From c4d2772a75abf9e0e91bb94b1997e9a7493e36e8 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 2 Sep 2025 12:27:58 +0100 Subject: [PATCH 1/4] Add `computedConfig` property to `Config` type --- lib/analyze-action-post.js | 245 ++++----- lib/analyze-action.js | 803 ++++++++++++++---------------- lib/autobuild-action.js | 261 ++++------ lib/init-action-post.js | 333 ++++++------- lib/init-action.js | 15 +- lib/resolve-environment-action.js | 57 +-- lib/upload-lib.js | 327 +++++------- lib/upload-sarif-action-post.js | 64 +-- lib/upload-sarif-action.js | 315 +++++------- src/codeql.test.ts | 5 + src/codeql.ts | 10 +- src/config-utils.test.ts | 17 +- src/config-utils.ts | 19 +- src/testing-utils.ts | 1 + 14 files changed, 1059 insertions(+), 1413 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 99d289f8f0..70418568c3 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -117083,9 +117083,6 @@ function wrapError(error2) { function getErrorMessage(error2) { return error2 instanceof Error ? error2.message : String(error2); } -function cloneObject(obj) { - return JSON.parse(JSON.stringify(obj)); -} async function asyncSome(array, predicate) { const results = await Promise.all(array.map(predicate)); return results.some((result) => result); @@ -117243,9 +117240,9 @@ async function getGitHubVersion() { } // src/codeql.ts -var fs4 = __toESM(require("fs")); -var path4 = __toESM(require("path")); -var core10 = __toESM(require_core()); +var fs3 = __toESM(require("fs")); +var path3 = __toESM(require("path")); +var core9 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -117485,22 +117482,6 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } -// src/config-utils.ts -var fs3 = __toESM(require("fs")); -var path3 = __toESM(require("path")); -var semver4 = __toESM(require_semver2()); - -// src/analyses.ts -var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { - AnalysisKind2["CodeScanning"] = "code-scanning"; - AnalysisKind2["CodeQuality"] = "code-quality"; - return AnalysisKind2; -})(AnalysisKind || {}); -var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); - -// src/caching-utils.ts -var core6 = __toESM(require_core()); - // src/feature-flags.ts var semver3 = __toESM(require_semver2()); @@ -117510,13 +117491,13 @@ var path2 = __toESM(require("path")); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core7 = __toESM(require_core()); +var core6 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); var runGitCommand = async function(workingDirectory, args, customErrorMessage) { let stdout = ""; let stderr = ""; - core7.debug(`Running git command: git ${args.join(" ")}`); + core6.debug(`Running git command: git ${args.join(" ")}`); try { await new toolrunner2.ToolRunner(await io3.which("git", true), args, { silent: true, @@ -117536,7 +117517,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) { if (stderr.includes("not a git repository")) { reason = "The checkout path provided to the action does not appear to be a git repository."; } - core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`); throw error2; } }; @@ -117647,7 +117628,7 @@ async function getRef() { ) !== head; if (hasChangedRef) { const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core7.debug( + core6.debug( `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); return newRef; @@ -117673,16 +117654,16 @@ async function isAnalyzingDefaultBranch() { } // src/logging.ts -var core8 = __toESM(require_core()); +var core7 = __toESM(require_core()); function getActionsLogger() { - return core8; + return core7; } function withGroup(groupName, f) { - core8.startGroup(groupName); + core7.startGroup(groupName); try { return f(); } finally { - core8.endGroup(); + core7.endGroup(); } } @@ -117917,126 +117898,23 @@ var featureConfig = { } }; -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); - -// src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path3.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs3.existsSync(configFile)) { - return void 0; - } - const configString = fs3.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} -function generateCodeScanningConfig(originalUserInput, augmentationProperties) { - const augmentedConfig = cloneObject(originalUserInput); - if (augmentationProperties.queriesInput) { - if (augmentationProperties.queriesInputCombines) { - augmentedConfig.queries = (augmentedConfig.queries || []).concat( - augmentationProperties.queriesInput - ); - } else { - augmentedConfig.queries = augmentationProperties.queriesInput; - } - } - if (augmentedConfig.queries?.length === 0) { - delete augmentedConfig.queries; - } - if (augmentationProperties.packsInput) { - if (augmentationProperties.packsInputCombines) { - if (Array.isArray(augmentedConfig.packs)) { - augmentedConfig.packs = (augmentedConfig.packs || []).concat( - augmentationProperties.packsInput - ); - } else if (!augmentedConfig.packs) { - augmentedConfig.packs = augmentationProperties.packsInput; - } else { - const language = Object.keys(augmentedConfig.packs)[0]; - augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(augmentationProperties.packsInput); - } - } else { - augmentedConfig.packs = augmentationProperties.packsInput; - } - } - if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) { - delete augmentedConfig.packs; - } - augmentedConfig["query-filters"] = [ - // Ordering matters. If the first filter is an inclusion, it implicitly - // excludes all queries that are not included. If it is an exclusion, - // it implicitly includes all queries that are not excluded. So user - // filters (if any) should always be first to preserve intent. - ...augmentedConfig["query-filters"] || [], - ...augmentationProperties.extraQueryExclusions - ]; - if (augmentedConfig["query-filters"]?.length === 0) { - delete augmentedConfig["query-filters"]; - } - return augmentedConfig; -} - // src/setup-codeql.ts var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver7 = __toESM(require_semver2()); +var semver6 = __toESM(require_semver2()); // src/tar.ts var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); var toolcache = __toESM(require_tool_cache()); -var semver5 = __toESM(require_semver2()); +var semver4 = __toESM(require_semver2()); // src/tools-download.ts -var core9 = __toESM(require_core()); +var core8 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver6 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; // src/tracer-config.ts @@ -118094,12 +117972,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path4.join( + const tracingConfigPath = path3.join( extractorPath, "tools", "tracing-config.lua" ); - return fs4.existsSync(tracingConfigPath); + return fs3.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -118170,7 +118048,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path4.join( + const autobuildCmd = path3.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -118491,12 +118369,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core10.warning( + core9.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core9.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -118548,17 +118426,13 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(augmentedConfig)); + logger.info(dump(config.computedConfig)); logger.endGroup(); - fs4.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs3.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -118581,7 +118455,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path4.resolve(config.tempDir, "user-config.yaml"); + return path3.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -118601,6 +118475,79 @@ async function getJobRunUuidSarifOptions(codeql) { ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } +// src/config-utils.ts +var fs4 = __toESM(require("fs")); +var path4 = __toESM(require("path")); +var semver7 = __toESM(require_semver2()); + +// src/analyses.ts +var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { + AnalysisKind2["CodeScanning"] = "code-scanning"; + AnalysisKind2["CodeQuality"] = "code-quality"; + return AnalysisKind2; +})(AnalysisKind || {}); +var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); + +// src/caching-utils.ts +var core10 = __toESM(require_core()); + +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); + +// src/config-utils.ts +var defaultAugmentationProperties = { + queriesInputCombines: false, + packsInputCombines: false, + packsInput: void 0, + queriesInput: void 0, + extraQueryExclusions: [], + overlayDatabaseMode: "none" /* None */, + useOverlayDatabaseCaching: false +}; +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path4.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs4.existsSync(configFile)) { + return void 0; + } + const configString = fs4.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} + // src/debug-artifacts.ts var fs5 = __toESM(require("fs")); var path5 = __toESM(require("path")); diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 29aef44a7a..ead5a6e9a9 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -89845,9 +89845,6 @@ function satisfiesGHESVersion(ghesVersion, range, defaultIfInvalid) { semverVersion.prerelease = []; return semver.satisfies(semverVersion, range); } -function cloneObject(obj) { - return JSON.parse(JSON.stringify(obj)); -} async function checkSipEnablement(logger) { if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; @@ -90287,12 +90284,12 @@ function wrapApiConfigurationError(e) { } // src/autobuild.ts -var core11 = __toESM(require_core()); +var core10 = __toESM(require_core()); // src/codeql.ts -var fs14 = __toESM(require("fs")); -var path14 = __toESM(require("path")); -var core10 = __toESM(require_core()); +var fs12 = __toESM(require("fs")); +var path12 = __toESM(require("path")); +var core9 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -90532,27 +90529,6 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } -// src/config-utils.ts -var fs9 = __toESM(require("fs")); -var path10 = __toESM(require("path")); -var semver4 = __toESM(require_semver2()); - -// src/caching-utils.ts -var core6 = __toESM(require_core()); -async function getTotalCacheSize(paths, logger, quiet = false) { - const sizes = await Promise.all( - paths.map((cacheDir) => tryGetFolderBytes(cacheDir, logger, quiet)) - ); - return sizes.map((a) => a || 0).reduce((a, b) => a + b, 0); -} -function shouldStoreCache(kind) { - return kind === "full" /* Full */ || kind === "store" /* Store */; -} - -// src/diff-informed-analysis-utils.ts -var fs8 = __toESM(require("fs")); -var path9 = __toESM(require("path")); - // src/feature-flags.ts var fs7 = __toESM(require("fs")); var path8 = __toESM(require("path")); @@ -90568,13 +90544,13 @@ var path7 = __toESM(require("path")); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core7 = __toESM(require_core()); +var core6 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); var runGitCommand = async function(workingDirectory, args, customErrorMessage) { let stdout = ""; let stderr = ""; - core7.debug(`Running git command: git ${args.join(" ")}`); + core6.debug(`Running git command: git ${args.join(" ")}`); try { await new toolrunner2.ToolRunner(await io3.which("git", true), args, { silent: true, @@ -90594,7 +90570,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) { if (stderr.includes("not a git repository")) { reason = "The checkout path provided to the action does not appear to be a git repository."; } - core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`); throw error2; } }; @@ -90739,7 +90715,7 @@ async function getRef() { ) !== head; if (hasChangedRef) { const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core7.debug( + core6.debug( `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); return newRef; @@ -90765,16 +90741,16 @@ async function isAnalyzingDefaultBranch() { } // src/logging.ts -var core8 = __toESM(require_core()); +var core7 = __toESM(require_core()); function getActionsLogger() { - return core8; + return core7; } async function withGroupAsync(groupName, f) { - core8.startGroup(groupName); + core7.startGroup(groupName); try { return await f(); } finally { - core8.endGroup(); + core7.endGroup(); } } function formatDuration(durationMs) { @@ -91376,369 +91352,101 @@ var GitHubFeatureFlags = class { } }; -// src/diff-informed-analysis-utils.ts -async function getDiffInformedAnalysisBranches(codeql, features, logger) { - if (!await features.getValue("diff_informed_queries" /* DiffInformedQueries */, codeql)) { - return void 0; - } - const gitHubVersion = await getGitHubVersion(); - if (gitHubVersion.type === 1 /* GHES */ && satisfiesGHESVersion(gitHubVersion.version, "<3.19", true)) { - return void 0; - } - const branches = getPullRequestBranches(); - if (!branches) { - logger.info( - "Not performing diff-informed analysis because we are not analyzing a pull request." - ); - } - return branches; -} -function getDiffRangesJsonFilePath() { - return path9.join(getTemporaryDirectory(), "pr-diff-range.json"); +// src/setup-codeql.ts +var fs10 = __toESM(require("fs")); +var path10 = __toESM(require("path")); +var toolcache3 = __toESM(require_tool_cache()); +var import_fast_deep_equal = __toESM(require_fast_deep_equal()); +var semver6 = __toESM(require_semver2()); + +// node_modules/uuid/dist/esm/stringify.js +var byteToHex = []; +for (let i = 0; i < 256; ++i) { + byteToHex.push((i + 256).toString(16).slice(1)); } -function writeDiffRangesJsonFile(logger, ranges) { - const jsonContents = JSON.stringify(ranges, null, 2); - const jsonFilePath = getDiffRangesJsonFilePath(); - fs8.writeFileSync(jsonFilePath, jsonContents); - logger.debug( - `Wrote pr-diff-range JSON file to ${jsonFilePath}: -${jsonContents}` - ); +function unsafeStringify(arr, offset = 0) { + return (byteToHex[arr[offset + 0]] + byteToHex[arr[offset + 1]] + byteToHex[arr[offset + 2]] + byteToHex[arr[offset + 3]] + "-" + byteToHex[arr[offset + 4]] + byteToHex[arr[offset + 5]] + "-" + byteToHex[arr[offset + 6]] + byteToHex[arr[offset + 7]] + "-" + byteToHex[arr[offset + 8]] + byteToHex[arr[offset + 9]] + "-" + byteToHex[arr[offset + 10]] + byteToHex[arr[offset + 11]] + byteToHex[arr[offset + 12]] + byteToHex[arr[offset + 13]] + byteToHex[arr[offset + 14]] + byteToHex[arr[offset + 15]]).toLowerCase(); } -function readDiffRangesJsonFile(logger) { - const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs8.existsSync(jsonFilePath)) { - logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); - return void 0; + +// node_modules/uuid/dist/esm/rng.js +var import_crypto = require("crypto"); +var rnds8Pool = new Uint8Array(256); +var poolPtr = rnds8Pool.length; +function rng() { + if (poolPtr > rnds8Pool.length - 16) { + (0, import_crypto.randomFillSync)(rnds8Pool); + poolPtr = 0; } - const jsonContents = fs8.readFileSync(jsonFilePath, "utf8"); - logger.debug( - `Read pr-diff-range JSON file from ${jsonFilePath}: -${jsonContents}` - ); - return JSON.parse(jsonContents); + return rnds8Pool.slice(poolPtr, poolPtr += 16); } -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); -var CACHE_VERSION2 = 1; -var CODEQL_TRAP_CACHE_PREFIX = "codeql-trap"; -var MINIMUM_CACHE_MB_TO_UPLOAD = 10; -var MAX_CACHE_OPERATION_MS2 = 12e4; -async function uploadTrapCaches(codeql, config, logger) { - if (!await isAnalyzingDefaultBranch()) return false; - for (const language of config.languages) { - const cacheDir = config.trapCaches[language]; - if (cacheDir === void 0) continue; - const trapFolderSize = await tryGetFolderBytes(cacheDir, logger); - if (trapFolderSize === void 0) { - logger.info( - `Skipping upload of TRAP cache for ${language} as we couldn't determine its size` - ); - continue; +// node_modules/uuid/dist/esm/native.js +var import_crypto2 = require("crypto"); +var native_default = { randomUUID: import_crypto2.randomUUID }; + +// node_modules/uuid/dist/esm/v4.js +function v4(options, buf, offset) { + if (native_default.randomUUID && !buf && !options) { + return native_default.randomUUID(); + } + options = options || {}; + const rnds = options.random ?? options.rng?.() ?? rng(); + if (rnds.length < 16) { + throw new Error("Random bytes length must be >= 16"); + } + rnds[6] = rnds[6] & 15 | 64; + rnds[8] = rnds[8] & 63 | 128; + if (buf) { + offset = offset || 0; + if (offset < 0 || offset + 16 > buf.length) { + throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`); } - if (trapFolderSize < MINIMUM_CACHE_MB_TO_UPLOAD * 1048576) { - logger.info( - `Skipping upload of TRAP cache for ${language} as it is too small` - ); - continue; + for (let i = 0; i < 16; ++i) { + buf[offset + i] = rnds[i]; } - const key = await cacheKey( - codeql, - language, - process.env.GITHUB_SHA || "unknown" - ); - logger.info(`Uploading TRAP cache to Actions cache with key ${key}`); - await withTimeout( - MAX_CACHE_OPERATION_MS2, - actionsCache2.saveCache([cacheDir], key), - () => { - logger.info( - `Timed out waiting for TRAP cache for ${language} to upload, will continue without uploading` - ); - } - ); + return buf; } - return true; + return unsafeStringify(rnds); } -async function cleanupTrapCaches(config, features, logger) { - if (!await features.getValue("cleanup_trap_caches" /* CleanupTrapCaches */)) { - return { - trap_cache_cleanup_skipped_because: "feature disabled" - }; - } - if (!await isAnalyzingDefaultBranch()) { - return { - trap_cache_cleanup_skipped_because: "not analyzing default branch" - }; - } - try { - let totalBytesCleanedUp = 0; - const allCaches = await listActionsCaches( - CODEQL_TRAP_CACHE_PREFIX, - await getRef() - ); - for (const language of config.languages) { - if (config.trapCaches[language]) { - const cachesToRemove = await getTrapCachesForLanguage( - allCaches, - language, - logger - ); - cachesToRemove.sort((a, b) => a.created_at.localeCompare(b.created_at)); - const mostRecentCache = cachesToRemove.pop(); - logger.debug( - `Keeping most recent TRAP cache (${JSON.stringify(mostRecentCache)})` - ); - if (cachesToRemove.length === 0) { - logger.info(`No TRAP caches to clean up for ${language}.`); - continue; - } - for (const cache of cachesToRemove) { - logger.debug(`Cleaning up TRAP cache (${JSON.stringify(cache)})`); - await deleteActionsCache(cache.id); - } - const bytesCleanedUp = cachesToRemove.reduce( - (acc, item) => acc + item.size_in_bytes, - 0 - ); - totalBytesCleanedUp += bytesCleanedUp; - const megabytesCleanedUp = (bytesCleanedUp / (1024 * 1024)).toFixed(2); - logger.info( - `Cleaned up ${megabytesCleanedUp} MiB of old TRAP caches for ${language}.` - ); +var v4_default = v4; + +// src/tar.ts +var import_child_process = require("child_process"); +var fs8 = __toESM(require("fs")); +var stream = __toESM(require("stream")); +var import_toolrunner = __toESM(require_toolrunner()); +var io4 = __toESM(require_io()); +var toolcache = __toESM(require_tool_cache()); +var semver4 = __toESM(require_semver2()); +var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3"; +var MIN_REQUIRED_GNU_TAR_VERSION = "1.31"; +async function getTarVersion() { + const tar = await io4.which("tar", true); + let stdout = ""; + const exitCode = await new import_toolrunner.ToolRunner(tar, ["--version"], { + listeners: { + stdout: (data) => { + stdout += data.toString(); } } - return { trap_cache_cleanup_size_bytes: totalBytesCleanedUp }; - } catch (e) { - if (isHTTPError(e) && e.status === 403) { - logger.warning( - `Could not cleanup TRAP caches as the token did not have the required permissions. To clean up TRAP caches, ensure the token has the "actions:write" permission. See ${"https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs" /* ASSIGNING_PERMISSIONS_TO_JOBS */} for more information.` - ); - } else { - logger.info(`Failed to cleanup TRAP caches, continuing. Details: ${e}`); - } - return { trap_cache_cleanup_error: getErrorMessage(e) }; + }).exec(); + if (exitCode !== 0) { + throw new Error("Failed to call tar --version"); } -} -async function getTrapCachesForLanguage(allCaches, language, logger) { - logger.debug(`Listing TRAP caches for ${language}`); - for (const cache of allCaches) { - if (!cache.created_at || !cache.id || !cache.key || !cache.size_in_bytes) { - throw new Error( - `An unexpected cache item was returned from the API that was missing one or more required fields: ${JSON.stringify(cache)}` - ); + if (stdout.includes("GNU tar")) { + const match = stdout.match(/tar \(GNU tar\) ([0-9.]+)/); + if (!match || !match[1]) { + throw new Error("Failed to parse output of tar --version."); + } + return { type: "gnu", version: match[1] }; + } else if (stdout.includes("bsdtar")) { + const match = stdout.match(/bsdtar ([0-9.]+)/); + if (!match || !match[1]) { + throw new Error("Failed to parse output of tar --version."); } - } - return allCaches.filter((cache) => { - return cache.key?.includes(`-${language}-`); - }); -} -async function cacheKey(codeql, language, baseSha) { - return `${await cachePrefix(codeql, language)}${baseSha}`; -} -async function cachePrefix(codeql, language) { - return `${CODEQL_TRAP_CACHE_PREFIX}-${CACHE_VERSION2}-${(await codeql.getVersion()).version}-${language}-`; -} - -// src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path10.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs9.existsSync(configFile)) { - return void 0; - } - const configString = fs9.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} -function generateCodeScanningConfig(originalUserInput, augmentationProperties) { - const augmentedConfig = cloneObject(originalUserInput); - if (augmentationProperties.queriesInput) { - if (augmentationProperties.queriesInputCombines) { - augmentedConfig.queries = (augmentedConfig.queries || []).concat( - augmentationProperties.queriesInput - ); - } else { - augmentedConfig.queries = augmentationProperties.queriesInput; - } - } - if (augmentedConfig.queries?.length === 0) { - delete augmentedConfig.queries; - } - if (augmentationProperties.packsInput) { - if (augmentationProperties.packsInputCombines) { - if (Array.isArray(augmentedConfig.packs)) { - augmentedConfig.packs = (augmentedConfig.packs || []).concat( - augmentationProperties.packsInput - ); - } else if (!augmentedConfig.packs) { - augmentedConfig.packs = augmentationProperties.packsInput; - } else { - const language = Object.keys(augmentedConfig.packs)[0]; - augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(augmentationProperties.packsInput); - } - } else { - augmentedConfig.packs = augmentationProperties.packsInput; - } - } - if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) { - delete augmentedConfig.packs; - } - augmentedConfig["query-filters"] = [ - // Ordering matters. If the first filter is an inclusion, it implicitly - // excludes all queries that are not included. If it is an exclusion, - // it implicitly includes all queries that are not excluded. So user - // filters (if any) should always be first to preserve intent. - ...augmentedConfig["query-filters"] || [], - ...augmentationProperties.extraQueryExclusions - ]; - if (augmentedConfig["query-filters"]?.length === 0) { - delete augmentedConfig["query-filters"]; - } - return augmentedConfig; -} -function isCodeQualityEnabled(config) { - return config.analysisKinds.includes("code-quality" /* CodeQuality */); -} - -// src/setup-codeql.ts -var fs12 = __toESM(require("fs")); -var path12 = __toESM(require("path")); -var toolcache3 = __toESM(require_tool_cache()); -var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver7 = __toESM(require_semver2()); - -// node_modules/uuid/dist/esm/stringify.js -var byteToHex = []; -for (let i = 0; i < 256; ++i) { - byteToHex.push((i + 256).toString(16).slice(1)); -} -function unsafeStringify(arr, offset = 0) { - return (byteToHex[arr[offset + 0]] + byteToHex[arr[offset + 1]] + byteToHex[arr[offset + 2]] + byteToHex[arr[offset + 3]] + "-" + byteToHex[arr[offset + 4]] + byteToHex[arr[offset + 5]] + "-" + byteToHex[arr[offset + 6]] + byteToHex[arr[offset + 7]] + "-" + byteToHex[arr[offset + 8]] + byteToHex[arr[offset + 9]] + "-" + byteToHex[arr[offset + 10]] + byteToHex[arr[offset + 11]] + byteToHex[arr[offset + 12]] + byteToHex[arr[offset + 13]] + byteToHex[arr[offset + 14]] + byteToHex[arr[offset + 15]]).toLowerCase(); -} - -// node_modules/uuid/dist/esm/rng.js -var import_crypto = require("crypto"); -var rnds8Pool = new Uint8Array(256); -var poolPtr = rnds8Pool.length; -function rng() { - if (poolPtr > rnds8Pool.length - 16) { - (0, import_crypto.randomFillSync)(rnds8Pool); - poolPtr = 0; - } - return rnds8Pool.slice(poolPtr, poolPtr += 16); -} - -// node_modules/uuid/dist/esm/native.js -var import_crypto2 = require("crypto"); -var native_default = { randomUUID: import_crypto2.randomUUID }; - -// node_modules/uuid/dist/esm/v4.js -function v4(options, buf, offset) { - if (native_default.randomUUID && !buf && !options) { - return native_default.randomUUID(); - } - options = options || {}; - const rnds = options.random ?? options.rng?.() ?? rng(); - if (rnds.length < 16) { - throw new Error("Random bytes length must be >= 16"); - } - rnds[6] = rnds[6] & 15 | 64; - rnds[8] = rnds[8] & 63 | 128; - if (buf) { - offset = offset || 0; - if (offset < 0 || offset + 16 > buf.length) { - throw new RangeError(`UUID byte range ${offset}:${offset + 15} is out of buffer bounds`); - } - for (let i = 0; i < 16; ++i) { - buf[offset + i] = rnds[i]; - } - return buf; - } - return unsafeStringify(rnds); -} -var v4_default = v4; - -// src/tar.ts -var import_child_process = require("child_process"); -var fs10 = __toESM(require("fs")); -var stream = __toESM(require("stream")); -var import_toolrunner = __toESM(require_toolrunner()); -var io4 = __toESM(require_io()); -var toolcache = __toESM(require_tool_cache()); -var semver5 = __toESM(require_semver2()); -var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3"; -var MIN_REQUIRED_GNU_TAR_VERSION = "1.31"; -async function getTarVersion() { - const tar = await io4.which("tar", true); - let stdout = ""; - const exitCode = await new import_toolrunner.ToolRunner(tar, ["--version"], { - listeners: { - stdout: (data) => { - stdout += data.toString(); - } - } - }).exec(); - if (exitCode !== 0) { - throw new Error("Failed to call tar --version"); - } - if (stdout.includes("GNU tar")) { - const match = stdout.match(/tar \(GNU tar\) ([0-9.]+)/); - if (!match || !match[1]) { - throw new Error("Failed to parse output of tar --version."); - } - return { type: "gnu", version: match[1] }; - } else if (stdout.includes("bsdtar")) { - const match = stdout.match(/bsdtar ([0-9.]+)/); - if (!match || !match[1]) { - throw new Error("Failed to parse output of tar --version."); - } - return { type: "bsd", version: match[1] }; - } else { - throw new Error("Unknown tar version"); + return { type: "bsd", version: match[1] }; + } else { + throw new Error("Unknown tar version"); } } async function isZstdAvailable(logger) { @@ -91751,9 +91459,9 @@ async function isZstdAvailable(logger) { case "gnu": return { available: foundZstdBinary && // GNU tar only uses major and minor version numbers - semver5.gte( - semver5.coerce(version), - semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION) + semver4.gte( + semver4.coerce(version), + semver4.coerce(MIN_REQUIRED_GNU_TAR_VERSION) ), foundZstdBinary, version: tarVersion @@ -91762,7 +91470,7 @@ async function isZstdAvailable(logger) { return { available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain // a patch version number. - semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), + semver4.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), foundZstdBinary, version: tarVersion }; @@ -91777,7 +91485,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs10.mkdirSync(dest, { recursive: true }); + fs8.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -91861,15 +91569,15 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs11 = __toESM(require("fs")); +var fs9 = __toESM(require("fs")); var os2 = __toESM(require("os")); -var path11 = __toESM(require("path")); +var path9 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); -var core9 = __toESM(require_core()); +var core8 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver6 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; var TOOLCACHE_TOOL_NAME = "CodeQL"; function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) { @@ -91919,10 +91627,10 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } } catch (e) { - core9.warning( + core8.warning( `Failed to download and extract CodeQL bundle using streaming with error: ${getErrorMessage(e)}` ); - core9.warning(`Falling back to downloading the bundle before extracting.`); + core8.warning(`Falling back to downloading the bundle before extracting.`); await cleanUpGlob(dest, "CodeQL bundle", logger); } const toolsDownloadStart = import_perf_hooks.performance.now(); @@ -91968,7 +91676,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs11.mkdirSync(dest, { recursive: true }); + fs9.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -91996,16 +91704,16 @@ async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorizatio await extractTarZst(response, dest, tarVersion, logger); } function getToolcacheDirectory(version) { - return path11.join( + return path9.join( getRequiredEnvParam("RUNNER_TOOL_CACHE"), TOOLCACHE_TOOL_NAME, - semver6.clean(version) || version, + semver5.clean(version) || version, os2.arch() || "" ); } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs11.writeFileSync(markerFilePath, ""); + fs9.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -92120,13 +91828,13 @@ function tryGetTagNameFromUrl(url2, logger) { return match[1]; } function convertToSemVer(version, logger) { - if (!semver7.valid(version)) { + if (!semver6.valid(version)) { logger.debug( `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.