Util for optional/required inputs

add error-catching wrapper around calls to toolrunner

.editorconfig

@@ -0,0 +1,10 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.ts]
+indent_style = space
+indent_size = 2

.eslintignore

@@ -0,0 +1,5 @@
+**/webpack.config.js
+lib/**
+runner/dist/**
+src/testdata/**
+tests/**

.eslintrc.json

@@ -0,0 +1,59 @@
+
+{
+    "parser": "@typescript-eslint/parser",
+    "parserOptions": {
+        "project": "./tsconfig.json"
+    },
+    "plugins": ["@typescript-eslint", "filenames", "github", "import", "no-async-foreach"],
+    "extends": [
+        "eslint:recommended",
+        "plugin:@typescript-eslint/recommended",
+        "plugin:@typescript-eslint/recommended-requiring-type-checking",
+        "plugin:github/recommended",
+        "plugin:github/typescript"
+    ],
+    "rules": {
+        "filenames/match-regex": ["error", "^[a-z0-9-]+(\\.test)?$"],
+        "import/extensions": "error",
+        "import/no-amd": "error",
+        "import/no-commonjs": "error",
+        "import/no-dynamic-require": "error",
+        "import/no-extraneous-dependencies": ["error", {"devDependencies": false}],
+        "import/no-namespace": "off",
+        "import/no-unresolved": "error",
+        "import/no-webpack-loader-syntax": "error",
+        "no-async-foreach/no-async-foreach": "error",
+        "no-console": "off",
+        "no-sequences": "error",
+        "one-var": ["error", "never"],
+        "sort-imports": ["error", { "allowSeparatedGroups": true }]
+    },
+    "overrides": [{
+        // "temporarily downgraded during transition to eslint
+        "files": "**",
+        "rules": {
+            "@typescript-eslint/ban-types": "off",
+            "@typescript-eslint/explicit-module-boundary-types": "off",
+            "@typescript-eslint/no-explicit-any": "off",
+            "@typescript-eslint/no-unsafe-assignment": "off",
+            "@typescript-eslint/no-unsafe-call": "off",
+            "@typescript-eslint/no-unsafe-member-access": "off",
+            "@typescript-eslint/no-unsafe-return": "off",
+            "@typescript-eslint/no-unused-vars": "off",
+            "@typescript-eslint/no-var-requires": "off",
+            "@typescript-eslint/prefer-regexp-exec": "off",
+            "@typescript-eslint/require-await": "off",
+            "@typescript-eslint/restrict-template-expressions": "off",
+            "eslint-comments/no-use": "off",
+            "func-style": "off",
+            "github/array-foreach": "off",
+            "github/no-then": "off",
+            "import/no-extraneous-dependencies": "off",
+            "no-shadow": "off",
+            "no-sparse-arrays": "off",
+            "no-throw-literal": "off",
+            "no-useless-escape": "off",
+            "sort-imports": "off"
+        }
+    }]
+}

.github/codeql/codeql-config.yml

@@ -10,4 +10,5 @@ queries:
   - uses: security-extended
   - uses: security-and-quality
 paths-ignore:
-  - tests
+  - tests
+  - lib

.github/pull_request_template.md

@@ -1,7 +1,4 @@
 ### Merge / deployment checklist
 
-- Run test builds as necessary. Can be on this repository or elsewhere as needed in order to test the change - please include links to tests in other repos!
-  - [ ] CodeQL using init/analyze actions
-  - [ ] 3rd party tool using upload action
 - [ ] Confirm this change is backwards compatible with existing workflows.
 - [ ] Confirm the [readme](https://github.com/github/codeql-action/blob/master/README.md) has been updated if necessary.

.github/update-release-branch.py

@@ -7,7 +7,7 @@ import sys
 
 # The branch being merged from.
 # This is the one that contains day-to-day development work.
-MASTER_BRANCH = 'master'
+MAIN_BRANCH = 'main'
 # The branch being merged into.
 # This is the release branch that users reference.
 LATEST_RELEASE_BRANCH = 'v1'
@@ -28,7 +28,7 @@ def branch_exists_on_remote(branch_name):
   return run_git('ls-remote', '--heads', ORIGIN, branch_name).strip() != ''
 
 # Opens a PR from the given branch to the release branch
-def open_pr(repo, all_commits, short_master_sha, branch_name):
+def open_pr(repo, all_commits, short_main_sha, branch_name):
   # Sort the commits into the pull requests that introduced them,
   # and any commits that don't have a pull request
   pull_requests = []
@@ -45,11 +45,11 @@ def open_pr(repo, all_commits, short_master_sha, branch_name):
   print('Found ' + str(len(commits_without_pull_requests)) + ' commits not in a pull request')
 
   # Sort PRs and commits by age
-  sorted(pull_requests, key=lambda pr: pr.number)
-  sorted(commits_without_pull_requests, key=lambda c: c.commit.author.date)
+  pull_requests = sorted(pull_requests, key=lambda pr: pr.number)
+  commits_without_pull_requests = sorted(commits_without_pull_requests, key=lambda c: c.commit.author.date)
   
   # Start constructing the body text
-  body = 'Merging ' + short_master_sha + ' into ' + LATEST_RELEASE_BRANCH
+  body = 'Merging ' + short_main_sha + ' into ' + LATEST_RELEASE_BRANCH
 
   conductor = get_conductor(repo, pull_requests, commits_without_pull_requests)
   body += '\n\nConductor for this PR is @' + conductor
@@ -71,7 +71,7 @@ def open_pr(repo, all_commits, short_master_sha, branch_name):
       body += ' - ' + get_truncated_commit_message(commit)
       body += ' (@' + commit.author.login + ')'
 
-  title = 'Merge ' + MASTER_BRANCH + ' into ' + LATEST_RELEASE_BRANCH
+  title = 'Merge ' + MAIN_BRANCH + ' into ' + LATEST_RELEASE_BRANCH
 
   # Create the pull request
   pr = repo.create_pull(title=title, body=body, head=branch_name, base=LATEST_RELEASE_BRANCH)
@@ -90,12 +90,12 @@ def get_conductor(repo, pull_requests, other_commits):
   # Otherwise take the author of the latest commit
   return other_commits[-1].author.login
 
-# Gets a list of the SHAs of all commits that have happened on master
+# Gets a list of the SHAs of all commits that have happened on main
 # since the release branched off.
 # This will not include any commits that exist on the release branch
-# that aren't on master.
+# that aren't on main.
 def get_commit_difference(repo):
-  commits = run_git('log', '--pretty=format:%H', ORIGIN + '/' + LATEST_RELEASE_BRANCH + '...' + MASTER_BRANCH).strip().split('\n')
+  commits = run_git('log', '--pretty=format:%H', ORIGIN + '/' + LATEST_RELEASE_BRANCH + '...' + MAIN_BRANCH).strip().split('\n')
 
   # Convert to full-fledged commit objects
   commits = [repo.get_commit(c) for c in commits]
@@ -115,7 +115,7 @@ def get_truncated_commit_message(commit):
   else:
     return message
 
-# Converts a commit into the PR that introduced it to the master branch.
+# Converts a commit into the PR that introduced it to the main branch.
 # Returns the PR object, or None if no PR could be found.
 def get_pr_for_commit(repo, commit):
   prs = commit.get_pulls()
@@ -144,20 +144,20 @@ def main():
   repo = Github(github_token).get_repo(repository_nwo)
 
   # Print what we intend to go
-  print('Considering difference between ' + MASTER_BRANCH + ' and ' + LATEST_RELEASE_BRANCH)
-  short_master_sha = run_git('rev-parse', '--short', MASTER_BRANCH).strip()
-  print('Current head of ' + MASTER_BRANCH + ' is ' + short_master_sha)
+  print('Considering difference between ' + MAIN_BRANCH + ' and ' + LATEST_RELEASE_BRANCH)
+  short_main_sha = run_git('rev-parse', '--short', MAIN_BRANCH).strip()
+  print('Current head of ' + MAIN_BRANCH + ' is ' + short_main_sha)
 
   # See if there are any commits to merge in
   commits = get_commit_difference(repo)
   if len(commits) == 0:
-    print('No commits to merge from ' + MASTER_BRANCH + ' to ' + LATEST_RELEASE_BRANCH)
+    print('No commits to merge from ' + MAIN_BRANCH + ' to ' + LATEST_RELEASE_BRANCH)
     return
 
   # The branch name is based off of the name of branch being merged into
   # and the SHA of the branch being merged from. Thus if the branch already
   # exists we can assume we don't need to recreate it.
-  new_branch_name = 'update-' + LATEST_RELEASE_BRANCH + '-' + short_master_sha
+  new_branch_name = 'update-' + LATEST_RELEASE_BRANCH + '-' + short_main_sha
   print('Branch name is ' + new_branch_name)
 
   # Check if the branch already exists. If so we can abort as this script
@@ -168,11 +168,11 @@ def main():
   
   # Create the new branch and push it to the remote
   print('Creating branch ' + new_branch_name)
-  run_git('checkout', '-b', new_branch_name, MASTER_BRANCH)
+  run_git('checkout', '-b', new_branch_name, MAIN_BRANCH)
   run_git('push', ORIGIN, new_branch_name)
 
   # Open a PR to update the branch
-  open_pr(repo, commits, short_master_sha, new_branch_name)
+  open_pr(repo, commits, short_main_sha, new_branch_name)
 
 if __name__ == '__main__':
   main()

.github/workflows/codeql.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ${{ matrix.os }}
 
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v2
       with:
         # Must fetch at least the immediate parents so that if this is
         # a pull request then we can checkout the head of the pull request.

.github/workflows/integration-testing.yml

@@ -22,7 +22,7 @@ jobs:
       env:
         TEST_MODE: true
     - run: |
-        cd "$CODEQL_ACTION_DATABASE_DIR"
+        cd "$RUNNER_TEMP/codeql_databases"
         # List all directories as there will be precisely one directory per database
         # but there may be other files in this directory such as query suites.
         if [ "$(ls -d */ | wc -l)" != 6 ] || \
@@ -36,7 +36,7 @@ jobs:
           exit 1
         fi
 
-  multi-language-repo_test-custom-queries:
+  multi-language-repo_test-custom-queries-and-remote-config:
     strategy:
       fail-fast: false
       matrix:
@@ -54,7 +54,7 @@ jobs:
     - uses: ./../action/init
       with:
         languages: cpp,csharp,java,javascript,python
-        config-file: ./.github/codeql/custom-queries.yml
+        config-file: github/codeql-action/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }}
     - name: Build code
       shell: bash
       run: ./build.sh
@@ -93,7 +93,6 @@ jobs:
       env:
         TEST_MODE: true
 
-
   multi-language-repo_rubocop:
     runs-on: ubuntu-latest
 
@@ -124,3 +123,324 @@ jobs:
         sarif_file: rubocop.sarif
       env:
         TEST_MODE: true
+
+  test-proxy:
+    runs-on: ubuntu-latest
+    container:
+      image: ubuntu:18.04
+      options: --dns 127.0.0.1
+    services:
+      squid-proxy:
+        image: datadog/squid:latest
+        ports:
+          - 3128:3128
+    env:
+      https_proxy: http://squid-proxy:3128
+    steps:
+    - uses: actions/checkout@v2
+    - name: Move codeql-action
+      shell: bash
+      run: |
+        mkdir ../action
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
+    - uses: ./../action/init
+      with:
+        languages: javascript
+    - uses: ./../action/analyze
+      env:
+        TEST_MODE: true
+  
+  runner-analyze-javascript-ubuntu:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Build runner
+      run: |
+        cd runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        # Pass --config-file here, but not for other jobs in this workflow.
+        # This means we're testing the config file parsing in the runner
+        # but not slowing down all jobs unnecessarily as it doesn't add much
+        # testing the parsing on different operating systems and languages.
+        runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Run analyze
+      run: |
+        runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+  
+  runner-analyze-javascript-windows:
+    runs-on: windows-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Build runner
+      run: |
+        cd runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages javascript --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Run analyze
+      run: |
+        runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+  
+  runner-analyze-javascript-macos:
+    runs-on: macos-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Build runner
+      run: |
+        cd runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages javascript --config-file ./.github/codeql/codeql-config.yml --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Run analyze
+      run: |
+        runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+  
+  runner-analyze-csharp-ubuntu:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Move codeql-action
+      shell: bash
+      run: |
+        mkdir ../action
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
+
+    - name: Build runner
+      run: |
+        cd ../action/runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Build code
+      run: |
+        . ./codeql-runner/codeql-env.sh
+        dotnet build
+
+    - name: Run analyze
+      run: |
+        ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+  
+  runner-analyze-csharp-windows:
+    runs-on: windows-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Move codeql-action
+      shell: bash
+      run: |
+        mkdir ../action
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
+
+    - name: Build runner
+      run: |
+        cd ../action/runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Build code
+      shell: powershell
+      run: |
+        cat ./codeql-runner/codeql-env.sh | Invoke-Expression
+        dotnet build
+
+    - name: Run analyze
+      run: |
+        ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+
+  runner-analyze-csharp-macos:
+    runs-on: macos-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Move codeql-action
+      shell: bash
+      run: |
+        mkdir ../action
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
+
+    - name: Build runner
+      run: |
+        cd ../action/runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Build code
+      shell: bash
+      run: |
+        . ./codeql-runner/codeql-env.sh
+        dotnet build
+
+    - name: Run analyze
+      run: |
+        ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+
+  
+  runner-analyze-csharp-autobuild-ubuntu:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Move codeql-action
+      shell: bash
+      run: |
+        mkdir ../action
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
+
+    - name: Build runner
+      run: |
+        cd ../action/runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        ../action/runner/dist/codeql-runner-linux init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Build code
+      run: |
+        ../action/runner/dist/codeql-runner-linux autobuild
+
+    - name: Run analyze
+      run: |
+        ../action/runner/dist/codeql-runner-linux analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+  
+  runner-analyze-csharp-autobuild-windows:
+    runs-on: windows-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Move codeql-action
+      shell: bash
+      run: |
+        mkdir ../action
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
+
+    - name: Build runner
+      run: |
+        cd ../action/runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        ../action/runner/dist/codeql-runner-win.exe init --repository $Env:GITHUB_REPOSITORY --languages csharp --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Build code
+      shell: powershell
+      run: |
+        ../action/runner/dist/codeql-runner-win.exe autobuild
+
+    - name: Run analyze
+      run: |
+        ../action/runner/dist/codeql-runner-win.exe analyze --repository $Env:GITHUB_REPOSITORY --commit $Env:GITHUB_SHA --ref $Env:GITHUB_REF --github-url $Env:GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+
+  runner-analyze-csharp-autobuild-macos:
+    runs-on: macos-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Move codeql-action
+      shell: bash
+      run: |
+        mkdir ../action
+        mv * .github ../action/
+        mv ../action/tests/multi-language-repo/{*,.github} .
+
+    - name: Build runner
+      run: |
+        cd ../action/runner
+        npm install
+        npm run build-runner
+
+    - name: Run init
+      run: |
+        ../action/runner/dist/codeql-runner-macos init --repository $GITHUB_REPOSITORY --languages csharp --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+
+    - name: Build code
+      shell: bash
+      run: |
+        ../action/runner/dist/codeql-runner-macos autobuild
+
+    - name: Run analyze
+      run: |
+        ../action/runner/dist/codeql-runner-macos analyze --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}
+      env:
+        TEST_MODE: true
+
+  runner-upload-sarif:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Build runner
+      run: |
+        cd runner
+        npm install
+        npm run build-runner
+
+    - name: Upload with runner
+      run: |
+        # Deliberately don't use TEST_MODE here. This is specifically testing
+        # the compatibility with the API.
+        runner/dist/codeql-runner-linux upload --sarif-file src/testdata/empty-sarif.sarif --repository $GITHUB_REPOSITORY --commit $GITHUB_SHA --ref $GITHUB_REF --github-url $GITHUB_SERVER_URL --github-auth ${{ github.token }}

.github/workflows/pr-checks.yml

@@ -3,19 +3,19 @@ name: "PR checks"
 on: [push, pull_request]
 
 jobs:
-  tslint:
+  lint-js:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v1
-    - name: tslint
+    - uses: actions/checkout@v2
+    - name: Run Lint
       run: npm run-script lint
 
   check-js:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v2
     - name: Check generated JavaScript
       run: |
         # Sanity check that repo is clean to start with
@@ -24,6 +24,8 @@ jobs:
           >&2 echo "Failed: Repo should be clean before testing!"
           exit 1
         fi
+        # Wipe the lib directory incase there are extra unnecessary files in there
+        rm -rf lib
         # Generate the JavaScript files
         npm run-script build
         # Check that repo is still clean
@@ -39,7 +41,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v2
     - name: Check node modules up to date
       run: |
         # Sanity check that repo is clean to start with
@@ -48,7 +50,6 @@ jobs:
           >&2 echo "Failed: Repo should be clean before testing!"
           exit 1
         fi
-
         # Reinstall modules and then clean to remove absolute paths
         # Use 'npm ci' instead of 'npm install' as this is intended to be reproducible
         npm ci
@@ -61,11 +62,14 @@ jobs:
           exit 1
         fi
         echo "Success: node_modules are up to date"
-
+        
   npm-test:
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [ubuntu-latest,macos-latest]
+    runs-on: ${{ matrix.os }}
 
     steps:
-    - uses: actions/checkout@v1
+    - uses: actions/checkout@v2
     - name: npm run-script test
-      run: npm run-script test
+      run: npm run-script test

.github/workflows/update-release-branch.yml

@@ -7,6 +7,7 @@ on:
     # curl -H "Authorization: Bearer <token>" -X POST https://api.github.com/repos/github/codeql-action/dispatches -d '{"event_type":"update-release-branch"}'
     # Replace <token> with a personal access token from this page: https://github.com/settings/tokens
     types: [update-release-branch]
+  workflow_dispatch:
 
 jobs:
   update:

.gitignore

@@ -0,0 +1,2 @@
+/runner/dist/
+/runner/node_modules/

.vscode/launch.json

@@ -0,0 +1,25 @@
+{
+  // Use IntelliSense to learn about possible attributes.
+  // Hover to view descriptions of existing attributes.
+  // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+  "version": "0.2.0",
+  "configurations": [
+    {
+      "type": "node",
+      "request": "launch",
+      "name": "Debug AVA test file",
+      "runtimeExecutable": "${workspaceFolder}/node_modules/.bin/ava",
+      "runtimeArgs": [
+        "${file}",
+        "--break",
+        "--serial",
+        "--timeout=20m"
+      ],
+      "port": 9229,
+      "outputCapture": "std",
+      "skipFiles": [
+        "<node_internals>/**/*.js"
+      ]
+    }
+  ]
+}

CONTRIBUTING.md

@@ -1,4 +1,4 @@
-## Contributing
+# Contributing
 
 [fork]: https://github.com/github/codeql-action/fork
 [pr]: https://github.com/github/codeql-action/compare
@@ -10,13 +10,58 @@ Contributions to this project are [released](https://help.github.com/articles/gi
 
 Please note that this project is released with a [Contributor Code of Conduct][code-of-conduct]. By participating in this project you agree to abide by its terms.
 
+## Development and Testing
+
+Before you start, ensure that you have a recent version of node installed. You can see which version of node is used by the action in `init/action.yml`.
+
+### Common tasks
+
+* Transpile the TypeScript to JavaScript: `npm run build`.  Note that the JavaScript files are committed to git.
+* Run tests: `npm run test`.  You’ll need to ensure that the JavaScript files are up-to-date first by running the command above.
+* Run the linter: `npm run lint`.
+
+This project also includes configuration to run tests from VSCode (with support for breakpoints) - open the test file you wish to run and choose "Debug AVA test file" from the Run menu in the Run panel.
+
+### Running the action
+
+To see the effect of your changes and to test them, push your changes in a branch and then look at the [Actions output](https://github.com/github/codeql-action/actions) for that branch.  You can also exercise the code locally by running the automated tests.
+
+### Running the action locally
+
+It is possible to run this action locally via [act](https://github.com/nektos/act) via the following steps:
+
+1. Create a GitHub [Personal Access Token](https://github.com/settings/tokens) (PAT).
+1. Install [act](https://github.com/nektos/act) v0.2.10 or greater.
+1. Add a `.env` file in the root of the project you are running:
+
+  ```bash
+  CODEQL_LOCAL_RUN=true
+
+  # Optional, for better logging
+  GITHUB_JOB=<ANY_JOB_NAME>
+  ```
+
+1. Run `act -j codeql -s GITHUB_TOKEN=<PAT>`
+
+Running locally will generate the CodeQL database and run all the queries, but it will avoid uploading and reporting results to GitHub. Note that this must be done on a repository that _consumes_ this action, not this repository. The use case is to debug failures of this action on specific repositories.
+
+### Integration tests
+
+As well as the unit tests (see _Common tasks_ above), there are integration tests, defined in `.github/workflows/integration-testing.yml`.  These are run by a CI check.  Depending on the change you’re making, you may want to add a test to this file or extend an existing one.
+
+### Building the CodeQL runner
+
+Navigate to the `runner` directory and run `npm install` to install dependencies needed only for compiling the CodeQL runner. Run `npm run build-runner` to output files to the `runner/dist` directory.
+
 ## Submitting a pull request
 
 1. [Fork][fork] and clone the repository
 2. Create a new branch: `git checkout -b my-branch-name`
 3. Make your change, add tests, and make sure the tests still pass
 4. Push to your fork and [submit a pull request][pr]
-5. Pat your self on the back and wait for your pull request to be reviewed and merged.
+5. Pat yourself on the back and wait for your pull request to be reviewed and merged.
+
+If you're a GitHub staff member, you can merge your own PR once it's approved; for external contributors, GitHub staff will merge your PR once it's approved.
 
 Here are a few things you can do that will increase the likelihood of your pull request being accepted:
 

README.md

@@ -26,10 +26,6 @@ on:
 
 jobs:
   CodeQL-Build:
-
-    strategy:
-      fail-fast: false
-
     # CodeQL runs on ubuntu-latest, windows-latest, and macos-latest
     runs-on: ubuntu-latest
 
