c939e6615d
Merge pull request #1372 from github/marcogario/prioritize_github_ref
...
Prefer GITHUB_REF to CODE_SCANNING_REF
2022-11-16 12:03:29 +01:00
1935d19d61
Merge pull request #1358 from github/henrymercer/require-cli-2.6.3
...
Bump minimum CodeQL bundle version to 2.6.3
2022-11-16 10:37:57 +00:00
7484436e5d
Remove Go extraction feature flags ( #1371 )
2022-11-16 10:32:40 +00:00
0a76b97b28
Prefer GITHUB_REF to CODE_SCANNING_REF
...
Given that the GITHUB_REF is a protected variable, we want to prefer it to
CODE_SCANNING_REF. This should prevent accidentally overwriting these values.
The logic is a bit more involved, as I think it makes sense to raise the error
about GITHUB_REF not being set, rather than mentioning CODE_SCANNING_REF if
both are not set.
2022-11-16 10:49:49 +01:00
d48707ce53
Merge branch 'henrymercer/delete-runner-part-2' into henrymercer/require-cli-2.6.3
2022-11-15 20:58:01 +00:00
0dea34e91c
Merge branch 'main' into henrymercer/delete-runner-part-2
2022-11-15 19:35:30 +00:00
f47c93c5fd
Merge pull request #1363 from github/henrymercer/delete-runner-part-1
...
Delete the runner, part 1
2022-11-15 19:31:28 +00:00
2bca6af0e5
Read CODE_SCANNING_REF
2022-11-15 15:26:47 +01:00
1e2f8f035d
Merge branch 'main' into henrymercer/require-cli-2.6.3
2022-11-14 22:25:31 +00:00
0990a34ac8
Merge branch 'main' into henrymercer/delete-runner-part-1
2022-11-14 22:20:41 +00:00
5883c13406
Deprecate Go extraction reconciliation feature flag and `CODEQL_EXTRACTOR_GO_BUILD_TRACING` for custom builds ( #1322 )
...
Co-authored-by: Henry Mercer <henry.mercer@me.com>
2022-11-14 13:54:35 -08:00
9df773d1a3
Remove unneeded `apiDetails` input to `getApiClient`
2022-11-14 19:55:30 +00:00
dac8912e9f
Remove `deriveApiUrl` function only used by runner
2022-11-14 18:59:39 +00:00
8ecbaea022
Remove support for empty analysis keys from runner
2022-11-14 18:55:31 +00:00
3d46406f3b
Remove runner-only input to `databaseInitCluster`
2022-11-14 18:49:17 +00:00
03bb58c07d
Remove note about separation in `actions-util`
...
We could move everything into `util`, but in some ways it is nice having
a file dedicated to Actions related utilities.
2022-11-14 18:46:43 +00:00
0eacdb53ad
Support Swift for private beta ( #1350 )
...
Co-authored-by: Henry Mercer <henry.mercer@me.com>
2022-11-14 10:29:05 -08:00
8c8a9b1231
Remove auth method only used in runner
2022-11-14 16:39:43 +00:00
b498c79130
Remove concept of Actions / runner mode
2022-11-14 16:37:48 +00:00
51abddb49b
Delete the runner
2022-11-14 16:23:14 +00:00
acbc6ca6e5
Fix a couple of naming nits
2022-11-11 19:00:48 +00:00
84e5134df9
Remove lines of code counting in the Action
...
We now only need to support doing this in the CLI.
2022-11-11 19:00:45 +00:00
ea990a3118
Remove flags for CLI v2.6.2 and earlier
2022-11-11 18:22:45 +00:00
b45e925fe2
Bump minimum version to 2.6.3
2022-11-11 18:00:58 +00:00
9452b6b864
Merge branch 'main' into henrymercer/use-codeql-2.11.3
2022-11-11 09:56:50 +00:00
d6f6ef4b0b
Force exit of process if a timeout has occurred
2022-11-09 17:28:15 +00:00
01c4458f0c
use ATM pack v0.4.0 for CLI v2.11.3 and above
2022-11-08 13:53:18 +01:00
0e5b04a79a
Merge pull request #1349 from github/henrymercer/improve-focus-when-init-fails
...
Improve experience when init fails before generating a config file
2022-11-08 11:31:43 +00:00
f9948ffd0e
Improve experience when init fails before generating a config file
...
