).filter(q => !queryIsDisabled(language, q)));
+        }
+    }
+    if (config.additionalQueries.length !== 0) {
+        const resolveQueriesOutputObject = await runResolveQueries(codeqlCmd, config.additionalQueries);
+        for (const [language, queries] of Object.entries(resolveQueriesOutputObject.byLanguage)) {
+            if (res[language] === undefined) {
+                res[language] = [];
+            }
+            res[language].push(...Object.keys(queries));
         }
         const noDeclaredLanguage = resolveQueriesOutputObject.noDeclaredLanguage;
         const noDeclaredLanguageQueries = Object.keys(noDeclaredLanguage);
@@ -88,20 +149,26 @@ async function runQueries(codeqlCmd, databaseFolder, sarifFolder, config) {
     const queriesPerLanguage = await resolveQueryLanguages(codeqlCmd, config);
     for (let database of fs.readdirSync(databaseFolder)) {
         core.startGroup('Analyzing ' + database);
-        const queries = [];
-        if (!config.disableDefaultQueries) {
-            queries.push(database + '-code-scanning.qls');
+        const queries = queriesPerLanguage[database] || [];
+        if (queries.length === 0) {
+            throw new Error('Unable to analyse ' + database + ' as no queries were selected for this language');
         }
-        queries.push(...(queriesPerLanguage[database] || []));
+        // Pass the queries to codeql using a file instead of using the command
+        // line to avoid command line length restrictions, particularly on windows.
+        const querySuite = path.join(databaseFolder, database + '-queries.qls');
+        const querySuiteContents = queries.map(q => '- query: ' + q).join('\n');
+        fs.writeFileSync(querySuite, querySuiteContents);
+        core.debug('Query suite file for ' + database + '...\n' + querySuiteContents);
         const sarifFile = path.join(sarifFolder, database + '.sarif');
         await exec.exec(codeqlCmd, [
             'database',
             'analyze',
+            getMemoryFlag(),
             path.join(databaseFolder, database),
             '--format=sarif-latest',
             '--output=' + sarifFile,
             '--no-sarif-add-snippets',
-            ...queries
+            querySuite
         ]);
         core.debug('SARIF results for database ' + database + ' created at "' + sarifFile + '"');
         core.endGroup();
@@ -126,7 +193,7 @@ async function run() {
         await runQueries(codeqlCmd, databaseFolder, sarifFolder, config);
         if ('true' === core.getInput('upload')) {
             if (!await upload_lib.upload(sarifFolder)) {
-                await util.reportActionFailed('failed', 'upload');
+                await util.reportActionFailed('finish', 'upload');
                 return;
             }
         }

lib/setup-tools.js

@@ -10,6 +10,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const toolcache = __importStar(require("@actions/tool-cache"));
 const path = __importStar(require("path"));
+const semver = __importStar(require("semver"));
 class CodeQLSetup {
     constructor(codeqlDist) {
         this.dist = codeqlDist;
@@ -35,17 +36,17 @@ class CodeQLSetup {
 }
 exports.CodeQLSetup = CodeQLSetup;
 async function setupCodeQL() {
-    const version = '1.0.0';
-    const codeqlURL = core.getInput('tools', { required: true });
     try {
-        let codeqlFolder = toolcache.find('CodeQL', version);
+        const codeqlURL = core.getInput('tools', { required: true });
+        const codeqlURLVersion = getCodeQLURLVersion(codeqlURL);
+        let codeqlFolder = toolcache.find('CodeQL', codeqlURLVersion);
         if (codeqlFolder) {
             core.debug(`CodeQL found in cache ${codeqlFolder}`);
         }
         else {
             const codeqlPath = await toolcache.downloadTool(codeqlURL);
             const codeqlExtracted = await toolcache.extractTar(codeqlPath);
-            codeqlFolder = await toolcache.cacheDir(codeqlExtracted, 'CodeQL', version);
+            codeqlFolder = await toolcache.cacheDir(codeqlExtracted, 'CodeQL', codeqlURLVersion);
         }
         return new CodeQLSetup(path.join(codeqlFolder, 'codeql'));
     }
@@ -55,4 +56,21 @@ async function setupCodeQL() {
     }
 }
 exports.setupCodeQL = setupCodeQL;
+function getCodeQLURLVersion(url) {
+    const match = url.match(/\/codeql-bundle-(.*)\//);
+    if (match === null || match.length < 2) {
+        throw new Error(`Malformed tools url: ${url}. Version could not be inferred`);
+    }
+    let version = match[1];
+    if (!semver.valid(version)) {
+        core.debug(`Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`);
+        version = '0.0.0-' + version;
+    }
+    const s = semver.clean(version);
+    if (!s) {
+        throw new Error(`Malformed tools url ${url}. Version should be in SemVer format but have ${version} instead`);
+    }
+    return s;
+}
+exports.getCodeQLURLVersion = getCodeQLURLVersion;
 //# sourceMappingURL=setup-tools.js.map

lib/setup-tools.js.map

@@ -1 +1 @@
-{"version":3,"file":"setup-tools.js","sourceRoot":"","sources":["../src/setup-tools.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,+DAAiD;AACjD,2CAA6B;AAE7B,MAAa,WAAW;IAMpB,YAAY,UAAkB;QAC1B,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;QACvB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC3C,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAC3C,4BAA4B;QAC5B,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAC9B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;YACxB,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;gBAC7B,IAAI,CAAC,GAAG,IAAI,MAAM,CAAC;aACtB;SACJ;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YACrC,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC;SAC7B;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE;YACtC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;SAC3B;aAAM;YACH,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;SAC/D;IACL,CAAC;CACJ;AAxBD,kCAwBC;AAEM,KAAK,UAAU,WAAW;IAC7B,MAAM,OAAO,GAAG,OAAO,CAAC;IACxB,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;IAE7D,IAAI;QACA,IAAI,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;QACrD,IAAI,YAAY,EAAE;YACd,IAAI,CAAC,KAAK,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;SACvD;aAAM;YACH,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YAC3D,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC/D,YAAY,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,QAAQ,EAAE,OAAO,CAAC,CAAC;SAC/E;QACD,OAAO,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC;KAE7D;IAAC,OAAO,CAAC,EAAE;QACR,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;KAChE;AACL,CAAC;AAnBD,kCAmBC"}
+{"version":3,"file":"setup-tools.js","sourceRoot":"","sources":["../src/setup-tools.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,+DAAiD;AACjD,2CAA6B;AAC7B,+CAAiC;AAEjC,MAAa,WAAW;IAMpB,YAAY,UAAkB;QAC1B,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;QACvB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC3C,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAC3C,4BAA4B;QAC5B,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAC9B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;YACxB,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;gBAC7B,IAAI,CAAC,GAAG,IAAI,MAAM,CAAC;aACtB;SACJ;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YACrC,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC;SAC7B;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE;YACtC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;SAC3B;aAAM;YACH,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;SAC/D;IACL,CAAC;CACJ;AAxBD,kCAwBC;AAEM,KAAK,UAAU,WAAW;IAC7B,IAAI;QACA,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7D,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAExD,IAAI,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAC9D,IAAI,YAAY,EAAE;YACd,IAAI,CAAC,KAAK,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;SACvD;aAAM;YACH,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YAC3D,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC/D,YAAY,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;SACxF;QACD,OAAO,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC;KAE7D;IAAC,OAAO,CAAC,EAAE;QACR,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;KAChE;AACL,CAAC;AAnBD,kCAmBC;AAED,SAAgB,mBAAmB,CAAC,GAAW;IAE3C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAClD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;QACpC,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,iCAAiC,CAAC,CAAC;KACjF;IAED,IAAI,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAEvB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE;QACxB,IAAI,CAAC,KAAK,CAAC,kBAAkB,OAAO,gEAAgE,OAAO,GAAG,CAAC,CAAC;QAChH,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC;KAChC;IAED,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAChC,IAAI,CAAC,CAAC,EAAE;QACJ,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,iDAAiD,OAAO,UAAU,CAAC,CAAC;KACjH;IAED,OAAO,CAAC,CAAC;AACb,CAAC;AApBD,kDAoBC"}

lib/setup-tools.test.js

@@ -0,0 +1,58 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const toolcache = __importStar(require("@actions/tool-cache"));
+const ava_1 = __importDefault(require("ava"));
+const nock_1 = __importDefault(require("nock"));
+const path = __importStar(require("path"));
+const setupTools = __importStar(require("./setup-tools"));
+const util = __importStar(require("./util"));
+ava_1.default('download codeql bundle cache', async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        process.env['RUNNER_TEMP'] = path.join(tmpDir, 'temp');
+        process.env['RUNNER_TOOL_CACHE'] = path.join(tmpDir, 'cache');
+        const versions = ['20200601', '20200610'];
+        for (let i = 0; i < versions.length; i++) {
+            const version = versions[i];
+            nock_1.default('https://example.com')
+                .get(`/download/codeql-bundle-${version}/codeql-bundle.tar.gz`)
+                .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle.tar.gz`));
+            process.env['INPUT_TOOLS'] = `https://example.com/download/codeql-bundle-${version}/codeql-bundle.tar.gz`;
+            await setupTools.setupCodeQL();
+            t.assert(toolcache.find('CodeQL', `0.0.0-${version}`));
+        }
+        const cachedVersions = toolcache.findAllVersions('CodeQL');
+        t.is(cachedVersions.length, 2);
+    });
+});
+ava_1.default('parse codeql bundle url version', t => {
+    const tests = {
+        '20200601': '0.0.0-20200601',
+        '20200601.0': '0.0.0-20200601.0',
+        '20200601.0.0': '20200601.0.0',
+        '1.2.3': '1.2.3',
+        '1.2.3-alpha': '1.2.3-alpha',
+        '1.2.3-beta.1': '1.2.3-beta.1',
+    };
+    for (const [version, expectedVersion] of Object.entries(tests)) {
+        const url = `https://github.com/.../codeql-bundle-${version}/...`;
+        try {
+            const parsedVersion = setupTools.getCodeQLURLVersion(url);
+            t.deepEqual(parsedVersion, expectedVersion);
+        }
+        catch (e) {
+            t.fail(e.message);
+        }
+    }
+});
+//# sourceMappingURL=setup-tools.test.js.map

lib/setup-tools.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup-tools.test.js","sourceRoot":"","sources":["../src/setup-tools.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+DAAiD;AACjD,8CAAuB;AACvB,gDAAwB;AACxB,2CAA6B;AAE7B,0DAA4C;AAC5C,6CAA+B;AAE/B,aAAI,CAAC,8BAA8B,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAE3C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QAEjC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,MAAM,CAAC;QAEzC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAE9D,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YACtC,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YAE5B,cAAI,CAAC,qBAAqB,CAAC;iBACtB,GAAG,CAAC,2BAA2B,OAAO,uBAAuB,CAAC;iBAC9D,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,uCAAuC,CAAC,CAAC,CAAC;YAGvF,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,8CAA8C,OAAO,uBAAuB,CAAC;YAE1G,MAAM,UAAU,CAAC,WAAW,EAAE,CAAC;YAE/B,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,OAAO,EAAE,CAAC,CAAC,CAAC;SAC1D;QAED,MAAM,cAAc,GAAG,SAAS,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAE3D,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAExC,MAAM,KAAK,GAAG;QACV,UAAU,EAAE,gBAAgB;QAC5B,YAAY,EAAE,kBAAkB;QAChC,cAAc,EAAE,cAAc;QAC9B,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,aAAa;QAC5B,cAAc,EAAE,cAAc;KACjC,CAAC;IAEF,KAAK,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAC5D,MAAM,GAAG,GAAG,wCAAwC,OAAO,MAAM,CAAC;QAElE,IAAI;YACA,MAAM,aAAa,GAAG,UAAU,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAC1D,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SAC/C;QAAC,OAAO,CAAC,EAAE;YACR,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;SACrB;KACJ;AACL,CAAC,CAAC,CAAC"}

lib/setup-tracer.js

@@ -100,12 +100,13 @@ function concatTracerConfigs(configs) {
         totalCount += count;
         totalLines.push(...lines.slice(2));
     }
-    const newLogFilePath = path.resolve(util.workspaceFolder(), 'compound-build-tracer.log');
-    const spec = path.resolve(util.workspaceFolder(), 'compound-spec');
-    const tempFolder = path.resolve(util.workspaceFolder(), 'compound-temp');
+    const tempFolder = util.getRequiredEnvParam('RUNNER_TEMP');
+    const newLogFilePath = path.resolve(tempFolder, 'compound-build-tracer.log');
+    const spec = path.resolve(tempFolder, 'compound-spec');
+    const compoundTempFolder = path.resolve(tempFolder, 'compound-temp');
     const newSpecContent = [newLogFilePath, totalCount.toString(10), ...totalLines];
     if (copyExecutables) {
-        env['SEMMLE_COPY_EXECUTABLES_ROOT'] = tempFolder;
+        env['SEMMLE_COPY_EXECUTABLES_ROOT'] = compoundTempFolder;
         envSize += 1;
     }
     fs.writeFileSync(spec, newSpecContent.join('\n'));
@@ -156,7 +157,7 @@ async function run() {
         // Setup CODEQL_RAM flag (todo improve this https://github.com/github/dsp-code-scanning/issues/935)
         const codeqlRam = process.env['CODEQL_RAM'] || '6500';
         core.exportVariable('CODEQL_RAM', codeqlRam);
-        const databaseFolder = path.resolve(util.workspaceFolder(), 'codeql_databases');
+        const databaseFolder = path.resolve(util.getRequiredEnvParam('RUNNER_TEMP'), 'codeql_databases');
         await io.mkdirP(databaseFolder);
         let tracedLanguages = {};
         let scannedLanguages = [];
@@ -205,8 +206,8 @@ async function run() {
         await util.reportActionFailed('init', error.message, error.stack);
         return;
     }
-    core.exportVariable(sharedEnv.CODEQL_ACTION_INIT_COMPLETED, 'true');
     await util.reportActionSucceeded('init');
+    core.exportVariable(sharedEnv.CODEQL_ACTION_INIT_COMPLETED, 'true');
 }
 run().catch(e => {
     core.setFailed("init action failed: " + e);