@@ -102,7 +98,23 @@ Use the `config-file` parameter of the `init` action to enable the configuration
     config-file: ./.github/codeql/codeql-config.yml
 ```
 
-The configuration file must be located within the local repository. For information on how to write a configuration file, see "[Using a custom configuration](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#using-a-custom-configuration)."
+The configuration file must be located within the local repository. For information on how to write a configuration file, see "[Using a custom configuration file](https://help.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#using-a-custom-configuration-file)."
+
+If you only want to customise the queries used, you can specify them in your workflow instead of creating a config file, using the `queries` property of the `init` action:
+
+```yaml
+- uses: github/codeql-action/init@v1
+  with:
+    queries: <local-or-remote-query>,<another-query>
+```
+
+By default, this will override any queries specified in a config file. If you wish to use both sets of queries, prefix the list of queries in the workflow with `+`:
+
+```yaml
+- uses: github/codeql-action/init@v1
+  with:
+    queries: +<local-or-remote-query>,<another-query>
+```
 
 ## Troubleshooting
 

analyze/action.yml

@@ -4,6 +4,7 @@ author: 'GitHub'
 inputs:
   check_name:
     description: The name of the check run to add text to.
+    required: false
   output:
     description: The path of the directory in which to save the SARIF results
     required: false
@@ -11,14 +12,25 @@ inputs:
   upload:
     description: Upload the SARIF file
     required: false
-    default: true
+    default: "true"
   ram:
     description: Override the amount of memory in MB to be used by CodeQL. By default, almost all the memory of the machine is used.
     required: false
+  add-snippets:
+    description: Specify whether or not to add code snippets to the output sarif file.
+    required: false
+    default: "true"
+  threads:
+    description: The number of threads to be used by CodeQL.
+    required: false
+  checkout_path:
+    description: "The path at which the analyzed repository was checked out. Used to relativeize any absolute paths in the uploaded SARIF file."
+    required: false
+    default: ${{ github.workspace }}
   token:
     default: ${{ github.token }}
   matrix:
     default: ${{ toJson(matrix) }}
 runs:
   using: 'node12'
-  main: '../lib/finalize-db.js'
+  main: '../lib/analyze-action.js'

autobuild/action.yml

@@ -8,4 +8,4 @@ inputs:
     default: ${{ toJson(matrix) }}
 runs:
   using: 'node12'
-  main: '../lib/autobuild.js'
+  main: '../lib/autobuild-action.js'

init/action.yml

@@ -5,7 +5,7 @@ inputs:
   tools:
     description: URL of CodeQL tools
     required: false
-    default: https://github.com/github/codeql-action/releases/download/codeql-bundle-20200601/codeql-bundle.tar.gz
+    # If not specified the Action will check in several places until it finds the CodeQL tools.
   languages:
     description: The languages to be analysed
     required: false
@@ -16,6 +16,9 @@ inputs:
   config-file:
     description: Path of the config file to use
     required: false
+  queries:
+    description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
+    required: false
 runs:
   using: 'node12'
-  main: '../lib/setup-tracer.js'
+  main: '../lib/init-action.js'

lib/analysis-paths.js

@@ -1,27 +1,51 @@
 "use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
-function includeAndExcludeAnalysisPaths(config, languages) {
+function isInterpretedLanguage(language) {
+    return language === "javascript" || language === "python";
+}
+// Matches a string containing only characters that are legal to include in paths on windows.
+exports.legalWindowsPathCharactersRegex = /^[^<>:"\|?]*$/;
+// Builds an environment variable suitable for LGTM_INDEX_INCLUDE or LGTM_INDEX_EXCLUDE
+function buildIncludeExcludeEnvVar(paths) {
+    // Ignore anything containing a *
+    paths = paths.filter((p) => p.indexOf("*") === -1);
+    // Some characters are illegal in path names in windows
+    if (process.platform === "win32") {
+        paths = paths.filter((p) => p.match(exports.legalWindowsPathCharactersRegex));
+    }
+    return paths.join("\n");
+}
+function printPathFiltersWarning(config, logger) {
+    // Index include/exclude/filters only work in javascript and python.
+    // If any other languages are detected/configured then show a warning.
+    if ((config.paths.length !== 0 || config.pathsIgnore.length !== 0) &&
+        !config.languages.every(isInterpretedLanguage)) {
+        logger.warning('The "paths"/"paths-ignore" fields of the config only have effect for Javascript and Python');
+    }
+}
+exports.printPathFiltersWarning = printPathFiltersWarning;
+function includeAndExcludeAnalysisPaths(config) {
+    // The 'LGTM_INDEX_INCLUDE' and 'LGTM_INDEX_EXCLUDE' environment variables
+    // control which files/directories are traversed when scanning.
+    // This allows including files that otherwise would not be scanned, or
+    // excluding and not traversing entire file subtrees.
+    // It does not understand globs or double-globs because that would require it to
+    // traverse the entire file tree to determine which files are matched.
+    // Any paths containing "*" are not included in these.
     if (config.paths.length !== 0) {
-        core.exportVariable('LGTM_INDEX_INCLUDE', config.paths.join('\n'));
+        process.env["LGTM_INDEX_INCLUDE"] = buildIncludeExcludeEnvVar(config.paths);
     }
     if (config.pathsIgnore.length !== 0) {
-        core.exportVariable('LGTM_INDEX_EXCLUDE', config.pathsIgnore.join('\n'));
+        process.env["LGTM_INDEX_EXCLUDE"] = buildIncludeExcludeEnvVar(config.pathsIgnore);
     }
-    function isInterpretedLanguage(language) {
-        return language === 'javascript' || language === 'python';
-    }
-    // Index include/exclude only work in javascript and python
-    // If some other language is detected/configured show a warning
-    if ((config.paths.length !== 0 || config.pathsIgnore.length !== 0) && !languages.every(isInterpretedLanguage)) {
-        core.warning('The "paths"/"paths-ignore" fields of the config only have effect for Javascript and Python');
+    // The 'LGTM_INDEX_FILTERS' environment variable controls which files are
+    // extracted or ignored. It does not control which directories are traversed.
+    // This does understand the glob and double-glob syntax.
+    const filters = [];
+    filters.push(...config.paths.map((p) => `include:${p}`));
+    filters.push(...config.pathsIgnore.map((p) => `exclude:${p}`));
+    if (filters.length !== 0) {
+        process.env["LGTM_INDEX_FILTERS"] = filters.join("\n");
     }
 }
 exports.includeAndExcludeAnalysisPaths = includeAndExcludeAnalysisPaths;

lib/analysis-paths.js.map

@@ -1 +1 @@
-{"version":3,"file":"analysis-paths.js","sourceRoot":"","sources":["../src/analysis-paths.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAItC,SAAgB,8BAA8B,CAAC,MAA0B,EAAE,SAAmB;IAC1F,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAC3B,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;KACtE;IAED,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;QACjC,IAAI,CAAC,cAAc,CAAC,oBAAoB,EAAE,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;KAC5E;IAED,SAAS,qBAAqB,CAAC,QAAQ;QACnC,OAAO,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,QAAQ,CAAC;IAC9D,CAAC;IAED,2DAA2D;IAC3D,+DAA+D;IAC/D,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAAE;QAC3G,IAAI,CAAC,OAAO,CAAC,4FAA4F,CAAC,CAAC;KAC9G;AACL,CAAC;AAlBD,wEAkBC"}
+{"version":3,"file":"analysis-paths.js","sourceRoot":"","sources":["../src/analysis-paths.ts"],"names":[],"mappings":";;AAGA,SAAS,qBAAqB,CAAC,QAAQ;IACrC,OAAO,QAAQ,KAAK,YAAY,IAAI,QAAQ,KAAK,QAAQ,CAAC;AAC5D,CAAC;AAED,6FAA6F;AAChF,QAAA,+BAA+B,GAAG,eAAe,CAAC;AAE/D,uFAAuF;AACvF,SAAS,yBAAyB,CAAC,KAAe;IAChD,iCAAiC;IACjC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAEnD,uDAAuD;IACvD,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QAChC,KAAK,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,KAAK,CAAC,uCAA+B,CAAC,CAAC,CAAC;KACvE;IAED,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,SAAgB,uBAAuB,CACrC,MAA0B,EAC1B,MAAc;IAEd,oEAAoE;IACpE,sEAAsE;IACtE,IACE,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,CAAC;QAC9D,CAAC,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,qBAAqB,CAAC,EAC9C;QACA,MAAM,CAAC,OAAO,CACZ,4FAA4F,CAC7F,CAAC;KACH;AACH,CAAC;AAdD,0DAcC;AAED,SAAgB,8BAA8B,CAAC,MAA0B;IACvE,0EAA0E;IAC1E,+DAA+D;IAC/D,sEAAsE;IACtE,qDAAqD;IACrD,gFAAgF;IAChF,sEAAsE;IACtE,sDAAsD;IACtD,IAAI,MAAM,CAAC,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QAC7B,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;KAC7E;IACD,IAAI,MAAM,CAAC,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;QACnC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,yBAAyB,CAC3D,MAAM,CAAC,WAAW,CACnB,CAAC;KACH;IAED,yEAAyE;IACzE,6EAA6E;IAC7E,wDAAwD;IACxD,MAAM,OAAO,GAAa,EAAE,CAAC;IAC7B,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,OAAO,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;IAC/D,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;QACxB,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,GAAG,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;KACxD;AACH,CAAC;AA1BD,wEA0BC"}

lib/analysis-paths.test.js

@@ -12,21 +12,43 @@ var __importStar = (this && this.__importStar) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 const ava_1 = __importDefault(require("ava"));
 const analysisPaths = __importStar(require("./analysis-paths"));
-const configUtils = __importStar(require("./config-utils"));
 const testing_utils_1 = require("./testing-utils");
-testing_utils_1.silenceDebugOutput(ava_1.default);
+const util = __importStar(require("./util"));
+testing_utils_1.setupTests(ava_1.default);
 ava_1.default("emptyPaths", async (t) => {
-    let config = new configUtils.Config();
-    analysisPaths.includeAndExcludeAnalysisPaths(config, []);
-    t.is(process.env['LGTM_INDEX_INCLUDE'], undefined);
-    t.is(process.env['LGTM_INDEX_EXCLUDE'], undefined);
+    return await util.withTmpDir(async (tmpDir) => {
+        const config = {
+            languages: [],
+            queries: {},
+            pathsIgnore: [],
+            paths: [],
+            originalUserInput: {},
+            tempDir: tmpDir,
+            toolCacheDir: tmpDir,
+            codeQLCmd: "",
+        };
+        analysisPaths.includeAndExcludeAnalysisPaths(config);
+        t.is(process.env["LGTM_INDEX_INCLUDE"], undefined);
+        t.is(process.env["LGTM_INDEX_EXCLUDE"], undefined);
+        t.is(process.env["LGTM_INDEX_FILTERS"], undefined);
+    });
 });
 ava_1.default("nonEmptyPaths", async (t) => {
-    let config = new configUtils.Config();
-    config.paths.push('path1', 'path2');
-    config.pathsIgnore.push('path3', 'path4');
-    analysisPaths.includeAndExcludeAnalysisPaths(config, []);
-    t.is(process.env['LGTM_INDEX_INCLUDE'], 'path1\npath2');
-    t.is(process.env['LGTM_INDEX_EXCLUDE'], 'path3\npath4');
+    return await util.withTmpDir(async (tmpDir) => {
+        const config = {
+            languages: [],
+            queries: {},
+            paths: ["path1", "path2", "**/path3"],
+            pathsIgnore: ["path4", "path5", "path6/**"],
+            originalUserInput: {},
+            tempDir: tmpDir,
+            toolCacheDir: tmpDir,
+            codeQLCmd: "",
+        };
+        analysisPaths.includeAndExcludeAnalysisPaths(config);
+        t.is(process.env["LGTM_INDEX_INCLUDE"], "path1\npath2");
+        t.is(process.env["LGTM_INDEX_EXCLUDE"], "path4\npath5");
+        t.is(process.env["LGTM_INDEX_FILTERS"], "include:path1\ninclude:path2\ninclude:**/path3\nexclude:path4\nexclude:path5\nexclude:path6/**");
+    });
 });
 //# sourceMappingURL=analysis-paths.test.js.map

lib/analysis-paths.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,gEAAkD;AAClD,4DAA8C;AAC9C,mDAAmD;AAEnD,kCAAkB,CAAC,aAAI,CAAC,CAAC;AAEzB,aAAI,CAAC,YAAY,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IACzB,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,aAAa,CAAC,8BAA8B,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,eAAe,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAC5B,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IACpC,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;IAC1C,aAAa,CAAC,8BAA8B,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC;IACzD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;IACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;AAC5D,CAAC,CAAC,CAAC"}
+{"version":3,"file":"analysis-paths.test.js","sourceRoot":"","sources":["../src/analysis-paths.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,gEAAkD;AAClD,mDAA6C;AAC7C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,YAAY,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC7B,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,WAAW,EAAE,EAAE;YACf,KAAK,EAAE,EAAE;YACT,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;SACd,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;QACnD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,SAAS,CAAC,CAAC;IACrD,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAChC,OAAO,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QAC5C,MAAM,MAAM,GAAG;YACb,SAAS,EAAE,EAAE;YACb,OAAO,EAAE,EAAE;YACX,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YACrC,WAAW,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,UAAU,CAAC;YAC3C,iBAAiB,EAAE,EAAE;YACrB,OAAO,EAAE,MAAM;YACf,YAAY,EAAE,MAAM;YACpB,SAAS,EAAE,EAAE;SACd,CAAC;QACF,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;QACrD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CAAC,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EAAE,cAAc,CAAC,CAAC;QACxD,CAAC,CAAC,EAAE,CACF,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC,EACjC,gGAAgG,CACjG,CAAC;IACJ,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/analyze-action.js

@@ -0,0 +1,55 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core = __importStar(require("@actions/core"));
+const analyze_1 = require("./analyze");
+const config_utils_1 = require("./config-utils");
+const logging_1 = require("./logging");
+const repository_1 = require("./repository");
+const util = __importStar(require("./util"));
+async function sendStatusReport(startedAt, stats, error) {
+    var _a, _b, _c;
+    const status = ((_a = stats) === null || _a === void 0 ? void 0 : _a.analyze_failure_language) !== undefined || error !== undefined
+        ? "failure"
+        : "success";
+    const statusReportBase = await util.createStatusReportBase("finish", status, startedAt, (_b = error) === null || _b === void 0 ? void 0 : _b.message, (_c = error) === null || _c === void 0 ? void 0 : _c.stack);
+    const statusReport = {
+        ...statusReportBase,
+        ...(stats || {}),
+    };
+    await util.sendStatusReport(statusReport);
+}
+async function run() {
+    const startedAt = new Date();
+    let stats = undefined;
+    try {
+        util.prepareLocalRunEnvironment();
+        if (!(await util.sendStatusReport(await util.createStatusReportBase("finish", "starting", startedAt), true))) {
+            return;
+        }
+        const logger = logging_1.getActionsLogger();
+        const config = await config_utils_1.getConfig(util.getRequiredEnvParam("RUNNER_TEMP"), logger);
+        if (config === undefined) {
+            throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");
+        }
+        stats = await analyze_1.runAnalyze(repository_1.parseRepositoryNwo(util.getRequiredEnvParam("GITHUB_REPOSITORY")), await util.getCommitOid(), util.getRef(), await util.getAnalysisKey(), util.getRequiredEnvParam("GITHUB_WORKFLOW"), util.getWorkflowRunID(), util.getRequiredInput("checkout_path"), util.getOptionalInput("matrix"), util.getRequiredInput("token"), util.getRequiredEnvParam("GITHUB_SERVER_URL"), util.getOptionalInput("upload") === "true", "actions", util.getRequiredInput("output"), util.getMemoryFlag(util.getOptionalInput("ram")), util.getAddSnippetsFlag(util.getOptionalInput("add-snippets")), util.getThreadsFlag(util.getOptionalInput("threads"), logger), config, logger);
+    }
+    catch (error) {
+        core.setFailed(error.message);
+        console.log(error);
+        await sendStatusReport(startedAt, stats, error);
+        return;
+    }
+    await sendStatusReport(startedAt, stats);
+}
+run().catch((e) => {
+    core.setFailed(`analyze action failed: ${e}`);
+    console.log(e);
+});
+//# sourceMappingURL=analyze-action.js.map

lib/analyze-action.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyze-action.js","sourceRoot":"","sources":["../src/analyze-action.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAEtC,uCAA6D;AAC7D,iDAA2C;AAC3C,uCAA6C;AAC7C,6CAAkD;AAClD,6CAA+B;AAM/B,KAAK,UAAU,gBAAgB,CAC7B,SAAe,EACf,KAAuC,EACvC,KAAa;;IAEb,MAAM,MAAM,GACV,OAAA,KAAK,0CAAE,wBAAwB,MAAK,SAAS,IAAI,KAAK,KAAK,SAAS;QAClE,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CACxD,QAAQ,EACR,MAAM,EACN,SAAS,QACT,KAAK,0CAAE,OAAO,QACd,KAAK,0CAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAAuB;QACvC,GAAG,gBAAgB;QACnB,GAAG,CAAC,KAAK,IAAI,EAAE,CAAC;KACjB,CAAC;IACF,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAC5C,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,KAAK,GAAqC,SAAS,CAAC;IACxD,IAAI;QACF,IAAI,CAAC,0BAA0B,EAAE,CAAC;QAClC,IACE,CAAC,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAC3B,MAAM,IAAI,CAAC,sBAAsB,CAAC,QAAQ,EAAE,UAAU,EAAE,SAAS,CAAC,EAClE,IAAI,CACL,CAAC,EACF;YACA,OAAO;SACR;QACD,MAAM,MAAM,GAAG,0BAAgB,EAAE,CAAC;QAClC,MAAM,MAAM,GAAG,MAAM,wBAAS,CAC5B,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,EACvC,MAAM,CACP,CAAC;QACF,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QACD,KAAK,GAAG,MAAM,oBAAU,CACtB,+BAAkB,CAAC,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,CAAC,EACjE,MAAM,IAAI,CAAC,YAAY,EAAE,EACzB,IAAI,CAAC,MAAM,EAAE,EACb,MAAM,IAAI,CAAC,cAAc,EAAE,EAC3B,IAAI,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,EAC3C,IAAI,CAAC,gBAAgB,EAAE,EACvB,IAAI,CAAC,gBAAgB,CAAC,eAAe,CAAC,EACtC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAC/B,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAC9B,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,EAC7C,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,KAAK,MAAM,EAC1C,SAAS,EACT,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAC/B,IAAI,CAAC,aAAa,CAAC,IAAI,CAAC,gBAAgB,CAAC,KAAK,CAAC,CAAC,EAChD,IAAI,CAAC,kBAAkB,CAAC,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAC,CAAC,EAC9D,IAAI,CAAC,cAAc,CAAC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,EAAE,MAAM,CAAC,EAC7D,MAAM,EACN,MAAM,CACP,CAAC;KACH;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,gBAAgB,CAAC,SAAS,EAAE,KAAK,EAAE,KAAK,CAAC,CAAC;QAChD,OAAO;KACR;IAED,MAAM,gBAAgB,CAAC,SAAS,EAAE,KAAK,CAAC,CAAC;AAC3C,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IAChB,IAAI,CAAC,SAAS,CAAC,0BAA0B,CAAC,EAAE,CAAC,CAAC;IAC9C,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}

lib/analyze.js

@@ -0,0 +1,87 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const analysisPaths = __importStar(require("./analysis-paths"));
+const codeql_1 = require("./codeql");
+const languages_1 = require("./languages");
+const sharedEnv = __importStar(require("./shared-environment"));
+const upload_lib = __importStar(require("./upload-lib"));
+const util = __importStar(require("./util"));
+async function createdDBForScannedLanguages(config, logger) {
+    // Insert the LGTM_INDEX_X env vars at this point so they are set when
+    // we extract any scanned languages.
+    analysisPaths.includeAndExcludeAnalysisPaths(config);
+    const codeql = codeql_1.getCodeQL(config.codeQLCmd);
+    for (const language of config.languages) {
+        if (languages_1.isScannedLanguage(language)) {
+            logger.startGroup(`Extracting ${language}`);
+            await codeql.extractScannedLanguage(util.getCodeQLDatabasePath(config.tempDir, language), language);
+            logger.endGroup();
+        }
+    }
+}
+async function finalizeDatabaseCreation(config, logger) {
+    await createdDBForScannedLanguages(config, logger);
+    const codeql = codeql_1.getCodeQL(config.codeQLCmd);
+    for (const language of config.languages) {
+        logger.startGroup(`Finalizing ${language}`);
+        await codeql.finalizeDatabase(util.getCodeQLDatabasePath(config.tempDir, language));
+        logger.endGroup();
+    }
+}
+// Runs queries and creates sarif files in the given folder
+async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, config, logger) {
+    const codeql = codeql_1.getCodeQL(config.codeQLCmd);
+    for (const language of config.languages) {
+        logger.startGroup(`Analyzing ${language}`);
+        const queries = config.queries[language] || [];
+        if (queries.length === 0) {
+            throw new Error(`Unable to analyse ${language} as no queries were selected for this language`);
+        }
+        try {
+            const databasePath = util.getCodeQLDatabasePath(config.tempDir, language);
+            // Pass the queries to codeql using a file instead of using the command
+            // line to avoid command line length restrictions, particularly on windows.
+            const querySuite = `${databasePath}-queries.qls`;
+            const querySuiteContents = queries.map((q) => `- query: ${q}`).join("\n");
+            fs.writeFileSync(querySuite, querySuiteContents);
+            logger.debug(`Query suite file for ${language}...\n${querySuiteContents}`);
+            const sarifFile = path.join(sarifFolder, `${language}.sarif`);
+            await codeql.databaseAnalyze(databasePath, sarifFile, querySuite, memoryFlag, addSnippetsFlag, threadsFlag);
+            logger.debug(`SARIF results for database ${language} created at "${sarifFile}"`);
+            logger.endGroup();
+        }
+        catch (e) {
+            // For now the fields about query performance are not populated
+            return {
+                analyze_failure_language: language,
+            };
+        }
+    }
+    return {};
+}
+async function runAnalyze(repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, githubAuth, githubUrl, doUpload, mode, outputDir, memoryFlag, addSnippetsFlag, threadsFlag, config, logger) {
+    // Delete the tracer config env var to avoid tracing ourselves
+    delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
+    fs.mkdirSync(outputDir, { recursive: true });
+    logger.info("Finalizing database creation");
+    await finalizeDatabaseCreation(config, logger);
+    logger.info("Analyzing database");
+    const queriesStats = await runQueries(outputDir, memoryFlag, addSnippetsFlag, threadsFlag, config, logger);
+    if (!doUpload) {
+        logger.info("Not uploading results");
+        return { ...queriesStats };
+    }
+    const uploadStats = await upload_lib.upload(outputDir, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, githubAuth, githubUrl, mode, logger);
+    return { ...queriesStats, ...uploadStats };
+}
+exports.runAnalyze = runAnalyze;
+//# sourceMappingURL=analyze.js.map

lib/analyze.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"analyze.js","sourceRoot":"","sources":["../src/analyze.ts"],"names":[],"mappings":";;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAE7B,gEAAkD;AAClD,qCAAqC;AAErC,2CAAgD;AAGhD,gEAAkD;AAClD,yDAA2C;AAC3C,6CAA+B;AAmC/B,KAAK,UAAU,4BAA4B,CACzC,MAA0B,EAC1B,MAAc;IAEd,sEAAsE;IACtE,oCAAoC;IACpC,aAAa,CAAC,8BAA8B,CAAC,MAAM,CAAC,CAAC;IAErD,MAAM,MAAM,GAAG,kBAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC3C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,IAAI,6BAAiB,CAAC,QAAQ,CAAC,EAAE;YAC/B,MAAM,CAAC,UAAU,CAAC,cAAc,QAAQ,EAAE,CAAC,CAAC;YAC5C,MAAM,MAAM,CAAC,sBAAsB,CACjC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,EACpD,QAAQ,CACT,CAAC;YACF,MAAM,CAAC,QAAQ,EAAE,CAAC;SACnB;KACF;AACH,CAAC;AAED,KAAK,UAAU,wBAAwB,CACrC,MAA0B,EAC1B,MAAc;IAEd,MAAM,4BAA4B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAEnD,MAAM,MAAM,GAAG,kBAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC3C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,MAAM,CAAC,UAAU,CAAC,cAAc,QAAQ,EAAE,CAAC,CAAC;QAC5C,MAAM,MAAM,CAAC,gBAAgB,CAC3B,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CACrD,CAAC;QACF,MAAM,CAAC,QAAQ,EAAE,CAAC;KACnB;AACH,CAAC;AAED,2DAA2D;AAC3D,KAAK,UAAU,UAAU,CACvB,WAAmB,EACnB,UAAkB,EAClB,eAAuB,EACvB,WAAmB,EACnB,MAA0B,EAC1B,MAAc;IAEd,MAAM,MAAM,GAAG,kBAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC3C,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,MAAM,CAAC,UAAU,CAAC,aAAa,QAAQ,EAAE,CAAC,CAAC;QAE3C,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;QAC/C,IAAI,OAAO,CAAC,MAAM,KAAK,CAAC,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,qBAAqB,QAAQ,gDAAgD,CAC9E,CAAC;SACH;QAED,IAAI;YACF,MAAM,YAAY,GAAG,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;YAC1E,uEAAuE;YACvE,2EAA2E;YAC3E,MAAM,UAAU,GAAG,GAAG,YAAY,cAAc,CAAC;YACjD,MAAM,kBAAkB,GAAG,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,YAAY,CAAC,EAAE,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;YAC1E,EAAE,CAAC,aAAa,CAAC,UAAU,EAAE,kBAAkB,CAAC,CAAC;YACjD,MAAM,CAAC,KAAK,CACV,wBAAwB,QAAQ,QAAQ,kBAAkB,EAAE,CAC7D,CAAC;YAEF,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,QAAQ,QAAQ,CAAC,CAAC;YAE9D,MAAM,MAAM,CAAC,eAAe,CAC1B,YAAY,EACZ,SAAS,EACT,UAAU,EACV,UAAU,EACV,eAAe,EACf,WAAW,CACZ,CAAC;YAEF,MAAM,CAAC,KAAK,CACV,8BAA8B,QAAQ,gBAAgB,SAAS,GAAG,CACnE,CAAC;YACF,MAAM,CAAC,QAAQ,EAAE,CAAC;SACnB;QAAC,OAAO,CAAC,EAAE;YACV,+DAA+D;YAC/D,OAAO;gBACL,wBAAwB,EAAE,QAAQ;aACnC,CAAC;SACH;KACF;IAED,OAAO,EAAE,CAAC;AACZ,CAAC;AAEM,KAAK,UAAU,UAAU,CAC9B,aAA4B,EAC5B,SAAiB,EACjB,GAAW,EACX,WAA+B,EAC/B,YAAgC,EAChC,aAAiC,EACjC,YAAoB,EACpB,WAA+B,EAC/B,UAAkB,EAClB,SAAiB,EACjB,QAAiB,EACjB,IAAe,EACf,SAAiB,EACjB,UAAkB,EAClB,eAAuB,EACvB,WAAmB,EACnB,MAA0B,EAC1B,MAAc;IAEd,8DAA8D;IAC9D,OAAO,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,0BAA0B,CAAC,CAAC;IAEzD,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE7C,MAAM,CAAC,IAAI,CAAC,8BAA8B,CAAC,CAAC;IAC5C,MAAM,wBAAwB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAE/C,MAAM,CAAC,IAAI,CAAC,oBAAoB,CAAC,CAAC;IAClC,MAAM,YAAY,GAAG,MAAM,UAAU,CACnC,SAAS,EACT,UAAU,EACV,eAAe,EACf,WAAW,EACX,MAAM,EACN,MAAM,CACP,CAAC;IAEF,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC;QACrC,OAAO,EAAE,GAAG,YAAY,EAAE,CAAC;KAC5B;IAED,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,MAAM,CACzC,SAAS,EACT,aAAa,EACb,SAAS,EACT,GAAG,EACH,WAAW,EACX,YAAY,EACZ,aAAa,EACb,YAAY,EACZ,WAAW,EACX,UAAU,EACV,SAAS,EACT,IAAI,EACJ,MAAM,CACP,CAAC;IAEF,OAAO,EAAE,GAAG,YAAY,EAAE,GAAG,WAAW,EAAE,CAAC;AAC7C,CAAC;AA5DD,gCA4DC"}

lib/api-client.js

@@ -0,0 +1,47 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core = __importStar(require("@actions/core"));
+const github = __importStar(require("@actions/github"));
+const console_log_level_1 = __importDefault(require("console-log-level"));
+const path = __importStar(require("path"));
+const util_1 = require("./util");
+exports.getApiClient = function (githubAuth, githubUrl, allowLocalRun = false) {
+    if (util_1.isLocalRun() && !allowLocalRun) {
+        throw new Error("Invalid API call in local run");
+    }
+    return new github.GitHub({
+        auth: githubAuth,
+        baseUrl: getApiUrl(githubUrl),
+        userAgent: "CodeQL Action",
+        log: console_log_level_1.default({ level: "debug" }),
+    });
+};
+function getApiUrl(githubUrl) {
+    const url = new URL(githubUrl);
+    // If we detect this is trying to be to github.com
+    // then return with a fixed canonical URL.
+    if (url.hostname === "github.com" || url.hostname === "api.github.com") {
+        return "https://api.github.com";
+    }
+    // Add the /api/v3 API prefix
+    url.pathname = path.join(url.pathname, "api", "v3");
+    return url.toString();
+}
+// Temporary function to aid in the transition to running on and off of github actions.
+// Once all code has been coverted this function should be removed or made canonical
+// and called only from the action entrypoints.
+function getActionsApiClient(allowLocalRun = false) {
+    return exports.getApiClient(core.getInput("token", { required: true }), util_1.getRequiredEnvParam("GITHUB_SERVER_URL"), allowLocalRun);
+}
+exports.getActionsApiClient = getActionsApiClient;
+//# sourceMappingURL=api-client.js.map

lib/api-client.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-client.js","sourceRoot":"","sources":["../src/api-client.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAAsC;AACtC,wDAA0C;AAC1C,0EAAgD;AAChD,2CAA6B;AAE7B,iCAAyD;AAE5C,QAAA,YAAY,GAAG,UAC1B,UAAkB,EAClB,SAAiB,EACjB,aAAa,GAAG,KAAK;IAErB,IAAI,iBAAU,EAAE,IAAI,CAAC,aAAa,EAAE;QAClC,MAAM,IAAI,KAAK,CAAC,+BAA+B,CAAC,CAAC;KAClD;IACD,OAAO,IAAI,MAAM,CAAC,MAAM,CAAC;QACvB,IAAI,EAAE,UAAU;QAChB,OAAO,EAAE,SAAS,CAAC,SAAS,CAAC;QAC7B,SAAS,EAAE,eAAe;QAC1B,GAAG,EAAE,2BAAe,CAAC,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;KACzC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,SAAS,SAAS,CAAC,SAAiB;IAClC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,SAAS,CAAC,CAAC;IAE/B,kDAAkD;IAClD,0CAA0C;IAC1C,IAAI,GAAG,CAAC,QAAQ,KAAK,YAAY,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE;QACtE,OAAO,wBAAwB,CAAC;KACjC;IAED,6BAA6B;IAC7B,GAAG,CAAC,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,IAAI,CAAC,CAAC;IACpD,OAAO,GAAG,CAAC,QAAQ,EAAE,CAAC;AACxB,CAAC;AAED,uFAAuF;AACvF,oFAAoF;AACpF,+CAA+C;AAC/C,SAAgB,mBAAmB,CAAC,aAAa,GAAG,KAAK;IACvD,OAAO,oBAAY,CACjB,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,EAC1C,0BAAmB,CAAC,mBAAmB,CAAC,EACxC,aAAa,CACd,CAAC;AACJ,CAAC;AAND,kDAMC"}

lib/autobuild-action.js

@@ -0,0 +1,58 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core = __importStar(require("@actions/core"));
+const autobuild_1 = require("./autobuild");
+const config_utils = __importStar(require("./config-utils"));
+const logging_1 = require("./logging");
+const util = __importStar(require("./util"));
+async function sendCompletedStatusReport(startedAt, allLanguages, failingLanguage, cause) {
+    var _a, _b;
+    const status = failingLanguage !== undefined || cause !== undefined
+        ? "failure"
+        : "success";
+    const statusReportBase = await util.createStatusReportBase("autobuild", status, startedAt, (_a = cause) === null || _a === void 0 ? void 0 : _a.message, (_b = cause) === null || _b === void 0 ? void 0 : _b.stack);
+    const statusReport = {
+        ...statusReportBase,
+        autobuild_languages: allLanguages.join(","),
+        autobuild_failure: failingLanguage,
+    };
+    await util.sendStatusReport(statusReport);
+}
+async function run() {
+    const logger = logging_1.getActionsLogger();
+    const startedAt = new Date();
+    let language = undefined;
+    try {
+        util.prepareLocalRunEnvironment();
+        if (!(await util.sendStatusReport(await util.createStatusReportBase("autobuild", "starting", startedAt), true))) {
+            return;
+        }
+        const config = await config_utils.getConfig(util.getRequiredEnvParam("RUNNER_TEMP"), logger);
+        if (config === undefined) {
+            throw new Error("Config file could not be found at expected location. Has the 'init' action been called?");
+        }
+        language = autobuild_1.determineAutobuildLanguage(config, logger);
+        if (language !== undefined) {
+            await autobuild_1.runAutobuild(language, config, logger);
+        }
+    }
+    catch (error) {
+        core.setFailed(`We were unable to automatically build your code. Please replace the call to the autobuild action with your custom build steps.  ${error.message}`);
+        console.log(error);
+        await sendCompletedStatusReport(startedAt, language ? [language] : [], language, error);
+        return;
+    }
+    await sendCompletedStatusReport(startedAt, language ? [language] : []);
+}
+run().catch((e) => {
+    core.setFailed(`autobuild action failed.  ${e}`);
+    console.log(e);
+});
+//# sourceMappingURL=autobuild-action.js.map

lib/autobuild-action.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"autobuild-action.js","sourceRoot":"","sources":["../src/autobuild-action.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAEtC,2CAAuE;AACvE,6DAA+C;AAE/C,uCAA6C;AAC7C,6CAA+B;AAS/B,KAAK,UAAU,yBAAyB,CACtC,SAAe,EACf,YAAsB,EACtB,eAAwB,EACxB,KAAa;;IAEb,MAAM,MAAM,GACV,eAAe,KAAK,SAAS,IAAI,KAAK,KAAK,SAAS;QAClD,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,SAAS,CAAC;IAChB,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CACxD,WAAW,EACX,MAAM,EACN,SAAS,QACT,KAAK,0CAAE,OAAO,QACd,KAAK,0CAAE,KAAK,CACb,CAAC;IACF,MAAM,YAAY,GAA0B;QAC1C,GAAG,gBAAgB;QACnB,mBAAmB,EAAE,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC;QAC3C,iBAAiB,EAAE,eAAe;KACnC,CAAC;IACF,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAC5C,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,MAAM,GAAG,0BAAgB,EAAE,CAAC;IAClC,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IAAI,QAAQ,GAAyB,SAAS,CAAC;IAC/C,IAAI;QACF,IAAI,CAAC,0BAA0B,EAAE,CAAC;QAClC,IACE,CAAC,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAC3B,MAAM,IAAI,CAAC,sBAAsB,CAAC,WAAW,EAAE,UAAU,EAAE,SAAS,CAAC,EACrE,IAAI,CACL,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,MAAM,GAAG,MAAM,YAAY,CAAC,SAAS,CACzC,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,EACvC,MAAM,CACP,CAAC;QACF,IAAI,MAAM,KAAK,SAAS,EAAE;YACxB,MAAM,IAAI,KAAK,CACb,yFAAyF,CAC1F,CAAC;SACH;QACD,QAAQ,GAAG,sCAA0B,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACtD,IAAI,QAAQ,KAAK,SAAS,EAAE;YAC1B,MAAM,wBAAY,CAAC,QAAQ,EAAE,MAAM,EAAE,MAAM,CAAC,CAAC;SAC9C;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CACZ,mIAAmI,KAAK,CAAC,OAAO,EAAE,CACnJ,CAAC;QACF,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,yBAAyB,CAC7B,SAAS,EACT,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,EAC1B,QAAQ,EACR,KAAK,CACN,CAAC;QACF,OAAO;KACR;IAED,MAAM,yBAAyB,CAAC,SAAS,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;AACzE,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IAChB,IAAI,CAAC,SAAS,CAAC,6BAA6B,CAAC,EAAE,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}

lib/autobuild.js

@@ -1,61 +1,32 @@
 "use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
 Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
-const exec = __importStar(require("@actions/exec"));
-const path = __importStar(require("path"));
-const sharedEnv = __importStar(require("./shared-environment"));
-const util = __importStar(require("./util"));
-async function run() {
-    var _a;
-    try {
-        if (util.should_abort('autobuild', true) || !await util.reportActionStarting('autobuild')) {
-            return;
-        }
-        // Attempt to find a language to autobuild
-        // We want pick the dominant language in the repo from the ones we're able to build
-        // The languages are sorted in order specified by user or by lines of code if we got
-        // them from the GitHub API, so try to build the first language on the list.
-        const autobuildLanguages = ((_a = process.env[sharedEnv.CODEQL_ACTION_TRACED_LANGUAGES]) === null || _a === void 0 ? void 0 : _a.split(',')) || [];
-        const language = autobuildLanguages[0];
-        if (!language) {
-            core.info("None of the languages in this project require extra build steps");
-            return;
-        }
-        core.debug(`Detected dominant traced language: ${language}`);
-        if (autobuildLanguages.length > 1) {
-            core.warning(`We will only automatically build ${language} code. If you wish to scan ${autobuildLanguages.slice(1).join(' and ')}, you must replace this block with custom build steps.`);
-        }
-        core.startGroup(`Attempting to automatically build ${language} code`);
-        // TODO: share config accross actions better via env variables
-        const codeqlCmd = util.getRequiredEnvParam(sharedEnv.CODEQL_ACTION_CMD);
-        const cmdName = process.platform === 'win32' ? 'autobuild.cmd' : 'autobuild.sh';
-        const autobuildCmd = path.join(path.dirname(codeqlCmd), language, 'tools', cmdName);
-        // Update JAVA_TOOL_OPTIONS to contain '-Dhttp.keepAlive=false'
-        // This is because of an issue with Azure pipelines timing out connections after 4 minutes
-        // and Maven not properly handling closed connections
-        // Otherwise long build processes will timeout when pulling down Java packages
-        // https://developercommunity.visualstudio.com/content/problem/292284/maven-hosted-agent-connection-timeout.html
-        let javaToolOptions = process.env['JAVA_TOOL_OPTIONS'] || "";
-        process.env['JAVA_TOOL_OPTIONS'] = [...javaToolOptions.split(/\s+/), '-Dhttp.keepAlive=false', '-Dmaven.wagon.http.pool=false'].join(' ');
-        await exec.exec(autobuildCmd);
-        core.endGroup();
+const codeql_1 = require("./codeql");
+const languages_1 = require("./languages");
+function determineAutobuildLanguage(config, logger) {
+    // Attempt to find a language to autobuild
+    // We want pick the dominant language in the repo from the ones we're able to build
+    // The languages are sorted in order specified by user or by lines of code if we got
+    // them from the GitHub API, so try to build the first language on the list.
+    const autobuildLanguages = config.languages.filter(languages_1.isTracedLanguage);
+    const language = autobuildLanguages[0];
+    if (!language) {
+        logger.info("None of the languages in this project require extra build steps");
+        return undefined;
     }
-    catch (error) {
-        core.setFailed("We were unable to automatically build your code. Please replace the call to the autobuild action with your custom build steps.  " + error.message);
-        await util.reportActionFailed('autobuild', error.message, error.stack);
-        return;
+    logger.debug(`Detected dominant traced language: ${language}`);
+    if (autobuildLanguages.length > 1) {
+        logger.warning(`We will only automatically build ${language} code. If you wish to scan ${autobuildLanguages
+            .slice(1)
+            .join(" and ")}, you must replace this call with custom build steps.`);
     }
-    await util.reportActionSucceeded('autobuild');
+    return language;
 }
-run().catch(e => {
-    core.setFailed("autobuild action failed.  " + e);
-    console.log(e);
-});
+exports.determineAutobuildLanguage = determineAutobuildLanguage;
+async function runAutobuild(language, config, logger) {
+    logger.startGroup(`Attempting to automatically build ${language} code`);
+    const codeQL = codeql_1.getCodeQL(config.codeQLCmd);
+    await codeQL.runAutobuild(language);
+    logger.endGroup();
+}
+exports.runAutobuild = runAutobuild;
 //# sourceMappingURL=autobuild.js.map

lib/autobuild.js.map

@@ -1 +1 @@
-{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,oDAAsC;AACtC,2CAA6B;AAE7B,gEAAkD;AAClD,6CAA+B;AAE/B,KAAK,UAAU,GAAG;;IAChB,IAAI;QACF,IAAI,IAAI,CAAC,YAAY,CAAC,WAAW,EAAE,IAAI,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,WAAW,CAAC,EAAE;YACzF,OAAO;SACR;QAED,0CAA0C;QAC1C,mFAAmF;QACnF,oFAAoF;QACpF,4EAA4E;QAC5E,MAAM,kBAAkB,GAAG,OAAA,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,8BAA8B,CAAC,0CAAE,KAAK,CAAC,GAAG,MAAK,EAAE,CAAC;QACnG,MAAM,QAAQ,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;QAEvC,IAAI,CAAC,QAAQ,EAAE;YACb,IAAI,CAAC,IAAI,CAAC,iEAAiE,CAAC,CAAC;YAC7E,OAAO;SACR;QAED,IAAI,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;QAE7D,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE;YACjC,IAAI,CAAC,OAAO,CAAC,oCAAoC,QAAQ,8BAA8B,kBAAkB,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,wDAAwD,CAAC,CAAC;SAC3L;QAED,IAAI,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;QACtE,8DAA8D;QAC9D,MAAM,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;QAExE,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,cAAc,CAAC;QAChF,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;QAGpF,+DAA+D;QAC/D,0FAA0F;QAC1F,qDAAqD;QACrD,8EAA8E;QAC9E,gHAAgH;QAChH,IAAI,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,EAAE,CAAC;QAC7D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,wBAAwB,EAAE,+BAA+B,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;QAE1I,MAAM,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAC9B,IAAI,CAAC,QAAQ,EAAE,CAAC;KAEjB;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,kIAAkI,GAAG,KAAK,CAAC,OAAO,CAAC,CAAC;QACnK,MAAM,IAAI,CAAC,kBAAkB,CAAC,WAAW,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QACvE,OAAO;KACR;IAED,MAAM,IAAI,CAAC,qBAAqB,CAAC,WAAW,CAAC,CAAC;AAChD,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACd,IAAI,CAAC,SAAS,CAAC,4BAA4B,GAAG,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"autobuild.js","sourceRoot":"","sources":["../src/autobuild.ts"],"names":[],"mappings":";;AAAA,qCAAqC;AAErC,2CAAyD;AAGzD,SAAgB,0BAA0B,CACxC,MAA2B,EAC3B,MAAc;IAEd,0CAA0C;IAC1C,mFAAmF;IACnF,oFAAoF;IACpF,4EAA4E;IAC5E,MAAM,kBAAkB,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,4BAAgB,CAAC,CAAC;IACrE,MAAM,QAAQ,GAAG,kBAAkB,CAAC,CAAC,CAAC,CAAC;IAEvC,IAAI,CAAC,QAAQ,EAAE;QACb,MAAM,CAAC,IAAI,CACT,iEAAiE,CAClE,CAAC;QACF,OAAO,SAAS,CAAC;KAClB;IAED,MAAM,CAAC,KAAK,CAAC,sCAAsC,QAAQ,EAAE,CAAC,CAAC;IAE/D,IAAI,kBAAkB,CAAC,MAAM,GAAG,CAAC,EAAE;QACjC,MAAM,CAAC,OAAO,CACZ,oCAAoC,QAAQ,8BAA8B,kBAAkB;aACzF,KAAK,CAAC,CAAC,CAAC;aACR,IAAI,CAAC,OAAO,CAAC,uDAAuD,CACxE,CAAC;KACH;IAED,OAAO,QAAQ,CAAC;AAClB,CAAC;AA7BD,gEA6BC;AAEM,KAAK,UAAU,YAAY,CAChC,QAAkB,EAClB,MAA2B,EAC3B,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,qCAAqC,QAAQ,OAAO,CAAC,CAAC;IACxE,MAAM,MAAM,GAAG,kBAAS,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC3C,MAAM,MAAM,CAAC,YAAY,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,CAAC,QAAQ,EAAE,CAAC;AACpB,CAAC;AATD,oCASC"}

lib/codeql.js

@@ -0,0 +1,421 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const toolrunnner = __importStar(require("@actions/exec/lib/toolrunner"));
+const http = __importStar(require("@actions/http-client"));
+const toolcache = __importStar(require("@actions/tool-cache"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const semver = __importStar(require("semver"));
+const stream = __importStar(require("stream"));
+const globalutil = __importStar(require("util"));
+const v4_1 = __importDefault(require("uuid/v4"));
+const api = __importStar(require("./api-client"));
+const defaults = __importStar(require("./defaults.json")); // Referenced from codeql-action-sync-tool!
+const error_matcher_1 = require("./error-matcher");
+const toolrunner_error_catcher_1 = require("./toolrunner-error-catcher");
+const util = __importStar(require("./util"));
+/**
+ * Stores the CodeQL object, and is populated by `setupCodeQL` or `getCodeQL`.
+ * Can be overridden in tests using `setCodeQL`.
+ */
+let cachedCodeQL = undefined;
+const CODEQL_BUNDLE_VERSION = defaults.bundleVersion;
+const CODEQL_BUNDLE_NAME = "codeql-bundle.tar.gz";
+const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action";
+function getCodeQLActionRepository(mode) {
+    if (mode !== "actions") {
+        return CODEQL_DEFAULT_ACTION_REPOSITORY;
+    }
+    // Actions do not know their own repository name,
+    // so we currently use this hack to find the name based on where our files are.
+    // This can be removed once the change to the runner in https://github.com/actions/runner/pull/585 is deployed.
+    const runnerTemp = util.getRequiredEnvParam("RUNNER_TEMP");
+    const actionsDirectory = path.join(path.dirname(runnerTemp), "_actions");
+    const relativeScriptPath = path.relative(actionsDirectory, __filename);
+    // This handles the case where the Action does not come from an Action repository,
+    // e.g. our integration tests which use the Action code from the current checkout.
+    if (relativeScriptPath.startsWith("..") ||
+        path.isAbsolute(relativeScriptPath)) {
+        return CODEQL_DEFAULT_ACTION_REPOSITORY;
+    }
+    const relativeScriptPathParts = relativeScriptPath.split(path.sep);
+    return `${relativeScriptPathParts[0]}/${relativeScriptPathParts[1]}`;
+}
+async function getCodeQLBundleDownloadURL(githubAuth, githubUrl, mode, logger) {
+    const codeQLActionRepository = getCodeQLActionRepository(mode);
+    const potentialDownloadSources = [
+        // This GitHub instance, and this Action.
+        [githubUrl, codeQLActionRepository],
+        // This GitHub instance, and the canonical Action.
+        [githubUrl, CODEQL_DEFAULT_ACTION_REPOSITORY],
+        // GitHub.com, and the canonical Action.
+        [util.GITHUB_DOTCOM_URL, CODEQL_DEFAULT_ACTION_REPOSITORY],
+    ];
+    // We now filter out any duplicates.
+    // Duplicates will happen either because the GitHub instance is GitHub.com, or because the Action is not a fork.
+    const uniqueDownloadSources = potentialDownloadSources.filter((url, index, self) => index === self.indexOf(url));
+    for (const downloadSource of uniqueDownloadSources) {
+        const [apiURL, repository] = downloadSource;
+        // If we've reached the final case, short-circuit the API check since we know the bundle exists and is public.
+        if (apiURL === util.GITHUB_DOTCOM_URL &&
+            repository === CODEQL_DEFAULT_ACTION_REPOSITORY) {
+            break;
+        }
+        const [repositoryOwner, repositoryName] = repository.split("/");
+        try {
+            const release = await api
+                .getApiClient(githubAuth, githubUrl)
+                .repos.getReleaseByTag({
+                owner: repositoryOwner,
+                repo: repositoryName,
+                tag: CODEQL_BUNDLE_VERSION,
+            });
+            for (const asset of release.data.assets) {
+                if (asset.name === CODEQL_BUNDLE_NAME) {
+                    logger.info(`Found CodeQL bundle in ${downloadSource[1]} on ${downloadSource[0]} with URL ${asset.url}.`);
+                    return asset.url;
+                }
+            }
+        }
+        catch (e) {
+            logger.info(`Looked for CodeQL bundle in ${downloadSource[1]} on ${downloadSource[0]} but got error ${e}.`);
+        }
+    }
+    return `https://github.com/${CODEQL_DEFAULT_ACTION_REPOSITORY}/releases/download/${CODEQL_BUNDLE_VERSION}/${CODEQL_BUNDLE_NAME}`;
+}
+// We have to download CodeQL manually because the toolcache doesn't support Accept headers.
+// This can be removed once https://github.com/actions/toolkit/pull/530 is merged and released.
+async function toolcacheDownloadTool(url, headers, tempDir, logger) {
+    const client = new http.HttpClient("CodeQL Action");
+    const dest = path.join(tempDir, v4_1.default());
+    const response = await client.get(url, headers);
+    if (response.message.statusCode !== 200) {
+        logger.info(`Failed to download from "${url}". Code(${response.message.statusCode}) Message(${response.message.statusMessage})`);
+        throw new Error(`Unexpected HTTP response: ${response.message.statusCode}`);
+    }
+    const pipeline = globalutil.promisify(stream.pipeline);
+    fs.mkdirSync(path.dirname(dest), { recursive: true });
+    await pipeline(response.message, fs.createWriteStream(dest));
+    return dest;
+}
+async function setupCodeQL(codeqlURL, githubAuth, githubUrl, tempDir, toolsDir, mode, logger) {
+    // Setting these two env vars makes the toolcache code safe to use outside,
+    // of actions but this is obviously not a great thing we're doing and it would
+    // be better to write our own implementation to use outside of actions.
+    process.env["RUNNER_TEMP"] = tempDir;
+    process.env["RUNNER_TOOL_CACHE"] = toolsDir;
