Try to shasum file

Try gzip nightlies too
Run file command
2025-12-06 07:48:17 +08:00 · 2024-11-11 16:41:03 +00:00 · 2024-11-11 16:38:50 +00:00 · 2024-11-11 16:15:30 +00:00 · 2024-11-11 16:13:43 +00:00 · 2024-11-11 15:51:13 +00:00
4 changed files with 47 additions and 24 deletions
--- a/.github/workflows/__packaging-config-inputs-js.yml
+++ b/.github/workflows/__packaging-config-inputs-js.yml
@@ -9,9 +9,6 @@ env:
  GO111MODULE: auto
 on:
  push:
-    branches:
-      - main
-      - releases/v*
  pull_request:
    types:
      - opened
@@ -27,24 +24,18 @@ jobs:
      fail-fast: false
      matrix:
        include:
-          - os: ubuntu-latest
-            version: linked
-          - os: macos-latest
-            version: linked
-          - os: windows-latest
-            version: linked
-          - os: ubuntu-latest
-            version: default
-          - os: macos-latest
-            version: default
-          - os: windows-latest
-            version: default
-          - os: ubuntu-latest
-            version: nightly-latest
-          - os: macos-latest
-            version: nightly-latest
          - os: windows-latest
            version: nightly-latest
+            tools: https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20241110/codeql-bundle-win64.tar.zst
+          - os: windows-latest
+            version: nightly-latest
+            tools: https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20241111/codeql-bundle-win64.tar.zst
+          - os: windows-latest
+            version: nightly-latest
+            tools: https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20241110/codeql-bundle-win64.tar.gz
+          - os: windows-latest
+            version: nightly-latest
+            tools: https://github.com/dsp-testing/codeql-cli-nightlies/releases/download/codeql-bundle-20241111/codeql-bundle-win64.tar.gz
    name: 'Packaging: Config and input'
    permissions:
      contents: read
@@ -71,7 +62,7 @@ jobs:
          config-file: .github/codeql/codeql-config-packaging3.yml
          packs: +codeql-testing/codeql-pack1@1.0.0
          languages: javascript
-          tools: ${{ steps.prepare-test.outputs.tools-url }}
+          tools: ${{ matrix.tools }}
      - name: Build code
        shell: bash
        run: ./build.sh
--- a/lib/tar.js
+++ b/lib/tar.js
@@ -139,9 +139,23 @@ async function extractTarZst(tar, tarVersion, logger) {
    logger.debug(`Extracting to ${dest}.${tar instanceof stream.Readable
        ? ` Input stream has high water mark ${tar.readableHighWaterMark}.`
        : ""}`);
+    if (typeof tar === "string") {
+        try {
+            await (0, actions_util_1.runTool)("sha256sum", [tar]);
+        }
+        catch (e) {
+            logger.error(`Could not determine the SHA256 checksum of the tar file at ${tar}. The underlying error was: ${e}`);
+        }
+        try {
+            await (0, actions_util_1.runTool)("file", [tar]);
+        }
+        catch (e) {
+            logger.error(`Could not determine the type of the tar file at ${tar}. The underlying error was: ${e}`);
+        }
+    }
    try {
        // Initialize args
-        const args = ["-x", "--zstd"];
+        const args = ["-x", "--zstd", "-v"];
        if (tarVersion.type === "gnu") {
            // Suppress warnings when using GNU tar to extract archives created by BSD tar
            args.push("--warning=no-unknown-keyword");
--- a/lib/tar.js.map
+++ b/lib/tar.js.map
--- a/src/tar.ts
+++ b/src/tar.ts
@@ -8,7 +8,7 @@ import * as toolcache from "@actions/tool-cache";
 import { safeWhich } from "@chrisgavin/safe-which";
 import { v4 as uuidV4 } from "uuid";

-import { CommandInvocationError, getTemporaryDirectory } from "./actions-util";
+import { CommandInvocationError, getTemporaryDirectory, runTool } from "./actions-util";
 import { Logger } from "./logging";
 import { assertNever, cleanUpGlob } from "./util";

@@ -150,9 +150,27 @@ export async function extractTarZst(
    }`,
  );

+  if (typeof tar === "string") {
+    try {
+      await runTool("sha256sum", [tar]);
+    } catch (e) {
+      logger.error(
+        `Could not determine the SHA256 checksum of the tar file at ${tar}. The underlying error was: ${e}`,
+      );
+    }
+
+    try {
+      await runTool("file", [tar]);
+    } catch (e) {
+      logger.error(
+        `Could not determine the type of the tar file at ${tar}. The underlying error was: ${e}`,
+      );
+    }
+  }
+
  try {
    // Initialize args
-    const args = ["-x", "--zstd"];
+    const args = ["-x", "--zstd", "-v"];

    if (tarVersion.type === "gnu") {
      // Suppress warnings when using GNU tar to extract archives created by BSD tar
Author	SHA1	Message	Date
Henry Mercer	e44aa4f878	Try to shasum file	2024-11-11 16:41:03 +00:00
Henry Mercer	ca4c034b14	Try gzip nightlies too	2024-11-11 16:38:50 +00:00
Henry Mercer	4d64f597f2	Run file command	2024-11-11 16:15:30 +00:00
Henry Mercer	ba76ee3536	Pass `-v`	2024-11-11 16:13:43 +00:00
Henry Mercer	10a3d4f147	Test latest two nightlies	2024-11-11 15:51:13 +00:00