lib/upload-lib.js

@@ -13,26 +13,14 @@ Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
 const http = __importStar(require("@actions/http-client"));
 const auth = __importStar(require("@actions/http-client/auth"));
-const io = __importStar(require("@actions/io"));
 const file_url_1 = __importDefault(require("file-url"));
 const fs = __importStar(require("fs"));
+const jsonschema = __importStar(require("jsonschema"));
 const path = __importStar(require("path"));
 const zlib_1 = __importDefault(require("zlib"));
 const fingerprints = __importStar(require("./fingerprints"));
 const sharedEnv = __importStar(require("./shared-environment"));
 const util = __importStar(require("./util"));
-// Construct the location of the sentinel file for detecting multiple uploads.
-// The returned location should be writable.
-async function getSentinelFilePath() {
-    // Use the temp dir instead of placing next to the sarif file because of
-    // issues with docker actions. The directory containing the sarif file
-    // may not be writable by us.
-    const uploadsTmpDir = path.join(process.env['RUNNER_TEMP'] || '/tmp/codeql-action', 'uploads');
-    await io.mkdirP(uploadsTmpDir);
-    // Hash the absolute path so we'll behave correctly in the unlikely
-    // scenario a file is referenced twice with different paths.
-    return path.join(uploadsTmpDir, 'codeql-action-upload-sentinel');
-}
 // Takes a list of paths to sarif files and combines them together,
 // returning the contents of the combined sarif file.
 function combineSarifFiles(sarifFiles) {
@@ -125,62 +113,96 @@ async function upload(input) {
     }
 }
 exports.upload = upload;
+// Counts the number of results in the given SARIF file
+function countResultsInSarif(sarif) {
+    let numResults = 0;
+    for (const run of JSON.parse(sarif).runs) {
+        numResults += run.results.length;
+    }
+    return numResults;
+}
+exports.countResultsInSarif = countResultsInSarif;
+// Validates that the given file path refers to a valid SARIF file.
+// Returns a non-empty list of error message if the file is invalid,
+// otherwise returns the empty list if the file is valid.
+function validateSarifFileSchema(sarifFilePath) {
+    const sarif = JSON.parse(fs.readFileSync(sarifFilePath, 'utf8'));
+    const schema = JSON.parse(fs.readFileSync(__dirname + '/../src/sarif_v2.1.0_schema.json', 'utf8'));
+    const result = new jsonschema.Validator().validate(sarif, schema);
+    if (result.valid) {
+        return true;
+    }
+    else {
+        // Set the failure message to the stacks of all the errors.
+        // This should be of a manageable size and may even give enough to fix the error.
+        const errorMessages = result.errors.map(e => "- " + e.stack);
+        core.setFailed("Unable to upload \"" + sarifFilePath + "\" as it is not valid SARIF:\n" + errorMessages.join("\n"));
+        // Also output the more verbose error messages in groups as these may be very large.
+        for (const error of result.errors) {
+            core.startGroup("Error details: " + error.stack);
+            core.info(JSON.stringify(error, null, 2));
+            core.endGroup();
+        }
+        return false;
+    }
+}
+exports.validateSarifFileSchema = validateSarifFileSchema;
 // Uploads the given set of sarif files.
 // Returns true iff the upload occurred and succeeded
 async function uploadFiles(sarifFiles) {
     core.startGroup("Uploading results");
-    let succeeded = false;
-    try {
-        // Check if an upload has happened before. If so then abort.
-        // This is intended to catch when the finish and upload-sarif actions
-        // are used together, and then the upload-sarif action is invoked twice.
-        const sentinelFile = await getSentinelFilePath();
-        if (fs.existsSync(sentinelFile)) {
-            core.info("Aborting as an upload has already happened from this job");
+    core.info("Uploading sarif files: " + JSON.stringify(sarifFiles));
+    const sentinelEnvVar = "CODEQL_UPLOAD_SARIF";
+    if (process.env[sentinelEnvVar]) {
+        core.error("Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job");
+        return false;
+    }
+    core.exportVariable(sentinelEnvVar, sentinelEnvVar);
+    // Validate that the files we were asked to upload are all valid SARIF files
+    for (const file of sarifFiles) {
+        if (!validateSarifFileSchema(file)) {
             return false;
         }
-        const commitOid = util.getRequiredEnvParam('GITHUB_SHA');
-        const workflowRunIDStr = util.getRequiredEnvParam('GITHUB_RUN_ID');
-        const ref = util.getRef();
-        const analysisKey = await util.getAnalysisKey();
-        const analysisName = util.getRequiredEnvParam('GITHUB_WORKFLOW');
-        const startedAt = process.env[sharedEnv.CODEQL_ACTION_STARTED_AT];
-        core.info("Uploading sarif files: " + JSON.stringify(sarifFiles));
-        let sarifPayload = combineSarifFiles(sarifFiles);
-        sarifPayload = fingerprints.addFingerprints(sarifPayload);
-        const zipped_sarif = zlib_1.default.gzipSync(sarifPayload).toString('base64');
-        let checkoutPath = core.getInput('checkout_path');
-        let checkoutURI = file_url_1.default(checkoutPath);
-        const workflowRunID = parseInt(workflowRunIDStr, 10);
-        if (Number.isNaN(workflowRunID)) {
-            core.setFailed('GITHUB_RUN_ID must define a non NaN workflow run ID');
-            return false;
-        }
-        let matrix = core.getInput('matrix');
-        if (matrix === "null" || matrix === "") {
-            matrix = undefined;
-        }
-        const toolNames = util.getToolNames(sarifPayload);
-        const payload = JSON.stringify({
-            "commit_oid": commitOid,
-            "ref": ref,
-            "analysis_key": analysisKey,
-            "analysis_name": analysisName,
-            "sarif": zipped_sarif,
-            "workflow_run_id": workflowRunID,
-            "checkout_uri": checkoutURI,
-            "environment": matrix,
-            "started_at": startedAt,
-            "tool_names": toolNames,
-        });
-        // Make the upload
-        succeeded = await uploadPayload(payload);
-        // Mark that we have made an upload
-        fs.writeFileSync(sentinelFile, '');
     }
-    catch (error) {
-        core.setFailed(error.message);
+    const commitOid = await util.getCommitOid();
+    const workflowRunIDStr = util.getRequiredEnvParam('GITHUB_RUN_ID');
+    const ref = util.getRef();
+    const analysisKey = await util.getAnalysisKey();
+    const analysisName = util.getRequiredEnvParam('GITHUB_WORKFLOW');
+    const startedAt = process.env[sharedEnv.CODEQL_ACTION_STARTED_AT];
+    let sarifPayload = combineSarifFiles(sarifFiles);
+    sarifPayload = fingerprints.addFingerprints(sarifPayload);
+    const zipped_sarif = zlib_1.default.gzipSync(sarifPayload).toString('base64');
+    let checkoutPath = core.getInput('checkout_path');
+    let checkoutURI = file_url_1.default(checkoutPath);
+    const workflowRunID = parseInt(workflowRunIDStr, 10);
+    if (Number.isNaN(workflowRunID)) {
+        core.setFailed('GITHUB_RUN_ID must define a non NaN workflow run ID');
+        return false;
     }
+    let matrix = core.getInput('matrix');
+    if (matrix === "null" || matrix === "") {
+        matrix = undefined;
+    }
+    const toolNames = util.getToolNames(sarifPayload);
+    const payload = JSON.stringify({
+        "commit_oid": commitOid,
+        "ref": ref,
+        "analysis_key": analysisKey,
+        "analysis_name": analysisName,
+        "sarif": zipped_sarif,
+        "workflow_run_id": workflowRunID,
+        "checkout_uri": checkoutURI,
+        "environment": matrix,
+        "started_at": startedAt,
+        "tool_names": toolNames,
+    });
+    // Log some useful debug info about the info
+    core.debug("Raw upload size: " + sarifPayload.length + " bytes");
+    core.debug("Base64 zipped upload size: " + zipped_sarif.length + " bytes");
+    core.debug("Number of results in upload: " + countResultsInSarif(sarifPayload));
+    // Make the upload
+    const succeeded = await uploadPayload(payload);
     core.endGroup();
     return succeeded;
 }

lib/upload-lib.test.js

@@ -0,0 +1,25 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const ava_1 = __importDefault(require("ava"));
+const uploadLib = __importStar(require("./upload-lib"));
+ava_1.default('validateSarifFileSchema - valid', t => {
+    const inputFile = __dirname + '/../src/testdata/valid-sarif.sarif';
+    t.true(uploadLib.validateSarifFileSchema(inputFile));
+});
+ava_1.default('validateSarifFileSchema - invalid', t => {
+    const inputFile = __dirname + '/../src/testdata/invalid-sarif.sarif';
+    t.false(uploadLib.validateSarifFileSchema(inputFile));
+    // validateSarifFileSchema calls core.setFailed which sets the exit code on error
+    process.exitCode = 0;
+});
+//# sourceMappingURL=upload-lib.test.js.map

lib/upload-lib.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"upload-lib.test.js","sourceRoot":"","sources":["../src/upload-lib.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,wDAA0C;AAE1C,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAC1C,MAAM,SAAS,GAAG,SAAS,GAAG,oCAAoC,CAAC;IACnE,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,mCAAmC,EAAE,CAAC,CAAC,EAAE;IAC5C,MAAM,SAAS,GAAG,SAAS,GAAG,sCAAsC,CAAC;IACrE,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC;IACtD,iFAAiF;IACjF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC"}

lib/util.js

@@ -11,6 +11,7 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
+const exec = __importStar(require("@actions/exec"));
 const http = __importStar(require("@actions/http-client"));
 const auth = __importStar(require("@actions/http-client/auth"));
 const octokit = __importStar(require("@octokit/rest"));
@@ -33,12 +34,6 @@ function should_abort(actionName, requireInitActionHasRun) {
         core.setFailed('GITHUB_REF must be set.');
         return true;
     }
-    // Should abort if called on a merge commit for a pull request.
-    if (ref.startsWith('refs/pull/')) {
-        core.warning('The CodeQL ' + actionName + ' action is intended for workflows triggered on `push` events, '
-            + 'but the current workflow is running on a pull request. Aborting.');
-        return true;
-    }
     // If the init action is required, then check the it completed successfully.
     if (requireInitActionHasRun && process.env[sharedEnv.CODEQL_ACTION_INIT_COMPLETED] === undefined) {
         core.setFailed('The CodeQL ' + actionName + ' action cannot be used unless the CodeQL init action is run first. Aborting.');
@@ -47,16 +42,6 @@ function should_abort(actionName, requireInitActionHasRun) {
     return false;
 }
 exports.should_abort = should_abort;
-/**
- * Resolve the path to the workspace folder.
- */
-function workspaceFolder() {
-    let workspaceFolder = process.env['RUNNER_WORKSPACE'];
-    if (!workspaceFolder)
-        workspaceFolder = path.resolve('..');
-    return workspaceFolder;
-}
-exports.workspaceFolder = workspaceFolder;
 /**
  * Get an environment parameter, but throw an error if it is not set.
  */
@@ -151,6 +136,21 @@ async function getLanguages() {
     return languages;
 }
 exports.getLanguages = getLanguages;
+/**
+ * Gets the SHA of the commit that is currently checked out.
+ */
+async function getCommitOid() {
+    let commitOid = '';
+    await exec.exec('git', ['rev-parse', 'HEAD'], {
+        silent: true,
+        listeners: {
+            stdout: (data) => { commitOid += data.toString(); },
+            stderr: (data) => { process.stderr.write(data); }
+        }
+    });
+    return commitOid.trim();
+}
+exports.getCommitOid = getCommitOid;
 /**
  * Get the path of the currently executing workflow.
  */
@@ -196,8 +196,20 @@ exports.getAnalysisKey = getAnalysisKey;
  * Get the ref currently being analyzed.
  */
 function getRef() {
-    // it's in the form "refs/heads/master"
-    return getRequiredEnvParam('GITHUB_REF');
+    // Will be in the form "refs/heads/master" on a push event
+    // or in the form "refs/pull/N/merge" on a pull_request event
+    const ref = getRequiredEnvParam('GITHUB_REF');
+    // For pull request refs we want to convert from the 'merge' ref
+    // to the 'head' ref, as that is what we want to analyse.
+    // There should have been some code earlier in the workflow to do
+    // the checkout, but we have no way of verifying that here.
+    const pull_ref_regex = /refs\/pull\/(\d+)\/merge/;
+    if (pull_ref_regex.test(ref)) {
+        return ref.replace(pull_ref_regex, 'refs/pull/$1/head');
+    }
+    else {
+        return ref;
+    }
 }
 exports.getRef = getRef;
 /**
@@ -337,8 +349,9 @@ exports.getToolNames = getToolNames;
 // Mostly intended for use within tests.
 async function withTmpDir(body) {
     const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'codeql-action-'));
-    await body(tmpDir);
+    const result = await body(tmpDir);
     fs.rmdirSync(tmpDir, { recursive: true });
+    return result;
 }
 exports.withTmpDir = withTmpDir;
 //# sourceMappingURL=util.js.map

node_modules/.bin/semver

@@ -1 +1 @@
-../semver/bin/semver
+../semver/bin/semver.js

node_modules/@actions/tool-cache/README.md

@@ -22,11 +22,11 @@ These can then be extracted in platform specific ways:
 const tc = require('@actions/tool-cache');
 
 if (process.platform === 'win32') {
-  const node12Path = tc.downloadTool('https://nodejs.org/dist/v12.7.0/node-v12.7.0-win-x64.zip');
+  const node12Path = await tc.downloadTool('https://nodejs.org/dist/v12.7.0/node-v12.7.0-win-x64.zip');
   const node12ExtractedFolder = await tc.extractZip(node12Path, 'path/to/extract/to');
 
   // Or alternately
-  const node12Path = tc.downloadTool('https://nodejs.org/dist/v12.7.0/node-v12.7.0-win-x64.7z');
+  const node12Path = await tc.downloadTool('https://nodejs.org/dist/v12.7.0/node-v12.7.0-win-x64.7z');
   const node12ExtractedFolder = await tc.extract7z(node12Path, 'path/to/extract/to');
 }
 else {
@@ -37,7 +37,7 @@ else {
 
 #### Cache
 
-Finally, you can cache these directories in our tool-cache. This is useful if you want to switch back and forth between versions of a tool, or save a tool between runs for private runners (private runners are still in development but are on the roadmap).
+Finally, you can cache these directories in our tool-cache. This is useful if you want to switch back and forth between versions of a tool, or save a tool between runs for self-hosted runners.
 