+    try {
+        const codeqlURLVersion = getCodeQLURLVersion(codeqlURL || `/${CODEQL_BUNDLE_VERSION}/`, logger);
+        let codeqlFolder = toolcache.find("CodeQL", codeqlURLVersion);
+        if (codeqlFolder) {
+            logger.debug(`CodeQL found in cache ${codeqlFolder}`);
+        }
+        else {
+            if (!codeqlURL) {
+                codeqlURL = await getCodeQLBundleDownloadURL(githubAuth, githubUrl, mode, logger);
+            }
+            const headers = { accept: "application/octet-stream" };
+            // We only want to provide an authorization header if we are downloading
+            // from the same GitHub instance the Action is running on.
+            // This avoids leaking Enterprise tokens to dotcom.
+            if (codeqlURL.startsWith(`${githubUrl}/`)) {
+                logger.debug("Downloading CodeQL bundle with token.");
+                headers.authorization = `token ${githubAuth}`;
+            }
+            else {
+                logger.debug("Downloading CodeQL bundle without token.");
+            }
+            logger.info(`Downloading CodeQL tools from ${codeqlURL}. This may take a while.`);
+            const codeqlPath = await toolcacheDownloadTool(codeqlURL, headers, tempDir, logger);
+            logger.debug(`CodeQL bundle download to ${codeqlPath} complete.`);
+            const codeqlExtracted = await toolcache.extractTar(codeqlPath);
+            codeqlFolder = await toolcache.cacheDir(codeqlExtracted, "CodeQL", codeqlURLVersion);
+        }
+        let codeqlCmd = path.join(codeqlFolder, "codeql", "codeql");
+        if (process.platform === "win32") {
+            codeqlCmd += ".exe";
+        }
+        else if (process.platform !== "linux" && process.platform !== "darwin") {
+            throw new Error(`Unsupported platform: ${process.platform}`);
+        }
+        cachedCodeQL = getCodeQLForCmd(codeqlCmd);
+        return cachedCodeQL;
+    }
+    catch (e) {
+        logger.error(e);
+        throw new Error("Unable to download and extract CodeQL CLI");
+    }
+}
+exports.setupCodeQL = setupCodeQL;
+function getCodeQLURLVersion(url, logger) {
+    const match = url.match(/\/codeql-bundle-(.*)\//);
+    if (match === null || match.length < 2) {
+        throw new Error(`Malformed tools url: ${url}. Version could not be inferred`);
+    }
+    let version = match[1];
+    if (!semver.valid(version)) {
+        logger.debug(`Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`);
+        version = `0.0.0-${version}`;
+    }
+    const s = semver.clean(version);
+    if (!s) {
+        throw new Error(`Malformed tools url ${url}. Version should be in SemVer format but have ${version} instead`);
+    }
+    return s;
+}
+exports.getCodeQLURLVersion = getCodeQLURLVersion;
+/**
+ * Use the CodeQL executable located at the given path.
+ */
+function getCodeQL(cmd) {
+    if (cachedCodeQL === undefined) {
+        cachedCodeQL = getCodeQLForCmd(cmd);
+    }
+    return cachedCodeQL;
+}
+exports.getCodeQL = getCodeQL;
+function resolveFunction(partialCodeql, methodName, defaultImplementation) {
+    if (typeof partialCodeql[methodName] !== "function") {
+        if (defaultImplementation !== undefined) {
+            return defaultImplementation;
+        }
+        const dummyMethod = () => {
+            throw new Error(`CodeQL ${methodName} method not correctly defined`);
+        };
+        return dummyMethod;
+    }
+    return partialCodeql[methodName];
+}
+/**
+ * Set the functionality for CodeQL methods. Only for use in tests.
+ *
+ * Accepts a partial object and any undefined methods will be implemented
+ * to immediately throw an exception indicating which method is missing.
+ */
+function setCodeQL(partialCodeql) {
+    cachedCodeQL = {
+        getPath: resolveFunction(partialCodeql, "getPath", () => "/tmp/dummy-path"),
+        printVersion: resolveFunction(partialCodeql, "printVersion"),
+        getTracerEnv: resolveFunction(partialCodeql, "getTracerEnv"),
+        databaseInit: resolveFunction(partialCodeql, "databaseInit"),
+        runAutobuild: resolveFunction(partialCodeql, "runAutobuild"),
+        extractScannedLanguage: resolveFunction(partialCodeql, "extractScannedLanguage"),
+        finalizeDatabase: resolveFunction(partialCodeql, "finalizeDatabase"),
+        resolveQueries: resolveFunction(partialCodeql, "resolveQueries"),
+        databaseAnalyze: resolveFunction(partialCodeql, "databaseAnalyze"),
+    };
+    return cachedCodeQL;
+}
+exports.setCodeQL = setCodeQL;
+/**
+ * Get the cached CodeQL object. Should only be used from tests.
+ *
+ * TODO: Work out a good way for tests to get this from the test context
+ * instead of having to have this method.
+ */
+function getCachedCodeQL() {
+    if (cachedCodeQL === undefined) {
+        // Should never happen as setCodeQL is called by testing-utils.setupTests
+        throw new Error("cachedCodeQL undefined");
+    }
+    return cachedCodeQL;
+}
+exports.getCachedCodeQL = getCachedCodeQL;
+function getCodeQLForCmd(cmd) {
+    return {
+        getPath() {
+            return cmd;
+        },
+        async printVersion() {
+            await new toolrunnner.ToolRunner(cmd, [
+                "version",
+                "--format=json",
+            ]).exec();
+        },
+        async getTracerEnv(databasePath) {
+            // Write tracer-env.js to a temp location.
+            const tracerEnvJs = path.resolve(databasePath, "working", "tracer-env.js");
+            fs.mkdirSync(path.dirname(tracerEnvJs), { recursive: true });
+            fs.writeFileSync(tracerEnvJs, `
+        const fs = require('fs');
+        const env = {};
+        for (let entry of Object.entries(process.env)) {
+          const key = entry[0];
+          const value = entry[1];
+          if (typeof value !== 'undefined' && key !== '_' && !key.startsWith('JAVA_MAIN_CLASS_')) {
+            env[key] = value;
+          }
+        }
+        process.stdout.write(process.argv[2]);
+        fs.writeFileSync(process.argv[2], JSON.stringify(env), 'utf-8');`);
+            const envFile = path.resolve(databasePath, "working", "env.tmp");
+            await new toolrunnner.ToolRunner(cmd, [
+                "database",
+                "trace-command",
+                databasePath,
+                ...getExtraOptionsFromEnv(["database", "trace-command"]),
+                process.execPath,
+                tracerEnvJs,
+                envFile,
+            ]).exec();
+            return JSON.parse(fs.readFileSync(envFile, "utf-8"));
+        },
+        async databaseInit(databasePath, language, sourceRoot) {
+            await new toolrunnner.ToolRunner(cmd, [
+                "database",
+                "init",
+                databasePath,
+                `--language=${language}`,
+                `--source-root=${sourceRoot}`,
+                ...getExtraOptionsFromEnv(["database", "init"]),
+            ]).exec();
+        },
+        async runAutobuild(language) {
+            const cmdName = process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh";
+            const autobuildCmd = path.join(path.dirname(cmd), language, "tools", cmdName);
+            // Update JAVA_TOOL_OPTIONS to contain '-Dhttp.keepAlive=false'
+            // This is because of an issue with Azure pipelines timing out connections after 4 minutes
+            // and Maven not properly handling closed connections
+            // Otherwise long build processes will timeout when pulling down Java packages
+            // https://developercommunity.visualstudio.com/content/problem/292284/maven-hosted-agent-connection-timeout.html
+            const javaToolOptions = process.env["JAVA_TOOL_OPTIONS"] || "";
+            process.env["JAVA_TOOL_OPTIONS"] = [
+                ...javaToolOptions.split(/\s+/),
+                "-Dhttp.keepAlive=false",
+                "-Dmaven.wagon.http.pool=false",
+            ].join(" ");
+            await new toolrunnner.ToolRunner(autobuildCmd).exec();
+        },
+        async extractScannedLanguage(databasePath, language) {
+            // Get extractor location
+            let extractorPath = "";
+            await new toolrunnner.ToolRunner(cmd, [
+                "resolve",
+                "extractor",
+                "--format=json",
+                `--language=${language}`,
+                ...getExtraOptionsFromEnv(["resolve", "extractor"]),
+            ], {
+                silent: true,
+                listeners: {
+                    stdout: (data) => {
+                        extractorPath += data.toString();
+                    },
+                    stderr: (data) => {
+                        process.stderr.write(data);
+                    },
+                },
+            }).exec();
+            // Set trace command
+            const ext = process.platform === "win32" ? ".cmd" : ".sh";
+            const traceCommand = path.resolve(JSON.parse(extractorPath), "tools", `autobuild${ext}`);
+            // Run trace command
+            await toolrunner_error_catcher_1.toolrunnerErrorCatcher(cmd, [
+                "database",
+                "trace-command",
+                ...getExtraOptionsFromEnv(["database", "trace-command"]),
+                databasePath,
+                "--",
+                traceCommand,
+            ], error_matcher_1.errorMatchers);
+        },
+        async finalizeDatabase(databasePath) {
+            await toolrunner_error_catcher_1.toolrunnerErrorCatcher(cmd, [
+                "database",
+                "finalize",
+                ...getExtraOptionsFromEnv(["database", "finalize"]),
+                databasePath,
+            ], error_matcher_1.errorMatchers);
+        },
+        async resolveQueries(queries, extraSearchPath) {
+            const codeqlArgs = [
+                "resolve",
+                "queries",
+                ...queries,
+                "--format=bylanguage",
+                ...getExtraOptionsFromEnv(["resolve", "queries"]),
+            ];
+            if (extraSearchPath !== undefined) {
+                codeqlArgs.push("--search-path", extraSearchPath);
+            }
+            let output = "";
+            await new toolrunnner.ToolRunner(cmd, codeqlArgs, {
+                listeners: {
+                    stdout: (data) => {
+                        output += data.toString();
+                    },
+                },
+            }).exec();
+            return JSON.parse(output);
+        },
+        async databaseAnalyze(databasePath, sarifFile, querySuite, memoryFlag, addSnippetsFlag, threadsFlag) {
+            await new toolrunnner.ToolRunner(cmd, [
+                "database",
+                "analyze",
+                memoryFlag,
+                threadsFlag,
+                databasePath,
+                "--format=sarif-latest",
+                `--output=${sarifFile}`,
+                addSnippetsFlag,
+                ...getExtraOptionsFromEnv(["database", "analyze"]),
+                querySuite,
+            ]).exec();
+        },
+    };
+}
+/**
+ * Gets the options for `path` of `options` as an array of extra option strings.
+ */
+function getExtraOptionsFromEnv(path) {
+    const options = util.getExtraOptionsEnvParam();
+    return getExtraOptions(options, path, []);
+}
+/**
+ * Gets the options for `path` of `options` as an array of extra option strings.
+ *
+ * - the special terminal step name '*' in `options` matches all path steps
+ * - throws an exception if this conversion is impossible.
+ */
+function getExtraOptions(options, path, pathInfo) {
+    var _a, _b, _c;
+    /**
+     * Gets `options` as an array of extra option strings.
+     *
+     * - throws an exception mentioning `pathInfo` if this conversion is impossible.
+     */
+    function asExtraOptions(options, pathInfo) {
+        if (options === undefined) {
+            return [];
+        }
+        if (!Array.isArray(options)) {
+            const msg = `The extra options for '${pathInfo.join(".")}' ('${JSON.stringify(options)}') are not in an array.`;
+            throw new Error(msg);
+        }
+        return options.map((o) => {
+            const t = typeof o;
+            if (t !== "string" && t !== "number" && t !== "boolean") {
+                const msg = `The extra option for '${pathInfo.join(".")}' ('${JSON.stringify(o)}') is not a primitive value.`;
+                throw new Error(msg);
+            }
+            return `${o}`;
+        });
+    }
+    const all = asExtraOptions((_a = options) === null || _a === void 0 ? void 0 : _a["*"], pathInfo.concat("*"));
+    const specific = path.length === 0
+        ? asExtraOptions(options, pathInfo)
+        : getExtraOptions((_b = options) === null || _b === void 0 ? void 0 : _b[path[0]], (_c = path) === null || _c === void 0 ? void 0 : _c.slice(1), pathInfo.concat(path[0]));
+    return all.concat(specific);
+}
+exports.getExtraOptions = getExtraOptions;
+//# sourceMappingURL=codeql.js.map

lib/codeql.test.js

@@ -0,0 +1,79 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const toolcache = __importStar(require("@actions/tool-cache"));
+const ava_1 = __importDefault(require("ava"));
+const nock_1 = __importDefault(require("nock"));
+const path = __importStar(require("path"));
+const codeql = __importStar(require("./codeql"));
+const logging_1 = require("./logging");
+const testing_utils_1 = require("./testing-utils");
+const util = __importStar(require("./util"));
+testing_utils_1.setupTests(ava_1.default);
+ava_1.default("download codeql bundle cache", async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const versions = ["20200601", "20200610"];
+        for (let i = 0; i < versions.length; i++) {
+            const version = versions[i];
+            nock_1.default("https://example.com")
+                .get(`/download/codeql-bundle-${version}/codeql-bundle.tar.gz`)
+                .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle.tar.gz`));
+            await codeql.setupCodeQL(`https://example.com/download/codeql-bundle-${version}/codeql-bundle.tar.gz`, "token", "https://github.example.com", tmpDir, tmpDir, "runner", logging_1.getRunnerLogger(true));
+            t.assert(toolcache.find("CodeQL", `0.0.0-${version}`));
+        }
+        const cachedVersions = toolcache.findAllVersions("CodeQL");
+        t.is(cachedVersions.length, 2);
+    });
+});
+ava_1.default("parse codeql bundle url version", (t) => {
+    const tests = {
+        "20200601": "0.0.0-20200601",
+        "20200601.0": "0.0.0-20200601.0",
+        "20200601.0.0": "20200601.0.0",
+        "1.2.3": "1.2.3",
+        "1.2.3-alpha": "1.2.3-alpha",
+        "1.2.3-beta.1": "1.2.3-beta.1",
+    };
+    for (const [version, expectedVersion] of Object.entries(tests)) {
+        const url = `https://github.com/.../codeql-bundle-${version}/...`;
+        try {
+            const parsedVersion = codeql.getCodeQLURLVersion(url, logging_1.getRunnerLogger(true));
+            t.deepEqual(parsedVersion, expectedVersion);
+        }
+        catch (e) {
+            t.fail(e.message);
+        }
+    }
+});
+ava_1.default("getExtraOptions works for explicit paths", (t) => {
+    t.deepEqual(codeql.getExtraOptions({}, ["foo"], []), []);
+    t.deepEqual(codeql.getExtraOptions({ foo: [42] }, ["foo"], []), ["42"]);
+    t.deepEqual(codeql.getExtraOptions({ foo: { bar: [42] } }, ["foo", "bar"], []), ["42"]);
+});
+ava_1.default("getExtraOptions works for wildcards", (t) => {
+    t.deepEqual(codeql.getExtraOptions({ "*": [42] }, ["foo"], []), ["42"]);
+});
+ava_1.default("getExtraOptions works for wildcards and explicit paths", (t) => {
+    const o1 = { "*": [42], foo: [87] };
+    t.deepEqual(codeql.getExtraOptions(o1, ["foo"], []), ["42", "87"]);
+    const o2 = { "*": [42], foo: [87] };
+    t.deepEqual(codeql.getExtraOptions(o2, ["foo", "bar"], []), ["42"]);
+    const o3 = { "*": [42], foo: { "*": [87], bar: [99] } };
+    const p = ["foo", "bar"];
+    t.deepEqual(codeql.getExtraOptions(o3, p, []), ["42", "87", "99"]);
+});
+ava_1.default("getExtraOptions throws for bad content", (t) => {
+    t.throws(() => codeql.getExtraOptions({ "*": 42 }, ["foo"], []));
+    t.throws(() => codeql.getExtraOptions({ foo: 87 }, ["foo"], []));
+    t.throws(() => codeql.getExtraOptions({ "*": [42], foo: { "*": 87, bar: [99] } }, ["foo", "bar"], []));
+});
+//# sourceMappingURL=codeql.test.js.map

lib/codeql.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"codeql.test.js","sourceRoot":"","sources":["../src/codeql.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+DAAiD;AACjD,8CAAuB;AACvB,gDAAwB;AACxB,2CAA6B;AAE7B,iDAAmC;AACnC,uCAA4C;AAC5C,mDAA6C;AAC7C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,8BAA8B,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC/C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YACxC,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YAE5B,cAAI,CAAC,qBAAqB,CAAC;iBACxB,GAAG,CAAC,2BAA2B,OAAO,uBAAuB,CAAC;iBAC9D,aAAa,CACZ,GAAG,EACH,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,uCAAuC,CAAC,CAC9D,CAAC;YAEJ,MAAM,MAAM,CAAC,WAAW,CACtB,8CAA8C,OAAO,uBAAuB,EAC5E,OAAO,EACP,4BAA4B,EAC5B,MAAM,EACN,MAAM,EACN,QAAQ,EACR,yBAAe,CAAC,IAAI,CAAC,CACtB,CAAC;YAEF,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,OAAO,EAAE,CAAC,CAAC,CAAC;SACxD;QAED,MAAM,cAAc,GAAG,SAAS,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAE3D,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACjC,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE,EAAE;IAC5C,MAAM,KAAK,GAAG;QACZ,UAAU,EAAE,gBAAgB;QAC5B,YAAY,EAAE,kBAAkB;QAChC,cAAc,EAAE,cAAc;QAC9B,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,aAAa;QAC5B,cAAc,EAAE,cAAc;KAC/B,CAAC;IAEF,KAAK,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAC9D,MAAM,GAAG,GAAG,wCAAwC,OAAO,MAAM,CAAC;QAElE,IAAI;YACF,MAAM,aAAa,GAAG,MAAM,CAAC,mBAAmB,CAC9C,GAAG,EACH,yBAAe,CAAC,IAAI,CAAC,CACtB,CAAC;YACF,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SAC7C;QAAC,OAAO,CAAC,EAAE;YACV,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;SACnB;KACF;AACH,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,0CAA0C,EAAE,CAAC,CAAC,EAAE,EAAE;IACrD,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,CAAC;IAEzD,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IAExE,CAAC,CAAC,SAAS,CACT,MAAM,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,EAClE,CAAC,IAAI,CAAC,CACP,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,qCAAqC,EAAE,CAAC,CAAC,EAAE,EAAE;IAChD,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;AAC1E,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,wDAAwD,EAAE,CAAC,CAAC,EAAE,EAAE;IACnE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;IACpC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;IAEnE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,CAAC;IACpC,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,EAAE,CAAC,KAAK,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,CAAC,CAAC,CAAC;IAEpE,MAAM,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;IACxD,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IACzB,CAAC,CAAC,SAAS,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,CAAC,IAAI,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC,CAAC;AACrE,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,wCAAwC,EAAE,CAAC,CAAC,EAAE,EAAE;IACnD,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAEjE,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,MAAM,CAAC,eAAe,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,EAAE,CAAC,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC;IAEjE,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,CACZ,MAAM,CAAC,eAAe,CACpB,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,GAAG,EAAE,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,CAAC,EAAE,EAAE,EAC1C,CAAC,KAAK,EAAE,KAAK,CAAC,EACd,EAAE,CACH,CACF,CAAC;AACJ,CAAC,CAAC,CAAC"}

lib/config-utils.js

@@ -7,168 +7,407 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
-const io = __importStar(require("@actions/io"));
 const fs = __importStar(require("fs"));
 const yaml = __importStar(require("js-yaml"));
 const path = __importStar(require("path"));
-const util = __importStar(require("./util"));
-const NAME_PROPERTY = 'name';
-const DISPLAY_DEFAULT_QUERIES_PROPERTY = 'disable-default-queries';
-const QUERIES_PROPERTY = 'queries';
-const QUERIES_USES_PROPERTY = 'uses';
-const PATHS_IGNORE_PROPERTY = 'paths-ignore';
-const PATHS_PROPERTY = 'paths';
-class ExternalQuery {
-    constructor(repository, ref) {
-        this.path = '';
-        this.repository = repository;
-        this.ref = ref;
+const api = __importStar(require("./api-client"));
+const externalQueries = __importStar(require("./external-queries"));
+const languages_1 = require("./languages");
+// Property names from the user-supplied config file.
+const NAME_PROPERTY = "name";
+const DISABLE_DEFAULT_QUERIES_PROPERTY = "disable-default-queries";
+const QUERIES_PROPERTY = "queries";
+const QUERIES_USES_PROPERTY = "uses";
+const PATHS_IGNORE_PROPERTY = "paths-ignore";
+const PATHS_PROPERTY = "paths";
+/**
+ * A list of queries from https://github.com/github/codeql that
+ * we don't want to run. Disabling them here is a quicker alternative to
+ * disabling them in the code scanning query suites. Queries should also
+ * be disabled in the suites, and removed from this list here once the
+ * bundle is updated to make those suite changes live.
+ *
+ * Format is a map from language to an array of path suffixes of .ql files.
+ */
+const DISABLED_BUILTIN_QUERIES = {
+    csharp: [
+        "ql/src/Security Features/CWE-937/VulnerablePackage.ql",
+        "ql/src/Security Features/CWE-451/MissingXFrameOptions.ql",
+    ],
+};
+function queryIsDisabled(language, query) {
+    return (DISABLED_BUILTIN_QUERIES[language] || []).some((disabledQuery) => query.endsWith(disabledQuery));
+}
+/**
+ * Asserts that the noDeclaredLanguage and multipleDeclaredLanguages fields are
+ * both empty and errors if they are not.
+ */
+function validateQueries(resolvedQueries) {
+    const noDeclaredLanguage = resolvedQueries.noDeclaredLanguage;
+    const noDeclaredLanguageQueries = Object.keys(noDeclaredLanguage);
+    if (noDeclaredLanguageQueries.length !== 0) {
+        throw new Error(`${"The following queries do not declare a language. " +
+            "Their qlpack.yml files are either missing or is invalid.\n"}${noDeclaredLanguageQueries.join("\n")}`);
+    }
+    const multipleDeclaredLanguages = resolvedQueries.multipleDeclaredLanguages;
+    const multipleDeclaredLanguagesQueries = Object.keys(multipleDeclaredLanguages);
+    if (multipleDeclaredLanguagesQueries.length !== 0) {
+        throw new Error(`${"The following queries declare multiple languages. " +
+            "Their qlpack.yml files are either missing or is invalid.\n"}${multipleDeclaredLanguagesQueries.join("\n")}`);
     }
 }
-exports.ExternalQuery = ExternalQuery;
+/**
+ * Run 'codeql resolve queries' and add the results to resultMap
+ */
+async function runResolveQueries(codeQL, resultMap, toResolve, extraSearchPath, errorOnInvalidQueries) {
+    const resolvedQueries = await codeQL.resolveQueries(toResolve, extraSearchPath);
+    for (const [language, queries] of Object.entries(resolvedQueries.byLanguage)) {
+        if (resultMap[language] === undefined) {
+            resultMap[language] = [];
+        }
+        resultMap[language].push(...Object.keys(queries).filter((q) => !queryIsDisabled(language, q)));
+    }
+    if (errorOnInvalidQueries) {
+        validateQueries(resolvedQueries);
+    }
+}
+/**
+ * Get the set of queries included by default.
+ */
+async function addDefaultQueries(codeQL, languages, resultMap) {
+    const suites = languages.map((l) => `${l}-code-scanning.qls`);
+    await runResolveQueries(codeQL, resultMap, suites, undefined, false);
+}
 // The set of acceptable values for built-in suites from the codeql bundle
-const builtinSuites = ['security-extended', 'security-and-quality'];
-class Config {
-    constructor() {
-        this.name = "";
-        this.disableDefaultQueries = false;
-        this.additionalQueries = [];
-        this.externalQueries = [];
-        this.additionalSuites = [];
-        this.pathsIgnore = [];
-        this.paths = [];
-    }
-    addQuery(configFile, queryUses) {
-        // The logic for parsing the string is based on what actions does for
-        // parsing the 'uses' actions in the workflow file
-        queryUses = queryUses.trim();
-        if (queryUses === "") {
-            throw new Error(getQueryUsesInvalid(configFile));
-        }
-        // Check for the local path case before we start trying to parse the repository name
-        if (queryUses.startsWith("./")) {
-            const localQueryPath = queryUses.slice(2);
-            // Resolve the local path against the workspace so that when this is
-            // passed to codeql it resolves to exactly the path we expect it to resolve to.
-            const workspacePath = fs.realpathSync(util.getRequiredEnvParam('GITHUB_WORKSPACE'));
-            let absoluteQueryPath = path.join(workspacePath, localQueryPath);
-            // Check the file exists
-            if (!fs.existsSync(absoluteQueryPath)) {
-                throw new Error(getLocalPathDoesNotExist(configFile, localQueryPath));
-            }
-            // Call this after checking file exists, because it'll fail if file doesn't exist
-            absoluteQueryPath = fs.realpathSync(absoluteQueryPath);
-            // Check the local path doesn't jump outside the repo using '..' or symlinks
-            if (!(absoluteQueryPath + path.sep).startsWith(workspacePath + path.sep)) {
-                throw new Error(getLocalPathOutsideOfRepository(configFile, localQueryPath));
-            }
-            this.additionalQueries.push(absoluteQueryPath);
-            return;
-        }
-        // Check for one of the builtin suites
-        if (queryUses.indexOf('/') === -1 && queryUses.indexOf('@') === -1) {
-            const suite = builtinSuites.find((suite) => suite === queryUses);
-            if (suite) {
-                this.additionalSuites.push(suite);
-                return;
-            }
-            else {
-                throw new Error(getQueryUsesInvalid(configFile, queryUses));
-            }
-        }
-        let tok = queryUses.split('@');
-        if (tok.length !== 2) {
-            throw new Error(getQueryUsesInvalid(configFile, queryUses));
-        }
-        const ref = tok[1];
-        tok = tok[0].split('/');
-        // The first token is the owner
-        // The second token is the repo
-        // The rest is a path, if there is more than one token combine them to form the full path
-        if (tok.length < 2) {
-            throw new Error(getQueryUsesInvalid(configFile, queryUses));
-        }
-        if (tok.length > 3) {
-            tok = [tok[0], tok[1], tok.slice(2).join('/')];
-        }
-        // Check none of the parts of the repository name are empty
-        if (tok[0].trim() === '' || tok[1].trim() === '') {
-            throw new Error(getQueryUsesInvalid(configFile, queryUses));
-        }
-        let external = new ExternalQuery(tok[0] + '/' + tok[1], ref);
-        if (tok.length === 3) {
-            external.path = tok[2];
-        }
-        this.externalQueries.push(external);
+const builtinSuites = ["security-extended", "security-and-quality"];
+/**
+ * Determine the set of queries associated with suiteName's suites and add them to resultMap.
+ * Throws an error if suiteName is not a valid builtin suite.
+ */
+async function addBuiltinSuiteQueries(languages, codeQL, resultMap, suiteName, configFile) {
+    const suite = builtinSuites.find((suite) => suite === suiteName);
+    if (!suite) {
+        throw new Error(getQueryUsesInvalid(configFile, suiteName));
     }
+    const suites = languages.map((l) => `${l}-${suiteName}.qls`);
+    await runResolveQueries(codeQL, resultMap, suites, undefined, false);
 }
-exports.Config = Config;
+/**
+ * Retrieve the set of queries at localQueryPath and add them to resultMap.
+ */
+async function addLocalQueries(codeQL, resultMap, localQueryPath, checkoutPath, configFile) {
+    // Resolve the local path against the workspace so that when this is
+    // passed to codeql it resolves to exactly the path we expect it to resolve to.
+    let absoluteQueryPath = path.join(checkoutPath, localQueryPath);
+    // Check the file exists
+    if (!fs.existsSync(absoluteQueryPath)) {
+        throw new Error(getLocalPathDoesNotExist(configFile, localQueryPath));
+    }
+    // Call this after checking file exists, because it'll fail if file doesn't exist
+    absoluteQueryPath = fs.realpathSync(absoluteQueryPath);
+    // Check the local path doesn't jump outside the repo using '..' or symlinks
+    if (!(absoluteQueryPath + path.sep).startsWith(fs.realpathSync(checkoutPath) + path.sep)) {
+        throw new Error(getLocalPathOutsideOfRepository(configFile, localQueryPath));
+    }
+    await runResolveQueries(codeQL, resultMap, [absoluteQueryPath], checkoutPath, true);
+}
+/**
+ * Retrieve the set of queries at the referenced remote repo and add them to resultMap.
+ */
+async function addRemoteQueries(codeQL, resultMap, queryUses, tempDir, githubUrl, logger, configFile) {
+    let tok = queryUses.split("@");
+    if (tok.length !== 2) {
+        throw new Error(getQueryUsesInvalid(configFile, queryUses));
+    }
+    const ref = tok[1];
+    tok = tok[0].split("/");
+    // The first token is the owner
+    // The second token is the repo
+    // The rest is a path, if there is more than one token combine them to form the full path
+    if (tok.length < 2) {
+        throw new Error(getQueryUsesInvalid(configFile, queryUses));
+    }
+    // Check none of the parts of the repository name are empty
+    if (tok[0].trim() === "" || tok[1].trim() === "") {
+        throw new Error(getQueryUsesInvalid(configFile, queryUses));
+    }
+    const nwo = `${tok[0]}/${tok[1]}`;
+    // Checkout the external repository
+    const checkoutPath = await externalQueries.checkoutExternalRepository(nwo, ref, githubUrl, tempDir, logger);
+    const queryPath = tok.length > 2
+        ? path.join(checkoutPath, tok.slice(2).join("/"))
+        : checkoutPath;
+    await runResolveQueries(codeQL, resultMap, [queryPath], checkoutPath, true);
+}
+/**
+ * Parse a query 'uses' field to a discrete set of query files and update resultMap.
+ *
+ * The logic for parsing the string is based on what actions does for
+ * parsing the 'uses' actions in the workflow file. So it can handle
+ * local paths starting with './', or references to remote repos, or
+ * a finite set of hardcoded terms for builtin suites.
+ */
+async function parseQueryUses(languages, codeQL, resultMap, queryUses, tempDir, checkoutPath, githubUrl, logger, configFile) {
+    queryUses = queryUses.trim();
+    if (queryUses === "") {
+        throw new Error(getQueryUsesInvalid(configFile));
+    }
+    // Check for the local path case before we start trying to parse the repository name
+    if (queryUses.startsWith("./")) {
+        await addLocalQueries(codeQL, resultMap, queryUses.slice(2), checkoutPath, configFile);
+        return;
+    }
+    // Check for one of the builtin suites
+    if (queryUses.indexOf("/") === -1 && queryUses.indexOf("@") === -1) {
+        await addBuiltinSuiteQueries(languages, codeQL, resultMap, queryUses, configFile);
+        return;
+    }
+    // Otherwise, must be a reference to another repo
+    await addRemoteQueries(codeQL, resultMap, queryUses, tempDir, githubUrl, logger, configFile);
+}
+// Regex validating stars in paths or paths-ignore entries.
+// The intention is to only allow ** to appear when immediately
+// preceded and followed by a slash.
+const pathStarsRegex = /.*(?:\*\*[^/].*|\*\*$|[^/]\*\*.*)/;
+// Characters that are supported by filters in workflows, but not by us.
+// See https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet
+const filterPatternCharactersRegex = /.*[\?\+\[\]!].*/;
+// Checks that a paths of paths-ignore entry is valid, possibly modifying it
+// to make it valid, or if not possible then throws an error.
+function validateAndSanitisePath(originalPath, propertyName, configFile, logger) {
+    // Take a copy so we don't modify the original path, so we can still construct error messages
+    let path = originalPath;
+    // All paths are relative to the src root, so strip off leading slashes.
+    while (path.charAt(0) === "/") {
+        path = path.substring(1);
+    }
+    // Trailing ** are redundant, so strip them off
+    if (path.endsWith("/**")) {
+        path = path.substring(0, path.length - 2);
+    }
+    // An empty path is not allowed as it's meaningless
+    if (path === "") {
+        throw new Error(getConfigFilePropertyError(configFile, propertyName, `"${originalPath}" is not an invalid path. ` +
+            `It is not necessary to include it, and it is not allowed to exclude it.`));
+    }
+    // Check for illegal uses of **
+    if (path.match(pathStarsRegex)) {
+        throw new Error(getConfigFilePropertyError(configFile, propertyName, `"${originalPath}" contains an invalid "**" wildcard. ` +
+            `They must be immediately preceeded and followed by a slash as in "/**/", or come at the start or end.`));
+    }
+    // Check for other regex characters that we don't support.
+    // Output a warning so the user knows, but otherwise continue normally.
+    if (path.match(filterPatternCharactersRegex)) {
+        logger.warning(getConfigFilePropertyError(configFile, propertyName, `"${originalPath}" contains an unsupported character. ` +
+            `The filter pattern characters ?, +, [, ], ! are not supported and will be matched literally.`));
+    }
+    // Ban any uses of backslash for now.
+    // This may not play nicely with project layouts.
+    // This restriction can be lifted later if we determine they are ok.
+    if (path.indexOf("\\") !== -1) {
+        throw new Error(getConfigFilePropertyError(configFile, propertyName, `"${originalPath}" contains an "\\" character. These are not allowed in filters. ` +
+            `If running on windows we recommend using "/" instead for path filters.`));
+    }
+    return path;
+}
+exports.validateAndSanitisePath = validateAndSanitisePath;
+// An undefined configFile in some of these functions indicates that
+// the property was in a workflow file, not a config file
 function getNameInvalid(configFile) {
-    return getConfigFilePropertyError(configFile, NAME_PROPERTY, 'must be a non-empty string');
+    return getConfigFilePropertyError(configFile, NAME_PROPERTY, "must be a non-empty string");
 }
 exports.getNameInvalid = getNameInvalid;
 function getDisableDefaultQueriesInvalid(configFile) {
-    return getConfigFilePropertyError(configFile, DISPLAY_DEFAULT_QUERIES_PROPERTY, 'must be a boolean');
+    return getConfigFilePropertyError(configFile, DISABLE_DEFAULT_QUERIES_PROPERTY, "must be a boolean");
 }
 exports.getDisableDefaultQueriesInvalid = getDisableDefaultQueriesInvalid;
 function getQueriesInvalid(configFile) {
-    return getConfigFilePropertyError(configFile, QUERIES_PROPERTY, 'must be an array');
+    return getConfigFilePropertyError(configFile, QUERIES_PROPERTY, "must be an array");
 }
 exports.getQueriesInvalid = getQueriesInvalid;
 function getQueryUsesInvalid(configFile, queryUses) {
-    return getConfigFilePropertyError(configFile, QUERIES_PROPERTY + '.' + QUERIES_USES_PROPERTY, 'must be a built-in suite (' + builtinSuites.join(' or ') +
-        '), a relative path, or be of the form "owner/repo[/path]@ref"' +
-        (queryUses !== undefined ? '\n Found: ' + queryUses : ''));
+    return getConfigFilePropertyError(configFile, `${QUERIES_PROPERTY}.${QUERIES_USES_PROPERTY}`, `must be a built-in suite (${builtinSuites.join(" or ")}), a relative path, or be of the form "owner/repo[/path]@ref"${queryUses !== undefined ? `\n Found: ${queryUses}` : ""}`);
 }
 exports.getQueryUsesInvalid = getQueryUsesInvalid;
 function getPathsIgnoreInvalid(configFile) {
-    return getConfigFilePropertyError(configFile, PATHS_IGNORE_PROPERTY, 'must be an array of non-empty strings');
+    return getConfigFilePropertyError(configFile, PATHS_IGNORE_PROPERTY, "must be an array of non-empty strings");
 }
 exports.getPathsIgnoreInvalid = getPathsIgnoreInvalid;
 function getPathsInvalid(configFile) {
-    return getConfigFilePropertyError(configFile, PATHS_PROPERTY, 'must be an array of non-empty strings');
+    return getConfigFilePropertyError(configFile, PATHS_PROPERTY, "must be an array of non-empty strings");
 }
 exports.getPathsInvalid = getPathsInvalid;
 function getLocalPathOutsideOfRepository(configFile, localPath) {
-    return getConfigFilePropertyError(configFile, QUERIES_PROPERTY + '.' + QUERIES_USES_PROPERTY, 'is invalid as the local path "' + localPath + '" is outside of the repository');
+    return getConfigFilePropertyError(configFile, `${QUERIES_PROPERTY}.${QUERIES_USES_PROPERTY}`, `is invalid as the local path "${localPath}" is outside of the repository`);
 }
 exports.getLocalPathOutsideOfRepository = getLocalPathOutsideOfRepository;
 function getLocalPathDoesNotExist(configFile, localPath) {
-    return getConfigFilePropertyError(configFile, QUERIES_PROPERTY + '.' + QUERIES_USES_PROPERTY, 'is invalid as the local path "' + localPath + '" does not exist in the repository');
+    return getConfigFilePropertyError(configFile, `${QUERIES_PROPERTY}.${QUERIES_USES_PROPERTY}`, `is invalid as the local path "${localPath}" does not exist in the repository`);
 }
 exports.getLocalPathDoesNotExist = getLocalPathDoesNotExist;
 function getConfigFileOutsideWorkspaceErrorMessage(configFile) {
-    return 'The configuration file "' + configFile + '" is outside of the workspace';
+    return `The configuration file "${configFile}" is outside of the workspace`;
 }
 exports.getConfigFileOutsideWorkspaceErrorMessage = getConfigFileOutsideWorkspaceErrorMessage;
 function getConfigFileDoesNotExistErrorMessage(configFile) {
-    return 'The configuration file "' + configFile + '" does not exist';
+    return `The configuration file "${configFile}" does not exist`;
 }
 exports.getConfigFileDoesNotExistErrorMessage = getConfigFileDoesNotExistErrorMessage;
-function getConfigFilePropertyError(configFile, property, error) {
-    return 'The configuration file "' + configFile + '" is invalid: property "' + property + '" ' + error;
+function getConfigFileRepoFormatInvalidMessage(configFile) {
+    let error = `The configuration file "${configFile}" is not a supported remote file reference.`;
+    error += " Expected format <owner>/<repository>/<file-path>@<ref>";
+    return error;
 }
-function initConfig() {
-    let configFile = core.getInput('config-file');
-    const config = new Config();
-    // If no config file was provided create an empty one
-    if (configFile === '') {
-        core.debug('No configuration file was provided');
-        return config;
+exports.getConfigFileRepoFormatInvalidMessage = getConfigFileRepoFormatInvalidMessage;
+function getConfigFileFormatInvalidMessage(configFile) {
+    return `The configuration file "${configFile}" could not be read`;
+}
+exports.getConfigFileFormatInvalidMessage = getConfigFileFormatInvalidMessage;
+function getConfigFileDirectoryGivenMessage(configFile) {
+    return `The configuration file "${configFile}" looks like a directory, not a file`;
+}
+exports.getConfigFileDirectoryGivenMessage = getConfigFileDirectoryGivenMessage;
+function getConfigFilePropertyError(configFile, property, error) {
+    if (configFile === undefined) {
+        return `The workflow property "${property}" is invalid: ${error}`;
     }
-    // Treat the config file as relative to the workspace
-    const workspacePath = util.getRequiredEnvParam('GITHUB_WORKSPACE');
-    configFile = path.resolve(workspacePath, configFile);
-    // Error if the config file is now outside of the workspace
-    if (!(configFile + path.sep).startsWith(workspacePath + path.sep)) {
-        throw new Error(getConfigFileOutsideWorkspaceErrorMessage(configFile));
+    else {
+        return `The configuration file "${configFile}" is invalid: property "${property}" ${error}`;
     }
-    // Error if the file does not exist
-    if (!fs.existsSync(configFile)) {
-        throw new Error(getConfigFileDoesNotExistErrorMessage(configFile));
+}
+function getNoLanguagesError() {
+    return ("Did not detect any languages to analyze. " +
+        "Please update input in workflow or check that GitHub detects the correct languages in your repository.");
+}
+exports.getNoLanguagesError = getNoLanguagesError;
+function getUnknownLanguagesError(languages) {
+    return `Did not recognise the following languages: ${languages.join(", ")}`;
+}
+exports.getUnknownLanguagesError = getUnknownLanguagesError;
+/**
+ * Gets the set of languages in the current repository
+ */
+async function getLanguagesInRepo(repository, githubAuth, githubUrl, logger) {
+    logger.debug(`GitHub repo ${repository.owner} ${repository.repo}`);
+    const response = await api
+        .getApiClient(githubAuth, githubUrl, true)
+        .repos.listLanguages({
+        owner: repository.owner,
+        repo: repository.repo,
+    });
+    logger.debug(`Languages API response: ${JSON.stringify(response)}`);
+    // The GitHub API is going to return languages in order of popularity,
+    // When we pick a language to autobuild we want to pick the most popular traced language
+    // Since sets in javascript maintain insertion order, using a set here and then splatting it
+    // into an array gives us an array of languages ordered by popularity
+    const languages = new Set();
+    for (const lang of Object.keys(response.data)) {
+        const parsedLang = languages_1.parseLanguage(lang);
+        if (parsedLang !== undefined) {
+            languages.add(parsedLang);
+        }
     }
-    const parsedYAML = yaml.safeLoad(fs.readFileSync(configFile, 'utf8'));
+    return [...languages];
+}
+/**
+ * Get the languages to analyse.
+ *
+ * The result is obtained from the action input parameter 'languages' if that
+ * has been set, otherwise it is deduced as all languages in the repo that
+ * can be analysed.
+ *
+ * If no languages could be detected from either the workflow or the repository
+ * then throw an error.
+ */
+async function getLanguages(languagesInput, repository, githubAuth, githubUrl, logger) {
+    // Obtain from action input 'languages' if set
+    let languages = (languagesInput || "")
+        .split(",")
+        .map((x) => x.trim())
+        .filter((x) => x.length > 0);
+    logger.info(`Languages from configuration: ${JSON.stringify(languages)}`);
+    if (languages.length === 0) {
+        // Obtain languages as all languages in the repo that can be analysed
+        languages = await getLanguagesInRepo(repository, githubAuth, githubUrl, logger);
+        logger.info(`Automatically detected languages: ${JSON.stringify(languages)}`);
+    }
+    // If the languages parameter was not given and no languages were
+    // detected then fail here as this is a workflow configuration error.
+    if (languages.length === 0) {
+        throw new Error(getNoLanguagesError());
+    }
+    // Make sure they are supported
+    const parsedLanguages = [];
+    const unknownLanguages = [];
+    for (const language of languages) {
+        const parsedLanguage = languages_1.parseLanguage(language);
+        if (parsedLanguage === undefined) {
+            unknownLanguages.push(language);
+        }
+        else if (parsedLanguages.indexOf(parsedLanguage) === -1) {
+            parsedLanguages.push(parsedLanguage);
+        }
+    }
+    if (unknownLanguages.length > 0) {
+        throw new Error(getUnknownLanguagesError(unknownLanguages));
+    }
+    return parsedLanguages;
+}
+async function addQueriesFromWorkflow(codeQL, queriesInput, languages, resultMap, tempDir, checkoutPath, githubUrl, logger) {
+    queriesInput = queriesInput.trim();
+    // "+" means "don't override config file" - see shouldAddConfigFileQueries
+    queriesInput = queriesInput.replace(/^\+/, "");
+    for (const query of queriesInput.split(",")) {
+        await parseQueryUses(languages, codeQL, resultMap, query, tempDir, checkoutPath, githubUrl, logger);
+    }
+}
+// Returns true if either no queries were provided in the workflow.
+// or if the queries in the workflow were provided in "additive" mode,
+// indicating that they shouldn't override the config queries but
+// should instead be added in addition
+function shouldAddConfigFileQueries(queriesInput) {
+    if (queriesInput) {
+        return queriesInput.trimStart().substr(0, 1) === "+";
+    }
+    return true;
+}
+/**
+ * Get the default config for when the user has not supplied one.
+ */
+async function getDefaultConfig(languagesInput, queriesInput, repository, tempDir, toolCacheDir, codeQL, checkoutPath, githubAuth, githubUrl, logger) {
+    const languages = await getLanguages(languagesInput, repository, githubAuth, githubUrl, logger);
+    const queries = {};
+    await addDefaultQueries(codeQL, languages, queries);
+    if (queriesInput) {
+        await addQueriesFromWorkflow(codeQL, queriesInput, languages, queries, tempDir, checkoutPath, githubUrl, logger);
+    }
+    return {
+        languages,
+        queries,
+        pathsIgnore: [],
+        paths: [],
+        originalUserInput: {},
+        tempDir,
+        toolCacheDir,
+        codeQLCmd: codeQL.getPath(),
+    };
+}
+exports.getDefaultConfig = getDefaultConfig;
+/**
+ * Load the config from the given file.
+ */
+async function loadConfig(languagesInput, queriesInput, configFile, repository, tempDir, toolCacheDir, codeQL, checkoutPath, githubAuth, githubUrl, logger) {
+    let parsedYAML;
+    if (isLocal(configFile)) {
+        // Treat the config file as relative to the workspace
+        configFile = path.resolve(checkoutPath, configFile);
+        parsedYAML = getLocalConfig(configFile, checkoutPath);
+    }
+    else {
+        parsedYAML = await getRemoteConfig(configFile, githubAuth, githubUrl);
+    }
+    // Validate that the 'name' property is syntactically correct,
+    // even though we don't use the value yet.
     if (NAME_PROPERTY in parsedYAML) {
         if (typeof parsedYAML[NAME_PROPERTY] !== "string") {
             throw new Error(getNameInvalid(configFile));
@@ -176,78 +415,180 @@ function initConfig() {
         if (parsedYAML[NAME_PROPERTY].length === 0) {
             throw new Error(getNameInvalid(configFile));
         }
-        config.name = parsedYAML[NAME_PROPERTY];
     }
-    if (DISPLAY_DEFAULT_QUERIES_PROPERTY in parsedYAML) {
-        if (typeof parsedYAML[DISPLAY_DEFAULT_QUERIES_PROPERTY] !== "boolean") {
+    const languages = await getLanguages(languagesInput, repository, githubAuth, githubUrl, logger);
+    const queries = {};
+    const pathsIgnore = [];
+    const paths = [];
+    let disableDefaultQueries = false;
+    if (DISABLE_DEFAULT_QUERIES_PROPERTY in parsedYAML) {
+        if (typeof parsedYAML[DISABLE_DEFAULT_QUERIES_PROPERTY] !== "boolean") {
             throw new Error(getDisableDefaultQueriesInvalid(configFile));
         }
-        config.disableDefaultQueries = parsedYAML[DISPLAY_DEFAULT_QUERIES_PROPERTY];
+        disableDefaultQueries = parsedYAML[DISABLE_DEFAULT_QUERIES_PROPERTY];