` ); version = `0.0.0-${version}`; } - const s = semver7.clean(version); + const s = semver6.clean(version); if (!s) { throw new Error(`Bundle version ${version} is not in SemVer format.`); } @@ -92136,7 +91844,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs12.existsSync(path12.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs10.existsSync(path10.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -92196,7 +91904,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian url2 = toolsInput; if (tagName) { const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger); - if (bundleVersion3 && semver7.valid(bundleVersion3)) { + if (bundleVersion3 && semver6.valid(bundleVersion3)) { cliVersion2 = convertToSemVer(bundleVersion3, logger); } } @@ -92465,16 +92173,16 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau async function useZstdBundle(cliVersion2, tarSupportsZstd) { return ( // In testing, gzip performs better than zstd on Windows. - process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) + process.platform !== "win32" && tarSupportsZstd && semver6.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) ); } function getTempExtractionDir(tempDir) { - return path12.join(tempDir, v4_default()); + return path10.join(tempDir, v4_default()); } // src/tracer-config.ts -var fs13 = __toESM(require("fs")); -var path13 = __toESM(require("path")); +var fs11 = __toESM(require("fs")); +var path11 = __toESM(require("path")); async function shouldEnableIndirectTracing(codeql, config) { if (config.buildMode === "none" /* None */) { return false; @@ -92489,18 +92197,18 @@ async function endTracingForCluster(codeql, config, logger) { logger.info( "Unsetting build tracing environment variables. Subsequent steps of this job will not be traced." ); - const envVariablesFile = path13.resolve( + const envVariablesFile = path11.resolve( config.dbLocation, "temp/tracingEnvironment/end-tracing.json" ); - if (!fs13.existsSync(envVariablesFile)) { + if (!fs11.existsSync(envVariablesFile)) { throw new Error( `Environment file for ending tracing not found: ${envVariablesFile}` ); } try { const endTracingEnvVariables = JSON.parse( - fs13.readFileSync(envVariablesFile, "utf8") + fs11.readFileSync(envVariablesFile, "utf8") ); for (const [key, value] of Object.entries(endTracingEnvVariables)) { if (value !== null) { @@ -92545,7 +92253,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV toolsDownloadStatusReport )}` ); - let codeqlCmd = path14.join(codeqlFolder, "codeql", "codeql"); + let codeqlCmd = path12.join(codeqlFolder, "codeql", "codeql"); if (process.platform === "win32") { codeqlCmd += ".exe"; } else if (process.platform !== "linux" && process.platform !== "darwin") { @@ -92606,12 +92314,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path14.join( + const tracingConfigPath = path12.join( extractorPath, "tools", "tracing-config.lua" ); - return fs14.existsSync(tracingConfigPath); + return fs12.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -92682,7 +92390,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path14.join( + const autobuildCmd = path12.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -93003,12 +92711,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core10.warning( + core9.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core9.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -93060,17 +92768,13 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(augmentedConfig)); + logger.info(dump(config.computedConfig)); logger.endGroup(); - fs14.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs12.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -93093,7 +92797,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path14.resolve(config.tempDir, "user-config.yaml"); + return path12.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -93130,16 +92834,16 @@ async function setupCppAutobuild(codeql, logger) { logger.info( `Disabling ${featureName} as we are on a self-hosted runner.${getWorkflowEventName() !== "dynamic" ? ` To override this, set the ${envVar} environment variable to 'true' in your workflow. See ${"https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow" /* DEFINE_ENV_VARIABLES */} for more information.` : ""}` ); - core11.exportVariable(envVar, "false"); + core10.exportVariable(envVar, "false"); } else { logger.info( `Enabling ${featureName}. This can be disabled by setting the ${envVar} environment variable to 'false'. See ${"https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow" /* DEFINE_ENV_VARIABLES */} for more information.` ); - core11.exportVariable(envVar, "true"); + core10.exportVariable(envVar, "true"); } } else { logger.info(`Disabling ${featureName}.`); - core11.exportVariable(envVar, "false"); + core10.exportVariable(envVar, "false"); } } async function runAutobuild(config, language, logger) { @@ -93154,11 +92858,252 @@ async function runAutobuild(config, language, logger) { await codeQL.runAutobuild(config, language); } if (language === "go" /* go */) { - core11.exportVariable("CODEQL_ACTION_DID_AUTOBUILD_GOLANG" /* DID_AUTOBUILD_GOLANG */, "true"); + core10.exportVariable("CODEQL_ACTION_DID_AUTOBUILD_GOLANG" /* DID_AUTOBUILD_GOLANG */, "true"); } logger.endGroup(); } +// src/config-utils.ts +var fs14 = __toESM(require("fs")); +var path14 = __toESM(require("path")); +var semver7 = __toESM(require_semver2()); + +// src/caching-utils.ts +var core11 = __toESM(require_core()); +async function getTotalCacheSize(paths, logger, quiet = false) { + const sizes = await Promise.all( + paths.map((cacheDir) => tryGetFolderBytes(cacheDir, logger, quiet)) + ); + return sizes.map((a) => a || 0).reduce((a, b) => a + b, 0); +} +function shouldStoreCache(kind) { + return kind === "full" /* Full */ || kind === "store" /* Store */; +} + +// src/diff-informed-analysis-utils.ts +var fs13 = __toESM(require("fs")); +var path13 = __toESM(require("path")); +async function getDiffInformedAnalysisBranches(codeql, features, logger) { + if (!await features.getValue("diff_informed_queries" /* DiffInformedQueries */, codeql)) { + return void 0; + } + const gitHubVersion = await getGitHubVersion(); + if (gitHubVersion.type === 1 /* GHES */ && satisfiesGHESVersion(gitHubVersion.version, "<3.19", true)) { + return void 0; + } + const branches = getPullRequestBranches(); + if (!branches) { + logger.info( + "Not performing diff-informed analysis because we are not analyzing a pull request." + ); + } + return branches; +} +function getDiffRangesJsonFilePath() { + return path13.join(getTemporaryDirectory(), "pr-diff-range.json"); +} +function writeDiffRangesJsonFile(logger, ranges) { + const jsonContents = JSON.stringify(ranges, null, 2); + const jsonFilePath = getDiffRangesJsonFilePath(); + fs13.writeFileSync(jsonFilePath, jsonContents); + logger.debug( + `Wrote pr-diff-range JSON file to ${jsonFilePath}: +${jsonContents}` + ); +} +function readDiffRangesJsonFile(logger) { + const jsonFilePath = getDiffRangesJsonFilePath(); + if (!fs13.existsSync(jsonFilePath)) { + logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); + return void 0; + } + const jsonContents = fs13.readFileSync(jsonFilePath, "utf8"); + logger.debug( + `Read pr-diff-range JSON file from ${jsonFilePath}: +${jsonContents}` + ); + return JSON.parse(jsonContents); +} + +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); +var CACHE_VERSION2 = 1; +var CODEQL_TRAP_CACHE_PREFIX = "codeql-trap"; +var MINIMUM_CACHE_MB_TO_UPLOAD = 10; +var MAX_CACHE_OPERATION_MS2 = 12e4; +async function uploadTrapCaches(codeql, config, logger) { + if (!await isAnalyzingDefaultBranch()) return false; + for (const language of config.languages) { + const cacheDir = config.trapCaches[language]; + if (cacheDir === void 0) continue; + const trapFolderSize = await tryGetFolderBytes(cacheDir, logger); + if (trapFolderSize === void 0) { + logger.info( + `Skipping upload of TRAP cache for ${language} as we couldn't determine its size` + ); + continue; + } + if (trapFolderSize < MINIMUM_CACHE_MB_TO_UPLOAD * 1048576) { + logger.info( + `Skipping upload of TRAP cache for ${language} as it is too small` + ); + continue; + } + const key = await cacheKey( + codeql, + language, + process.env.GITHUB_SHA || "unknown" + ); + logger.info(`Uploading TRAP cache to Actions cache with key ${key}`); + await withTimeout( + MAX_CACHE_OPERATION_MS2, + actionsCache2.saveCache([cacheDir], key), + () => { + logger.info( + `Timed out waiting for TRAP cache for ${language} to upload, will continue without uploading` + ); + } + ); + } + return true; +} +async function cleanupTrapCaches(config, features, logger) { + if (!await features.getValue("cleanup_trap_caches" /* CleanupTrapCaches */)) { + return { + trap_cache_cleanup_skipped_because: "feature disabled" + }; + } + if (!await isAnalyzingDefaultBranch()) { + return { + trap_cache_cleanup_skipped_because: "not analyzing default branch" + }; + } + try { + let totalBytesCleanedUp = 0; + const allCaches = await listActionsCaches( + CODEQL_TRAP_CACHE_PREFIX, + await getRef() + ); + for (const language of config.languages) { + if (config.trapCaches[language]) { + const cachesToRemove = await getTrapCachesForLanguage( + allCaches, + language, + logger + ); + cachesToRemove.sort((a, b) => a.created_at.localeCompare(b.created_at)); + const mostRecentCache = cachesToRemove.pop(); + logger.debug( + `Keeping most recent TRAP cache (${JSON.stringify(mostRecentCache)})` + ); + if (cachesToRemove.length === 0) { + logger.info(`No TRAP caches to clean up for ${language}.`); + continue; + } + for (const cache of cachesToRemove) { + logger.debug(`Cleaning up TRAP cache (${JSON.stringify(cache)})`); + await deleteActionsCache(cache.id); + } + const bytesCleanedUp = cachesToRemove.reduce( + (acc, item) => acc + item.size_in_bytes, + 0 + ); + totalBytesCleanedUp += bytesCleanedUp; + const megabytesCleanedUp = (bytesCleanedUp / (1024 * 1024)).toFixed(2); + logger.info( + `Cleaned up ${megabytesCleanedUp} MiB of old TRAP caches for ${language}.` + ); + } + } + return { trap_cache_cleanup_size_bytes: totalBytesCleanedUp }; + } catch (e) { + if (isHTTPError(e) && e.status === 403) { + logger.warning( + `Could not cleanup TRAP caches as the token did not have the required permissions. To clean up TRAP caches, ensure the token has the "actions:write" permission. See ${"https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs" /* ASSIGNING_PERMISSIONS_TO_JOBS */} for more information.` + ); + } else { + logger.info(`Failed to cleanup TRAP caches, continuing. Details: ${e}`); + } + return { trap_cache_cleanup_error: getErrorMessage(e) }; + } +} +async function getTrapCachesForLanguage(allCaches, language, logger) { + logger.debug(`Listing TRAP caches for ${language}`); + for (const cache of allCaches) { + if (!cache.created_at || !cache.id || !cache.key || !cache.size_in_bytes) { + throw new Error( + `An unexpected cache item was returned from the API that was missing one or more required fields: ${JSON.stringify(cache)}` + ); + } + } + return allCaches.filter((cache) => { + return cache.key?.includes(`-${language}-`); + }); +} +async function cacheKey(codeql, language, baseSha) { + return `${await cachePrefix(codeql, language)}${baseSha}`; +} +async function cachePrefix(codeql, language) { + return `${CODEQL_TRAP_CACHE_PREFIX}-${CACHE_VERSION2}-${(await codeql.getVersion()).version}-${language}-`; +} + +// src/config-utils.ts +var defaultAugmentationProperties = { + queriesInputCombines: false, + packsInputCombines: false, + packsInput: void 0, + queriesInput: void 0, + extraQueryExclusions: [], + overlayDatabaseMode: "none" /* None */, + useOverlayDatabaseCaching: false +}; +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path14.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs14.existsSync(configFile)) { + return void 0; + } + const configString = fs14.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} +function isCodeQualityEnabled(config) { + return config.analysisKinds.includes("code-quality" /* CodeQuality */); +} + // src/dependency-caching.ts var os3 = __toESM(require("os")); var import_path = require("path"); diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index ca18e315a4..04f82f84f3 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -77708,9 +77708,6 @@ function checkActionVersion(version, githubVersion) { } } } -function cloneObject(obj) { - return JSON.parse(JSON.stringify(obj)); -} async function checkSipEnablement(logger) { if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; @@ -77982,12 +77979,12 @@ async function getAnalysisKey() { } // src/autobuild.ts -var core11 = __toESM(require_core()); +var core10 = __toESM(require_core()); // src/codeql.ts -var fs6 = __toESM(require("fs")); -var path6 = __toESM(require("path")); -var core10 = __toESM(require_core()); +var fs5 = __toESM(require("fs")); +var path5 = __toESM(require("path")); +var core9 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -78227,22 +78224,6 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } -// src/config-utils.ts -var fs4 = __toESM(require("fs")); -var path4 = __toESM(require("path")); -var semver4 = __toESM(require_semver2()); - -// src/analyses.ts -var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { - AnalysisKind2["CodeScanning"] = "code-scanning"; - AnalysisKind2["CodeQuality"] = "code-quality"; - return AnalysisKind2; -})(AnalysisKind || {}); -var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); - -// src/caching-utils.ts -var core6 = __toESM(require_core()); - // src/feature-flags.ts var fs3 = __toESM(require("fs")); var path3 = __toESM(require("path")); @@ -78258,13 +78239,13 @@ var path2 = __toESM(require("path")); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core7 = __toESM(require_core()); +var core6 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); var runGitCommand = async function(workingDirectory, args, customErrorMessage) { let stdout = ""; let stderr = ""; - core7.debug(`Running git command: git ${args.join(" ")}`); + core6.debug(`Running git command: git ${args.join(" ")}`); try { await new toolrunner2.ToolRunner(await io3.which("git", true), args, { silent: true, @@ -78284,7 +78265,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) { if (stderr.includes("not a git repository")) { reason = "The checkout path provided to the action does not appear to be a git repository."; } - core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`); throw error2; } }; @@ -78395,7 +78376,7 @@ async function getRef() { ) !== head; if (hasChangedRef) { const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core7.debug( + core6.debug( `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); return newRef; @@ -78421,9 +78402,9 @@ async function isAnalyzingDefaultBranch() { } // src/logging.ts -var core8 = __toESM(require_core()); +var core7 = __toESM(require_core()); function getActionsLogger() { - return core8; + return core7; } // src/overlay-database-utils.ts @@ -78919,131 +78900,28 @@ var GitHubFeatureFlags = class { } }; -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); - -// src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path4.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs4.existsSync(configFile)) { - return void 0; - } - const configString = fs4.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} -function generateCodeScanningConfig(originalUserInput, augmentationProperties) { - const augmentedConfig = cloneObject(originalUserInput); - if (augmentationProperties.queriesInput) { - if (augmentationProperties.queriesInputCombines) { - augmentedConfig.queries = (augmentedConfig.queries || []).concat( - augmentationProperties.queriesInput - ); - } else { - augmentedConfig.queries = augmentationProperties.queriesInput; - } - } - if (augmentedConfig.queries?.length === 0) { - delete augmentedConfig.queries; - } - if (augmentationProperties.packsInput) { - if (augmentationProperties.packsInputCombines) { - if (Array.isArray(augmentedConfig.packs)) { - augmentedConfig.packs = (augmentedConfig.packs || []).concat( - augmentationProperties.packsInput - ); - } else if (!augmentedConfig.packs) { - augmentedConfig.packs = augmentationProperties.packsInput; - } else { - const language = Object.keys(augmentedConfig.packs)[0]; - augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(augmentationProperties.packsInput); - } - } else { - augmentedConfig.packs = augmentationProperties.packsInput; - } - } - if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) { - delete augmentedConfig.packs; - } - augmentedConfig["query-filters"] = [ - // Ordering matters. If the first filter is an inclusion, it implicitly - // excludes all queries that are not included. If it is an exclusion, - // it implicitly includes all queries that are not excluded. So user - // filters (if any) should always be first to preserve intent. - ...augmentedConfig["query-filters"] || [], - ...augmentationProperties.extraQueryExclusions - ]; - if (augmentedConfig["query-filters"]?.length === 0) { - delete augmentedConfig["query-filters"]; - } - return augmentedConfig; -} - // src/setup-codeql.ts var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver7 = __toESM(require_semver2()); +var semver6 = __toESM(require_semver2()); // src/tar.ts var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); var toolcache = __toESM(require_tool_cache()); -var semver5 = __toESM(require_semver2()); +var semver4 = __toESM(require_semver2()); // src/tools-download.ts -var core9 = __toESM(require_core()); +var core8 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver6 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; // src/tracer-config.ts -var fs5 = __toESM(require("fs")); -var path5 = __toESM(require("path")); +var fs4 = __toESM(require("fs")); +var path4 = __toESM(require("path")); async function shouldEnableIndirectTracing(codeql, config) { if (config.buildMode === "none" /* None */) { return false; @@ -79058,18 +78936,18 @@ async function endTracingForCluster(codeql, config, logger) { logger.info( "Unsetting build tracing environment variables. Subsequent steps of this job will not be traced." ); - const envVariablesFile = path5.resolve( + const envVariablesFile = path4.resolve( config.dbLocation, "temp/tracingEnvironment/end-tracing.json" ); - if (!fs5.existsSync(envVariablesFile)) { + if (!fs4.existsSync(envVariablesFile)) { throw new Error( `Environment file for ending tracing not found: ${envVariablesFile}` ); } try { const endTracingEnvVariables = JSON.parse( - fs5.readFileSync(envVariablesFile, "utf8") + fs4.readFileSync(envVariablesFile, "utf8") ); for (const [key, value] of Object.entries(endTracingEnvVariables)) { if (value !== null) { @@ -79129,12 +79007,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path6.join( + const tracingConfigPath = path5.join( extractorPath, "tools", "tracing-config.lua" ); - return fs6.existsSync(tracingConfigPath); + return fs5.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -79205,7 +79083,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path6.join( + const autobuildCmd = path5.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -79526,12 +79404,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core10.warning( + core9.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core9.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -79583,17 +79461,13 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(augmentedConfig)); + logger.info(dump(config.computedConfig)); logger.endGroup(); - fs6.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs5.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -79616,7 +79490,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path6.resolve(config.tempDir, "user-config.yaml"); + return path5.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -79692,16 +79566,16 @@ async function setupCppAutobuild(codeql, logger) { logger.info( `Disabling ${featureName} as we are on a self-hosted runner.${getWorkflowEventName() !== "dynamic" ? ` To override this, set the ${envVar} environment variable to 'true' in your workflow. See ${"https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow" /* DEFINE_ENV_VARIABLES */} for more information.` : ""}` ); - core11.exportVariable(envVar, "false"); + core10.exportVariable(envVar, "false"); } else { logger.info( `Enabling ${featureName}. This can be disabled by setting the ${envVar} environment variable to 'false'. See ${"https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow" /* DEFINE_ENV_VARIABLES */} for more information.` ); - core11.exportVariable(envVar, "true"); + core10.exportVariable(envVar, "true"); } } else { logger.info(`Disabling ${featureName}.`); - core11.exportVariable(envVar, "false"); + core10.exportVariable(envVar, "false"); } } async function runAutobuild(config, language, logger) { @@ -79716,11 +79590,84 @@ async function runAutobuild(config, language, logger) { await codeQL.runAutobuild(config, language); } if (language === "go" /* go */) { - core11.exportVariable("CODEQL_ACTION_DID_AUTOBUILD_GOLANG" /* DID_AUTOBUILD_GOLANG */, "true"); + core10.exportVariable("CODEQL_ACTION_DID_AUTOBUILD_GOLANG" /* DID_AUTOBUILD_GOLANG */, "true"); } logger.endGroup(); } +// src/config-utils.ts +var fs6 = __toESM(require("fs")); +var path6 = __toESM(require("path")); +var semver7 = __toESM(require_semver2()); + +// src/analyses.ts +var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { + AnalysisKind2["CodeScanning"] = "code-scanning"; + AnalysisKind2["CodeQuality"] = "code-quality"; + return AnalysisKind2; +})(AnalysisKind || {}); +var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); + +// src/caching-utils.ts +var core11 = __toESM(require_core()); + +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); + +// src/config-utils.ts +var defaultAugmentationProperties = { + queriesInputCombines: false, + packsInputCombines: false, + packsInput: void 0, + queriesInput: void 0, + extraQueryExclusions: [], + overlayDatabaseMode: "none" /* None */, + useOverlayDatabaseCaching: false +}; +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path6.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs6.existsSync(configFile)) { + return void 0; + } + const configString = fs6.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} + // src/status-report.ts var os = __toESM(require("os")); var core12 = __toESM(require_core()); diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 1995591edc..22cd2bec56 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -128114,9 +128114,6 @@ function satisfiesGHESVersion(ghesVersion, range, defaultIfInvalid) { semverVersion.prerelease = []; return semver.satisfies(semverVersion, range); } -function cloneObject(obj) { - return JSON.parse(JSON.stringify(obj)); -} async function checkSipEnablement(logger) { if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; @@ -128502,9 +128499,9 @@ function wrapApiConfigurationError(e) { } // src/codeql.ts -var fs13 = __toESM(require("fs")); -var path13 = __toESM(require("path")); -var core10 = __toESM(require_core()); +var fs11 = __toESM(require("fs")); +var path11 = __toESM(require("path")); +var core9 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -128744,26 +128741,6 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } -// src/config-utils.ts -var fs9 = __toESM(require("fs")); -var path10 = __toESM(require("path")); -var semver4 = __toESM(require_semver2()); - -// src/analyses.ts -var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { - AnalysisKind2["CodeScanning"] = "code-scanning"; - AnalysisKind2["CodeQuality"] = "code-quality"; - return AnalysisKind2; -})(AnalysisKind || {}); -var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); - -// src/caching-utils.ts -var core6 = __toESM(require_core()); - -// src/diff-informed-analysis-utils.ts -var fs8 = __toESM(require("fs")); -var path9 = __toESM(require("path")); - // src/feature-flags.ts var fs7 = __toESM(require("fs")); var path8 = __toESM(require("path")); @@ -128779,13 +128756,13 @@ var path7 = __toESM(require("path")); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core7 = __toESM(require_core()); +var core6 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); var runGitCommand = async function(workingDirectory, args, customErrorMessage) { let stdout = ""; let stderr = ""; - core7.debug(`Running git command: git ${args.join(" ")}`); + core6.debug(`Running git command: git ${args.join(" ")}`); try { await new toolrunner2.ToolRunner(await io3.which("git", true), args, { silent: true, @@ -128805,7 +128782,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) { if (stderr.includes("not a git repository")) { reason = "The checkout path provided to the action does not appear to be a git repository."; } - core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`); throw error2; } }; @@ -128950,7 +128927,7 @@ async function getRef() { ) !== head; if (hasChangedRef) { const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core7.debug( + core6.debug( `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); return newRef; @@ -128976,16 +128953,16 @@ async function isAnalyzingDefaultBranch() { } // src/logging.ts -var core8 = __toESM(require_core()); +var core7 = __toESM(require_core()); function getActionsLogger() { - return core8; + return core7; } function withGroup(groupName, f) { - core8.startGroup(groupName); + core7.startGroup(groupName); try { return f(); } finally { - core8.endGroup(); + core7.endGroup(); } } function formatDuration(durationMs) { @@ -129498,133 +129475,12 @@ var GitHubFeatureFlags = class { } }; -// src/diff-informed-analysis-utils.ts -function getDiffRangesJsonFilePath() { - return path9.join(getTemporaryDirectory(), "pr-diff-range.json"); -} -function readDiffRangesJsonFile(logger) { - const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs8.existsSync(jsonFilePath)) { - logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); - return void 0; - } - const jsonContents = fs8.readFileSync(jsonFilePath, "utf8"); - logger.debug( - `Read pr-diff-range JSON file from ${jsonFilePath}: -${jsonContents}` - ); - return JSON.parse(jsonContents); -} - -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); - -// src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path10.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs9.existsSync(configFile)) { - return void 0; - } - const configString = fs9.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} -function generateCodeScanningConfig(originalUserInput, augmentationProperties) { - const augmentedConfig = cloneObject(originalUserInput); - if (augmentationProperties.queriesInput) { - if (augmentationProperties.queriesInputCombines) { - augmentedConfig.queries = (augmentedConfig.queries || []).concat( - augmentationProperties.queriesInput - ); - } else { - augmentedConfig.queries = augmentationProperties.queriesInput; - } - } - if (augmentedConfig.queries?.length === 0) { - delete augmentedConfig.queries; - } - if (augmentationProperties.packsInput) { - if (augmentationProperties.packsInputCombines) { - if (Array.isArray(augmentedConfig.packs)) { - augmentedConfig.packs = (augmentedConfig.packs || []).concat( - augmentationProperties.packsInput - ); - } else if (!augmentedConfig.packs) { - augmentedConfig.packs = augmentationProperties.packsInput; - } else { - const language = Object.keys(augmentedConfig.packs)[0]; - augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(augmentationProperties.packsInput); - } - } else { - augmentedConfig.packs = augmentationProperties.packsInput; - } - } - if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) { - delete augmentedConfig.packs; - } - augmentedConfig["query-filters"] = [ - // Ordering matters. If the first filter is an inclusion, it implicitly - // excludes all queries that are not included. If it is an exclusion, - // it implicitly includes all queries that are not excluded. So user - // filters (if any) should always be first to preserve intent. - ...augmentedConfig["query-filters"] || [], - ...augmentationProperties.extraQueryExclusions - ]; - if (augmentedConfig["query-filters"]?.length === 0) { - delete augmentedConfig["query-filters"]; - } - return augmentedConfig; -} - // src/setup-codeql.ts -var fs12 = __toESM(require("fs")); -var path12 = __toESM(require("path")); +var fs10 = __toESM(require("fs")); +var path10 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver7 = __toESM(require_semver2()); +var semver6 = __toESM(require_semver2()); // node_modules/uuid/dist/esm/stringify.js var byteToHex = []; @@ -129679,12 +129535,12 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs10 = __toESM(require("fs")); +var fs8 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); var toolcache = __toESM(require_tool_cache()); -var semver5 = __toESM(require_semver2()); +var semver4 = __toESM(require_semver2()); var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3"; var MIN_REQUIRED_GNU_TAR_VERSION = "1.31"; async function getTarVersion() { @@ -129726,9 +129582,9 @@ async function isZstdAvailable(logger) { case "gnu": return { available: foundZstdBinary && // GNU tar only uses major and minor version numbers - semver5.gte( - semver5.coerce(version), - semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION) + semver4.gte( + semver4.coerce(version), + semver4.coerce(MIN_REQUIRED_GNU_TAR_VERSION) ), foundZstdBinary, version: tarVersion @@ -129737,7 +129593,7 @@ async function isZstdAvailable(logger) { return { available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain // a patch version number. - semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), + semver4.