Suppose a customer has a run where the init Action failed before saving
a config file.
When the customer opens their Actions logs, the UI currently focuses on
the post init step, since this is the last step that failed.
Demoting the error in the post init Action to a warning means that the
UI will instead focus on the `init` step, which is more useful for
debugging what went wrong.
2022-11-07 18:50:59 +00:00
c606252ada
Merge pull request #1329 from github/henrymercer/file-baseline-info-enablement
...
Enable file baseline information behind a feature gate
2022-11-07 18:10:39 +00:00
dba70acdb3
Bump default CodeQL version to 2.11.3
2022-11-07 10:40:09 +00:00
862a512899
Prune results of Ruby query from SARIF
2022-11-04 14:57:13 +00:00
89e18934d3
Forward file baseline information enablement to CLI
2022-11-01 17:10:53 +00:00
5da50dc362
Add file baseline information feature
2022-11-01 16:59:38 +00:00
cd983e71c6
Merge pull request #1334 from github/henrymercer/better-error-for-glibc
...
Add a better error message for users of CodeQL CLI 2.7.2 and earlier running on `ubuntu-22.04`
2022-11-01 16:51:05 +00:00
bfcbb093ac
Re-export codeql testing environment variable to subsequent steps, if set.
2022-11-01 13:18:57 +01:00
4b73c4f99e
Actions status report: Send testing_environment.
...
The testing environment is taken from the environment variable
CODEQL_ACTION_TESTING_ENVIRONMENT.
2022-11-01 13:18:57 +01:00
a3141c7a07
Improve error message
2022-10-31 14:19:04 +00:00
4b37e17ec1
Check stdout rather than stderr
2022-10-28 18:59:02 +01:00
a12a861b82
Add a better error message for users of CodeQL CLI 2.7.2 and earlier
...
Improves the error message for users running (a) CLI 2.7.2 and earlier
and (b) `ubuntu-22.04`, to which `ubuntu-latest` is now being migrated.
Previously this was "undefined symbol: __libc_dlopen_mode, version
GLIBC_PRIVATE".
Now we give some guidance around glibc versions and using the
`ubuntu-20.04` runner image.
2022-10-28 18:38:00 +01:00
4b53723d6b
Merge pull request #1320 from github/edoardo/2.11.2-bump
...
Bump default CodeQL version to 2.11.2
2022-10-25 09:41:40 +01:00
f1a4ff53b4
Bumps the min version for code scanning config in the cli
...
2.11.1 has a fix in it for parsing query filters.
2022-10-24 09:20:10 -07:00
624418cb40
Bump default CodeQL version to 2.11.2
2022-10-24 13:08:52 +01:00
f3a27d6945
GHES 3.1 has been deprecated end of June 2022.
...
Therefore, we do not need to support the workaround for
action telemetry anymore.
2022-10-18 14:20:52 +02:00
2fafb297de
TRAP Caching: Disable on self-hosted runners
2022-10-13 14:31:54 +01:00
34d48f825c
Merge remote-tracking branch 'upstream/main' into aeisenberg/ff-refactoring
2022-10-12 08:36:16 -07:00
e862e8fc76
Merge pull request #1296 from github/edoardo/improve-docs
...
Improve documentation comment
2022-10-12 08:35:01 +01:00
cc00a9d478
Update supported GitHub Enterprise Server versions.
2022-10-12 00:20:41 +00:00
082bdf06b5
Improve documentation comment
2022-10-11 22:38:30 +01:00
44edb7c4b5
Merge pull request #1293 from github/edoardo/fix-with-timeout
...
Fix `withTimeout` helper function
2022-10-11 21:29:20 +01:00
43c3ed9c28
More feature flag renaming
2022-10-11 11:52:55 -07:00
701cea34ba
More renaming
2022-10-11 10:39:40 -07:00
adb28963c0
Further update to reflect a conversation with @henrymercer
2022-10-11 16:59:48 +01:00
362f9a2522
Update bundle for 2.11.1
...
This version has the fix applied
2022-10-11 12:05:46 +01:00
6e1dab28b6
Fix `withTimeout` helper function
2022-10-11 10:04:21 +01:00
6c869f8b03
Fix typos
2022-10-07 16:27:25 -07:00
919e4caca1
Merge remote-tracking branch 'upstream/main' into aeisenberg/ff-refactoring
2022-10-07 14:14:09 -07:00
1a17c59fb0
More renaming
...