     }
-    if (QUERIES_PROPERTY in parsedYAML) {
+    if (!disableDefaultQueries) {
+        await addDefaultQueries(codeQL, languages, queries);
+    }
+    // If queries were provided using `with` in the action configuration,
+    // they should take precedence over the queries in the config file
+    // unless they're prefixed with "+", in which case they supplement those
+    // in the config file.
+    if (queriesInput) {
+        await addQueriesFromWorkflow(codeQL, queriesInput, languages, queries, tempDir, checkoutPath, githubUrl, logger);
+    }
+    if (shouldAddConfigFileQueries(queriesInput) &&
+        QUERIES_PROPERTY in parsedYAML) {
         if (!(parsedYAML[QUERIES_PROPERTY] instanceof Array)) {
             throw new Error(getQueriesInvalid(configFile));
         }
-        parsedYAML[QUERIES_PROPERTY].forEach(query => {
-            if (!(QUERIES_USES_PROPERTY in query) || typeof query[QUERIES_USES_PROPERTY] !== "string") {
+        for (const query of parsedYAML[QUERIES_PROPERTY]) {
+            if (!(QUERIES_USES_PROPERTY in query) ||
+                typeof query[QUERIES_USES_PROPERTY] !== "string") {
                 throw new Error(getQueryUsesInvalid(configFile));
             }
-            config.addQuery(configFile, query[QUERIES_USES_PROPERTY]);
-        });
+            await parseQueryUses(languages, codeQL, queries, query[QUERIES_USES_PROPERTY], tempDir, checkoutPath, githubUrl, logger, configFile);
+        }
     }
     if (PATHS_IGNORE_PROPERTY in parsedYAML) {
         if (!(parsedYAML[PATHS_IGNORE_PROPERTY] instanceof Array)) {
             throw new Error(getPathsIgnoreInvalid(configFile));
         }
-        parsedYAML[PATHS_IGNORE_PROPERTY].forEach(path => {
-            if (typeof path !== "string" || path === '') {
+        parsedYAML[PATHS_IGNORE_PROPERTY].forEach((path) => {
+            if (typeof path !== "string" || path === "") {
                 throw new Error(getPathsIgnoreInvalid(configFile));
             }
-            config.pathsIgnore.push(path);
+            pathsIgnore.push(validateAndSanitisePath(path, PATHS_IGNORE_PROPERTY, configFile, logger));
         });
     }
     if (PATHS_PROPERTY in parsedYAML) {
         if (!(parsedYAML[PATHS_PROPERTY] instanceof Array)) {
             throw new Error(getPathsInvalid(configFile));
         }
-        parsedYAML[PATHS_PROPERTY].forEach(path => {
-            if (typeof path !== "string" || path === '') {
+        parsedYAML[PATHS_PROPERTY].forEach((path) => {
+            if (typeof path !== "string" || path === "") {
                 throw new Error(getPathsInvalid(configFile));
             }
-            config.paths.push(path);
+            paths.push(validateAndSanitisePath(path, PATHS_PROPERTY, configFile, logger));
         });
     }
-    return config;
+    // The list of queries should not be empty for any language. If it is then
+    // it is a user configuration error.
+    for (const language of languages) {
+        if (queries[language] === undefined || queries[language].length === 0) {
+            throw new Error(`Did not detect any queries to run for ${language}. ` +
+                "Please make sure that the default queries are enabled, or you are specifying queries to run.");
+        }
+    }
+    return {
+        languages,
+        queries,
+        pathsIgnore,
+        paths,
+        originalUserInput: parsedYAML,
+        tempDir,
+        toolCacheDir,
+        codeQLCmd: codeQL.getPath(),
+    };
 }
-function getConfigFolder() {
-    return util.getRequiredEnvParam('RUNNER_TEMP');
-}
-function getConfigFile() {
-    return path.join(getConfigFolder(), 'config');
-}
-exports.getConfigFile = getConfigFile;
-async function saveConfig(config) {
-    const configString = JSON.stringify(config);
-    await io.mkdirP(getConfigFolder());
-    fs.writeFileSync(getConfigFile(), configString, 'utf8');
-    core.debug('Saved config:');
-    core.debug(configString);
-}
-async function loadConfig() {
-    const configFile = getConfigFile();
-    if (fs.existsSync(configFile)) {
-        const configString = fs.readFileSync(configFile, 'utf8');
-        core.debug('Loaded config:');
-        core.debug(configString);
-        return JSON.parse(configString);
+/**
+ * Load and return the config.
+ *
+ * This will parse the config from the user input if present, or generate
+ * a default config. The parsed config is then stored to a known location.
+ */
+async function initConfig(languagesInput, queriesInput, configFile, repository, tempDir, toolCacheDir, codeQL, checkoutPath, githubAuth, githubUrl, logger) {
+    let config;
+    // If no config file was provided create an empty one
+    if (!configFile) {
+        logger.debug("No configuration file was provided");
+        config = await getDefaultConfig(languagesInput, queriesInput, repository, tempDir, toolCacheDir, codeQL, checkoutPath, githubAuth, githubUrl, logger);
     }
     else {
-        const config = initConfig();
-        core.debug('Initialized config:');
-        core.debug(JSON.stringify(config));
-        await saveConfig(config);
-        return config;
+        config = await loadConfig(languagesInput, queriesInput, configFile, repository, tempDir, toolCacheDir, codeQL, checkoutPath, githubAuth, githubUrl, logger);
     }
+    // Save the config so we can easily access it again in the future
+    await saveConfig(config, logger);
+    return config;
 }
-exports.loadConfig = loadConfig;
+exports.initConfig = initConfig;
+function isLocal(configPath) {
+    // If the path starts with ./, look locally
+    if (configPath.indexOf("./") === 0) {
+        return true;
+    }
+    return configPath.indexOf("@") === -1;
+}
+function getLocalConfig(configFile, checkoutPath) {
+    // Error if the config file is now outside of the workspace
+    if (!(configFile + path.sep).startsWith(checkoutPath + path.sep)) {
+        throw new Error(getConfigFileOutsideWorkspaceErrorMessage(configFile));
+    }
+    // Error if the file does not exist
+    if (!fs.existsSync(configFile)) {
+        throw new Error(getConfigFileDoesNotExistErrorMessage(configFile));
+    }
+    return yaml.safeLoad(fs.readFileSync(configFile, "utf8"));
+}
+async function getRemoteConfig(configFile, githubAuth, githubUrl) {
+    // retrieve the various parts of the config location, and ensure they're present
+    const format = new RegExp("(?<owner>[^/]+)/(?<repo>[^/]+)/(?<path>[^@]+)@(?<ref>.*)");
+    const pieces = format.exec(configFile);
+    // 5 = 4 groups + the whole expression
+    if (pieces === null || pieces.groups === undefined || pieces.length < 5) {
+        throw new Error(getConfigFileRepoFormatInvalidMessage(configFile));
+    }
+    const response = await api
+        .getApiClient(githubAuth, githubUrl, true)
+        .repos.getContents({
+        owner: pieces.groups.owner,
+        repo: pieces.groups.repo,
+        path: pieces.groups.path,
+        ref: pieces.groups.ref,
+    });
+    let fileContents;
+    if ("content" in response.data && response.data.content !== undefined) {
+        fileContents = response.data.content;
+    }
+    else if (Array.isArray(response.data)) {
+        throw new Error(getConfigFileDirectoryGivenMessage(configFile));
+    }
+    else {
+        throw new Error(getConfigFileFormatInvalidMessage(configFile));
+    }
+    return yaml.safeLoad(Buffer.from(fileContents, "base64").toString("binary"));
+}
+/**
+ * Get the file path where the parsed config will be stored.
+ */
+function getPathToParsedConfigFile(tempDir) {
+    return path.join(tempDir, "config");
+}
+exports.getPathToParsedConfigFile = getPathToParsedConfigFile;
+/**
+ * Store the given config to the path returned from getPathToParsedConfigFile.
+ */
+async function saveConfig(config, logger) {
+    const configString = JSON.stringify(config);
+    const configFile = getPathToParsedConfigFile(config.tempDir);
+    fs.mkdirSync(path.dirname(configFile), { recursive: true });
+    fs.writeFileSync(configFile, configString, "utf8");
+    logger.debug("Saved config:");
+    logger.debug(configString);
+}
+/**
+ * Get the config that has been saved to the given temp dir.
+ * If the config could not be found then returns undefined.
+ */
+async function getConfig(tempDir, logger) {
+    const configFile = getPathToParsedConfigFile(tempDir);
+    if (!fs.existsSync(configFile)) {
+        return undefined;
+    }
+    const configString = fs.readFileSync(configFile, "utf8");
+    logger.debug("Loaded config:");
+    logger.debug(configString);
+    return JSON.parse(configString);
+}
+exports.getConfig = getConfig;
 //# sourceMappingURL=config-utils.js.map

lib/config-utils.test.js

@@ -1,7 +1,4 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 var __importStar = (this && this.__importStar) || function (mod) {
     if (mod && mod.__esModule) return mod;
     var result = {};
@@ -9,85 +6,448 @@ var __importStar = (this && this.__importStar) || function (mod) {
     result["default"] = mod;
     return result;
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
+const github = __importStar(require("@actions/github"));
 const ava_1 = __importDefault(require("ava"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
+const sinon_1 = __importDefault(require("sinon"));
+const api = __importStar(require("./api-client"));
+const codeql_1 = require("./codeql");
 const configUtils = __importStar(require("./config-utils"));
+const languages_1 = require("./languages");
+const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
-testing_utils_1.silenceDebugOutput(ava_1.default);
-function setInput(name, value) {
-    // Transformation copied from
-    // https://github.com/actions/toolkit/blob/05e39f551d33e1688f61b209ab5cdd335198f1b8/packages/core/src/core.ts#L69
-    const envVar = `INPUT_${name.replace(/ /g, '_').toUpperCase()}`;
-    if (value !== undefined) {
-        process.env[envVar] = value;
-    }
-    else {
-        delete process.env[envVar];
+testing_utils_1.setupTests(ava_1.default);
+// Returns the filepath of the newly-created file
+function createConfigFile(inputFileContents, tmpDir) {
+    const configFilePath = path.join(tmpDir, "input");
+    fs.writeFileSync(configFilePath, inputFileContents, "utf8");
+    return configFilePath;
+}
+function mockGetContents(content) {
+    // Passing an auth token is required, so we just use a dummy value
+    const client = new github.GitHub("123");
+    const response = {
+        data: content,
+    };
+    const spyGetContents = sinon_1.default
+        .stub(client.repos, "getContents")
+        .resolves(response);
+    sinon_1.default.stub(api, "getApiClient").value(() => client);
+    return spyGetContents;
+}
+function mockListLanguages(languages) {
+    // Passing an auth token is required, so we just use a dummy value
+    const client = new github.GitHub("123");
+    const response = {
+        data: {},
+    };
+    for (const language of languages) {
+        response.data[language] = 123;
     }
+    sinon_1.default.stub(client.repos, "listLanguages").resolves(response);
+    sinon_1.default.stub(api, "getApiClient").value(() => client);
 }
 ava_1.default("load empty config", async (t) => {
     return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        setInput('config-file', undefined);
-        const config = await configUtils.loadConfig();
-        t.deepEqual(config, new configUtils.Config());
+        const logger = logging_1.getRunnerLogger(true);
+        const languages = "javascript,python";
+        const codeQL = codeql_1.setCodeQL({
+            async resolveQueries() {
+                return {
+                    byLanguage: {},
+                    noDeclaredLanguage: {},
+                    multipleDeclaredLanguages: {},
+                };
+            },
+        });
+        const config = await configUtils.initConfig(languages, undefined, undefined, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, "token", "https://github.example.com", logger);
+        t.deepEqual(config, await configUtils.getDefaultConfig(languages, undefined, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, "token", "https://github.example.com", logger));
     });
 });
 ava_1.default("loading config saves config", async (t) => {
     return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        const configFile = configUtils.getConfigFile();
+        const logger = logging_1.getRunnerLogger(true);
+        const codeQL = codeql_1.setCodeQL({
+            async resolveQueries() {
+                return {
+                    byLanguage: {},
+                    noDeclaredLanguage: {},
+                    multipleDeclaredLanguages: {},
+                };
+            },
+        });
         // Sanity check the saved config file does not already exist
-        t.false(fs.existsSync(configFile));
-        const config = await configUtils.loadConfig();
+        t.false(fs.existsSync(configUtils.getPathToParsedConfigFile(tmpDir)));
+        // Sanity check that getConfig returns undefined before we have called initConfig
+        t.deepEqual(await configUtils.getConfig(tmpDir, logger), undefined);
+        const config1 = await configUtils.initConfig("javascript,python", undefined, undefined, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, "token", "https://github.example.com", logger);
         // The saved config file should now exist
-        t.true(fs.existsSync(configFile));
-        // And the contents should parse correctly to the config that was returned
-        t.deepEqual(fs.readFileSync(configFile, 'utf8'), JSON.stringify(config));
+        t.true(fs.existsSync(configUtils.getPathToParsedConfigFile(tmpDir)));
+        // And that same newly-initialised config should now be returned by getConfig
+        const config2 = await configUtils.getConfig(tmpDir, logger);
+        t.deepEqual(config1, config2);
     });
 });
 ava_1.default("load input outside of workspace", async (t) => {
     return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        setInput('config-file', '../input');
         try {
-            await configUtils.loadConfig();
-            throw new Error('loadConfig did not throw error');
+            await configUtils.initConfig(undefined, undefined, "../input", { owner: "github", repo: "example " }, tmpDir, tmpDir, codeql_1.getCachedCodeQL(), tmpDir, "token", "https://github.example.com", logging_1.getRunnerLogger(true));
+            throw new Error("initConfig did not throw error");
         }
         catch (err) {
-            t.deepEqual(err, new Error(configUtils.getConfigFileOutsideWorkspaceErrorMessage(path.join(tmpDir, '../input'))));
+            t.deepEqual(err, new Error(configUtils.getConfigFileOutsideWorkspaceErrorMessage(path.join(tmpDir, "../input"))));
+        }
+    });
+});
+ava_1.default("load non-local input with invalid repo syntax", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        // no filename given, just a repo
+        const configFile = "octo-org/codeql-config@main";
+        try {
+            await configUtils.initConfig(undefined, undefined, configFile, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeql_1.getCachedCodeQL(), tmpDir, "token", "https://github.example.com", logging_1.getRunnerLogger(true));
+            throw new Error("initConfig did not throw error");
+        }
+        catch (err) {
+            t.deepEqual(err, new Error(configUtils.getConfigFileRepoFormatInvalidMessage("octo-org/codeql-config@main")));
         }
     });
 });
 ava_1.default("load non-existent input", async (t) => {
     return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        t.false(fs.existsSync(path.join(tmpDir, 'input')));
-        setInput('config-file', 'input');
+        const languages = "javascript";
+        const configFile = "input";
+        t.false(fs.existsSync(path.join(tmpDir, configFile)));
         try {
-            await configUtils.loadConfig();
-            throw new Error('loadConfig did not throw error');
+            await configUtils.initConfig(languages, undefined, configFile, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeql_1.getCachedCodeQL(), tmpDir, "token", "https://github.example.com", logging_1.getRunnerLogger(true));
+            throw new Error("initConfig did not throw error");
         }
         catch (err) {
-            t.deepEqual(err, new Error(configUtils.getConfigFileDoesNotExistErrorMessage(path.join(tmpDir, 'input'))));
+            t.deepEqual(err, new Error(configUtils.getConfigFileDoesNotExistErrorMessage(path.join(tmpDir, "input"))));
         }
     });
 });
 ava_1.default("load non-empty input", async (t) => {
     return await util.withTmpDir(async (tmpDir) => {
-        process.env['RUNNER_TEMP'] = tmpDir;
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
+        const codeQL = codeql_1.setCodeQL({
+            async resolveQueries() {
+                return {
+                    byLanguage: {
+                        javascript: {
+                            "/foo/a.ql": {},
+                            "/bar/b.ql": {},
+                        },
+                    },
+                    noDeclaredLanguage: {},
+                    multipleDeclaredLanguages: {},
+                };
+            },
+        });
         // Just create a generic config object with non-default values for all fields
         const inputFileContents = `
       name: my config
       disable-default-queries: true
+      queries:
+        - uses: ./foo
+      paths-ignore:
+        - a
+        - b
+      paths:
+        - c/d`;
+        fs.mkdirSync(path.join(tmpDir, "foo"));
+        // And the config we expect it to parse to
+        const expectedConfig = {
+            languages: [languages_1.Language.javascript],
+            queries: { javascript: ["/foo/a.ql", "/bar/b.ql"] },
+            pathsIgnore: ["a", "b"],
+            paths: ["c/d"],
+            originalUserInput: {
+                name: "my config",
+                "disable-default-queries": true,
+                queries: [{ uses: "./foo" }],
+                "paths-ignore": ["a", "b"],
+                paths: ["c/d"],
+            },
+            tempDir: tmpDir,
+            toolCacheDir: tmpDir,
+            codeQLCmd: codeQL.getPath(),
+        };
+        const languages = "javascript";
+        const configFilePath = createConfigFile(inputFileContents, tmpDir);
+        const actualConfig = await configUtils.initConfig(languages, undefined, configFilePath, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, "token", "https://github.example.com", logging_1.getRunnerLogger(true));
+        // Should exactly equal the object we constructed earlier
+        t.deepEqual(actualConfig, expectedConfig);
+    });
+});
+ava_1.default("Default queries are used", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        // Check that the default behaviour is to add the default queries.
+        // In this case if a config file is specified but does not include
+        // the disable-default-queries field.
+        // We determine this by whether CodeQL.resolveQueries is called
+        // with the correct arguments.
+        const resolveQueriesArgs = [];
+        const codeQL = codeql_1.setCodeQL({
+            async resolveQueries(queries, extraSearchPath) {
+                resolveQueriesArgs.push({ queries, extraSearchPath });
+                return {
+                    byLanguage: {
+                        javascript: {
+                            "foo.ql": {},
+                        },
+                    },
+                    noDeclaredLanguage: {},
+                    multipleDeclaredLanguages: {},
+                };
+            },
+        });
+        // The important point of this config is that it doesn't specify
+        // the disable-default-queries field.
+        // Any other details are hopefully irrelevant for this tetst.
+        const inputFileContents = `
+      paths:
+        - foo`;
+        fs.mkdirSync(path.join(tmpDir, "foo"));
+        const languages = "javascript";
+        const configFilePath = createConfigFile(inputFileContents, tmpDir);
+        await configUtils.initConfig(languages, undefined, configFilePath, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, "token", "https://github.example.com", logging_1.getRunnerLogger(true));
+        // Check resolve queries was called correctly
+        t.deepEqual(resolveQueriesArgs.length, 1);
+        t.deepEqual(resolveQueriesArgs[0].queries, [
+            "javascript-code-scanning.qls",
+        ]);
+        t.deepEqual(resolveQueriesArgs[0].extraSearchPath, undefined);
+    });
+});
+/**
+ * Returns the provided queries, just in the right format for a resolved query
+ * This way we can test by seeing which returned items are in the final
+ * configuration.
+ */
+function queriesToResolvedQueryForm(queries) {
+    const dummyResolvedQueries = {};
+    queries.forEach((q) => {
+        dummyResolvedQueries[q] = {};
+    });
+    return {
+        byLanguage: {
+            javascript: dummyResolvedQueries,
+        },
+        noDeclaredLanguage: {},
+        multipleDeclaredLanguages: {},
+    };
+}
+ava_1.default("Queries can be specified in config file", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const inputFileContents = `
+      name: my config
+      queries:
+        - uses: ./foo`;
+        const configFilePath = createConfigFile(inputFileContents, tmpDir);
+        fs.mkdirSync(path.join(tmpDir, "foo"));
+        const resolveQueriesArgs = [];
+        const codeQL = codeql_1.setCodeQL({
+            async resolveQueries(queries, extraSearchPath) {
+                resolveQueriesArgs.push({ queries, extraSearchPath });
+                return queriesToResolvedQueryForm(queries);
+            },
+        });
+        const languages = "javascript";
+        const config = await configUtils.initConfig(languages, undefined, configFilePath, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, "token", "https://github.example.com", logging_1.getRunnerLogger(true));
+        // Check resolveQueries was called correctly
+        // It'll be called once for the default queries
+        // and once for `./foo` from the config file.
+        t.deepEqual(resolveQueriesArgs.length, 2);
+        t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
+        t.regex(resolveQueriesArgs[1].queries[0], /.*\/foo$/);
+        // Now check that the end result contains the default queries and the query from config
+        t.deepEqual(config.queries["javascript"].length, 2);
+        t.regex(config.queries["javascript"][0], /javascript-code-scanning.qls$/);
+        t.regex(config.queries["javascript"][1], /.*\/foo$/);
+    });
+});
+ava_1.default("Queries from config file can be overridden in workflow file", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const inputFileContents = `
+      name: my config
+      queries:
+        - uses: ./foo`;
+        const configFilePath = createConfigFile(inputFileContents, tmpDir);
+        // This config item should take precedence over the config file but shouldn't affect the default queries.
+        const queries = "./override";
+        fs.mkdirSync(path.join(tmpDir, "foo"));
+        fs.mkdirSync(path.join(tmpDir, "override"));
+        const resolveQueriesArgs = [];
+        const codeQL = codeql_1.setCodeQL({
+            async resolveQueries(queries, extraSearchPath) {
+                resolveQueriesArgs.push({ queries, extraSearchPath });
+                return queriesToResolvedQueryForm(queries);
+            },
+        });
+        const languages = "javascript";
+        const config = await configUtils.initConfig(languages, queries, configFilePath, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, "token", "https://github.example.com", logging_1.getRunnerLogger(true));
+        // Check resolveQueries was called correctly
+        // It'll be called once for the default queries and once for `./override`,
+        // but won't be called for './foo' from the config file.
+        t.deepEqual(resolveQueriesArgs.length, 2);
+        t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
+        t.regex(resolveQueriesArgs[1].queries[0], /.*\/override$/);
+        // Now check that the end result contains only the default queries and the override query
+        t.deepEqual(config.queries["javascript"].length, 2);
+        t.regex(config.queries["javascript"][0], /javascript-code-scanning.qls$/);
+        t.regex(config.queries["javascript"][1], /.*\/override$/);
+    });
+});
+ava_1.default("Queries in workflow file can be used in tandem with the 'disable default queries' option", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env["RUNNER_TEMP"] = tmpDir;
+        process.env["GITHUB_WORKSPACE"] = tmpDir;
+        const inputFileContents = `
+      name: my config
+      disable-default-queries: true`;
+        const configFilePath = createConfigFile(inputFileContents, tmpDir);
+        const queries = "./workflow-query";
+        fs.mkdirSync(path.join(tmpDir, "workflow-query"));
+        const resolveQueriesArgs = [];
+        const codeQL = codeql_1.setCodeQL({
+            async resolveQueries(queries, extraSearchPath) {
+                resolveQueriesArgs.push({ queries, extraSearchPath });
+                return queriesToResolvedQueryForm(queries);
+            },
+        });
+        const languages = "javascript";
+        const config = await configUtils.initConfig(languages, queries, configFilePath, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, "token", "https://github.example.com", logging_1.getRunnerLogger(true));
+        // Check resolveQueries was called correctly
+        // It'll be called once for `./workflow-query`,
+        // but won't be called for the default one since that was disabled
+        t.deepEqual(resolveQueriesArgs.length, 1);
+        t.deepEqual(resolveQueriesArgs[0].queries.length, 1);
+        t.regex(resolveQueriesArgs[0].queries[0], /.*\/workflow-query$/);
+        // Now check that the end result contains only the workflow query, and not the default one
+        t.deepEqual(config.queries["javascript"].length, 1);
+        t.regex(config.queries["javascript"][0], /.*\/workflow-query$/);
+    });
+});
+ava_1.default("Multiple queries can be specified in workflow file, no config file required", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        fs.mkdirSync(path.join(tmpDir, "override1"));
+        fs.mkdirSync(path.join(tmpDir, "override2"));
+        const queries = "./override1,./override2";
+        const resolveQueriesArgs = [];
+        const codeQL = codeql_1.setCodeQL({
+            async resolveQueries(queries, extraSearchPath) {
+                resolveQueriesArgs.push({ queries, extraSearchPath });
+                return queriesToResolvedQueryForm(queries);
+            },
+        });
+        const languages = "javascript";
+        const config = await configUtils.initConfig(languages, queries, undefined, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, "token", "https://github.example.com", logging_1.getRunnerLogger(true));
+        // Check resolveQueries was called correctly:
+        // It'll be called once for the default queries,
+        // and then once for each of the two queries from the workflow
+        t.deepEqual(resolveQueriesArgs.length, 3);
+        t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
+        t.deepEqual(resolveQueriesArgs[2].queries.length, 1);
+        t.regex(resolveQueriesArgs[1].queries[0], /.*\/override1$/);
+        t.regex(resolveQueriesArgs[2].queries[0], /.*\/override2$/);
+        // Now check that the end result contains both the queries from the workflow, as well as the defaults
+        t.deepEqual(config.queries["javascript"].length, 3);
+        t.regex(config.queries["javascript"][0], /javascript-code-scanning.qls$/);
+        t.regex(config.queries["javascript"][1], /.*\/override1$/);
+        t.regex(config.queries["javascript"][2], /.*\/override2$/);
+    });
+});
+ava_1.default("Queries in workflow file can be added to the set of queries without overriding config file", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        process.env["RUNNER_TEMP"] = tmpDir;
+        process.env["GITHUB_WORKSPACE"] = tmpDir;
+        const inputFileContents = `
+      name: my config
+      queries:
+        - uses: ./foo`;
+        const configFilePath = createConfigFile(inputFileContents, tmpDir);
+        // These queries shouldn't override anything, because the value is prefixed with "+"
+        const queries = "+./additional1,./additional2";
+        fs.mkdirSync(path.join(tmpDir, "foo"));
+        fs.mkdirSync(path.join(tmpDir, "additional1"));
+        fs.mkdirSync(path.join(tmpDir, "additional2"));
+        const resolveQueriesArgs = [];
+        const codeQL = codeql_1.setCodeQL({
+            async resolveQueries(queries, extraSearchPath) {
+                resolveQueriesArgs.push({ queries, extraSearchPath });
+                return queriesToResolvedQueryForm(queries);
+            },
+        });
+        const languages = "javascript";
+        const config = await configUtils.initConfig(languages, queries, configFilePath, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, "token", "https://github.example.com", logging_1.getRunnerLogger(true));
+        // Check resolveQueries was called correctly
+        // It'll be called once for the default queries,
+        // once for each of additional1 and additional2,
+        // and once for './foo' from the config file
+        t.deepEqual(resolveQueriesArgs.length, 4);
+        t.deepEqual(resolveQueriesArgs[1].queries.length, 1);
+        t.regex(resolveQueriesArgs[1].queries[0], /.*\/additional1$/);
+        t.deepEqual(resolveQueriesArgs[2].queries.length, 1);
+        t.regex(resolveQueriesArgs[2].queries[0], /.*\/additional2$/);
+        t.deepEqual(resolveQueriesArgs[3].queries.length, 1);
+        t.regex(resolveQueriesArgs[3].queries[0], /.*\/foo$/);
+        // Now check that the end result contains all the queries
+        t.deepEqual(config.queries["javascript"].length, 4);
+        t.regex(config.queries["javascript"][0], /javascript-code-scanning.qls$/);
+        t.regex(config.queries["javascript"][1], /.*\/additional1$/);
+        t.regex(config.queries["javascript"][2], /.*\/additional2$/);
+        t.regex(config.queries["javascript"][3], /.*\/foo$/);
+    });
+});
+ava_1.default("Invalid queries in workflow file handled correctly", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const queries = "foo/bar@v1@v3";
+        const languages = "javascript";
+        // This function just needs to be type-correct; it doesn't need to do anything,
+        // since we're deliberately passing in invalid data
+        const codeQL = codeql_1.setCodeQL({
+            async resolveQueries(_queries, _extraSearchPath) {
+                return {
+                    byLanguage: {
+                        javascript: {},
+                    },
+                    noDeclaredLanguage: {},
+                    multipleDeclaredLanguages: {},
+                };
+            },
+        });
+        try {
+            await configUtils.initConfig(languages, queries, undefined, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, "token", "https://github.example.com", logging_1.getRunnerLogger(true));
+            t.fail("initConfig did not throw error");
+        }
+        catch (err) {
+            t.deepEqual(err, new Error(configUtils.getQueryUsesInvalid(undefined, "foo/bar@v1@v3")));
+        }
+    });
+});
+ava_1.default("API client used when reading remote config", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const codeQL = codeql_1.setCodeQL({
+            async resolveQueries() {
+                return {
+                    byLanguage: {
+                        javascript: {
+                            "foo.ql": {},
+                        },
+                    },
+                    noDeclaredLanguage: {},
+                    multipleDeclaredLanguages: {},
+                };
+            },
+        });
+        const inputFileContents = `
+      name: my config
+      disable-default-queries: true
       queries:
         - uses: ./
         - uses: ./foo
@@ -97,34 +457,91 @@ ava_1.default("load non-empty input", async (t) => {
         - b
       paths:
         - c/d`;
-        fs.mkdirSync(path.join(tmpDir, 'foo'));
-        // And the config we expect it to parse to
-        const expectedConfig = new configUtils.Config();
-        expectedConfig.name = 'my config';
-        expectedConfig.disableDefaultQueries = true;
-        expectedConfig.additionalQueries.push(fs.realpathSync(tmpDir));
-        expectedConfig.additionalQueries.push(fs.realpathSync(path.join(tmpDir, 'foo')));
-        expectedConfig.externalQueries = [new configUtils.ExternalQuery('foo/bar', 'dev')];
-        expectedConfig.pathsIgnore = ['a', 'b'];
-        expectedConfig.paths = ['c/d'];
-        fs.writeFileSync(path.join(tmpDir, 'input'), inputFileContents, 'utf8');
-        setInput('config-file', 'input');
-        const actualConfig = await configUtils.loadConfig();
-        // Should exactly equal the object we constructed earlier
-        t.deepEqual(actualConfig, expectedConfig);
+        const dummyResponse = {
+            content: Buffer.from(inputFileContents).toString("base64"),
+        };
+        const spyGetContents = mockGetContents(dummyResponse);
+        // Create checkout directory for remote queries repository
+        fs.mkdirSync(path.join(tmpDir, "foo/bar/dev"), { recursive: true });
+        const configFile = "octo-org/codeql-config/config.yaml@main";
+        const languages = "javascript";
+        await configUtils.initConfig(languages, undefined, configFile, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, "token", "https://github.example.com", logging_1.getRunnerLogger(true));
+        t.assert(spyGetContents.called);
+    });
+});
+ava_1.default("Remote config handles the case where a directory is provided", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const dummyResponse = []; // directories are returned as arrays
+        mockGetContents(dummyResponse);
+        const repoReference = "octo-org/codeql-config/config.yaml@main";
+        try {
+            await configUtils.initConfig(undefined, undefined, repoReference, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeql_1.getCachedCodeQL(), tmpDir, "token", "https://github.example.com", logging_1.getRunnerLogger(true));
+            throw new Error("initConfig did not throw error");
+        }
+        catch (err) {
+            t.deepEqual(err, new Error(configUtils.getConfigFileDirectoryGivenMessage(repoReference)));
+        }
+    });
+});
+ava_1.default("Invalid format of remote config handled correctly", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const dummyResponse = {
+        // note no "content" property here
+        };
+        mockGetContents(dummyResponse);
+        const repoReference = "octo-org/codeql-config/config.yaml@main";
+        try {
+            await configUtils.initConfig(undefined, undefined, repoReference, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeql_1.getCachedCodeQL(), tmpDir, "token", "https://github.example.com", logging_1.getRunnerLogger(true));
+            throw new Error("initConfig did not throw error");
+        }
+        catch (err) {
+            t.deepEqual(err, new Error(configUtils.getConfigFileFormatInvalidMessage(repoReference)));
+        }
+    });
+});
+ava_1.default("No detected languages", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        mockListLanguages([]);
+        try {
+            await configUtils.initConfig(undefined, undefined, undefined, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeql_1.getCachedCodeQL(), tmpDir, "token", "https://github.example.com", logging_1.getRunnerLogger(true));
+            throw new Error("initConfig did not throw error");
+        }
+        catch (err) {
+            t.deepEqual(err, new Error(configUtils.getNoLanguagesError()));
+        }
+    });
+});
+ava_1.default("Unknown languages", async (t) => {
+    return await util.withTmpDir(async (tmpDir) => {
+        const languages = "ruby,english";
+        try {
+            await configUtils.initConfig(languages, undefined, undefined, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeql_1.getCachedCodeQL(), tmpDir, "token", "https://github.example.com", logging_1.getRunnerLogger(true));
+            throw new Error("initConfig did not throw error");
+        }
+        catch (err) {
+            t.deepEqual(err, new Error(configUtils.getUnknownLanguagesError(["ruby", "english"])));
+        }
     });
 });
 function doInvalidInputTest(testName, inputFileContents, expectedErrorMessageGenerator) {
-    ava_1.default("load invalid input - " + testName, async (t) => {
+    ava_1.default(`load invalid input - ${testName}`, async (t) => {
         return await util.withTmpDir(async (tmpDir) => {
-            process.env['RUNNER_TEMP'] = tmpDir;
-            process.env['GITHUB_WORKSPACE'] = tmpDir;
-            const inputFile = path.join(tmpDir, 'input');
-            fs.writeFileSync(inputFile, inputFileContents, 'utf8');
-            setInput('config-file', 'input');
+            const codeQL = codeql_1.setCodeQL({
+                async resolveQueries() {
+                    return {
+                        byLanguage: {},
+                        noDeclaredLanguage: {},
+                        multipleDeclaredLanguages: {},
+                    };
+                },
+            });
+            const languages = "javascript";
+            const configFile = "input";
+            const inputFile = path.join(tmpDir, configFile);
+            fs.writeFileSync(inputFile, inputFileContents, "utf8");
             try {
-                await configUtils.loadConfig();
-                throw new Error('loadConfig did not throw error');
+                await configUtils.initConfig(languages, undefined, configFile, { owner: "github", repo: "example " }, tmpDir, tmpDir, codeQL, tmpDir, "token", "https://github.example.com", logging_1.getRunnerLogger(true));
+                throw new Error("initConfig did not throw error");
             }
             catch (err) {
                 t.deepEqual(err, new Error(expectedErrorMessageGenerator(inputFile)));
@@ -132,14 +549,14 @@ function doInvalidInputTest(testName, inputFileContents, expectedErrorMessageGen
         });
     });
 }
-doInvalidInputTest('name invalid type', `
+doInvalidInputTest("name invalid type", `
   name:
     - foo: bar`, configUtils.getNameInvalid);
-doInvalidInputTest('disable-default-queries invalid type', `disable-default-queries: 42`, configUtils.getDisableDefaultQueriesInvalid);
-doInvalidInputTest('queries invalid type', `queries: foo`, configUtils.getQueriesInvalid);
-doInvalidInputTest('paths-ignore invalid type', `paths-ignore: bar`, configUtils.getPathsIgnoreInvalid);
-doInvalidInputTest('paths invalid type', `paths: 17`, configUtils.getPathsInvalid);
-doInvalidInputTest('queries uses invalid type', `
+doInvalidInputTest("disable-default-queries invalid type", `disable-default-queries: 42`, configUtils.getDisableDefaultQueriesInvalid);
+doInvalidInputTest("queries invalid type", `queries: foo`, configUtils.getQueriesInvalid);
+doInvalidInputTest("paths-ignore invalid type", `paths-ignore: bar`, configUtils.getPathsIgnoreInvalid);
+doInvalidInputTest("paths invalid type", `paths: 17`, configUtils.getPathsInvalid);
+doInvalidInputTest("queries uses invalid type", `
   queries:
   - uses:
       - hello: world`, configUtils.getQueryUsesInvalid);
@@ -150,15 +567,47 @@ function doInvalidQueryUsesTest(input, expectedErrorMessageGenerator) {
     name: my config
     queries:
       - name: foo
-        uses: ` + input;
-    doInvalidInputTest("queries uses \"" + input + "\"", inputFileContents, expectedErrorMessageGenerator);
+        uses: ${input}`;
+    doInvalidInputTest(`queries uses "${input}"`, inputFileContents, expectedErrorMessageGenerator);
 }
 // Various "uses" fields, and the errors they should produce
-doInvalidQueryUsesTest("''", c => configUtils.getQueryUsesInvalid(c, undefined));
-doInvalidQueryUsesTest("foo/bar", c => configUtils.getQueryUsesInvalid(c, "foo/bar"));
-doInvalidQueryUsesTest("foo/bar@v1@v2", c => configUtils.getQueryUsesInvalid(c, "foo/bar@v1@v2"));
-doInvalidQueryUsesTest("foo@master", c => configUtils.getQueryUsesInvalid(c, "foo@master"));
-doInvalidQueryUsesTest("https://github.com/foo/bar@master", c => configUtils.getQueryUsesInvalid(c, "https://github.com/foo/bar@master"));
-doInvalidQueryUsesTest("./foo", c => configUtils.getLocalPathDoesNotExist(c, "foo"));
-doInvalidQueryUsesTest("./..", c => configUtils.getLocalPathOutsideOfRepository(c, ".."));
+doInvalidQueryUsesTest("''", (c) => configUtils.getQueryUsesInvalid(c, undefined));
+doInvalidQueryUsesTest("foo/bar", (c) => configUtils.getQueryUsesInvalid(c, "foo/bar"));
+doInvalidQueryUsesTest("foo/bar@v1@v2", (c) => configUtils.getQueryUsesInvalid(c, "foo/bar@v1@v2"));
+doInvalidQueryUsesTest("foo@master", (c) => configUtils.getQueryUsesInvalid(c, "foo@master"));
+doInvalidQueryUsesTest("https://github.com/foo/bar@master", (c) => configUtils.getQueryUsesInvalid(c, "https://github.com/foo/bar@master"));
+doInvalidQueryUsesTest("./foo", (c) => configUtils.getLocalPathDoesNotExist(c, "foo"));
+doInvalidQueryUsesTest("./..", (c) => configUtils.getLocalPathOutsideOfRepository(c, ".."));
+const validPaths = [
+    "foo",
+    "foo/",
+    "foo/**",
+    "foo/**/",
+    "foo/**/**",
+    "foo/**/bar/**/baz",
+    "**/",
+    "**/foo",
+    "/foo",
+];
+const invalidPaths = ["a/***/b", "a/**b", "a/b**", "**"];
+ava_1.default("path validations", (t) => {
+    // Dummy values to pass to validateAndSanitisePath
+    const propertyName = "paths";
+    const configFile = "./.github/codeql/config.yml";
+    for (const path of validPaths) {
+        t.truthy(configUtils.validateAndSanitisePath(path, propertyName, configFile, logging_1.getRunnerLogger(true)));
+    }
+    for (const path of invalidPaths) {
+        t.throws(() => configUtils.validateAndSanitisePath(path, propertyName, configFile, logging_1.getRunnerLogger(true)));
+    }
+});
+ava_1.default("path sanitisation", (t) => {
+    // Dummy values to pass to validateAndSanitisePath
+    const propertyName = "paths";
+    const configFile = "./.github/codeql/config.yml";
+    // Valid paths are not modified
+    t.deepEqual(configUtils.validateAndSanitisePath("foo/bar", propertyName, configFile, logging_1.getRunnerLogger(true)), "foo/bar");
+    // Trailing stars are stripped
+    t.deepEqual(configUtils.validateAndSanitisePath("foo/**", propertyName, configFile, logging_1.getRunnerLogger(true)), "foo/");
+});
 //# sourceMappingURL=config-utils.test.js.map

lib/defaults.json

@@ -0,0 +1,3 @@
+{
+    "bundleVersion": "codeql-bundle-20200826"
+}

lib/error-matcher.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+// exported only for testing purposes
+exports.namedMatchersForTesting = {
+    /*
+    In due course it may be possible to remove the regex, if/when javascript also exits with code 32.
+    */
+    noSourceCodeFound: {
+        exitCode: 32,
+        outputRegex: new RegExp("No JavaScript or TypeScript code found\\."),
+        message: "No code found during the build. Please see:\n" +
+            "https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/troubleshooting-code-scanning#no-code-found-during-the-build",
+    },
+};
+// we collapse the matches into an array for use in execErrorCatcher
+exports.errorMatchers = Object.values(exports.namedMatchersForTesting);
+//# sourceMappingURL=error-matcher.js.map

lib/error-matcher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-matcher.js","sourceRoot":"","sources":["../src/error-matcher.ts"],"names":[],"mappings":";;AAQA,qCAAqC;AACxB,QAAA,uBAAuB,GAAoC;IACtE;;MAEE;IACF,iBAAiB,EAAE;QACjB,QAAQ,EAAE,EAAE;QACZ,WAAW,EAAE,IAAI,MAAM,CAAC,2CAA2C,CAAC;QACpE,OAAO,EACL,+CAA+C;YAC/C,yJAAyJ;KAC5J;CACF,CAAC;AAEF,oEAAoE;AACvD,QAAA,aAAa,GAAG,MAAM,CAAC,MAAM,CAAC,+BAAuB,CAAC,CAAC"}

lib/error-matcher.test.js

@@ -0,0 +1,29 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const ava_1 = __importDefault(require("ava"));
+const error_matcher_1 = require("./error-matcher");
+/*
+NB We test the regexes for all the matchers against example log output snippets.
+*/
+ava_1.default("noSourceCodeFound matches against example javascript output", async (t) => {
+    t.assert(testErrorMatcher("noSourceCodeFound", `
+  2020-09-07T17:39:53.9050522Z [2020-09-07 17:39:53] [build] Done extracting /opt/hostedtoolcache/CodeQL/0.0.0-20200630/x64/codeql/javascript/tools/data/externs/web/ie_vml.js (3 ms)
+  2020-09-07T17:39:53.9051849Z [2020-09-07 17:39:53] [build-err] No JavaScript or TypeScript code found.
+  2020-09-07T17:39:53.9052444Z [2020-09-07 17:39:53] [build-err] No JavaScript or TypeScript code found.
+  2020-09-07T17:39:53.9251124Z [2020-09-07 17:39:53] [ERROR] Spawned process exited abnormally (code 255; tried to run: [/opt/hostedtoolcache/CodeQL/0.0.0-20200630/x64/codeql/javascript/tools/autobuild.sh])
+  `));
+});
+function testErrorMatcher(matcherName, logSample) {
+    if (!(matcherName in error_matcher_1.namedMatchersForTesting)) {
+        throw new Error(`Unknown matcher ${matcherName}`);
+    }
+    const regex = error_matcher_1.namedMatchersForTesting[matcherName].outputRegex;
+    if (regex === undefined) {
+        throw new Error(`Cannot test matcher ${matcherName} with null regex`);
+    }
+    return regex.test(logSample);
+}
+//# sourceMappingURL=error-matcher.test.js.map

lib/error-matcher.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"error-matcher.test.js","sourceRoot":"","sources":["../src/error-matcher.test.ts"],"names":[],"mappings":";;;;;AAAA,8CAAuB;AAEvB,mDAA0D;AAE1D;;EAEE;AAEF,aAAI,CAAC,6DAA6D,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC9E,CAAC,CAAC,MAAM,CACN,gBAAgB,CACd,mBAAmB,EACnB;;;;;GAKH,CACE,CACF,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,SAAS,gBAAgB,CAAC,WAAmB,EAAE,SAAiB;IAC9D,IAAI,CAAC,CAAC,WAAW,IAAI,uCAAuB,CAAC,EAAE;QAC7C,MAAM,IAAI,KAAK,CAAC,mBAAmB,WAAW,EAAE,CAAC,CAAC;KACnD;IACD,MAAM,KAAK,GAAG,uCAAuB,CAAC,WAAW,CAAC,CAAC,WAAW,CAAC;IAC/D,IAAI,KAAK,KAAK,SAAS,EAAE;QACvB,MAAM,IAAI,KAAK,CAAC,uBAAuB,WAAW,kBAAkB,CAAC,CAAC;KACvE;IACD,OAAO,KAAK,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC;AAC/B,CAAC"}

lib/external-queries.js

@@ -7,27 +7,34 @@ var __importStar = (this && this.__importStar) || function (mod) {
     return result;
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
-const exec = __importStar(require("@actions/exec"));
+const toolrunnner = __importStar(require("@actions/exec/lib/toolrunner"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const util = __importStar(require("./util"));
-async function checkoutExternalQueries(config) {
-    const folder = util.getRequiredEnvParam('RUNNER_TEMP');
-    for (const externalQuery of config.externalQueries) {
-        core.info('Checking out ' + externalQuery.repository);
-        const checkoutLocation = path.join(folder, externalQuery.repository);
-        if (!fs.existsSync(checkoutLocation)) {
-            const repoURL = 'https://github.com/' + externalQuery.repository + '.git';