 You'll often want to add it to the path as part of this step:
 
@@ -57,7 +57,7 @@ You can also cache files for reuse.
 ```js
 const tc = require('@actions/tool-cache');
 
-tc.cacheFile('path/to/exe', 'destFileName.exe', 'myExeName', '1.1.0');
+const cachedPath = await tc.cacheFile('path/to/exe', 'destFileName.exe', 'myExeName', '1.1.0');
 ```
 
 #### Find

node_modules/@actions/tool-cache/lib/manifest.d.ts

@@ -0,0 +1,16 @@
+export interface IToolReleaseFile {
+    filename: string;
+    platform: string;
+    platform_version?: string;
+    arch: string;
+    download_url: string;
+}
+export interface IToolRelease {
+    version: string;
+    stable: boolean;
+    release_url: string;
+    files: IToolReleaseFile[];
+}
+export declare function _findMatch(versionSpec: string, stable: boolean, candidates: IToolRelease[], archFilter: string): Promise<IToolRelease | undefined>;
+export declare function _getOsVersion(): string;
+export declare function _readLinuxVersionFile(): string;

node_modules/@actions/tool-cache/lib/manifest.js

@@ -0,0 +1,106 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const semver = __importStar(require("semver"));
+const core_1 = require("@actions/core");
+// needs to be require for core node modules to be mocked
+/* eslint @typescript-eslint/no-require-imports: 0 */
+const os = require("os");
+const cp = require("child_process");
+const fs = require("fs");
+function _findMatch(versionSpec, stable, candidates, archFilter) {
+    return __awaiter(this, void 0, void 0, function* () {
+        const platFilter = os.platform();
+        let result;
+        let match;
+        let file;
+        for (const candidate of candidates) {
+            const version = candidate.version;
+            core_1.debug(`check ${version} satisfies ${versionSpec}`);
+            if (semver.satisfies(version, versionSpec) &&
+                (!stable || candidate.stable === stable)) {
+                file = candidate.files.find(item => {
+                    core_1.debug(`${item.arch}===${archFilter} && ${item.platform}===${platFilter}`);
+                    let chk = item.arch === archFilter && item.platform === platFilter;
+                    if (chk && item.platform_version) {
+                        const osVersion = module.exports._getOsVersion();
+                        if (osVersion === item.platform_version) {
+                            chk = true;
+                        }
+                        else {
+                            chk = semver.satisfies(osVersion, item.platform_version);
+                        }
+                    }
+                    return chk;
+                });
+                if (file) {
+                    core_1.debug(`matched ${candidate.version}`);
+                    match = candidate;
+                    break;
+                }
+            }
+        }
+        if (match && file) {
+            // clone since we're mutating the file list to be only the file that matches
+            result = Object.assign({}, match);
+            result.files = [file];
+        }
+        return result;
+    });
+}
+exports._findMatch = _findMatch;
+function _getOsVersion() {
+    // TODO: add windows and other linux, arm variants
+    // right now filtering on version is only an ubuntu and macos scenario for tools we build for hosted (python)
+    const plat = os.platform();
+    let version = '';
+    if (plat === 'darwin') {
+        version = cp.execSync('sw_vers -productVersion').toString();
+    }
+    else if (plat === 'linux') {
+        // lsb_release process not in some containers, readfile
+        // Run cat /etc/lsb-release
+        // DISTRIB_ID=Ubuntu
+        // DISTRIB_RELEASE=18.04
+        // DISTRIB_CODENAME=bionic
+        // DISTRIB_DESCRIPTION="Ubuntu 18.04.4 LTS"
+        const lsbContents = module.exports._readLinuxVersionFile();
+        if (lsbContents) {
+            const lines = lsbContents.split('\n');
+            for (const line of lines) {
+                const parts = line.split('=');
+                if (parts.length === 2 && parts[0].trim() === 'DISTRIB_RELEASE') {
+                    version = parts[1].trim();
+                    break;
+                }
+            }
+        }
+    }
+    return version;
+}
+exports._getOsVersion = _getOsVersion;
+function _readLinuxVersionFile() {
+    const lsbFile = '/etc/lsb-release';
+    let contents = '';
+    if (fs.existsSync(lsbFile)) {
+        contents = fs.readFileSync(lsbFile).toString();
+    }
+    return contents;
+}
+exports._readLinuxVersionFile = _readLinuxVersionFile;
+//# sourceMappingURL=manifest.js.map

node_modules/@actions/tool-cache/lib/manifest.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"manifest.js","sourceRoot":"","sources":["../src/manifest.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AAAA,+CAAgC;AAChC,wCAAmC;AAEnC,yDAAyD;AACzD,qDAAqD;AAErD,yBAAyB;AACzB,oCAAoC;AACpC,yBAAyB;AAqDzB,SAAsB,UAAU,CAC9B,WAAmB,EACnB,MAAe,EACf,UAA0B,EAC1B,UAAkB;;QAElB,MAAM,UAAU,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAA;QAEhC,IAAI,MAAgC,CAAA;QACpC,IAAI,KAA+B,CAAA;QAEnC,IAAI,IAAkC,CAAA;QACtC,KAAK,MAAM,SAAS,IAAI,UAAU,EAAE;YAClC,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAA;YAEjC,YAAK,CAAC,SAAS,OAAO,cAAc,WAAW,EAAE,CAAC,CAAA;YAClD,IACE,MAAM,CAAC,SAAS,CAAC,OAAO,EAAE,WAAW,CAAC;gBACtC,CAAC,CAAC,MAAM,IAAI,SAAS,CAAC,MAAM,KAAK,MAAM,CAAC,EACxC;gBACA,IAAI,GAAG,SAAS,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;oBACjC,YAAK,CACH,GAAG,IAAI,CAAC,IAAI,MAAM,UAAU,OAAO,IAAI,CAAC,QAAQ,MAAM,UAAU,EAAE,CACnE,CAAA;oBAED,IAAI,GAAG,GAAG,IAAI,CAAC,IAAI,KAAK,UAAU,IAAI,IAAI,CAAC,QAAQ,KAAK,UAAU,CAAA;oBAClE,IAAI,GAAG,IAAI,IAAI,CAAC,gBAAgB,EAAE;wBAChC,MAAM,SAAS,GAAG,MAAM,CAAC,OAAO,CAAC,aAAa,EAAE,CAAA;wBAEhD,IAAI,SAAS,KAAK,IAAI,CAAC,gBAAgB,EAAE;4BACvC,GAAG,GAAG,IAAI,CAAA;yBACX;6BAAM;4BACL,GAAG,GAAG,MAAM,CAAC,SAAS,CAAC,SAAS,EAAE,IAAI,CAAC,gBAAgB,CAAC,CAAA;yBACzD;qBACF;oBAED,OAAO,GAAG,CAAA;gBACZ,CAAC,CAAC,CAAA;gBAEF,IAAI,IAAI,EAAE;oBACR,YAAK,CAAC,WAAW,SAAS,CAAC,OAAO,EAAE,CAAC,CAAA;oBACrC,KAAK,GAAG,SAAS,CAAA;oBACjB,MAAK;iBACN;aACF;SACF;QAED,IAAI,KAAK,IAAI,IAAI,EAAE;YACjB,4EAA4E;YAC5E,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,EAAE,EAAE,KAAK,CAAC,CAAA;YACjC,MAAM,CAAC,KAAK,GAAG,CAAC,IAAI,CAAC,CAAA;SACtB;QAED,OAAO,MAAM,CAAA;IACf,CAAC;CAAA;AAtDD,gCAsDC;AAED,SAAgB,aAAa;IAC3B,kDAAkD;IAClD,6GAA6G;IAC7G,MAAM,IAAI,GAAG,EAAE,CAAC,QAAQ,EAAE,CAAA;IAC1B,IAAI,OAAO,GAAG,EAAE,CAAA;IAEhB,IAAI,IAAI,KAAK,QAAQ,EAAE;QACrB,OAAO,GAAG,EAAE,CAAC,QAAQ,CAAC,yBAAyB,CAAC,CAAC,QAAQ,EAAE,CAAA;KAC5D;SAAM,IAAI,IAAI,KAAK,OAAO,EAAE;QAC3B,uDAAuD;QACvD,2BAA2B;QAC3B,oBAAoB;QACpB,wBAAwB;QACxB,0BAA0B;QAC1B,2CAA2C;QAC3C,MAAM,WAAW,GAAG,MAAM,CAAC,OAAO,CAAC,qBAAqB,EAAE,CAAA;QAC1D,IAAI,WAAW,EAAE;YACf,MAAM,KAAK,GAAG,WAAW,CAAC,KAAK,CAAC,IAAI,CAAC,CAAA;YACrC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE;gBACxB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;gBAC7B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,KAAK,iBAAiB,EAAE;oBAC/D,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAA;oBACzB,MAAK;iBACN;aACF;SACF;KACF;IAED,OAAO,OAAO,CAAA;AAChB,CAAC;AA7BD,sCA6BC;AAED,SAAgB,qBAAqB;IACnC,MAAM,OAAO,GAAG,kBAAkB,CAAA;IAClC,IAAI,QAAQ,GAAG,EAAE,CAAA;IAEjB,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;QAC1B,QAAQ,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,CAAC,CAAC,QAAQ,EAAE,CAAA;KAC/C;IAED,OAAO,QAAQ,CAAA;AACjB,CAAC;AATD,sDASC"}

node_modules/@actions/tool-cache/lib/retry-helper.d.ts

@@ -0,0 +1,12 @@
+/**
+ * Internal class for retries
+ */
+export declare class RetryHelper {
+    private maxAttempts;
+    private minSeconds;
+    private maxSeconds;
+    constructor(maxAttempts: number, minSeconds: number, maxSeconds: number);
+    execute<T>(action: () => Promise<T>, isRetryable?: (e: Error) => boolean): Promise<T>;
+    private getSleepAmount;
+    private sleep;
+}

node_modules/@actions/tool-cache/lib/retry-helper.js

@@ -0,0 +1,70 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core = __importStar(require("@actions/core"));
+/**
+ * Internal class for retries
+ */
+class RetryHelper {
+    constructor(maxAttempts, minSeconds, maxSeconds) {
+        if (maxAttempts < 1) {
+            throw new Error('max attempts should be greater than or equal to 1');
+        }
+        this.maxAttempts = maxAttempts;
+        this.minSeconds = Math.floor(minSeconds);
+        this.maxSeconds = Math.floor(maxSeconds);
+        if (this.minSeconds > this.maxSeconds) {
+            throw new Error('min seconds should be less than or equal to max seconds');
+        }
+    }
+    execute(action, isRetryable) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let attempt = 1;
+            while (attempt < this.maxAttempts) {
+                // Try
+                try {
+                    return yield action();
+                }
+                catch (err) {
+                    if (isRetryable && !isRetryable(err)) {
+                        throw err;
+                    }
+                    core.info(err.message);
+                }
+                // Sleep
+                const seconds = this.getSleepAmount();
+                core.info(`Waiting ${seconds} seconds before trying again`);
+                yield this.sleep(seconds);
+                attempt++;
+            }
+            // Last attempt
+            return yield action();
+        });
+    }
+    getSleepAmount() {
+        return (Math.floor(Math.random() * (this.maxSeconds - this.minSeconds + 1)) +
+            this.minSeconds);
+    }
+    sleep(seconds) {
+        return __awaiter(this, void 0, void 0, function* () {
+            return new Promise(resolve => setTimeout(resolve, seconds * 1000));
+        });
+    }
+}
+exports.RetryHelper = RetryHelper;
+//# sourceMappingURL=retry-helper.js.map

node_modules/@actions/tool-cache/lib/retry-helper.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"retry-helper.js","sourceRoot":"","sources":["../src/retry-helper.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AAAA,oDAAqC;AAErC;;GAEG;AACH,MAAa,WAAW;IAKtB,YAAY,WAAmB,EAAE,UAAkB,EAAE,UAAkB;QACrE,IAAI,WAAW,GAAG,CAAC,EAAE;YACnB,MAAM,IAAI,KAAK,CAAC,mDAAmD,CAAC,CAAA;SACrE;QAED,IAAI,CAAC,WAAW,GAAG,WAAW,CAAA;QAC9B,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;QACxC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,CAAA;QACxC,IAAI,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,EAAE;YACrC,MAAM,IAAI,KAAK,CAAC,yDAAyD,CAAC,CAAA;SAC3E;IACH,CAAC;IAEK,OAAO,CACX,MAAwB,EACxB,WAAmC;;YAEnC,IAAI,OAAO,GAAG,CAAC,CAAA;YACf,OAAO,OAAO,GAAG,IAAI,CAAC,WAAW,EAAE;gBACjC,MAAM;gBACN,IAAI;oBACF,OAAO,MAAM,MAAM,EAAE,CAAA;iBACtB;gBAAC,OAAO,GAAG,EAAE;oBACZ,IAAI,WAAW,IAAI,CAAC,WAAW,CAAC,GAAG,CAAC,EAAE;wBACpC,MAAM,GAAG,CAAA;qBACV;oBAED,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,OAAO,CAAC,CAAA;iBACvB;gBAED,QAAQ;gBACR,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,EAAE,CAAA;gBACrC,IAAI,CAAC,IAAI,CAAC,WAAW,OAAO,8BAA8B,CAAC,CAAA;gBAC3D,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAA;gBACzB,OAAO,EAAE,CAAA;aACV;YAED,eAAe;YACf,OAAO,MAAM,MAAM,EAAE,CAAA;QACvB,CAAC;KAAA;IAEO,cAAc;QACpB,OAAO,CACL,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,IAAI,CAAC,UAAU,GAAG,IAAI,CAAC,UAAU,GAAG,CAAC,CAAC,CAAC;YACnE,IAAI,CAAC,UAAU,CAChB,CAAA;IACH,CAAC;IAEa,KAAK,CAAC,OAAe;;YACjC,OAAO,IAAI,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,EAAE,OAAO,GAAG,IAAI,CAAC,CAAC,CAAA;QACpE,CAAC;KAAA;CACF;AAxDD,kCAwDC"}

node_modules/@actions/tool-cache/lib/tool-cache.d.ts

@@ -1,3 +1,4 @@
+import * as mm from './manifest';
 export declare class HTTPError extends Error {
     readonly httpStatusCode: number | undefined;
     constructor(httpStatusCode: number | undefined);
@@ -6,9 +7,11 @@ export declare class HTTPError extends Error {
  * Download a tool from an url and stream it into a file
  *
  * @param url       url of tool to download
+ * @param dest      path to download tool
+ * @param auth      authorization header
  * @returns         path to downloaded tool
  */
-export declare function downloadTool(url: string): Promise<string>;
+export declare function downloadTool(url: string, dest?: string, auth?: string): Promise<string>;
 /**
  * Extract a .7z file
  *
@@ -26,14 +29,14 @@ export declare function downloadTool(url: string): Promise<string>;
  */
 export declare function extract7z(file: string, dest?: string, _7zPath?: string): Promise<string>;
 /**
- * Extract a tar
+ * Extract a compressed tar archive
  *
  * @param file     path to the tar
  * @param dest     destination directory. Optional.
- * @param flags    flags for the tar. Optional.
+ * @param flags    flags for the tar command to use for extraction. Defaults to 'xz' (extracting gzipped tars). Optional.
  * @returns        path to the destination directory
  */
-export declare function extractTar(file: string, dest?: string, flags?: string): Promise<string>;
+export declare function extractTar(file: string, dest?: string, flags?: string | string[]): Promise<string>;
 /**
  * Extract a zip
  *
@@ -77,3 +80,7 @@ export declare function find(toolName: string, versionSpec: string, arch?: strin
  * @param arch      optional arch.  defaults to arch of computer
  */
 export declare function findAllVersions(toolName: string, arch?: string): string[];
+export declare type IToolRelease = mm.IToolRelease;
+export declare type IToolReleaseFile = mm.IToolReleaseFile;
+export declare function getManifestFromRepo(owner: string, repo: string, auth?: string, branch?: string): Promise<IToolRelease[]>;
+export declare function findFromManifest(versionSpec: string, stable: boolean, manifest: IToolRelease[], archFilter?: string): Promise<IToolRelease | undefined>;