Avoid usage of "Feature Flag" unless we are talking specifically about
the response from github features api. Otherwise, use terms like
"Toggleable features".
Note both "toggleable" and "togglable" appear to be valid spellings of
the word. I chose the first for no good reason.
2022-10-07 11:33:32 -07:00
b27aed78f5
Extract GitHubFeatureFlags to a separate class
...
Internal refactoring so that `GitHubFeatureFlags` is
private only. The public facing class is `Features`.
2022-10-06 18:00:40 -07:00
5915e70486
Address comments from review
2022-10-06 13:14:06 -07:00
6de05e4b24
Rename `FeatureFlag` -> `Feature`
2022-10-06 13:06:10 -07:00
b16314e16c
Address comments from review
...
- Change env var name for `MlPoweredQueriesEnabled`
- Throw error if minimumVersion is specified, but CodeQL argument is not
supplied.
- Fix failing tests. Note that I removed a config-utils test because it
is no longer relevant since we handle codeql minimum versions in the
`getValue` function.
2022-10-06 12:29:58 -07:00
84dffe700c
Merge pull request #1282 from github/aeisenberg/user-error-source-root
...
Convert "Invalid source root" errors to UserErrors
2022-10-06 10:48:35 -07:00
9e044c5432
Convert "Invalid source root" errors to UserErrors
2022-10-06 09:28:29 -07:00
e5c3375225
Refactor handling of feature flags
...
This commit centralizes how feature flags are handled. All feature flags
must now add an entry in the `featureFlagConfig` dictionary. This
dictionary associates the flag with an environment variable name and
optionally a minimum version for CodeQL.
The new logic is:
- if the environment variable is set to false: disabled
- if the minimum version requirement specified and met: disabled
- if the environment variable is set to true: enable
- Otherwise check feature flag enablement from the server
2022-10-05 16:40:56 -07:00
24c8de16fa
Correctly report CodeQL version when using cache ( #1259 )
...
* Correctly report CodeQL version when using cache
* Add JS generated files
* Add test for return value of `setupCodeQL`
* Fill in missing return value comment
2022-10-05 09:16:42 -07:00
5960ce1190
Extract logging statements to separate function
2022-10-03 09:35:40 -07:00
6ace05baa3
Add logging statements declaring state of the cli_config_file_enabled
...
It's possible to determine this otherwise, but this makes it easier to
spot.
2022-10-01 12:03:01 -07:00
c0641ea1d3
TRAP Caching: Add timeouts to upload/download operations
2022-09-30 13:18:46 +01:00
61b87c69a6
Update supported GitHub Enterprise Server versions. ( #1275 )
...
Co-authored-by: GitHub <noreply@github.com>
2022-09-29 22:37:10 +00:00
1ec8ea99ee
Merge branch 'main' into aeisenberg/cli-config-feature-flag
2022-09-28 10:39:05 -07:00
a711c7623d
Update default CodeQL version to 2.11.0
2022-09-28 09:04:11 -07:00
39064e0f9b
Merge pull request #1272 from github/update-supported-enterprise-server-versions
...
Update supported GitHub Enterprise Server versions.
2022-09-28 10:52:55 +01:00
28c63d131f
Merge pull request #1268 from jsoref/rev-parse
...
Correct program name
2022-09-28 09:59:29 +01:00
a4e4529299
Correct program name
2022-09-27 22:08:31 -04:00
cc4ee05a07
Update supported GitHub Enterprise Server versions.
2022-09-28 00:21:45 +00:00
cab46c529f
Update src/util.test.ts
2022-09-27 15:49:25 -07:00
e37b0d6470
Add the `CliConfigFileEnabled` feature flag
...
Also, wire it up to the `useCodeScanningConfigInCli` function.
2022-09-27 07:58:31 -07:00
b96c7546c1
Fix broken unit test
2022-09-26 15:17:36 +01:00
b98b2def63
TRAP Caching: Skip uploading of small caches
2022-09-23 15:22:31 +01:00
34aa5a554b
Merge pull request #1242 from github/henrymercer/go-more-backwards-compat
...
Go extraction reconciliation: Ensure backwards compatibility for multi-language builds
2022-09-16 11:05:41 +01:00
f32e161cdd
Improve warning when using autobuild with multi-language builds
2022-09-13 16:53:02 +01:00
4cc95769d4
Improve variable name
2022-09-13 16:50:41 +01:00
fd4dc5bf31
Merge pull request #1244 from github/criemen/remove-lua-tracer-ff
...