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), foundZstdBinary, version: tarVersion }; @@ -129752,7 +129608,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs10.mkdirSync(dest, { recursive: true }); + fs8.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -129836,15 +129692,15 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs11 = __toESM(require("fs")); +var fs9 = __toESM(require("fs")); var os = __toESM(require("os")); -var path11 = __toESM(require("path")); +var path9 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); -var core9 = __toESM(require_core()); +var core8 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver6 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; var TOOLCACHE_TOOL_NAME = "CodeQL"; function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) { @@ -129894,10 +129750,10 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } } catch (e) { - core9.warning( + core8.warning( `Failed to download and extract CodeQL bundle using streaming with error: ${getErrorMessage(e)}` ); - core9.warning(`Falling back to downloading the bundle before extracting.`); + core8.warning(`Falling back to downloading the bundle before extracting.`); await cleanUpGlob(dest, "CodeQL bundle", logger); } const toolsDownloadStart = import_perf_hooks.performance.now(); @@ -129943,7 +129799,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs11.mkdirSync(dest, { recursive: true }); + fs9.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -129971,16 +129827,16 @@ async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorizatio await extractTarZst(response, dest, tarVersion, logger); } function getToolcacheDirectory(version) { - return path11.join( + return path9.join( getRequiredEnvParam("RUNNER_TOOL_CACHE"), TOOLCACHE_TOOL_NAME, - semver6.clean(version) || version, + semver5.clean(version) || version, os.arch() || "" ); } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs11.writeFileSync(markerFilePath, ""); + fs9.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -130095,13 +129951,13 @@ function tryGetTagNameFromUrl(url2, logger) { return match[1]; } function convertToSemVer(version, logger) { - if (!semver7.valid(version)) { + if (!semver6.valid(version)) { logger.debug( `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.` ); version = `0.0.0-${version}`; } - const s = semver7.clean(version); + const s = semver6.clean(version); if (!s) { throw new Error(`Bundle version ${version} is not in SemVer format.`); } @@ -130111,7 +129967,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs12.existsSync(path12.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs10.existsSync(path10.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -130171,7 +130027,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian url2 = toolsInput; if (tagName) { const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger); - if (bundleVersion3 && semver7.valid(bundleVersion3)) { + if (bundleVersion3 && semver6.valid(bundleVersion3)) { cliVersion2 = convertToSemVer(bundleVersion3, logger); } } @@ -130440,11 +130296,11 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau async function useZstdBundle(cliVersion2, tarSupportsZstd) { return ( // In testing, gzip performs better than zstd on Windows. - process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) + process.platform !== "win32" && tarSupportsZstd && semver6.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) ); } function getTempExtractionDir(tempDir) { - return path12.join(tempDir, v4_default()); + return path10.join(tempDir, v4_default()); } // src/tracer-config.ts @@ -130487,7 +130343,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV toolsDownloadStatusReport )}` ); - let codeqlCmd = path13.join(codeqlFolder, "codeql", "codeql"); + let codeqlCmd = path11.join(codeqlFolder, "codeql", "codeql"); if (process.platform === "win32") { codeqlCmd += ".exe"; } else if (process.platform !== "linux" && process.platform !== "darwin") { @@ -130548,12 +130404,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path13.join( + const tracingConfigPath = path11.join( extractorPath, "tools", "tracing-config.lua" ); - return fs13.existsSync(tracingConfigPath); + return fs11.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -130624,7 +130480,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path13.join( + const autobuildCmd = path11.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -130945,12 +130801,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core10.warning( + core9.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core9.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -131002,17 +130858,13 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(augmentedConfig)); + logger.info(dump(config.computedConfig)); logger.endGroup(); - fs13.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs11.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -131035,7 +130887,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path13.resolve(config.tempDir, "user-config.yaml"); + return path11.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -131055,6 +130907,99 @@ async function getJobRunUuidSarifOptions(codeql) { ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } +// src/config-utils.ts +var fs13 = __toESM(require("fs")); +var path13 = __toESM(require("path")); +var semver7 = __toESM(require_semver2()); + +// src/analyses.ts +var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { + AnalysisKind2["CodeScanning"] = "code-scanning"; + AnalysisKind2["CodeQuality"] = "code-quality"; + return AnalysisKind2; +})(AnalysisKind || {}); +var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); + +// src/caching-utils.ts +var core10 = __toESM(require_core()); + +// src/diff-informed-analysis-utils.ts +var fs12 = __toESM(require("fs")); +var path12 = __toESM(require("path")); +function getDiffRangesJsonFilePath() { + return path12.join(getTemporaryDirectory(), "pr-diff-range.json"); +} +function readDiffRangesJsonFile(logger) { + const jsonFilePath = getDiffRangesJsonFilePath(); + if (!fs12.existsSync(jsonFilePath)) { + logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); + return void 0; + } + const jsonContents = fs12.readFileSync(jsonFilePath, "utf8"); + logger.debug( + `Read pr-diff-range JSON file from ${jsonFilePath}: +${jsonContents}` + ); + return JSON.parse(jsonContents); +} + +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); + +// src/config-utils.ts +var defaultAugmentationProperties = { + queriesInputCombines: false, + packsInputCombines: false, + packsInput: void 0, + queriesInput: void 0, + extraQueryExclusions: [], + overlayDatabaseMode: "none" /* None */, + useOverlayDatabaseCaching: false +}; +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path13.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs13.existsSync(configFile)) { + return void 0; + } + const configString = fs13.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} + // src/debug-artifacts.ts var fs15 = __toESM(require("fs")); var path15 = __toESM(require("path")); diff --git a/lib/init-action.js b/lib/init-action.js index 2edef19804..42f001de7f 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -87301,6 +87301,7 @@ async function getDefaultConfig({ languages, buildMode, originalUserInput: {}, + computedConfig: {}, tempDir, codeQLCmd: codeql.getPath(), gitHubVersion: githubVersion, @@ -87612,6 +87613,10 @@ async function initConfig(inputs) { const config = await getDefaultConfig(inputs); const augmentationProperties = config.augmentationProperties; config.originalUserInput = userConfig; + config.computedConfig = generateCodeScanningConfig( + userConfig, + config.augmentationProperties + ); const { overlayDatabaseMode, useOverlayDatabaseCaching } = await getOverlayDatabaseMode( inputs.codeql, inputs.repository, @@ -87619,7 +87624,7 @@ async function initConfig(inputs) { config.languages, inputs.sourceRoot, config.buildMode, - generateCodeScanningConfig(userConfig, augmentationProperties), + config.computedConfig, logger ); logger.info( @@ -89606,17 +89611,13 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(augmentedConfig)); + logger.info(dump(config.computedConfig)); logger.endGroup(); - fs14.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs14.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 7c46b8092b..f7dec10bb2 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -77720,9 +77720,6 @@ function checkActionVersion(version, githubVersion) { } } } -function cloneObject(obj) { - return JSON.parse(JSON.stringify(obj)); -} async function checkSipEnablement(logger) { if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; @@ -78702,52 +78699,6 @@ async function getConfig(tempDir, logger) { logger.debug(configString); return JSON.parse(configString); } -function generateCodeScanningConfig(originalUserInput, augmentationProperties) { - const augmentedConfig = cloneObject(originalUserInput); - if (augmentationProperties.queriesInput) { - if (augmentationProperties.queriesInputCombines) { - augmentedConfig.queries = (augmentedConfig.queries || []).concat( - augmentationProperties.queriesInput - ); - } else { - augmentedConfig.queries = augmentationProperties.queriesInput; - } - } - if (augmentedConfig.queries?.length === 0) { - delete augmentedConfig.queries; - } - if (augmentationProperties.packsInput) { - if (augmentationProperties.packsInputCombines) { - if (Array.isArray(augmentedConfig.packs)) { - augmentedConfig.packs = (augmentedConfig.packs || []).concat( - augmentationProperties.packsInput - ); - } else if (!augmentedConfig.packs) { - augmentedConfig.packs = augmentationProperties.packsInput; - } else { - const language = Object.keys(augmentedConfig.packs)[0]; - augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(augmentationProperties.packsInput); - } - } else { - augmentedConfig.packs = augmentationProperties.packsInput; - } - } - if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) { - delete augmentedConfig.packs; - } - augmentedConfig["query-filters"] = [ - // Ordering matters. If the first filter is an inclusion, it implicitly - // excludes all queries that are not included. If it is an exclusion, - // it implicitly includes all queries that are not excluded. So user - // filters (if any) should always be first to preserve intent. - ...augmentedConfig["query-filters"] || [], - ...augmentationProperties.extraQueryExclusions - ]; - if (augmentedConfig["query-filters"]?.length === 0) { - delete augmentedConfig["query-filters"]; - } - return augmentedConfig; -} // src/codeql.ts var fs4 = __toESM(require("fs")); @@ -79283,17 +79234,13 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(augmentedConfig)); + logger.info(dump(config.computedConfig)); logger.endGroup(); - fs4.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs4.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 825744e8d4..921a9ab3a6 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -88331,9 +88331,6 @@ function satisfiesGHESVersion(ghesVersion, range, defaultIfInvalid) { semverVersion.prerelease = []; return semver.satisfies(semverVersion, range); } -function cloneObject(obj) { - return JSON.parse(JSON.stringify(obj)); -} async function cleanUpGlob(glob, name, logger) { logger.debug(`Cleaning up ${name}.`); try { @@ -88632,9 +88629,9 @@ function wrapApiConfigurationError(e) { } // src/codeql.ts -var fs11 = __toESM(require("fs")); -var path12 = __toESM(require("path")); -var core10 = __toESM(require_core()); +var fs9 = __toESM(require("fs")); +var path10 = __toESM(require("path")); +var core9 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -88874,26 +88871,6 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } -// src/config-utils.ts -var fs7 = __toESM(require("fs")); -var path9 = __toESM(require("path")); -var semver4 = __toESM(require_semver2()); - -// src/analyses.ts -var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { - AnalysisKind2["CodeScanning"] = "code-scanning"; - AnalysisKind2["CodeQuality"] = "code-quality"; - return AnalysisKind2; -})(AnalysisKind || {}); -var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); - -// src/caching-utils.ts -var core6 = __toESM(require_core()); - -// src/diff-informed-analysis-utils.ts -var fs6 = __toESM(require("fs")); -var path8 = __toESM(require("path")); - // src/feature-flags.ts var semver3 = __toESM(require_semver2()); @@ -88907,13 +88884,13 @@ var path7 = __toESM(require("path")); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core7 = __toESM(require_core()); +var core6 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); var runGitCommand = async function(workingDirectory, args, customErrorMessage) { let stdout = ""; let stderr = ""; - core7.debug(`Running git command: git ${args.join(" ")}`); + core6.debug(`Running git command: git ${args.join(" ")}`); try { await new toolrunner2.ToolRunner(await io3.which("git", true), args, { silent: true, @@ -88933,7 +88910,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) { if (stderr.includes("not a git repository")) { reason = "The checkout path provided to the action does not appear to be a git repository."; } - core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`); throw error2; } }; @@ -89078,7 +89055,7 @@ async function getRef() { ) !== head; if (hasChangedRef) { const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core7.debug( + core6.debug( `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); return newRef; @@ -89104,7 +89081,7 @@ async function isAnalyzingDefaultBranch() { } // src/logging.ts -var core8 = __toESM(require_core()); +var core7 = __toESM(require_core()); function formatDuration(durationMs) { if (durationMs < 1e3) { return `${durationMs}ms`; @@ -89345,133 +89322,12 @@ var featureConfig = { } }; -// src/diff-informed-analysis-utils.ts -function getDiffRangesJsonFilePath() { - return path8.join(getTemporaryDirectory(), "pr-diff-range.json"); -} -function readDiffRangesJsonFile(logger) { - const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs6.existsSync(jsonFilePath)) { - logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); - return void 0; - } - const jsonContents = fs6.readFileSync(jsonFilePath, "utf8"); - logger.debug( - `Read pr-diff-range JSON file from ${jsonFilePath}: -${jsonContents}` - ); - return JSON.parse(jsonContents); -} - -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); - -// src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path9.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs7.existsSync(configFile)) { - return void 0; - } - const configString = fs7.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} -function generateCodeScanningConfig(originalUserInput, augmentationProperties) { - const augmentedConfig = cloneObject(originalUserInput); - if (augmentationProperties.queriesInput) { - if (augmentationProperties.queriesInputCombines) { - augmentedConfig.queries = (augmentedConfig.queries || []).concat( - augmentationProperties.queriesInput - ); - } else { - augmentedConfig.queries = augmentationProperties.queriesInput; - } - } - if (augmentedConfig.queries?.length === 0) { - delete augmentedConfig.queries; - } - if (augmentationProperties.packsInput) { - if (augmentationProperties.packsInputCombines) { - if (Array.isArray(augmentedConfig.packs)) { - augmentedConfig.packs = (augmentedConfig.packs || []).concat( - augmentationProperties.packsInput - ); - } else if (!augmentedConfig.packs) { - augmentedConfig.packs = augmentationProperties.packsInput; - } else { - const language = Object.keys(augmentedConfig.packs)[0]; - augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(augmentationProperties.packsInput); - } - } else { - augmentedConfig.packs = augmentationProperties.packsInput; - } - } - if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) { - delete augmentedConfig.packs; - } - augmentedConfig["query-filters"] = [ - // Ordering matters. If the first filter is an inclusion, it implicitly - // excludes all queries that are not included. If it is an exclusion, - // it implicitly includes all queries that are not excluded. So user - // filters (if any) should always be first to preserve intent. - ...augmentedConfig["query-filters"] || [], - ...augmentationProperties.extraQueryExclusions - ]; - if (augmentedConfig["query-filters"]?.length === 0) { - delete augmentedConfig["query-filters"]; - } - return augmentedConfig; -} - // src/setup-codeql.ts -var fs10 = __toESM(require("fs")); -var path11 = __toESM(require("path")); +var fs8 = __toESM(require("fs")); +var path9 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver7 = __toESM(require_semver2()); +var semver6 = __toESM(require_semver2()); // node_modules/uuid/dist/esm/stringify.js var byteToHex = []; @@ -89526,12 +89382,12 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs8 = __toESM(require("fs")); +var fs6 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); var toolcache = __toESM(require_tool_cache()); -var semver5 = __toESM(require_semver2()); +var semver4 = __toESM(require_semver2()); var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3"; var MIN_REQUIRED_GNU_TAR_VERSION = "1.31"; async function getTarVersion() { @@ -89573,9 +89429,9 @@ async function isZstdAvailable(logger) { case "gnu": return { available: foundZstdBinary && // GNU tar only uses major and minor version numbers - semver5.gte( - semver5.coerce(version), - semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION) + semver4.gte( + semver4.coerce(version), + semver4.coerce(MIN_REQUIRED_GNU_TAR_VERSION) ), foundZstdBinary, version: tarVersion @@ -89584,7 +89440,7 @@ async function isZstdAvailable(logger) { return { available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain // a patch version number. - semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), + semver4.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), foundZstdBinary, version: tarVersion }; @@ -89599,7 +89455,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs8.mkdirSync(dest, { recursive: true }); + fs6.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -89683,15 +89539,15 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs9 = __toESM(require("fs")); +var fs7 = __toESM(require("fs")); var os = __toESM(require("os")); -var path10 = __toESM(require("path")); +var path8 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); -var core9 = __toESM(require_core()); +var core8 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver6 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; var TOOLCACHE_TOOL_NAME = "CodeQL"; function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) { @@ -89741,10 +89597,10 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } } catch (e) { - core9.warning( + core8.warning( `Failed to download and extract CodeQL bundle using streaming with error: ${getErrorMessage(e)}` ); - core9.warning(`Falling back to downloading the bundle before extracting.`); + core8.warning(`Falling back to downloading the bundle before extracting.`); await cleanUpGlob(dest, "CodeQL bundle", logger); } const toolsDownloadStart = import_perf_hooks.performance.now(); @@ -89790,7 +89646,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs9.mkdirSync(dest, { recursive: true }); + fs7.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -89818,16 +89674,16 @@ async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorizatio await extractTarZst(response, dest, tarVersion, logger); } function getToolcacheDirectory(version) { - return path10.join( + return path8.join( getRequiredEnvParam("RUNNER_TOOL_CACHE"), TOOLCACHE_TOOL_NAME, - semver6.clean(version) || version, + semver5.clean(version) || version, os.arch() || "" ); } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs9.writeFileSync(markerFilePath, ""); + fs7.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -89942,13 +89798,13 @@ function tryGetTagNameFromUrl(url2, logger) { return match[1]; } function convertToSemVer(version, logger) { - if (!semver7.valid(version)) { + if (!semver6.valid(version)) { logger.debug( `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.` ); version = `0.0.0-${version}`; } - const s = semver7.clean(version); + const s = semver6.clean(version); if (!s) { throw new Error(`Bundle version ${version} is not in SemVer format.`); } @@ -89958,7 +89814,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs10.existsSync(path11.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs8.existsSync(path9.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -90018,7 +89874,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian url2 = toolsInput; if (tagName) { const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger); - if (bundleVersion3 && semver7.valid(bundleVersion3)) { + if (bundleVersion3 && semver6.valid(bundleVersion3)) { cliVersion2 = convertToSemVer(bundleVersion3, logger); } } @@ -90287,11 +90143,11 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau async function useZstdBundle(cliVersion2, tarSupportsZstd) { return ( // In testing, gzip performs better than zstd on Windows. - process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) + process.platform !== "win32" && tarSupportsZstd && semver6.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) ); } function getTempExtractionDir(tempDir) { - return path11.join(tempDir, v4_default()); + return path9.join(tempDir, v4_default()); } // src/tracer-config.ts @@ -90334,7 +90190,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV toolsDownloadStatusReport )}` ); - let codeqlCmd = path12.join(codeqlFolder, "codeql", "codeql"); + let codeqlCmd = path10.join(codeqlFolder, "codeql", "codeql"); if (process.platform === "win32") { codeqlCmd += ".exe"; } else if (process.platform !== "linux" && process.platform !== "darwin") { @@ -90395,12 +90251,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path12.join( + const tracingConfigPath = path10.join( extractorPath, "tools", "tracing-config.lua" ); - return fs11.existsSync(tracingConfigPath); + return fs9.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -90471,7 +90327,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path12.join( + const autobuildCmd = path10.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -90792,12 +90648,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core10.warning( + core9.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core9.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -90849,17 +90705,13 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(augmentedConfig)); + logger.info(dump(config.computedConfig)); logger.endGroup(); - fs11.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs9.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -90882,7 +90734,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path12.resolve(config.tempDir, "user-config.yaml"); + return path10.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -90902,6 +90754,99 @@ async function getJobRunUuidSarifOptions(codeql) { ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } +// src/config-utils.ts +var fs11 = __toESM(require("fs")); +var path12 = __toESM(require("path")); +var semver7 = __toESM(require_semver2()); + +// src/analyses.ts +var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { + AnalysisKind2["CodeScanning"] = "code-scanning"; + AnalysisKind2["CodeQuality"] = "code-quality"; + return AnalysisKind2; +})(AnalysisKind || {}); +var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); + +// src/caching-utils.ts +var core10 = __toESM(require_core()); + +// src/diff-informed-analysis-utils.ts +var fs10 = __toESM(require("fs")); +var path11 = __toESM(require("path")); +function getDiffRangesJsonFilePath() { + return path11.join(getTemporaryDirectory(), "pr-diff-range.json"); +} +function readDiffRangesJsonFile(logger) { + const jsonFilePath = getDiffRangesJsonFilePath(); + if (!fs10.existsSync(jsonFilePath)) { + logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); + return void 0; + } + const jsonContents = fs10.readFileSync(jsonFilePath, "utf8"); + logger.debug( + `Read pr-diff-range JSON file from ${jsonFilePath}: +${jsonContents}` + ); + return JSON.parse(jsonContents); +} + +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); + +// src/config-utils.ts +var defaultAugmentationProperties = { + queriesInputCombines: false, + packsInputCombines: false, + packsInput: void 0, + queriesInput: void 0, + extraQueryExclusions: [], + overlayDatabaseMode: "none" /* None */, + useOverlayDatabaseCaching: false +}; +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path12.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs11.existsSync(configFile)) { + return void 0; + } + const configString = fs11.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} + // src/fingerprints.ts var fs12 = __toESM(require("fs")); var import_path = __toESM(require("path")); diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 4e569eb512..80c1b46900 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -117149,10 +117149,10 @@ var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); // src/autobuild.ts -var core11 = __toESM(require_core()); +var core10 = __toESM(require_core()); // src/codeql.ts -var core10 = __toESM(require_core()); +var core9 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -117288,12 +117288,6 @@ var cliErrorsConfig = { } }; -// src/config-utils.ts -var semver4 = __toESM(require_semver2()); - -// src/caching-utils.ts -var core6 = __toESM(require_core()); - // src/feature-flags.ts var semver3 = __toESM(require_semver2()); @@ -117301,21 +117295,21 @@ var semver3 = __toESM(require_semver2()); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core7 = __toESM(require_core()); +var core6 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); // src/logging.ts -var core8 = __toESM(require_core()); +var core7 = __toESM(require_core()); function getActionsLogger() { - return core8; + return core7; } function withGroup(groupName, f) { - core8.startGroup(groupName); + core7.startGroup(groupName); try { return f(); } finally { - core8.endGroup(); + core7.endGroup(); } } @@ -117491,6 +117485,31 @@ var featureConfig = { } }; +// src/setup-codeql.ts +var toolcache3 = __toESM(require_tool_cache()); +var import_fast_deep_equal = __toESM(require_fast_deep_equal()); +var semver6 = __toESM(require_semver2()); + +// src/tar.ts +var import_toolrunner = __toESM(require_toolrunner()); +var io4 = __toESM(require_io()); +var toolcache = __toESM(require_tool_cache()); +var semver4 = __toESM(require_semver2()); + +// src/tools-download.ts +var core8 = __toESM(require_core()); +var import_http_client = __toESM(require_lib()); +var toolcache2 = __toESM(require_tool_cache()); +var import_follow_redirects = __toESM(require_follow_redirects()); +var semver5 = __toESM(require_semver2()); +var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; + +// src/config-utils.ts +var semver7 = __toESM(require_semver2()); + +// src/caching-utils.ts +var core11 = __toESM(require_core()); + // src/trap-caching.ts var actionsCache2 = __toESM(require_cache3()); @@ -117535,25 +117554,6 @@ var PACK_IDENTIFIER_PATTERN = (function() { return new RegExp(`^${component}/${component}$`); })(); -// src/setup-codeql.ts -var toolcache3 = __toESM(require_tool_cache()); -var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver7 = __toESM(require_semver2()); - -// src/tar.ts -var import_toolrunner = __toESM(require_toolrunner()); -var io4 = __toESM(require_io()); -var toolcache = __toESM(require_tool_cache()); -var semver5 = __toESM(require_semver2()); - -// src/tools-download.ts -var core9 = __toESM(require_core()); -var import_http_client = __toESM(require_lib()); -var toolcache2 = __toESM(require_tool_cache()); -var import_follow_redirects = __toESM(require_follow_redirects()); -var semver6 = __toESM(require_semver2()); -var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; - // src/dependency-caching.ts var actionsCache3 = __toESM(require_cache3()); var glob = __toESM(require_glob3()); diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index e785cef377..01f4f470d2 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -88491,9 +88491,6 @@ function satisfiesGHESVersion(ghesVersion, range, defaultIfInvalid) { semverVersion.prerelease = []; return semver.satisfies(semverVersion, range); } -function cloneObject(obj) { - return JSON.parse(JSON.stringify(obj)); -} async function checkSipEnablement(logger) { if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; @@ -89765,9 +89762,9 @@ var core12 = __toESM(require_core()); var jsonschema = __toESM(require_lib2()); // src/codeql.ts -var fs12 = __toESM(require("fs")); -var path13 = __toESM(require("path")); -var core11 = __toESM(require_core()); +var fs10 = __toESM(require("fs")); +var path11 = __toESM(require("path")); +var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -90007,151 +90004,12 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } -// src/config-utils.ts -var fs8 = __toESM(require("fs")); -var path10 = __toESM(require("path")); -var semver4 = __toESM(require_semver2()); - -// src/analyses.ts -var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { - AnalysisKind2["CodeScanning"] = "code-scanning"; - AnalysisKind2["CodeQuality"] = "code-quality"; - return AnalysisKind2; -})(AnalysisKind || {}); -var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); - -// src/caching-utils.ts -var core9 = __toESM(require_core()); - -// src/diff-informed-analysis-utils.ts -var fs7 = __toESM(require("fs")); -var path9 = __toESM(require("path")); -function getDiffRangesJsonFilePath() { - return path9.join(getTemporaryDirectory(), "pr-diff-range.json"); -} -function readDiffRangesJsonFile(logger) { - const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs7.existsSync(jsonFilePath)) { - logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); - return void 0; - } - const jsonContents = fs7.readFileSync(jsonFilePath, "utf8"); - logger.debug( - `Read pr-diff-range JSON file from ${jsonFilePath}: -${jsonContents}` - ); - return JSON.parse(jsonContents); -} - -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); - -// src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path10.