node_modules/@actions/tool-cache/lib/tool-cache.js

@@ -8,17 +8,31 @@ var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, ge
         step((generator = generator.apply(thisArg, _arguments || [])).next());
     });
 };
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-const core = require("@actions/core");
-const io = require("@actions/io");
-const fs = require("fs");
-const os = require("os");
-const path = require("path");
-const httpm = require("typed-rest-client/HttpClient");
-const semver = require("semver");
-const uuidV4 = require("uuid/v4");
+const core = __importStar(require("@actions/core"));
+const io = __importStar(require("@actions/io"));
+const fs = __importStar(require("fs"));
+const mm = __importStar(require("./manifest"));
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+const httpm = __importStar(require("@actions/http-client"));
+const semver = __importStar(require("semver"));
+const stream = __importStar(require("stream"));
+const util = __importStar(require("util"));
+const v4_1 = __importDefault(require("uuid/v4"));
 const exec_1 = require("@actions/exec/lib/exec");
 const assert_1 = require("assert");
+const retry_helper_1 = require("./retry-helper");
 class HTTPError extends Error {
     constructor(httpStatusCode) {
         super(`Unexpected HTTP response: ${httpStatusCode}`);
@@ -29,85 +43,88 @@ class HTTPError extends Error {
 exports.HTTPError = HTTPError;
 const IS_WINDOWS = process.platform === 'win32';
 const userAgent = 'actions/tool-cache';
-// On load grab temp directory and cache directory and remove them from env (currently don't want to expose this)
-let tempDirectory = process.env['RUNNER_TEMP'] || '';
-let cacheRoot = process.env['RUNNER_TOOL_CACHE'] || '';
-// If directories not found, place them in common temp locations
-if (!tempDirectory || !cacheRoot) {
-    let baseLocation;
-    if (IS_WINDOWS) {
-        // On windows use the USERPROFILE env variable
-        baseLocation = process.env['USERPROFILE'] || 'C:\\';
-    }
-    else {
-        if (process.platform === 'darwin') {
-            baseLocation = '/Users';
-        }
-        else {
-            baseLocation = '/home';
-        }
-    }
-    if (!tempDirectory) {
-        tempDirectory = path.join(baseLocation, 'actions', 'temp');
-    }
-    if (!cacheRoot) {
-        cacheRoot = path.join(baseLocation, 'actions', 'cache');
-    }
-}
 /**
  * Download a tool from an url and stream it into a file
  *
  * @param url       url of tool to download
+ * @param dest      path to download tool
+ * @param auth      authorization header
  * @returns         path to downloaded tool
  */
-function downloadTool(url) {
+function downloadTool(url, dest, auth) {
     return __awaiter(this, void 0, void 0, function* () {
-        // Wrap in a promise so that we can resolve from within stream callbacks
-        return new Promise((resolve, reject) => __awaiter(this, void 0, void 0, function* () {
-            try {
-                const http = new httpm.HttpClient(userAgent, [], {
-                    allowRetries: true,
-                    maxRetries: 3
-                });
-                const destPath = path.join(tempDirectory, uuidV4());
-                yield io.mkdirP(tempDirectory);
-                core.debug(`Downloading ${url}`);
-                core.debug(`Downloading ${destPath}`);
-                if (fs.existsSync(destPath)) {
-                    throw new Error(`Destination file path ${destPath} already exists`);
+        dest = dest || path.join(_getTempDirectory(), v4_1.default());
+        yield io.mkdirP(path.dirname(dest));
+        core.debug(`Downloading ${url}`);
+        core.debug(`Destination ${dest}`);
+        const maxAttempts = 3;
+        const minSeconds = _getGlobal('TEST_DOWNLOAD_TOOL_RETRY_MIN_SECONDS', 10);
+        const maxSeconds = _getGlobal('TEST_DOWNLOAD_TOOL_RETRY_MAX_SECONDS', 20);
+        const retryHelper = new retry_helper_1.RetryHelper(maxAttempts, minSeconds, maxSeconds);
+        return yield retryHelper.execute(() => __awaiter(this, void 0, void 0, function* () {
+            return yield downloadToolAttempt(url, dest || '', auth);
+        }), (err) => {
+            if (err instanceof HTTPError && err.httpStatusCode) {
+                // Don't retry anything less than 500, except 408 Request Timeout and 429 Too Many Requests
+                if (err.httpStatusCode < 500 &&
+                    err.httpStatusCode !== 408 &&
+                    err.httpStatusCode !== 429) {
+                    return false;
                 }
-                const response = yield http.get(url);
-                if (response.message.statusCode !== 200) {
-                    const err = new HTTPError(response.message.statusCode);
-                    core.debug(`Failed to download from "${url}". Code(${response.message.statusCode}) Message(${response.message.statusMessage})`);
-                    throw err;
-                }
-                const file = fs.createWriteStream(destPath);
-                file.on('open', () => __awaiter(this, void 0, void 0, function* () {
-                    try {
-                        const stream = response.message.pipe(file);
-                        stream.on('close', () => {
-                            core.debug('download complete');
-                            resolve(destPath);
-                        });
-                    }
-                    catch (err) {
-                        core.debug(`Failed to download from "${url}". Code(${response.message.statusCode}) Message(${response.message.statusMessage})`);
-                        reject(err);
-                    }
-                }));
-                file.on('error', err => {
-                    file.end();
-                    reject(err);
-                });
             }
-            catch (err) {
-                reject(err);
-            }
-        }));
+            // Otherwise retry
+            return true;
+        });
     });
 }
 exports.downloadTool = downloadTool;
+function downloadToolAttempt(url, dest, auth) {
+    return __awaiter(this, void 0, void 0, function* () {
+        if (fs.existsSync(dest)) {
+            throw new Error(`Destination file path ${dest} already exists`);
+        }
+        // Get the response headers
+        const http = new httpm.HttpClient(userAgent, [], {
+            allowRetries: false
+        });
+        let headers;
+        if (auth) {
+            core.debug('set auth');
+            headers = {
+                authorization: auth
+            };
+        }
+        const response = yield http.get(url, headers);
+        if (response.message.statusCode !== 200) {
+            const err = new HTTPError(response.message.statusCode);
+            core.debug(`Failed to download from "${url}". Code(${response.message.statusCode}) Message(${response.message.statusMessage})`);
+            throw err;
+        }
+        // Download the response body
+        const pipeline = util.promisify(stream.pipeline);
+        const responseMessageFactory = _getGlobal('TEST_DOWNLOAD_TOOL_RESPONSE_MESSAGE_FACTORY', () => response.message);
+        const readStream = responseMessageFactory();
+        let succeeded = false;
+        try {
+            yield pipeline(readStream, fs.createWriteStream(dest));
+            core.debug('download complete');
+            succeeded = true;
+            return dest;
+        }
+        finally {
+            // Error, delete dest before retry
+            if (!succeeded) {
+                core.debug('download failed');
+                try {
+                    yield io.rmRF(dest);
+                }
+                catch (err) {
+                    core.debug(`Failed to delete '${dest}'. ${err.message}`);
+                }
+            }
+        }
+    });
+}
 /**
  * Extract a .7z file
  *
@@ -127,14 +144,15 @@ function extract7z(file, dest, _7zPath) {
     return __awaiter(this, void 0, void 0, function* () {
         assert_1.ok(IS_WINDOWS, 'extract7z() not supported on current OS');
         assert_1.ok(file, 'parameter "file" is required');
-        dest = dest || (yield _createExtractFolder(dest));
+        dest = yield _createExtractFolder(dest);
         const originalCwd = process.cwd();
         process.chdir(dest);
         if (_7zPath) {
             try {
+                const logLevel = core.isDebug() ? '-bb1' : '-bb0';
                 const args = [
                     'x',
-                    '-bb1',
+                    logLevel,
                     '-bd',
                     '-sccUTF-8',
                     file
@@ -182,11 +200,11 @@ function extract7z(file, dest, _7zPath) {
 }
 exports.extract7z = extract7z;
 /**
- * Extract a tar
+ * Extract a compressed tar archive
  *
  * @param file     path to the tar
  * @param dest     destination directory. Optional.
- * @param flags    flags for the tar. Optional.
+ * @param flags    flags for the tar command to use for extraction. Defaults to 'xz' (extracting gzipped tars). Optional.
  * @returns        path to the destination directory
  */
 function extractTar(file, dest, flags = 'xz') {
@@ -194,9 +212,47 @@ function extractTar(file, dest, flags = 'xz') {
         if (!file) {
             throw new Error("parameter 'file' is required");
         }
-        dest = dest || (yield _createExtractFolder(dest));
-        const tarPath = yield io.which('tar', true);
-        yield exec_1.exec(`"${tarPath}"`, [flags, '-C', dest, '-f', file]);
+        // Create dest
+        dest = yield _createExtractFolder(dest);
+        // Determine whether GNU tar
+        core.debug('Checking tar --version');
+        let versionOutput = '';
+        yield exec_1.exec('tar --version', [], {
+            ignoreReturnCode: true,
+            silent: true,
+            listeners: {
+                stdout: (data) => (versionOutput += data.toString()),
+                stderr: (data) => (versionOutput += data.toString())
+            }
+        });
+        core.debug(versionOutput.trim());
+        const isGnuTar = versionOutput.toUpperCase().includes('GNU TAR');
+        // Initialize args
+        let args;
+        if (flags instanceof Array) {
+            args = flags;
+        }
+        else {
+            args = [flags];
+        }
+        if (core.isDebug() && !flags.includes('v')) {
+            args.push('-v');
+        }
+        let destArg = dest;
+        let fileArg = file;
+        if (IS_WINDOWS && isGnuTar) {
+            args.push('--force-local');
+            destArg = dest.replace(/\\/g, '/');
+            // Technically only the dest needs to have `/` but for aesthetic consistency
+            // convert slashes in the file arg too.
+            fileArg = file.replace(/\\/g, '/');
+        }
+        if (isGnuTar) {
+            // Suppress warnings when using GNU tar to extract archives created by BSD tar
+            args.push('--warning=no-unknown-keyword');
+        }
+        args.push('-C', destArg, '-f', fileArg);
+        yield exec_1.exec(`tar`, args);
         return dest;
     });
 }
@@ -213,7 +269,7 @@ function extractZip(file, dest) {
         if (!file) {
             throw new Error("parameter 'file' is required");
         }
-        dest = dest || (yield _createExtractFolder(dest));
+        dest = yield _createExtractFolder(dest);
         if (IS_WINDOWS) {
             yield extractZipWin(file, dest);
         }
@@ -231,7 +287,7 @@ function extractZipWin(file, dest) {
         const escapedDest = dest.replace(/'/g, "''").replace(/"|\n|\r/g, '');
         const command = `$ErrorActionPreference = 'Stop' ; try { Add-Type -AssemblyName System.IO.Compression.FileSystem } catch { } ; [System.IO.Compression.ZipFile]::ExtractToDirectory('${escapedFile}', '${escapedDest}')`;
         // run powershell
-        const powershellPath = yield io.which('powershell');
+        const powershellPath = yield io.which('powershell', true);
         const args = [
             '-NoLogo',
             '-Sta',
@@ -247,8 +303,12 @@ function extractZipWin(file, dest) {
 }
 function extractZipNix(file, dest) {
     return __awaiter(this, void 0, void 0, function* () {
-        const unzipPath = yield io.which('unzip');
-        yield exec_1.exec(`"${unzipPath}"`, [file], { cwd: dest });
+        const unzipPath = yield io.which('unzip', true);
+        const args = [file];
+        if (!core.isDebug()) {
+            args.unshift('-q');
+        }
+        yield exec_1.exec(`"${unzipPath}"`, args, { cwd: dest });
     });
 }
 /**
@@ -339,7 +399,7 @@ function find(toolName, versionSpec, arch) {
     let toolPath = '';
     if (versionSpec) {
         versionSpec = semver.clean(versionSpec) || '';
-        const cachePath = path.join(cacheRoot, toolName, versionSpec, arch);
+        const cachePath = path.join(_getCacheDirectory(), toolName, versionSpec, arch);
         core.debug(`checking cache: ${cachePath}`);
         if (fs.existsSync(cachePath) && fs.existsSync(`${cachePath}.complete`)) {
             core.debug(`Found tool in cache ${toolName} ${versionSpec} ${arch}`);
@@ -361,7 +421,7 @@ exports.find = find;
 function findAllVersions(toolName, arch) {
     const versions = [];
     arch = arch || os.arch();
-    const toolPath = path.join(cacheRoot, toolName);
+    const toolPath = path.join(_getCacheDirectory(), toolName);
     if (fs.existsSync(toolPath)) {
         const children = fs.readdirSync(toolPath);
         for (const child of children) {
@@ -376,11 +436,56 @@ function findAllVersions(toolName, arch) {
     return versions;
 }
 exports.findAllVersions = findAllVersions;
+function getManifestFromRepo(owner, repo, auth, branch = 'master') {
+    return __awaiter(this, void 0, void 0, function* () {
+        let releases = [];
+        const treeUrl = `https://api.github.com/repos/${owner}/${repo}/git/trees/${branch}`;
+        const http = new httpm.HttpClient('tool-cache');
+        const headers = {};
+        if (auth) {
+            core.debug('set auth');
+            headers.authorization = auth;
+        }
+        const response = yield http.getJson(treeUrl, headers);
+        if (!response.result) {
+            return releases;
+        }
+        let manifestUrl = '';
+        for (const item of response.result.tree) {
+            if (item.path === 'versions-manifest.json') {
+                manifestUrl = item.url;
+                break;
+            }
+        }
+        headers['accept'] = 'application/vnd.github.VERSION.raw';
+        let versionsRaw = yield (yield http.get(manifestUrl, headers)).readBody();
+        if (versionsRaw) {
+            // shouldn't be needed but protects against invalid json saved with BOM
+            versionsRaw = versionsRaw.replace(/^\uFEFF/, '');
+            try {
+                releases = JSON.parse(versionsRaw);
+            }
+            catch (_a) {
+                core.debug('Invalid json');
+            }
+        }
+        return releases;
+    });
+}
+exports.getManifestFromRepo = getManifestFromRepo;
+function findFromManifest(versionSpec, stable, manifest, archFilter = os.arch()) {
+    return __awaiter(this, void 0, void 0, function* () {
+        // wrap the internal impl
+        const match = yield mm._findMatch(versionSpec, stable, manifest, archFilter);
+        return match;
+    });
+}
+exports.findFromManifest = findFromManifest;
 function _createExtractFolder(dest) {
     return __awaiter(this, void 0, void 0, function* () {
         if (!dest) {
             // create a temp dir
-            dest = path.join(tempDirectory, uuidV4());
+            dest = path.join(_getTempDirectory(), v4_1.default());
         }
         yield io.mkdirP(dest);
         return dest;
@@ -388,7 +493,7 @@ function _createExtractFolder(dest) {
 }
 function _createToolPath(tool, version, arch) {
     return __awaiter(this, void 0, void 0, function* () {
-        const folderPath = path.join(cacheRoot, tool, semver.clean(version) || version, arch || '');
+        const folderPath = path.join(_getCacheDirectory(), tool, semver.clean(version) || version, arch || '');
         core.debug(`destination ${folderPath}`);
         const markerPath = `${folderPath}.complete`;
         yield io.rmRF(folderPath);
@@ -398,7 +503,7 @@ function _createToolPath(tool, version, arch) {
     });
 }
 function _completeToolPath(tool, version, arch) {
-    const folderPath = path.join(cacheRoot, tool, semver.clean(version) || version, arch || '');
+    const folderPath = path.join(_getCacheDirectory(), tool, semver.clean(version) || version, arch || '');
     const markerPath = `${folderPath}.complete`;
     fs.writeFileSync(markerPath, '');
     core.debug('finished caching tool');
@@ -435,4 +540,29 @@ function _evaluateVersions(versions, versionSpec) {
     }
     return version;
 }
+/**
+ * Gets RUNNER_TOOL_CACHE
+ */
+function _getCacheDirectory() {
+    const cacheDirectory = process.env['RUNNER_TOOL_CACHE'] || '';
+    assert_1.ok(cacheDirectory, 'Expected RUNNER_TOOL_CACHE to be defined');
+    return cacheDirectory;
+}
+/**
+ * Gets RUNNER_TEMP
+ */
+function _getTempDirectory() {
+    const tempDirectory = process.env['RUNNER_TEMP'] || '';
+    assert_1.ok(tempDirectory, 'Expected RUNNER_TEMP to be defined');
+    return tempDirectory;
+}
+/**
+ * Gets a global variable
+ */
+function _getGlobal(key, defaultValue) {
+    /* eslint-disable @typescript-eslint/no-explicit-any */
+    const value = global[key];
+    /* eslint-enable @typescript-eslint/no-explicit-any */
+    return value !== undefined ? value : defaultValue;
+}
 //# sourceMappingURL=tool-cache.js.map