Remove the lua tracer feature flag check from the codeql-action.
2022-09-13 17:49:47 +02:00
3038e979a8
Remove the lua tracer feature flag check from the codeql-action.
...
Always defer to the CLI on the Lua tracer state from now on.
2022-09-13 11:23:32 +00:00
bde5694fb7
Comment why we don't run multiple autobuilders for other languages
2022-09-12 18:25:20 +01:00
40e0374c6f
Ensure backwards compat for multi-language builds with Go reconciliation
2022-09-12 18:24:46 +01:00
0d2fa3c636
Support autobuilding multiple languages in autobuild Action
2022-09-12 17:35:32 +01:00
4a8d26e2bd
Bump CodeQL version to 2.10.5
2022-09-08 18:29:45 +01:00
9ba4d500aa
Merge pull request #1221 from github/aeisenberg/ghes-pack-download
...
Add support for downloading packs from GHES
2022-09-08 10:02:41 -07:00
6085805a3a
Append `/` to end of registries url
...
Avoids a bug in 2.10.4. Also, add some better handling for invalid
registries blocks.
2022-09-08 08:00:24 -07:00
59744464eb
Fix unit tests
2022-09-07 16:10:34 -07:00
4fa3e8b483
Gate the new `registries` input behind version constraints
2022-09-07 14:38:44 -07:00
063e083705
Fix linting
2022-09-07 22:45:34 +02:00
a03f3bd585
Build js
2022-09-07 09:45:19 +02:00
376fea671d
Clarify description of `registries` input
2022-09-06 14:06:30 -07:00
bf97a6da5b
Apply suggestions from code review
2022-09-06 10:41:32 -07:00
7e086b240c
Merge remote-tracking branch 'upstream/main' into aeisenberg/ghes-pack-download
2022-09-06 10:22:00 -07:00
299b77421b
TRAP Caching: Be tolerant to not finding the extractor
2022-09-05 10:38:21 +01:00
abdf26c28f
Convert from json to yaml for registries input
2022-09-02 15:03:51 -07:00
fc2f344141
Reuse `getApiDetails` code
2022-09-02 19:59:18 +01:00
b0443622cd
Merge branch 'main' into aeisenberg/ghes-pack-download
2022-09-02 11:32:07 -07:00
4b5dea8eed
Address review comments
2022-09-02 17:54:53 +01:00
62b4f237aa
Merge remote-tracking branch 'origin/main' into henrymercer/start-go-tracing-in-init
2022-09-02 17:39:17 +01:00
21530f507f
Merge pull request #1219 from github/angelapwen/autobuild-in-analyze
...
Autobuild Go in `analyze` if not already built
2022-09-02 17:36:54 +01:00
e9b47b1898
Change to using a single input
2022-09-01 16:07:26 -07:00
ab396da825
Run Lua tracing for Go on Windows in CLI 2.10.4+
...
A bug preventing us from using Lua tracing for Go on Windows is fixed
in CLI 2.10.4+, so we
can now resume using Lua tracing for Go on Windows when using these
CLI versions.
2022-09-01 16:58:23 +01:00
e460fa2e94
Tidy up `createdDBForScannedLanguages`
...
Now the test is fixed, we can simplify by introducing an async call.
2022-09-01 15:02:47 +01:00
6d34731d93
Make `createdDBForScannedLanguages` test robust to new async calls
...
Previously the test depended on `createdDBForScannedLanguages` making no
async calls prior to `codeql resolve extractor`.
2022-09-01 14:59:39 +01:00
cf5d465980
Trace Go when Go extraction reconciliation is enabled
2022-09-01 14:42:59 +01:00
fe1bd9ac76
Improve clarity of logging
2022-09-01 12:56:03 +01:00
8e0846caf0
Check TRAP directory exists first
2022-08-31 13:22:39 +01:00
955290300a
Fix language inclusion test
...
`in` checks the indices of an array, not the values.
2022-08-31 13:20:41 +01:00
14d7039828
Add logging for determining whether to run the Go autobuilder
2022-08-31 13:20:02 +01:00
b42a495e8a
Fix TRAP directory location
2022-08-31 13:19:16 +01:00
e466e75875
Simplify `doesGoExtractionOutputExist` implementation
...