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs8.existsSync(configFile)) { - return void 0; - } - const configString = fs8.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} -function generateCodeScanningConfig(originalUserInput, augmentationProperties) { - const augmentedConfig = cloneObject(originalUserInput); - if (augmentationProperties.queriesInput) { - if (augmentationProperties.queriesInputCombines) { - augmentedConfig.queries = (augmentedConfig.queries || []).concat( - augmentationProperties.queriesInput - ); - } else { - augmentedConfig.queries = augmentationProperties.queriesInput; - } - } - if (augmentedConfig.queries?.length === 0) { - delete augmentedConfig.queries; - } - if (augmentationProperties.packsInput) { - if (augmentationProperties.packsInputCombines) { - if (Array.isArray(augmentedConfig.packs)) { - augmentedConfig.packs = (augmentedConfig.packs || []).concat( - augmentationProperties.packsInput - ); - } else if (!augmentedConfig.packs) { - augmentedConfig.packs = augmentationProperties.packsInput; - } else { - const language = Object.keys(augmentedConfig.packs)[0]; - augmentedConfig.packs[language] = augmentedConfig.packs[language].concat(augmentationProperties.packsInput); - } - } else { - augmentedConfig.packs = augmentationProperties.packsInput; - } - } - if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) { - delete augmentedConfig.packs; - } - augmentedConfig["query-filters"] = [ - // Ordering matters. If the first filter is an inclusion, it implicitly - // excludes all queries that are not included. If it is an exclusion, - // it implicitly includes all queries that are not excluded. So user - // filters (if any) should always be first to preserve intent. - ...augmentedConfig["query-filters"] || [], - ...augmentationProperties.extraQueryExclusions - ]; - if (augmentedConfig["query-filters"]?.length === 0) { - delete augmentedConfig["query-filters"]; - } - return augmentedConfig; -} - // src/setup-codeql.ts -var fs11 = __toESM(require("fs")); -var path12 = __toESM(require("path")); +var fs9 = __toESM(require("fs")); +var path10 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver7 = __toESM(require_semver2()); +var semver6 = __toESM(require_semver2()); // node_modules/uuid/dist/esm/stringify.js var byteToHex = []; @@ -90206,12 +90064,12 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs9 = __toESM(require("fs")); +var fs7 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); var toolcache = __toESM(require_tool_cache()); -var semver5 = __toESM(require_semver2()); +var semver4 = __toESM(require_semver2()); var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3"; var MIN_REQUIRED_GNU_TAR_VERSION = "1.31"; async function getTarVersion() { @@ -90253,9 +90111,9 @@ async function isZstdAvailable(logger) { case "gnu": return { available: foundZstdBinary && // GNU tar only uses major and minor version numbers - semver5.gte( - semver5.coerce(version), - semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION) + semver4.gte( + semver4.coerce(version), + semver4.coerce(MIN_REQUIRED_GNU_TAR_VERSION) ), foundZstdBinary, version: tarVersion @@ -90264,7 +90122,7 @@ async function isZstdAvailable(logger) { return { available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain // a patch version number. - semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), + semver4.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), foundZstdBinary, version: tarVersion }; @@ -90279,7 +90137,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs9.mkdirSync(dest, { recursive: true }); + fs7.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -90363,15 +90221,15 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs10 = __toESM(require("fs")); +var fs8 = __toESM(require("fs")); var os2 = __toESM(require("os")); -var path11 = __toESM(require("path")); +var path9 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); -var core10 = __toESM(require_core()); +var core9 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver6 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; var TOOLCACHE_TOOL_NAME = "CodeQL"; function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) { @@ -90421,10 +90279,10 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } } catch (e) { - core10.warning( + core9.warning( `Failed to download and extract CodeQL bundle using streaming with error: ${getErrorMessage(e)}` ); - core10.warning(`Falling back to downloading the bundle before extracting.`); + core9.warning(`Falling back to downloading the bundle before extracting.`); await cleanUpGlob(dest, "CodeQL bundle", logger); } const toolsDownloadStart = import_perf_hooks.performance.now(); @@ -90470,7 +90328,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs10.mkdirSync(dest, { recursive: true }); + fs8.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -90498,16 +90356,16 @@ async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorizatio await extractTarZst(response, dest, tarVersion, logger); } function getToolcacheDirectory(version) { - return path11.join( + return path9.join( getRequiredEnvParam("RUNNER_TOOL_CACHE"), TOOLCACHE_TOOL_NAME, - semver6.clean(version) || version, + semver5.clean(version) || version, os2.arch() || "" ); } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs10.writeFileSync(markerFilePath, ""); + fs8.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -90622,13 +90480,13 @@ function tryGetTagNameFromUrl(url2, logger) { return match[1]; } function convertToSemVer(version, logger) { - if (!semver7.valid(version)) { + if (!semver6.valid(version)) { logger.debug( `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.` ); version = `0.0.0-${version}`; } - const s = semver7.clean(version); + const s = semver6.clean(version); if (!s) { throw new Error(`Bundle version ${version} is not in SemVer format.`); } @@ -90638,7 +90496,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs11.existsSync(path12.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs9.existsSync(path10.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -90698,7 +90556,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian url2 = toolsInput; if (tagName) { const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger); - if (bundleVersion3 && semver7.valid(bundleVersion3)) { + if (bundleVersion3 && semver6.valid(bundleVersion3)) { cliVersion2 = convertToSemVer(bundleVersion3, logger); } } @@ -90967,11 +90825,11 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau async function useZstdBundle(cliVersion2, tarSupportsZstd) { return ( // In testing, gzip performs better than zstd on Windows. - process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) + process.platform !== "win32" && tarSupportsZstd && semver6.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) ); } function getTempExtractionDir(tempDir) { - return path12.join(tempDir, v4_default()); + return path10.join(tempDir, v4_default()); } // src/tracer-config.ts @@ -91014,7 +90872,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV toolsDownloadStatusReport )}` ); - let codeqlCmd = path13.join(codeqlFolder, "codeql", "codeql"); + let codeqlCmd = path11.join(codeqlFolder, "codeql", "codeql"); if (process.platform === "win32") { codeqlCmd += ".exe"; } else if (process.platform !== "linux" && process.platform !== "darwin") { @@ -91075,12 +90933,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path13.join( + const tracingConfigPath = path11.join( extractorPath, "tools", "tracing-config.lua" ); - return fs12.existsSync(tracingConfigPath); + return fs10.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -91151,7 +91009,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path13.join( + const autobuildCmd = path11.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -91472,12 +91330,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core11.warning( + core10.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core11.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -91529,17 +91387,13 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(augmentedConfig)); + logger.info(dump(config.computedConfig)); logger.endGroup(); - fs12.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); + fs10.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -91562,7 +91416,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path13.resolve(config.tempDir, "user-config.yaml"); + return path11.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -91582,6 +91436,99 @@ async function getJobRunUuidSarifOptions(codeql) { ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } +// src/config-utils.ts +var fs12 = __toESM(require("fs")); +var path13 = __toESM(require("path")); +var semver7 = __toESM(require_semver2()); + +// src/analyses.ts +var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { + AnalysisKind2["CodeScanning"] = "code-scanning"; + AnalysisKind2["CodeQuality"] = "code-quality"; + return AnalysisKind2; +})(AnalysisKind || {}); +var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); + +// src/caching-utils.ts +var core11 = __toESM(require_core()); + +// src/diff-informed-analysis-utils.ts +var fs11 = __toESM(require("fs")); +var path12 = __toESM(require("path")); +function getDiffRangesJsonFilePath() { + return path12.join(getTemporaryDirectory(), "pr-diff-range.json"); +} +function readDiffRangesJsonFile(logger) { + const jsonFilePath = getDiffRangesJsonFilePath(); + if (!fs11.existsSync(jsonFilePath)) { + logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); + return void 0; + } + const jsonContents = fs11.readFileSync(jsonFilePath, "utf8"); + logger.debug( + `Read pr-diff-range JSON file from ${jsonFilePath}: +${jsonContents}` + ); + return JSON.parse(jsonContents); +} + +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); + +// src/config-utils.ts +var defaultAugmentationProperties = { + queriesInputCombines: false, + packsInputCombines: false, + packsInput: void 0, + queriesInput: void 0, + extraQueryExclusions: [], + overlayDatabaseMode: "none" /* None */, + useOverlayDatabaseCaching: false +}; +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path13.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs12.existsSync(configFile)) { + return void 0; + } + const configString = fs12.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} + // src/fingerprints.ts var fs13 = __toESM(require("fs")); var import_path = __toESM(require("path")); diff --git a/src/codeql.test.ts b/src/codeql.test.ts index 29e4b27ef3..e6df746c73 100644 --- a/src/codeql.test.ts +++ b/src/codeql.test.ts @@ -18,6 +18,7 @@ import { AugmentationProperties, Config, defaultAugmentationProperties, + generateCodeScanningConfig, } from "./config-utils"; import * as defaults from "./defaults.json"; import { DocUrl } from "./doc-url"; @@ -504,6 +505,10 @@ const injectedConfigMacro = test.macro({ tempDir, augmentationProperties, }; + thisStubConfig.computedConfig = generateCodeScanningConfig( + thisStubConfig.originalUserInput, + thisStubConfig.augmentationProperties, + ); await codeqlObject.databaseInitCluster( thisStubConfig, diff --git a/src/codeql.ts b/src/codeql.ts index 81c8e3decd..820789bdd3 100644 --- a/src/codeql.ts +++ b/src/codeql.ts @@ -13,7 +13,7 @@ import { } from "./actions-util"; import * as api from "./api-client"; import { CliError, wrapCliConfigurationError } from "./cli-errors"; -import { generateCodeScanningConfig, type Config } from "./config-utils"; +import { type Config } from "./config-utils"; import { DocUrl } from "./doc-url"; import { EnvVar } from "./environment"; import { @@ -1161,19 +1161,15 @@ async function writeCodeScanningConfigFile( logger: Logger, ): Promise { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); - const augmentedConfig = generateCodeScanningConfig( - config.originalUserInput, - config.augmentationProperties, - ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}`, ); logger.startGroup("Augmented user configuration file contents"); - logger.info(yaml.dump(augmentedConfig)); + logger.info(yaml.dump(config.computedConfig)); logger.endGroup(); - fs.writeFileSync(codeScanningConfigFile, yaml.dump(augmentedConfig)); + fs.writeFileSync(codeScanningConfigFile, yaml.dump(config.computedConfig)); return codeScanningConfigFile; } diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index e57cb5f6f4..a7b36df7aa 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -322,18 +322,21 @@ test("load non-empty input", async (t) => { fs.mkdirSync(path.join(tempDir, "foo")); + const userConfig: configUtils.UserConfig = { + name: "my config", + "disable-default-queries": true, + queries: [{ uses: "./foo" }], + "paths-ignore": ["a", "b"], + paths: ["c/d"], + }; + // And the config we expect it to parse to const expectedConfig: configUtils.Config = { analysisKinds: [AnalysisKind.CodeScanning], languages: [KnownLanguage.javascript], buildMode: BuildMode.None, - originalUserInput: { - name: "my config", - "disable-default-queries": true, - queries: [{ uses: "./foo" }], - "paths-ignore": ["a", "b"], - paths: ["c/d"], - }, + originalUserInput: userConfig, + computedConfig: userConfig, tempDir, codeQLCmd: codeql.getPath(), gitHubVersion: githubVersion, diff --git a/src/config-utils.ts b/src/config-utils.ts index 477cb20e6c..1325268619 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -145,8 +145,17 @@ export interface Config { */ debugDatabaseName: string; + /** + * Describes how to augment the user configuration with inputs from the action. + */ augmentationProperties: AugmentationProperties; + /** + * The configuration we computed by combining `originalUserInput` with `augmentationProperties`, + * as well as adjustments made to it based on unsupported or required options. + */ + computedConfig: UserConfig; + /** * Partial map from languages to locations of TRAP caches for that language. * If a key is omitted, then TRAP caching should not be used for that language. @@ -576,6 +585,7 @@ export async function getDefaultConfig({ languages, buildMode, originalUserInput: {}, + computedConfig: {}, tempDir, codeQLCmd: codeql.getPath(), gitHubVersion: githubVersion, @@ -1101,6 +1111,13 @@ export async function initConfig(inputs: InitConfigInputs): Promise { const augmentationProperties = config.augmentationProperties; config.originalUserInput = userConfig; + // Compute the full Code Scanning configuration that combines the configuration from the + // configuration file / `config` input with other inputs, such as `queries`. + config.computedConfig = generateCodeScanningConfig( + userConfig, + config.augmentationProperties, + ); + // The choice of overlay database mode depends on the selection of languages // and queries, which in turn depends on the user config and the augmentation // properties. So we need to calculate the overlay database mode after the @@ -1113,7 +1130,7 @@ export async function initConfig(inputs: InitConfigInputs): Promise { config.languages, inputs.sourceRoot, config.buildMode, - generateCodeScanningConfig(userConfig, augmentationProperties), + config.computedConfig, logger, ); logger.info( diff --git a/src/testing-utils.ts b/src/testing-utils.ts index 624bb72cd5..49b50cb212 100644 --- a/src/testing-utils.ts +++ b/src/testing-utils.ts @@ -360,6 +360,7 @@ export function createTestConfig(overrides: Partial): Config { languages: [], buildMode: undefined, originalUserInput: {}, + computedConfig: {}, tempDir: "", codeQLCmd: "", gitHubVersion: { From ac9b91e74508dad8331f461592a2ca51c70e293d Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Tue, 2 Sep 2025 12:45:17 +0100 Subject: [PATCH 2/4] Move overlay db settings from `AugmentationProperties` to `Config` --- lib/analyze-action-post.js | 11 +------ lib/analyze-action.js | 23 +++++--------- lib/autobuild-action.js | 11 +------ lib/init-action-post.js | 11 +------ lib/init-action.js | 43 +++++++++++-------------- lib/resolve-environment-action.js | 11 +------ lib/start-proxy-action-post.js | 9 ------ lib/upload-lib.js | 11 +------ lib/upload-sarif-action-post.js | 9 ------ lib/upload-sarif-action.js | 11 +------ src/analyze.ts | 16 +++------- src/codeql.ts | 3 +- src/config-utils.test.ts | 2 ++ src/config-utils.ts | 50 +++++++++++++++--------------- src/init-action.ts | 19 ++++-------- src/overlay-database-utils.test.ts | 6 ++-- src/overlay-database-utils.ts | 8 ++--- src/testing-utils.ts | 8 ++--- 18 files changed, 79 insertions(+), 183 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 70418568c3..1f53d47757 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -118012,7 +118012,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { await this.getVersion(), "forceOverwrite" /* ForceOverwrite */ ) ? "--force-overwrite" : "--overwrite"; - const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode; + const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === "overlay" /* Overlay */) { const overlayChangesFile = await writeOverlayChangesFile( config, @@ -118495,15 +118495,6 @@ var core10 = __toESM(require_core()); var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/analyze-action.js b/lib/analyze-action.js index ead5a6e9a9..6b04b1d3e1 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -90839,14 +90839,14 @@ function checkOverlayBaseDatabase(config, logger, warningPrefix) { return true; } async function uploadOverlayBaseDatabaseToCache(codeql, config, logger) { - const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode; + const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode !== "overlay-base" /* OverlayBase */) { logger.debug( `Overlay database mode is ${overlayDatabaseMode}. Skip uploading overlay-base database to cache.` ); return false; } - if (!config.augmentationProperties.useOverlayDatabaseCaching) { + if (!config.useOverlayDatabaseCaching) { logger.debug( "Overlay database caching is disabled. Skip uploading overlay-base database to cache." ); @@ -92354,7 +92354,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { await this.getVersion(), "forceOverwrite" /* ForceOverwrite */ ) ? "--force-overwrite" : "--overwrite"; - const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode; + const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === "overlay" /* Overlay */) { const overlayChangesFile = await writeOverlayChangesFile( config, @@ -93048,15 +93048,6 @@ async function cachePrefix(codeql, language) { } // src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, @@ -93548,7 +93539,7 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, const statusReport = {}; const queryFlags = [memoryFlag, threadsFlag]; const incrementalMode = []; - if (config.augmentationProperties.overlayDatabaseMode !== "overlay-base" /* OverlayBase */) { + if (config.overlayDatabaseMode !== "overlay-base" /* OverlayBase */) { queryFlags.push("--expect-discarded-cache"); } statusReport.analysis_is_diff_informed = diffRangePackDir !== void 0; @@ -93557,9 +93548,9 @@ async function runQueries(sarifFolder, memoryFlag, addSnippetsFlag, threadsFlag, queryFlags.push("--extension-packs=codeql-action/pr-diff-range"); incrementalMode.push("diff-informed"); } - statusReport.analysis_is_overlay = config.augmentationProperties.overlayDatabaseMode === "overlay" /* Overlay */; - statusReport.analysis_builds_overlay_base_database = config.augmentationProperties.overlayDatabaseMode === "overlay-base" /* OverlayBase */; - if (config.augmentationProperties.overlayDatabaseMode === "overlay" /* Overlay */) { + statusReport.analysis_is_overlay = config.overlayDatabaseMode === "overlay" /* Overlay */; + statusReport.analysis_builds_overlay_base_database = config.overlayDatabaseMode === "overlay-base" /* OverlayBase */; + if (config.overlayDatabaseMode === "overlay" /* Overlay */) { incrementalMode.push("overlay"); } const sarifRunPropertyFlag = incrementalMode.length > 0 ? `--sarif-run-property=incrementalMode=${incrementalMode.join(",")}` : void 0; diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 04f82f84f3..a1f0c90f01 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -79047,7 +79047,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { await this.getVersion(), "forceOverwrite" /* ForceOverwrite */ ) ? "--force-overwrite" : "--overwrite"; - const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode; + const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === "overlay" /* Overlay */) { const overlayChangesFile = await writeOverlayChangesFile( config, @@ -79615,15 +79615,6 @@ var core11 = __toESM(require_core()); var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 22cd2bec56..a360f4d0c1 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -130444,7 +130444,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { await this.getVersion(), "forceOverwrite" /* ForceOverwrite */ ) ? "--force-overwrite" : "--overwrite"; - const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode; + const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === "overlay" /* Overlay */) { const overlayChangesFile = await writeOverlayChangesFile( config, @@ -130947,15 +130947,6 @@ ${jsonContents}` var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/init-action.js b/lib/init-action.js index 42f001de7f..a73a8a6aa2 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -86458,14 +86458,14 @@ function checkOverlayBaseDatabase(config, logger, warningPrefix) { return true; } async function downloadOverlayBaseDatabaseFromCache(codeql, config, logger) { - const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode; + const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode !== "overlay" /* Overlay */) { logger.debug( `Overlay database mode is ${overlayDatabaseMode}. Skip downloading overlay-base database from cache.` ); return void 0; } - if (!config.augmentationProperties.useOverlayDatabaseCaching) { + if (!config.useOverlayDatabaseCaching) { logger.debug( "Overlay database caching is disabled. Skip downloading overlay-base database from cache." ); @@ -87116,15 +87116,6 @@ async function cachePrefix(codeql, language) { // src/config-utils.ts var PACKS_PROPERTY = "packs"; -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; function getPacksStrInvalid(packStr, configFile) { return configFile ? getConfigFilePropertyError( configFile, @@ -87312,7 +87303,9 @@ async function getDefaultConfig({ augmentationProperties, trapCaches, trapCacheDownloadTime, - dependencyCachingEnabled: getCachingKind(dependencyCachingEnabled) + dependencyCachingEnabled: getCachingKind(dependencyCachingEnabled), + overlayDatabaseMode: "none" /* None */, + useOverlayDatabaseCaching: false }; } async function downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logger) { @@ -87357,9 +87350,7 @@ async function calculateAugmentation(rawPacksInput, rawQueriesInput, languages) packsInput: packsInput?.[languages[0]], queriesInput, queriesInputCombines, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false + extraQueryExclusions: [] }; } function parseQueriesFromInput(rawQueriesInput, queriesInputCombines) { @@ -87611,7 +87602,6 @@ async function initConfig(inputs) { ); } const config = await getDefaultConfig(inputs); - const augmentationProperties = config.augmentationProperties; config.originalUserInput = userConfig; config.computedConfig = generateCodeScanningConfig( userConfig, @@ -87630,14 +87620,17 @@ async function initConfig(inputs) { logger.info( `Using overlay database mode: ${overlayDatabaseMode} ${useOverlayDatabaseCaching ? "with" : "without"} caching.` ); - augmentationProperties.overlayDatabaseMode = overlayDatabaseMode; - augmentationProperties.useOverlayDatabaseCaching = useOverlayDatabaseCaching; + config.overlayDatabaseMode = overlayDatabaseMode; + config.useOverlayDatabaseCaching = useOverlayDatabaseCaching; if (overlayDatabaseMode === "overlay" /* Overlay */ || await shouldPerformDiffInformedAnalysis( inputs.codeql, inputs.features, logger )) { - augmentationProperties.extraQueryExclusions.push({ + if (config.computedConfig["query-filters"] === void 0) { + config.computedConfig["query-filters"] = []; + } + config.computedConfig["query-filters"].push({ exclude: { tags: "exclude-from-incremental" } }); } @@ -89197,7 +89190,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { await this.getVersion(), "forceOverwrite" /* ForceOverwrite */ ) ? "--force-overwrite" : "--overwrite"; - const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode; + const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === "overlay" /* Overlay */) { const overlayChangesFile = await writeOverlayChangesFile( config, @@ -90392,20 +90385,20 @@ async function run() { } let overlayBaseDatabaseStats; try { - if (config.augmentationProperties.overlayDatabaseMode === "overlay" /* Overlay */ && config.augmentationProperties.useOverlayDatabaseCaching) { + if (config.overlayDatabaseMode === "overlay" /* Overlay */ && config.useOverlayDatabaseCaching) { overlayBaseDatabaseStats = await downloadOverlayBaseDatabaseFromCache( codeql, config, logger ); if (!overlayBaseDatabaseStats) { - config.augmentationProperties.overlayDatabaseMode = "none" /* None */; + config.overlayDatabaseMode = "none" /* None */; logger.info( `No overlay-base database found in cache, reverting overlay database mode to ${"none" /* None */}.` ); } } - if (config.augmentationProperties.overlayDatabaseMode !== "overlay" /* Overlay */) { + if (config.overlayDatabaseMode !== "overlay" /* Overlay */) { cleanupDatabaseClusterDirectory(config, logger); } if (zstdAvailability) { @@ -90582,11 +90575,11 @@ exec ${goBinaryPath} "$@"` qlconfigFile, logger ); - if (config.augmentationProperties.overlayDatabaseMode !== "none" /* None */ && !await checkPacksForOverlayCompatibility(codeql, config, logger)) { + if (config.overlayDatabaseMode !== "none" /* None */ && !await checkPacksForOverlayCompatibility(codeql, config, logger)) { logger.info( "Reverting overlay database mode to None due to incompatible packs." ); - config.augmentationProperties.overlayDatabaseMode = "none" /* None */; + config.overlayDatabaseMode = "none" /* None */; cleanupDatabaseClusterDirectory(config, logger, { disableExistingDirectoryWarning: true }); diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index f7dec10bb2..64f99a0171 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -78647,15 +78647,6 @@ var featureConfig = { var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, @@ -78820,7 +78811,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { await this.getVersion(), "forceOverwrite" /* ForceOverwrite */ ) ? "--force-overwrite" : "--overwrite"; - const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode; + const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === "overlay" /* Overlay */) { const overlayChangesFile = await writeOverlayChangesFile( config, diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index c9317c4cd2..a203807e9c 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -117330,15 +117330,6 @@ var featureConfig = { var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/upload-lib.js b/lib/upload-lib.js index 921a9ab3a6..ce0643800d 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -90291,7 +90291,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { await this.getVersion(), "forceOverwrite" /* ForceOverwrite */ ) ? "--force-overwrite" : "--overwrite"; - const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode; + const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === "overlay" /* Overlay */) { const overlayChangesFile = await writeOverlayChangesFile( config, @@ -90794,15 +90794,6 @@ ${jsonContents}` var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 80c1b46900..5c58c2e3d0 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -117514,15 +117514,6 @@ var core11 = __toESM(require_core()); var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 01f4f470d2..357d43a549 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -90973,7 +90973,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { await this.getVersion(), "forceOverwrite" /* ForceOverwrite */ ) ? "--force-overwrite" : "--overwrite"; - const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode; + const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === "overlay" /* Overlay */) { const overlayChangesFile = await writeOverlayChangesFile( config, @@ -91476,15 +91476,6 @@ ${jsonContents}` var actionsCache2 = __toESM(require_cache3()); // src/config-utils.ts -var defaultAugmentationProperties = { - queriesInputCombines: false, - packsInputCombines: false, - packsInput: void 0, - queriesInput: void 0, - extraQueryExclusions: [], - overlayDatabaseMode: "none" /* None */, - useOverlayDatabaseCaching: false -}; var OVERLAY_ANALYSIS_FEATURES = { actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, diff --git a/src/analyze.ts b/src/analyze.ts index 19bfcf028f..a8ab5ca91d 100644 --- a/src/analyze.ts +++ b/src/analyze.ts @@ -626,10 +626,7 @@ export async function runQueries( const incrementalMode: string[] = []; // Preserve cached intermediate results for overlay-base databases. - if ( - config.augmentationProperties.overlayDatabaseMode !