mirror of
https://github.com/github/codeql-action.git
synced 2025-12-26 17:20:10 +08:00
175 lines
6.3 KiB
TypeScript
175 lines
6.3 KiB
TypeScript
import * as core from "@actions/core";
|
|
|
|
import { getTemporaryDirectory, getWorkflowEventName } from "./actions-util";
|
|
import { getGitHubVersion } from "./api-client";
|
|
import { CodeQL, getCodeQL } from "./codeql";
|
|
import * as configUtils from "./config-utils";
|
|
import { DocUrl } from "./doc-url";
|
|
import { EnvVar } from "./environment";
|
|
import { Feature, featureConfig, Features } from "./feature-flags";
|
|
import { isTracedLanguage, Language } from "./languages";
|
|
import { Logger } from "./logging";
|
|
import { parseRepositoryNwo } from "./repository";
|
|
import { ToolsFeature } from "./tools-features";
|
|
import { BuildMode, getRequiredEnvParam } from "./util";
|
|
|
|
export async function determineAutobuildLanguages(
|
|
codeql: CodeQL,
|
|
config: configUtils.Config,
|
|
logger: Logger,
|
|
): Promise<Language[] | undefined> {
|
|
if (
|
|
(config.buildMode === BuildMode.None &&
|
|
(await codeql.supportsFeature(ToolsFeature.TraceCommandUseBuildMode))) ||
|
|
config.buildMode === BuildMode.Manual
|
|
) {
|
|
logger.info(`Using ${config.buildMode} build mode, nothing to autobuild.`);
|
|
return undefined;
|
|
}
|
|
|
|
// Attempt to find a language to autobuild
|
|
// We want pick the dominant language in the repo from the ones we're able to build
|
|
// The languages are sorted in order specified by user or by lines of code if we got
|
|
// them from the GitHub API, so try to build the first language on the list.
|
|
const autobuildLanguages = config.languages.filter((l) =>
|
|
isTracedLanguage(l),
|
|
);
|
|
|
|
if (!autobuildLanguages) {
|
|
logger.info(
|
|
"None of the languages in this project require extra build steps",
|
|
);
|
|
return undefined;
|
|
}
|
|
|
|
/**
|
|
* Additionally autobuild Go in the autobuild Action to ensure backwards
|
|
* compatibility for users performing a multi-language build within a single
|
|
* job.
|
|
*
|
|
* For example, consider a user with the following workflow file:
|
|
*
|
|
* ```yml
|
|
* - uses: github/codeql-action/init@v3
|
|
* with:
|
|
* languages: go, java
|
|
* - uses: github/codeql-action/autobuild@v3
|
|
* - uses: github/codeql-action/analyze@v3
|
|
* ```
|
|
*
|
|
* - With Go extraction disabled, we will run the Java autobuilder in the
|
|
* autobuild Action, ensuring we extract both Java and Go code.
|
|
* - With Go extraction enabled, taking the previous behavior we'd run the Go
|
|
* autobuilder, since Go is first on the list of languages. We wouldn't run
|
|
* the Java autobuilder at all and so we'd only extract Go code.
|
|
*
|
|
* We therefore introduce a special case here such that we'll autobuild Go
|
|
* in addition to the primary non-Go traced language in the autobuild Action.
|
|
*
|
|
* This special case behavior should be removed as part of the next major
|
|
* version of the CodeQL Action.
|
|
*/
|
|
const autobuildLanguagesWithoutGo = autobuildLanguages.filter(
|
|
(l) => l !== Language.go,
|
|
);
|
|
|
|
const languages: Language[] = [];
|
|
// First run the autobuilder for the first non-Go traced language, if one
|
|
// exists.
|
|
if (autobuildLanguagesWithoutGo[0] !== undefined) {
|
|
languages.push(autobuildLanguagesWithoutGo[0]);
|
|
}
|
|
// If Go is requested, run the Go autobuilder last to ensure it doesn't
|
|
// interfere with the other autobuilder.