node_modules/@actions/tool-cache/node_modules/@actions/core/README.md

@@ -0,0 +1,146 @@
+# `@actions/core`
+
+> Core functions for setting results, logging, registering secrets and exporting variables across actions
+
+## Usage
+
+### Import the package
+
+```js
+// javascript
+const core = require('@actions/core');
+
+// typescript
+import * as core from '@actions/core';
+```
+
+#### Inputs/Outputs
+
+Action inputs can be read with `getInput`.  Outputs can be set with `setOutput` which makes them available to be mapped into inputs of other actions to ensure they are decoupled.
+
+```js
+const myInput = core.getInput('inputName', { required: true });
+
+core.setOutput('outputKey', 'outputVal');
+```
+
+#### Exporting variables
+
+Since each step runs in a separate process, you can use `exportVariable` to add it to this step and future steps environment blocks.
+
+```js
+core.exportVariable('envVar', 'Val');
+```
+
+#### Setting a secret
+
+Setting a secret registers the secret with the runner to ensure it is masked in logs.
+
+```js
+core.setSecret('myPassword');
+```
+
+#### PATH Manipulation
+
+To make a tool's path available in the path for the remainder of the job (without altering the machine or containers state), use `addPath`.  The runner will prepend the path given to the jobs PATH.
+
+```js
+core.addPath('/path/to/mytool');
+```
+
+#### Exit codes
+
+You should use this library to set the failing exit code for your action.  If status is not set and the script runs to completion, that will lead to a success.
+
+```js
+const core = require('@actions/core');
+
+try {
+  // Do stuff
+}
+catch (err) {
+  // setFailed logs the message and sets a failing exit code
+  core.setFailed(`Action failed with error ${err}`);
+}
+
+Note that `setNeutral` is not yet implemented in actions V2 but equivalent functionality is being planned.
+
+```
+
+#### Logging
+
+Finally, this library provides some utilities for logging. Note that debug logging is hidden from the logs by default. This behavior can be toggled by enabling the [Step Debug Logs](../../docs/action-debugging.md#step-debug-logs).
+
+```js
+const core = require('@actions/core');
+
+const myInput = core.getInput('input');
+try {
+  core.debug('Inside try block');
+  
+  if (!myInput) {
+    core.warning('myInput was not set');
+  }
+  
+  if (core.isDebug()) {
+    // curl -v https://github.com
+  } else {
+    // curl https://github.com
+  }
+
+  // Do stuff
+}
+catch (err) {
+  core.error(`Error ${err}, action may still succeed though`);
+}
+```
+
+This library can also wrap chunks of output in foldable groups.
+
+```js
+const core = require('@actions/core')
+
+// Manually wrap output
+core.startGroup('Do some function')
+doSomeFunction()
+core.endGroup()
+
+// Wrap an asynchronous function call
+const result = await core.group('Do something async', async () => {
+  const response = await doSomeHTTPRequest()
+  return response
+})
+```
+
+#### Action state
+
+You can use this library to save state and get state for sharing information between a given wrapper action: 
+
+**action.yml**
+```yaml
+name: 'Wrapper action sample'
+inputs:
+  name:
+    default: 'GitHub'
+runs:
+  using: 'node12'
+  main: 'main.js'
+  post: 'cleanup.js'
+```
+
+In action's `main.js`:
+
+```js
+const core = require('@actions/core');
+
+core.saveState("pidToKill", 12345);
+```
+
+In action's `cleanup.js`:
+```js
+const core = require('@actions/core');
+
+var pid = core.getState("pidToKill");
+
+process.kill(pid);
+```

node_modules/@actions/tool-cache/node_modules/@actions/core/lib/command.d.ts

@@ -0,0 +1,21 @@
+interface CommandProperties {
+    [key: string]: any;
+}
+/**
+ * Commands
+ *
+ * Command Format:
+ *   ::name key=value,key=value::message
+ *
+ * Examples:
+ *   ::warning::This is the message
+ *   ::set-env name=MY_VAR::some value
+ */
+export declare function issueCommand(command: string, properties: CommandProperties, message: any): void;
+export declare function issue(name: string, message?: string): void;
+/**
+ * Sanitizes an input into a string so it can be passed into issueCommand safely
+ * @param input input to sanitize into a string
+ */
+export declare function toCommandValue(input: any): string;
+export {};

node_modules/@actions/tool-cache/node_modules/@actions/core/lib/command.js

@@ -0,0 +1,92 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const os = __importStar(require("os"));
+/**
+ * Commands
+ *
+ * Command Format:
+ *   ::name key=value,key=value::message
+ *
+ * Examples:
+ *   ::warning::This is the message
+ *   ::set-env name=MY_VAR::some value
+ */
+function issueCommand(command, properties, message) {
+    const cmd = new Command(command, properties, message);
+    process.stdout.write(cmd.toString() + os.EOL);
+}
+exports.issueCommand = issueCommand;
+function issue(name, message = '') {
+    issueCommand(name, {}, message);
+}
+exports.issue = issue;
+const CMD_STRING = '::';
+class Command {
+    constructor(command, properties, message) {
+        if (!command) {
+            command = 'missing.command';
+        }
+        this.command = command;
+        this.properties = properties;
+        this.message = message;
+    }
+    toString() {
+        let cmdStr = CMD_STRING + this.command;
+        if (this.properties && Object.keys(this.properties).length > 0) {
+            cmdStr += ' ';
+            let first = true;
+            for (const key in this.properties) {
+                if (this.properties.hasOwnProperty(key)) {
+                    const val = this.properties[key];
+                    if (val) {
+                        if (first) {
+                            first = false;
+                        }
+                        else {
+                            cmdStr += ',';
+                        }
+                        cmdStr += `${key}=${escapeProperty(val)}`;
+                    }
+                }
+            }
+        }
+        cmdStr += `${CMD_STRING}${escapeData(this.message)}`;
+        return cmdStr;
+    }
+}
+/**
+ * Sanitizes an input into a string so it can be passed into issueCommand safely
+ * @param input input to sanitize into a string
+ */
+function toCommandValue(input) {
+    if (input === null || input === undefined) {
+        return '';
+    }
+    else if (typeof input === 'string' || input instanceof String) {
+        return input;
+    }
+    return JSON.stringify(input);
+}
+exports.toCommandValue = toCommandValue;
+function escapeData(s) {
+    return toCommandValue(s)
+        .replace(/%/g, '%25')
+        .replace(/\r/g, '%0D')
+        .replace(/\n/g, '%0A');
+}
+function escapeProperty(s) {
+    return toCommandValue(s)
+        .replace(/%/g, '%25')
+        .replace(/\r/g, '%0D')
+        .replace(/\n/g, '%0A')
+        .replace(/:/g, '%3A')
+        .replace(/,/g, '%2C');
+}
+//# sourceMappingURL=command.js.map

node_modules/@actions/tool-cache/node_modules/@actions/core/lib/command.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"command.js","sourceRoot":"","sources":["../src/command.ts"],"names":[],"mappings":";;;;;;;;;AAAA,uCAAwB;AAWxB;;;;;;;;;GASG;AACH,SAAgB,YAAY,CAC1B,OAAe,EACf,UAA6B,EAC7B,OAAY;IAEZ,MAAM,GAAG,GAAG,IAAI,OAAO,CAAC,OAAO,EAAE,UAAU,EAAE,OAAO,CAAC,CAAA;IACrD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,GAAG,CAAC,CAAA;AAC/C,CAAC;AAPD,oCAOC;AAED,SAAgB,KAAK,CAAC,IAAY,EAAE,UAAkB,EAAE;IACtD,YAAY,CAAC,IAAI,EAAE,EAAE,EAAE,OAAO,CAAC,CAAA;AACjC,CAAC;AAFD,sBAEC;AAED,MAAM,UAAU,GAAG,IAAI,CAAA;AAEvB,MAAM,OAAO;IAKX,YAAY,OAAe,EAAE,UAA6B,EAAE,OAAe;QACzE,IAAI,CAAC,OAAO,EAAE;YACZ,OAAO,GAAG,iBAAiB,CAAA;SAC5B;QAED,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;QACtB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAA;QAC5B,IAAI,CAAC,OAAO,GAAG,OAAO,CAAA;IACxB,CAAC;IAED,QAAQ;QACN,IAAI,MAAM,GAAG,UAAU,GAAG,IAAI,CAAC,OAAO,CAAA;QAEtC,IAAI,IAAI,CAAC,UAAU,IAAI,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,MAAM,GAAG,CAAC,EAAE;YAC9D,MAAM,IAAI,GAAG,CAAA;YACb,IAAI,KAAK,GAAG,IAAI,CAAA;YAChB,KAAK,MAAM,GAAG,IAAI,IAAI,CAAC,UAAU,EAAE;gBACjC,IAAI,IAAI,CAAC,UAAU,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE;oBACvC,MAAM,GAAG,GAAG,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;oBAChC,IAAI,GAAG,EAAE;wBACP,IAAI,KAAK,EAAE;4BACT,KAAK,GAAG,KAAK,CAAA;yBACd;6BAAM;4BACL,MAAM,IAAI,GAAG,CAAA;yBACd;wBAED,MAAM,IAAI,GAAG,GAAG,IAAI,cAAc,CAAC,GAAG,CAAC,EAAE,CAAA;qBAC1C;iBACF;aACF;SACF;QAED,MAAM,IAAI,GAAG,UAAU,GAAG,UAAU,CAAC,IAAI,CAAC,OAAO,CAAC,EAAE,CAAA;QACpD,OAAO,MAAM,CAAA;IACf,CAAC;CACF;AAED;;;GAGG;AACH,SAAgB,cAAc,CAAC,KAAU;IACvC,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,KAAK,SAAS,EAAE;QACzC,OAAO,EAAE,CAAA;KACV;SAAM,IAAI,OAAO,KAAK,KAAK,QAAQ,IAAI,KAAK,YAAY,MAAM,EAAE;QAC/D,OAAO,KAAe,CAAA;KACvB;IACD,OAAO,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,CAAA;AAC9B,CAAC;AAPD,wCAOC;AAED,SAAS,UAAU,CAAC,CAAM;IACxB,OAAO,cAAc,CAAC,CAAC,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC;SACpB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;SACrB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC,CAAA;AAC1B,CAAC;AAED,SAAS,cAAc,CAAC,CAAM;IAC5B,OAAO,cAAc,CAAC,CAAC,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC;SACpB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;SACrB,OAAO,CAAC,KAAK,EAAE,KAAK,CAAC;SACrB,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC;SACpB,OAAO,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;AACzB,CAAC"}