== - OverlayDatabaseMode.OverlayBase - ) { + if (config.overlayDatabaseMode !== OverlayDatabaseMode.OverlayBase) { queryFlags.push("--expect-discarded-cache"); } @@ -641,15 +638,10 @@ export async function runQueries( } statusReport.analysis_is_overlay = - config.augmentationProperties.overlayDatabaseMode === - OverlayDatabaseMode.Overlay; + config.overlayDatabaseMode === OverlayDatabaseMode.Overlay; statusReport.analysis_builds_overlay_base_database = - config.augmentationProperties.overlayDatabaseMode === - OverlayDatabaseMode.OverlayBase; - if ( - config.augmentationProperties.overlayDatabaseMode === - OverlayDatabaseMode.Overlay - ) { + config.overlayDatabaseMode === OverlayDatabaseMode.OverlayBase; + if (config.overlayDatabaseMode === OverlayDatabaseMode.Overlay) { incrementalMode.push("overlay"); } diff --git a/src/codeql.ts b/src/codeql.ts index 820789bdd3..7fb899470a 100644 --- a/src/codeql.ts +++ b/src/codeql.ts @@ -593,8 +593,7 @@ export async function getCodeQLForCmd( ? "--force-overwrite" : "--overwrite"; - const overlayDatabaseMode = - config.augmentationProperties.overlayDatabaseMode; + const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode === OverlayDatabaseMode.Overlay) { const overlayChangesFile = await writeOverlayChangesFile( config, diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index a7b36df7aa..d3bfb62b83 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -348,6 +348,8 @@ test("load non-empty input", async (t) => { trapCaches: {}, trapCacheDownloadTime: 0, dependencyCachingEnabled: CachingKind.None, + overlayDatabaseMode: OverlayDatabaseMode.None, + useOverlayDatabaseCaching: false, }; const languagesInput = "javascript"; diff --git a/src/config-utils.ts b/src/config-utils.ts index 1325268619..9c0d535a40 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -169,6 +169,23 @@ export interface Config { /** A value indicating how dependency caching should be used. */ dependencyCachingEnabled: CachingKind; + + /** + * The overlay database mode to use. + */ + overlayDatabaseMode: OverlayDatabaseMode; + + /** + * Whether to use caching for overlay databases. If it is true, the action + * will upload the created overlay-base database to the actions cache, and + * download an overlay-base database from the actions cache before it creates + * a new overlay database. If it is false, the action assumes that the + * workflow will be responsible for managing database storage and retrieval. + * + * This property has no effect unless `overlayDatabaseMode` is `Overlay` or + * `OverlayBase`. + */ + useOverlayDatabaseCaching: boolean; } /** @@ -206,23 +223,6 @@ export interface AugmentationProperties { * Extra query exclusions to append to the config. */ extraQueryExclusions: ExcludeQueryFilter[]; - - /** - * The overlay database mode to use. - */ - overlayDatabaseMode: OverlayDatabaseMode; - - /** - * Whether to use caching for overlay databases. If it is true, the action - * will upload the created overlay-base database to the actions cache, and - * download an overlay-base database from the actions cache before it creates - * a new overlay database. If it is false, the action assumes that the - * workflow will be responsible for managing database storage and retrieval. - * - * This property has no effect unless `overlayDatabaseMode` is `Overlay` or - * `OverlayBase`. - */ - useOverlayDatabaseCaching: boolean; } /** @@ -235,8 +235,6 @@ export const defaultAugmentationProperties: AugmentationProperties = { packsInput: undefined, queriesInput: undefined, extraQueryExclusions: [], - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, }; export type Packs = Partial>; @@ -597,6 +595,8 @@ export async function getDefaultConfig({ trapCaches, trapCacheDownloadTime, dependencyCachingEnabled: getCachingKind(dependencyCachingEnabled), + overlayDatabaseMode: OverlayDatabaseMode.None, + useOverlayDatabaseCaching: false, }; } @@ -684,8 +684,6 @@ export async function calculateAugmentation( queriesInput, queriesInputCombines, extraQueryExclusions: [], - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, }; } @@ -1108,7 +1106,6 @@ export async function initConfig(inputs: InitConfigInputs): Promise { } const config = await getDefaultConfig(inputs); - const augmentationProperties = config.augmentationProperties; config.originalUserInput = userConfig; // Compute the full Code Scanning configuration that combines the configuration from the @@ -1137,8 +1134,8 @@ export async function initConfig(inputs: InitConfigInputs): Promise { `Using overlay database mode: ${overlayDatabaseMode} ` + `${useOverlayDatabaseCaching ? "with" : "without"} caching.`, ); - augmentationProperties.overlayDatabaseMode = overlayDatabaseMode; - augmentationProperties.useOverlayDatabaseCaching = useOverlayDatabaseCaching; + config.overlayDatabaseMode = overlayDatabaseMode; + config.useOverlayDatabaseCaching = useOverlayDatabaseCaching; if ( overlayDatabaseMode === OverlayDatabaseMode.Overlay || @@ -1148,7 +1145,10 @@ export async function initConfig(inputs: InitConfigInputs): Promise { logger, )) ) { - augmentationProperties.extraQueryExclusions.push({ + if (config.computedConfig["query-filters"] === undefined) { + config.computedConfig["query-filters"] = []; + } + config.computedConfig["query-filters"].push({ exclude: { tags: "exclude-from-incremental" }, }); } diff --git a/src/init-action.ts b/src/init-action.ts index df22fe6a54..35bc83d2df 100644 --- a/src/init-action.ts +++ b/src/init-action.ts @@ -449,9 +449,8 @@ async function run() { let overlayBaseDatabaseStats: OverlayBaseDatabaseDownloadStats | undefined; try { if ( - config.augmentationProperties.overlayDatabaseMode === - OverlayDatabaseMode.Overlay && - config.augmentationProperties.useOverlayDatabaseCaching + config.overlayDatabaseMode === OverlayDatabaseMode.Overlay && + config.useOverlayDatabaseCaching ) { // OverlayDatabaseMode.Overlay comes in two flavors: with database // caching, or without. The flavor with database caching is intended to be @@ -470,8 +469,7 @@ async function run() { logger, ); if (!overlayBaseDatabaseStats) { - config.augmentationProperties.overlayDatabaseMode = - OverlayDatabaseMode.None; + config.overlayDatabaseMode = OverlayDatabaseMode.None; logger.info( "No overlay-base database found in cache, " + `reverting overlay database mode to ${OverlayDatabaseMode.None}.`, @@ -479,10 +477,7 @@ async function run() { } } - if ( - config.augmentationProperties.overlayDatabaseMode !== - OverlayDatabaseMode.Overlay - ) { + if (config.overlayDatabaseMode !== OverlayDatabaseMode.Overlay) { cleanupDatabaseClusterDirectory(config, logger); } @@ -739,15 +734,13 @@ async function run() { // revert to `OverlayDatabaseMode.None`, re-initialize the database cluster // with the new overlay database mode. if ( - config.augmentationProperties.overlayDatabaseMode !== - OverlayDatabaseMode.None && + config.overlayDatabaseMode !== OverlayDatabaseMode.None && !(await checkPacksForOverlayCompatibility(codeql, config, logger)) ) { logger.info( "Reverting overlay database mode to None due to incompatible packs.", ); - config.augmentationProperties.overlayDatabaseMode = - OverlayDatabaseMode.None; + config.overlayDatabaseMode = OverlayDatabaseMode.None; cleanupDatabaseClusterDirectory(config, logger, { disableExistingDirectoryWarning: true, }); diff --git a/src/overlay-database-utils.test.ts b/src/overlay-database-utils.test.ts index fb8a48d447..61fcf48af9 100644 --- a/src/overlay-database-utils.test.ts +++ b/src/overlay-database-utils.test.ts @@ -120,10 +120,8 @@ const testDownloadOverlayBaseDatabaseFromCache = test.macro({ const testCase = { ...defaultDownloadTestCase, ...partialTestCase }; - config.augmentationProperties.overlayDatabaseMode = - testCase.overlayDatabaseMode; - config.augmentationProperties.useOverlayDatabaseCaching = - testCase.useOverlayDatabaseCaching; + config.overlayDatabaseMode = testCase.overlayDatabaseMode; + config.useOverlayDatabaseCaching = testCase.useOverlayDatabaseCaching; if (testCase.hasBaseDatabaseOidsFile) { const baseDatabaseOidsFile = path.join( diff --git a/src/overlay-database-utils.ts b/src/overlay-database-utils.ts index a01546f067..1df46aa785 100644 --- a/src/overlay-database-utils.ts +++ b/src/overlay-database-utils.ts @@ -192,7 +192,7 @@ export async function uploadOverlayBaseDatabaseToCache( config: Config, logger: Logger, ): Promise { - const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode; + const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode !== OverlayDatabaseMode.OverlayBase) { logger.debug( `Overlay database mode is ${overlayDatabaseMode}. ` + @@ -200,7 +200,7 @@ export async function uploadOverlayBaseDatabaseToCache( ); return false; } - if (!config.augmentationProperties.useOverlayDatabaseCaching) { + if (!config.useOverlayDatabaseCaching) { logger.debug( "Overlay database caching is disabled. " + "Skip uploading overlay-base database to cache.", @@ -298,7 +298,7 @@ export async function downloadOverlayBaseDatabaseFromCache( config: Config, logger: Logger, ): Promise { - const overlayDatabaseMode = config.augmentationProperties.overlayDatabaseMode; + const overlayDatabaseMode = config.overlayDatabaseMode; if (overlayDatabaseMode !== OverlayDatabaseMode.Overlay) { logger.debug( `Overlay database mode is ${overlayDatabaseMode}. ` + @@ -306,7 +306,7 @@ export async function downloadOverlayBaseDatabaseFromCache( ); return undefined; } - if (!config.augmentationProperties.useOverlayDatabaseCaching) { + if (!config.useOverlayDatabaseCaching) { logger.debug( "Overlay database caching is disabled. " + "Skip downloading overlay-base database from cache.", diff --git a/src/testing-utils.ts b/src/testing-utils.ts index 49b50cb212..943c4be343 100644 --- a/src/testing-utils.ts +++ b/src/testing-utils.ts @@ -11,7 +11,7 @@ import * as apiClient from "./api-client"; import { GitHubApiDetails } from "./api-client"; import { CachingKind } from "./caching-utils"; import * as codeql from "./codeql"; -import { Config } from "./config-utils"; +import { AugmentationProperties, Config } from "./config-utils"; import * as defaults from "./defaults.json"; import { CodeQLDefaultVersionInfo, @@ -374,12 +374,12 @@ export function createTestConfig(overrides: Partial): Config { packsInputCombines: false, queriesInputCombines: false, extraQueryExclusions: [], - overlayDatabaseMode: OverlayDatabaseMode.None, - useOverlayDatabaseCaching: false, - }, + } satisfies AugmentationProperties, trapCaches: {}, trapCacheDownloadTime: 0, dependencyCachingEnabled: CachingKind.None, + overlayDatabaseMode: OverlayDatabaseMode.None, + useOverlayDatabaseCaching: false, } satisfies Config, overrides, ); From e9fb72dd82c002ad0d0ec925cf638124501b908d Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Wed, 3 Sep 2025 12:08:11 +0100 Subject: [PATCH 3/4] Move `extraQueryExclusions` out of `AugmentationProperties` --- lib/analyze-action-post.js | 199 +++++----- lib/analyze-action.js | 603 ++++++++++++++++-------------- lib/autobuild-action.js | 215 ++++++----- lib/init-action-post.js | 287 +++++++------- lib/init-action.js | 26 +- lib/resolve-environment-action.js | 29 +- lib/upload-lib.js | 281 +++++++------- lib/upload-sarif-action-post.js | 64 ++-- lib/upload-sarif-action.js | 269 +++++++------ src/codeql.ts | 22 +- src/config-utils.test.ts | 1 + src/config-utils.ts | 44 ++- src/testing-utils.ts | 2 +- 13 files changed, 1131 insertions(+), 911 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 1f53d47757..641b11a8b3 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -117083,6 +117083,9 @@ function wrapError(error2) { function getErrorMessage(error2) { return error2 instanceof Error ? error2.message : String(error2); } +function cloneObject(obj) { + return JSON.parse(JSON.stringify(obj)); +} async function asyncSome(array, predicate) { const results = await Promise.all(array.map(predicate)); return results.some((result) => result); @@ -117240,9 +117243,9 @@ async function getGitHubVersion() { } // src/codeql.ts -var fs3 = __toESM(require("fs")); -var path3 = __toESM(require("path")); -var core9 = __toESM(require_core()); +var fs4 = __toESM(require("fs")); +var path4 = __toESM(require("path")); +var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -117482,6 +117485,22 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } +// src/config-utils.ts +var fs3 = __toESM(require("fs")); +var path3 = __toESM(require("path")); +var semver4 = __toESM(require_semver2()); + +// src/analyses.ts +var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { + AnalysisKind2["CodeScanning"] = "code-scanning"; + AnalysisKind2["CodeQuality"] = "code-quality"; + return AnalysisKind2; +})(AnalysisKind || {}); +var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); + +// src/caching-utils.ts +var core6 = __toESM(require_core()); + // src/feature-flags.ts var semver3 = __toESM(require_semver2()); @@ -117491,13 +117510,13 @@ var path2 = __toESM(require("path")); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core6 = __toESM(require_core()); +var core7 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); var runGitCommand = async function(workingDirectory, args, customErrorMessage) { let stdout = ""; let stderr = ""; - core6.debug(`Running git command: git ${args.join(" ")}`); + core7.debug(`Running git command: git ${args.join(" ")}`); try { await new toolrunner2.ToolRunner(await io3.which("git", true), args, { silent: true, @@ -117517,7 +117536,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) { if (stderr.includes("not a git repository")) { reason = "The checkout path provided to the action does not appear to be a git repository."; } - core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); throw error2; } }; @@ -117628,7 +117647,7 @@ async function getRef() { ) !== head; if (hasChangedRef) { const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core6.debug( + core7.debug( `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); return newRef; @@ -117654,16 +117673,16 @@ async function isAnalyzingDefaultBranch() { } // src/logging.ts -var core7 = __toESM(require_core()); +var core8 = __toESM(require_core()); function getActionsLogger() { - return core7; + return core8; } function withGroup(groupName, f) { - core7.startGroup(groupName); + core8.startGroup(groupName); try { return f(); } finally { - core7.endGroup(); + core8.endGroup(); } } @@ -117898,23 +117917,89 @@ var featureConfig = { } }; +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); + +// src/config-utils.ts +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path3.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs3.existsSync(configFile)) { + return void 0; + } + const configString = fs3.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} +function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { + if (extraQueryExclusions.length === 0) { + return cliConfig; + } + const augmentedConfig = cloneObject(cliConfig); + augmentedConfig["query-filters"] = [ + // Ordering matters. If the first filter is an inclusion, it implicitly + // excludes all queries that are not included. If it is an exclusion, + // it implicitly includes all queries that are not excluded. So user + // filters (if any) should always be first to preserve intent. + ...augmentedConfig["query-filters"] || [], + ...extraQueryExclusions + ]; + if (augmentedConfig["query-filters"]?.length === 0) { + delete augmentedConfig["query-filters"]; + } + return augmentedConfig; +} + // src/setup-codeql.ts var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver6 = __toESM(require_semver2()); +var semver7 = __toESM(require_semver2()); // src/tar.ts var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); var toolcache = __toESM(require_tool_cache()); -var semver4 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); // src/tools-download.ts -var core8 = __toESM(require_core()); +var core9 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver5 = __toESM(require_semver2()); +var semver6 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; // src/tracer-config.ts @@ -117972,12 +118057,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path3.join( + const tracingConfigPath = path4.join( extractorPath, "tools", "tracing-config.lua" ); - return fs3.existsSync(tracingConfigPath); + return fs4.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -118048,7 +118133,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path3.join( + const autobuildCmd = path4.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -118369,12 +118454,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core9.warning( + core10.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core9.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -118426,13 +118511,17 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); + const augmentedConfig = appendExtraQueryExclusions( + config.extraQueryExclusions, + config.computedConfig + ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(config.computedConfig)); + logger.info(dump(augmentedConfig)); logger.endGroup(); - fs3.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); + fs4.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -118455,7 +118544,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path3.resolve(config.tempDir, "user-config.yaml"); + return path4.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -118475,70 +118564,6 @@ async function getJobRunUuidSarifOptions(codeql) { ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } -// src/config-utils.ts -var fs4 = __toESM(require("fs")); -var path4 = __toESM(require("path")); -var semver7 = __toESM(require_semver2()); - -// src/analyses.ts -var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { - AnalysisKind2["CodeScanning"] = "code-scanning"; - AnalysisKind2["CodeQuality"] = "code-quality"; - return AnalysisKind2; -})(AnalysisKind || {}); -var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); - -// src/caching-utils.ts -var core10 = __toESM(require_core()); - -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); - -// src/config-utils.ts -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path4.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs4.existsSync(configFile)) { - return void 0; - } - const configString = fs4.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} - // src/debug-artifacts.ts var fs5 = __toESM(require("fs")); var path5 = __toESM(require("path")); diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 6b04b1d3e1..414f7b7bd7 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -89845,6 +89845,9 @@ function satisfiesGHESVersion(ghesVersion, range, defaultIfInvalid) { semverVersion.prerelease = []; return semver.satisfies(semverVersion, range); } +function cloneObject(obj) { + return JSON.parse(JSON.stringify(obj)); +} async function checkSipEnablement(logger) { if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; @@ -90284,12 +90287,12 @@ function wrapApiConfigurationError(e) { } // src/autobuild.ts -var core10 = __toESM(require_core()); +var core11 = __toESM(require_core()); // src/codeql.ts -var fs12 = __toESM(require("fs")); -var path12 = __toESM(require("path")); -var core9 = __toESM(require_core()); +var fs14 = __toESM(require("fs")); +var path14 = __toESM(require("path")); +var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -90529,6 +90532,27 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } +// src/config-utils.ts +var fs9 = __toESM(require("fs")); +var path10 = __toESM(require("path")); +var semver4 = __toESM(require_semver2()); + +// src/caching-utils.ts +var core6 = __toESM(require_core()); +async function getTotalCacheSize(paths, logger, quiet = false) { + const sizes = await Promise.all( + paths.map((cacheDir) => tryGetFolderBytes(cacheDir, logger, quiet)) + ); + return sizes.map((a) => a || 0).reduce((a, b) => a + b, 0); +} +function shouldStoreCache(kind) { + return kind === "full" /* Full */ || kind === "store" /* Store */; +} + +// src/diff-informed-analysis-utils.ts +var fs8 = __toESM(require("fs")); +var path9 = __toESM(require("path")); + // src/feature-flags.ts var fs7 = __toESM(require("fs")); var path8 = __toESM(require("path")); @@ -90544,13 +90568,13 @@ var path7 = __toESM(require("path")); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core6 = __toESM(require_core()); +var core7 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); var runGitCommand = async function(workingDirectory, args, customErrorMessage) { let stdout = ""; let stderr = ""; - core6.debug(`Running git command: git ${args.join(" ")}`); + core7.debug(`Running git command: git ${args.join(" ")}`); try { await new toolrunner2.ToolRunner(await io3.which("git", true), args, { silent: true, @@ -90570,7 +90594,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) { if (stderr.includes("not a git repository")) { reason = "The checkout path provided to the action does not appear to be a git repository."; } - core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); throw error2; } }; @@ -90715,7 +90739,7 @@ async function getRef() { ) !== head; if (hasChangedRef) { const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core6.debug( + core7.debug( `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); return newRef; @@ -90741,16 +90765,16 @@ async function isAnalyzingDefaultBranch() { } // src/logging.ts -var core7 = __toESM(require_core()); +var core8 = __toESM(require_core()); function getActionsLogger() { - return core7; + return core8; } async function withGroupAsync(groupName, f) { - core7.startGroup(groupName); + core8.startGroup(groupName); try { return await f(); } finally { - core7.endGroup(); + core8.endGroup(); } } function formatDuration(durationMs) { @@ -91352,12 +91376,243 @@ var GitHubFeatureFlags = class { } }; +// src/diff-informed-analysis-utils.ts +async function getDiffInformedAnalysisBranches(codeql, features, logger) { + if (!await features.getValue("diff_informed_queries" /* DiffInformedQueries */, codeql)) { + return void 0; + } + const gitHubVersion = await getGitHubVersion(); + if (gitHubVersion.type === 1 /* GHES */ && satisfiesGHESVersion(gitHubVersion.version, "<3.19", true)) { + return void 0; + } + const branches = getPullRequestBranches(); + if (!branches) { + logger.info( + "Not performing diff-informed analysis because we are not analyzing a pull request." + ); + } + return branches; +} +function getDiffRangesJsonFilePath() { + return path9.join(getTemporaryDirectory(), "pr-diff-range.json"); +} +function writeDiffRangesJsonFile(logger, ranges) { + const jsonContents = JSON.stringify(ranges, null, 2); + const jsonFilePath = getDiffRangesJsonFilePath(); + fs8.writeFileSync(jsonFilePath, jsonContents); + logger.debug( + `Wrote pr-diff-range JSON file to ${jsonFilePath}: +${jsonContents}` + ); +} +function readDiffRangesJsonFile(logger) { + const jsonFilePath = getDiffRangesJsonFilePath(); + if (!fs8.existsSync(jsonFilePath)) { + logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); + return void 0; + } + const jsonContents = fs8.readFileSync(jsonFilePath, "utf8"); + logger.debug( + `Read pr-diff-range JSON file from ${jsonFilePath}: +${jsonContents}` + ); + return JSON.parse(jsonContents); +} + +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); +var CACHE_VERSION2 = 1; +var CODEQL_TRAP_CACHE_PREFIX = "codeql-trap"; +var MINIMUM_CACHE_MB_TO_UPLOAD = 10; +var MAX_CACHE_OPERATION_MS2 = 12e4; +async function uploadTrapCaches(codeql, config, logger) { + if (!await isAnalyzingDefaultBranch()) return false; + for (const language of config.languages) { + const cacheDir = config.trapCaches[language]; + if (cacheDir === void 0) continue; + const trapFolderSize = await tryGetFolderBytes(cacheDir, logger); + if (trapFolderSize === void 0) { + logger.info( + `Skipping upload of TRAP cache for ${language} as we couldn't determine its size` + ); + continue; + } + if (trapFolderSize < MINIMUM_CACHE_MB_TO_UPLOAD * 1048576) { + logger.info( + `Skipping upload of TRAP cache for ${language} as it is too small` + ); + continue; + } + const key = await cacheKey( + codeql, + language, + process.env.GITHUB_SHA || "unknown" + ); + logger.info(`Uploading TRAP cache to Actions cache with key ${key}`); + await withTimeout( + MAX_CACHE_OPERATION_MS2, + actionsCache2.saveCache([cacheDir], key), + () => { + logger.info( + `Timed out waiting for TRAP cache for ${language} to upload, will continue without uploading` + ); + } + ); + } + return true; +} +async function cleanupTrapCaches(config, features, logger) { + if (!await features.getValue("cleanup_trap_caches" /* CleanupTrapCaches */)) { + return { + trap_cache_cleanup_skipped_because: "feature disabled" + }; + } + if (!await isAnalyzingDefaultBranch()) { + return { + trap_cache_cleanup_skipped_because: "not analyzing default branch" + }; + } + try { + let totalBytesCleanedUp = 0; + const allCaches = await listActionsCaches( + CODEQL_TRAP_CACHE_PREFIX, + await getRef() + ); + for (const language of config.languages) { + if (config.trapCaches[language]) { + const cachesToRemove = await getTrapCachesForLanguage( + allCaches, + language, + logger + ); + cachesToRemove.sort((a, b) => a.created_at.localeCompare(b.created_at)); + const mostRecentCache = cachesToRemove.pop(); + logger.debug( + `Keeping most recent TRAP cache (${JSON.stringify(mostRecentCache)})` + ); + if (cachesToRemove.length === 0) { + logger.info(`No TRAP caches to clean up for ${language}.`); + continue; + } + for (const cache of cachesToRemove) { + logger.debug(`Cleaning up TRAP cache (${JSON.stringify(cache)})`); + await deleteActionsCache(cache.id); + } + const bytesCleanedUp = cachesToRemove.reduce( + (acc, item) => acc + item.size_in_bytes, + 0 + ); + totalBytesCleanedUp += bytesCleanedUp; + const megabytesCleanedUp = (bytesCleanedUp / (1024 * 1024)).toFixed(2); + logger.info( + `Cleaned up ${megabytesCleanedUp} MiB of old TRAP caches for ${language}.` + ); + } + } + return { trap_cache_cleanup_size_bytes: totalBytesCleanedUp }; + } catch (e) { + if (isHTTPError(e) && e.status === 403) { + logger.warning( + `Could not cleanup TRAP caches as the token did not have the required permissions. To clean up TRAP caches, ensure the token has the "actions:write" permission. See ${"https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs" /* ASSIGNING_PERMISSIONS_TO_JOBS */} for more information.` + ); + } else { + logger.info(`Failed to cleanup TRAP caches, continuing. Details: ${e}`); + } + return { trap_cache_cleanup_error: getErrorMessage(e) }; + } +} +async function getTrapCachesForLanguage(allCaches, language, logger) { + logger.debug(`Listing TRAP caches for ${language}`); + for (const cache of allCaches) { + if (!cache.created_at || !cache.id || !cache.key || !cache.size_in_bytes) { + throw new Error( + `An unexpected cache item was returned from the API that was missing one or more required fields: ${JSON.stringify(cache)}` + ); + } + } + return allCaches.filter((cache) => { + return cache.key?.includes(`-${language}-`); + }); +} +async function cacheKey(codeql, language, baseSha) { + return `${await cachePrefix(codeql, language)}${baseSha}`; +} +async function cachePrefix(codeql, language) { + return `${CODEQL_TRAP_CACHE_PREFIX}-${CACHE_VERSION2}-${(await codeql.getVersion()).version}-${language}-`; +} + +// src/config-utils.ts +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path10.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs9.existsSync(configFile)) { + return void 0; + } + const configString = fs9.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} +function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { + if (extraQueryExclusions.length === 0) { + return cliConfig; + } + const augmentedConfig = cloneObject(cliConfig); + augmentedConfig["query-filters"] = [ + // Ordering matters. If the first filter is an inclusion, it implicitly + // excludes all queries that are not included. If it is an exclusion, + // it implicitly includes all queries that are not excluded. So user + // filters (if any) should always be first to preserve intent. + ...augmentedConfig["query-filters"] || [], + ...extraQueryExclusions + ]; + if (augmentedConfig["query-filters"]?.length === 0) { + delete augmentedConfig["query-filters"]; + } + return augmentedConfig; +} +function isCodeQualityEnabled(config) { + return config.analysisKinds.includes("code-quality" /* CodeQuality */); +} + // src/setup-codeql.ts -var fs10 = __toESM(require("fs")); -var path10 = __toESM(require("path")); +var fs12 = __toESM(require("fs")); +var path12 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver6 = __toESM(require_semver2()); +var semver7 = __toESM(require_semver2()); // node_modules/uuid/dist/esm/stringify.js var byteToHex = []; @@ -91412,12 +91667,12 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs8 = __toESM(require("fs")); +var fs10 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); var toolcache = __toESM(require_tool_cache()); -var semver4 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3"; var MIN_REQUIRED_GNU_TAR_VERSION = "1.31"; async function getTarVersion() { @@ -91459,9 +91714,9 @@ async function isZstdAvailable(logger) { case "gnu": return { available: foundZstdBinary && // GNU tar only uses major and minor version numbers - semver4.gte( - semver4.coerce(version), - semver4.coerce(MIN_REQUIRED_GNU_TAR_VERSION) + semver5.gte( + semver5.coerce(version), + semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION) ), foundZstdBinary, version: tarVersion @@ -91470,7 +91725,7 @@ async function isZstdAvailable(logger) { return { available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain // a patch version number. - semver4.