-            await exec.exec('git', ['clone', repoURL, checkoutLocation]);
-            await exec.exec('git', [
-                '--work-tree=' + checkoutLocation,
-                '--git-dir=' + checkoutLocation + '/.git',
-                'checkout', externalQuery.ref,
-            ]);
-        }
-        config.additionalQueries.push(path.join(checkoutLocation, externalQuery.path));
+/**
+ * Check out repository at the given ref, and return the directory of the checkout.
+ */
+async function checkoutExternalRepository(repository, ref, githubUrl, tempDir, logger) {
+    logger.info(`Checking out ${repository}`);
+    const checkoutLocation = path.join(tempDir, repository, ref);
+    if (!checkoutLocation.startsWith(tempDir)) {
+        // this still permits locations that mess with sibling repositories in `tempDir`, but that is acceptable
+        throw new Error(`'${repository}@${ref}' is not a valid repository and reference.`);
     }
+    if (!fs.existsSync(checkoutLocation)) {
+        const repoURL = `${githubUrl}/${repository}`;
+        await new toolrunnner.ToolRunner("git", [
+            "clone",
+            repoURL,
+            checkoutLocation,
+        ]).exec();
+        await new toolrunnner.ToolRunner("git", [
+            `--work-tree=${checkoutLocation}`,
+            `--git-dir=${checkoutLocation}/.git`,
+            "checkout",
+            ref,
+        ]).exec();
+    }
+    return checkoutLocation;
 }
-exports.checkoutExternalQueries = checkoutExternalQueries;
+exports.checkoutExternalRepository = checkoutExternalRepository;
 //# sourceMappingURL=external-queries.js.map

lib/external-queries.js.map

@@ -1 +1 @@
-{"version":3,"file":"external-queries.js","sourceRoot":"","sources":["../src/external-queries.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,oDAAsC;AACtC,uCAAyB;AACzB,2CAA6B;AAG7B,6CAA+B;AAExB,KAAK,UAAU,uBAAuB,CAAC,MAA0B;IACtE,MAAM,MAAM,GAAG,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC;IAEvD,KAAK,MAAM,aAAa,IAAI,MAAM,CAAC,eAAe,EAAE;QAClD,IAAI,CAAC,IAAI,CAAC,eAAe,GAAG,aAAa,CAAC,UAAU,CAAC,CAAC;QAEtD,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,aAAa,CAAC,UAAU,CAAC,CAAC;QACrE,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE;YACpC,MAAM,OAAO,GAAG,qBAAqB,GAAG,aAAa,CAAC,UAAU,GAAG,MAAM,CAAC;YAC1E,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,OAAO,EAAE,OAAO,EAAE,gBAAgB,CAAC,CAAC,CAAC;YAC7D,MAAM,IAAI,CAAC,IAAI,CAAC,KAAK,EAAE;gBACrB,cAAc,GAAG,gBAAgB;gBACjC,YAAY,GAAG,gBAAgB,GAAG,OAAO;gBACzC,UAAU,EAAE,aAAa,CAAC,GAAG;aAC9B,CAAC,CAAC;SACJ;QAED,MAAM,CAAC,iBAAiB,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,gBAAgB,EAAE,aAAa,CAAC,IAAI,CAAC,CAAC,CAAC;KAChF;AACH,CAAC;AAnBD,0DAmBC"}
+{"version":3,"file":"external-queries.js","sourceRoot":"","sources":["../src/external-queries.ts"],"names":[],"mappings":";;;;;;;;;AAAA,0EAA4D;AAC5D,uCAAyB;AACzB,2CAA6B;AAI7B;;GAEG;AACI,KAAK,UAAU,0BAA0B,CAC9C,UAAkB,EAClB,GAAW,EACX,SAAiB,EACjB,OAAe,EACf,MAAc;IAEd,MAAM,CAAC,IAAI,CAAC,gBAAgB,UAAU,EAAE,CAAC,CAAC;IAE1C,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC;IAE7D,IAAI,CAAC,gBAAgB,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;QACzC,wGAAwG;QACxG,MAAM,IAAI,KAAK,CACb,IAAI,UAAU,IAAI,GAAG,4CAA4C,CAClE,CAAC;KACH;IAED,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,gBAAgB,CAAC,EAAE;QACpC,MAAM,OAAO,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAC;QAC7C,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,KAAK,EAAE;YACtC,OAAO;YACP,OAAO;YACP,gBAAgB;SACjB,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,KAAK,EAAE;YACtC,eAAe,gBAAgB,EAAE;YACjC,aAAa,gBAAgB,OAAO;YACpC,UAAU;YACV,GAAG;SACJ,CAAC,CAAC,IAAI,EAAE,CAAC;KACX;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAlCD,gEAkCC"}

lib/external-queries.test.js

@@ -1,7 +1,4 @@
 "use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 var __importStar = (this && this.__importStar) || function (mod) {
     if (mod && mod.__esModule) return mod;
     var result = {};
@@ -9,25 +6,90 @@ var __importStar = (this && this.__importStar) || function (mod) {
     result["default"] = mod;
     return result;
 };
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
 Object.defineProperty(exports, "__esModule", { value: true });
+const toolrunnner = __importStar(require("@actions/exec/lib/toolrunner"));
 const ava_1 = __importDefault(require("ava"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const configUtils = __importStar(require("./config-utils"));
 const externalQueries = __importStar(require("./external-queries"));
+const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
 const util = __importStar(require("./util"));
-testing_utils_1.silenceDebugOutput(ava_1.default);
+testing_utils_1.setupTests(ava_1.default);
 ava_1.default("checkoutExternalQueries", async (t) => {
-    let config = new configUtils.Config();
-    config.externalQueries = [
-        new configUtils.ExternalQuery("github/codeql-go", "df4c6869212341b601005567381944ed90906b6b"),
-    ];
     await util.withTmpDir(async (tmpDir) => {
-        process.env["RUNNER_TEMP"] = tmpDir;
-        await externalQueries.checkoutExternalQueries(config);
-        // COPYRIGHT file existed in df4c6869212341b601005567381944ed90906b6b but not in master
-        t.true(fs.existsSync(path.join(tmpDir, "github", "codeql-go", "COPYRIGHT")));
+        // Create a test repo in a subdir of the temp dir.
+        // It should have a default branch with two commits after the initial commit, where
+        // - the first commit contains files 'a' and 'b'
+        // - the second commit contains only 'a'
+        // Place the repo in a subdir because we're going to checkout a copy in tmpDir
+        const testRepoBaseDir = path.join(tmpDir, "test-repo-dir");
+        const repoName = "some/repo";
+        const repoPath = path.join(testRepoBaseDir, repoName);
+        const repoGitDir = path.join(repoPath, ".git");
+        // Run the given git command, and return the output.
+        // Passes --git-dir and --work-tree.
+        // Any stderr output is suppressed until the command fails.
+        const runGit = async function (command) {
+            let stdout = "";
+            let stderr = "";
+            command = [
+                `--git-dir=${repoGitDir}`,
+                `--work-tree=${repoPath}`,
+                ...command,
+            ];
+            console.log(`Running: git ${command.join(" ")}`);
+            try {
+                await new toolrunnner.ToolRunner("git", command, {
+                    silent: true,
+                    listeners: {
+                        stdout: (data) => {
+                            stdout += data.toString();
+                        },
+                        stderr: (data) => {
+                            stderr += data.toString();
+                        },
+                    },
+                }).exec();
+            }
+            catch (e) {
+                console.log(`Command failed: git ${command.join(" ")}`);
+                process.stderr.write(stderr);
+                throw e;
+            }
+            return stdout.trim();
+        };
+        fs.mkdirSync(repoPath, { recursive: true });
+        await runGit(["init", repoPath]);
+        await runGit(["config", "user.email", "test@github.com"]);
+        await runGit(["config", "user.name", "Test Test"]);
+        fs.writeFileSync(path.join(repoPath, "a"), "a content");
+        await runGit(["add", "a"]);
+        await runGit(["commit", "-m", "commit1"]);
+        fs.writeFileSync(path.join(repoPath, "b"), "b content");
+        await runGit(["add", "b"]);
+        await runGit(["commit", "-m", "commit1"]);
+        const commit1Sha = await runGit(["rev-parse", "HEAD"]);
+        fs.unlinkSync(path.join(repoPath, "b"));
+        await runGit(["add", "b"]);
+        await runGit(["commit", "-m", "commit2"]);
+        const commit2Sha = await runGit(["rev-parse", "HEAD"]);
+        // Checkout the first commit, which should contain 'a' and 'b'
+        t.false(fs.existsSync(path.join(tmpDir, repoName)));
+        await externalQueries.checkoutExternalRepository(repoName, commit1Sha, `file://${testRepoBaseDir}`, tmpDir, logging_1.getRunnerLogger(true));
+        t.true(fs.existsSync(path.join(tmpDir, repoName)));
+        t.true(fs.existsSync(path.join(tmpDir, repoName, commit1Sha)));
+        t.true(fs.existsSync(path.join(tmpDir, repoName, commit1Sha, "a")));
+        t.true(fs.existsSync(path.join(tmpDir, repoName, commit1Sha, "b")));
+        // Checkout the second commit as well, which should only contain 'a'
+        t.false(fs.existsSync(path.join(tmpDir, repoName, commit2Sha)));
+        await externalQueries.checkoutExternalRepository(repoName, commit2Sha, `file://${testRepoBaseDir}`, tmpDir, logging_1.getRunnerLogger(true));
+        t.true(fs.existsSync(path.join(tmpDir, repoName, commit2Sha)));
+        t.true(fs.existsSync(path.join(tmpDir, repoName, commit2Sha, "a")));
+        t.false(fs.existsSync(path.join(tmpDir, repoName, commit2Sha, "b")));
     });
 });
 //# sourceMappingURL=external-queries.test.js.map

lib/external-queries.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AACvB,uCAAyB;AACzB,2CAA6B;AAE7B,4DAA8C;AAC9C,oEAAsD;AACtD,mDAAmD;AACnD,6CAA+B;AAE/B,kCAAkB,CAAC,aAAI,CAAC,CAAC;AAEzB,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IACtC,IAAI,MAAM,GAAG,IAAI,WAAW,CAAC,MAAM,EAAE,CAAC;IACtC,MAAM,CAAC,eAAe,GAAG;QACrB,IAAI,WAAW,CAAC,aAAa,CAAC,kBAAkB,EAAE,0CAA0C,CAAC;KAChG,CAAC;IAEF,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QACjC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,MAAM,CAAC;QACpC,MAAM,eAAe,CAAC,uBAAuB,CAAC,MAAM,CAAC,CAAC;QAEtD,uFAAuF;QACvF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC,CAAC;IACjF,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC"}
+{"version":3,"file":"external-queries.test.js","sourceRoot":"","sources":["../src/external-queries.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,0EAA4D;AAC5D,8CAAuB;AACvB,uCAAyB;AACzB,2CAA6B;AAE7B,oEAAsD;AACtD,uCAA4C;AAC5C,mDAA6C;AAC7C,6CAA+B;AAE/B,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,yBAAyB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAC1C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,MAAM,EAAE,EAAE;QACrC,kDAAkD;QAClD,mFAAmF;QACnF,gDAAgD;QAChD,wCAAwC;QACxC,8EAA8E;QAC9E,MAAM,eAAe,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;QAC3D,MAAM,QAAQ,GAAG,WAAW,CAAC;QAC7B,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC,CAAC;QACtD,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;QAE/C,oDAAoD;QACpD,oCAAoC;QACpC,2DAA2D;QAC3D,MAAM,MAAM,GAAG,KAAK,WAAW,OAAiB;YAC9C,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,OAAO,GAAG;gBACR,aAAa,UAAU,EAAE;gBACzB,eAAe,QAAQ,EAAE;gBACzB,GAAG,OAAO;aACX,CAAC;YACF,OAAO,CAAC,GAAG,CAAC,gBAAgB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YACjD,IAAI;gBACF,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,KAAK,EAAE,OAAO,EAAE;oBAC/C,MAAM,EAAE,IAAI;oBACZ,SAAS,EAAE;wBACT,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;4BACf,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;wBAC5B,CAAC;wBACD,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE;4BACf,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;wBAC5B,CAAC;qBACF;iBACF,CAAC,CAAC,IAAI,EAAE,CAAC;aACX;YAAC,OAAO,CAAC,EAAE;gBACV,OAAO,CAAC,GAAG,CAAC,uBAAuB,OAAO,CAAC,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;gBACxD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;gBAC7B,MAAM,CAAC,CAAC;aACT;YACD,OAAO,MAAM,CAAC,IAAI,EAAE,CAAC;QACvB,CAAC,CAAC;QAEF,EAAE,CAAC,SAAS,CAAC,QAAQ,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;QAC5C,MAAM,MAAM,CAAC,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC;QACjC,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,YAAY,EAAE,iBAAiB,CAAC,CAAC,CAAC;QAC1D,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,WAAW,EAAE,WAAW,CAAC,CAAC,CAAC;QAEnD,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAE1C,EAAE,CAAC,aAAa,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,EAAE,WAAW,CAAC,CAAC;QACxD,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAEvD,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,GAAG,CAAC,CAAC,CAAC;QACxC,MAAM,MAAM,CAAC,CAAC,KAAK,EAAE,GAAG,CAAC,CAAC,CAAC;QAC3B,MAAM,MAAM,CAAC,CAAC,QAAQ,EAAE,IAAI,EAAE,SAAS,CAAC,CAAC,CAAC;QAC1C,MAAM,UAAU,GAAG,MAAM,MAAM,CAAC,CAAC,WAAW,EAAE,MAAM,CAAC,CAAC,CAAC;QAEvD,8DAA8D;QAC9D,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACpD,MAAM,eAAe,CAAC,0BAA0B,CAC9C,QAAQ,EACR,UAAU,EACV,UAAU,eAAe,EAAE,EAC3B,MAAM,EACN,yBAAe,CAAC,IAAI,CAAC,CACtB,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;QACnD,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QAEpE,oEAAoE;QACpE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAChE,MAAM,eAAe,CAAC,0BAA0B,CAC9C,QAAQ,EACR,UAAU,EACV,UAAU,eAAe,EAAE,EAC3B,MAAM,EACN,yBAAe,CAAC,IAAI,CAAC,CACtB,CAAC;QACF,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC;QAC/D,CAAC,CAAC,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;QACpE,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,QAAQ,EAAE,UAAU,EAAE,GAAG,CAAC,CAAC,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

lib/finalize-db.js

@@ -1,212 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
-const exec = __importStar(require("@actions/exec"));
-const io = __importStar(require("@actions/io"));
-const fs = __importStar(require("fs"));
-const os = __importStar(require("os"));
-const path = __importStar(require("path"));
-const configUtils = __importStar(require("./config-utils"));
-const externalQueries = __importStar(require("./external-queries"));
-const sharedEnv = __importStar(require("./shared-environment"));
-const upload_lib = __importStar(require("./upload-lib"));
-const util = __importStar(require("./util"));
-/**
- * A list of queries from https://github.com/github/codeql that
- * we don't want to run. Disabling them here is a quicker alternative to
- * disabling them in the code scanning query suites. Queries should also
- * be disabled in the suites, and removed from this list here once the
- * bundle is updated to make those suite changes live.
- *
- * Format is a map from language to an array of path suffixes of .ql files.
- */
-const DISABLED_BUILTIN_QUERIES = {
-    'csharp': [
-        'ql/src/Security Features/CWE-937/VulnerablePackage.ql',
-        'ql/src/Security Features/CWE-451/MissingXFrameOptions.ql',
-    ]
-};
-function queryIsDisabled(language, query) {
-    return (DISABLED_BUILTIN_QUERIES[language] || [])
-        .some(disabledQuery => query.endsWith(disabledQuery));
-}
-function getMemoryFlag() {
-    let memoryToUseMegaBytes;
-    const memoryToUseString = core.getInput("ram");
-    if (memoryToUseString) {
-        memoryToUseMegaBytes = Number(memoryToUseString);
-        if (Number.isNaN(memoryToUseMegaBytes) || memoryToUseMegaBytes <= 0) {
-            throw new Error("Invalid RAM setting \"" + memoryToUseString + "\", specified.");
-        }
-    }
-    else {
-        const totalMemoryBytes = os.totalmem();
-        const totalMemoryMegaBytes = totalMemoryBytes / (1024 * 1024);
-        const systemReservedMemoryMegaBytes = 256;
-        memoryToUseMegaBytes = totalMemoryMegaBytes - systemReservedMemoryMegaBytes;
-    }
-    return "--ram=" + Math.floor(memoryToUseMegaBytes);
-}
-async function createdDBForScannedLanguages(codeqlCmd, databaseFolder) {
-    const scannedLanguages = process.env[sharedEnv.CODEQL_ACTION_SCANNED_LANGUAGES];
-    if (scannedLanguages) {
-        for (const language of scannedLanguages.split(',')) {
-            core.startGroup('Extracting ' + language);
-            // Get extractor location
-            let extractorPath = '';
-            await exec.exec(codeqlCmd, ['resolve', 'extractor', '--format=json', '--language=' + language], {
-                silent: true,
-                listeners: {
-                    stdout: (data) => { extractorPath += data.toString(); },
-                    stderr: (data) => { process.stderr.write(data); }
-                }
-            });
-            // Set trace command
-            const ext = process.platform === 'win32' ? '.cmd' : '.sh';
-            const traceCommand = path.resolve(JSON.parse(extractorPath), 'tools', 'autobuild' + ext);
-            // Run trace command
-            await exec.exec(codeqlCmd, ['database', 'trace-command', path.join(databaseFolder, language), '--', traceCommand]);
-            core.endGroup();
-        }
-    }
-}
-async function finalizeDatabaseCreation(codeqlCmd, databaseFolder) {
-    await createdDBForScannedLanguages(codeqlCmd, databaseFolder);
-    const languages = process.env[sharedEnv.CODEQL_ACTION_LANGUAGES] || '';
-    for (const language of languages.split(',')) {
-        core.startGroup('Finalizing ' + language);
-        await exec.exec(codeqlCmd, ['database', 'finalize', path.join(databaseFolder, language)]);
-        core.endGroup();
-    }
-}
-async function runResolveQueries(codeqlCmd, queries) {
-    let output = '';
-    const options = {
-        listeners: {
-            stdout: (data) => {
-                output += data.toString();
-            }
-        }
-    };
-    await exec.exec(codeqlCmd, [
-        'resolve',
-        'queries',
-        ...queries,
-        '--format=bylanguage'
-    ], options);
-    return JSON.parse(output);
-}
-async function resolveQueryLanguages(codeqlCmd, config) {
-    let res = new Map();
-    if (!config.disableDefaultQueries || config.additionalSuites.length !== 0) {
-        const suites = [];
-        for (const language of await util.getLanguages()) {
-            if (!config.disableDefaultQueries) {
-                suites.push(language + '-code-scanning.qls');
-            }
-            for (const additionalSuite of config.additionalSuites) {
-                suites.push(language + '-' + additionalSuite + '.qls');
-            }
-        }
-        const resolveQueriesOutputObject = await runResolveQueries(codeqlCmd, suites);
-        for (const [language, queries] of Object.entries(resolveQueriesOutputObject.byLanguage)) {
-            if (res[language] === undefined) {
-                res[language] = [];
-            }
-            res[language].push(...Object.keys(queries).filter(q => !queryIsDisabled(language, q)));
-        }
-    }
-    if (config.additionalQueries.length !== 0) {
-        const resolveQueriesOutputObject = await runResolveQueries(codeqlCmd, config.additionalQueries);
-        for (const [language, queries] of Object.entries(resolveQueriesOutputObject.byLanguage)) {
-            if (res[language] === undefined) {
-                res[language] = [];
-            }
-            res[language].push(...Object.keys(queries));
-        }
-        const noDeclaredLanguage = resolveQueriesOutputObject.noDeclaredLanguage;
-        const noDeclaredLanguageQueries = Object.keys(noDeclaredLanguage);
-        if (noDeclaredLanguageQueries.length !== 0) {
-            throw new Error('Some queries do not declare a language, their qlpack.yml file is missing or is invalid');
-        }
-        const multipleDeclaredLanguages = resolveQueriesOutputObject.multipleDeclaredLanguages;
-        const multipleDeclaredLanguagesQueries = Object.keys(multipleDeclaredLanguages);
-        if (multipleDeclaredLanguagesQueries.length !== 0) {
-            throw new Error('Some queries declare multiple languages, their qlpack.yml file is missing or is invalid');
-        }
-    }
-    return res;
-}
-// Runs queries and creates sarif files in the given folder
-async function runQueries(codeqlCmd, databaseFolder, sarifFolder, config) {
-    const queriesPerLanguage = await resolveQueryLanguages(codeqlCmd, config);
-    for (let database of fs.readdirSync(databaseFolder)) {
-        core.startGroup('Analyzing ' + database);
-        const queries = queriesPerLanguage[database] || [];
-        if (queries.length === 0) {
-            throw new Error('Unable to analyse ' + database + ' as no queries were selected for this language');
-        }
-        // Pass the queries to codeql using a file instead of using the command
-        // line to avoid command line length restrictions, particularly on windows.
-        const querySuite = path.join(databaseFolder, database + '-queries.qls');
-        const querySuiteContents = queries.map(q => '- query: ' + q).join('\n');
-        fs.writeFileSync(querySuite, querySuiteContents);
-        core.debug('Query suite file for ' + database + '...\n' + querySuiteContents);
-        const sarifFile = path.join(sarifFolder, database + '.sarif');
-        await exec.exec(codeqlCmd, [
-            'database',
-            'analyze',
-            getMemoryFlag(),
-            path.join(databaseFolder, database),
-            '--format=sarif-latest',
-            '--output=' + sarifFile,
-            '--no-sarif-add-snippets',
-            querySuite
-        ]);
-        core.debug('SARIF results for database ' + database + ' created at "' + sarifFile + '"');
-        core.endGroup();
-    }
-}
-async function run() {
-    try {
-        if (util.should_abort('finish', true) || !await util.reportActionStarting('finish')) {
-            return;
-        }
-        const config = await configUtils.loadConfig();
-        core.exportVariable(sharedEnv.ODASA_TRACER_CONFIGURATION, '');
-        delete process.env[sharedEnv.ODASA_TRACER_CONFIGURATION];
-        const codeqlCmd = util.getRequiredEnvParam(sharedEnv.CODEQL_ACTION_CMD);
-        const databaseFolder = util.getRequiredEnvParam(sharedEnv.CODEQL_ACTION_DATABASE_DIR);
-        const sarifFolder = core.getInput('output');
-        await io.mkdirP(sarifFolder);
-        core.info('Finalizing database creation');
-        await finalizeDatabaseCreation(codeqlCmd, databaseFolder);
-        await externalQueries.checkoutExternalQueries(config);
-        core.info('Analyzing database');
-        await runQueries(codeqlCmd, databaseFolder, sarifFolder, config);
-        if ('true' === core.getInput('upload')) {
-            if (!await upload_lib.upload(sarifFolder)) {
-                await util.reportActionFailed('finish', 'upload');
-                return;
-            }
-        }
-    }
-    catch (error) {
-        core.setFailed(error.message);
-        await util.reportActionFailed('finish', error.message, error.stack);
-        return;
-    }
-    await util.reportActionSucceeded('finish');
-}
-run().catch(e => {
-    core.setFailed("analyze action failed: " + e);
-    console.log(e);
-});
-//# sourceMappingURL=finalize-db.js.map

lib/fingerprints.js

@@ -10,13 +10,12 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
 const fs = __importStar(require("fs"));
 const long_1 = __importDefault(require("long"));
-const tab = '\t'.charCodeAt(0);
-const space = ' '.charCodeAt(0);
-const lf = '\n'.charCodeAt(0);
-const cr = '\r'.charCodeAt(0);
+const tab = "\t".charCodeAt(0);
+const space = " ".charCodeAt(0);
+const lf = "\n".charCodeAt(0);
+const cr = "\r".charCodeAt(0);
 const BLOCK_SIZE = 100;
 const MOD = long_1.default.fromInt(37); // L
 // Compute the starting point for the hash mod
@@ -48,7 +47,7 @@ function hash(callback, input) {
     const lineNumbers = Array(BLOCK_SIZE).fill(-1);
     // The current hash value, updated as we read each character
     let hash = long_1.default.ZERO;
-    let firstMod = computeFirstMod();
+    const firstMod = computeFirstMod();
     // The current index in the window, will wrap around to zero when we reach BLOCK_SIZE
     let index = 0;
     // The line number of the character we are currently processing from the input
@@ -62,12 +61,12 @@ function hash(callback, input) {
     const hashCounts = {};
     // Output the current hash and line number to the callback function
     const outputHash = function () {
-        let hashValue = hash.toUnsigned().toString(16);
+        const hashValue = hash.toUnsigned().toString(16);
         if (!hashCounts[hashValue]) {
             hashCounts[hashValue] = 0;
         }
         hashCounts[hashValue]++;
-        callback(lineNumbers[index], hashValue + ":" + hashCounts[hashValue]);
+        callback(lineNumbers[index], `${hashValue}:${hashCounts[hashValue]}`);
         lineNumbers[index] = -1;
     };
     // Update the current hash value and increment the index in the window
@@ -122,7 +121,7 @@ function hash(callback, input) {
 exports.hash = hash;
 // Generate a hash callback function that updates the given result in-place
 // when it recieves a hash for the correct line number. Ignores hashes for other lines.
-function locationUpdateCallback(result, location) {
+function locationUpdateCallback(result, location, logger) {
     var _a, _b;
     let locationStartLine = (_b = (_a = location.physicalLocation) === null || _a === void 0 ? void 0 : _a.region) === null || _b === void 0 ? void 0 : _b.startLine;
     if (locationStartLine === undefined) {
@@ -146,10 +145,7 @@ function locationUpdateCallback(result, location) {
             result.partialFingerprints.primaryLocationLineHash = hash;
         }
         else if (existingFingerprint !== hash) {
-            core.warning("Calculated fingerprint of " + hash +
-                " for file " + location.physicalLocation.artifactLocation.uri +
-                " line " + lineNumber +
-                ", but found existing inconsistent fingerprint value " + existingFingerprint);
+            logger.warning(`Calculated fingerprint of ${hash} for file ${location.physicalLocation.artifactLocation.uri} line ${lineNumber}, but found existing inconsistent fingerprint value ${existingFingerprint}`);
         }
     };
 }
@@ -157,48 +153,48 @@ function locationUpdateCallback(result, location) {
 // the source file so we can hash it.
 // If possible returns a absolute file path for the source file,
 // or if not possible then returns undefined.
-function resolveUriToFile(location, artifacts) {
+function resolveUriToFile(location, artifacts, checkoutPath, logger) {
     // This may be referencing an artifact
     if (!location.uri && location.index !== undefined) {
-        if (typeof location.index !== 'number' ||
+        if (typeof location.index !== "number" ||
             location.index < 0 ||
             location.index >= artifacts.length ||
-            typeof artifacts[location.index].location !== 'object') {
-            core.debug('Ignoring location as index "' + location.index + '" is invalid');
+            typeof artifacts[location.index].location !== "object") {
+            logger.debug(`Ignoring location as URI "${location.index}" is invalid`);
             return undefined;
         }
         location = artifacts[location.index].location;
     }
     // Get the URI and decode
-    if (typeof location.uri !== 'string') {
-        core.debug('Ignoring location as uri "' + location.uri + '" is invalid');
+    if (typeof location.uri !== "string") {
+        logger.debug(`Ignoring location as index "${location.uri}" is invalid`);
         return undefined;
     }
     let uri = decodeURIComponent(location.uri);
     // Remove a file scheme, and abort if the scheme is anything else
-    const fileUriPrefix = 'file://';
+    const fileUriPrefix = "file://";
     if (uri.startsWith(fileUriPrefix)) {
         uri = uri.substring(fileUriPrefix.length);
     }
-    if (uri.indexOf('://') !== -1) {
-        core.debug('Ignoring location URI "' + uri + "' as the scheme is not recognised");
+    if (uri.indexOf("://") !== -1) {
+        logger.debug(`Ignoring location URI "${uri}" as the scheme is not recognised`);
         return undefined;
     }
     // Discard any absolute paths that aren't in the src root
-    const srcRootPrefix = process.env['GITHUB_WORKSPACE'] + '/';
-    if (uri.startsWith('/') && !uri.startsWith(srcRootPrefix)) {
-        core.debug('Ignoring location URI "' + uri + "' as it is outside of the src root");
+    const srcRootPrefix = `${checkoutPath}/`;
+    if (uri.startsWith("/") && !uri.startsWith(srcRootPrefix)) {
+        logger.debug(`Ignoring location URI "${uri}" as it is outside of the src root`);
         return undefined;
     }
     // Just assume a relative path is relative to the src root.
     // This is not necessarily true but should be a good approximation
     // and here we likely want to err on the side of handling more cases.
-    if (!uri.startsWith('/')) {
+    if (!uri.startsWith("/")) {
         uri = srcRootPrefix + uri;
     }
     // Check the file exists
     if (!fs.existsSync(uri)) {
-        core.debug("Unable to compute fingerprint for non-existent file: " + uri);
+        logger.debug(`Unable to compute fingerprint for non-existent file: ${uri}`);
         return undefined;
     }
     return uri;
@@ -206,38 +202,37 @@ function resolveUriToFile(location, artifacts) {
 exports.resolveUriToFile = resolveUriToFile;
 // Compute fingerprints for results in the given sarif file
 // and return an updated sarif file contents.
-function addFingerprints(sarifContents) {
-    let sarif = JSON.parse(sarifContents);
+function addFingerprints(sarifContents, checkoutPath, logger) {
+    var _a, _b;
+    const sarif = JSON.parse(sarifContents);
     // Gather together results for the same file and construct
     // callbacks to accept hashes for that file and update the location
     const callbacksByFile = {};
     for (const run of sarif.runs || []) {
         // We may need the list of artifacts to resolve against
-        let artifacts = run.artifacts || [];
+        const artifacts = run.artifacts || [];
         for (const result of run.results || []) {
             // Check the primary location is defined correctly and is in the src root
             const primaryLocation = (result.locations || [])[0];
-            if (!primaryLocation ||
-                !primaryLocation.physicalLocation ||
-                !primaryLocation.physicalLocation.artifactLocation) {
-                core.debug("Unable to compute fingerprint for invalid location: " + JSON.stringify(primaryLocation));
+            if (!((_b = (_a = primaryLocation) === null || _a === void 0 ? void 0 : _a.physicalLocation) === null || _b === void 0 ? void 0 : _b.artifactLocation)) {
+                logger.debug(`Unable to compute fingerprint for invalid location: ${JSON.stringify(primaryLocation)}`);
                 continue;
             }
-            const filepath = resolveUriToFile(primaryLocation.physicalLocation.artifactLocation, artifacts);
+            const filepath = resolveUriToFile(primaryLocation.physicalLocation.artifactLocation, artifacts, checkoutPath, logger);
             if (!filepath) {
                 continue;
             }
             if (!callbacksByFile[filepath]) {
                 callbacksByFile[filepath] = [];
             }
-            callbacksByFile[filepath].push(locationUpdateCallback(result, primaryLocation));
+            callbacksByFile[filepath].push(locationUpdateCallback(result, primaryLocation, logger));
         }
     }
     // Now hash each file that was found
     Object.entries(callbacksByFile).forEach(([filepath, callbacks]) => {
         // A callback that forwards the hash to all other callbacks for that file
         const teeCallback = function (lineNumber, hash) {
-            Object.values(callbacks).forEach(c => c(lineNumber, hash));
+            Object.values(callbacks).forEach((c) => c(lineNumber, hash));
         };
         const fileContents = fs.readFileSync(filepath).toString();
         hash(teeCallback, fileContents);

lib/fingerprints.test.js

@@ -14,11 +14,12 @@ const ava_1 = __importDefault(require("ava"));
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
 const fingerprints = __importStar(require("./fingerprints"));
+const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
-testing_utils_1.silenceDebugOutput(ava_1.default);
+testing_utils_1.setupTests(ava_1.default);
 function testHash(t, input, expectedHashes) {
     let index = 0;
-    let callback = function (lineNumber, hash) {
+    const callback = function (lineNumber, hash) {
         t.is(lineNumber, index + 1);
         t.is(hash, expectedHashes[index]);
         index++;
@@ -26,7 +27,7 @@ function testHash(t, input, expectedHashes) {
     fingerprints.hash(callback, input);
     t.is(index, input.split(/\r\n|\r|\n/).length);
 }
-ava_1.default('hash', (t) => {
+ava_1.default("hash", (t) => {
     // Try empty file
     testHash(t, "", ["c129715d7a2bc9a3:1"]);
     // Try various combinations of newline characters
@@ -34,7 +35,7 @@ ava_1.default('hash', (t) => {
         "271789c17abda88f:1",
         "54703d4cd895b18:1",
         "180aee12dab6264:1",
-        "a23a3dc5e078b07b:1"
+        "a23a3dc5e078b07b:1",
     ]);
     testHash(t, " hello; \t\nworld!!!\n\n\n  \t\tGreetings\n End", [
         "8b7cf3e952e7aeb2:1",
@@ -92,68 +93,85 @@ ava_1.default('hash', (t) => {
         "a9cf91f7bbf1862b:1",
         "55ec222b86bcae53:1",
         "cc97dc7b1d7d8f7b:1",
-        "c129715d7a2bc9a3:1"
+        "c129715d7a2bc9a3:1",
+    ]);
+    testHash(t, "x = 2\nx = 1\nprint(x)\nx = 3\nprint(x)\nx = 4\nprint(x)\n", [
+        "e54938cc54b302f1:1",
+        "bb609acbe9138d60:1",
+        "1131fd5871777f34:1",
+        "5c482a0f8b35ea28:1",
+        "54517377da7028d2:1",
+        "2c644846cb18d53e:1",
+        "f1b89f20de0d133:1",
+        "c129715d7a2bc9a3:1",
     ]);
 });
 function testResolveUriToFile(uri, index, artifactsURIs) {
-    const location = { "uri": uri, "index": index };
-    const artifacts = artifactsURIs.map(uri => ({ "location": { "uri": uri } }));
-    return fingerprints.resolveUriToFile(location, artifacts);
+    const location = { uri, index };
+    const artifacts = artifactsURIs.map((uri) => ({ location: { uri } }));
+    return fingerprints.resolveUriToFile(location, artifacts, process.cwd(), logging_1.getRunnerLogger(true));
 }
-ava_1.default('resolveUriToFile', t => {
+ava_1.default("resolveUriToFile", (t) => {
     // The resolveUriToFile method checks that the file exists and is in the right directory
     // so we need to give it real files to look at. We will use this file as an example.
     // For this to work we require the current working directory to be a parent, but this
     // should generally always be the case so this is fine.
     const cwd = process.cwd();
     const filepath = __filename;
-    t.true(filepath.startsWith(cwd + '/'));
+    t.true(filepath.startsWith(`${cwd}/`));
     const relativeFilepaht = filepath.substring(cwd.length + 1);
-    process.env['GITHUB_WORKSPACE'] = cwd;
     // Absolute paths are unmodified
     t.is(testResolveUriToFile(filepath, undefined, []), filepath);
-    t.is(testResolveUriToFile('file://' + filepath, undefined, []), filepath);
+    t.is(testResolveUriToFile(`file://${filepath}`, undefined, []), filepath);
     // Relative paths are made absolute
     t.is(testResolveUriToFile(relativeFilepaht, undefined, []), filepath);
-    t.is(testResolveUriToFile('file://' + relativeFilepaht, undefined, []), filepath);
+    t.is(testResolveUriToFile(`file://${relativeFilepaht}`, undefined, []), filepath);
     // Absolute paths outside the src root are discarded
-    t.is(testResolveUriToFile('/src/foo/bar.js', undefined, []), undefined);
-    t.is(testResolveUriToFile('file:///src/foo/bar.js', undefined, []), undefined);
+    t.is(testResolveUriToFile("/src/foo/bar.js", undefined, []), undefined);
+    t.is(testResolveUriToFile("file:///src/foo/bar.js", undefined, []), undefined);
     // Other schemes are discarded
-    t.is(testResolveUriToFile('https://' + filepath, undefined, []), undefined);
-    t.is(testResolveUriToFile('ftp://' + filepath, undefined, []), undefined);
+    t.is(testResolveUriToFile(`https://${filepath}`, undefined, []), undefined);
+    t.is(testResolveUriToFile(`ftp://${filepath}`, undefined, []), undefined);
     // Invalid URIs are discarded
     t.is(testResolveUriToFile(1, undefined, []), undefined);
     t.is(testResolveUriToFile(undefined, undefined, []), undefined);
     // Non-existant files are discarded
-    t.is(testResolveUriToFile(filepath + '2', undefined, []), undefined);
+    t.is(testResolveUriToFile(`${filepath}2`, undefined, []), undefined);
     // Index is resolved
     t.is(testResolveUriToFile(undefined, 0, [filepath]), filepath);
-    t.is(testResolveUriToFile(undefined, 1, ['foo', filepath]), filepath);
+    t.is(testResolveUriToFile(undefined, 1, ["foo", filepath]), filepath);
     // Invalid indexes are discarded
     t.is(testResolveUriToFile(undefined, 1, [filepath]), undefined);
-    t.is(testResolveUriToFile(undefined, '0', [filepath]), undefined);
+    t.is(testResolveUriToFile(undefined, "0", [filepath]), undefined);
 });
-ava_1.default('addFingerprints', t => {
+ava_1.default("addFingerprints", (t) => {
     // Run an end-to-end test on a test file
-    let input = fs.readFileSync(__dirname + '/../src/testdata/fingerprinting.input.sarif').toString();
-    let expected = fs.readFileSync(__dirname + '/../src/testdata/fingerprinting.expected.sarif').toString();
+    let input = fs
+        .readFileSync(`${__dirname}/../src/testdata/fingerprinting.input.sarif`)
+        .toString();
+    let expected = fs
+        .readFileSync(`${__dirname}/../src/testdata/fingerprinting.expected.sarif`)
+        .toString();
     // The test files are stored prettified, but addFingerprints outputs condensed JSON
     input = JSON.stringify(JSON.parse(input));
     expected = JSON.stringify(JSON.parse(expected));
     // The URIs in the SARIF files resolve to files in the testdata directory
-    process.env['GITHUB_WORKSPACE'] = path.normalize(__dirname + '/../src/testdata');
-    t.deepEqual(fingerprints.addFingerprints(input), expected);
+    const checkoutPath = path.normalize(`${__dirname}/../src/testdata`);
+    t.deepEqual(fingerprints.addFingerprints(input, checkoutPath, logging_1.getRunnerLogger(true)), expected);
 });
-ava_1.default('missingRegions', t => {
+ava_1.default("missingRegions", (t) => {
     // Run an end-to-end test on a test file
-    let input = fs.readFileSync(__dirname + '/../src/testdata/fingerprinting2.input.sarif').toString();
-    let expected = fs.readFileSync(__dirname + '/../src/testdata/fingerprinting2.expected.sarif').toString();
+    let input = fs
+        .readFileSync(`${__dirname}/../src/testdata/fingerprinting2.input.sarif`)
+        .toString();
+    let expected = fs
+        .readFileSync(`${__dirname}/../src/testdata/fingerprinting2.expected.sarif`)
+        .toString();
     // The test files are stored prettified, but addFingerprints outputs condensed JSON
     input = JSON.stringify(JSON.parse(input));
     expected = JSON.stringify(JSON.parse(expected));
     // The URIs in the SARIF files resolve to files in the testdata directory
-    process.env['GITHUB_WORKSPACE'] = path.normalize(__dirname + '/../src/testdata');
-    t.deepEqual(fingerprints.addFingerprints(input), expected);
+    const checkoutPath = path.normalize(`${__dirname}/../src/testdata`);
+    t.deepEqual(fingerprints.addFingerprints(input, checkoutPath, logging_1.getRunnerLogger(true)), expected);
 });
 //# sourceMappingURL=fingerprints.test.js.map

lib/init-action.js

@@ -0,0 +1,87 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core = __importStar(require("@actions/core"));
+const init_1 = require("./init");
+const logging_1 = require("./logging");
+const repository_1 = require("./repository");
+const util = __importStar(require("./util"));
+async function sendSuccessStatusReport(startedAt, config) {
+    const statusReportBase = await util.createStatusReportBase("init", "success", startedAt);
+    const languages = config.languages.join(",");
+    const workflowLanguages = core.getInput("languages", { required: false });
+    const paths = (config.originalUserInput.paths || []).join(",");
+    const pathsIgnore = (config.originalUserInput["paths-ignore"] || []).join(",");
+    const disableDefaultQueries = config.originalUserInput["disable-default-queries"]
+        ? languages
+        : "";
+    const queries = (config.originalUserInput.queries || [])
+        .map((q) => q.uses)
+        .join(",");
+    const statusReport = {
+        ...statusReportBase,
+        languages,
+        workflow_languages: workflowLanguages,
+        paths,
+        paths_ignore: pathsIgnore,
+        disable_default_queries: disableDefaultQueries,
+        queries,
+    };
+    await util.sendStatusReport(statusReport);
+}
+async function run() {
+    const startedAt = new Date();
+    const logger = logging_1.getActionsLogger();
+    let config;
+    let codeql;
+    try {
+        util.prepareLocalRunEnvironment();
+        if (!(await util.sendStatusReport(await util.createStatusReportBase("init", "starting", startedAt), true))) {
+            return;
+        }
+        codeql = await init_1.initCodeQL(util.getOptionalInput("tools"), util.getRequiredInput("token"), util.getRequiredEnvParam("GITHUB_SERVER_URL"), util.getRequiredEnvParam("RUNNER_TEMP"), util.getRequiredEnvParam("RUNNER_TOOL_CACHE"), "actions", logger);
+        config = await init_1.initConfig(util.getOptionalInput("languages"), util.getOptionalInput("queries"), util.getOptionalInput("config-file"), repository_1.parseRepositoryNwo(util.getRequiredEnvParam("GITHUB_REPOSITORY")), util.getRequiredEnvParam("RUNNER_TEMP"), util.getRequiredEnvParam("RUNNER_TOOL_CACHE"), codeql, util.getRequiredEnvParam("GITHUB_WORKSPACE"), util.getRequiredInput("token"), util.getRequiredEnvParam("GITHUB_SERVER_URL"), logger);
+    }
+    catch (e) {
+        core.setFailed(e.message);
+        console.log(e);
+        await util.sendStatusReport(await util.createStatusReportBase("init", "aborted", startedAt, e.message));
+        return;
+    }
+    try {
+        // Forward Go flags
+        const goFlags = process.env["GOFLAGS"];
+        if (goFlags) {
+            core.exportVariable("GOFLAGS", goFlags);
+            core.warning("Passing the GOFLAGS env parameter to the init action is deprecated. Please move this to the analyze action.");
+        }
+        // Setup CODEQL_RAM flag (todo improve this https://github.com/github/dsp-code-scanning/issues/935)
+        const codeqlRam = process.env["CODEQL_RAM"] || "6500";
+        core.exportVariable("CODEQL_RAM", codeqlRam);
+        const tracerConfig = await init_1.runInit(codeql, config);
+        if (tracerConfig !== undefined) {
+            Object.entries(tracerConfig.env).forEach(([key, value]) => core.exportVariable(key, value));
+            if (process.platform === "win32") {
+                await init_1.injectWindowsTracer("Runner.Worker.exe", undefined, config, codeql, tracerConfig);
+            }
+        }
+    }
+    catch (error) {
+        core.setFailed(error.message);
+        console.log(error);
+        await util.sendStatusReport(await util.createStatusReportBase("init", "failure", startedAt, error.message, error.stack));
+        return;
+    }
+    await sendSuccessStatusReport(startedAt, config);
+}
+run().catch((e) => {
+    core.setFailed(`init action failed: ${e}`);
+    console.log(e);
+});
+//# sourceMappingURL=init-action.js.map

lib/init-action.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init-action.js","sourceRoot":"","sources":["../src/init-action.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAItC,iCAA8E;AAC9E,uCAA6C;AAC7C,6CAAkD;AAClD,6CAA+B;AAkB/B,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,MAA0B;IAE1B,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CACxD,MAAM,EACN,SAAS,EACT,SAAS,CACV,CAAC;IAEF,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC7C,MAAM,iBAAiB,GAAG,IAAI,CAAC,QAAQ,CAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;IAC1E,MAAM,KAAK,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CACvE,GAAG,CACJ,CAAC;IACF,MAAM,qBAAqB,GAAG,MAAM,CAAC,iBAAiB,CACpD,yBAAyB,CAC1B;QACC,CAAC,CAAC,SAAS;QACX,CAAC,CAAC,EAAE,CAAC;IACP,MAAM,OAAO,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,OAAO,IAAI,EAAE,CAAC;SACrD,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;SAClB,IAAI,CAAC,GAAG,CAAC,CAAC;IAEb,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,SAAS;QACT,kBAAkB,EAAE,iBAAiB;QACrC,KAAK;QACL,YAAY,EAAE,WAAW;QACzB,uBAAuB,EAAE,qBAAqB;QAC9C,OAAO;KACR,CAAC;IAEF,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAC5C,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,MAAM,MAAM,GAAG,0BAAgB,EAAE,CAAC;IAClC,IAAI,MAA0B,CAAC;IAC/B,IAAI,MAAc,CAAC;IAEnB,IAAI;QACF,IAAI,CAAC,0BAA0B,EAAE,CAAC;QAClC,IACE,CAAC,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAC3B,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,UAAU,EAAE,SAAS,CAAC,EAChE,IAAI,CACL,CAAC,EACF;YACA,OAAO;SACR;QAED,MAAM,GAAG,MAAM,iBAAU,CACvB,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAC9B,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAC9B,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,EAC7C,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,EACvC,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,EAC7C,SAAS,EACT,MAAM,CACP,CAAC;QACF,MAAM,GAAG,MAAM,iBAAU,CACvB,IAAI,CAAC,gBAAgB,CAAC,WAAW,CAAC,EAClC,IAAI,CAAC,gBAAgB,CAAC,SAAS,CAAC,EAChC,IAAI,CAAC,gBAAgB,CAAC,aAAa,CAAC,EACpC,+BAAkB,CAAC,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,CAAC,EACjE,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,EACvC,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,EAC7C,MAAM,EACN,IAAI,CAAC,mBAAmB,CAAC,kBAAkB,CAAC,EAC5C,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAC9B,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,EAC7C,MAAM,CACP,CAAC;KACH;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;QAC1B,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;QACf,MAAM,IAAI,CAAC,gBAAgB,CACzB,MAAM,IAAI,CAAC,sBAAsB,CAAC,MAAM,EAAE,SAAS,EAAE,SAAS,EAAE,CAAC,CAAC,OAAO,CAAC,CAC3E,CAAC;QACF,OAAO;KACR;IAED,IAAI;QACF,mBAAmB;QACnB,MAAM,OAAO,GAAG,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;QACvC,IAAI,OAAO,EAAE;YACX,IAAI,CAAC,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACxC,IAAI,CAAC,OAAO,CACV,6GAA6G,CAC9G,CAAC;SACH;QAED,mGAAmG;QACnG,MAAM,SAAS,GAAG,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,IAAI,MAAM,CAAC;QACtD,IAAI,CAAC,cAAc,CAAC,YAAY,EAAE,SAAS,CAAC,CAAC;QAE7C,MAAM,YAAY,GAAG,MAAM,cAAO,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACnD,IAAI,YAAY,KAAK,SAAS,EAAE;YAC9B,MAAM,CAAC,OAAO,CAAC,YAAY,CAAC,GAAG,CAAC,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CACxD,IAAI,CAAC,cAAc,CAAC,GAAG,EAAE,KAAK,CAAC,CAChC,CAAC;YAEF,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;gBAChC,MAAM,0BAAmB,CACvB,mBAAmB,EACnB,SAAS,EACT,MAAM,EACN,MAAM,EACN,YAAY,CACb,CAAC;aACH;SACF;KACF;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,IAAI,CAAC,gBAAgB,CACzB,MAAM,IAAI,CAAC,sBAAsB,CAC/B,MAAM,EACN,SAAS,EACT,SAAS,EACT,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CACF,CAAC;QACF,OAAO;KACR;IACD,MAAM,uBAAuB,CAAC,SAAS,EAAE,MAAM,CAAC,CAAC;AACnD,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IAChB,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,EAAE,CAAC,CAAC;IAC3C,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}

lib/init.js

@@ -0,0 +1,124 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const toolrunnner = __importStar(require("@actions/exec/lib/toolrunner"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const analysisPaths = __importStar(require("./analysis-paths"));
+const codeql_1 = require("./codeql");
+const configUtils = __importStar(require("./config-utils"));
+const tracer_config_1 = require("./tracer-config");
+const util = __importStar(require("./util"));