node_modules/@actions/tool-cache/node_modules/@actions/core/lib/core.d.ts

@@ -0,0 +1,122 @@
+/**
+ * Interface for getInput options
+ */
+export interface InputOptions {
+    /** Optional. Whether the input is required. If required and not present, will throw. Defaults to false */
+    required?: boolean;
+}
+/**
+ * The code to exit an action
+ */
+export declare enum ExitCode {
+    /**
+     * A code indicating that the action was successful
+     */
+    Success = 0,
+    /**
+     * A code indicating that the action was a failure
+     */
+    Failure = 1
+}
+/**
+ * Sets env variable for this action and future actions in the job
+ * @param name the name of the variable to set
+ * @param val the value of the variable. Non-string values will be converted to a string via JSON.stringify
+ */
+export declare function exportVariable(name: string, val: any): void;
+/**
+ * Registers a secret which will get masked from logs
+ * @param secret value of the secret
+ */
+export declare function setSecret(secret: string): void;
+/**
+ * Prepends inputPath to the PATH (for this action and future actions)
+ * @param inputPath
+ */
+export declare function addPath(inputPath: string): void;
+/**
+ * Gets the value of an input.  The value is also trimmed.
+ *
+ * @param     name     name of the input to get
+ * @param     options  optional. See InputOptions.
+ * @returns   string
+ */
+export declare function getInput(name: string, options?: InputOptions): string;
+/**
+ * Sets the value of an output.
+ *
+ * @param     name     name of the output to set
+ * @param     value    value to store. Non-string values will be converted to a string via JSON.stringify
+ */
+export declare function setOutput(name: string, value: any): void;
+/**
+ * Enables or disables the echoing of commands into stdout for the rest of the step.
+ * Echoing is disabled by default if ACTIONS_STEP_DEBUG is not set.
+ *
+ */
+export declare function setCommandEcho(enabled: boolean): void;
+/**
+ * Sets the action status to failed.
+ * When the action exits it will be with an exit code of 1
+ * @param message add error issue message
+ */
+export declare function setFailed(message: string | Error): void;
+/**
+ * Gets whether Actions Step Debug is on or not
+ */
+export declare function isDebug(): boolean;
+/**
+ * Writes debug message to user log
+ * @param message debug message
+ */
+export declare function debug(message: string): void;
+/**
+ * Adds an error issue
+ * @param message error issue message. Errors will be converted to string via toString()
+ */
+export declare function error(message: string | Error): void;
+/**
+ * Adds an warning issue
+ * @param message warning issue message. Errors will be converted to string via toString()
+ */
+export declare function warning(message: string | Error): void;
+/**
+ * Writes info to log with console.log.
+ * @param message info message
+ */
+export declare function info(message: string): void;
+/**
+ * Begin an output group.
+ *
+ * Output until the next `groupEnd` will be foldable in this group
+ *
+ * @param name The name of the output group
+ */
+export declare function startGroup(name: string): void;
+/**
+ * End an output group.
+ */
+export declare function endGroup(): void;
+/**
+ * Wrap an asynchronous function call in a group.
+ *
+ * Returns the same type as the function itself.
+ *
+ * @param name The name of the group
+ * @param fn The function to wrap in the group
+ */
+export declare function group<T>(name: string, fn: () => Promise<T>): Promise<T>;
+/**
+ * Saves state for current action, the state can only be retrieved by this action's post job execution.
+ *
+ * @param     name     name of the state to store
+ * @param     value    value to store. Non-string values will be converted to a string via JSON.stringify
+ */
+export declare function saveState(name: string, value: any): void;
+/**
+ * Gets the value of an state set by this action's main execution.
+ *
+ * @param     name     name of the state to get
+ * @returns   string
+ */
+export declare function getState(name: string): string;

node_modules/@actions/tool-cache/node_modules/@actions/core/lib/core.js

@@ -0,0 +1,222 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const command_1 = require("./command");
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+/**
+ * The code to exit an action
+ */
+var ExitCode;
+(function (ExitCode) {
+    /**
+     * A code indicating that the action was successful
+     */
+    ExitCode[ExitCode["Success"] = 0] = "Success";
+    /**
+     * A code indicating that the action was a failure
+     */
+    ExitCode[ExitCode["Failure"] = 1] = "Failure";
+})(ExitCode = exports.ExitCode || (exports.ExitCode = {}));
+//-----------------------------------------------------------------------
+// Variables
+//-----------------------------------------------------------------------
+/**
+ * Sets env variable for this action and future actions in the job
+ * @param name the name of the variable to set
+ * @param val the value of the variable. Non-string values will be converted to a string via JSON.stringify
+ */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+function exportVariable(name, val) {
+    const convertedVal = command_1.toCommandValue(val);
+    process.env[name] = convertedVal;
+    command_1.issueCommand('set-env', { name }, convertedVal);
+}
+exports.exportVariable = exportVariable;
+/**
+ * Registers a secret which will get masked from logs
+ * @param secret value of the secret
+ */
+function setSecret(secret) {
+    command_1.issueCommand('add-mask', {}, secret);
+}
+exports.setSecret = setSecret;
+/**
+ * Prepends inputPath to the PATH (for this action and future actions)
+ * @param inputPath
+ */
+function addPath(inputPath) {
+    command_1.issueCommand('add-path', {}, inputPath);
+    process.env['PATH'] = `${inputPath}${path.delimiter}${process.env['PATH']}`;
+}
+exports.addPath = addPath;
+/**
+ * Gets the value of an input.  The value is also trimmed.
+ *
+ * @param     name     name of the input to get
+ * @param     options  optional. See InputOptions.
+ * @returns   string
+ */
+function getInput(name, options) {
+    const val = process.env[`INPUT_${name.replace(/ /g, '_').toUpperCase()}`] || '';
+    if (options && options.required && !val) {
+        throw new Error(`Input required and not supplied: ${name}`);
+    }
+    return val.trim();
+}
+exports.getInput = getInput;
+/**
+ * Sets the value of an output.
+ *
+ * @param     name     name of the output to set
+ * @param     value    value to store. Non-string values will be converted to a string via JSON.stringify
+ */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+function setOutput(name, value) {
+    command_1.issueCommand('set-output', { name }, value);
+}
+exports.setOutput = setOutput;
+/**
+ * Enables or disables the echoing of commands into stdout for the rest of the step.
+ * Echoing is disabled by default if ACTIONS_STEP_DEBUG is not set.
+ *
+ */
+function setCommandEcho(enabled) {
+    command_1.issue('echo', enabled ? 'on' : 'off');
+}
+exports.setCommandEcho = setCommandEcho;
+//-----------------------------------------------------------------------
+// Results
+//-----------------------------------------------------------------------
+/**
+ * Sets the action status to failed.
+ * When the action exits it will be with an exit code of 1
+ * @param message add error issue message
+ */
+function setFailed(message) {
+    process.exitCode = ExitCode.Failure;
+    error(message);
+}
+exports.setFailed = setFailed;
+//-----------------------------------------------------------------------
+// Logging Commands
+//-----------------------------------------------------------------------
+/**
+ * Gets whether Actions Step Debug is on or not
+ */
+function isDebug() {
+    return process.env['RUNNER_DEBUG'] === '1';
+}
+exports.isDebug = isDebug;
+/**
+ * Writes debug message to user log
+ * @param message debug message
+ */
+function debug(message) {
+    command_1.issueCommand('debug', {}, message);
+}
+exports.debug = debug;
+/**
+ * Adds an error issue
+ * @param message error issue message. Errors will be converted to string via toString()
+ */
+function error(message) {
+    command_1.issue('error', message instanceof Error ? message.toString() : message);
+}
+exports.error = error;
+/**
+ * Adds an warning issue
+ * @param message warning issue message. Errors will be converted to string via toString()
+ */
+function warning(message) {
+    command_1.issue('warning', message instanceof Error ? message.toString() : message);
+}
+exports.warning = warning;
+/**
+ * Writes info to log with console.log.
+ * @param message info message
+ */
+function info(message) {
+    process.stdout.write(message + os.EOL);
+}
+exports.info = info;
+/**
+ * Begin an output group.
+ *
+ * Output until the next `groupEnd` will be foldable in this group
+ *
+ * @param name The name of the output group
+ */
+function startGroup(name) {
+    command_1.issue('group', name);
+}
+exports.startGroup = startGroup;
+/**
+ * End an output group.
+ */
+function endGroup() {
+    command_1.issue('endgroup');
+}
+exports.endGroup = endGroup;
+/**
+ * Wrap an asynchronous function call in a group.
+ *
+ * Returns the same type as the function itself.
+ *
+ * @param name The name of the group
+ * @param fn The function to wrap in the group
+ */
+function group(name, fn) {
+    return __awaiter(this, void 0, void 0, function* () {
+        startGroup(name);
+        let result;
+        try {
+            result = yield fn();
+        }
+        finally {
+            endGroup();
+        }
+        return result;
+    });
+}
+exports.group = group;
+//-----------------------------------------------------------------------
+// Wrapper action state
+//-----------------------------------------------------------------------
+/**
+ * Saves state for current action, the state can only be retrieved by this action's post job execution.
+ *
+ * @param     name     name of the state to store
+ * @param     value    value to store. Non-string values will be converted to a string via JSON.stringify
+ */
+// eslint-disable-next-line @typescript-eslint/no-explicit-any
+function saveState(name, value) {
+    command_1.issueCommand('save-state', { name }, value);
+}
+exports.saveState = saveState;
+/**
+ * Gets the value of an state set by this action's main execution.
+ *
+ * @param     name     name of the state to get
+ * @returns   string
+ */
+function getState(name) {
+    return process.env[`STATE_${name}`] || '';
+}
+exports.getState = getState;
+//# sourceMappingURL=core.js.map

node_modules/@actions/tool-cache/node_modules/@actions/core/lib/core.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"core.js","sourceRoot":"","sources":["../src/core.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;AAAA,uCAA6D;AAE7D,uCAAwB;AACxB,2CAA4B;AAU5B;;GAEG;AACH,IAAY,QAUX;AAVD,WAAY,QAAQ;IAClB;;OAEG;IACH,6CAAW,CAAA;IAEX;;OAEG;IACH,6CAAW,CAAA;AACb,CAAC,EAVW,QAAQ,GAAR,gBAAQ,KAAR,gBAAQ,QAUnB;AAED,yEAAyE;AACzE,YAAY;AACZ,yEAAyE;AAEzE;;;;GAIG;AACH,8DAA8D;AAC9D,SAAgB,cAAc,CAAC,IAAY,EAAE,GAAQ;IACnD,MAAM,YAAY,GAAG,wBAAc,CAAC,GAAG,CAAC,CAAA;IACxC,OAAO,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,YAAY,CAAA;IAChC,sBAAY,CAAC,SAAS,EAAE,EAAC,IAAI,EAAC,EAAE,YAAY,CAAC,CAAA;AAC/C,CAAC;AAJD,wCAIC;AAED;;;GAGG;AACH,SAAgB,SAAS,CAAC,MAAc;IACtC,sBAAY,CAAC,UAAU,EAAE,EAAE,EAAE,MAAM,CAAC,CAAA;AACtC,CAAC;AAFD,8BAEC;AAED;;;GAGG;AACH,SAAgB,OAAO,CAAC,SAAiB;IACvC,sBAAY,CAAC,UAAU,EAAE,EAAE,EAAE,SAAS,CAAC,CAAA;IACvC,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,GAAG,GAAG,SAAS,GAAG,IAAI,CAAC,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAA;AAC7E,CAAC;AAHD,0BAGC;AAED;;;;;;GAMG;AACH,SAAgB,QAAQ,CAAC,IAAY,EAAE,OAAsB;IAC3D,MAAM,GAAG,GACP,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,WAAW,EAAE,EAAE,CAAC,IAAI,EAAE,CAAA;IACrE,IAAI,OAAO,IAAI,OAAO,CAAC,QAAQ,IAAI,CAAC,GAAG,EAAE;QACvC,MAAM,IAAI,KAAK,CAAC,oCAAoC,IAAI,EAAE,CAAC,CAAA;KAC5D;IAED,OAAO,GAAG,CAAC,IAAI,EAAE,CAAA;AACnB,CAAC;AARD,4BAQC;AAED;;;;;GAKG;AACH,8DAA8D;AAC9D,SAAgB,SAAS,CAAC,IAAY,EAAE,KAAU;IAChD,sBAAY,CAAC,YAAY,EAAE,EAAC,IAAI,EAAC,EAAE,KAAK,CAAC,CAAA;AAC3C,CAAC;AAFD,8BAEC;AAED;;;;GAIG;AACH,SAAgB,cAAc,CAAC,OAAgB;IAC7C,eAAK,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,CAAA;AACvC,CAAC;AAFD,wCAEC;AAED,yEAAyE;AACzE,UAAU;AACV,yEAAyE;AAEzE;;;;GAIG;AACH,SAAgB,SAAS,CAAC,OAAuB;IAC/C,OAAO,CAAC,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAA;IAEnC,KAAK,CAAC,OAAO,CAAC,CAAA;AAChB,CAAC;AAJD,8BAIC;AAED,yEAAyE;AACzE,mBAAmB;AACnB,yEAAyE;AAEzE;;GAEG;AACH,SAAgB,OAAO;IACrB,OAAO,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,KAAK,GAAG,CAAA;AAC5C,CAAC;AAFD,0BAEC;AAED;;;GAGG;AACH,SAAgB,KAAK,CAAC,OAAe;IACnC,sBAAY,CAAC,OAAO,EAAE,EAAE,EAAE,OAAO,CAAC,CAAA;AACpC,CAAC;AAFD,sBAEC;AAED;;;GAGG;AACH,SAAgB,KAAK,CAAC,OAAuB;IAC3C,eAAK,CAAC,OAAO,EAAE,OAAO,YAAY,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;AACzE,CAAC;AAFD,sBAEC;AAED;;;GAGG;AACH,SAAgB,OAAO,CAAC,OAAuB;IAC7C,eAAK,CAAC,SAAS,EAAE,OAAO,YAAY,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,CAAA;AAC3E,CAAC;AAFD,0BAEC;AAED;;;GAGG;AACH,SAAgB,IAAI,CAAC,OAAe;IAClC,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,GAAG,EAAE,CAAC,GAAG,CAAC,CAAA;AACxC,CAAC;AAFD,oBAEC;AAED;;;;;;GAMG;AACH,SAAgB,UAAU,CAAC,IAAY;IACrC,eAAK,CAAC,OAAO,EAAE,IAAI,CAAC,CAAA;AACtB,CAAC;AAFD,gCAEC;AAED;;GAEG;AACH,SAAgB,QAAQ;IACtB,eAAK,CAAC,UAAU,CAAC,CAAA;AACnB,CAAC;AAFD,4BAEC;AAED;;;;;;;GAOG;AACH,SAAsB,KAAK,CAAI,IAAY,EAAE,EAAoB;;QAC/D,UAAU,CAAC,IAAI,CAAC,CAAA;QAEhB,IAAI,MAAS,CAAA;QAEb,IAAI;YACF,MAAM,GAAG,MAAM,EAAE,EAAE,CAAA;SACpB;gBAAS;YACR,QAAQ,EAAE,CAAA;SACX;QAED,OAAO,MAAM,CAAA;IACf,CAAC;CAAA;AAZD,sBAYC;AAED,yEAAyE;AACzE,uBAAuB;AACvB,yEAAyE;AAEzE;;;;;GAKG;AACH,8DAA8D;AAC9D,SAAgB,SAAS,CAAC,IAAY,EAAE,KAAU;IAChD,sBAAY,CAAC,YAAY,EAAE,EAAC,IAAI,EAAC,EAAE,KAAK,CAAC,CAAA;AAC3C,CAAC;AAFD,8BAEC;AAED;;;;;GAKG;AACH,SAAgB,QAAQ,CAAC,IAAY;IACnC,OAAO,OAAO,CAAC,GAAG,CAAC,SAAS,IAAI,EAAE,CAAC,IAAI,EAAE,CAAA;AAC3C,CAAC;AAFD,4BAEC"}