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), + semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), foundZstdBinary, version: tarVersion }; @@ -91485,7 +91740,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs8.mkdirSync(dest, { recursive: true }); + fs10.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -91569,15 +91824,15 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs9 = __toESM(require("fs")); +var fs11 = __toESM(require("fs")); var os2 = __toESM(require("os")); -var path9 = __toESM(require("path")); +var path11 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); -var core8 = __toESM(require_core()); +var core9 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver5 = __toESM(require_semver2()); +var semver6 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; var TOOLCACHE_TOOL_NAME = "CodeQL"; function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) { @@ -91627,10 +91882,10 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } } catch (e) { - core8.warning( + core9.warning( `Failed to download and extract CodeQL bundle using streaming with error: ${getErrorMessage(e)}` ); - core8.warning(`Falling back to downloading the bundle before extracting.`); + core9.warning(`Falling back to downloading the bundle before extracting.`); await cleanUpGlob(dest, "CodeQL bundle", logger); } const toolsDownloadStart = import_perf_hooks.performance.now(); @@ -91676,7 +91931,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs9.mkdirSync(dest, { recursive: true }); + fs11.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -91704,16 +91959,16 @@ async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorizatio await extractTarZst(response, dest, tarVersion, logger); } function getToolcacheDirectory(version) { - return path9.join( + return path11.join( getRequiredEnvParam("RUNNER_TOOL_CACHE"), TOOLCACHE_TOOL_NAME, - semver5.clean(version) || version, + semver6.clean(version) || version, os2.arch() || "" ); } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs9.writeFileSync(markerFilePath, ""); + fs11.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -91828,13 +92083,13 @@ function tryGetTagNameFromUrl(url2, logger) { return match[1]; } function convertToSemVer(version, logger) { - if (!semver6.valid(version)) { + if (!semver7.valid(version)) { logger.debug( `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.` ); version = `0.0.0-${version}`; } - const s = semver6.clean(version); + const s = semver7.clean(version); if (!s) { throw new Error(`Bundle version ${version} is not in SemVer format.`); } @@ -91844,7 +92099,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs10.existsSync(path10.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs12.existsSync(path12.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -91904,7 +92159,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian url2 = toolsInput; if (tagName) { const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger); - if (bundleVersion3 && semver6.valid(bundleVersion3)) { + if (bundleVersion3 && semver7.valid(bundleVersion3)) { cliVersion2 = convertToSemVer(bundleVersion3, logger); } } @@ -92173,16 +92428,16 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau async function useZstdBundle(cliVersion2, tarSupportsZstd) { return ( // In testing, gzip performs better than zstd on Windows. - process.platform !== "win32" && tarSupportsZstd && semver6.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) + process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) ); } function getTempExtractionDir(tempDir) { - return path10.join(tempDir, v4_default()); + return path12.join(tempDir, v4_default()); } // src/tracer-config.ts -var fs11 = __toESM(require("fs")); -var path11 = __toESM(require("path")); +var fs13 = __toESM(require("fs")); +var path13 = __toESM(require("path")); async function shouldEnableIndirectTracing(codeql, config) { if (config.buildMode === "none" /* None */) { return false; @@ -92197,18 +92452,18 @@ async function endTracingForCluster(codeql, config, logger) { logger.info( "Unsetting build tracing environment variables. Subsequent steps of this job will not be traced." ); - const envVariablesFile = path11.resolve( + const envVariablesFile = path13.resolve( config.dbLocation, "temp/tracingEnvironment/end-tracing.json" ); - if (!fs11.existsSync(envVariablesFile)) { + if (!fs13.existsSync(envVariablesFile)) { throw new Error( `Environment file for ending tracing not found: ${envVariablesFile}` ); } try { const endTracingEnvVariables = JSON.parse( - fs11.readFileSync(envVariablesFile, "utf8") + fs13.readFileSync(envVariablesFile, "utf8") ); for (const [key, value] of Object.entries(endTracingEnvVariables)) { if (value !== null) { @@ -92253,7 +92508,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV toolsDownloadStatusReport )}` ); - let codeqlCmd = path12.join(codeqlFolder, "codeql", "codeql"); + let codeqlCmd = path14.join(codeqlFolder, "codeql", "codeql"); if (process.platform === "win32") { codeqlCmd += ".exe"; } else if (process.platform !== "linux" && process.platform !== "darwin") { @@ -92314,12 +92569,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path12.join( + const tracingConfigPath = path14.join( extractorPath, "tools", "tracing-config.lua" ); - return fs12.existsSync(tracingConfigPath); + return fs14.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -92390,7 +92645,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path12.join( + const autobuildCmd = path14.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -92711,12 +92966,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core9.warning( + core10.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core9.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -92768,13 +93023,17 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); + const augmentedConfig = appendExtraQueryExclusions( + config.extraQueryExclusions, + config.computedConfig + ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(config.computedConfig)); + logger.info(dump(augmentedConfig)); logger.endGroup(); - fs12.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); + fs14.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -92797,7 +93056,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path12.resolve(config.tempDir, "user-config.yaml"); + return path14.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -92834,16 +93093,16 @@ async function setupCppAutobuild(codeql, logger) { logger.info( `Disabling ${featureName} as we are on a self-hosted runner.${getWorkflowEventName() !== "dynamic" ? ` To override this, set the ${envVar} environment variable to 'true' in your workflow. See ${"https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow" /* DEFINE_ENV_VARIABLES */} for more information.` : ""}` ); - core10.exportVariable(envVar, "false"); + core11.exportVariable(envVar, "false"); } else { logger.info( `Enabling ${featureName}. This can be disabled by setting the ${envVar} environment variable to 'false'. See ${"https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow" /* DEFINE_ENV_VARIABLES */} for more information.` ); - core10.exportVariable(envVar, "true"); + core11.exportVariable(envVar, "true"); } } else { logger.info(`Disabling ${featureName}.`); - core10.exportVariable(envVar, "false"); + core11.exportVariable(envVar, "false"); } } async function runAutobuild(config, language, logger) { @@ -92858,243 +93117,11 @@ async function runAutobuild(config, language, logger) { await codeQL.runAutobuild(config, language); } if (language === "go" /* go */) { - core10.exportVariable("CODEQL_ACTION_DID_AUTOBUILD_GOLANG" /* DID_AUTOBUILD_GOLANG */, "true"); + core11.exportVariable("CODEQL_ACTION_DID_AUTOBUILD_GOLANG" /* DID_AUTOBUILD_GOLANG */, "true"); } logger.endGroup(); } -// src/config-utils.ts -var fs14 = __toESM(require("fs")); -var path14 = __toESM(require("path")); -var semver7 = __toESM(require_semver2()); - -// src/caching-utils.ts -var core11 = __toESM(require_core()); -async function getTotalCacheSize(paths, logger, quiet = false) { - const sizes = await Promise.all( - paths.map((cacheDir) => tryGetFolderBytes(cacheDir, logger, quiet)) - ); - return sizes.map((a) => a || 0).reduce((a, b) => a + b, 0); -} -function shouldStoreCache(kind) { - return kind === "full" /* Full */ || kind === "store" /* Store */; -} - -// src/diff-informed-analysis-utils.ts -var fs13 = __toESM(require("fs")); -var path13 = __toESM(require("path")); -async function getDiffInformedAnalysisBranches(codeql, features, logger) { - if (!await features.getValue("diff_informed_queries" /* DiffInformedQueries */, codeql)) { - return void 0; - } - const gitHubVersion = await getGitHubVersion(); - if (gitHubVersion.type === 1 /* GHES */ && satisfiesGHESVersion(gitHubVersion.version, "<3.19", true)) { - return void 0; - } - const branches = getPullRequestBranches(); - if (!branches) { - logger.info( - "Not performing diff-informed analysis because we are not analyzing a pull request." - ); - } - return branches; -} -function getDiffRangesJsonFilePath() { - return path13.join(getTemporaryDirectory(), "pr-diff-range.json"); -} -function writeDiffRangesJsonFile(logger, ranges) { - const jsonContents = JSON.stringify(ranges, null, 2); - const jsonFilePath = getDiffRangesJsonFilePath(); - fs13.writeFileSync(jsonFilePath, jsonContents); - logger.debug( - `Wrote pr-diff-range JSON file to ${jsonFilePath}: -${jsonContents}` - ); -} -function readDiffRangesJsonFile(logger) { - const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs13.existsSync(jsonFilePath)) { - logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); - return void 0; - } - const jsonContents = fs13.readFileSync(jsonFilePath, "utf8"); - logger.debug( - `Read pr-diff-range JSON file from ${jsonFilePath}: -${jsonContents}` - ); - return JSON.parse(jsonContents); -} - -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); -var CACHE_VERSION2 = 1; -var CODEQL_TRAP_CACHE_PREFIX = "codeql-trap"; -var MINIMUM_CACHE_MB_TO_UPLOAD = 10; -var MAX_CACHE_OPERATION_MS2 = 12e4; -async function uploadTrapCaches(codeql, config, logger) { - if (!await isAnalyzingDefaultBranch()) return false; - for (const language of config.languages) { - const cacheDir = config.trapCaches[language]; - if (cacheDir === void 0) continue; - const trapFolderSize = await tryGetFolderBytes(cacheDir, logger); - if (trapFolderSize === void 0) { - logger.info( - `Skipping upload of TRAP cache for ${language} as we couldn't determine its size` - ); - continue; - } - if (trapFolderSize < MINIMUM_CACHE_MB_TO_UPLOAD * 1048576) { - logger.info( - `Skipping upload of TRAP cache for ${language} as it is too small` - ); - continue; - } - const key = await cacheKey( - codeql, - language, - process.env.GITHUB_SHA || "unknown" - ); - logger.info(`Uploading TRAP cache to Actions cache with key ${key}`); - await withTimeout( - MAX_CACHE_OPERATION_MS2, - actionsCache2.saveCache([cacheDir], key), - () => { - logger.info( - `Timed out waiting for TRAP cache for ${language} to upload, will continue without uploading` - ); - } - ); - } - return true; -} -async function cleanupTrapCaches(config, features, logger) { - if (!await features.getValue("cleanup_trap_caches" /* CleanupTrapCaches */)) { - return { - trap_cache_cleanup_skipped_because: "feature disabled" - }; - } - if (!await isAnalyzingDefaultBranch()) { - return { - trap_cache_cleanup_skipped_because: "not analyzing default branch" - }; - } - try { - let totalBytesCleanedUp = 0; - const allCaches = await listActionsCaches( - CODEQL_TRAP_CACHE_PREFIX, - await getRef() - ); - for (const language of config.languages) { - if (config.trapCaches[language]) { - const cachesToRemove = await getTrapCachesForLanguage( - allCaches, - language, - logger - ); - cachesToRemove.sort((a, b) => a.created_at.localeCompare(b.created_at)); - const mostRecentCache = cachesToRemove.pop(); - logger.debug( - `Keeping most recent TRAP cache (${JSON.stringify(mostRecentCache)})` - ); - if (cachesToRemove.length === 0) { - logger.info(`No TRAP caches to clean up for ${language}.`); - continue; - } - for (const cache of cachesToRemove) { - logger.debug(`Cleaning up TRAP cache (${JSON.stringify(cache)})`); - await deleteActionsCache(cache.id); - } - const bytesCleanedUp = cachesToRemove.reduce( - (acc, item) => acc + item.size_in_bytes, - 0 - ); - totalBytesCleanedUp += bytesCleanedUp; - const megabytesCleanedUp = (bytesCleanedUp / (1024 * 1024)).toFixed(2); - logger.info( - `Cleaned up ${megabytesCleanedUp} MiB of old TRAP caches for ${language}.` - ); - } - } - return { trap_cache_cleanup_size_bytes: totalBytesCleanedUp }; - } catch (e) { - if (isHTTPError(e) && e.status === 403) { - logger.warning( - `Could not cleanup TRAP caches as the token did not have the required permissions. To clean up TRAP caches, ensure the token has the "actions:write" permission. See ${"https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs" /* ASSIGNING_PERMISSIONS_TO_JOBS */} for more information.` - ); - } else { - logger.info(`Failed to cleanup TRAP caches, continuing. Details: ${e}`); - } - return { trap_cache_cleanup_error: getErrorMessage(e) }; - } -} -async function getTrapCachesForLanguage(allCaches, language, logger) { - logger.debug(`Listing TRAP caches for ${language}`); - for (const cache of allCaches) { - if (!cache.created_at || !cache.id || !cache.key || !cache.size_in_bytes) { - throw new Error( - `An unexpected cache item was returned from the API that was missing one or more required fields: ${JSON.stringify(cache)}` - ); - } - } - return allCaches.filter((cache) => { - return cache.key?.includes(`-${language}-`); - }); -} -async function cacheKey(codeql, language, baseSha) { - return `${await cachePrefix(codeql, language)}${baseSha}`; -} -async function cachePrefix(codeql, language) { - return `${CODEQL_TRAP_CACHE_PREFIX}-${CACHE_VERSION2}-${(await codeql.getVersion()).version}-${language}-`; -} - -// src/config-utils.ts -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path14.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs14.existsSync(configFile)) { - return void 0; - } - const configString = fs14.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} -function isCodeQualityEnabled(config) { - return config.analysisKinds.includes("code-quality" /* CodeQuality */); -} - // src/dependency-caching.ts var os3 = __toESM(require("os")); var import_path = require("path"); diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index a1f0c90f01..bf381bbd63 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -77708,6 +77708,9 @@ function checkActionVersion(version, githubVersion) { } } } +function cloneObject(obj) { + return JSON.parse(JSON.stringify(obj)); +} async function checkSipEnablement(logger) { if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; @@ -77979,12 +77982,12 @@ async function getAnalysisKey() { } // src/autobuild.ts -var core10 = __toESM(require_core()); +var core11 = __toESM(require_core()); // src/codeql.ts -var fs5 = __toESM(require("fs")); -var path5 = __toESM(require("path")); -var core9 = __toESM(require_core()); +var fs6 = __toESM(require("fs")); +var path6 = __toESM(require("path")); +var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -78224,6 +78227,22 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } +// src/config-utils.ts +var fs4 = __toESM(require("fs")); +var path4 = __toESM(require("path")); +var semver4 = __toESM(require_semver2()); + +// src/analyses.ts +var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { + AnalysisKind2["CodeScanning"] = "code-scanning"; + AnalysisKind2["CodeQuality"] = "code-quality"; + return AnalysisKind2; +})(AnalysisKind || {}); +var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); + +// src/caching-utils.ts +var core6 = __toESM(require_core()); + // src/feature-flags.ts var fs3 = __toESM(require("fs")); var path3 = __toESM(require("path")); @@ -78239,13 +78258,13 @@ var path2 = __toESM(require("path")); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core6 = __toESM(require_core()); +var core7 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); var runGitCommand = async function(workingDirectory, args, customErrorMessage) { let stdout = ""; let stderr = ""; - core6.debug(`Running git command: git ${args.join(" ")}`); + core7.debug(`Running git command: git ${args.join(" ")}`); try { await new toolrunner2.ToolRunner(await io3.which("git", true), args, { silent: true, @@ -78265,7 +78284,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) { if (stderr.includes("not a git repository")) { reason = "The checkout path provided to the action does not appear to be a git repository."; } - core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); throw error2; } }; @@ -78376,7 +78395,7 @@ async function getRef() { ) !== head; if (hasChangedRef) { const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core6.debug( + core7.debug( `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); return newRef; @@ -78402,9 +78421,9 @@ async function isAnalyzingDefaultBranch() { } // src/logging.ts -var core7 = __toESM(require_core()); +var core8 = __toESM(require_core()); function getActionsLogger() { - return core7; + return core8; } // src/overlay-database-utils.ts @@ -78900,28 +78919,94 @@ var GitHubFeatureFlags = class { } }; +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); + +// src/config-utils.ts +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path4.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs4.existsSync(configFile)) { + return void 0; + } + const configString = fs4.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} +function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { + if (extraQueryExclusions.length === 0) { + return cliConfig; + } + const augmentedConfig = cloneObject(cliConfig); + augmentedConfig["query-filters"] = [ + // Ordering matters. If the first filter is an inclusion, it implicitly + // excludes all queries that are not included. If it is an exclusion, + // it implicitly includes all queries that are not excluded. So user + // filters (if any) should always be first to preserve intent. + ...augmentedConfig["query-filters"] || [], + ...extraQueryExclusions + ]; + if (augmentedConfig["query-filters"]?.length === 0) { + delete augmentedConfig["query-filters"]; + } + return augmentedConfig; +} + // src/setup-codeql.ts var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver6 = __toESM(require_semver2()); +var semver7 = __toESM(require_semver2()); // src/tar.ts var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); var toolcache = __toESM(require_tool_cache()); -var semver4 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); // src/tools-download.ts -var core8 = __toESM(require_core()); +var core9 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver5 = __toESM(require_semver2()); +var semver6 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; // src/tracer-config.ts -var fs4 = __toESM(require("fs")); -var path4 = __toESM(require("path")); +var fs5 = __toESM(require("fs")); +var path5 = __toESM(require("path")); async function shouldEnableIndirectTracing(codeql, config) { if (config.buildMode === "none" /* None */) { return false; @@ -78936,18 +79021,18 @@ async function endTracingForCluster(codeql, config, logger) { logger.info( "Unsetting build tracing environment variables. Subsequent steps of this job will not be traced." ); - const envVariablesFile = path4.resolve( + const envVariablesFile = path5.resolve( config.dbLocation, "temp/tracingEnvironment/end-tracing.json" ); - if (!fs4.existsSync(envVariablesFile)) { + if (!fs5.existsSync(envVariablesFile)) { throw new Error( `Environment file for ending tracing not found: ${envVariablesFile}` ); } try { const endTracingEnvVariables = JSON.parse( - fs4.readFileSync(envVariablesFile, "utf8") + fs5.readFileSync(envVariablesFile, "utf8") ); for (const [key, value] of Object.entries(endTracingEnvVariables)) { if (value !== null) { @@ -79007,12 +79092,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path5.join( + const tracingConfigPath = path6.join( extractorPath, "tools", "tracing-config.lua" ); - return fs5.existsSync(tracingConfigPath); + return fs6.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -79083,7 +79168,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path5.join( + const autobuildCmd = path6.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -79404,12 +79489,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core9.warning( + core10.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core9.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -79461,13 +79546,17 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); + const augmentedConfig = appendExtraQueryExclusions( + config.extraQueryExclusions, + config.computedConfig + ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(config.computedConfig)); + logger.info(dump(augmentedConfig)); logger.endGroup(); - fs5.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); + fs6.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -79490,7 +79579,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path5.resolve(config.tempDir, "user-config.yaml"); + return path6.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -79566,16 +79655,16 @@ async function setupCppAutobuild(codeql, logger) { logger.info( `Disabling ${featureName} as we are on a self-hosted runner.${getWorkflowEventName() !== "dynamic" ? ` To override this, set the ${envVar} environment variable to 'true' in your workflow. See ${"https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow" /* DEFINE_ENV_VARIABLES */} for more information.` : ""}` ); - core10.exportVariable(envVar, "false"); + core11.exportVariable(envVar, "false"); } else { logger.info( `Enabling ${featureName}. This can be disabled by setting the ${envVar} environment variable to 'false'. See ${"https://docs.github.com/en/actions/learn-github-actions/variables#defining-environment-variables-for-a-single-workflow" /* DEFINE_ENV_VARIABLES */} for more information.` ); - core10.exportVariable(envVar, "true"); + core11.exportVariable(envVar, "true"); } } else { logger.info(`Disabling ${featureName}.`); - core10.exportVariable(envVar, "false"); + core11.exportVariable(envVar, "false"); } } async function runAutobuild(config, language, logger) { @@ -79590,75 +79679,11 @@ async function runAutobuild(config, language, logger) { await codeQL.runAutobuild(config, language); } if (language === "go" /* go */) { - core10.exportVariable("CODEQL_ACTION_DID_AUTOBUILD_GOLANG" /* DID_AUTOBUILD_GOLANG */, "true"); + core11.exportVariable("CODEQL_ACTION_DID_AUTOBUILD_GOLANG" /* DID_AUTOBUILD_GOLANG */, "true"); } logger.endGroup(); } -// src/config-utils.ts -var fs6 = __toESM(require("fs")); -var path6 = __toESM(require("path")); -var semver7 = __toESM(require_semver2()); - -// src/analyses.ts -var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { - AnalysisKind2["CodeScanning"] = "code-scanning"; - AnalysisKind2["CodeQuality"] = "code-quality"; - return AnalysisKind2; -})(AnalysisKind || {}); -var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); - -// src/caching-utils.ts -var core11 = __toESM(require_core()); - -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); - -// src/config-utils.ts -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path6.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs6.existsSync(configFile)) { - return void 0; - } - const configString = fs6.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} - // src/status-report.ts var os = __toESM(require("os")); var core12 = __toESM(require_core()); diff --git a/lib/init-action-post.js b/lib/init-action-post.js index a360f4d0c1..ed9a4e00bc 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -128114,6 +128114,9 @@ function satisfiesGHESVersion(ghesVersion, range, defaultIfInvalid) { semverVersion.prerelease = []; return semver.satisfies(semverVersion, range); } +function cloneObject(obj) { + return JSON.parse(JSON.stringify(obj)); +} async function checkSipEnablement(logger) { if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; @@ -128499,9 +128502,9 @@ function wrapApiConfigurationError(e) { } // src/codeql.ts -var fs11 = __toESM(require("fs")); -var path11 = __toESM(require("path")); -var core9 = __toESM(require_core()); +var fs13 = __toESM(require("fs")); +var path13 = __toESM(require("path")); +var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -128741,6 +128744,26 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } +// src/config-utils.ts +var fs9 = __toESM(require("fs")); +var path10 = __toESM(require("path")); +var semver4 = __toESM(require_semver2()); + +// src/analyses.ts +var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { + AnalysisKind2["CodeScanning"] = "code-scanning"; + AnalysisKind2["CodeQuality"] = "code-quality"; + return AnalysisKind2; +})(AnalysisKind || {}); +var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); + +// src/caching-utils.ts +var core6 = __toESM(require_core()); + +// src/diff-informed-analysis-utils.ts +var fs8 = __toESM(require("fs")); +var path9 = __toESM(require("path")); + // src/feature-flags.ts var fs7 = __toESM(require("fs")); var path8 = __toESM(require("path")); @@ -128756,13 +128779,13 @@ var path7 = __toESM(require("path")); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core6 = __toESM(require_core()); +var core7 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); var runGitCommand = async function(workingDirectory, args, customErrorMessage) { let stdout = ""; let stderr = ""; - core6.debug(`Running git command: git ${args.join(" ")}`); + core7.debug(`Running git command: git ${args.join(" ")}`); try { await new toolrunner2.ToolRunner(await io3.which("git", true), args, { silent: true, @@ -128782,7 +128805,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) { if (stderr.includes("not a git repository")) { reason = "The checkout path provided to the action does not appear to be a git repository."; } - core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); throw error2; } }; @@ -128927,7 +128950,7 @@ async function getRef() { ) !== head; if (hasChangedRef) { const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core6.debug( + core7.debug( `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); return newRef; @@ -128953,16 +128976,16 @@ async function isAnalyzingDefaultBranch() { } // src/logging.ts -var core7 = __toESM(require_core()); +var core8 = __toESM(require_core()); function getActionsLogger() { - return core7; + return core8; } function withGroup(groupName, f) { - core7.startGroup(groupName); + core8.startGroup(groupName); try { return f(); } finally { - core7.endGroup(); + core8.endGroup(); } } function formatDuration(durationMs) { @@ -129475,12 +129498,96 @@ var GitHubFeatureFlags = class { } }; +// src/diff-informed-analysis-utils.ts +function getDiffRangesJsonFilePath() { + return path9.join(getTemporaryDirectory(), "pr-diff-range.json"); +} +function readDiffRangesJsonFile(logger) { + const jsonFilePath = getDiffRangesJsonFilePath(); + if (!fs8.existsSync(jsonFilePath)) { + logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); + return void 0; + } + const jsonContents = fs8.readFileSync(jsonFilePath, "utf8"); + logger.debug( + `Read pr-diff-range JSON file from ${jsonFilePath}: +${jsonContents}` + ); + return JSON.parse(jsonContents); +} + +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); + +// src/config-utils.ts +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path10.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs9.existsSync(configFile)) { + return void 0; + } + const configString = fs9.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} +function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { + if (extraQueryExclusions.length === 0) { + return cliConfig; + } + const augmentedConfig = cloneObject(cliConfig); + augmentedConfig["query-filters"] = [ + // Ordering matters. If the first filter is an inclusion, it implicitly + // excludes all queries that are not included. If it is an exclusion, + // it implicitly includes all queries that are not excluded. So user + // filters (if any) should always be first to preserve intent. + ...augmentedConfig["query-filters"] || [], + ...extraQueryExclusions + ]; + if (augmentedConfig["query-filters"]?.length === 0) { + delete augmentedConfig["query-filters"]; + } + return augmentedConfig; +} + // src/setup-codeql.ts -var fs10 = __toESM(require("fs")); -var path10 = __toESM(require("path")); +var fs12 = __toESM(require("fs")); +var path12 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver6 = __toESM(require_semver2()); +var semver7 = __toESM(require_semver2()); // node_modules/uuid/dist/esm/stringify.js var byteToHex = []; @@ -129535,12 +129642,12 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs8 = __toESM(require("fs")); +var fs10 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); var toolcache = __toESM(require_tool_cache()); -var semver4 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3"; var MIN_REQUIRED_GNU_TAR_VERSION = "1.31"; async function getTarVersion() { @@ -129582,9 +129689,9 @@ async function isZstdAvailable(logger) { case "gnu": return { available: foundZstdBinary && // GNU tar only uses major and minor version numbers - semver4.gte( - semver4.coerce(version), - semver4.coerce(MIN_REQUIRED_GNU_TAR_VERSION) + semver5.gte( + semver5.coerce(version), + semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION) ), foundZstdBinary, version: tarVersion @@ -129593,7 +129700,7 @@ async function isZstdAvailable(logger) { return { available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain // a patch version number. - semver4.