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
2022-08-31 13:19:16 +01:00
fff56ee004
Add environment variable for enabling Go extraction reconcilation
...
This will enable us to test this behavior in PR checks.
Also simplify and add some more detailed documentation.
2022-08-31 13:19:16 +01:00
8dc468564f
Use a more explicit name for checking Go extraction output
2022-08-31 13:19:16 +01:00
215c3cb4bb
Autobuild Go in analyze step
2022-08-31 13:19:16 +01:00
693b97bf50
Bump CodeQL version to 2.10.4
2022-08-31 11:49:32 +01:00
0e98efa2bb
Add support for downloading packs from GHES
...
This change adds:
- new `registries` block allowed in code scanning config file
- new `registries-auth-tokens` input in init action
- Change the downloadPacks function so that it accepts new parameters:
- registries block
- api auth
- Generate a qlconfig.yml file with the registries block if one is
supplied. Use this file when downloading packs.
- temporarily set the `GITHUB_TOKEN` and `CODEQL_REGISTRIES_AUTH` based
on api auth
TODO:
1. integration test
2. handle pack downloads when the config is generated by the CLI
2022-08-30 10:04:30 -07:00
7294b404d8
Fix call to `endGroup`
...
Also, rename variable and change a comment.
2022-08-30 09:16:05 -07:00
0a2b0d236c
Moves calls to pack download to the init action
...
This ensures all steps to gather queries happens in the init action.
This is where checking out queries in other repos happens as well.
2022-08-26 16:04:57 -07:00
5960bffd3f
When running on a schedule, make a better guess about whether we're analyzing the default branch.
2022-08-25 10:58:16 +01:00
8b45ef3845
Telemetry: Record DB creation time
2022-08-24 14:31:37 +01:00
e195431677
Override `CODEQL_EXTRACTOR_GO_BUILD_TRACING` with `on` when it's `true`
2022-08-24 11:48:32 +01:00
ab6508ab87
Disable Lua tracing for Go on Windows
...
This is currently broken in CLI versions 2.10.3 and earlier.
2022-08-23 20:03:33 +01:00
c18ed56977
Warn about invalid value for `CODEQL_EXTRACTOR_GO_BUILD_TRACING`
2022-08-23 20:03:33 +01:00
ac92a02de7
Merge remote-tracking branch 'upstream/main' into aeisenberg/better-error-message
2022-08-23 09:29:19 -07:00
5861352d57
Better error messages for invalid queries and query filters blocks
...
Handle other cases where the config is invalid.
2022-08-23 09:25:59 -07:00
1e5376ae5f
TRAP Caching: Unset missing cache rather than setting to `undefined`
2022-08-23 15:39:05 +01:00
c72f566aae
Explicitly import `performance` for Node 12 compatibility
2022-08-22 12:59:22 +01:00
0349bb05b7
Fix TRAP cache upload timing
2022-08-17 15:49:57 +01:00
b21cab99b3
Mock `expect-error` input to avoid errors in Action integration tests
2022-08-17 15:02:46 +01:00
219a937551
Require test mode to be set to use `expect-error` input
...
This should be more robust than determining whether the repo is the
CodeQL Action or a fork of it.
2022-08-17 14:49:24 +01:00
eb6f272155
Round fields in TRAP caching telemetry to integers
2022-08-17 13:30:17 +01:00
b469d5358f
Tweak debug logging message
2022-08-17 12:44:53 +01:00
f47f573e6e
Add a debug log message when forcing the latest tools
2022-08-17 12:33:58 +01:00
416ad3d847
Merge branch 'main' into henrymercer/bypass-toolcache-feature-flag
2022-08-17 11:39:33 +01:00
8beb190634
Update supported GitHub Enterprise Server versions.
2022-08-17 00:13:14 +00:00
9b7fa3dd99
Add `expect-error` input to force PR check green on expected failure ( #1177 )
2022-08-16 16:27:14 -07:00
e1cd41a365
Add tests for toolcache bypassing
2022-08-16 16:19:08 +01:00
d45b0eba23
Improve readability of CodeQL bundle tests
2022-08-16 16:18:41 +01:00
96a8424f0c
Don't bypass the toolcache in test mode
2022-08-16 16:18:12 +01:00
5862bae77e
Bypass toolcache when feature flag enabled
2022-08-16 16:18:11 +01:00
df0c0dafc0
Add bypass toolcache feature flag
2022-08-16 16:17:41 +01:00
016a5e3bae
Use `util.promisify` instead of manually constructing promise
2022-08-16 14:42:13 +01:00
b29194f0ac
Address review comments from @henrymercer
2022-08-16 13:30:49 +01:00
4139682b64
Add telemetry for TRAP caching
2022-08-16 11:54:31 +01:00
d8adbe91f2
Fix cache key for TRAP caching
2022-08-16 10:20:17 +01:00
fba13b0092
More readable error message for invalid `queries` block
...