node_modules/@actions/tool-cache/node_modules/@actions/core/package.json

@@ -0,0 +1,40 @@
+{
+  "name": "@actions/core",
+  "version": "1.2.4",
+  "description": "Actions core lib",
+  "keywords": [
+    "github",
+    "actions",
+    "core"
+  ],
+  "homepage": "https://github.com/actions/toolkit/tree/master/packages/core",
+  "license": "MIT",
+  "main": "lib/core.js",
+  "types": "lib/core.d.ts",
+  "directories": {
+    "lib": "lib",
+    "test": "__tests__"
+  },
+  "files": [
+    "lib"
+  ],
+  "publishConfig": {
+    "access": "public"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/actions/toolkit.git",
+    "directory": "packages/core"
+  },
+  "scripts": {
+    "audit-moderate": "npm install && npm audit --audit-level=moderate",
+    "test": "echo \"Error: run tests from root\" && exit 1",
+    "tsc": "tsc"
+  },
+  "bugs": {
+    "url": "https://github.com/actions/toolkit/issues"
+  },
+  "devDependencies": {
+    "@types/node": "^12.0.2"
+  }
+}

node_modules/@actions/tool-cache/package.json

@@ -1,15 +1,16 @@
 {
   "name": "@actions/tool-cache",
-  "version": "1.1.2",
+  "version": "1.5.5",
   "description": "Actions tool-cache lib",
   "keywords": [
     "github",
     "actions",
     "exec"
   ],
-  "homepage": "https://github.com/actions/toolkit/tree/master/packages/exec",
+  "homepage": "https://github.com/actions/toolkit/tree/master/packages/tool-cache",
   "license": "MIT",
   "main": "lib/tool-cache.js",
+  "types": "lib/tool-cache.d.ts",
   "directories": {
     "lib": "lib",
     "test": "__tests__"
@@ -23,9 +24,11 @@
   },
   "repository": {
     "type": "git",
-    "url": "git+https://github.com/actions/toolkit.git"
+    "url": "git+https://github.com/actions/toolkit.git",
+    "directory": "packages/tool-cache"
   },
   "scripts": {
+    "audit-moderate": "npm install && npm audit --audit-level=moderate",
     "test": "echo \"Error: run tests from root\" && exit 1",
     "tsc": "tsc"
   },
@@ -33,11 +36,11 @@
     "url": "https://github.com/actions/toolkit/issues"
   },
   "dependencies": {
-    "@actions/core": "^1.1.0",
-    "@actions/exec": "^1.0.1",
+    "@actions/core": "^1.2.3",
+    "@actions/exec": "^1.0.0",
+    "@actions/http-client": "^1.0.8",
     "@actions/io": "^1.0.1",
     "semver": "^6.1.0",
-    "typed-rest-client": "^1.4.0",
     "uuid": "^3.3.2"
   },
   "devDependencies": {

node_modules/@types/nock/LICENSE

@@ -0,0 +1,21 @@
+    MIT License
+
+    Copyright (c) Microsoft Corporation. All rights reserved.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE

node_modules/@types/nock/README.md

@@ -0,0 +1,3 @@
+This is a stub types definition for nock (https://github.com/nock/nock).
+
+nock provides its own type definitions, so you don't need @types/nock installed!

node_modules/@types/nock/package.json

@@ -0,0 +1,14 @@
+{
+  "name": "@types/nock",
+  "version": "11.1.0",
+  "typings": null,
+  "description": "Stub TypeScript definitions entry for nock, which provides its own types definitions",
+  "main": "",
+  "scripts": {},
+  "author": "",
+  "repository": "https://github.com/nock/nock",
+  "license": "MIT",
+  "dependencies": {
+    "nock": "*"
+  }
+}

node_modules/@types/semver/LICENSE

@@ -0,0 +1,21 @@
+    MIT License
+
+    Copyright (c) Microsoft Corporation.
+
+    Permission is hereby granted, free of charge, to any person obtaining a copy
+    of this software and associated documentation files (the "Software"), to deal
+    in the Software without restriction, including without limitation the rights
+    to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+    copies of the Software, and to permit persons to whom the Software is
+    furnished to do so, subject to the following conditions:
+
+    The above copyright notice and this permission notice shall be included in all
+    copies or substantial portions of the Software.
+
+    THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+    IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+    FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+    AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+    LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+    OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+    SOFTWARE

node_modules/@types/semver/README.md

@@ -0,0 +1,16 @@
+# Installation
+> `npm install --save @types/semver`
+
+# Summary
+This package contains type definitions for semver (https://github.com/npm/node-semver).
+
+# Details
+Files were exported from https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/semver.
+
+### Additional Details
+ * Last updated: Wed, 13 May 2020 16:20:54 GMT
+ * Dependencies: [@types/node](https://npmjs.com/package/@types/node)
+ * Global values: none
+
+# Credits
+These definitions were written by [Bart van der Schoor](https://github.com/Bartvds), [BendingBender](https://github.com/BendingBender), [Lucian Buzzo](https://github.com/LucianBuzzo), [Klaus Meinhardt](https://github.com/ajafff), [ExE Boss](https://github.com/ExE-Boss), and [Piotr Błażejewicz](https://github.com/peterblazejewicz).

node_modules/@types/semver/classes/comparator.d.ts

@@ -0,0 +1,17 @@
+import sermver = require('../');
+import SemVer = require('./semver');
+
+declare class Comparator {
+    constructor(comp: string | Comparator, optionsOrLoose?: boolean | sermver.Options);
+
+    semver: SemVer;
+    operator: '' | '=' | '<' | '>' | '<=' | '>=';
+    value: string;
+    loose: boolean;
+    options: sermver.Options;
+    parse(comp: string): void;
+    test(version: string | SemVer): boolean;
+    intersects(comp: Comparator, optionsOrLoose?: boolean | sermver.Options): boolean;
+}
+
+export = Comparator;

node_modules/@types/semver/classes/range.d.ts

@@ -0,0 +1,21 @@
+import semver = require('../');
+import Comparator = require('./comparator');
+import SemVer = require('./semver');
+
+declare class Range {
+    constructor(range: string | Range, optionsOrLoose?: boolean | semver.Options);
+
+    range: string;
+    raw: string;
+    loose: boolean;
+    options: semver.Options;
+    includePrerelease: boolean;
+    format(): string;
+    inspect(): string;
+
+    set: ReadonlyArray<ReadonlyArray<Comparator>>;
+    parseRange(range: string): ReadonlyArray<Comparator>;
+    test(version: string | SemVer): boolean;
+    intersects(range: Range, optionsOrLoose?: boolean | semver.Options): boolean;
+}
+export = Range;

node_modules/@types/semver/classes/semver.d.ts

@@ -0,0 +1,62 @@
+import semver = require('../');
+
+declare class SemVer {
+    constructor(version: string | SemVer, optionsOrLoose?: boolean | semver.Options);
+
+    raw: string;
+    loose: boolean;
+    options: semver.Options;
+    format(): string;
+    inspect(): string;
+
+    major: number;
+    minor: number;
+    patch: number;
+    version: string;
+    build: ReadonlyArray<string>;
+    prerelease: ReadonlyArray<string | number>;
+
+    /**
+     * Compares two versions excluding build identifiers (the bit after `+` in the semantic version string).
+     *
+     * @return
+     * - `0` if `this` == `other`
+     * - `1` if `this` is greater
+     * - `-1` if `other` is greater.
+     */
+    compare(other: string | SemVer): 1 | 0 | -1;
+
+    /**
+     * Compares the release portion of two versions.
+     *
+     * @return
+     * - `0` if `this` == `other`
+     * - `1` if `this` is greater
+     * - `-1` if `other` is greater.
+     */
+    compareMain(other: string | SemVer): 1 | 0 | -1;
+
+    /**
+     * Compares the prerelease portion of two versions.
+     *
+     * @return
+     * - `0` if `this` == `other`
+     * - `1` if `this` is greater
+     * - `-1` if `other` is greater.
+     */
+    comparePre(other: string | SemVer): 1 | 0 | -1;
+
+    /**
+     * Compares the build identifier of two versions.
+     *
+     * @return
+     * - `0` if `this` == `other`
+     * - `1` if `this` is greater
+     * - `-1` if `other` is greater.
+     */
+    compareBuild(other: string | SemVer): 1 | 0 | -1;
+
+    inc(release: semver.ReleaseType, identifier?: string): SemVer;
+}
+
+export = SemVer;

node_modules/@types/semver/functions/clean.d.ts

@@ -0,0 +1,8 @@
+import semver = require('../');
+
+/**
+ * Returns cleaned (removed leading/trailing whitespace, remove '=v' prefix) and parsed version, or null if version is invalid.
+ */
+declare function clean(version: string, optionsOrLoose?: boolean | semver.Options): string | null;
+
+export = clean;

node_modules/@types/semver/functions/cmp.d.ts

@@ -0,0 +1,16 @@
+import semver = require('../');
+import SemVer = require('../classes/semver');
+
+/**
+ * Pass in a comparison string, and it'll call the corresponding semver comparison function.
+ * "===" and "!==" do simple string comparison, but are included for completeness.
+ * Throws if an invalid comparison string is provided.
+ */
+declare function cmp(
+    v1: string | SemVer,
+    operator: semver.Operator,
+    v2: string | SemVer,
+    optionsOrLoose?: boolean | semver.Options,
+): boolean;
+
+export = cmp;

node_modules/@types/semver/functions/coerce.d.ts

@@ -0,0 +1,12 @@
+import semver = require('../');
+import SemVer = require('../classes/semver');
+
+/**
+ * Coerces a string to SemVer if possible
+ */
+declare function coerce(
+    version: string | number | SemVer | null | undefined,
+    options?: semver.CoerceOptions,
+): SemVer | null;
+
+export = coerce;

node_modules/@types/semver/functions/compare-build.d.ts

@@ -0,0 +1,16 @@
+import SemVer = require('../classes/semver');
+
+/**
+ * Compares two versions including build identifiers (the bit after `+` in the semantic version string).
+ *
+ * Sorts in ascending order when passed to `Array.sort()`.
+ *
+ * @return
+ * - `0` if `v1` == `v2`
+ * - `1` if `v1` is greater
+ * - `-1` if `v2` is greater.
+ *
+ * @since 6.1.0
+ */
+declare function compareBuild(a: string | SemVer, b: string | SemVer): 1 | 0 | -1;
+export = compareBuild;

node_modules/@types/semver/functions/compare-loose.d.ts

@@ -0,0 +1,5 @@
+import SemVer = require('../classes/semver');
+
+declare function compareLoose(v1: string | SemVer, v2: string | SemVer): 1 | 0 | -1;
+
+export = compareLoose;

node_modules/@types/semver/functions/compare.d.ts

@@ -0,0 +1,20 @@
+import semver = require('../');
+import SemVer = require('../classes/semver');
+
+/**
+ * Compares two versions excluding build identifiers (the bit after `+` in the semantic version string).
+ *
+ * Sorts in ascending order when passed to `Array.sort()`.
+ *
+ * @return
+ * - `0` if `v1` == `v2`
+ * - `1` if `v1` is greater
+ * - `-1` if `v2` is greater.
+ */
+declare function compare(
+    v1: string | SemVer,
+    v2: string | SemVer,
+    optionsOrLoose?: boolean | semver.Options,
+): 1 | 0 | -1;
+
+export = compare;

node_modules/@types/semver/functions/diff.d.ts

@@ -0,0 +1,13 @@
+import semver = require('../');
+import SemVer = require('../classes/semver');
+
+/**
+ * Returns difference between two versions by the release type (major, premajor, minor, preminor, patch, prepatch, or prerelease), or null if the versions are the same.
+ */
+declare function diff(
+    v1: string | SemVer,
+    v2: string | SemVer,
+    optionsOrLoose?: boolean | semver.Options,
+): semver.ReleaseType | null;
+
+export = diff;

node_modules/@types/semver/functions/eq.d.ts

@@ -0,0 +1,9 @@
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * v1 == v2 This is true if they're logically equivalent, even if they're not the exact same string. You already know how to compare strings.
+ */
+declare function eq(v1: string | SemVer, v2: string | SemVer, optionsOrLoose?: boolean | semver.Options): boolean;
+
+export = eq;

node_modules/@types/semver/functions/gt.d.ts

@@ -0,0 +1,9 @@
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * v1 > v2
+ */
+declare function gt(v1: string | SemVer, v2: string | SemVer, optionsOrLoose?: boolean | semver.Options): boolean;
+
+export = gt;

node_modules/@types/semver/functions/gte.d.ts

@@ -0,0 +1,9 @@
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * v1 >= v2
+ */
+declare function gte(v1: string | SemVer, v2: string | SemVer, optionsOrLoose?: boolean | semver.Options): boolean;
+
+export = gte;

node_modules/@types/semver/functions/inc.d.ts

@@ -0,0 +1,15 @@
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * Return the version incremented by the release type (major, minor, patch, or prerelease), or null if it's not valid.
+ */
+declare function inc(
+    version: string | SemVer,
+    release: semver.ReleaseType,
+    optionsOrLoose?: boolean | semver.Options,
+    identifier?: string,
+): string | null;
+declare function inc(version: string | SemVer, release: semver.ReleaseType, identifier?: string): string | null;
+
+export = inc;

node_modules/@types/semver/functions/lt.d.ts

@@ -0,0 +1,9 @@
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * v1 < v2
+ */
+declare function lt(v1: string | SemVer, v2: string | SemVer, optionsOrLoose?: boolean | semver.Options): boolean;
+
+export = lt;

node_modules/@types/semver/functions/lte.d.ts

@@ -0,0 +1,8 @@
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * v1 <= v2
+ */
+declare function lte(v1: string | SemVer, v2: string | SemVer, optionsOrLoose?: boolean | semver.Options): boolean;
+export = lte;

node_modules/@types/semver/functions/major.d.ts

@@ -0,0 +1,9 @@
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * Return the major version number.
+ */
+declare function major(version: string | SemVer, optionsOrLoose?: boolean | semver.Options): number;
+
+export = major;