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), + semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), foundZstdBinary, version: tarVersion }; @@ -129608,7 +129715,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs8.mkdirSync(dest, { recursive: true }); + fs10.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -129692,15 +129799,15 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs9 = __toESM(require("fs")); +var fs11 = __toESM(require("fs")); var os = __toESM(require("os")); -var path9 = __toESM(require("path")); +var path11 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); -var core8 = __toESM(require_core()); +var core9 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver5 = __toESM(require_semver2()); +var semver6 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; var TOOLCACHE_TOOL_NAME = "CodeQL"; function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) { @@ -129750,10 +129857,10 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } } catch (e) { - core8.warning( + core9.warning( `Failed to download and extract CodeQL bundle using streaming with error: ${getErrorMessage(e)}` ); - core8.warning(`Falling back to downloading the bundle before extracting.`); + core9.warning(`Falling back to downloading the bundle before extracting.`); await cleanUpGlob(dest, "CodeQL bundle", logger); } const toolsDownloadStart = import_perf_hooks.performance.now(); @@ -129799,7 +129906,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs9.mkdirSync(dest, { recursive: true }); + fs11.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -129827,16 +129934,16 @@ async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorizatio await extractTarZst(response, dest, tarVersion, logger); } function getToolcacheDirectory(version) { - return path9.join( + return path11.join( getRequiredEnvParam("RUNNER_TOOL_CACHE"), TOOLCACHE_TOOL_NAME, - semver5.clean(version) || version, + semver6.clean(version) || version, os.arch() || "" ); } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs9.writeFileSync(markerFilePath, ""); + fs11.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -129951,13 +130058,13 @@ function tryGetTagNameFromUrl(url2, logger) { return match[1]; } function convertToSemVer(version, logger) { - if (!semver6.valid(version)) { + if (!semver7.valid(version)) { logger.debug( `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.` ); version = `0.0.0-${version}`; } - const s = semver6.clean(version); + const s = semver7.clean(version); if (!s) { throw new Error(`Bundle version ${version} is not in SemVer format.`); } @@ -129967,7 +130074,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs10.existsSync(path10.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs12.existsSync(path12.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -130027,7 +130134,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian url2 = toolsInput; if (tagName) { const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger); - if (bundleVersion3 && semver6.valid(bundleVersion3)) { + if (bundleVersion3 && semver7.valid(bundleVersion3)) { cliVersion2 = convertToSemVer(bundleVersion3, logger); } } @@ -130296,11 +130403,11 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau async function useZstdBundle(cliVersion2, tarSupportsZstd) { return ( // In testing, gzip performs better than zstd on Windows. - process.platform !== "win32" && tarSupportsZstd && semver6.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) + process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) ); } function getTempExtractionDir(tempDir) { - return path10.join(tempDir, v4_default()); + return path12.join(tempDir, v4_default()); } // src/tracer-config.ts @@ -130343,7 +130450,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV toolsDownloadStatusReport )}` ); - let codeqlCmd = path11.join(codeqlFolder, "codeql", "codeql"); + let codeqlCmd = path13.join(codeqlFolder, "codeql", "codeql"); if (process.platform === "win32") { codeqlCmd += ".exe"; } else if (process.platform !== "linux" && process.platform !== "darwin") { @@ -130404,12 +130511,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path11.join( + const tracingConfigPath = path13.join( extractorPath, "tools", "tracing-config.lua" ); - return fs11.existsSync(tracingConfigPath); + return fs13.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -130480,7 +130587,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path11.join( + const autobuildCmd = path13.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -130801,12 +130908,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core9.warning( + core10.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core9.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -130858,13 +130965,17 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); + const augmentedConfig = appendExtraQueryExclusions( + config.extraQueryExclusions, + config.computedConfig + ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(config.computedConfig)); + logger.info(dump(augmentedConfig)); logger.endGroup(); - fs11.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); + fs13.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -130887,7 +130998,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path11.resolve(config.tempDir, "user-config.yaml"); + return path13.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -130907,90 +131018,6 @@ async function getJobRunUuidSarifOptions(codeql) { ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } -// src/config-utils.ts -var fs13 = __toESM(require("fs")); -var path13 = __toESM(require("path")); -var semver7 = __toESM(require_semver2()); - -// src/analyses.ts -var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { - AnalysisKind2["CodeScanning"] = "code-scanning"; - AnalysisKind2["CodeQuality"] = "code-quality"; - return AnalysisKind2; -})(AnalysisKind || {}); -var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); - -// src/caching-utils.ts -var core10 = __toESM(require_core()); - -// src/diff-informed-analysis-utils.ts -var fs12 = __toESM(require("fs")); -var path12 = __toESM(require("path")); -function getDiffRangesJsonFilePath() { - return path12.join(getTemporaryDirectory(), "pr-diff-range.json"); -} -function readDiffRangesJsonFile(logger) { - const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs12.existsSync(jsonFilePath)) { - logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); - return void 0; - } - const jsonContents = fs12.readFileSync(jsonFilePath, "utf8"); - logger.debug( - `Read pr-diff-range JSON file from ${jsonFilePath}: -${jsonContents}` - ); - return JSON.parse(jsonContents); -} - -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); - -// src/config-utils.ts -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path13.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs13.existsSync(configFile)) { - return void 0; - } - const configString = fs13.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} - // src/debug-artifacts.ts var fs15 = __toESM(require("fs")); var path15 = __toESM(require("path")); diff --git a/lib/init-action.js b/lib/init-action.js index a73a8a6aa2..d3fb02689f 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -87304,6 +87304,7 @@ async function getDefaultConfig({ trapCaches, trapCacheDownloadTime, dependencyCachingEnabled: getCachingKind(dependencyCachingEnabled), + extraQueryExclusions: [], overlayDatabaseMode: "none" /* None */, useOverlayDatabaseCaching: false }; @@ -87349,8 +87350,7 @@ async function calculateAugmentation(rawPacksInput, rawQueriesInput, languages) packsInputCombines, packsInput: packsInput?.[languages[0]], queriesInput, - queriesInputCombines, - extraQueryExclusions: [] + queriesInputCombines }; } function parseQueriesFromInput(rawQueriesInput, queriesInputCombines) { @@ -87627,10 +87627,7 @@ async function initConfig(inputs) { inputs.features, logger )) { - if (config.computedConfig["query-filters"] === void 0) { - config.computedConfig["query-filters"] = []; - } - config.computedConfig["query-filters"].push({ + config.extraQueryExclusions.push({ exclude: { tags: "exclude-from-incremental" } }); } @@ -87823,13 +87820,20 @@ function generateCodeScanningConfig(originalUserInput, augmentationProperties) { if (Array.isArray(augmentedConfig.packs) && !augmentedConfig.packs.length) { delete augmentedConfig.packs; } + return augmentedConfig; +} +function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { + if (extraQueryExclusions.length === 0) { + return cliConfig; + } + const augmentedConfig = cloneObject(cliConfig); augmentedConfig["query-filters"] = [ // Ordering matters. If the first filter is an inclusion, it implicitly // excludes all queries that are not included. If it is an exclusion, // it implicitly includes all queries that are not excluded. So user // filters (if any) should always be first to preserve intent. ...augmentedConfig["query-filters"] || [], - ...augmentationProperties.extraQueryExclusions + ...extraQueryExclusions ]; if (augmentedConfig["query-filters"]?.length === 0) { delete augmentedConfig["query-filters"]; @@ -89604,13 +89608,17 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); + const augmentedConfig = appendExtraQueryExclusions( + config.extraQueryExclusions, + config.computedConfig + ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(config.computedConfig)); + logger.info(dump(augmentedConfig)); logger.endGroup(); - fs14.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); + fs14.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 64f99a0171..4cda99c105 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -77720,6 +77720,9 @@ function checkActionVersion(version, githubVersion) { } } } +function cloneObject(obj) { + return JSON.parse(JSON.stringify(obj)); +} async function checkSipEnablement(logger) { if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; @@ -78690,6 +78693,24 @@ async function getConfig(tempDir, logger) { logger.debug(configString); return JSON.parse(configString); } +function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { + if (extraQueryExclusions.length === 0) { + return cliConfig; + } + const augmentedConfig = cloneObject(cliConfig); + augmentedConfig["query-filters"] = [ + // Ordering matters. If the first filter is an inclusion, it implicitly + // excludes all queries that are not included. If it is an exclusion, + // it implicitly includes all queries that are not excluded. So user + // filters (if any) should always be first to preserve intent. + ...augmentedConfig["query-filters"] || [], + ...extraQueryExclusions + ]; + if (augmentedConfig["query-filters"]?.length === 0) { + delete augmentedConfig["query-filters"]; + } + return augmentedConfig; +} // src/codeql.ts var fs4 = __toESM(require("fs")); @@ -79225,13 +79246,17 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); + const augmentedConfig = appendExtraQueryExclusions( + config.extraQueryExclusions, + config.computedConfig + ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(config.computedConfig)); + logger.info(dump(augmentedConfig)); logger.endGroup(); - fs4.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); + fs4.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; diff --git a/lib/upload-lib.js b/lib/upload-lib.js index ce0643800d..b6376ce229 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -88331,6 +88331,9 @@ function satisfiesGHESVersion(ghesVersion, range, defaultIfInvalid) { semverVersion.prerelease = []; return semver.satisfies(semverVersion, range); } +function cloneObject(obj) { + return JSON.parse(JSON.stringify(obj)); +} async function cleanUpGlob(glob, name, logger) { logger.debug(`Cleaning up ${name}.`); try { @@ -88629,9 +88632,9 @@ function wrapApiConfigurationError(e) { } // src/codeql.ts -var fs9 = __toESM(require("fs")); -var path10 = __toESM(require("path")); -var core9 = __toESM(require_core()); +var fs11 = __toESM(require("fs")); +var path12 = __toESM(require("path")); +var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -88871,6 +88874,26 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } +// src/config-utils.ts +var fs7 = __toESM(require("fs")); +var path9 = __toESM(require("path")); +var semver4 = __toESM(require_semver2()); + +// src/analyses.ts +var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { + AnalysisKind2["CodeScanning"] = "code-scanning"; + AnalysisKind2["CodeQuality"] = "code-quality"; + return AnalysisKind2; +})(AnalysisKind || {}); +var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); + +// src/caching-utils.ts +var core6 = __toESM(require_core()); + +// src/diff-informed-analysis-utils.ts +var fs6 = __toESM(require("fs")); +var path8 = __toESM(require("path")); + // src/feature-flags.ts var semver3 = __toESM(require_semver2()); @@ -88884,13 +88907,13 @@ var path7 = __toESM(require("path")); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core6 = __toESM(require_core()); +var core7 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); var runGitCommand = async function(workingDirectory, args, customErrorMessage) { let stdout = ""; let stderr = ""; - core6.debug(`Running git command: git ${args.join(" ")}`); + core7.debug(`Running git command: git ${args.join(" ")}`); try { await new toolrunner2.ToolRunner(await io3.which("git", true), args, { silent: true, @@ -88910,7 +88933,7 @@ var runGitCommand = async function(workingDirectory, args, customErrorMessage) { if (stderr.includes("not a git repository")) { reason = "The checkout path provided to the action does not appear to be a git repository."; } - core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); throw error2; } }; @@ -89055,7 +89078,7 @@ async function getRef() { ) !== head; if (hasChangedRef) { const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core6.debug( + core7.debug( `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); return newRef; @@ -89081,7 +89104,7 @@ async function isAnalyzingDefaultBranch() { } // src/logging.ts -var core7 = __toESM(require_core()); +var core8 = __toESM(require_core()); function formatDuration(durationMs) { if (durationMs < 1e3) { return `${durationMs}ms`; @@ -89322,12 +89345,96 @@ var featureConfig = { } }; +// src/diff-informed-analysis-utils.ts +function getDiffRangesJsonFilePath() { + return path8.join(getTemporaryDirectory(), "pr-diff-range.json"); +} +function readDiffRangesJsonFile(logger) { + const jsonFilePath = getDiffRangesJsonFilePath(); + if (!fs6.existsSync(jsonFilePath)) { + logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); + return void 0; + } + const jsonContents = fs6.readFileSync(jsonFilePath, "utf8"); + logger.debug( + `Read pr-diff-range JSON file from ${jsonFilePath}: +${jsonContents}` + ); + return JSON.parse(jsonContents); +} + +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); + +// src/config-utils.ts +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path9.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs7.existsSync(configFile)) { + return void 0; + } + const configString = fs7.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} +function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { + if (extraQueryExclusions.length === 0) { + return cliConfig; + } + const augmentedConfig = cloneObject(cliConfig); + augmentedConfig["query-filters"] = [ + // Ordering matters. If the first filter is an inclusion, it implicitly + // excludes all queries that are not included. If it is an exclusion, + // it implicitly includes all queries that are not excluded. So user + // filters (if any) should always be first to preserve intent. + ...augmentedConfig["query-filters"] || [], + ...extraQueryExclusions + ]; + if (augmentedConfig["query-filters"]?.length === 0) { + delete augmentedConfig["query-filters"]; + } + return augmentedConfig; +} + // src/setup-codeql.ts -var fs8 = __toESM(require("fs")); -var path9 = __toESM(require("path")); +var fs10 = __toESM(require("fs")); +var path11 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver6 = __toESM(require_semver2()); +var semver7 = __toESM(require_semver2()); // node_modules/uuid/dist/esm/stringify.js var byteToHex = []; @@ -89382,12 +89489,12 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs6 = __toESM(require("fs")); +var fs8 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); var toolcache = __toESM(require_tool_cache()); -var semver4 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3"; var MIN_REQUIRED_GNU_TAR_VERSION = "1.31"; async function getTarVersion() { @@ -89429,9 +89536,9 @@ async function isZstdAvailable(logger) { case "gnu": return { available: foundZstdBinary && // GNU tar only uses major and minor version numbers - semver4.gte( - semver4.coerce(version), - semver4.coerce(MIN_REQUIRED_GNU_TAR_VERSION) + semver5.gte( + semver5.coerce(version), + semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION) ), foundZstdBinary, version: tarVersion @@ -89440,7 +89547,7 @@ async function isZstdAvailable(logger) { return { available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain // a patch version number. - semver4.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), + semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), foundZstdBinary, version: tarVersion }; @@ -89455,7 +89562,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs6.mkdirSync(dest, { recursive: true }); + fs8.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -89539,15 +89646,15 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs7 = __toESM(require("fs")); +var fs9 = __toESM(require("fs")); var os = __toESM(require("os")); -var path8 = __toESM(require("path")); +var path10 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); -var core8 = __toESM(require_core()); +var core9 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver5 = __toESM(require_semver2()); +var semver6 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; var TOOLCACHE_TOOL_NAME = "CodeQL"; function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) { @@ -89597,10 +89704,10 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } } catch (e) { - core8.warning( + core9.warning( `Failed to download and extract CodeQL bundle using streaming with error: ${getErrorMessage(e)}` ); - core8.warning(`Falling back to downloading the bundle before extracting.`); + core9.warning(`Falling back to downloading the bundle before extracting.`); await cleanUpGlob(dest, "CodeQL bundle", logger); } const toolsDownloadStart = import_perf_hooks.performance.now(); @@ -89646,7 +89753,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs7.mkdirSync(dest, { recursive: true }); + fs9.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -89674,16 +89781,16 @@ async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorizatio await extractTarZst(response, dest, tarVersion, logger); } function getToolcacheDirectory(version) { - return path8.join( + return path10.join( getRequiredEnvParam("RUNNER_TOOL_CACHE"), TOOLCACHE_TOOL_NAME, - semver5.clean(version) || version, + semver6.clean(version) || version, os.arch() || "" ); } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs7.writeFileSync(markerFilePath, ""); + fs9.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -89798,13 +89905,13 @@ function tryGetTagNameFromUrl(url2, logger) { return match[1]; } function convertToSemVer(version, logger) { - if (!semver6.valid(version)) { + if (!semver7.valid(version)) { logger.debug( `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.` ); version = `0.0.0-${version}`; } - const s = semver6.clean(version); + const s = semver7.clean(version); if (!s) { throw new Error(`Bundle version ${version} is not in SemVer format.`); } @@ -89814,7 +89921,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs8.existsSync(path9.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs10.existsSync(path11.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -89874,7 +89981,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian url2 = toolsInput; if (tagName) { const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger); - if (bundleVersion3 && semver6.valid(bundleVersion3)) { + if (bundleVersion3 && semver7.valid(bundleVersion3)) { cliVersion2 = convertToSemVer(bundleVersion3, logger); } } @@ -90143,11 +90250,11 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau async function useZstdBundle(cliVersion2, tarSupportsZstd) { return ( // In testing, gzip performs better than zstd on Windows. - process.platform !== "win32" && tarSupportsZstd && semver6.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) + process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) ); } function getTempExtractionDir(tempDir) { - return path9.join(tempDir, v4_default()); + return path11.join(tempDir, v4_default()); } // src/tracer-config.ts @@ -90190,7 +90297,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV toolsDownloadStatusReport )}` ); - let codeqlCmd = path10.join(codeqlFolder, "codeql", "codeql"); + let codeqlCmd = path12.join(codeqlFolder, "codeql", "codeql"); if (process.platform === "win32") { codeqlCmd += ".exe"; } else if (process.platform !== "linux" && process.platform !== "darwin") { @@ -90251,12 +90358,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path10.join( + const tracingConfigPath = path12.join( extractorPath, "tools", "tracing-config.lua" ); - return fs9.existsSync(tracingConfigPath); + return fs11.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -90327,7 +90434,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path10.join( + const autobuildCmd = path12.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -90648,12 +90755,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core9.warning( + core10.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core9.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -90705,13 +90812,17 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); + const augmentedConfig = appendExtraQueryExclusions( + config.extraQueryExclusions, + config.computedConfig + ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(config.computedConfig)); + logger.info(dump(augmentedConfig)); logger.endGroup(); - fs9.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); + fs11.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -90734,7 +90845,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path10.resolve(config.tempDir, "user-config.yaml"); + return path12.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -90754,90 +90865,6 @@ async function getJobRunUuidSarifOptions(codeql) { ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } -// src/config-utils.ts -var fs11 = __toESM(require("fs")); -var path12 = __toESM(require("path")); -var semver7 = __toESM(require_semver2()); - -// src/analyses.ts -var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { - AnalysisKind2["CodeScanning"] = "code-scanning"; - AnalysisKind2["CodeQuality"] = "code-quality"; - return AnalysisKind2; -})(AnalysisKind || {}); -var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); - -// src/caching-utils.ts -var core10 = __toESM(require_core()); - -// src/diff-informed-analysis-utils.ts -var fs10 = __toESM(require("fs")); -var path11 = __toESM(require("path")); -function getDiffRangesJsonFilePath() { - return path11.join(getTemporaryDirectory(), "pr-diff-range.json"); -} -function readDiffRangesJsonFile(logger) { - const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs10.existsSync(jsonFilePath)) { - logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); - return void 0; - } - const jsonContents = fs10.readFileSync(jsonFilePath, "utf8"); - logger.debug( - `Read pr-diff-range JSON file from ${jsonFilePath}: -${jsonContents}` - ); - return JSON.parse(jsonContents); -} - -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); - -// src/config-utils.ts -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path12.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs11.existsSync(configFile)) { - return void 0; - } - const configString = fs11.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} - // src/fingerprints.ts var fs12 = __toESM(require("fs")); var import_path = __toESM(require("path")); diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 5c58c2e3d0..cb13fd3c6c 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -117149,10 +117149,10 @@ var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); // src/autobuild.ts -var core10 = __toESM(require_core()); +var core11 = __toESM(require_core()); // src/codeql.ts -var core9 = __toESM(require_core()); +var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -117288,6 +117288,12 @@ var cliErrorsConfig = { } }; +// src/config-utils.ts +var semver4 = __toESM(require_semver2()); + +// src/caching-utils.ts +var core6 = __toESM(require_core()); + // src/feature-flags.ts var semver3 = __toESM(require_semver2()); @@ -117295,21 +117301,21 @@ var semver3 = __toESM(require_semver2()); var actionsCache = __toESM(require_cache3()); // src/git-utils.ts -var core6 = __toESM(require_core()); +var core7 = __toESM(require_core()); var toolrunner2 = __toESM(require_toolrunner()); var io3 = __toESM(require_io()); // src/logging.ts -var core7 = __toESM(require_core()); +var core8 = __toESM(require_core()); function getActionsLogger() { - return core7; + return core8; } function withGroup(groupName, f) { - core7.startGroup(groupName); + core8.startGroup(groupName); try { return f(); } finally { - core7.endGroup(); + core8.endGroup(); } } @@ -117485,31 +117491,6 @@ var featureConfig = { } }; -// src/setup-codeql.ts -var toolcache3 = __toESM(require_tool_cache()); -var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver6 = __toESM(require_semver2()); - -// src/tar.ts -var import_toolrunner = __toESM(require_toolrunner()); -var io4 = __toESM(require_io()); -var toolcache = __toESM(require_tool_cache()); -var semver4 = __toESM(require_semver2()); - -// src/tools-download.ts -var core8 = __toESM(require_core()); -var import_http_client = __toESM(require_lib()); -var toolcache2 = __toESM(require_tool_cache()); -var import_follow_redirects = __toESM(require_follow_redirects()); -var semver5 = __toESM(require_semver2()); -var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; - -// src/config-utils.ts -var semver7 = __toESM(require_semver2()); - -// src/caching-utils.ts -var core11 = __toESM(require_core()); - // src/trap-caching.ts var actionsCache2 = __toESM(require_cache3()); @@ -117545,6 +117526,25 @@ var PACK_IDENTIFIER_PATTERN = (function() { return new RegExp(`^${component}/${component}$`); })(); +// src/setup-codeql.ts +var toolcache3 = __toESM(require_tool_cache()); +var import_fast_deep_equal = __toESM(require_fast_deep_equal()); +var semver7 = __toESM(require_semver2()); + +// src/tar.ts +var import_toolrunner = __toESM(require_toolrunner()); +var io4 = __toESM(require_io()); +var toolcache = __toESM(require_tool_cache()); +var semver5 = __toESM(require_semver2()); + +// src/tools-download.ts +var core9 = __toESM(require_core()); +var import_http_client = __toESM(require_lib()); +var toolcache2 = __toESM(require_tool_cache()); +var import_follow_redirects = __toESM(require_follow_redirects()); +var semver6 = __toESM(require_semver2()); +var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; + // src/dependency-caching.ts var actionsCache3 = __toESM(require_cache3()); var glob = __toESM(require_glob3()); diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 357d43a549..0d4da2cfce 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -88491,6 +88491,9 @@ function satisfiesGHESVersion(ghesVersion, range, defaultIfInvalid) { semverVersion.prerelease = []; return semver.satisfies(semverVersion, range); } +function cloneObject(obj) { + return JSON.parse(JSON.stringify(obj)); +} async function checkSipEnablement(logger) { if (process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] !