+async function initCodeQL(codeqlURL, githubAuth, githubUrl, tempDir, toolsDir, mode, logger) {
+    logger.startGroup("Setup CodeQL tools");
+    const codeql = await codeql_1.setupCodeQL(codeqlURL, githubAuth, githubUrl, tempDir, toolsDir, mode, logger);
+    await codeql.printVersion();
+    logger.endGroup();
+    return codeql;
+}
+exports.initCodeQL = initCodeQL;
+async function initConfig(languagesInput, queriesInput, configFile, repository, tempDir, toolCacheDir, codeQL, checkoutPath, githubAuth, githubUrl, logger) {
+    logger.startGroup("Load language configuration");
+    const config = await configUtils.initConfig(languagesInput, queriesInput, configFile, repository, tempDir, toolCacheDir, codeQL, checkoutPath, githubAuth, githubUrl, logger);
+    analysisPaths.printPathFiltersWarning(config, logger);
+    logger.endGroup();
+    return config;
+}
+exports.initConfig = initConfig;
+async function runInit(codeql, config) {
+    const sourceRoot = path.resolve();
+    fs.mkdirSync(util.getCodeQLDatabasesDir(config.tempDir), { recursive: true });
+    // TODO: replace this code once CodeQL supports multi-language tracing
+    for (const language of config.languages) {
+        // Init language database
+        await codeql.databaseInit(util.getCodeQLDatabasePath(config.tempDir, language), language, sourceRoot);
+    }
+    return await tracer_config_1.getCombinedTracerConfig(config, codeql);
+}
+exports.runInit = runInit;
+// Runs a powershell script to inject the tracer into a parent process
+// so it can tracer future processes, hopefully including the build process.
+// If processName is given then injects into the nearest parent process with
+// this name, otherwise uses the processLevel-th parent if defined, otherwise
+// defaults to the 3rd parent as a rough guess.
+async function injectWindowsTracer(processName, processLevel, config, codeql, tracerConfig) {
+    let script;
+    if (processName !== undefined) {
+        script = `
+      Param(
+          [Parameter(Position=0)]
+          [String]
+          $tracer
+      )
+
+      $id = $PID
+      while ($true) {
+        $p = Get-CimInstance -Class Win32_Process -Filter "ProcessId = $id"
+        Write-Host "Found process: $p"
+        if ($p -eq $null) {
+          throw "Could not determine ${processName} process"
+        }
+        if ($p[0].Name -eq "${processName}") {
+          Break
+        } else {
+          $id = $p[0].ParentProcessId
+        }
+      }
+      Write-Host "Final process: $p"
+
+      Invoke-Expression "&$tracer --inject=$id"`;
+    }
+    else {
+        // If the level is not defined then guess at the 3rd parent process.
+        // This won't be correct in every setting but it should be enough in most settings,
+        // and overestimating is likely better in this situation so we definitely trace
+        // what we want, though this does run the risk of interfering with future CI jobs.
+        // Note that the default of 3 doesn't work on github actions, so we include a
+        // special case in the script that checks for Runner.Worker.exe so we can still work
+        // on actions if the runner is invoked there.
+        processLevel = processLevel || 3;
+        script = `
+      Param(
+          [Parameter(Position=0)]
+          [String]
+          $tracer
+      )
+
+      $id = $PID
+      for ($i = 0; $i -le ${processLevel}; $i++) {
+        $p = Get-CimInstance -Class Win32_Process -Filter "ProcessId = $id"
+        Write-Host "Parent process \${i}: $p"
+        if ($p -eq $null) {
+          throw "Process tree ended before reaching required level"
+        }
+        # Special case just in case the runner is used on actions
+        if ($p[0].Name -eq "Runner.Worker.exe") {
+          Write-Host "Found Runner.Worker.exe process which means we are running on GitHub Actions"
+          Write-Host "Aborting search early and using process: $p"
+          Break
+        } else {
+          $id = $p[0].ParentProcessId
+        }
+      }
+      Write-Host "Final process: $p"
+
+      Invoke-Expression "&$tracer --inject=$id"`;
+    }
+    const injectTracerPath = path.join(config.tempDir, "inject-tracer.ps1");
+    fs.writeFileSync(injectTracerPath, script);
+    await new toolrunnner.ToolRunner("powershell", [
+        "-ExecutionPolicy",
+        "Bypass",
+        "-file",
+        injectTracerPath,
+        path.resolve(path.dirname(codeql.getPath()), "tools", "win64", "tracer.exe"),
+    ], { env: { ODASA_TRACER_CONFIGURATION: tracerConfig.spec } }).exec();
+}
+exports.injectWindowsTracer = injectWindowsTracer;
+//# sourceMappingURL=init.js.map

lib/init.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"init.js","sourceRoot":"","sources":["../src/init.ts"],"names":[],"mappings":";;;;;;;;;AAAA,0EAA4D;AAC5D,uCAAyB;AACzB,2CAA6B;AAE7B,gEAAkD;AAClD,qCAA+C;AAC/C,4DAA8C;AAG9C,mDAAwE;AACxE,6CAA+B;AAExB,KAAK,UAAU,UAAU,CAC9B,SAA6B,EAC7B,UAAkB,EAClB,SAAiB,EACjB,OAAe,EACf,QAAgB,EAChB,IAAe,EACf,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,oBAAoB,CAAC,CAAC;IACxC,MAAM,MAAM,GAAG,MAAM,oBAAW,CAC9B,SAAS,EACT,UAAU,EACV,SAAS,EACT,OAAO,EACP,QAAQ,EACR,IAAI,EACJ,MAAM,CACP,CAAC;IACF,MAAM,MAAM,CAAC,YAAY,EAAE,CAAC;IAC5B,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AAtBD,gCAsBC;AAEM,KAAK,UAAU,UAAU,CAC9B,cAAkC,EAClC,YAAgC,EAChC,UAA8B,EAC9B,UAAyB,EACzB,OAAe,EACf,YAAoB,EACpB,MAAc,EACd,YAAoB,EACpB,UAAkB,EAClB,SAAiB,EACjB,MAAc;IAEd,MAAM,CAAC,UAAU,CAAC,6BAA6B,CAAC,CAAC;IACjD,MAAM,MAAM,GAAG,MAAM,WAAW,CAAC,UAAU,CACzC,cAAc,EACd,YAAY,EACZ,UAAU,EACV,UAAU,EACV,OAAO,EACP,YAAY,EACZ,MAAM,EACN,YAAY,EACZ,UAAU,EACV,SAAS,EACT,MAAM,CACP,CAAC;IACF,aAAa,CAAC,uBAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IACtD,MAAM,CAAC,QAAQ,EAAE,CAAC;IAClB,OAAO,MAAM,CAAC;AAChB,CAAC;AA9BD,gCA8BC;AAEM,KAAK,UAAU,OAAO,CAC3B,MAAc,EACd,MAA0B;IAE1B,MAAM,UAAU,GAAG,IAAI,CAAC,OAAO,EAAE,CAAC;IAElC,EAAE,CAAC,SAAS,CAAC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAE9E,sEAAsE;IACtE,KAAK,MAAM,QAAQ,IAAI,MAAM,CAAC,SAAS,EAAE;QACvC,yBAAyB;QACzB,MAAM,MAAM,CAAC,YAAY,CACvB,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,EACpD,QAAQ,EACR,UAAU,CACX,CAAC;KACH;IAED,OAAO,MAAM,uCAAuB,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACvD,CAAC;AAnBD,0BAmBC;AAED,sEAAsE;AACtE,4EAA4E;AAC5E,4EAA4E;AAC5E,6EAA6E;AAC7E,+CAA+C;AACxC,KAAK,UAAU,mBAAmB,CACvC,WAA+B,EAC/B,YAAgC,EAChC,MAA0B,EAC1B,MAAc,EACd,YAA0B;IAE1B,IAAI,MAAc,CAAC;IACnB,IAAI,WAAW,KAAK,SAAS,EAAE;QAC7B,MAAM,GAAG;;;;;;;;;;;;uCAY0B,WAAW;;8BAEpB,WAAW;;;;;;;;gDAQO,CAAC;KAC9C;SAAM;QACL,oEAAoE;QACpE,mFAAmF;QACnF,+EAA+E;QAC/E,kFAAkF;QAClF,6EAA6E;QAC7E,oFAAoF;QACpF,6CAA6C;QAC7C,YAAY,GAAG,YAAY,IAAI,CAAC,CAAC;QACjC,MAAM,GAAG;;;;;;;;4BAQe,YAAY;;;;;;;;;;;;;;;;;gDAiBQ,CAAC;KAC9C;IAED,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IACxE,EAAE,CAAC,aAAa,CAAC,gBAAgB,EAAE,MAAM,CAAC,CAAC;IAE3C,MAAM,IAAI,WAAW,CAAC,UAAU,CAC9B,YAAY,EACZ;QACE,kBAAkB;QAClB,QAAQ;QACR,OAAO;QACP,gBAAgB;QAChB,IAAI,CAAC,OAAO,CACV,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,EAC9B,OAAO,EACP,OAAO,EACP,YAAY,CACb;KACF,EACD,EAAE,GAAG,EAAE,EAAE,0BAA0B,EAAE,YAAY,CAAC,IAAI,EAAE,EAAE,CAC3D,CAAC,IAAI,EAAE,CAAC;AACX,CAAC;AAxFD,kDAwFC"}

lib/languages.js

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+// All the languages supported by CodeQL
+var Language;
+(function (Language) {
+    Language["csharp"] = "csharp";
+    Language["cpp"] = "cpp";
+    Language["go"] = "go";
+    Language["java"] = "java";
+    Language["javascript"] = "javascript";
+    Language["python"] = "python";
+})(Language = exports.Language || (exports.Language = {}));
+// Additional names for languages
+const LANGUAGE_ALIASES = {
+    c: Language.cpp,
+    "c++": Language.cpp,
+    "c#": Language.csharp,
+    typescript: Language.javascript,
+};
+// Translate from user input or GitHub's API names for languages to CodeQL's names for languages
+function parseLanguage(language) {
+    // Normalise to lower case
+    language = language.toLowerCase();
+    // See if it's an exact match
+    if (language in Language) {
+        return language;
+    }
+    // Check language aliases
+    if (language in LANGUAGE_ALIASES) {
+        return LANGUAGE_ALIASES[language];
+    }
+    return undefined;
+}
+exports.parseLanguage = parseLanguage;
+function isTracedLanguage(language) {
+    return ["cpp", "java", "csharp"].includes(language);
+}
+exports.isTracedLanguage = isTracedLanguage;
+function isScannedLanguage(language) {
+    return !isTracedLanguage(language);
+}
+exports.isScannedLanguage = isScannedLanguage;
+//# sourceMappingURL=languages.js.map

lib/languages.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"languages.js","sourceRoot":"","sources":["../src/languages.ts"],"names":[],"mappings":";;AAAA,wCAAwC;AACxC,IAAY,QAOX;AAPD,WAAY,QAAQ;IAClB,6BAAiB,CAAA;IACjB,uBAAW,CAAA;IACX,qBAAS,CAAA;IACT,yBAAa,CAAA;IACb,qCAAyB,CAAA;IACzB,6BAAiB,CAAA;AACnB,CAAC,EAPW,QAAQ,GAAR,gBAAQ,KAAR,gBAAQ,QAOnB;AAED,iCAAiC;AACjC,MAAM,gBAAgB,GAAiC;IACrD,CAAC,EAAE,QAAQ,CAAC,GAAG;IACf,KAAK,EAAE,QAAQ,CAAC,GAAG;IACnB,IAAI,EAAE,QAAQ,CAAC,MAAM;IACrB,UAAU,EAAE,QAAQ,CAAC,UAAU;CAChC,CAAC;AAEF,gGAAgG;AAChG,SAAgB,aAAa,CAAC,QAAgB;IAC5C,0BAA0B;IAC1B,QAAQ,GAAG,QAAQ,CAAC,WAAW,EAAE,CAAC;IAElC,6BAA6B;IAC7B,IAAI,QAAQ,IAAI,QAAQ,EAAE;QACxB,OAAO,QAAoB,CAAC;KAC7B;IAED,yBAAyB;IACzB,IAAI,QAAQ,IAAI,gBAAgB,EAAE;QAChC,OAAO,gBAAgB,CAAC,QAAQ,CAAC,CAAC;KACnC;IAED,OAAO,SAAS,CAAC;AACnB,CAAC;AAfD,sCAeC;AAED,SAAgB,gBAAgB,CAAC,QAAkB;IACjD,OAAO,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;AACtD,CAAC;AAFD,4CAEC;AAED,SAAgB,iBAAiB,CAAC,QAAkB;IAClD,OAAO,CAAC,gBAAgB,CAAC,QAAQ,CAAC,CAAC;AACrC,CAAC;AAFD,8CAEC"}

lib/languages.test.js

@@ -0,0 +1,44 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const ava_1 = __importDefault(require("ava"));
+const languages_1 = require("./languages");
+const testing_utils_1 = require("./testing-utils");
+testing_utils_1.setupTests(ava_1.default);
+ava_1.default("parseLangauge", async (t) => {
+    // Exact matches
+    t.deepEqual(languages_1.parseLanguage("csharp"), languages_1.Language.csharp);
+    t.deepEqual(languages_1.parseLanguage("cpp"), languages_1.Language.cpp);
+    t.deepEqual(languages_1.parseLanguage("go"), languages_1.Language.go);
+    t.deepEqual(languages_1.parseLanguage("java"), languages_1.Language.java);
+    t.deepEqual(languages_1.parseLanguage("javascript"), languages_1.Language.javascript);
+    t.deepEqual(languages_1.parseLanguage("python"), languages_1.Language.python);
+    // Aliases
+    t.deepEqual(languages_1.parseLanguage("c"), languages_1.Language.cpp);
+    t.deepEqual(languages_1.parseLanguage("c++"), languages_1.Language.cpp);
+    t.deepEqual(languages_1.parseLanguage("c#"), languages_1.Language.csharp);
+    t.deepEqual(languages_1.parseLanguage("typescript"), languages_1.Language.javascript);
+    // Not matches
+    t.deepEqual(languages_1.parseLanguage("foo"), undefined);
+    t.deepEqual(languages_1.parseLanguage(" "), undefined);
+    t.deepEqual(languages_1.parseLanguage(""), undefined);
+});
+ava_1.default("isTracedLanguage", async (t) => {
+    t.true(languages_1.isTracedLanguage(languages_1.Language.cpp));
+    t.true(languages_1.isTracedLanguage(languages_1.Language.java));
+    t.true(languages_1.isTracedLanguage(languages_1.Language.csharp));
+    t.false(languages_1.isTracedLanguage(languages_1.Language.go));
+    t.false(languages_1.isTracedLanguage(languages_1.Language.javascript));
+    t.false(languages_1.isTracedLanguage(languages_1.Language.python));
+});
+ava_1.default("isScannedLanguage", async (t) => {
+    t.false(languages_1.isScannedLanguage(languages_1.Language.cpp));
+    t.false(languages_1.isScannedLanguage(languages_1.Language.java));
+    t.false(languages_1.isScannedLanguage(languages_1.Language.csharp));
+    t.true(languages_1.isScannedLanguage(languages_1.Language.go));
+    t.true(languages_1.isScannedLanguage(languages_1.Language.javascript));
+    t.true(languages_1.isScannedLanguage(languages_1.Language.python));
+});
+//# sourceMappingURL=languages.test.js.map

lib/languages.test.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"languages.test.js","sourceRoot":"","sources":["../src/languages.test.ts"],"names":[],"mappings":";;;;;AAAA,8CAAuB;AAEvB,2CAKqB;AACrB,mDAA6C;AAE7C,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,eAAe,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IAChC,gBAAgB;IAChB,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,QAAQ,CAAC,EAAE,oBAAQ,CAAC,MAAM,CAAC,CAAC;IACtD,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,KAAK,CAAC,EAAE,oBAAQ,CAAC,GAAG,CAAC,CAAC;IAChD,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,IAAI,CAAC,EAAE,oBAAQ,CAAC,EAAE,CAAC,CAAC;IAC9C,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,MAAM,CAAC,EAAE,oBAAQ,CAAC,IAAI,CAAC,CAAC;IAClD,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,YAAY,CAAC,EAAE,oBAAQ,CAAC,UAAU,CAAC,CAAC;IAC9D,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,QAAQ,CAAC,EAAE,oBAAQ,CAAC,MAAM,CAAC,CAAC;IAEtD,UAAU;IACV,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,GAAG,CAAC,EAAE,oBAAQ,CAAC,GAAG,CAAC,CAAC;IAC9C,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,KAAK,CAAC,EAAE,oBAAQ,CAAC,GAAG,CAAC,CAAC;IAChD,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,IAAI,CAAC,EAAE,oBAAQ,CAAC,MAAM,CAAC,CAAC;IAClD,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,YAAY,CAAC,EAAE,oBAAQ,CAAC,UAAU,CAAC,CAAC;IAE9D,cAAc;IACd,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,KAAK,CAAC,EAAE,SAAS,CAAC,CAAC;IAC7C,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,GAAG,CAAC,EAAE,SAAS,CAAC,CAAC;IAC3C,CAAC,CAAC,SAAS,CAAC,yBAAa,CAAC,EAAE,CAAC,EAAE,SAAS,CAAC,CAAC;AAC5C,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,kBAAkB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACnC,CAAC,CAAC,IAAI,CAAC,4BAAgB,CAAC,oBAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC,IAAI,CAAC,4BAAgB,CAAC,oBAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IACxC,CAAC,CAAC,IAAI,CAAC,4BAAgB,CAAC,oBAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IAE1C,CAAC,CAAC,KAAK,CAAC,4BAAgB,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC,KAAK,CAAC,4BAAgB,CAAC,oBAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;IAC/C,CAAC,CAAC,KAAK,CAAC,4BAAgB,CAAC,oBAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;AAC7C,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,mBAAmB,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;IACpC,CAAC,CAAC,KAAK,CAAC,6BAAiB,CAAC,oBAAQ,CAAC,GAAG,CAAC,CAAC,CAAC;IACzC,CAAC,CAAC,KAAK,CAAC,6BAAiB,CAAC,oBAAQ,CAAC,IAAI,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,KAAK,CAAC,6BAAiB,CAAC,oBAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;IAE5C,CAAC,CAAC,IAAI,CAAC,6BAAiB,CAAC,oBAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IACvC,CAAC,CAAC,IAAI,CAAC,6BAAiB,CAAC,oBAAQ,CAAC,UAAU,CAAC,CAAC,CAAC;IAC/C,CAAC,CAAC,IAAI,CAAC,6BAAiB,CAAC,oBAAQ,CAAC,MAAM,CAAC,CAAC,CAAC;AAC7C,CAAC,CAAC,CAAC"}

lib/logging.js

@@ -0,0 +1,26 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core = __importStar(require("@actions/core"));
+function getActionsLogger() {
+    return core;
+}
+exports.getActionsLogger = getActionsLogger;
+function getRunnerLogger(debugMode) {
+    return {
+        debug: debugMode ? console.debug : () => undefined,
+        info: console.info,
+        warning: console.warn,
+        error: console.error,
+        startGroup: () => undefined,
+        endGroup: () => undefined,
+    };
+}
+exports.getRunnerLogger = getRunnerLogger;
+//# sourceMappingURL=logging.js.map

lib/logging.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"logging.js","sourceRoot":"","sources":["../src/logging.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAYtC,SAAgB,gBAAgB;IAC9B,OAAO,IAAI,CAAC;AACd,CAAC;AAFD,4CAEC;AAED,SAAgB,eAAe,CAAC,SAAkB;IAChD,OAAO;QACL,KAAK,EAAE,SAAS,CAAC,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC,SAAS;QAClD,IAAI,EAAE,OAAO,CAAC,IAAI;QAClB,OAAO,EAAE,OAAO,CAAC,IAAI;QACrB,KAAK,EAAE,OAAO,CAAC,KAAK;QACpB,UAAU,EAAE,GAAG,EAAE,CAAC,SAAS;QAC3B,QAAQ,EAAE,GAAG,EAAE,CAAC,SAAS;KAC1B,CAAC;AACJ,CAAC;AATD,0CASC"}

lib/repository.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+function parseRepositoryNwo(input) {
+    const parts = input.split("/");
+    if (parts.length !== 2) {
+        throw new Error(`"${input}" is not a valid repository name`);
+    }
+    return {
+        owner: parts[0],
+        repo: parts[1],
+    };
+}
+exports.parseRepositoryNwo = parseRepositoryNwo;
+//# sourceMappingURL=repository.js.map

lib/repository.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"repository.js","sourceRoot":"","sources":["../src/repository.ts"],"names":[],"mappings":";;AAMA,SAAgB,kBAAkB,CAAC,KAAa;IAC9C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QACtB,MAAM,IAAI,KAAK,CAAC,IAAI,KAAK,kCAAkC,CAAC,CAAC;KAC9D;IACD,OAAO;QACL,KAAK,EAAE,KAAK,CAAC,CAAC,CAAC;QACf,IAAI,EAAE,KAAK,CAAC,CAAC,CAAC;KACf,CAAC;AACJ,CAAC;AATD,gDASC"}

lib/runner.js

@@ -0,0 +1,269 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const commander_1 = require("commander");
+const fs = __importStar(require("fs"));
+const os = __importStar(require("os"));
+const path = __importStar(require("path"));
+const analyze_1 = require("./analyze");
+const autobuild_1 = require("./autobuild");
+const codeql_1 = require("./codeql");
+const config_utils_1 = require("./config-utils");
+const init_1 = require("./init");
+const languages_1 = require("./languages");
+const logging_1 = require("./logging");
+const repository_1 = require("./repository");
+const upload_lib = __importStar(require("./upload-lib"));
+const util_1 = require("./util");
+const program = new commander_1.Command();
+program.version("0.0.1");
+function parseGithubUrl(inputUrl) {
+    try {
+        const url = new URL(inputUrl);
+        // If we detect this is trying to be to github.com
+        // then return with a fixed canonical URL.
+        if (url.hostname === "github.com" || url.hostname === "api.github.com") {
+            return "https://github.com";
+        }
+        // Remove the API prefix if it's present
+        if (url.pathname.indexOf("/api/v3") !== -1) {
+            url.pathname = url.pathname.substring(0, url.pathname.indexOf("/api/v3"));
+        }
+        return url.toString();
+    }
+    catch (e) {
+        throw new Error(`"${inputUrl}" is not a valid URL`);
+    }
+}
+function getTempDir(userInput) {
+    const tempDir = path.join(userInput || process.cwd(), "codeql-runner");
+    if (!fs.existsSync(tempDir)) {
+        fs.mkdirSync(tempDir, { recursive: true });
+    }
+    return tempDir;
+}
+function getToolsDir(userInput) {
+    const toolsDir = userInput || path.join(os.homedir(), "codeql-runner-tools");
+    if (!fs.existsSync(toolsDir)) {
+        fs.mkdirSync(toolsDir, { recursive: true });
+    }
+    return toolsDir;
+}
+const codeqlEnvJsonFilename = "codeql-env.json";
+// Imports the environment from codeqlEnvJsonFilename if not already present
+function importTracerEnvironment(config) {
+    if (!("ODASA_TRACER_CONFIGURATION" in process.env)) {
+        const jsonEnvFile = path.join(config.tempDir, codeqlEnvJsonFilename);
+        const env = JSON.parse(fs.readFileSync(jsonEnvFile).toString("utf-8"));
+        Object.keys(env).forEach((key) => (process.env[key] = env[key]));
+    }
+}
+// Allow the user to specify refs in full refs/heads/branch format
+// or just the short branch name and prepend "refs/heads/" to it.
+function parseRef(userInput) {
+    if (userInput.startsWith("refs/")) {
+        return userInput;
+    }
+    else {
+        return `refs/heads/${userInput}`;
+    }
+}
+// Parses the --trace-process-name arg from process.argv, or returns undefined
+function parseTraceProcessName() {
+    for (let i = 0; i < process.argv.length - 1; i++) {
+        if (process.argv[i] === "--trace-process-name") {
+            return process.argv[i + 1];
+        }
+    }
+    return undefined;
+}
+// Parses the --trace-process-level arg from process.argv, or returns undefined
+function parseTraceProcessLevel() {
+    for (let i = 0; i < process.argv.length - 1; i++) {
+        if (process.argv[i] === "--trace-process-level") {
+            const v = parseInt(process.argv[i + 1], 10);
+            return isNaN(v) ? undefined : v;
+        }
+    }
+    return undefined;
+}
+program
+    .command("init")
+    .description("Initializes CodeQL")
+    .requiredOption("--repository <repository>", "Repository name. (Required)")
+    .requiredOption("--github-url <url>", "URL of GitHub instance. (Required)")
+    .requiredOption("--github-auth <auth>", "GitHub Apps token or personal access token. (Required)")
+    .option("--languages <languages>", "Comma-separated list of languages to analyze. Otherwise detects and analyzes all supported languages from the repo.")
+    .option("--queries <queries>", "Comma-separated list of additional queries to run. This overrides the same setting in a configuration file.")
+    .option("--config-file <file>", "Path to config file.")
+    .option("--codeql-path <path>", "Path to a copy of the CodeQL CLI executable to use. Otherwise downloads a copy.")
+    .option("--temp-dir <dir>", 'Directory to use for temporary files. Default is "./codeql-runner".')
+    .option("--tools-dir <dir>", "Directory to use for CodeQL tools and other files to store between runs. Default is a subdirectory of the home directory.")
+    .option("--checkout-path <path>", "Checkout path. Default is the current working directory.")
+    .option("--debug", "Print more verbose output", false)
+    // This prevents a message like: error: unknown option '--trace-process-level'
+    // Remove this if commander.js starts supporting hidden options.
+    .allowUnknownOption()
+    .action(async (cmd) => {
+    const logger = logging_1.getRunnerLogger(cmd.debug);
+    try {
+        const tempDir = getTempDir(cmd.tempDir);
+        const toolsDir = getToolsDir(cmd.toolsDir);
+        // Wipe the temp dir
+        logger.info(`Cleaning temp directory ${tempDir}`);
+        fs.rmdirSync(tempDir, { recursive: true });
+        fs.mkdirSync(tempDir, { recursive: true });
+        let codeql;
+        if (cmd.codeqlPath !== undefined) {
+            codeql = codeql_1.getCodeQL(cmd.codeqlPath);
+        }
+        else {
+            codeql = await init_1.initCodeQL(undefined, cmd.githubAuth, parseGithubUrl(cmd.githubUrl), tempDir, toolsDir, "runner", logger);
+        }
+        const config = await init_1.initConfig(cmd.languages, cmd.queries, cmd.configFile, repository_1.parseRepositoryNwo(cmd.repository), tempDir, toolsDir, codeql, cmd.checkoutPath || process.cwd(), cmd.githubAuth, parseGithubUrl(cmd.githubUrl), logger);
+        const tracerConfig = await init_1.runInit(codeql, config);
+        if (tracerConfig === undefined) {
+            return;
+        }
+        if (process.platform === "win32") {
+            await init_1.injectWindowsTracer(parseTraceProcessName(), parseTraceProcessLevel(), config, codeql, tracerConfig);
+        }
+        // Always output a json file of the env that can be consumed programatically
+        const jsonEnvFile = path.join(config.tempDir, codeqlEnvJsonFilename);
+        fs.writeFileSync(jsonEnvFile, JSON.stringify(tracerConfig.env));
+        if (process.platform === "win32") {
+            const batEnvFile = path.join(config.tempDir, "codeql-env.bat");
+            const batEnvFileContents = Object.entries(tracerConfig.env)
+                .map(([key, value]) => `Set ${key}=${value}`)
+                .join("\n");
+            fs.writeFileSync(batEnvFile, batEnvFileContents);
+            const powershellEnvFile = path.join(config.tempDir, "codeql-env.sh");
+            const powershellEnvFileContents = Object.entries(tracerConfig.env)
+                .map(([key, value]) => `$env:${key}="${value}"`)
+                .join("\n");
+            fs.writeFileSync(powershellEnvFile, powershellEnvFileContents);
+            logger.info(`\nCodeQL environment output to "${jsonEnvFile}", "${batEnvFile}" and "${powershellEnvFile}". ` +
+                `Please export these variables to future processes so the build can be traced. ` +
+                `If using cmd/batch run "call ${batEnvFile}" ` +
+                `or if using PowerShell run "cat ${powershellEnvFile} | Invoke-Expression".`);
+        }
+        else {
+            // Assume that anything that's not windows is using a unix-style shell
+            const shEnvFile = path.join(config.tempDir, "codeql-env.sh");
+            const shEnvFileContents = Object.entries(tracerConfig.env)
+                // Some vars contain ${LIB} that we do not want to be expanded when executing this script
+                .map(([key, value]) => `export ${key}="${value.replace("$", "\\$")}"`)
+                .join("\n");
+            fs.writeFileSync(shEnvFile, shEnvFileContents);
+            logger.info(`\nCodeQL environment output to "${jsonEnvFile}" and "${shEnvFile}". ` +
+                `Please export these variables to future processes so the build can be traced, ` +
+                `for example by running ". ${shEnvFile}".`);
+        }
+    }
+    catch (e) {
+        logger.error("Init failed");
+        logger.error(e);
+        process.exitCode = 1;
+    }
+});
+program
+    .command("autobuild")
+    .description("Attempts to automatically build code")
+    .option("--language <language>", "The language to build. Otherwise will detect the dominant compiled language.")
+    .option("--temp-dir <dir>", 'Directory to use for temporary files. Default is "./codeql-runner".')
+    .option("--debug", "Print more verbose output", false)
+    .action(async (cmd) => {
+    const logger = logging_1.getRunnerLogger(cmd.debug);
+    try {
+        const config = await config_utils_1.getConfig(getTempDir(cmd.tempDir), logger);
+        if (config === undefined) {
+            throw new Error("Config file could not be found at expected location. " +
+                "Was the 'init' command run with the same '--temp-dir' argument as this command.");
+        }
+        importTracerEnvironment(config);
+        let language = undefined;
+        if (cmd.language !== undefined) {
+            language = languages_1.parseLanguage(cmd.language);
+            if (language === undefined || !config.languages.includes(language)) {
+                throw new Error(`"${cmd.language}" is not a recognised language. ` +
+                    `Known languages in this project are ${config.languages.join(", ")}.`);
+            }
+        }
+        else {
+            language = autobuild_1.determineAutobuildLanguage(config, logger);
+        }
+        if (language !== undefined) {
+            await autobuild_1.runAutobuild(language, config, logger);
+        }
+    }
+    catch (e) {
+        logger.error("Autobuild failed");
+        logger.error(e);
+        process.exitCode = 1;
+    }
+});
+program
+    .command("analyze")
+    .description("Finishes extracting code and runs CodeQL queries")
+    .requiredOption("--repository <repository>", "Repository name. (Required)")
+    .requiredOption("--commit <commit>", "SHA of commit that was analyzed. (Required)")
+    .requiredOption("--ref <ref>", "Name of ref that was analyzed. (Required)")
+    .requiredOption("--github-url <url>", "URL of GitHub instance. (Required)")
+    .requiredOption("--github-auth <auth>", "GitHub Apps token or personal access token. (Required)")
+    .option("--checkout-path <path>", "Checkout path. Default is the current working directory.")
+    .option("--no-upload", "Do not upload results after analysis.")
+    .option("--output-dir <dir>", "Directory to output SARIF files to. Default is in the temp directory.")
+    .option("--ram <ram>", "Amount of memory to use when running queries. Default is to use all available memory.")
+    .option("--no-add-snippets", "Specify whether to include code snippets in the sarif output.")
+    .option("--threads <threads>", "Number of threads to use when running queries. " +
+    "Default is to use all available cores.")
+    .option("--temp-dir <dir>", 'Directory to use for temporary files. Default is "./codeql-runner".')
+    .option("--debug", "Print more verbose output", false)
+    .action(async (cmd) => {
+    const logger = logging_1.getRunnerLogger(cmd.debug);
+    try {
+        const tempDir = getTempDir(cmd.tempDir);
+        const outputDir = cmd.outputDir || path.join(tempDir, "codeql-sarif");
+        const config = await config_utils_1.getConfig(getTempDir(cmd.tempDir), logger);
+        if (config === undefined) {
+            throw new Error("Config file could not be found at expected location. " +
+                "Was the 'init' command run with the same '--temp-dir' argument as this command.");
+        }
+        await analyze_1.runAnalyze(repository_1.parseRepositoryNwo(cmd.repository), cmd.commit, parseRef(cmd.ref), undefined, undefined, undefined, cmd.checkoutPath || process.cwd(), undefined, cmd.githubAuth, parseGithubUrl(cmd.githubUrl), cmd.upload, "runner", outputDir, util_1.getMemoryFlag(cmd.ram), util_1.getAddSnippetsFlag(cmd.addSnippets), util_1.getThreadsFlag(cmd.threads, logger), config, logger);
+    }
+    catch (e) {
+        logger.error("Analyze failed");
+        logger.error(e);
+        process.exitCode = 1;
+    }
+});
+program
+    .command("upload")
+    .description("Uploads a SARIF file, or all SARIF files from a directory, to code scanning")
+    .requiredOption("--sarif-file <file>", "SARIF file to upload, or a directory containing multiple SARIF files. (Required)")
+    .requiredOption("--repository <repository>", "Repository name. (Required)")
+    .requiredOption("--commit <commit>", "SHA of commit that was analyzed. (Required)")
+    .requiredOption("--ref <ref>", "Name of ref that was analyzed. (Required)")
+    .requiredOption("--github-url <url>", "URL of GitHub instance. (Required)")
+    .requiredOption("--github-auth <auth>", "GitHub Apps token or personal access token. (Required)")
+    .option("--checkout-path <path>", "Checkout path. Default is the current working directory.")
+    .option("--debug", "Print more verbose output", false)
+    .action(async (cmd) => {
+    const logger = logging_1.getRunnerLogger(cmd.debug);
+    try {
+        await upload_lib.upload(cmd.sarifFile, repository_1.parseRepositoryNwo(cmd.repository), cmd.commit, parseRef(cmd.ref), undefined, undefined, undefined, cmd.checkoutPath || process.cwd(), undefined, cmd.githubAuth, parseGithubUrl(cmd.githubUrl), "runner", logger);
+    }
+    catch (e) {
+        logger.error("Upload failed");
+        logger.error(e);
+        process.exitCode = 1;
+    }
+});
+program.parse(process.argv);
+//# sourceMappingURL=runner.js.map

lib/setup-tools.js

@@ -1,76 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
-const toolcache = __importStar(require("@actions/tool-cache"));
-const path = __importStar(require("path"));
-const semver = __importStar(require("semver"));
-class CodeQLSetup {
-    constructor(codeqlDist) {
-        this.dist = codeqlDist;
-        this.tools = path.join(this.dist, 'tools');
-        this.cmd = path.join(codeqlDist, 'codeql');
-        // TODO check process.arch ?
-        if (process.platform === 'win32') {
-            this.platform = 'win64';
-            if (this.cmd.endsWith('codeql')) {
-                this.cmd += ".cmd";
-            }
-        }
-        else if (process.platform === 'linux') {
-            this.platform = 'linux64';
-        }
-        else if (process.platform === 'darwin') {
-            this.platform = 'osx64';
-        }
-        else {
-            throw new Error("Unsupported plaform: " + process.platform);
-        }
-    }
-}
-exports.CodeQLSetup = CodeQLSetup;
-async function setupCodeQL() {
-    try {
-        const codeqlURL = core.getInput('tools', { required: true });
-        const codeqlURLVersion = getCodeQLURLVersion(codeqlURL);
-        let codeqlFolder = toolcache.find('CodeQL', codeqlURLVersion);
-        if (codeqlFolder) {
-            core.debug(`CodeQL found in cache ${codeqlFolder}`);
-        }
-        else {
-            const codeqlPath = await toolcache.downloadTool(codeqlURL);
-            const codeqlExtracted = await toolcache.extractTar(codeqlPath);
-            codeqlFolder = await toolcache.cacheDir(codeqlExtracted, 'CodeQL', codeqlURLVersion);
-        }
-        return new CodeQLSetup(path.join(codeqlFolder, 'codeql'));
-    }
-    catch (e) {
-        core.error(e);
-        throw new Error("Unable to download and extract CodeQL CLI");
-    }
-}
-exports.setupCodeQL = setupCodeQL;
-function getCodeQLURLVersion(url) {
-    const match = url.match(/\/codeql-bundle-(.*)\//);
-    if (match === null || match.length < 2) {
-        throw new Error(`Malformed tools url: ${url}. Version could not be inferred`);
-    }
-    let version = match[1];
-    if (!semver.valid(version)) {
-        core.debug(`Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`);
-        version = '0.0.0-' + version;
-    }
-    const s = semver.clean(version);
-    if (!s) {
-        throw new Error(`Malformed tools url ${url}. Version should be in SemVer format but have ${version} instead`);
-    }
-    return s;
-}
-exports.getCodeQLURLVersion = getCodeQLURLVersion;
-//# sourceMappingURL=setup-tools.js.map

lib/setup-tools.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"setup-tools.js","sourceRoot":"","sources":["../src/setup-tools.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,+DAAiD;AACjD,2CAA6B;AAC7B,+CAAiC;AAEjC,MAAa,WAAW;IAMpB,YAAY,UAAkB;QAC1B,IAAI,CAAC,IAAI,GAAG,UAAU,CAAC;QACvB,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC;QAC3C,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;QAC3C,4BAA4B;QAC5B,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAC9B,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;YACxB,IAAI,IAAI,CAAC,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE;gBAC7B,IAAI,CAAC,GAAG,IAAI,MAAM,CAAC;aACtB;SACJ;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YACrC,IAAI,CAAC,QAAQ,GAAG,SAAS,CAAC;SAC7B;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE;YACtC,IAAI,CAAC,QAAQ,GAAG,OAAO,CAAC;SAC3B;aAAM;YACH,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;SAC/D;IACL,CAAC;CACJ;AAxBD,kCAwBC;AAEM,KAAK,UAAU,WAAW;IAC7B,IAAI;QACA,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7D,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAExD,IAAI,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAC9D,IAAI,YAAY,EAAE;YACd,IAAI,CAAC,KAAK,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;SACvD;aAAM;YACH,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YAC3D,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC/D,YAAY,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;SACxF;QACD,OAAO,IAAI,WAAW,CAAC,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,CAAC,CAAC,CAAC;KAE7D;IAAC,OAAO,CAAC,EAAE;QACR,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;KAChE;AACL,CAAC;AAnBD,kCAmBC;AAED,SAAgB,mBAAmB,CAAC,GAAW;IAE3C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAClD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;QACpC,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,iCAAiC,CAAC,CAAC;KACjF;IAED,IAAI,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAEvB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE;QACxB,IAAI,CAAC,KAAK,CAAC,kBAAkB,OAAO,gEAAgE,OAAO,GAAG,CAAC,CAAC;QAChH,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC;KAChC;IAED,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAChC,IAAI,CAAC,CAAC,EAAE;QACJ,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,iDAAiD,OAAO,UAAU,CAAC,CAAC;KACjH;IAED,OAAO,CAAC,CAAC;AACb,CAAC;AApBD,kDAoBC"}

lib/setup-tools.test.js

@@ -1,58 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const toolcache = __importStar(require("@actions/tool-cache"));
-const ava_1 = __importDefault(require("ava"));
-const nock_1 = __importDefault(require("nock"));
-const path = __importStar(require("path"));
-const setupTools = __importStar(require("./setup-tools"));
-const util = __importStar(require("./util"));
-ava_1.default('download codeql bundle cache', async (t) => {
-    await util.withTmpDir(async (tmpDir) => {
-        process.env['GITHUB_WORKSPACE'] = tmpDir;
-        process.env['RUNNER_TEMP'] = path.join(tmpDir, 'temp');
-        process.env['RUNNER_TOOL_CACHE'] = path.join(tmpDir, 'cache');
-        const versions = ['20200601', '20200610'];
-        for (let i = 0; i < versions.length; i++) {
-            const version = versions[i];
-            nock_1.default('https://example.com')
-                .get(`/download/codeql-bundle-${version}/codeql-bundle.tar.gz`)
-                .replyWithFile(200, path.join(__dirname, `/../src/testdata/codeql-bundle.tar.gz`));
-            process.env['INPUT_TOOLS'] = `https://example.com/download/codeql-bundle-${version}/codeql-bundle.tar.gz`;
-            await setupTools.setupCodeQL();
-            t.assert(toolcache.find('CodeQL', `0.0.0-${version}`));
-        }
-        const cachedVersions = toolcache.findAllVersions('CodeQL');
-        t.is(cachedVersions.length, 2);
-    });
-});
-ava_1.default('parse codeql bundle url version', t => {
-    const tests = {
-        '20200601': '0.0.0-20200601',
-        '20200601.0': '0.0.0-20200601.0',
-        '20200601.0.0': '20200601.0.0',
-        '1.2.3': '1.2.3',
-        '1.2.3-alpha': '1.2.3-alpha',
-        '1.2.3-beta.1': '1.2.3-beta.1',
-    };
-    for (const [version, expectedVersion] of Object.entries(tests)) {
-        const url = `https://github.com/.../codeql-bundle-${version}/...`;
-        try {
-            const parsedVersion = setupTools.getCodeQLURLVersion(url);
-            t.deepEqual(parsedVersion, expectedVersion);
-        }
-        catch (e) {
-            t.fail(e.message);
-        }
-    }
-});
-//# sourceMappingURL=setup-tools.test.js.map

lib/setup-tools.test.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"setup-tools.test.js","sourceRoot":"","sources":["../src/setup-tools.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,+DAAiD;AACjD,8CAAuB;AACvB,gDAAwB;AACxB,2CAA6B;AAE7B,0DAA4C;AAC5C,6CAA+B;AAE/B,aAAI,CAAC,8BAA8B,EAAE,KAAK,EAAC,CAAC,EAAC,EAAE;IAE3C,MAAM,IAAI,CAAC,UAAU,CAAC,KAAK,EAAC,MAAM,EAAC,EAAE;QAEjC,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,GAAG,MAAM,CAAC;QAEzC,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;QACvD,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;QAE9D,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,UAAU,CAAC,CAAC;QAE1C,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,QAAQ,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE;YACtC,MAAM,OAAO,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC;YAE5B,cAAI,CAAC,qBAAqB,CAAC;iBACtB,GAAG,CAAC,2BAA2B,OAAO,uBAAuB,CAAC;iBAC9D,aAAa,CAAC,GAAG,EAAE,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,uCAAuC,CAAC,CAAC,CAAC;YAGvF,OAAO,CAAC,GAAG,CAAC,aAAa,CAAC,GAAG,8CAA8C,OAAO,uBAAuB,CAAC;YAE1G,MAAM,UAAU,CAAC,WAAW,EAAE,CAAC;YAE/B,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,OAAO,EAAE,CAAC,CAAC,CAAC;SAC1D;QAED,MAAM,cAAc,GAAG,SAAS,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;QAE3D,CAAC,CAAC,EAAE,CAAC,cAAc,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;IACnC,CAAC,CAAC,CAAC;AACP,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAExC,MAAM,KAAK,GAAG;QACV,UAAU,EAAE,gBAAgB;QAC5B,YAAY,EAAE,kBAAkB;QAChC,cAAc,EAAE,cAAc;QAC9B,OAAO,EAAE,OAAO;QAChB,aAAa,EAAE,aAAa;QAC5B,cAAc,EAAE,cAAc;KACjC,CAAC;IAEF,KAAK,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE;QAC5D,MAAM,GAAG,GAAG,wCAAwC,OAAO,MAAM,CAAC;QAElE,IAAI;YACA,MAAM,aAAa,GAAG,UAAU,CAAC,mBAAmB,CAAC,GAAG,CAAC,CAAC;YAC1D,CAAC,CAAC,SAAS,CAAC,aAAa,EAAE,eAAe,CAAC,CAAC;SAC/C;QAAC,OAAO,CAAC,EAAE;YACR,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;SACrB;KACJ;AACL,CAAC,CAAC,CAAC"}

lib/setup-tracer.js

@@ -1,216 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
-const exec = __importStar(require("@actions/exec"));
-const io = __importStar(require("@actions/io"));
-const fs = __importStar(require("fs"));
-const path = __importStar(require("path"));
-const analysisPaths = __importStar(require("./analysis-paths"));
-const configUtils = __importStar(require("./config-utils"));
-const setuptools = __importStar(require("./setup-tools"));
-const sharedEnv = __importStar(require("./shared-environment"));
-const util = __importStar(require("./util"));
-const CRITICAL_TRACER_VARS = new Set(['SEMMLE_PRELOAD_libtrace',
-    ,
-    'SEMMLE_RUNNER',
-    ,
-    'SEMMLE_COPY_EXECUTABLES_ROOT',
-    ,
-    'SEMMLE_DEPTRACE_SOCKET',
-    ,
-    'SEMMLE_JAVA_TOOL_OPTIONS'
-]);
-async function tracerConfig(codeql, database, compilerSpec) {
-    const compilerSpecArg = compilerSpec ? ["--compiler-spec=" + compilerSpec] : [];
-    let envFile = path.resolve(database, 'working', 'env.tmp');
-    await exec.exec(codeql.cmd, ['database', 'trace-command', database,
-        ...compilerSpecArg,
-        process.execPath, path.resolve(__dirname, 'tracer-env.js'), envFile]);
-    const env = JSON.parse(fs.readFileSync(envFile, 'utf-8'));
-    const config = env['ODASA_TRACER_CONFIGURATION'];
-    const info = { spec: config, env: {} };
-    // Extract critical tracer variables from the environment
-    for (let entry of Object.entries(env)) {
-        const key = entry[0];
-        const value = entry[1];
-        // skip ODASA_TRACER_CONFIGURATION as it is handled separately
-        if (key === 'ODASA_TRACER_CONFIGURATION') {
-            continue;
-        }
-        // skip undefined values
-        if (typeof value === 'undefined') {
-            continue;
-        }
-        // Keep variables that do not exist in current environment. In addition always keep
-        // critical and CODEQL_ variables
-        if (typeof process.env[key] === 'undefined' || CRITICAL_TRACER_VARS.has(key) || key.startsWith('CODEQL_')) {
-            info.env[key] = value;
-        }
-    }
-    return info;
-}
-function concatTracerConfigs(configs) {
-    // A tracer config is a map containing additional environment variables and a tracer 'spec' file.
-    // A tracer 'spec' file has the following format [log_file, number_of_blocks, blocks_text]
-    // Merge the environments
-    const env = {};
-    let copyExecutables = false;
-    let envSize = 0;
-    for (let v of Object.values(configs)) {
-        for (let e of Object.entries(v.env)) {
-            const name = e[0];
-            const value = e[1];
-            // skip SEMMLE_COPY_EXECUTABLES_ROOT as it is handled separately
-            if (name === 'SEMMLE_COPY_EXECUTABLES_ROOT') {
-                copyExecutables = true;
-            }
-            else if (name in env) {
-                if (env[name] !== value) {
-                    throw Error('Incompatible values in environment parameter ' +
-                        name + ': ' + env[name] + ' and ' + value);
-                }
-            }
-            else {
-                env[name] = value;
-                envSize += 1;
-            }
-        }
-    }
-    // Concatenate spec files into a new spec file
-    let languages = Object.keys(configs);
-    const cppIndex = languages.indexOf('cpp');
-    // Make sure cpp is the last language, if it's present since it must be concatenated last
-    if (cppIndex !== -1) {
-        let lastLang = languages[languages.length - 1];
-        languages[languages.length - 1] = languages[cppIndex];
-        languages[cppIndex] = lastLang;
-    }
-    let totalLines = [];
-    let totalCount = 0;
-    for (let lang of languages) {
-        const lines = fs.readFileSync(configs[lang].spec, 'utf8').split(/\r?\n/);
-        const count = parseInt(lines[1], 10);
-        totalCount += count;
-        totalLines.push(...lines.slice(2));
-    }
-    const tempFolder = util.getRequiredEnvParam('RUNNER_TEMP');
-    const newLogFilePath = path.resolve(tempFolder, 'compound-build-tracer.log');
-    const spec = path.resolve(tempFolder, 'compound-spec');
-    const compoundTempFolder = path.resolve(tempFolder, 'compound-temp');
-    const newSpecContent = [newLogFilePath, totalCount.toString(10), ...totalLines];
-    if (copyExecutables) {
-        env['SEMMLE_COPY_EXECUTABLES_ROOT'] = compoundTempFolder;
-        envSize += 1;
-    }
-    fs.writeFileSync(spec, newSpecContent.join('\n'));
-    // Prepare the content of the compound environment file
-    let buffer = Buffer.alloc(4);
-    buffer.writeInt32LE(envSize, 0);
-    for (let e of Object.entries(env)) {
-        const key = e[0];
-        const value = e[1];
-        const lineBuffer = new Buffer(key + '=' + value + '\0', 'utf8');
-        const sizeBuffer = Buffer.alloc(4);
-        sizeBuffer.writeInt32LE(lineBuffer.length, 0);
-        buffer = Buffer.concat([buffer, sizeBuffer, lineBuffer]);
-    }
-    // Write the compound environment
-    const envPath = spec + '.environment';
-    fs.writeFileSync(envPath, buffer);
-    return { env, spec };
-}
-async function run() {
-    try {
-        if (util.should_abort('init', false) || !await util.reportActionStarting('init')) {
-            return;
-        }
-        // The config file MUST be parsed in the init action
-        const config = await configUtils.loadConfig();
-        core.startGroup('Load language configuration');
-        const languages = await util.getLanguages();
-        // If the languages parameter was not given and no languages were
-        // detected then fail here as this is a workflow configuration error.
-        if (languages.length === 0) {
-            core.setFailed("Did not detect any languages to analyze. Please update input in workflow.");
-            return;
-        }
-        core.endGroup();
-        analysisPaths.includeAndExcludeAnalysisPaths(config, languages);
-        const sourceRoot = path.resolve();
-        core.startGroup('Setup CodeQL tools');
-        const codeqlSetup = await setuptools.setupCodeQL();
-        await exec.exec(codeqlSetup.cmd, ['version', '--format=json']);
-        core.endGroup();
-        // Forward Go flags
-        const goFlags = process.env['GOFLAGS'];
-        if (goFlags) {
-            core.exportVariable('GOFLAGS', goFlags);
-            core.warning("Passing the GOFLAGS env parameter to the init action is deprecated. Please move this to the analyze action.");
-        }
-        // Setup CODEQL_RAM flag (todo improve this https://github.com/github/dsp-code-scanning/issues/935)
-        const codeqlRam = process.env['CODEQL_RAM'] || '6500';
-        core.exportVariable('CODEQL_RAM', codeqlRam);
-        const databaseFolder = path.resolve(util.getRequiredEnvParam('RUNNER_TEMP'), 'codeql_databases');
-        await io.mkdirP(databaseFolder);
-        let tracedLanguages = {};
-        let scannedLanguages = [];
-        // TODO: replace this code once CodeQL supports multi-language tracing
-        for (let language of languages) {
-            const languageDatabase = path.join(databaseFolder, language);
-            // Init language database
-            await exec.exec(codeqlSetup.cmd, ['database', 'init', languageDatabase, '--language=' + language, '--source-root=' + sourceRoot]);
-            // TODO: add better detection of 'traced languages' instead of using a hard coded list
-            if (['cpp', 'java', 'csharp'].includes(language)) {
-                const config = await tracerConfig(codeqlSetup, languageDatabase);
-                tracedLanguages[language] = config;
-            }
-            else {
-                scannedLanguages.push(language);