|
|
if (autobuildLanguages.length !== autobuildLanguagesWithoutGo.length) {
|
|
languages.push(Language.go);
|
|
}
|
|
|
|
logger.debug(`Will autobuild ${languages.join(" and ")}.`);
|
|
|
|
// In general the autobuilders for other traced languages may conflict with
|
|
// each other. Therefore if a user has requested more than one non-Go traced
|
|
// language, we ask for manual build steps.
|
|
// Matrixing the build would also work, but that would change the SARIF
|
|
// categories, potentially leading to a "stale tips" situation where alerts
|
|
// that should be fixed remain on a repo since they are linked to SARIF
|
|
// categories that are no longer updated.
|
|
if (autobuildLanguagesWithoutGo.length > 1) {
|
|
logger.warning(
|
|
`We will only automatically build ${languages.join(
|
|
" and ",
|
|
)} code. If you wish to scan ${autobuildLanguagesWithoutGo
|
|
.slice(1)
|
|
.join(
|
|
" and ",
|
|
)}, you must replace the autobuild step of your workflow with custom build steps. ` +
|
|
`See ${DocUrl.SPECIFY_BUILD_STEPS_MANUALLY} for more information.`,
|
|
);
|
|
}
|
|
|
|
return languages;
|
|
}
|
|
|
|
export async function setupCppAutobuild(codeql: CodeQL, logger: Logger) {
|
|
const envVar = featureConfig[Feature.CppDependencyInstallation].envVar;
|
|
const featureName = "C++ automatic installation of dependencies";
|
|
const gitHubVersion = await getGitHubVersion();
|
|
const repositoryNwo = parseRepositoryNwo(
|
|
getRequiredEnvParam("GITHUB_REPOSITORY"),
|
|
);
|
|
const features = new Features(
|
|
gitHubVersion,
|
|
repositoryNwo,
|
|
getTemporaryDirectory(),
|
|
logger,
|
|
);
|
|
if (await features.getValue(Feature.CppDependencyInstallation, codeql)) {
|
|
// disable autoinstall on self-hosted runners unless explicitly requested
|
|
if (
|
|
process.env["RUNNER_ENVIRONMENT"] === "self-hosted" &&
|
|
process.env[envVar] !== "true"
|
|
) {
|
|
logger.info(
|
|
`Disabling ${featureName} as we are on a self-hosted runner.${
|
|
getWorkflowEventName() !== "dynamic"
|
|
? ` To override this, set the ${envVar} environment variable to 'true' in your workflow. See ${DocUrl.DEFINE_ENV_VARIABLES} for more information.`
|
|
: ""
|
|
}`,
|
|
);
|
|
core.exportVariable(envVar, "false");
|
|
} else {
|
|
logger.info(
|
|
`Enabling ${featureName}. This can be disabled by setting the ${envVar} environment variable to 'false'. See ${DocUrl.DEFINE_ENV_VARIABLES} for more information.`,
|
|
);
|
|
core.exportVariable(envVar, "true");
|
|
}
|
|
} else {
|
|
logger.info(`Disabling ${featureName}.`);
|
|
core.exportVariable(envVar, "false");
|
|
}
|
|
}
|
|
|
|
export async function runAutobuild(
|
|
config: configUtils.Config,
|
|
language: Language,
|
|
logger: Logger,
|
|
) {
|
|
logger.startGroup(`Attempting to automatically build ${language} code`);
|
|
const codeQL = await getCodeQL(config.codeQLCmd);
|
|
if (language === Language.cpp) {
|
|
await setupCppAutobuild(codeQL, logger);
|
|
}
|
|
if (
|
|
config.buildMode &&
|
|
(await codeQL.supportsFeature(ToolsFeature.TraceCommandUseBuildMode))
|
|
) {
|
|
await codeQL.extractUsingBuildMode(config, language);
|
|
} else {
|
|
await codeQL.runAutobuild(config, language);
|
|
}
|
|
if (language === Language.go) {
|
|
core.exportVariable(EnvVar.DID_AUTOBUILD_GOLANG, "true");
|
|
}
|
|
logger.endGroup();
|
|
}
|