== void 0 && ["true", "false"].includes(process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */])) { return process.env["CODEQL_ACTION_IS_SIP_ENABLED" /* IS_SIP_ENABLED */] === "true"; @@ -89762,9 +89765,9 @@ var core12 = __toESM(require_core()); var jsonschema = __toESM(require_lib2()); // src/codeql.ts -var fs10 = __toESM(require("fs")); -var path11 = __toESM(require("path")); -var core10 = __toESM(require_core()); +var fs12 = __toESM(require("fs")); +var path13 = __toESM(require("path")); +var core11 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); // src/cli-errors.ts @@ -90004,12 +90007,114 @@ function wrapCliConfigurationError(cliError) { return new ConfigurationError(errorMessageBuilder); } -// src/setup-codeql.ts -var fs9 = __toESM(require("fs")); +// src/config-utils.ts +var fs8 = __toESM(require("fs")); var path10 = __toESM(require("path")); +var semver4 = __toESM(require_semver2()); + +// src/analyses.ts +var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { + AnalysisKind2["CodeScanning"] = "code-scanning"; + AnalysisKind2["CodeQuality"] = "code-quality"; + return AnalysisKind2; +})(AnalysisKind || {}); +var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); + +// src/caching-utils.ts +var core9 = __toESM(require_core()); + +// src/diff-informed-analysis-utils.ts +var fs7 = __toESM(require("fs")); +var path9 = __toESM(require("path")); +function getDiffRangesJsonFilePath() { + return path9.join(getTemporaryDirectory(), "pr-diff-range.json"); +} +function readDiffRangesJsonFile(logger) { + const jsonFilePath = getDiffRangesJsonFilePath(); + if (!fs7.existsSync(jsonFilePath)) { + logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); + return void 0; + } + const jsonContents = fs7.readFileSync(jsonFilePath, "utf8"); + logger.debug( + `Read pr-diff-range JSON file from ${jsonFilePath}: +${jsonContents}` + ); + return JSON.parse(jsonContents); +} + +// src/trap-caching.ts +var actionsCache2 = __toESM(require_cache3()); + +// src/config-utils.ts +var OVERLAY_ANALYSIS_FEATURES = { + actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, + cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, + csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, + go: "overlay_analysis_go" /* OverlayAnalysisGo */, + java: "overlay_analysis_java" /* OverlayAnalysisJava */, + javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, + python: "overlay_analysis_python" /* OverlayAnalysisPython */, + ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, + rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, + swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ +}; +var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { + actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, + cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, + csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, + go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, + java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, + javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, + python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, + ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, + rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, + swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ +}; +var PACK_IDENTIFIER_PATTERN = (function() { + const alphaNumeric = "[a-z0-9]"; + const alphaNumericDash = "[a-z0-9-]"; + const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; + return new RegExp(`^${component}/${component}$`); +})(); +function getPathToParsedConfigFile(tempDir) { + return path10.join(tempDir, "config"); +} +async function getConfig(tempDir, logger) { + const configFile = getPathToParsedConfigFile(tempDir); + if (!fs8.existsSync(configFile)) { + return void 0; + } + const configString = fs8.readFileSync(configFile, "utf8"); + logger.debug("Loaded config:"); + logger.debug(configString); + return JSON.parse(configString); +} +function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { + if (extraQueryExclusions.length === 0) { + return cliConfig; + } + const augmentedConfig = cloneObject(cliConfig); + augmentedConfig["query-filters"] = [ + // Ordering matters. If the first filter is an inclusion, it implicitly + // excludes all queries that are not included. If it is an exclusion, + // it implicitly includes all queries that are not excluded. So user + // filters (if any) should always be first to preserve intent. + ...augmentedConfig["query-filters"] || [], + ...extraQueryExclusions + ]; + if (augmentedConfig["query-filters"]?.length === 0) { + delete augmentedConfig["query-filters"]; + } + return augmentedConfig; +} + +// src/setup-codeql.ts +var fs11 = __toESM(require("fs")); +var path12 = __toESM(require("path")); var toolcache3 = __toESM(require_tool_cache()); var import_fast_deep_equal = __toESM(require_fast_deep_equal()); -var semver6 = __toESM(require_semver2()); +var semver7 = __toESM(require_semver2()); // node_modules/uuid/dist/esm/stringify.js var byteToHex = []; @@ -90064,12 +90169,12 @@ var v4_default = v4; // src/tar.ts var import_child_process = require("child_process"); -var fs7 = __toESM(require("fs")); +var fs9 = __toESM(require("fs")); var stream = __toESM(require("stream")); var import_toolrunner = __toESM(require_toolrunner()); var io4 = __toESM(require_io()); var toolcache = __toESM(require_tool_cache()); -var semver4 = __toESM(require_semver2()); +var semver5 = __toESM(require_semver2()); var MIN_REQUIRED_BSD_TAR_VERSION = "3.4.3"; var MIN_REQUIRED_GNU_TAR_VERSION = "1.31"; async function getTarVersion() { @@ -90111,9 +90216,9 @@ async function isZstdAvailable(logger) { case "gnu": return { available: foundZstdBinary && // GNU tar only uses major and minor version numbers - semver4.gte( - semver4.coerce(version), - semver4.coerce(MIN_REQUIRED_GNU_TAR_VERSION) + semver5.gte( + semver5.coerce(version), + semver5.coerce(MIN_REQUIRED_GNU_TAR_VERSION) ), foundZstdBinary, version: tarVersion @@ -90122,7 +90227,7 @@ async function isZstdAvailable(logger) { return { available: foundZstdBinary && // Do a loose comparison since these version numbers don't contain // a patch version number. - semver4.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), + semver5.gte(version, MIN_REQUIRED_BSD_TAR_VERSION), foundZstdBinary, version: tarVersion }; @@ -90137,7 +90242,7 @@ async function isZstdAvailable(logger) { } } async function extract(tarPath, dest, compressionMethod, tarVersion, logger) { - fs7.mkdirSync(dest, { recursive: true }); + fs9.mkdirSync(dest, { recursive: true }); switch (compressionMethod) { case "gzip": return await toolcache.extractTar(tarPath, dest); @@ -90221,15 +90326,15 @@ function inferCompressionMethod(tarPath) { } // src/tools-download.ts -var fs8 = __toESM(require("fs")); +var fs10 = __toESM(require("fs")); var os2 = __toESM(require("os")); -var path9 = __toESM(require("path")); +var path11 = __toESM(require("path")); var import_perf_hooks = require("perf_hooks"); -var core9 = __toESM(require_core()); +var core10 = __toESM(require_core()); var import_http_client = __toESM(require_lib()); var toolcache2 = __toESM(require_tool_cache()); var import_follow_redirects = __toESM(require_follow_redirects()); -var semver5 = __toESM(require_semver2()); +var semver6 = __toESM(require_semver2()); var STREAMING_HIGH_WATERMARK_BYTES = 4 * 1024 * 1024; var TOOLCACHE_TOOL_NAME = "CodeQL"; function makeDownloadFirstToolsDownloadDurations(downloadDurationMs, extractionDurationMs) { @@ -90279,10 +90384,10 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } } catch (e) { - core9.warning( + core10.warning( `Failed to download and extract CodeQL bundle using streaming with error: ${getErrorMessage(e)}` ); - core9.warning(`Falling back to downloading the bundle before extracting.`); + core10.warning(`Falling back to downloading the bundle before extracting.`); await cleanUpGlob(dest, "CodeQL bundle", logger); } const toolsDownloadStart = import_perf_hooks.performance.now(); @@ -90328,7 +90433,7 @@ async function downloadAndExtract(codeqlURL, compressionMethod, dest, authorizat }; } async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorization, headers, tarVersion, logger) { - fs8.mkdirSync(dest, { recursive: true }); + fs10.mkdirSync(dest, { recursive: true }); const agent = new import_http_client.HttpClient().getAgent(codeqlURL); headers = Object.assign( { "User-Agent": "CodeQL Action" }, @@ -90356,16 +90461,16 @@ async function downloadAndExtractZstdWithStreaming(codeqlURL, dest, authorizatio await extractTarZst(response, dest, tarVersion, logger); } function getToolcacheDirectory(version) { - return path9.join( + return path11.join( getRequiredEnvParam("RUNNER_TOOL_CACHE"), TOOLCACHE_TOOL_NAME, - semver5.clean(version) || version, + semver6.clean(version) || version, os2.arch() || "" ); } function writeToolcacheMarkerFile(extractedPath, logger) { const markerFilePath = `${extractedPath}.complete`; - fs8.writeFileSync(markerFilePath, ""); + fs10.writeFileSync(markerFilePath, ""); logger.info(`Created toolcache marker file ${markerFilePath}`); } function sanitizeUrlForStatusReport(url2) { @@ -90480,13 +90585,13 @@ function tryGetTagNameFromUrl(url2, logger) { return match[1]; } function convertToSemVer(version, logger) { - if (!semver6.valid(version)) { + if (!semver7.valid(version)) { logger.debug( `Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.` ); version = `0.0.0-${version}`; } - const s = semver6.clean(version); + const s = semver7.clean(version); if (!s) { throw new Error(`Bundle version ${version} is not in SemVer format.`); } @@ -90496,7 +90601,7 @@ async function findOverridingToolsInCache(humanReadableVersion, logger) { const candidates = toolcache3.findAllVersions("CodeQL").filter(isGoodVersion).map((version) => ({ folder: toolcache3.find("CodeQL", version), version - })).filter(({ folder }) => fs9.existsSync(path10.join(folder, "pinned-version"))); + })).filter(({ folder }) => fs11.existsSync(path12.join(folder, "pinned-version"))); if (candidates.length === 1) { const candidate = candidates[0]; logger.debug( @@ -90556,7 +90661,7 @@ async function getCodeQLSource(toolsInput, defaultCliVersion, apiDetails, varian url2 = toolsInput; if (tagName) { const bundleVersion3 = tryGetBundleVersionFromTagName(tagName, logger); - if (bundleVersion3 && semver6.valid(bundleVersion3)) { + if (bundleVersion3 && semver7.valid(bundleVersion3)) { cliVersion2 = convertToSemVer(bundleVersion3, logger); } } @@ -90825,11 +90930,11 @@ async function setupCodeQLBundle(toolsInput, apiDetails, tempDir, variant, defau async function useZstdBundle(cliVersion2, tarSupportsZstd) { return ( // In testing, gzip performs better than zstd on Windows. - process.platform !== "win32" && tarSupportsZstd && semver6.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) + process.platform !== "win32" && tarSupportsZstd && semver7.gte(cliVersion2, CODEQL_VERSION_ZSTD_BUNDLE) ); } function getTempExtractionDir(tempDir) { - return path10.join(tempDir, v4_default()); + return path12.join(tempDir, v4_default()); } // src/tracer-config.ts @@ -90872,7 +90977,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV toolsDownloadStatusReport )}` ); - let codeqlCmd = path11.join(codeqlFolder, "codeql", "codeql"); + let codeqlCmd = path13.join(codeqlFolder, "codeql", "codeql"); if (process.platform === "win32") { codeqlCmd += ".exe"; } else if (process.platform !== "linux" && process.platform !== "darwin") { @@ -90933,12 +91038,12 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async isTracedLanguage(language) { const extractorPath = await this.resolveExtractor(language); - const tracingConfigPath = path11.join( + const tracingConfigPath = path13.join( extractorPath, "tools", "tracing-config.lua" ); - return fs10.existsSync(tracingConfigPath); + return fs12.existsSync(tracingConfigPath); }, async isScannedLanguage(language) { return !await this.isTracedLanguage(language); @@ -91009,7 +91114,7 @@ async function getCodeQLForCmd(cmd, checkVersion) { }, async runAutobuild(config, language) { applyAutobuildAzurePipelinesTimeoutFix(); - const autobuildCmd = path11.join( + const autobuildCmd = path13.join( await this.resolveExtractor(language), "tools", process.platform === "win32" ? "autobuild.cmd" : "autobuild.sh" @@ -91330,12 +91435,12 @@ ${output}` ); } else if (checkVersion && process.env["CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */] !== "true" && !await codeQlVersionAtLeast(codeql, CODEQL_NEXT_MINIMUM_VERSION)) { const result = await codeql.getVersion(); - core10.warning( + core11.warning( `CodeQL CLI version ${result.version} was discontinued on ${GHES_MOST_RECENT_DEPRECATION_DATE} alongside GitHub Enterprise Server ${GHES_VERSION_MOST_RECENTLY_DEPRECATED} and will not be supported by the next minor release of the CodeQL Action. Please update to CodeQL CLI version ${CODEQL_NEXT_MINIMUM_VERSION} or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version. Alternatively, if you want to continue using CodeQL CLI version ${result.version}, you can replace 'github/codeql-action/*@v${getActionVersion().split(".")[0]}' by 'github/codeql-action/*@v${getActionVersion()}' in your code scanning workflow to continue using this version of the CodeQL Action.` ); - core10.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); + core11.exportVariable("CODEQL_ACTION_SUPPRESS_DEPRECATED_SOON_WARNING" /* SUPPRESS_DEPRECATED_SOON_WARNING */, "true"); } return codeql; } @@ -91387,13 +91492,17 @@ async function runCli(cmd, args = [], opts = {}) { } async function writeCodeScanningConfigFile(config, logger) { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); + const augmentedConfig = appendExtraQueryExclusions( + config.extraQueryExclusions, + config.computedConfig + ); logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}` ); logger.startGroup("Augmented user configuration file contents"); - logger.info(dump(config.computedConfig)); + logger.info(dump(augmentedConfig)); logger.endGroup(); - fs10.writeFileSync(codeScanningConfigFile, dump(config.computedConfig)); + fs12.writeFileSync(codeScanningConfigFile, dump(augmentedConfig)); return codeScanningConfigFile; } var TRAP_CACHE_SIZE_MB = 1024; @@ -91416,7 +91525,7 @@ async function getTrapCachingExtractorConfigArgsForLang(config, language) { ]; } function getGeneratedCodeScanningConfigPath(config) { - return path11.resolve(config.tempDir, "user-config.yaml"); + return path13.resolve(config.tempDir, "user-config.yaml"); } function getExtractionVerbosityArguments(enableDebugLogging) { return enableDebugLogging ? [`--verbosity=${EXTRACTION_DEBUG_MODE_VERBOSITY}`] : []; @@ -91436,90 +91545,6 @@ async function getJobRunUuidSarifOptions(codeql) { ) ? [`--sarif-run-property=jobRunUuid=${jobRunUuid}`] : []; } -// src/config-utils.ts -var fs12 = __toESM(require("fs")); -var path13 = __toESM(require("path")); -var semver7 = __toESM(require_semver2()); - -// src/analyses.ts -var AnalysisKind = /* @__PURE__ */ ((AnalysisKind2) => { - AnalysisKind2["CodeScanning"] = "code-scanning"; - AnalysisKind2["CodeQuality"] = "code-quality"; - return AnalysisKind2; -})(AnalysisKind || {}); -var supportedAnalysisKinds = new Set(Object.values(AnalysisKind)); - -// src/caching-utils.ts -var core11 = __toESM(require_core()); - -// src/diff-informed-analysis-utils.ts -var fs11 = __toESM(require("fs")); -var path12 = __toESM(require("path")); -function getDiffRangesJsonFilePath() { - return path12.join(getTemporaryDirectory(), "pr-diff-range.json"); -} -function readDiffRangesJsonFile(logger) { - const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs11.existsSync(jsonFilePath)) { - logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); - return void 0; - } - const jsonContents = fs11.readFileSync(jsonFilePath, "utf8"); - logger.debug( - `Read pr-diff-range JSON file from ${jsonFilePath}: -${jsonContents}` - ); - return JSON.parse(jsonContents); -} - -// src/trap-caching.ts -var actionsCache2 = __toESM(require_cache3()); - -// src/config-utils.ts -var OVERLAY_ANALYSIS_FEATURES = { - actions: "overlay_analysis_actions" /* OverlayAnalysisActions */, - cpp: "overlay_analysis_cpp" /* OverlayAnalysisCpp */, - csharp: "overlay_analysis_csharp" /* OverlayAnalysisCsharp */, - go: "overlay_analysis_go" /* OverlayAnalysisGo */, - java: "overlay_analysis_java" /* OverlayAnalysisJava */, - javascript: "overlay_analysis_javascript" /* OverlayAnalysisJavascript */, - python: "overlay_analysis_python" /* OverlayAnalysisPython */, - ruby: "overlay_analysis_ruby" /* OverlayAnalysisRuby */, - rust: "overlay_analysis_rust" /* OverlayAnalysisRust */, - swift: "overlay_analysis_swift" /* OverlayAnalysisSwift */ -}; -var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { - actions: "overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */, - cpp: "overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */, - csharp: "overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */, - go: "overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */, - java: "overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */, - javascript: "overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */, - python: "overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */, - ruby: "overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */, - rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, - swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ -}; -var PACK_IDENTIFIER_PATTERN = (function() { - const alphaNumeric = "[a-z0-9]"; - const alphaNumericDash = "[a-z0-9-]"; - const component = `${alphaNumeric}(${alphaNumericDash}*${alphaNumeric})?`; - return new RegExp(`^${component}/${component}$`); -})(); -function getPathToParsedConfigFile(tempDir) { - return path13.join(tempDir, "config"); -} -async function getConfig(tempDir, logger) { - const configFile = getPathToParsedConfigFile(tempDir); - if (!fs12.existsSync(configFile)) { - return void 0; - } - const configString = fs12.readFileSync(configFile, "utf8"); - logger.debug("Loaded config:"); - logger.debug(configString); - return JSON.parse(configString); -} - // src/fingerprints.ts var fs13 = __toESM(require("fs")); var import_path = __toESM(require("path")); diff --git a/src/codeql.ts b/src/codeql.ts index 7fb899470a..567eb80875 100644 --- a/src/codeql.ts +++ b/src/codeql.ts @@ -13,7 +13,7 @@ import { } from "./actions-util"; import * as api from "./api-client"; import { CliError, wrapCliConfigurationError } from "./cli-errors"; -import { type Config } from "./config-utils"; +import { appendExtraQueryExclusions, type Config } from "./config-utils"; import { DocUrl } from "./doc-url"; import { EnvVar } from "./environment"; import { @@ -1149,11 +1149,11 @@ async function runCli( } /** - * Generates a code scanning configuration that is to be used for a scan. + * Writes the code scanning configuration that is to be used by the CLI. * * @param codeql The CodeQL object to use. - * @param config The configuration to use. - * @returns the path to the generated user configuration file. + * @param config The CodeQL Action state to use. + * @returns The path to the generated user configuration file. */ async function writeCodeScanningConfigFile( config: Config, @@ -1161,14 +1161,24 @@ async function writeCodeScanningConfigFile( ): Promise { const codeScanningConfigFile = getGeneratedCodeScanningConfigPath(config); + // Apply the `extraQueryExclusions` from the CodeQL Action state to the CLI configuration. + // We do this here at the latest possible point before passing the CLI configuration on to + // the CLI so that the `extraQueryExclusions` appear after all user-configured `query-filters`. + // See the comment in `applyExtraQueryExclusions` for more information, as well as + // https://github.com/github/codeql-action/pull/2938 + const augmentedConfig = appendExtraQueryExclusions( + config.extraQueryExclusions, + config.computedConfig, + ); + logger.info( `Writing augmented user configuration file to ${codeScanningConfigFile}`, ); logger.startGroup("Augmented user configuration file contents"); - logger.info(yaml.dump(config.computedConfig)); + logger.info(yaml.dump(augmentedConfig)); logger.endGroup(); - fs.writeFileSync(codeScanningConfigFile, yaml.dump(config.computedConfig)); + fs.writeFileSync(codeScanningConfigFile, yaml.dump(augmentedConfig)); return codeScanningConfigFile; } diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index d3bfb62b83..b133f500bc 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -348,6 +348,7 @@ test("load non-empty input", async (t) => { trapCaches: {}, trapCacheDownloadTime: 0, dependencyCachingEnabled: CachingKind.None, + extraQueryExclusions: [], overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, }; diff --git a/src/config-utils.ts b/src/config-utils.ts index 9c0d535a40..40d1da6878 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -170,6 +170,11 @@ export interface Config { /** A value indicating how dependency caching should be used. */ dependencyCachingEnabled: CachingKind; + /** + * Extra query exclusions to append to the config. + */ + extraQueryExclusions: ExcludeQueryFilter[]; + /** * The overlay database mode to use. */ @@ -218,11 +223,6 @@ export interface AugmentationProperties { * The packs input from the `with` block of the action declaration */ packsInput?: string[]; - - /** - * Extra query exclusions to append to the config. - */ - extraQueryExclusions: ExcludeQueryFilter[]; } /** @@ -234,7 +234,6 @@ export const defaultAugmentationProperties: AugmentationProperties = { packsInputCombines: false, packsInput: undefined, queriesInput: undefined, - extraQueryExclusions: [], }; export type Packs = Partial>; @@ -595,6 +594,7 @@ export async function getDefaultConfig({ trapCaches, trapCacheDownloadTime, dependencyCachingEnabled: getCachingKind(dependencyCachingEnabled), + extraQueryExclusions: [], overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, }; @@ -683,7 +683,6 @@ export async function calculateAugmentation( packsInput: packsInput?.[languages[0]], queriesInput, queriesInputCombines, - extraQueryExclusions: [], }; } @@ -1145,10 +1144,7 @@ export async function initConfig(inputs: InitConfigInputs): Promise { logger, )) ) { - if (config.computedConfig["query-filters"] === undefined) { - config.computedConfig["query-filters"] = []; - } - config.computedConfig["query-filters"].push({ + config.extraQueryExclusions.push({ exclude: { tags: "exclude-from-incremental" }, }); } @@ -1478,17 +1474,41 @@ export function generateCodeScanningConfig( delete augmentedConfig.packs; } + return augmentedConfig; +} + +/** + * Appends `extraQueryExclusions` to `cliConfig`'s `query-filters`. + * + * @param extraQueryExclusions The extra query exclusions to append to the `query-filters`. + * @param cliConfig The CodeQL CLI configuration to extend. + * @returns Returns `cliConfig` if there are no extra query exclusions + * or a copy of `cliConfig` where the extra query exclusions + * have been appended to `query-filters`. + */ +export function appendExtraQueryExclusions( + extraQueryExclusions: ExcludeQueryFilter[], + cliConfig: UserConfig, +): UserConfig { + if (extraQueryExclusions.length === 0) { + return cliConfig; + } + + // make a copy so we can modify it + const augmentedConfig = cloneObject(cliConfig); + augmentedConfig["query-filters"] = [ // Ordering matters. If the first filter is an inclusion, it implicitly // excludes all queries that are not included. If it is an exclusion, // it implicitly includes all queries that are not excluded. So user // filters (if any) should always be first to preserve intent. ...(augmentedConfig["query-filters"] || []), - ...augmentationProperties.extraQueryExclusions, + ...extraQueryExclusions, ]; if (augmentedConfig["query-filters"]?.length === 0) { delete augmentedConfig["query-filters"]; } + return augmentedConfig; } diff --git a/src/testing-utils.ts b/src/testing-utils.ts index 943c4be343..6e1763b00f 100644 --- a/src/testing-utils.ts +++ b/src/testing-utils.ts @@ -373,11 +373,11 @@ export function createTestConfig(overrides: Partial): Config { augmentationProperties: { packsInputCombines: false, queriesInputCombines: false, - extraQueryExclusions: [], } satisfies AugmentationProperties, trapCaches: {}, trapCacheDownloadTime: 0, dependencyCachingEnabled: CachingKind.None, + extraQueryExclusions: [], overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, } satisfies Config, From 7f81363b7831aedb2d68249643fd6004226116d6 Mon Sep 17 00:00:00 2001 From: "Michael B. Gale" Date: Wed, 3 Sep 2025 12:19:00 +0100 Subject: [PATCH 4/4] Mark result of `appendExtraQueryExclusions` as `Readonly` to prevent further modification --- lib/analyze-action-post.js | 4 ++-- lib/analyze-action.js | 4 ++-- lib/autobuild-action.js | 4 ++-- lib/init-action-post.js | 4 ++-- lib/init-action.js | 4 ++-- lib/resolve-environment-action.js | 4 ++-- lib/upload-lib.js | 4 ++-- lib/upload-sarif-action.js | 4 ++-- src/config-utils.ts | 11 ++++++----- 9 files changed, 22 insertions(+), 21 deletions(-) diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index 641b11a8b3..c2fcd9c1bc 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -117965,10 +117965,10 @@ async function getConfig(tempDir, logger) { return JSON.parse(configString); } function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { + const augmentedConfig = cloneObject(cliConfig); if (extraQueryExclusions.length === 0) { - return cliConfig; + return augmentedConfig; } - const augmentedConfig = cloneObject(cliConfig); augmentedConfig["query-filters"] = [ // Ordering matters. If the first filter is an inclusion, it implicitly // excludes all queries that are not included. If it is an exclusion, diff --git a/lib/analyze-action.js b/lib/analyze-action.js index 414f7b7bd7..f8ba08884a 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -91586,10 +91586,10 @@ async function getConfig(tempDir, logger) { return JSON.parse(configString); } function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { + const augmentedConfig = cloneObject(cliConfig); if (extraQueryExclusions.length === 0) { - return cliConfig; + return augmentedConfig; } - const augmentedConfig = cloneObject(cliConfig); augmentedConfig["query-filters"] = [ // Ordering matters. If the first filter is an inclusion, it implicitly // excludes all queries that are not included. If it is an exclusion, diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index bf381bbd63..c2d8f0d0ea 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -78967,10 +78967,10 @@ async function getConfig(tempDir, logger) { return JSON.parse(configString); } function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { + const augmentedConfig = cloneObject(cliConfig); if (extraQueryExclusions.length === 0) { - return cliConfig; + return augmentedConfig; } - const augmentedConfig = cloneObject(cliConfig); augmentedConfig["query-filters"] = [ // Ordering matters. If the first filter is an inclusion, it implicitly // excludes all queries that are not included. If it is an exclusion, diff --git a/lib/init-action-post.js b/lib/init-action-post.js index ed9a4e00bc..f4117f9ada 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -129564,10 +129564,10 @@ async function getConfig(tempDir, logger) { return JSON.parse(configString); } function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { + const augmentedConfig = cloneObject(cliConfig); if (extraQueryExclusions.length === 0) { - return cliConfig; + return augmentedConfig; } - const augmentedConfig = cloneObject(cliConfig); augmentedConfig["query-filters"] = [ // Ordering matters. If the first filter is an inclusion, it implicitly // excludes all queries that are not included. If it is an exclusion, diff --git a/lib/init-action.js b/lib/init-action.js index d3fb02689f..bedab733cf 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -87823,10 +87823,10 @@ function generateCodeScanningConfig(originalUserInput, augmentationProperties) { return augmentedConfig; } function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { + const augmentedConfig = cloneObject(cliConfig); if (extraQueryExclusions.length === 0) { - return cliConfig; + return augmentedConfig; } - const augmentedConfig = cloneObject(cliConfig); augmentedConfig["query-filters"] = [ // Ordering matters. If the first filter is an inclusion, it implicitly // excludes all queries that are not included. If it is an exclusion, diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 4cda99c105..11761c618f 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -78694,10 +78694,10 @@ async function getConfig(tempDir, logger) { return JSON.parse(configString); } function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { + const augmentedConfig = cloneObject(cliConfig); if (extraQueryExclusions.length === 0) { - return cliConfig; + return augmentedConfig; } - const augmentedConfig = cloneObject(cliConfig); augmentedConfig["query-filters"] = [ // Ordering matters. If the first filter is an inclusion, it implicitly // excludes all queries that are not included. If it is an exclusion, diff --git a/lib/upload-lib.js b/lib/upload-lib.js index b6376ce229..ff2f43e49f 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -89411,10 +89411,10 @@ async function getConfig(tempDir, logger) { return JSON.parse(configString); } function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { + const augmentedConfig = cloneObject(cliConfig); if (extraQueryExclusions.length === 0) { - return cliConfig; + return augmentedConfig; } - const augmentedConfig = cloneObject(cliConfig); augmentedConfig["query-filters"] = [ // Ordering matters. If the first filter is an inclusion, it implicitly // excludes all queries that are not included. If it is an exclusion, diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 0d4da2cfce..a1ba491b14 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -90091,10 +90091,10 @@ async function getConfig(tempDir, logger) { return JSON.parse(configString); } function appendExtraQueryExclusions(extraQueryExclusions, cliConfig) { + const augmentedConfig = cloneObject(cliConfig); if (extraQueryExclusions.length === 0) { - return cliConfig; + return augmentedConfig; } - const augmentedConfig = cloneObject(cliConfig); augmentedConfig["query-filters"] = [ // Ordering matters. If the first filter is an inclusion, it implicitly // excludes all queries that are not included. If it is an exclusion, diff --git a/src/config-utils.ts b/src/config-utils.ts index 40d1da6878..64a1c93b9d 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -1489,14 +1489,15 @@ export function generateCodeScanningConfig( export function appendExtraQueryExclusions( extraQueryExclusions: ExcludeQueryFilter[], cliConfig: UserConfig, -): UserConfig { +): Readonly { + // make a copy so we can modify it and so that modifications to the input + // object do not affect the result that is marked as `Readonly`. + const augmentedConfig = cloneObject(cliConfig); + if (extraQueryExclusions.length === 0) { - return cliConfig; + return augmentedConfig; } - // make a copy so we can modify it - const augmentedConfig = cloneObject(cliConfig); - augmentedConfig["query-filters"] = [ // Ordering matters. If the first filter is an inclusion, it implicitly // excludes all queries that are not included. If it is an exclusion,