-            }
-        }
-        const tracedLanguageKeys = Object.keys(tracedLanguages);
-        if (tracedLanguageKeys.length > 0) {
-            const mainTracerConfig = concatTracerConfigs(tracedLanguages);
-            if (mainTracerConfig.spec) {
-                for (let entry of Object.entries(mainTracerConfig.env)) {
-                    core.exportVariable(entry[0], entry[1]);
-                }
-                core.exportVariable('ODASA_TRACER_CONFIGURATION', mainTracerConfig.spec);
-                if (process.platform === 'darwin') {
-                    core.exportVariable('DYLD_INSERT_LIBRARIES', path.join(codeqlSetup.tools, 'osx64', 'libtrace.dylib'));
-                }
-                else if (process.platform === 'win32') {
-                    await exec.exec('powershell', [path.resolve(__dirname, '..', 'src', 'inject-tracer.ps1'),
-                        path.resolve(codeqlSetup.tools, 'win64', 'tracer.exe')], { env: { 'ODASA_TRACER_CONFIGURATION': mainTracerConfig.spec } });
-                }
-                else {
-                    core.exportVariable('LD_PRELOAD', path.join(codeqlSetup.tools, 'linux64', '${LIB}trace.so'));
-                }
-            }
-        }
-        core.exportVariable(sharedEnv.CODEQL_ACTION_SCANNED_LANGUAGES, scannedLanguages.join(','));
-        core.exportVariable(sharedEnv.CODEQL_ACTION_TRACED_LANGUAGES, tracedLanguageKeys.join(','));
-        // TODO: make this a "private" environment variable of the action
-        core.exportVariable(sharedEnv.CODEQL_ACTION_DATABASE_DIR, databaseFolder);
-        core.exportVariable(sharedEnv.CODEQL_ACTION_CMD, codeqlSetup.cmd);
-    }
-    catch (error) {
-        core.setFailed(error.message);
-        await util.reportActionFailed('init', error.message, error.stack);
-        return;
-    }
-    await util.reportActionSucceeded('init');
-    core.exportVariable(sharedEnv.CODEQL_ACTION_INIT_COMPLETED, 'true');
-}
-run().catch(e => {
-    core.setFailed("init action failed: " + e);
-    console.log(e);
-});
-//# sourceMappingURL=setup-tracer.js.map

lib/shared-environment.js

@@ -1,18 +1,10 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.CODEQL_ACTION_CMD = 'CODEQL_ACTION_CMD';
-exports.CODEQL_ACTION_DATABASE_DIR = 'CODEQL_ACTION_DATABASE_DIR';
-exports.CODEQL_ACTION_LANGUAGES = 'CODEQL_ACTION_LANGUAGES';
-exports.CODEQL_ACTION_ANALYSIS_KEY = 'CODEQL_ACTION_ANALYSIS_KEY';
-exports.ODASA_TRACER_CONFIGURATION = 'ODASA_TRACER_CONFIGURATION';
-exports.CODEQL_ACTION_SCANNED_LANGUAGES = 'CODEQL_ACTION_SCANNED_LANGUAGES';
-exports.CODEQL_ACTION_TRACED_LANGUAGES = 'CODEQL_ACTION_TRACED_LANGUAGES';
+exports.ODASA_TRACER_CONFIGURATION = "ODASA_TRACER_CONFIGURATION";
 // The time at which the first action (normally init) started executing.
 // If a workflow invokes a different action without first invoking the init
 // action (i.e. the upload action is being used by a third-party integrator)
 // then this variable will be assigned the start time of the action invoked
 // rather that the init action.
-exports.CODEQL_ACTION_STARTED_AT = 'CODEQL_ACTION_STARTED_AT';
-// Populated when the init action completes successfully
-exports.CODEQL_ACTION_INIT_COMPLETED = 'CODEQL_ACTION_INIT_COMPLETED';
+exports.CODEQL_WORKFLOW_STARTED_AT = "CODEQL_WORKFLOW_STARTED_AT";
 //# sourceMappingURL=shared-environment.js.map

lib/shared-environment.js.map

@@ -1 +1 @@
-{"version":3,"file":"shared-environment.js","sourceRoot":"","sources":["../src/shared-environment.ts"],"names":[],"mappings":";;AAAa,QAAA,iBAAiB,GAAG,mBAAmB,CAAC;AACxC,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,uBAAuB,GAAG,yBAAyB,CAAC;AACpD,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AAC1D,QAAA,+BAA+B,GAAG,iCAAiC,CAAC;AACpE,QAAA,8BAA8B,GAAG,gCAAgC,CAAC;AAC/E,wEAAwE;AACxE,2EAA2E;AAC3E,4EAA4E;AAC5E,2EAA2E;AAC3E,+BAA+B;AAClB,QAAA,wBAAwB,GAAG,0BAA0B,CAAC;AACnE,wDAAwD;AAC3C,QAAA,4BAA4B,GAAG,8BAA8B,CAAC"}
+{"version":3,"file":"shared-environment.js","sourceRoot":"","sources":["../src/shared-environment.ts"],"names":[],"mappings":";;AAAa,QAAA,0BAA0B,GAAG,4BAA4B,CAAC;AACvE,wEAAwE;AACxE,2EAA2E;AAC3E,4EAA4E;AAC5E,2EAA2E;AAC3E,+BAA+B;AAClB,QAAA,0BAA0B,GAAG,4BAA4B,CAAC"}

lib/test-utils.js

@@ -1,22 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-function silenceDebugOutput(test) {
-    const typedTest = test;
-    typedTest.beforeEach(t => {
-        const processStdoutWrite = process.stdout.write.bind(process.stdout);
-        t.context.write = processStdoutWrite;
-        process.stdout.write = (str, encoding, cb) => {
-            // Core library will directly call process.stdout.write for commands
-            // We don't want :: commands to be executed by the runner during tests
-            if (!str.match(/^::/)) {
-                processStdoutWrite(str, encoding, cb);
-            }
-            return true;
-        };
-    });
-    typedTest.afterEach(t => {
-        process.stdout.write = t.context.write;
-    });
-}
-exports.silenceDebugOutput = silenceDebugOutput;
-//# sourceMappingURL=test-utils.js.map

lib/test-utils.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"test-utils.js","sourceRoot":"","sources":["../src/test-utils.ts"],"names":[],"mappings":";;AAEA,SAAgB,kBAAkB,CAAC,IAAwB;IACzD,MAAM,SAAS,GAAG,IAAmC,CAAC;IAEtD,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;QACrB,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,KAAK,GAAG,kBAAkB,CAAC;QACrC,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,GAAQ,EAAE,QAAc,EAAE,EAA0B,EAAE,EAAE;YAC5E,oEAAoE;YACpE,sEAAsE;YACtE,IAAI,CAAC,GAAG,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE;gBACnB,kBAAkB,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;aACzC;YACD,OAAO,IAAI,CAAC;QAChB,CAAC,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE;QACpB,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC;AAnBD,gDAmBC"}

lib/testing-utils.js

@@ -1,28 +1,75 @@
 "use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
 Object.defineProperty(exports, "__esModule", { value: true });
-function silenceDebugOutput(test) {
+const sinon_1 = __importDefault(require("sinon"));
+const CodeQL = __importStar(require("./codeql"));
+function wrapOutput(context) {
+    // Function signature taken from Socket.write.
+    // Note there are two overloads:
+    // write(buffer: Uint8Array | string, cb?: (err?: Error) => void): boolean;
+    // write(str: Uint8Array | string, encoding?: string, cb?: (err?: Error) => void): boolean;
+    return (chunk, encoding, cb) => {
+        // Work out which method overload we are in
+        if (cb === undefined && typeof encoding === "function") {
+            cb = encoding;
+            encoding = undefined;
+        }
+        // Record the output
+        if (typeof chunk === "string") {
+            context.testOutput += chunk;
+        }
+        else {
+            context.testOutput += new TextDecoder(encoding || "utf-8").decode(chunk);
+        }
+        // Satisfy contract by calling callback when done
+        if (cb !== undefined && typeof cb === "function") {
+            cb();
+        }
+        return true;
+    };
+}
+function setupTests(test) {
     const typedTest = test;
-    typedTest.beforeEach(t => {
+    typedTest.beforeEach((t) => {
+        // Set an empty CodeQL object so that all method calls will fail
+        // unless the test explicitly sets one up.
+        CodeQL.setCodeQL({});
+        // Replace stdout and stderr so we can record output during tests
+        t.context.testOutput = "";
         const processStdoutWrite = process.stdout.write.bind(process.stdout);
-        t.context.write = processStdoutWrite;
-        process.stdout.write = (str, encoding, cb) => {
-            // Core library will directly call process.stdout.write for commands
-            // We don't want debug output to be included in tests
-            if (typeof str === "string") {
-                str = str.replace(/::(info|debug|warning).*/, '');
-                if (str.trim() !== "") {
-                    processStdoutWrite(str, encoding, cb);
-                }
-            }
-            else {
-                processStdoutWrite(str, encoding, cb);
-            }
-            return true;
-        };
+        t.context.stdoutWrite = processStdoutWrite;
+        process.stdout.write = wrapOutput(t.context);
+        const processStderrWrite = process.stderr.write.bind(process.stderr);
+        t.context.stderrWrite = processStderrWrite;
+        process.stderr.write = wrapOutput(t.context);
+        // Many tests modify environment variables. Take a copy now so that
+        // we reset them after the test to keep tests independent of each other.
+        // process.env only has strings fields, so a shallow copy is fine.
+        t.context.env = {};
+        Object.assign(t.context.env, process.env);
     });
-    typedTest.afterEach(t => {
-        process.stdout.write = t.context.write;
+    typedTest.afterEach.always((t) => {
+        // Restore stdout and stderr
+        // The captured output is only replayed if the test failed
+        process.stdout.write = t.context.stdoutWrite;
+        process.stderr.write = t.context.stderrWrite;
+        if (!t.passed) {
+            process.stdout.write(t.context.testOutput);
+        }
+        // Undo any modifications made by sinon
+        sinon_1.default.restore();
+        // Undo any modifications to the env
+        process.env = t.context.env;
     });
 }
-exports.silenceDebugOutput = silenceDebugOutput;
+exports.setupTests = setupTests;
 //# sourceMappingURL=testing-utils.js.map

lib/testing-utils.js.map

@@ -1 +1 @@
-{"version":3,"file":"testing-utils.js","sourceRoot":"","sources":["../src/testing-utils.ts"],"names":[],"mappings":";;AAEA,SAAgB,kBAAkB,CAAC,IAAwB;IACzD,MAAM,SAAS,GAAG,IAAmC,CAAC;IAEtD,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE;QACrB,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,KAAK,GAAG,kBAAkB,CAAC;QACrC,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,GAAwB,EAAE,QAAc,EAAE,EAA0B,EAAE,EAAE;YAC5F,oEAAoE;YACpE,qDAAqD;YACrD,IAAI,OAAO,GAAG,KAAK,QAAQ,EAAE;gBAC3B,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,0BAA0B,EAAE,EAAE,CAAC,CAAC;gBAClD,IAAI,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,EAAE;oBACnB,kBAAkB,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;iBACzC;aACF;iBAAM;gBACL,kBAAkB,CAAC,GAAG,EAAE,QAAQ,EAAE,EAAE,CAAC,CAAC;aACvC;YACD,OAAO,IAAI,CAAC;QAChB,CAAC,CAAC;IACN,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,EAAE;QACpB,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,KAAK,CAAC;IAC3C,CAAC,CAAC,CAAC;AACL,CAAC;AAxBD,gDAwBC"}
+{"version":3,"file":"testing-utils.js","sourceRoot":"","sources":["../src/testing-utils.ts"],"names":[],"mappings":";;;;;;;;;;;;AACA,kDAA0B;AAE1B,iDAAmC;AASnC,SAAS,UAAU,CAAC,OAAoB;IACtC,8CAA8C;IAC9C,gCAAgC;IAChC,2EAA2E;IAC3E,2FAA2F;IAC3F,OAAO,CACL,KAA0B,EAC1B,QAAiB,EACjB,EAA0B,EACjB,EAAE;QACX,2CAA2C;QAC3C,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,QAAQ,KAAK,UAAU,EAAE;YACtD,EAAE,GAAG,QAAQ,CAAC;YACd,QAAQ,GAAG,SAAS,CAAC;SACtB;QAED,oBAAoB;QACpB,IAAI,OAAO,KAAK,KAAK,QAAQ,EAAE;YAC7B,OAAO,CAAC,UAAU,IAAI,KAAK,CAAC;SAC7B;aAAM;YACL,OAAO,CAAC,UAAU,IAAI,IAAI,WAAW,CAAC,QAAQ,IAAI,OAAO,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;SAC1E;QAED,iDAAiD;QACjD,IAAI,EAAE,KAAK,SAAS,IAAI,OAAO,EAAE,KAAK,UAAU,EAAE;YAChD,EAAE,EAAE,CAAC;SACN;QAED,OAAO,IAAI,CAAC;IACd,CAAC,CAAC;AACJ,CAAC;AAED,SAAgB,UAAU,CAAC,IAAwB;IACjD,MAAM,SAAS,GAAG,IAAkC,CAAC;IAErD,SAAS,CAAC,UAAU,CAAC,CAAC,CAAC,EAAE,EAAE;QACzB,gEAAgE;QAChE,0CAA0C;QAC1C,MAAM,CAAC,SAAS,CAAC,EAAE,CAAC,CAAC;QAErB,iEAAiE;QACjE,CAAC,CAAC,OAAO,CAAC,UAAU,GAAG,EAAE,CAAC;QAC1B,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QACpD,MAAM,kBAAkB,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC;QACrE,CAAC,CAAC,OAAO,CAAC,WAAW,GAAG,kBAAkB,CAAC;QAC3C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,OAAO,CAAQ,CAAC;QAEpD,mEAAmE;QACnE,wEAAwE;QACxE,kEAAkE;QAClE,CAAC,CAAC,OAAO,CAAC,GAAG,GAAG,EAAE,CAAC;QACnB,MAAM,CAAC,MAAM,CAAC,CAAC,CAAC,OAAO,CAAC,GAAG,EAAE,OAAO,CAAC,GAAG,CAAC,CAAC;IAC5C,CAAC,CAAC,CAAC;IAEH,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE;QAC/B,4BAA4B;QAC5B,0DAA0D;QAC1D,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,OAAO,CAAC,MAAM,CAAC,KAAK,GAAG,CAAC,CAAC,OAAO,CAAC,WAAW,CAAC;QAC7C,IAAI,CAAC,CAAC,CAAC,MAAM,EAAE;YACb,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;SAC5C;QAED,uCAAuC;QACvC,eAAK,CAAC,OAAO,EAAE,CAAC;QAEhB,oCAAoC;QACpC,OAAO,CAAC,GAAG,GAAG,CAAC,CAAC,OAAO,CAAC,GAAG,CAAC;IAC9B,CAAC,CAAC,CAAC;AACL,CAAC;AAvCD,gCAuCC"}

lib/toolrunner-error-catcher.js

@@ -0,0 +1,86 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const toolrunnner = __importStar(require("@actions/exec/lib/toolrunner"));
+/**
+ * Wrapper for toolrunner.Toolrunner which checks for specific return code and/or regex matches in console output.
+ * Output will be streamed to the live console as well as captured for subsequent processing.
+ * Returns promise with return code
+ *
+ * @param     commandLine        command to execute
+ * @param     args               optional arguments for tool. Escaping is handled by the lib.
+ * @param     matchers           defines specific codes and/or regexes that should lead to return of a custom error
+ * @param     options            optional exec options.  See ExecOptions
+ * @returns   Promise<number>    exit code
+ */
+async function toolrunnerErrorCatcher(commandLine, args, matchers, options) {
+    var _a, _b, _c;
+    let stdout = "";
+    let stderr = "";
+    const listeners = {
+        stdout: (data) => {
+            var _a, _b;
+            stdout += data.toString();
+            if (((_b = (_a = options) === null || _a === void 0 ? void 0 : _a.listeners) === null || _b === void 0 ? void 0 : _b.stdout) !== undefined) {
+                options.listeners.stdout(data);
+            }
+            else {
+                // if no stdout listener was originally defined then we match default behavior of Toolrunner
+                process.stdout.write(data);
+            }
+        },
+        stderr: (data) => {
+            var _a, _b;
+            stderr += data.toString();
+            if (((_b = (_a = options) === null || _a === void 0 ? void 0 : _a.listeners) === null || _b === void 0 ? void 0 : _b.stderr) !== undefined) {
+                options.listeners.stderr(data);
+            }
+            else {
+                // if no stderr listener was originally defined then we match default behavior of Toolrunner
+                process.stderr.write(data);
+            }
+        },
+    };
+    // we capture the original return code or error so that if no match is found we can duplicate the behavior
+    let returnState;
+    try {
+        returnState = await new toolrunnner.ToolRunner(commandLine, args, {
+            ...options,
+            listeners,
+            ignoreReturnCode: true,
+        }).exec();
+    }
+    catch (e) {
+        returnState = e;
+    }
+    // if there is a zero return code then we do not apply the matchers
+    if (returnState === 0)
+        return returnState;
+    if (matchers) {
+        for (const matcher of matchers) {
+            if (matcher.exitCode === returnState || ((_a = matcher.outputRegex) === null || _a === void 0 ? void 0 : _a.test(stderr)) || ((_b = matcher.outputRegex) === null || _b === void 0 ? void 0 : _b.test(stdout))) {
+                throw new Error(matcher.message);
+            }
+        }
+    }
+    if (typeof returnState === "number") {
+        // only if we were instructed to ignore the return code do we ever return it non-zero
+        if ((_c = options) === null || _c === void 0 ? void 0 : _c.ignoreReturnCode) {
+            return returnState;
+        }
+        else {
+            throw new Error(`The process \'${commandLine}\' failed with exit code ${returnState}`);
+        }
+    }
+    else {
+        throw returnState;
+    }
+}
+exports.toolrunnerErrorCatcher = toolrunnerErrorCatcher;
+//# sourceMappingURL=toolrunner-error-catcher.js.map

lib/toolrunner-error-catcher.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"toolrunner-error-catcher.js","sourceRoot":"","sources":["../src/toolrunner-error-catcher.ts"],"names":[],"mappings":";;;;;;;;;AACA,0EAA4D;AAI5D;;;;;;;;;;GAUG;AACI,KAAK,UAAU,sBAAsB,CAC1C,WAAmB,EACnB,IAAe,EACf,QAAyB,EACzB,OAAwB;;IAExB,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,MAAM,SAAS,GAAG;QAChB,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,aAAA,OAAO,0CAAE,SAAS,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;iBAAM;gBACL,4FAA4F;gBAC5F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aAC5B;QACH,CAAC;QACD,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,aAAA,OAAO,0CAAE,SAAS,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC5C,OAAO,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAChC;iBAAM;gBACL,4FAA4F;gBAC5F,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aAC5B;QACH,CAAC;KACF,CAAC;IAEF,0GAA0G;IAC1G,IAAI,WAA2B,CAAC;IAChC,IAAI;QACF,WAAW,GAAG,MAAM,IAAI,WAAW,CAAC,UAAU,CAAC,WAAW,EAAE,IAAI,EAAE;YAChE,GAAG,OAAO;YACV,SAAS;YACT,gBAAgB,EAAE,IAAI;SACvB,CAAC,CAAC,IAAI,EAAE,CAAC;KACX;IAAC,OAAO,CAAC,EAAE;QACV,WAAW,GAAG,CAAC,CAAC;KACjB;IAED,mEAAmE;IACnE,IAAI,WAAW,KAAK,CAAC;QAAE,OAAO,WAAW,CAAC;IAE1C,IAAI,QAAQ,EAAE;QACZ,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;YAC9B,IACE,OAAO,CAAC,QAAQ,KAAK,WAAW,WAChC,OAAO,CAAC,WAAW,0CAAE,IAAI,CAAC,MAAM,EAAC,WACjC,OAAO,CAAC,WAAW,0CAAE,IAAI,CAAC,MAAM,EAAC,EACjC;gBACA,MAAM,IAAI,KAAK,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;aAClC;SACF;KACF;IAED,IAAI,OAAO,WAAW,KAAK,QAAQ,EAAE;QACnC,qFAAqF;QACrF,UAAI,OAAO,0CAAE,gBAAgB,EAAE;YAC7B,OAAO,WAAW,CAAC;SACpB;aAAM;YACL,MAAM,IAAI,KAAK,CACb,iBAAiB,WAAW,4BAA4B,WAAW,EAAE,CACtE,CAAC;SACH;KACF;SAAM;QACL,MAAM,WAAW,CAAC;KACnB;AACH,CAAC;AArED,wDAqEC"}

lib/toolrunner-error-catcher.test.js

@@ -0,0 +1,145 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const exec = __importStar(require("@actions/exec"));
+const ava_1 = __importDefault(require("ava"));
+const testing_utils_1 = require("./testing-utils");
+const toolrunner_error_catcher_1 = require("./toolrunner-error-catcher");
+testing_utils_1.setupTests(ava_1.default);
+ava_1.default("matchers are never applied if non-error exit", async (t) => {
+    const testArgs = buildDummyArgs("foo bar\\nblort qux", "foo bar\\nblort qux", "", 0);
+    const matchers = [
+        { exitCode: 123, outputRegex: new RegExp("foo bar"), message: "error!!!" },
+    ];
+    t.deepEqual(await exec.exec("node", testArgs), 0);
+    t.deepEqual(await toolrunner_error_catcher_1.toolrunnerErrorCatcher("node", testArgs, matchers), 0);
+});
+ava_1.default("regex matchers are applied to stdout for non-zero exit code", async (t) => {
+    const testArgs = buildDummyArgs("foo bar\\nblort qux", "", "", 1);
+    const matchers = [
+        { exitCode: 123, outputRegex: new RegExp("foo bar"), message: "🦄" },
+    ];
+    await t.throwsAsync(exec.exec("node", testArgs), {
+        instanceOf: Error,
+        message: "The process 'node' failed with exit code 1",
+    });
+    await t.throwsAsync(toolrunner_error_catcher_1.toolrunnerErrorCatcher("node", testArgs, matchers), {
+        instanceOf: Error,
+        message: "🦄",
+    });
+});
+ava_1.default("regex matchers are applied to stderr for non-zero exit code", async (t) => {
+    const testArgs = buildDummyArgs("non matching string", "foo bar\\nblort qux", "", 1);
+    const matchers = [
+        { exitCode: 123, outputRegex: new RegExp("foo bar"), message: "🦄" },
+    ];
+    await t.throwsAsync(exec.exec("node", testArgs), {
+        instanceOf: Error,
+        message: "The process 'node' failed with exit code 1",
+    });
+    await t.throwsAsync(toolrunner_error_catcher_1.toolrunnerErrorCatcher("node", testArgs, matchers), {
+        instanceOf: Error,
+        message: "🦄",
+    });
+});
+ava_1.default("matcher returns correct error message when multiple matchers defined", async (t) => {
+    const testArgs = buildDummyArgs("non matching string", "foo bar\\nblort qux", "", 1);
+    const matchers = [
+        { exitCode: 456, outputRegex: new RegExp("lorem ipsum"), message: "😩" },
+        { exitCode: 123, outputRegex: new RegExp("foo bar"), message: "🦄" },
+        { exitCode: 789, outputRegex: new RegExp("blah blah"), message: "🤦‍♂️" },
+    ];
+    await t.throwsAsync(exec.exec("node", testArgs), {
+        instanceOf: Error,
+        message: "The process 'node' failed with exit code 1",
+    });
+    await t.throwsAsync(toolrunner_error_catcher_1.toolrunnerErrorCatcher("node", testArgs, matchers), {
+        instanceOf: Error,
+        message: "🦄",
+    });
+});
+ava_1.default("matcher returns first match to regex when multiple matches", async (t) => {
+    const testArgs = buildDummyArgs("non matching string", "foo bar\\nblort qux", "", 1);
+    const matchers = [
+        { exitCode: 123, outputRegex: new RegExp("foo bar"), message: "🦄" },
+        { exitCode: 789, outputRegex: new RegExp("blah blah"), message: "🤦‍♂️" },
+        { exitCode: 987, outputRegex: new RegExp("foo bar"), message: "🚫" },
+    ];
+    await t.throwsAsync(exec.exec("node", testArgs), {
+        instanceOf: Error,
+        message: "The process 'node' failed with exit code 1",
+    });
+    await t.throwsAsync(toolrunner_error_catcher_1.toolrunnerErrorCatcher("node", testArgs, matchers), {
+        instanceOf: Error,
+        message: "🦄",
+    });
+});
+ava_1.default("exit code matchers are applied", async (t) => {
+    const testArgs = buildDummyArgs("non matching string", "foo bar\\nblort qux", "", 123);
+    const matchers = [
+        {
+            exitCode: 123,
+            outputRegex: new RegExp("this will not match"),
+            message: "🦄",
+        },
+    ];
+    await t.throwsAsync(exec.exec("node", testArgs), {
+        instanceOf: Error,
+        message: "The process 'node' failed with exit code 123",
+    });
+    await t.throwsAsync(toolrunner_error_catcher_1.toolrunnerErrorCatcher("node", testArgs, matchers), {
+        instanceOf: Error,
+        message: "🦄",
+    });
+});
+ava_1.default("execErrorCatcher respects the ignoreReturnValue option", async (t) => {
+    const testArgs = buildDummyArgs("standard output", "error output", "", 199);
+    await t.throwsAsync(toolrunner_error_catcher_1.toolrunnerErrorCatcher("node", testArgs, [], { ignoreReturnCode: false }), { instanceOf: Error });
+    t.deepEqual(await toolrunner_error_catcher_1.toolrunnerErrorCatcher("node", testArgs, [], {
+        ignoreReturnCode: true,
+    }), 199);
+});
+ava_1.default("execErrorCatcher preserves behavior of provided listeners", async (t) => {
+    const stdoutExpected = "standard output";
+    const stderrExpected = "error output";
+    let stdoutActual = "";
+    let stderrActual = "";
+    const listeners = {
+        stdout: (data) => {
+            stdoutActual += data.toString();
+        },
+        stderr: (data) => {
+            stderrActual += data.toString();
+        },
+    };
+    const testArgs = buildDummyArgs(stdoutExpected, stderrExpected, "", 0);
+    t.deepEqual(await toolrunner_error_catcher_1.toolrunnerErrorCatcher("node", testArgs, [], {
+        listeners,
+    }), 0);
+    t.deepEqual(stdoutActual, `${stdoutExpected}\n`);
+    t.deepEqual(stderrActual, `${stderrExpected}\n`);
+});
+function buildDummyArgs(stdoutContents, stderrContents, desiredErrorMessage, desiredExitCode) {
+    let command = "";
+    if (stdoutContents)
+        command += `console.log("${stdoutContents}");`;
+    if (stderrContents)
+        command += `console.error("${stderrContents}");`;
+    if (command.length === 0)
+        throw new Error("Must provide contents for either stdout or stderr");
+    if (desiredErrorMessage)
+        command += `throw new Error("${desiredErrorMessage}");`;
+    if (desiredExitCode)
+        command += `process.exitCode = ${desiredExitCode};`;
+    return ["-e", command];
+}
+//# sourceMappingURL=toolrunner-error-catcher.test.js.map

lib/tracer-config.js

@@ -0,0 +1,151 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const languages_1 = require("./languages");
+const util = __importStar(require("./util"));
+const CRITICAL_TRACER_VARS = new Set([
+    "SEMMLE_PRELOAD_libtrace",
+    ,
+    "SEMMLE_RUNNER",
+    ,
+    "SEMMLE_COPY_EXECUTABLES_ROOT",
+    ,
+    "SEMMLE_DEPTRACE_SOCKET",
+    ,
+    "SEMMLE_JAVA_TOOL_OPTIONS",
+]);
+async function getTracerConfigForLanguage(codeql, config, language) {
+    const env = await codeql.getTracerEnv(util.getCodeQLDatabasePath(config.tempDir, language));
+    const spec = env["ODASA_TRACER_CONFIGURATION"];
+    const info = { spec, env: {} };
+    // Extract critical tracer variables from the environment
+    for (const entry of Object.entries(env)) {
+        const key = entry[0];
+        const value = entry[1];
+        // skip ODASA_TRACER_CONFIGURATION as it is handled separately
+        if (key === "ODASA_TRACER_CONFIGURATION") {
+            continue;
+        }
+        // skip undefined values
+        if (typeof value === "undefined") {
+            continue;
+        }
+        // Keep variables that do not exist in current environment. In addition always keep
+        // critical and CODEQL_ variables
+        if (typeof process.env[key] === "undefined" ||
+            CRITICAL_TRACER_VARS.has(key) ||
+            key.startsWith("CODEQL_")) {
+            info.env[key] = value;
+        }
+    }
+    return info;
+}
+exports.getTracerConfigForLanguage = getTracerConfigForLanguage;
+function concatTracerConfigs(tracerConfigs, config) {
+    // A tracer config is a map containing additional environment variables and a tracer 'spec' file.
+    // A tracer 'spec' file has the following format [log_file, number_of_blocks, blocks_text]
+    // Merge the environments
+    const env = {};
+    let copyExecutables = false;
+    let envSize = 0;
+    for (const v of Object.values(tracerConfigs)) {
+        for (const e of Object.entries(v.env)) {
+            const name = e[0];
+            const value = e[1];
+            // skip SEMMLE_COPY_EXECUTABLES_ROOT as it is handled separately
+            if (name === "SEMMLE_COPY_EXECUTABLES_ROOT") {
+                copyExecutables = true;
+            }
+            else if (name in env) {
+                if (env[name] !== value) {
+                    throw Error(`Incompatible values in environment parameter ${name}: ${env[name]} and ${value}`);
+                }
+            }
+            else {
+                env[name] = value;
+                envSize += 1;
+            }
+        }
+    }
+    // Concatenate spec files into a new spec file
+    const languages = Object.keys(tracerConfigs);
+    const cppIndex = languages.indexOf("cpp");
+    // Make sure cpp is the last language, if it's present since it must be concatenated last
+    if (cppIndex !== -1) {
+        const lastLang = languages[languages.length - 1];
+        languages[languages.length - 1] = languages[cppIndex];
+        languages[cppIndex] = lastLang;
+    }
+    const totalLines = [];
+    let totalCount = 0;
+    for (const lang of languages) {
+        const lines = fs
+            .readFileSync(tracerConfigs[lang].spec, "utf8")
+            .split(/\r?\n/);
+        const count = parseInt(lines[1], 10);
+        totalCount += count;
+        totalLines.push(...lines.slice(2));
+    }
+    const newLogFilePath = path.resolve(config.tempDir, "compound-build-tracer.log");
+    const spec = path.resolve(config.tempDir, "compound-spec");
+    const compoundTempFolder = path.resolve(config.tempDir, "compound-temp");
+    const newSpecContent = [
+        newLogFilePath,
+        totalCount.toString(10),
+        ...totalLines,
+    ];
+    if (copyExecutables) {
+        env["SEMMLE_COPY_EXECUTABLES_ROOT"] = compoundTempFolder;
+        envSize += 1;
+    }
+    fs.writeFileSync(spec, newSpecContent.join("\n"));
+    // Prepare the content of the compound environment file
+    let buffer = Buffer.alloc(4);
+    buffer.writeInt32LE(envSize, 0);
+    for (const e of Object.entries(env)) {
+        const key = e[0];
+        const value = e[1];
+        const lineBuffer = new Buffer(`${key}=${value}\0`, "utf8");
+        const sizeBuffer = Buffer.alloc(4);
+        sizeBuffer.writeInt32LE(lineBuffer.length, 0);
+        buffer = Buffer.concat([buffer, sizeBuffer, lineBuffer]);
+    }
+    // Write the compound environment
+    const envPath = `${spec}.environment`;
+    fs.writeFileSync(envPath, buffer);
+    return { env, spec };
+}
+exports.concatTracerConfigs = concatTracerConfigs;
+async function getCombinedTracerConfig(config, codeql) {
+    // Abort if there are no traced languages as there's nothing to do
+    const tracedLanguages = config.languages.filter(languages_1.isTracedLanguage);
+    if (tracedLanguages.length === 0) {
+        return undefined;
+    }
+    // Get all the tracer configs and combine them together
+    const tracedLanguageConfigs = {};
+    for (const language of tracedLanguages) {
+        tracedLanguageConfigs[language] = await getTracerConfigForLanguage(codeql, config, language);
+    }
+    const mainTracerConfig = concatTracerConfigs(tracedLanguageConfigs, config);
+    // Add a couple more variables
+    mainTracerConfig.env["ODASA_TRACER_CONFIGURATION"] = mainTracerConfig.spec;
+    const codeQLDir = path.dirname(codeql.getPath());
+    if (process.platform === "darwin") {
+        mainTracerConfig.env["DYLD_INSERT_LIBRARIES"] = path.join(codeQLDir, "tools", "osx64", "libtrace.dylib");
+    }
+    else if (process.platform !== "win32") {
+        mainTracerConfig.env["LD_PRELOAD"] = path.join(codeQLDir, "tools", "linux64", "${LIB}trace.so");
+    }
+    return mainTracerConfig;
+}
+exports.getCombinedTracerConfig = getCombinedTracerConfig;
+//# sourceMappingURL=tracer-config.js.map

lib/tracer-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"tracer-config.js","sourceRoot":"","sources":["../src/tracer-config.ts"],"names":[],"mappings":";;;;;;;;;AAAA,uCAAyB;AACzB,2CAA6B;AAI7B,2CAAyD;AACzD,6CAA+B;AAO/B,MAAM,oBAAoB,GAAG,IAAI,GAAG,CAAC;IACnC,yBAAyB;IACzB,AAD0B;IAE1B,eAAe;IACf,AADgB;IAEhB,8BAA8B;IAC9B,AAD+B;IAE/B,wBAAwB;IACxB,AADyB;IAEzB,0BAA0B;CAC3B,CAAC,CAAC;AAEI,KAAK,UAAU,0BAA0B,CAC9C,MAAc,EACd,MAA0B,EAC1B,QAAkB;IAElB,MAAM,GAAG,GAAG,MAAM,MAAM,CAAC,YAAY,CACnC,IAAI,CAAC,qBAAqB,CAAC,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CACrD,CAAC;IAEF,MAAM,IAAI,GAAG,GAAG,CAAC,4BAA4B,CAAC,CAAC;IAC/C,MAAM,IAAI,GAAiB,EAAE,IAAI,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC;IAE7C,yDAAyD;IACzD,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;QACvC,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACrB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACvB,8DAA8D;QAC9D,IAAI,GAAG,KAAK,4BAA4B,EAAE;YACxC,SAAS;SACV;QACD,wBAAwB;QACxB,IAAI,OAAO,KAAK,KAAK,WAAW,EAAE;YAChC,SAAS;SACV;QACD,mFAAmF;QACnF,iCAAiC;QACjC,IACE,OAAO,OAAO,CAAC,GAAG,CAAC,GAAG,CAAC,KAAK,WAAW;YACvC,oBAAoB,CAAC,GAAG,CAAC,GAAG,CAAC;YAC7B,GAAG,CAAC,UAAU,CAAC,SAAS,CAAC,EACzB;YACA,IAAI,CAAC,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;SACvB;KACF;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAnCD,gEAmCC;AAED,SAAgB,mBAAmB,CACjC,aAA+C,EAC/C,MAA0B;IAE1B,iGAAiG;IACjG,0FAA0F;IAE1F,yBAAyB;IACzB,MAAM,GAAG,GAA8B,EAAE,CAAC;IAC1C,IAAI,eAAe,GAAG,KAAK,CAAC;IAC5B,IAAI,OAAO,GAAG,CAAC,CAAC;IAChB,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,MAAM,CAAC,aAAa,CAAC,EAAE;QAC5C,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE;YACrC,MAAM,IAAI,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YAClB,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;YACnB,gEAAgE;YAChE,IAAI,IAAI,KAAK,8BAA8B,EAAE;gBAC3C,eAAe,GAAG,IAAI,CAAC;aACxB;iBAAM,IAAI,IAAI,IAAI,GAAG,EAAE;gBACtB,IAAI,GAAG,CAAC,IAAI,CAAC,KAAK,KAAK,EAAE;oBACvB,MAAM,KAAK,CACT,gDAAgD,IAAI,KAAK,GAAG,CAAC,IAAI,CAAC,QAAQ,KAAK,EAAE,CAClF,CAAC;iBACH;aACF;iBAAM;gBACL,GAAG,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC;gBAClB,OAAO,IAAI,CAAC,CAAC;aACd;SACF;KACF;IAED,8CAA8C;IAC9C,MAAM,SAAS,GAAG,MAAM,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,SAAS,CAAC,OAAO,CAAC,KAAK,CAAC,CAAC;IAC1C,yFAAyF;IACzF,IAAI,QAAQ,KAAK,CAAC,CAAC,EAAE;QACnB,MAAM,QAAQ,GAAG,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,CAAC;QACjD,SAAS,CAAC,SAAS,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,SAAS,CAAC,QAAQ,CAAC,CAAC;QACtD,SAAS,CAAC,QAAQ,CAAC,GAAG,QAAQ,CAAC;KAChC;IAED,MAAM,UAAU,GAAa,EAAE,CAAC;IAChC,IAAI,UAAU,GAAG,CAAC,CAAC;IACnB,KAAK,MAAM,IAAI,IAAI,SAAS,EAAE;QAC5B,MAAM,KAAK,GAAG,EAAE;aACb,YAAY,CAAC,aAAa,CAAC,IAAI,CAAC,CAAC,IAAI,EAAE,MAAM,CAAC;aAC9C,KAAK,CAAC,OAAO,CAAC,CAAC;QAClB,MAAM,KAAK,GAAG,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QACrC,UAAU,IAAI,KAAK,CAAC;QACpB,UAAU,CAAC,IAAI,CAAC,GAAG,KAAK,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;KACpC;IAED,MAAM,cAAc,GAAG,IAAI,CAAC,OAAO,CACjC,MAAM,CAAC,OAAO,EACd,2BAA2B,CAC5B,CAAC;IACF,MAAM,IAAI,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAC3D,MAAM,kBAAkB,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IACzE,MAAM,cAAc,GAAG;QACrB,cAAc;QACd,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QACvB,GAAG,UAAU;KACd,CAAC;IAEF,IAAI,eAAe,EAAE;QACnB,GAAG,CAAC,8BAA8B,CAAC,GAAG,kBAAkB,CAAC;QACzD,OAAO,IAAI,CAAC,CAAC;KACd;IAED,EAAE,CAAC,aAAa,CAAC,IAAI,EAAE,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC;IAElD,uDAAuD;IACvD,IAAI,MAAM,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC7B,MAAM,CAAC,YAAY,CAAC,OAAO,EAAE,CAAC,CAAC,CAAC;IAChC,KAAK,MAAM,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;QACnC,MAAM,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACjB,MAAM,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;QACnB,MAAM,UAAU,GAAG,IAAI,MAAM,CAAC,GAAG,GAAG,IAAI,KAAK,IAAI,EAAE,MAAM,CAAC,CAAC;QAC3D,MAAM,UAAU,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACnC,UAAU,CAAC,YAAY,CAAC,UAAU,CAAC,MAAM,EAAE,CAAC,CAAC,CAAC;QAC9C,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,EAAE,UAAU,EAAE,UAAU,CAAC,CAAC,CAAC;KAC1D;IACD,iCAAiC;IACjC,MAAM,OAAO,GAAG,GAAG,IAAI,cAAc,CAAC;IACtC,EAAE,CAAC,aAAa,CAAC,OAAO,EAAE,MAAM,CAAC,CAAC;IAElC,OAAO,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC;AACvB,CAAC;AAvFD,kDAuFC;AAEM,KAAK,UAAU,uBAAuB,CAC3C,MAA0B,EAC1B,MAAc;IAEd,kEAAkE;IAClE,MAAM,eAAe,GAAG,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,4BAAgB,CAAC,CAAC;IAClE,IAAI,eAAe,CAAC,MAAM,KAAK,CAAC,EAAE;QAChC,OAAO,SAAS,CAAC;KAClB;IAED,uDAAuD;IACvD,MAAM,qBAAqB,GAAqC,EAAE,CAAC;IACnE,KAAK,MAAM,QAAQ,IAAI,eAAe,EAAE;QACtC,qBAAqB,CAAC,QAAQ,CAAC,GAAG,MAAM,0BAA0B,CAChE,MAAM,EACN,MAAM,EACN,QAAQ,CACT,CAAC;KACH;IACD,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,qBAAqB,EAAE,MAAM,CAAC,CAAC;IAE5E,8BAA8B;IAC9B,gBAAgB,CAAC,GAAG,CAAC,4BAA4B,CAAC,GAAG,gBAAgB,CAAC,IAAI,CAAC;IAC3E,MAAM,SAAS,GAAG,IAAI,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC,CAAC;IACjD,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE;QACjC,gBAAgB,CAAC,GAAG,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAC,IAAI,CACvD,SAAS,EACT,OAAO,EACP,OAAO,EACP,gBAAgB,CACjB,CAAC;KACH;SAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;QACvC,gBAAgB,CAAC,GAAG,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,IAAI,CAC5C,SAAS,EACT,OAAO,EACP,SAAS,EACT,gBAAgB,CACjB,CAAC;KACH;IAED,OAAO,gBAAgB,CAAC;AAC1B,CAAC;AAzCD,0DAyCC"}

lib/tracer-config.test.js

@@ -0,0 +1,278 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const ava_1 = __importDefault(require("ava"));
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const codeql_1 = require("./codeql");
+const languages_1 = require("./languages");
+const testing_utils_1 = require("./testing-utils");
+const tracer_config_1 = require("./tracer-config");
+const util = __importStar(require("./util"));
+testing_utils_1.setupTests(ava_1.default);
+function getTestConfig(tmpDir) {
+    return {
+        languages: [languages_1.Language.java],
+        queries: {},
+        pathsIgnore: [],
+        paths: [],
+        originalUserInput: {},
+        tempDir: tmpDir,
+        toolCacheDir: tmpDir,
+        codeQLCmd: "",
+    };
+}
+// A very minimal setup
+ava_1.default("getTracerConfigForLanguage - minimal setup", async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        const codeQL = codeql_1.setCodeQL({
+            async getTracerEnv() {
+                return {
+                    ODASA_TRACER_CONFIGURATION: "abc",
+                    foo: "bar",
+                };
+            },
+        });
+        const result = await tracer_config_1.getTracerConfigForLanguage(codeQL, config, languages_1.Language.javascript);
+        t.deepEqual(result, { spec: "abc", env: { foo: "bar" } });
+    });
+});
+// Existing vars should not be overwritten, unless they are critical or prefixed with CODEQL_
+ava_1.default("getTracerConfigForLanguage - existing / critical vars", async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        // Set up some variables in the environment
+        process.env["foo"] = "abc";
+        process.env["SEMMLE_PRELOAD_libtrace"] = "abc";
+        process.env["SEMMLE_RUNNER"] = "abc";
+        process.env["SEMMLE_COPY_EXECUTABLES_ROOT"] = "abc";
+        process.env["SEMMLE_DEPTRACE_SOCKET"] = "abc";
+        process.env["SEMMLE_JAVA_TOOL_OPTIONS"] = "abc";
+        process.env["SEMMLE_DEPTRACE_SOCKET"] = "abc";
+        process.env["CODEQL_VAR"] = "abc";
+        // Now CodeQL returns all these variables, and one more, with different values
+        const codeQL = codeql_1.setCodeQL({
+            async getTracerEnv() {
+                return {
+                    ODASA_TRACER_CONFIGURATION: "abc",
+                    foo: "bar",
+                    baz: "qux",
+                    SEMMLE_PRELOAD_libtrace: "SEMMLE_PRELOAD_libtrace",
+                    SEMMLE_RUNNER: "SEMMLE_RUNNER",
+                    SEMMLE_COPY_EXECUTABLES_ROOT: "SEMMLE_COPY_EXECUTABLES_ROOT",
+                    SEMMLE_DEPTRACE_SOCKET: "SEMMLE_DEPTRACE_SOCKET",
+                    SEMMLE_JAVA_TOOL_OPTIONS: "SEMMLE_JAVA_TOOL_OPTIONS",
+                    CODEQL_VAR: "CODEQL_VAR",
+                };
+            },
+        });
+        const result = await tracer_config_1.getTracerConfigForLanguage(codeQL, config, languages_1.Language.javascript);
+        t.deepEqual(result, {
+            spec: "abc",
+            env: {
+                // Should contain all variables except 'foo', because that already existed in the
+                // environment with a different value, and is not deemed a "critical" variable.
+                baz: "qux",
+                SEMMLE_PRELOAD_libtrace: "SEMMLE_PRELOAD_libtrace",
+                SEMMLE_RUNNER: "SEMMLE_RUNNER",
+                SEMMLE_COPY_EXECUTABLES_ROOT: "SEMMLE_COPY_EXECUTABLES_ROOT",
+                SEMMLE_DEPTRACE_SOCKET: "SEMMLE_DEPTRACE_SOCKET",
+                SEMMLE_JAVA_TOOL_OPTIONS: "SEMMLE_JAVA_TOOL_OPTIONS",
+                CODEQL_VAR: "CODEQL_VAR",
+            },
+        });
+    });
+});
+ava_1.default("concatTracerConfigs - minimal configs correctly combined", async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        const spec1 = path.join(tmpDir, "spec1");
+        fs.writeFileSync(spec1, "foo.log\n2\nabc\ndef");
+        const tc1 = {
+            spec: spec1,
+            env: {
+                a: "a",
+                b: "b",
+            },
+        };
+        const spec2 = path.join(tmpDir, "spec2");
+        fs.writeFileSync(spec2, "foo.log\n1\nghi");
+        const tc2 = {
+            spec: spec2,
+            env: {
+                c: "c",
+            },
+        };
+        const result = tracer_config_1.concatTracerConfigs({ javascript: tc1, python: tc2 }, config);
+        t.deepEqual(result, {
+            spec: path.join(tmpDir, "compound-spec"),
+            env: {
+                a: "a",
+                b: "b",
+                c: "c",
+            },
+        });
+        t.true(fs.existsSync(result.spec));
+        t.deepEqual(fs.readFileSync(result.spec, "utf8"), `${path.join(tmpDir, "compound-build-tracer.log")}\n3\nabc\ndef\nghi`);
+    });
+});
+ava_1.default("concatTracerConfigs - conflicting env vars", async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        const spec = path.join(tmpDir, "spec");
+        fs.writeFileSync(spec, "foo.log\n0");
+        // Ok if env vars have the same name and the same value
+        t.deepEqual(tracer_config_1.concatTracerConfigs({
+            javascript: { spec, env: { a: "a", b: "b" } },
+            python: { spec, env: { b: "b", c: "c" } },
+        }, config).env, {
+            a: "a",
+            b: "b",
+            c: "c",
+        });
+        // Throws if env vars have same name but different values
+        const e = t.throws(() => tracer_config_1.concatTracerConfigs({
+            javascript: { spec, env: { a: "a", b: "b" } },
+            python: { spec, env: { b: "c" } },
+        }, config));
+        t.deepEqual(e.message, "Incompatible values in environment parameter b: b and c");
+    });
+});
+ava_1.default("concatTracerConfigs - cpp spec lines come last if present", async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        const spec1 = path.join(tmpDir, "spec1");
+        fs.writeFileSync(spec1, "foo.log\n2\nabc\ndef");
+        const tc1 = {
+            spec: spec1,
+            env: {
+                a: "a",
+                b: "b",
+            },
+        };
+        const spec2 = path.join(tmpDir, "spec2");
+        fs.writeFileSync(spec2, "foo.log\n1\nghi");
+        const tc2 = {
+            spec: spec2,
+            env: {
+                c: "c",
+            },
+        };
+        const result = tracer_config_1.concatTracerConfigs({ cpp: tc1, python: tc2 }, config);
+        t.deepEqual(result, {
+            spec: path.join(tmpDir, "compound-spec"),
+            env: {
+                a: "a",
+                b: "b",
+                c: "c",
+            },
+        });
+        t.true(fs.existsSync(result.spec));
+        t.deepEqual(fs.readFileSync(result.spec, "utf8"), `${path.join(tmpDir, "compound-build-tracer.log")}\n3\nghi\nabc\ndef`);
+    });
+});
+ava_1.default("concatTracerConfigs - SEMMLE_COPY_EXECUTABLES_ROOT is updated to point to compound spec", async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        const spec = path.join(tmpDir, "spec");
+        fs.writeFileSync(spec, "foo.log\n0");
+        const result = tracer_config_1.concatTracerConfigs({
+            javascript: { spec, env: { a: "a", b: "b" } },
+            python: { spec, env: { SEMMLE_COPY_EXECUTABLES_ROOT: "foo" } },
+        }, config);
+        t.deepEqual(result.env, {
+            a: "a",
+            b: "b",
+            SEMMLE_COPY_EXECUTABLES_ROOT: path.join(tmpDir, "compound-temp"),
+        });
+    });
+});
+ava_1.default("concatTracerConfigs - compound environment file is created correctly", async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        const spec1 = path.join(tmpDir, "spec1");
+        fs.writeFileSync(spec1, "foo.log\n2\nabc\ndef");
+        const tc1 = {
+            spec: spec1,
+            env: {
+                a: "a",
+            },
+        };
+        const spec2 = path.join(tmpDir, "spec2");
+        fs.writeFileSync(spec2, "foo.log\n1\nghi");
+        const tc2 = {
+            spec: spec2,
+            env: {
+                foo: "bar_baz",
+            },
+        };
+        const result = tracer_config_1.concatTracerConfigs({ javascript: tc1, python: tc2 }, config);
+        const envPath = `${result.spec}.environment`;
+        t.true(fs.existsSync(envPath));
+        const buffer = fs.readFileSync(envPath);
+        // Contents is binary data
+        t.deepEqual(buffer.length, 28);
+        t.deepEqual(buffer.readInt32LE(0), 2); // number of env vars
+        t.deepEqual(buffer.readInt32LE(4), 4); // length of env var definition
+        t.deepEqual(buffer.toString("utf8", 8, 12), "a=a\0"); // [key]=[value]\0
+        t.deepEqual(buffer.readInt32LE(12), 12); // length of env var definition
+        t.deepEqual(buffer.toString("utf8", 16, 28), "foo=bar_baz\0"); // [key]=[value]\0
+    });
+});
+ava_1.default("getCombinedTracerConfig - return undefined when no languages are traced languages", async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        // No traced languages
+        config.languages = [languages_1.Language.javascript, languages_1.Language.python];
+        const codeQL = codeql_1.setCodeQL({
+            async getTracerEnv() {
+                return {
+                    ODASA_TRACER_CONFIGURATION: "abc",
+                    foo: "bar",
+                };
+            },
+        });
+        t.deepEqual(await tracer_config_1.getCombinedTracerConfig(config, codeQL), undefined);
+    });
+});
+ava_1.default("getCombinedTracerConfig - valid spec file", async (t) => {
+    await util.withTmpDir(async (tmpDir) => {
+        const config = getTestConfig(tmpDir);
+        const spec = path.join(tmpDir, "spec");
+        fs.writeFileSync(spec, "foo.log\n2\nabc\ndef");
+        const codeQL = codeql_1.setCodeQL({
+            async getTracerEnv() {
+                return {
+                    ODASA_TRACER_CONFIGURATION: spec,
+                    foo: "bar",
+                };
+            },
+        });
+        const result = await tracer_config_1.getCombinedTracerConfig(config, codeQL);
+        const expectedEnv = {
+            foo: "bar",
+            ODASA_TRACER_CONFIGURATION: result.spec,
+        };
+        if (process.platform === "darwin") {
+            expectedEnv["DYLD_INSERT_LIBRARIES"] = path.join(path.dirname(codeQL.getPath()), "tools", "osx64", "libtrace.dylib");
+        }
+        else if (process.platform !== "win32") {
+            expectedEnv["LD_PRELOAD"] = path.join(path.dirname(codeQL.getPath()), "tools", "linux64", "${LIB}trace.so");
+        }
+        t.deepEqual(result, {
+            spec: path.join(tmpDir, "compound-spec"),
+            env: expectedEnv,
+        });
+    });
+});
+//# sourceMappingURL=tracer-config.test.js.map

lib/tracer-env.js

@@ -1,21 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const fs = __importStar(require("fs"));
-const env = {};
-for (let entry of Object.entries(process.env)) {
-    const key = entry[0];
-    const value = entry[1];
-    if (typeof value !== 'undefined' && key !== '_' && !key.startsWith('JAVA_MAIN_CLASS_')) {
-        env[key] = value;
-    }
-}
-process.stdout.write(process.argv[2]);
-fs.writeFileSync(process.argv[2], JSON.stringify(env), 'utf-8');
-//# sourceMappingURL=tracer-env.js.map

lib/tracer-env.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"tracer-env.js","sourceRoot":"","sources":["../src/tracer-env.ts"],"names":[],"mappings":";;;;;;;;;AAAA,uCAAyB;AAEzB,MAAM,GAAG,GAAG,EAAE,CAAC;AACf,KAAK,IAAI,KAAK,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE;IAC3C,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACrB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,IAAI,OAAO,KAAK,KAAK,WAAW,IAAI,GAAG,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE;QACpF,GAAG,CAAC,GAAG,CAAC,GAAG,KAAK,CAAC;KACpB;CACJ;AACD,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC;AACtC,EAAE,CAAC,aAAa,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE,OAAO,CAAC,CAAC"}

lib/upload-lib.js

@@ -11,31 +11,30 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
-const http = __importStar(require("@actions/http-client"));
-const auth = __importStar(require("@actions/http-client/auth"));
 const file_url_1 = __importDefault(require("file-url"));