node_modules/@types/semver/functions/minor.d.ts

@@ -0,0 +1,9 @@
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * Return the minor version number.
+ */
+declare function minor(version: string | SemVer, optionsOrLoose?: boolean | semver.Options): number;
+
+export = minor;

node_modules/@types/semver/functions/neq.d.ts

@@ -0,0 +1,9 @@
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * v1 != v2 The opposite of eq.
+ */
+declare function neq(v1: string | SemVer, v2: string | SemVer, optionsOrLoose?: boolean | semver.Options): boolean;
+
+export = neq;

node_modules/@types/semver/functions/parse.d.ts

@@ -0,0 +1,12 @@
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * Return the parsed version as a SemVer object, or null if it's not valid.
+ */
+declare function parse(
+    version: string | SemVer | null | undefined,
+    optionsOrLoose?: boolean | semver.Options,
+): SemVer | null;
+
+export = parse;

node_modules/@types/semver/functions/patch.d.ts

@@ -0,0 +1,9 @@
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * Return the patch version number.
+ */
+declare function patch(version: string | SemVer, optionsOrLoose?: boolean | semver.Options): number;
+
+export = patch;

node_modules/@types/semver/functions/prerelease.d.ts

@@ -0,0 +1,12 @@
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * Returns an array of prerelease components, or null if none exist.
+ */
+declare function prerelease(
+    version: string | SemVer,
+    optionsOrLoose?: boolean | semver.Options,
+): ReadonlyArray<string> | null;
+
+export = prerelease;

node_modules/@types/semver/functions/rcompare.d.ts

@@ -0,0 +1,15 @@
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * The reverse of compare.
+ *
+ * Sorts in descending order when passed to `Array.sort()`.
+ */
+declare function rcompare(
+    v1: string | SemVer,
+    v2: string | SemVer,
+    optionsOrLoose?: boolean | semver.Options,
+): 1 | 0 | -1;
+
+export = rcompare;

node_modules/@types/semver/functions/rsort.d.ts

@@ -0,0 +1,9 @@
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * Sorts an array of semver entries in descending order using `compareBuild()`.
+ */
+declare function rsort<T extends string | SemVer>(list: T[], optionsOrLoose?: boolean | semver.Options): T[];
+
+export = rsort;

node_modules/@types/semver/functions/satisfies.d.ts

@@ -0,0 +1,14 @@
+import Range = require('../classes/range');
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * Return true if the version satisfies the range.
+ */
+declare function satisfies(
+    version: string | SemVer,
+    range: string | Range,
+    optionsOrLoose?: boolean | semver.Options,
+): boolean;
+
+export = satisfies;

node_modules/@types/semver/functions/sort.d.ts

@@ -0,0 +1,9 @@
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * Sorts an array of semver entries in ascending order using `compareBuild()`.
+ */
+declare function sort<T extends string | SemVer>(list: T[], optionsOrLoose?: boolean | semver.Options): T[];
+
+export = sort;

node_modules/@types/semver/functions/valid.d.ts

@@ -0,0 +1,11 @@
+import semver = require('../');
+import SemVer = require('../classes/semver');
+/**
+ * Return the parsed version as a string, or null if it's not valid.
+ */
+declare function valid(
+    version: string | SemVer | null | undefined,
+    optionsOrLoose?: boolean | semver.Options,
+): string | null;
+
+export = valid;

node_modules/@types/semver/index.d.ts

@@ -0,0 +1,133 @@
+// Type definitions for semver 7.2
+// Project: https://github.com/npm/node-semver
+// Definitions by: Bart van der Schoor <https://github.com/Bartvds>
+//                 BendingBender <https://github.com/BendingBender>
+//                 Lucian Buzzo <https://github.com/LucianBuzzo>
+//                 Klaus Meinhardt <https://github.com/ajafff>
+//                 ExE Boss <https://github.com/ExE-Boss>
+//                 Piotr Błażejewicz <https://github.com/peterblazejewicz>
+// Definitions: https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/semver
+
+/// <reference types="node" />
+
+// re-exports for index file
+
+// functions for working with versions
+import semverParse = require('./functions/parse');
+import semverValid = require('./functions/valid');
+import semverClean = require('./functions/clean');
+import semverInc = require('./functions/inc');
+import semverDiff = require('./functions/diff');
+import semverMajor = require('./functions/major');
+import semverMinor = require('./functions/minor');
+import semverPatch = require('./functions/patch');
+import semverPrerelease = require('./functions/prerelease');
+import semverCompare = require('./functions/compare');
+import semverRcompare = require('./functions/rcompare');
+import semverCompareLoose = require('./functions/compare-loose');
+import semverCompareBuild = require('./functions/compare-build');
+import semverSort = require('./functions/sort');
+import semverRsort = require('./functions/rsort');
+
+export {
+    semverParse as parse,
+    semverValid as valid,
+    semverClean as clean,
+    semverInc as inc,
+    semverDiff as diff,
+    semverMajor as major,
+    semverMinor as minor,
+    semverPatch as patch,
+    semverPrerelease as prerelease,
+    semverCompare as compare,
+    semverRcompare as rcompare,
+    semverCompareLoose as compareLoose,
+    semverCompareBuild as compareBuild,
+    semverSort as sort,
+    semverRsort as rsort,
+};
+
+// low-level comparators between versions
+import semverGt = require('./functions/gt');
+import semverLt = require('./functions/lt');
+import semverEq = require('./functions/eq');
+import semverNeq = require('./functions/neq');
+import semverGte = require('./functions/gte');
+import semverLte = require('./functions/lte');
+import semverCmp = require('./functions/cmp');
+import semverCoerce = require('./functions/coerce');
+
+export {
+    semverGt as gt,
+    semverLt as lt,
+    semverEq as eq,
+    semverNeq as neq,
+    semverGte as gte,
+    semverLte as lte,
+    semverCmp as cmp,
+    semverCoerce as coerce,
+};
+
+// working with ranges
+import semverSatisfies = require('./functions/satisfies');
+import semverMaxSatisfying = require('./ranges/max-satisfying');
+import semverMinSatisfying = require('./ranges/min-satisfying');
+import semverToComparators = require('./ranges/to-comparators');
+import semverMinVersion = require('./ranges/min-version');
+import semverValidRange = require('./ranges/valid');
+import semverOutside = require('./ranges/outside');
+import semverGtr = require('./ranges/gtr');
+import semverLtr = require('./ranges/ltr');
+import semverIntersects = require('./ranges/intersects');
+import simplifyRange = require('./ranges/simplify');
+
+export {
+    semverSatisfies as satisfies,
+    semverMaxSatisfying as maxSatisfying,
+    semverMinSatisfying as minSatisfying,
+    semverToComparators as toComparators,
+    semverMinVersion as minVersion,
+    semverValidRange as validRange,
+    semverOutside as outside,
+    semverGtr as gtr,
+    semverLtr as ltr,
+    semverIntersects as intersects,
+    simplifyRange as simplify,
+};
+
+// classes
+import SemVer = require('./classes/semver');
+import Range = require('./classes/range');
+import Comparator = require('./classes/comparator');
+
+export { SemVer, Range, Comparator };
+
+// internals
+import identifiers = require('./internals/identifiers');
+export import compareIdentifiers = identifiers.compareIdentifiers;
+export import rcompareIdentifiers = identifiers.rcompareIdentifiers;
+
+export const SEMVER_SPEC_VERSION: '2.0.0';
+
+export type ReleaseType = 'major' | 'premajor' | 'minor' | 'preminor' | 'patch' | 'prepatch' | 'prerelease';
+
+export interface Options {
+    loose?: boolean;
+    includePrerelease?: boolean;
+}
+export interface CoerceOptions extends Options {
+    /**
+     * Used by `coerce()` to coerce from right to left.
+     *
+     * @default false
+     *
+     * @example
+     * coerce('1.2.3.4', { rtl: true });
+     * // => SemVer { version: '2.3.4', ... }
+     *
+     * @since 6.2.0
+     */
+    rtl?: boolean;
+}
+
+export type Operator = '===' | '!==' | '' | '=' | '==' | '!=' | '>' | '>=' | '<' | '<=';

node_modules/@types/semver/internals/identifiers.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Compares two identifiers, must be numeric strings or truthy/falsy values.
+ *
+ * Sorts in ascending order when passed to `Array.sort()`.
+ */
+export function compareIdentifiers(a: string | null | undefined, b: string | null | undefined): 1 | 0 | -1;
+
+/**
+ * The reverse of compareIdentifiers.
+ *
+ * Sorts in descending order when passed to `Array.sort()`.
+ */
+export function rcompareIdentifiers(a: string | null | undefined, b: string | null | undefined): 1 | 0 | -1;

node_modules/@types/semver/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "@types/semver",
+  "version": "7.2.0",
+  "description": "TypeScript definitions for semver",
+  "license": "MIT",
+  "contributors": [
+    {
+      "name": "Bart van der Schoor",
+      "url": "https://github.com/Bartvds",
+      "githubUsername": "Bartvds"
+    },
+    {
+      "name": "BendingBender",
+      "url": "https://github.com/BendingBender",
+      "githubUsername": "BendingBender"
+    },
+    {
+      "name": "Lucian Buzzo",
+      "url": "https://github.com/LucianBuzzo",
+      "githubUsername": "LucianBuzzo"
+    },
+    {
+      "name": "Klaus Meinhardt",
+      "url": "https://github.com/ajafff",
+      "githubUsername": "ajafff"
+    },
+    {
+      "name": "ExE Boss",
+      "url": "https://github.com/ExE-Boss",
+      "githubUsername": "ExE-Boss"
+    },
+    {
+      "name": "Piotr Błażejewicz",
+      "url": "https://github.com/peterblazejewicz",
+      "githubUsername": "peterblazejewicz"
+    }
+  ],
+  "main": "",
+  "types": "index.d.ts",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/DefinitelyTyped/DefinitelyTyped.git",
+    "directory": "types/semver"
+  },
+  "scripts": {},
+  "dependencies": {
+    "@types/node": "*"
+  },
+  "typesPublisherContentHash": "a85c812786f6121af7012f9234a35445623e4933797ddf4b52584d65deaec9ef",
+  "typeScriptVersion": "2.9"
+}

node_modules/@types/semver/preload.d.ts

@@ -0,0 +1,2 @@
+import semver = require('.');
+export = semver;

node_modules/@types/semver/ranges/gtr.d.ts

@@ -0,0 +1,14 @@
+import Range = require('../classes/range');
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * Return true if version is greater than all the versions possible in the range.
+ */
+declare function gtr(
+    version: string | SemVer,
+    range: string | Range,
+    optionsOrLoose?: boolean | semver.Options,
+): boolean;
+
+export = gtr;

node_modules/@types/semver/ranges/intersects.d.ts

@@ -0,0 +1,13 @@
+import Range = require('../classes/range');
+import semver = require('../');
+
+/**
+ * Return true if any of the ranges comparators intersect
+ */
+declare function intersects(
+    range1: string | Range,
+    range2: string | Range,
+    optionsOrLoose?: boolean | semver.Options,
+): boolean;
+
+export = intersects;

node_modules/@types/semver/ranges/ltr.d.ts

@@ -0,0 +1,14 @@
+import Range = require('../classes/range');
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * Return true if version is less than all the versions possible in the range.
+ */
+declare function ltr(
+    version: string | SemVer,
+    range: string | Range,
+    optionsOrLoose?: boolean | semver.Options,
+): boolean;
+
+export = ltr;

node_modules/@types/semver/ranges/max-satisfying.d.ts

@@ -0,0 +1,14 @@
+import Range = require('../classes/range');
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * Return the highest version in the list that satisfies the range, or null if none of them do.
+ */
+declare function maxSatisfying<T extends string | SemVer>(
+    versions: ReadonlyArray<T>,
+    range: string | Range,
+    optionsOrLoose?: boolean | semver.Options,
+): T | null;
+
+export = maxSatisfying;

node_modules/@types/semver/ranges/min-satisfying.d.ts

@@ -0,0 +1,14 @@
+import Range = require('../classes/range');
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * Return the lowest version in the list that satisfies the range, or null if none of them do.
+ */
+declare function minSatisfying<T extends string | SemVer>(
+    versions: ReadonlyArray<T>,
+    range: string | Range,
+    optionsOrLoose?: boolean | semver.Options,
+): T | null;
+
+export = minSatisfying;

node_modules/@types/semver/ranges/min-version.d.ts

@@ -0,0 +1,10 @@
+import Range = require('../classes/range');
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * Return the lowest version that can possibly match the given range.
+ */
+declare function minVersion(range: string | Range, optionsOrLoose?: boolean | semver.Options): SemVer | null;
+
+export = minVersion;

node_modules/@types/semver/ranges/outside.d.ts

@@ -0,0 +1,15 @@
+import Range = require('../classes/range');
+import SemVer = require('../classes/semver');
+import semver = require('../');
+
+/**
+ * Return true if the version is outside the bounds of the range in either the high or low direction.
+ * The hilo argument must be either the string '>' or '<'. (This is the function called by gtr and ltr.)
+ */
+declare function outside(
+    version: string | SemVer,
+    range: string | Range,
+    hilo: '>' | '<',
+    optionsOrLoose?: boolean | semver.Options,
+): boolean;
+export = outside;

node_modules/@types/semver/ranges/simplify.d.ts

@@ -0,0 +1,14 @@
+import Range = require('../classes/range');
+import semver = require('../');
+
+/**
+ * Return a "simplified" range that matches the same items in `versions` list as the range specified.
+ * Note that it does *not* guarantee that it would match the same versions in all cases,
+ * only for the set of versions provided.
+ * This is useful when generating ranges by joining together multiple versions with `||` programmatically,
+ * to provide the user with something a bit more ergonomic.
+ * If the provided range is shorter in string-length than the generated range, then that is returned.
+ */
+declare function simplify(ranges: string[], range: string | Range, options?: semver.Options): string | Range;
+
+export = simplify;

node_modules/@types/semver/ranges/to-comparators.d.ts

@@ -0,0 +1,9 @@
+import Range = require('../classes/range');
+import semver = require('../');
+
+/**
+ * Mostly just for testing and legacy API reasons
+ */
+declare function toComparators(range: string | Range, optionsOrLoose?: boolean | semver.Options): string;
+
+export = toComparators;

node_modules/@types/semver/ranges/valid.d.ts

@@ -0,0 +1,12 @@
+import Range = require('../classes/range');
+import semver = require('../');
+
+/**
+ * Return the valid range or null if it's not valid
+ */
+declare function validRange(
+    range: string | Range | null | undefined,
+    optionsOrLoose?: boolean | semver.Options,
+): string;
+
+export = validRange;