 const fs = __importStar(require("fs"));
 const jsonschema = __importStar(require("jsonschema"));
 const path = __importStar(require("path"));
 const zlib_1 = __importDefault(require("zlib"));
+const api = __importStar(require("./api-client"));
 const fingerprints = __importStar(require("./fingerprints"));
 const sharedEnv = __importStar(require("./shared-environment"));
 const util = __importStar(require("./util"));
 // Takes a list of paths to sarif files and combines them together,
 // returning the contents of the combined sarif file.
 function combineSarifFiles(sarifFiles) {
-    let combinedSarif = {
+    const combinedSarif = {
         version: null,
-        runs: []
+        runs: [],
     };
-    for (let sarifFile of sarifFiles) {
-        let sarifObject = JSON.parse(fs.readFileSync(sarifFile, 'utf8'));
+    for (const sarifFile of sarifFiles) {
+        const sarifObject = JSON.parse(fs.readFileSync(sarifFile, "utf8"));
         // Check SARIF version
         if (combinedSarif.version === null) {
             combinedSarif.version = sarifObject.version;
         }
         else if (combinedSarif.version !== sarifObject.version) {
-            throw "Different SARIF versions encountered: " + combinedSarif.version + " and " + sarifObject.version;
+            throw `Different SARIF versions encountered: ${combinedSarif.version} and ${sarifObject.version}`;
         }
         combinedSarif.runs.push(...sarifObject.runs);
     }
@@ -44,73 +43,79 @@ function combineSarifFiles(sarifFiles) {
 exports.combineSarifFiles = combineSarifFiles;
 // Upload the given payload.
 // If the request fails then this will retry a small number of times.
-async function uploadPayload(payload) {
-    core.info('Uploading results');
+async function uploadPayload(payload, repositoryNwo, githubAuth, githubUrl, mode, logger) {
+    logger.info("Uploading results");
     // If in test mode we don't want to upload the results
-    const testMode = process.env['TEST_MODE'] === 'true' || false;
+    const testMode = process.env["TEST_MODE"] === "true" || false;
     if (testMode) {
-        return true;
+        return;
     }
-    const githubToken = core.getInput('token');
-    const ph = new auth.BearerCredentialHandler(githubToken);
-    const client = new http.HttpClient('Code Scanning : Upload SARIF', [ph]);
-    const url = 'https://api.github.com/repos/' + process.env['GITHUB_REPOSITORY'] + '/code-scanning/analysis';
     // Make up to 4 attempts to upload, and sleep for these
     // number of seconds between each attempt.
     // We don't want to backoff too much to avoid wasting action
     // minutes, but just waiting a little bit could maybe help.
     const backoffPeriods = [1, 5, 15];
+    const client = api.getApiClient(githubAuth, githubUrl);
     for (let attempt = 0; attempt <= backoffPeriods.length; attempt++) {
-        const res = await client.put(url, payload);
-        core.debug('response status: ' + res.message.statusCode);
-        const statusCode = res.message.statusCode;
+        const reqURL = mode === "actions"
+            ? "PUT /repos/:owner/:repo/code-scanning/analysis"
+            : "POST /repos/:owner/:repo/code-scanning/sarifs";
+        const response = await client.request(reqURL, {
+            owner: repositoryNwo.owner,
+            repo: repositoryNwo.repo,
+            data: payload,
+        });
+        logger.debug(`response status: ${response.status}`);
+        const statusCode = response.status;
         if (statusCode === 202) {
-            core.info("Successfully uploaded results");
-            return true;
+            logger.info("Successfully uploaded results");
+            return;
         }
-        const requestID = res.message.headers["x-github-request-id"];
+        const requestID = response.headers["x-github-request-id"];
         // On any other status code that's not 5xx mark the upload as failed
         if (!statusCode || statusCode < 500 || statusCode >= 600) {
-            core.setFailed('Upload failed (' + requestID + '): (' + statusCode + ') ' + await res.readBody());
-            return false;
+            throw new Error(`Upload failed (${requestID}): (${statusCode}) ${JSON.stringify(response.data)}`);
         }
         // On a 5xx status code we may retry the request
         if (attempt < backoffPeriods.length) {
             // Log the failure as a warning but don't mark the action as failed yet
-            core.warning('Upload attempt (' + (attempt + 1) + ' of ' + (backoffPeriods.length + 1) +
-                ') failed (' + requestID + '). Retrying in ' + backoffPeriods[attempt] +
-                ' seconds: (' + statusCode + ') ' + await res.readBody());
+            logger.warning(`Upload attempt (${attempt + 1} of ${backoffPeriods.length + 1}) failed (${requestID}). Retrying in ${backoffPeriods[attempt]} seconds: (${statusCode}) ${JSON.stringify(response.data)}`);
             // Sleep for the backoff period
-            await new Promise(r => setTimeout(r, backoffPeriods[attempt] * 1000));
+            await new Promise((r) => setTimeout(r, backoffPeriods[attempt] * 1000));
             continue;
         }
         else {
             // If the upload fails with 5xx then we assume it is a temporary problem
             // and not an error that the user has caused or can fix.
             // We avoid marking the job as failed to avoid breaking CI workflows.
-            core.error('Upload failed (' + requestID + '): (' + statusCode + ') ' + await res.readBody());
-            return false;
+            throw new Error(`Upload failed (${requestID}): (${statusCode}) ${JSON.stringify(response.data)}`);
         }
     }
-    return false;
+    // This case shouldn't ever happen as the final iteration of the loop
+    // will always throw an error instead of exiting to here.
+    throw new Error("Upload failed");
 }
 // Uploads a single sarif file or a directory of sarif files
 // depending on what the path happens to refer to.
 // Returns true iff the upload occurred and succeeded
-async function upload(input) {
-    if (fs.lstatSync(input).isDirectory()) {
-        const sarifFiles = fs.readdirSync(input)
-            .filter(f => f.endsWith(".sarif"))
-            .map(f => path.resolve(input, f));
+async function upload(sarifPath, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, githubAuth, githubUrl, mode, logger) {
+    const sarifFiles = [];
+    if (!fs.existsSync(sarifPath)) {
+        throw new Error(`Path does not exist: ${sarifPath}`);
+    }
+    if (fs.lstatSync(sarifPath).isDirectory()) {
+        fs.readdirSync(sarifPath)
+            .filter((f) => f.endsWith(".sarif"))
+            .map((f) => path.resolve(sarifPath, f))
+            .forEach((f) => sarifFiles.push(f));
         if (sarifFiles.length === 0) {
-            core.setFailed("No SARIF files found to upload in \"" + input + "\".");
-            return false;
+            throw new Error(`No SARIF files found to upload in "${sarifPath}".`);
         }
-        return await uploadFiles(sarifFiles);
     }
     else {
-        return await uploadFiles([input]);
+        sarifFiles.push(sarifPath);
     }
+    return await uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, githubAuth, githubUrl, mode, logger);
 }
 exports.upload = upload;
 // Counts the number of results in the given SARIF file
@@ -123,87 +128,83 @@ function countResultsInSarif(sarif) {
 }
 exports.countResultsInSarif = countResultsInSarif;
 // Validates that the given file path refers to a valid SARIF file.
-// Returns a non-empty list of error message if the file is invalid,
-// otherwise returns the empty list if the file is valid.
-function validateSarifFileSchema(sarifFilePath) {
-    const sarif = JSON.parse(fs.readFileSync(sarifFilePath, 'utf8'));
-    const schema = JSON.parse(fs.readFileSync(__dirname + '/../src/sarif_v2.1.0_schema.json', 'utf8'));
+// Throws an error if the file is invalid.
+function validateSarifFileSchema(sarifFilePath, logger) {
+    const sarif = JSON.parse(fs.readFileSync(sarifFilePath, "utf8"));
+    const schema = require("../src/sarif_v2.1.0_schema.json");
     const result = new jsonschema.Validator().validate(sarif, schema);
-    if (result.valid) {
-        return true;
-    }
-    else {
-        // Set the failure message to the stacks of all the errors.
-        // This should be of a manageable size and may even give enough to fix the error.
-        const errorMessages = result.errors.map(e => "- " + e.stack);
-        core.setFailed("Unable to upload \"" + sarifFilePath + "\" as it is not valid SARIF:\n" + errorMessages.join("\n"));
-        // Also output the more verbose error messages in groups as these may be very large.
+    if (!result.valid) {
+        // Output the more verbose error messages in groups as these may be very large.
         for (const error of result.errors) {
-            core.startGroup("Error details: " + error.stack);
-            core.info(JSON.stringify(error, null, 2));
-            core.endGroup();
+            logger.startGroup(`Error details: ${error.stack}`);
+            logger.info(JSON.stringify(error, null, 2));
+            logger.endGroup();
         }
-        return false;
+        // Set the main error message to the stacks of all the errors.
+        // This should be of a manageable size and may even give enough to fix the error.
+        const sarifErrors = result.errors.map((e) => `- ${e.stack}`);
+        throw new Error(`Unable to upload "${sarifFilePath}" as it is not valid SARIF:\n${sarifErrors.join("\n")}`);
     }
 }
 exports.validateSarifFileSchema = validateSarifFileSchema;
 // Uploads the given set of sarif files.
 // Returns true iff the upload occurred and succeeded
-async function uploadFiles(sarifFiles) {
-    core.startGroup("Uploading results");
-    core.info("Uploading sarif files: " + JSON.stringify(sarifFiles));
-    const sentinelEnvVar = "CODEQL_UPLOAD_SARIF";
-    if (process.env[sentinelEnvVar]) {
-        core.error("Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job");
-        return false;
+async function uploadFiles(sarifFiles, repositoryNwo, commitOid, ref, analysisKey, analysisName, workflowRunID, checkoutPath, environment, githubAuth, githubUrl, mode, logger) {
+    logger.info(`Uploading sarif files: ${JSON.stringify(sarifFiles)}`);
+    if (mode === "actions") {
+        // This check only works on actions as env vars don't persist between calls to the runner
+        const sentinelEnvVar = "CODEQL_UPLOAD_SARIF";
+        if (process.env[sentinelEnvVar]) {
+            throw new Error("Aborting upload: only one run of the codeql/analyze or codeql/upload-sarif actions is allowed per job");
+        }
+        core.exportVariable(sentinelEnvVar, sentinelEnvVar);
     }
-    core.exportVariable(sentinelEnvVar, sentinelEnvVar);
     // Validate that the files we were asked to upload are all valid SARIF files
     for (const file of sarifFiles) {
-        if (!validateSarifFileSchema(file)) {
-            return false;
-        }
+        validateSarifFileSchema(file, logger);
     }
-    const commitOid = await util.getCommitOid();
-    const workflowRunIDStr = util.getRequiredEnvParam('GITHUB_RUN_ID');
-    const ref = util.getRef();
-    const analysisKey = await util.getAnalysisKey();
-    const analysisName = util.getRequiredEnvParam('GITHUB_WORKFLOW');
-    const startedAt = process.env[sharedEnv.CODEQL_ACTION_STARTED_AT];
     let sarifPayload = combineSarifFiles(sarifFiles);
-    sarifPayload = fingerprints.addFingerprints(sarifPayload);
-    const zipped_sarif = zlib_1.default.gzipSync(sarifPayload).toString('base64');
-    let checkoutPath = core.getInput('checkout_path');
-    let checkoutURI = file_url_1.default(checkoutPath);
-    const workflowRunID = parseInt(workflowRunIDStr, 10);
-    if (Number.isNaN(workflowRunID)) {
-        core.setFailed('GITHUB_RUN_ID must define a non NaN workflow run ID');
-        return false;
-    }
-    let matrix = core.getInput('matrix');
-    if (matrix === "null" || matrix === "") {
-        matrix = undefined;
-    }
+    sarifPayload = fingerprints.addFingerprints(sarifPayload, checkoutPath, logger);
+    const zipped_sarif = zlib_1.default.gzipSync(sarifPayload).toString("base64");
+    const checkoutURI = file_url_1.default(checkoutPath);
     const toolNames = util.getToolNames(sarifPayload);
-    const payload = JSON.stringify({
-        "commit_oid": commitOid,
-        "ref": ref,
-        "analysis_key": analysisKey,
-        "analysis_name": analysisName,
-        "sarif": zipped_sarif,
-        "workflow_run_id": workflowRunID,
-        "checkout_uri": checkoutURI,
-        "environment": matrix,
-        "started_at": startedAt,
-        "tool_names": toolNames,
-    });
+    let payload;
+    if (mode === "actions") {
+        payload = JSON.stringify({
+            commit_oid: commitOid,
+            ref,
+            analysis_key: analysisKey,
+            analysis_name: analysisName,
+            sarif: zipped_sarif,
+            workflow_run_id: workflowRunID,
+            checkout_uri: checkoutURI,
+            environment,
+            started_at: process.env[sharedEnv.CODEQL_WORKFLOW_STARTED_AT],
+            tool_names: toolNames,
+        });
+    }
+    else {
+        payload = JSON.stringify({
+            commit_sha: commitOid,
+            ref,
+            sarif: zipped_sarif,
+            checkout_uri: checkoutURI,
+            tool_name: toolNames[0],
+        });
+    }
     // Log some useful debug info about the info
-    core.debug("Raw upload size: " + sarifPayload.length + " bytes");
-    core.debug("Base64 zipped upload size: " + zipped_sarif.length + " bytes");
-    core.debug("Number of results in upload: " + countResultsInSarif(sarifPayload));
+    const rawUploadSizeBytes = sarifPayload.length;
+    logger.debug(`Raw upload size: ${rawUploadSizeBytes} bytes`);
+    const zippedUploadSizeBytes = zipped_sarif.length;
+    logger.debug(`Base64 zipped upload size: ${zippedUploadSizeBytes} bytes`);
+    const numResultInSarif = countResultsInSarif(sarifPayload);
+    logger.debug(`Number of results in upload: ${numResultInSarif}`);
     // Make the upload
-    const succeeded = await uploadPayload(payload);
-    core.endGroup();
-    return succeeded;
+    await uploadPayload(payload, repositoryNwo, githubAuth, githubUrl, mode, logger);
+    return {
+        raw_upload_size_bytes: rawUploadSizeBytes,
+        zipped_upload_size_bytes: zippedUploadSizeBytes,
+        num_results_in_sarif: numResultInSarif,
+    };
 }
 //# sourceMappingURL=upload-lib.js.map

lib/upload-lib.test.js

@@ -11,17 +11,16 @@ var __importStar = (this && this.__importStar) || function (mod) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 const ava_1 = __importDefault(require("ava"));
+const logging_1 = require("./logging");
 const testing_utils_1 = require("./testing-utils");
 const uploadLib = __importStar(require("./upload-lib"));
-testing_utils_1.silenceDebugOutput(ava_1.default);
-ava_1.default('validateSarifFileSchema - valid', t => {
-    const inputFile = __dirname + '/../src/testdata/valid-sarif.sarif';
-    t.true(uploadLib.validateSarifFileSchema(inputFile));
+testing_utils_1.setupTests(ava_1.default);
+ava_1.default("validateSarifFileSchema - valid", (t) => {
+    const inputFile = `${__dirname}/../src/testdata/valid-sarif.sarif`;
+    t.notThrows(() => uploadLib.validateSarifFileSchema(inputFile, logging_1.getRunnerLogger(true)));
 });
-ava_1.default('validateSarifFileSchema - invalid', t => {
-    const inputFile = __dirname + '/../src/testdata/invalid-sarif.sarif';
-    t.false(uploadLib.validateSarifFileSchema(inputFile));
-    // validateSarifFileSchema calls core.setFailed which sets the exit code on error
-    process.exitCode = 0;
+ava_1.default("validateSarifFileSchema - invalid", (t) => {
+    const inputFile = `${__dirname}/../src/testdata/invalid-sarif.sarif`;
+    t.throws(() => uploadLib.validateSarifFileSchema(inputFile, logging_1.getRunnerLogger(true)));
 });
 //# sourceMappingURL=upload-lib.test.js.map

lib/upload-lib.test.js.map

@@ -1 +1 @@
-{"version":3,"file":"upload-lib.test.js","sourceRoot":"","sources":["../src/upload-lib.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,mDAAmD;AACnD,wDAA0C;AAE1C,kCAAkB,CAAC,aAAI,CAAC,CAAC;AAEzB,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE;IAC1C,MAAM,SAAS,GAAG,SAAS,GAAG,oCAAoC,CAAC;IACnE,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,mCAAmC,EAAE,CAAC,CAAC,EAAE;IAC5C,MAAM,SAAS,GAAG,SAAS,GAAG,sCAAsC,CAAC;IACrE,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,uBAAuB,CAAC,SAAS,CAAC,CAAC,CAAC;IACtD,iFAAiF;IACjF,OAAO,CAAC,QAAQ,GAAG,CAAC,CAAC;AACvB,CAAC,CAAC,CAAC"}
+{"version":3,"file":"upload-lib.test.js","sourceRoot":"","sources":["../src/upload-lib.test.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,8CAAuB;AAEvB,uCAA4C;AAC5C,mDAA6C;AAC7C,wDAA0C;AAE1C,0BAAU,CAAC,aAAI,CAAC,CAAC;AAEjB,aAAI,CAAC,iCAAiC,EAAE,CAAC,CAAC,EAAE,EAAE;IAC5C,MAAM,SAAS,GAAG,GAAG,SAAS,oCAAoC,CAAC;IACnE,CAAC,CAAC,SAAS,CAAC,GAAG,EAAE,CACf,SAAS,CAAC,uBAAuB,CAAC,SAAS,EAAE,yBAAe,CAAC,IAAI,CAAC,CAAC,CACpE,CAAC;AACJ,CAAC,CAAC,CAAC;AAEH,aAAI,CAAC,mCAAmC,EAAE,CAAC,CAAC,EAAE,EAAE;IAC9C,MAAM,SAAS,GAAG,GAAG,SAAS,sCAAsC,CAAC;IACrE,CAAC,CAAC,MAAM,CAAC,GAAG,EAAE,CACZ,SAAS,CAAC,uBAAuB,CAAC,SAAS,EAAE,yBAAe,CAAC,IAAI,CAAC,CAAC,CACpE,CAAC;AACJ,CAAC,CAAC,CAAC"}

lib/upload-sarif-action.js

@@ -0,0 +1,43 @@
+"use strict";
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
+    result["default"] = mod;
+    return result;
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const core = __importStar(require("@actions/core"));
+const logging_1 = require("./logging");
+const repository_1 = require("./repository");
+const upload_lib = __importStar(require("./upload-lib"));
+const util = __importStar(require("./util"));
+async function sendSuccessStatusReport(startedAt, uploadStats) {
+    const statusReportBase = await util.createStatusReportBase("upload-sarif", "success", startedAt);
+    const statusReport = {
+        ...statusReportBase,
+        ...uploadStats,
+    };
+    await util.sendStatusReport(statusReport);
+}
+async function run() {
+    const startedAt = new Date();
+    if (!(await util.sendStatusReport(await util.createStatusReportBase("upload-sarif", "starting", startedAt), true))) {
+        return;
+    }
+    try {
+        const uploadStats = await upload_lib.upload(util.getRequiredInput("sarif_file"), repository_1.parseRepositoryNwo(util.getRequiredEnvParam("GITHUB_REPOSITORY")), await util.getCommitOid(), util.getRef(), await util.getAnalysisKey(), util.getRequiredEnvParam("GITHUB_WORKFLOW"), util.getWorkflowRunID(), util.getRequiredInput("checkout_path"), util.getRequiredInput("matrix"), util.getRequiredInput("token"), util.getRequiredEnvParam("GITHUB_SERVER_URL"), "actions", logging_1.getActionsLogger());
+        await sendSuccessStatusReport(startedAt, uploadStats);
+    }
+    catch (error) {
+        core.setFailed(error.message);
+        console.log(error);
+        await util.sendStatusReport(await util.createStatusReportBase("upload-sarif", "failure", startedAt, error.message, error.stack));
+        return;
+    }
+}
+run().catch((e) => {
+    core.setFailed(`codeql/upload-sarif action failed: ${e}`);
+    console.log(e);
+});
+//# sourceMappingURL=upload-sarif-action.js.map

lib/upload-sarif-action.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"upload-sarif-action.js","sourceRoot":"","sources":["../src/upload-sarif-action.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAEtC,uCAA6C;AAC7C,6CAAkD;AAClD,yDAA2C;AAC3C,6CAA+B;AAM/B,KAAK,UAAU,uBAAuB,CACpC,SAAe,EACf,WAA0C;IAE1C,MAAM,gBAAgB,GAAG,MAAM,IAAI,CAAC,sBAAsB,CACxD,cAAc,EACd,SAAS,EACT,SAAS,CACV,CAAC;IACF,MAAM,YAAY,GAA4B;QAC5C,GAAG,gBAAgB;QACnB,GAAG,WAAW;KACf,CAAC;IACF,MAAM,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,CAAC;AAC5C,CAAC;AAED,KAAK,UAAU,GAAG;IAChB,MAAM,SAAS,GAAG,IAAI,IAAI,EAAE,CAAC;IAC7B,IACE,CAAC,CAAC,MAAM,IAAI,CAAC,gBAAgB,CAC3B,MAAM,IAAI,CAAC,sBAAsB,CAAC,cAAc,EAAE,UAAU,EAAE,SAAS,CAAC,EACxE,IAAI,CACL,CAAC,EACF;QACA,OAAO;KACR;IAED,IAAI;QACF,MAAM,WAAW,GAAG,MAAM,UAAU,CAAC,MAAM,CACzC,IAAI,CAAC,gBAAgB,CAAC,YAAY,CAAC,EACnC,+BAAkB,CAAC,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,CAAC,EACjE,MAAM,IAAI,CAAC,YAAY,EAAE,EACzB,IAAI,CAAC,MAAM,EAAE,EACb,MAAM,IAAI,CAAC,cAAc,EAAE,EAC3B,IAAI,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,EAC3C,IAAI,CAAC,gBAAgB,EAAE,EACvB,IAAI,CAAC,gBAAgB,CAAC,eAAe,CAAC,EACtC,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC,EAC/B,IAAI,CAAC,gBAAgB,CAAC,OAAO,CAAC,EAC9B,IAAI,CAAC,mBAAmB,CAAC,mBAAmB,CAAC,EAC7C,SAAS,EACT,0BAAgB,EAAE,CACnB,CAAC;QACF,MAAM,uBAAuB,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;KACvD;IAAC,OAAO,KAAK,EAAE;QACd,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;QACnB,MAAM,IAAI,CAAC,gBAAgB,CACzB,MAAM,IAAI,CAAC,sBAAsB,CAC/B,cAAc,EACd,SAAS,EACT,SAAS,EACT,KAAK,CAAC,OAAO,EACb,KAAK,CAAC,KAAK,CACZ,CACF,CAAC;QACF,OAAO;KACR;AACH,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,EAAE;IAChB,IAAI,CAAC,SAAS,CAAC,sCAAsC,CAAC,EAAE,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACjB,CAAC,CAAC,CAAC"}

lib/upload-sarif.js

@@ -1,35 +0,0 @@
-"use strict";
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (Object.hasOwnProperty.call(mod, k)) result[k] = mod[k];
-    result["default"] = mod;
-    return result;
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const core = __importStar(require("@actions/core"));
-const upload_lib = __importStar(require("./upload-lib"));
-const util = __importStar(require("./util"));
-async function run() {
-    if (util.should_abort('upload-sarif', false) || !await util.reportActionStarting('upload-sarif')) {
-        return;
-    }
-    try {
-        if (await upload_lib.upload(core.getInput('sarif_file'))) {
-            await util.reportActionSucceeded('upload-sarif');
-        }
-        else {
-            await util.reportActionFailed('upload-sarif', 'upload');
-        }
-    }
-    catch (error) {
-        core.setFailed(error.message);
-        await util.reportActionFailed('upload-sarif', error.message, error.stack);
-        return;
-    }
-}
-run().catch(e => {
-    core.setFailed("codeql/upload-sarif action failed: " + e);
-    console.log(e);
-});
-//# sourceMappingURL=upload-sarif.js.map

lib/upload-sarif.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"upload-sarif.js","sourceRoot":"","sources":["../src/upload-sarif.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAEtC,yDAA2C;AAC3C,6CAA+B;AAE/B,KAAK,UAAU,GAAG;IACd,IAAI,IAAI,CAAC,YAAY,CAAC,cAAc,EAAE,KAAK,CAAC,IAAI,CAAC,MAAM,IAAI,CAAC,oBAAoB,CAAC,cAAc,CAAC,EAAE;QAC9F,OAAO;KACV;IAED,IAAI;QACA,IAAI,MAAM,UAAU,CAAC,MAAM,CAAC,IAAI,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC,EAAE;YACtD,MAAM,IAAI,CAAC,qBAAqB,CAAC,cAAc,CAAC,CAAC;SACpD;aAAM;YACH,MAAM,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,QAAQ,CAAC,CAAC;SAC3D;KACJ;IAAC,OAAO,KAAK,EAAE;QACZ,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;QAC9B,MAAM,IAAI,CAAC,kBAAkB,CAAC,cAAc,EAAE,KAAK,CAAC,OAAO,EAAE,KAAK,CAAC,KAAK,CAAC,CAAC;QAC1E,OAAO;KACV;AACL,CAAC;AAED,GAAG,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE;IACZ,IAAI,CAAC,SAAS,CAAC,qCAAqC,GAAG,CAAC,CAAC,CAAC;IAC1D,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC;AACnB,CAAC,CAAC,CAAC"}

lib/util.js

@@ -6,173 +6,127 @@ var __importStar = (this && this.__importStar) || function (mod) {
     result["default"] = mod;
     return result;
 };
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
 Object.defineProperty(exports, "__esModule", { value: true });
 const core = __importStar(require("@actions/core"));
-const exec = __importStar(require("@actions/exec"));
-const http = __importStar(require("@actions/http-client"));
-const auth = __importStar(require("@actions/http-client/auth"));
-const octokit = __importStar(require("@octokit/rest"));
-const console_log_level_1 = __importDefault(require("console-log-level"));
+const toolrunnner = __importStar(require("@actions/exec/lib/toolrunner"));
 const fs = __importStar(require("fs"));
 const os = __importStar(require("os"));
 const path = __importStar(require("path"));
+const api = __importStar(require("./api-client"));
 const sharedEnv = __importStar(require("./shared-environment"));
 /**
- * Should the current action be aborted?
- *
- * This method should be called at the start of all CodeQL actions and they
- * should abort cleanly if this returns true without failing the action.
- * This method will call `core.setFailed` if necessary.
+ * The URL for github.com.
  */
-function should_abort(actionName, requireInitActionHasRun) {
-    // Check that required aspects of the environment are present
-    const ref = process.env['GITHUB_REF'];
-    if (ref === undefined) {
-        core.setFailed('GITHUB_REF must be set.');
-        return true;
-    }
-    // If the init action is required, then check the it completed successfully.
-    if (requireInitActionHasRun && process.env[sharedEnv.CODEQL_ACTION_INIT_COMPLETED] === undefined) {
-        core.setFailed('The CodeQL ' + actionName + ' action cannot be used unless the CodeQL init action is run first. Aborting.');
-        return true;
-    }
-    return false;
-}
-exports.should_abort = should_abort;
+exports.GITHUB_DOTCOM_URL = "https://github.com";
 /**
  * Get an environment parameter, but throw an error if it is not set.
  */
 function getRequiredEnvParam(paramName) {
     const value = process.env[paramName];
-    if (value === undefined) {
-        throw new Error(paramName + ' environment variable must be set');
+    if (value === undefined || value.length === 0) {
+        throw new Error(`${paramName} environment variable must be set`);
     }
-    core.debug(paramName + '=' + value);
+    core.debug(`${paramName}=${value}`);
     return value;
 }
 exports.getRequiredEnvParam = getRequiredEnvParam;
 /**
- * Gets the set of languages in the current repository
+ * Get the extra options for the codeql commands.
  */
-async function getLanguagesInRepo() {
-    var _a;
-    // Translate between GitHub's API names for languages and ours
-    const codeqlLanguages = {
-        'C': 'cpp',
-        'C++': 'cpp',
-        'C#': 'csharp',
-        'Go': 'go',
-        'Java': 'java',
-        'JavaScript': 'javascript',
-        'TypeScript': 'javascript',
-        'Python': 'python',
-    };
-    let repo_nwo = (_a = process.env['GITHUB_REPOSITORY']) === null || _a === void 0 ? void 0 : _a.split("/");
-    if (repo_nwo) {
-        let owner = repo_nwo[0];
-        let repo = repo_nwo[1];
-        core.debug(`GitHub repo ${owner} ${repo}`);
-        let ok = new octokit.Octokit({
-            auth: core.getInput('token'),
-            userAgent: "CodeQL Action",
-            log: console_log_level_1.default({ level: "debug" })
-        });
-        const response = await ok.request("GET /repos/:owner/:repo/languages", ({
-            owner,
-            repo
-        }));
-        core.debug("Languages API response: " + JSON.stringify(response));
-        // The GitHub API is going to return languages in order of popularity,
-        // When we pick a language to autobuild we want to pick the most popular traced language
-        // Since sets in javascript maintain insertion order, using a set here and then splatting it
-        // into an array gives us an array of languages ordered by popularity
-        let languages = new Set();
-        for (let lang in response.data) {
-            if (lang in codeqlLanguages) {
-                languages.add(codeqlLanguages[lang]);
-            }
-        }
-        return [...languages];
+function getExtraOptionsEnvParam() {
+    const varName = "CODEQL_ACTION_EXTRA_OPTIONS";
+    const raw = process.env[varName];
+    if (raw === undefined || raw.length === 0) {
+        return {};
     }
-    else {
-        return [];
+    try {
+        return JSON.parse(raw);
+    }
+    catch (e) {
+        throw new Error(`${varName} environment variable is set, but does not contain valid JSON: ${e.message}`);
     }
 }
+exports.getExtraOptionsEnvParam = getExtraOptionsEnvParam;
+function isLocalRun() {
+    return (!!process.env.CODEQL_LOCAL_RUN &&
+        process.env.CODEQL_LOCAL_RUN !== "false" &&
+        process.env.CODEQL_LOCAL_RUN !== "0");
+}
+exports.isLocalRun = isLocalRun;
 /**
- * Get the languages to analyse.
- *
- * The result is obtained from the environment parameter CODEQL_ACTION_LANGUAGES
- * if that has been set, otherwise it is obtained from the action input parameter
- * 'languages' if that has been set, otherwise it is deduced as all languages in the
- * repo that can be analysed.
- *
- * If the languages are obtained from either of the second choices, the
- * CODEQL_ACTION_LANGUAGES environment variable will be exported with the
- * deduced list.
+ * Ensures all required environment variables are set in the context of a local run.
  */
-async function getLanguages() {
-    // Obtain from CODEQL_ACTION_LANGUAGES if set
-    const langsVar = process.env[sharedEnv.CODEQL_ACTION_LANGUAGES];
-    if (langsVar) {
-        return langsVar.split(',')
-            .map(x => x.trim())
-            .filter(x => x.length > 0);
+function prepareLocalRunEnvironment() {
+    if (!isLocalRun()) {
+        return;
     }
-    // Obtain from action input 'languages' if set
-    let languages = core.getInput('languages', { required: false })
-        .split(',')
-        .map(x => x.trim())
-        .filter(x => x.length > 0);
-    core.info("Languages from configuration: " + JSON.stringify(languages));
-    if (languages.length === 0) {
-        // Obtain languages as all languages in the repo that can be analysed
-        languages = await getLanguagesInRepo();
-        core.info("Automatically detected languages: " + JSON.stringify(languages));
+    core.debug("Action is running locally.");
+    if (!process.env.GITHUB_JOB) {
+        core.exportVariable("GITHUB_JOB", "UNKNOWN-JOB");
     }
-    core.exportVariable(sharedEnv.CODEQL_ACTION_LANGUAGES, languages.join(','));
-    return languages;
 }
-exports.getLanguages = getLanguages;
+exports.prepareLocalRunEnvironment = prepareLocalRunEnvironment;
 /**
  * Gets the SHA of the commit that is currently checked out.
  */
 async function getCommitOid() {
-    let commitOid = '';
-    await exec.exec('git', ['rev-parse', 'HEAD'], {
-        silent: true,
-        listeners: {
-            stdout: (data) => { commitOid += data.toString(); },
-            stderr: (data) => { process.stderr.write(data); }
-        }
-    });
-    return commitOid.trim();
+    // Try to use git to get the current commit SHA. If that fails then
+    // log but otherwise silently fall back to using the SHA from the environment.
+    // The only time these two values will differ is during analysis of a PR when
+    // the workflow has changed the current commit to the head commit instead of
+    // the merge commit, which must mean that git is available.
+    // Even if this does go wrong, it's not a huge problem for the alerts to
+    // reported on the merge commit.
+    try {
+        let commitOid = "";
+        await new toolrunnner.ToolRunner("git", ["rev-parse", "HEAD"], {
+            silent: true,
+            listeners: {
+                stdout: (data) => {
+                    commitOid += data.toString();
+                },
+                stderr: (data) => {
+                    process.stderr.write(data);
+                },
+            },
+        }).exec();
+        return commitOid.trim();
+    }
+    catch (e) {
+        core.info(`Failed to call git to get current commit. Continuing with data from environment: ${e}`);
+        return getRequiredEnvParam("GITHUB_SHA");
+    }
 }
 exports.getCommitOid = getCommitOid;
 /**
  * Get the path of the currently executing workflow.
  */
 async function getWorkflowPath() {
-    const repo_nwo = getRequiredEnvParam('GITHUB_REPOSITORY').split("/");
+    const repo_nwo = getRequiredEnvParam("GITHUB_REPOSITORY").split("/");
     const owner = repo_nwo[0];
     const repo = repo_nwo[1];
-    const run_id = getRequiredEnvParam('GITHUB_RUN_ID');
-    const ok = new octokit.Octokit({
-        auth: core.getInput('token'),
-        userAgent: "CodeQL Action",
-        log: console_log_level_1.default({ level: 'debug' })
-    });
-    const runsResponse = await ok.request('GET /repos/:owner/:repo/actions/runs/:run_id', {
+    const run_id = Number(getRequiredEnvParam("GITHUB_RUN_ID"));
+    const apiClient = api.getActionsApiClient();
+    const runsResponse = await apiClient.request("GET /repos/:owner/:repo/actions/runs/:run_id", {
         owner,
         repo,
-        run_id
+        run_id,
     });
     const workflowUrl = runsResponse.data.workflow_url;
-    const workflowResponse = await ok.request('GET ' + workflowUrl);
+    const workflowResponse = await apiClient.request(`GET ${workflowUrl}`);
     return workflowResponse.data.path;
 }
+/**
+ * Get the workflow run ID.
+ */
+function getWorkflowRunID() {
+    const workflowRunID = parseInt(getRequiredEnvParam("GITHUB_RUN_ID"), 10);
+    if (Number.isNaN(workflowRunID)) {
+        throw new Error("GITHUB_RUN_ID must define a non NaN workflow run ID");
+    }
+    return workflowRunID;
+}
+exports.getWorkflowRunID = getWorkflowRunID;
 /**
  * Get the analysis key paramter for the current job.
  *
@@ -181,14 +135,15 @@ async function getWorkflowPath() {
  * the github API, but after that the result will be cached.
  */
 async function getAnalysisKey() {
-    let analysisKey = process.env[sharedEnv.CODEQL_ACTION_ANALYSIS_KEY];
+    const analysisKeyEnvVar = "CODEQL_ACTION_ANALYSIS_KEY";
+    let analysisKey = process.env[analysisKeyEnvVar];
     if (analysisKey !== undefined) {
         return analysisKey;
     }
     const workflowPath = await getWorkflowPath();
-    const jobName = getRequiredEnvParam('GITHUB_JOB');
-    analysisKey = workflowPath + ':' + jobName;
-    core.exportVariable(sharedEnv.CODEQL_ACTION_ANALYSIS_KEY, analysisKey);
+    const jobName = getRequiredEnvParam("GITHUB_JOB");
+    analysisKey = `${workflowPath}:${jobName}`;
+    core.exportVariable(analysisKeyEnvVar, analysisKey);
     return analysisKey;
 }
 exports.getAnalysisKey = getAnalysisKey;
@@ -198,14 +153,14 @@ exports.getAnalysisKey = getAnalysisKey;
 function getRef() {
     // Will be in the form "refs/heads/master" on a push event
     // or in the form "refs/pull/N/merge" on a pull_request event
-    const ref = getRequiredEnvParam('GITHUB_REF');
+    const ref = getRequiredEnvParam("GITHUB_REF");
     // For pull request refs we want to convert from the 'merge' ref
     // to the 'head' ref, as that is what we want to analyse.
     // There should have been some code earlier in the workflow to do
     // the checkout, but we have no way of verifying that here.
     const pull_ref_regex = /refs\/pull\/(\d+)\/merge/;
     if (pull_ref_regex.test(ref)) {
-        return ref.replace(pull_ref_regex, 'refs/pull/$1/head');
+        return ref.replace(pull_ref_regex, "refs/pull/$1/head");
     }
     else {
         return ref;
@@ -217,33 +172,38 @@ exports.getRef = getRef;
  *
  * @param actionName The name of the action, e.g. 'init', 'finish', 'upload-sarif'
  * @param status The status. Must be 'success', 'failure', or 'starting'
+ * @param startedAt The time this action started executing.
  * @param cause  Cause of failure (only supply if status is 'failure')
  * @param exception Exception (only supply if status is 'failure')
  */
-async function createStatusReport(actionName, status, cause, exception) {
-    const commitOid = process.env['GITHUB_SHA'] || '';
+async function createStatusReportBase(actionName, status, actionStartedAt, cause, exception) {
+    const commitOid = process.env["GITHUB_SHA"] || "";
     const ref = getRef();
-    const workflowRunIDStr = process.env['GITHUB_RUN_ID'];
+    const workflowRunIDStr = process.env["GITHUB_RUN_ID"];
     let workflowRunID = -1;
     if (workflowRunIDStr) {
         workflowRunID = parseInt(workflowRunIDStr, 10);
     }
-    const workflowName = process.env['GITHUB_WORKFLOW'] || '';
-    const jobName = process.env['GITHUB_JOB'] || '';
-    const languages = (await getLanguages()).sort().join(',');
-    const startedAt = process.env[sharedEnv.CODEQL_ACTION_STARTED_AT] || new Date().toISOString();
-    core.exportVariable(sharedEnv.CODEQL_ACTION_STARTED_AT, startedAt);
-    let statusReport = {
+    const workflowName = process.env["GITHUB_WORKFLOW"] || "";
+    const jobName = process.env["GITHUB_JOB"] || "";
+    const analysis_key = await getAnalysisKey();
+    let workflowStartedAt = process.env[sharedEnv.CODEQL_WORKFLOW_STARTED_AT];
+    if (workflowStartedAt === undefined) {
+        workflowStartedAt = actionStartedAt.toISOString();
+        core.exportVariable(sharedEnv.CODEQL_WORKFLOW_STARTED_AT, workflowStartedAt);
+    }
+    const statusReport = {
         workflow_run_id: workflowRunID,
         workflow_name: workflowName,
         job_name: jobName,
-        languages: languages,
+        analysis_key,
         commit_oid: commitOid,
-        ref: ref,
+        ref,
         action_name: actionName,
         action_oid: "unknown",
-        started_at: startedAt,
-        status: status
+        started_at: workflowStartedAt,
+        action_started_at: actionStartedAt.toISOString(),
+        status,
     };
     // Add optional parameters
     if (cause) {
@@ -252,81 +212,63 @@ async function createStatusReport(actionName, status, cause, exception) {
     if (exception) {
         statusReport.exception = exception;
     }
-    if (status === 'success' || status === 'failure') {
+    if (status === "success" || status === "failure" || status === "aborted") {
         statusReport.completed_at = new Date().toISOString();
     }
-    let matrix = core.getInput('matrix');
+    const matrix = getOptionalInput("matrix");
     if (matrix) {
         statusReport.matrix_vars = matrix;
     }
     return statusReport;
 }
+exports.createStatusReportBase = createStatusReportBase;
 /**
  * Send a status report to the code_scanning/analysis/status endpoint.
  *
- * Returns the status code of the response to the status request, or
- * undefined if the given statusReport is undefined or no response was
- * received.
- */
-async function sendStatusReport(statusReport) {
-    var _a;
-    const statusReportJSON = JSON.stringify(statusReport);
-    core.debug('Sending status report: ' + statusReportJSON);
-    const githubToken = core.getInput('token');
-    const ph = new auth.BearerCredentialHandler(githubToken);
-    const client = new http.HttpClient('Code Scanning : Status Report', [ph]);
-    const url = 'https://api.github.com/repos/' + process.env['GITHUB_REPOSITORY']
-        + '/code-scanning/analysis/status';
-    const res = await client.put(url, statusReportJSON);
-    return (_a = res.message) === null || _a === void 0 ? void 0 : _a.statusCode;
-}
-/**
- * Send a status report that an action is starting.
+ * Optionally checks the response from the API endpoint and sets the action
+ * as failed if the status report failed. This is only expected to be used
+ * when sending a 'starting' report.
  *
- * If the action is `init` then this also records the start time in the environment,
- * and ensures that the analysed languages are also recorded in the envirenment.
- *
- * Returns true unless a problem occurred and the action should abort.
+ * Returns whether sending the status report was successful of not.
  */
-async function reportActionStarting(action) {
-    const statusCode = await sendStatusReport(await createStatusReport(action, 'starting'));
-    // If the status report request fails with a 403 or a 404, then this is a deliberate
-    // message from the endpoint that the SARIF upload can be expected to fail too,
-    // so the action should fail to avoid wasting actions minutes.
-    //
-    // Other failure responses (or lack thereof) could be transitory and should not
-    // cause the action to fail.
-    if (statusCode === 403) {
-        core.setFailed('The repo on which this action is running is not opted-in to CodeQL code scanning.');
-        return false;
+async function sendStatusReport(statusReport, ignoreFailures) {
+    if (getRequiredEnvParam("GITHUB_SERVER_URL") !== exports.GITHUB_DOTCOM_URL) {
+        core.debug("Not sending status report to GitHub Enterprise");
+        return true;
     }
-    if (statusCode === 404) {
-        core.setFailed('Not authorized to used the CodeQL code scanning feature on this repo.');
-        return false;
+    if (isLocalRun()) {
+        core.debug("Not sending status report because this is a local run");
+        return true;
+    }
+    const statusReportJSON = JSON.stringify(statusReport);
+    core.debug(`Sending status report: ${statusReportJSON}`);
+    const nwo = getRequiredEnvParam("GITHUB_REPOSITORY");
+    const [owner, repo] = nwo.split("/");
+    const client = api.getActionsApiClient();
+    const statusResponse = await client.request("PUT /repos/:owner/:repo/code-scanning/analysis/status", {
+        owner,
+        repo,
+        data: statusReportJSON,
+    });
+    if (!ignoreFailures) {
+        // If the status report request fails with a 403 or a 404, then this is a deliberate
+        // message from the endpoint that the SARIF upload can be expected to fail too,
+        // so the action should fail to avoid wasting actions minutes.
+        //
+        // Other failure responses (or lack thereof) could be transitory and should not
+        // cause the action to fail.
+        if (statusResponse.status === 403) {
+            core.setFailed("The repo on which this action is running is not opted-in to CodeQL code scanning.");
+            return false;
+        }
+        if (statusResponse.status === 404) {
+            core.setFailed("Not authorized to used the CodeQL code scanning feature on this repo.");
+            return false;
+        }
     }
     return true;
 }
-exports.reportActionStarting = reportActionStarting;
-/**
- * Report that an action has failed.
- *
- * Note that the started_at date is always that of the `init` action, since
- * this is likely to give a more useful duration when inspecting events.
- */
-async function reportActionFailed(action, cause, exception) {
-    await sendStatusReport(await createStatusReport(action, 'failure', cause, exception));
-}
-exports.reportActionFailed = reportActionFailed;
-/**
- * Report that an action has succeeded.
- *
- * Note that the started_at date is always that of the `init` action, since
- * this is likely to give a more useful duration when inspecting events.
- */
-async function reportActionSucceeded(action) {
-    await sendStatusReport(await createStatusReport(action, 'success'));
-}
-exports.reportActionSucceeded = reportActionSucceeded;
+exports.sendStatusReport = sendStatusReport;
 /**
  * Get the array of all the tool names contained in the given sarif contents.
  *
@@ -348,10 +290,117 @@ exports.getToolNames = getToolNames;
 // Creates a random temporary directory, runs the given body, and then deletes the directory.
 // Mostly intended for use within tests.
 async function withTmpDir(body) {
-    const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'codeql-action-'));
-    const result = await body(tmpDir);
+    const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), "codeql-action-"));
+    const realSubdir = path.join(tmpDir, "real");
+    fs.mkdirSync(realSubdir);
+    const symlinkSubdir = path.join(tmpDir, "symlink");
+    fs.symlinkSync(realSubdir, symlinkSubdir, "dir");
+    const result = await body(symlinkSubdir);
     fs.rmdirSync(tmpDir, { recursive: true });
     return result;
 }
 exports.withTmpDir = withTmpDir;
+/**
+ * Get the codeql `--ram` flag as configured by the `ram` input. If no value was
+ * specified, the total available memory will be used minus 256 MB.
+ *
+ * @returns string
+ */
+function getMemoryFlag(userInput) {
+    let memoryToUseMegaBytes;
+    if (userInput) {
+        memoryToUseMegaBytes = Number(userInput);
+        if (Number.isNaN(memoryToUseMegaBytes) || memoryToUseMegaBytes <= 0) {
+            throw new Error(`Invalid RAM setting "${userInput}", specified.`);
+        }
+    }
+    else {
+        const totalMemoryBytes = os.totalmem();
+        const totalMemoryMegaBytes = totalMemoryBytes / (1024 * 1024);
+        const systemReservedMemoryMegaBytes = 256;
+        memoryToUseMegaBytes = totalMemoryMegaBytes - systemReservedMemoryMegaBytes;
+    }
+    return `--ram=${Math.floor(memoryToUseMegaBytes)}`;
+}
+exports.getMemoryFlag = getMemoryFlag;
+/**
+ * Get the codeql flag to specify whether to add code snippets to the sarif file.
+ *
+ * @returns string
+ */
+function getAddSnippetsFlag(userInput) {
+    if (typeof userInput === "string") {
+        // have to process specifically because any non-empty string is truthy
+        userInput = userInput.toLowerCase() === "true";
+    }
+    return userInput ? "--sarif-add-snippets" : "--no-sarif-add-snippets";
+}
+exports.getAddSnippetsFlag = getAddSnippetsFlag;
+/**
+ * Get the codeql `--threads` value specified for the `threads` input.
+ * If not value was specified, all available threads will be used.
+ *
+ * The value will be capped to the number of available CPUs.
+ *
+ * @returns string
+ */
+function getThreadsFlag(userInput, logger) {
+    let numThreads;
+    const maxThreads = os.cpus().length;
+    if (userInput) {
+        numThreads = Number(userInput);
+        if (Number.isNaN(numThreads)) {
+            throw new Error(`Invalid threads setting "${userInput}", specified.`);
+        }
+        if (numThreads > maxThreads) {
+            logger.info(`Clamping desired number of threads (${numThreads}) to max available (${maxThreads}).`);
+            numThreads = maxThreads;
+        }
+        const minThreads = -maxThreads;
+        if (numThreads < minThreads) {
+            logger.info(`Clamping desired number of free threads (${numThreads}) to max available (${minThreads}).`);
+            numThreads = minThreads;
+        }
+    }
+    else {
+        // Default to using all threads
+        numThreads = maxThreads;
+    }
+    return `--threads=${numThreads}`;
+}
+exports.getThreadsFlag = getThreadsFlag;
+/**
+ * Get the directory where CodeQL databases should be placed.
+ */
+function getCodeQLDatabasesDir(tempDir) {
+    return path.resolve(tempDir, "codeql_databases");
+}
+exports.getCodeQLDatabasesDir = getCodeQLDatabasesDir;
+/**
+ * Get the path where the CodeQL database for the given language lives.
+ */
+function getCodeQLDatabasePath(tempDir, language) {
+    return path.resolve(getCodeQLDatabasesDir(tempDir), language);
+}
+exports.getCodeQLDatabasePath = getCodeQLDatabasePath;
+/**
+ *  Wrapper for core.getInput. Returns undefined if the requested
+ *  input is not specified.
+ */
+function getOptionalInput(name) {
+    const value = core.getInput(name);
+    if (value === "") {
+        return undefined;
+    }
+    return value;
+}
+exports.getOptionalInput = getOptionalInput;
+/**
+ * Wrapper for core.getInput. Returns the requested input or
+ * throws if not defined.
+ */
+function getRequiredInput(name) {
+    return core.getInput(name, { required: true });
+}
+exports.getRequiredInput = getRequiredInput;
 //# sourceMappingURL=util.js.map