When someone creates an invalid `queries` entry in the codeql config
file, like this:
```
queries:
- foo.ql
```
THe error message is confusing, looking like this:
```
Error: Cannot use 'in' operator to search for 'uses' in ql/ql/src
TypeError: Cannot use 'in' operator to search for 'uses' in ql/ql/src
at loadConfig (/home/runner/work/_actions/github/codeql-action/71a8b35ff4c80fcfcd05bc1cd932fe3c08f943ca/lib/config-utils.js:577:41)
```
With this change, the error message is more comprehensible:
`queries must be an array, with each entry having a 'uses' property`
2022-08-15 07:56:00 -07:00
af9d911fb5
Merge remote-tracking branch 'origin/main' into henrymercer/codeql-cli-2.10.3
2022-08-15 14:40:51 +01:00
1e8043f69c
Update default CodeQL version to 2.10.3
2022-08-12 10:43:51 +01:00
fa2bc211fd
Merge branch 'aeisenberg/unrevert-query-filters' into aeisenberg/fix-config-files
2022-08-11 14:57:16 -07:00
bcf47202b5
Merge remote-tracking branch 'upstream/main' into aeisenberg/unrevert-query-filters
2022-08-11 11:37:55 -07:00
072cd929a3
Merge remote-tracking branch 'upstream/main' into aeisenberg/unrevert-query-filters
2022-08-11 10:00:12 -07:00
d74f663ed4
Merge remote-tracking branch 'upstream/main' into aeisenberg/fix-config-files
2022-08-11 09:57:45 -07:00
a09a029937
Fix failing test and address PR comments
2022-08-11 09:56:08 -07:00
07e8996e91
Merge main into local.
2022-08-11 17:11:05 +01:00
7c6fa5ce8a
Remove an unneeded `if`.
...
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
2022-08-11 17:10:50 +01:00
79b933c459
Remove review comments
2022-08-11 16:47:31 +02:00
cf7f893f9c
Make file paths OS-agnostic
2022-08-11 16:46:56 +02:00
172eca420d
Improve doesDirectoryExist test
2022-08-11 16:08:06 +02:00
fd83e55188
Remove extraneous files
2022-08-11 16:03:48 +02:00
26cafd2f92
Add unit tests for post: hook run methods
2022-08-11 16:01:37 +02:00
15608ceae3
Merge remote-tracking branch 'origin/main' into angelapwen/post-init-cleanup
2022-08-11 15:24:10 +02:00
6fdaff6eb6
Improve file system unit tests
2022-08-11 15:09:44 +02:00
4e121c0ef5
Address additional review comments
2022-08-11 13:58:01 +02:00
65d6ee0c51
Address review comments
2022-08-11 13:45:26 +02:00
bbdc9efa94
Use the API URL from the environment if it is present.
2022-08-11 08:38:11 +01:00
2314063848
Add the `defaultAugmentationProperties` constant
...
This makes some syntax in tests somewhat simpler.
2022-08-10 15:42:45 -07:00
0403fb7d8c
Merge branch 'main' into aeisenberg/fix-config-files
2022-08-10 15:39:35 -07:00
44f42da9ca
Merge branch 'main' into aeisenberg/unrevert-query-filters
2022-08-10 15:22:40 -07:00
a6d09016e7
Merge pull request #1171 from crenshaw-dev/clarify-category-error-message
...
fix: clarify upload-sarify category uniqueness error message
2022-08-10 13:24:16 -07:00
3c4f458a1a
Re-declare codeql var
2022-08-10 15:08:35 +02:00
90676d9cb9
Merge remote-tracking branch 'origin/main' into angelapwen/post-init-cleanup
2022-08-10 15:08:04 +02:00
484a72c924
Add utilities unit tests
2022-08-10 14:57:57 +02:00
3835e64c38
Remove distrust of `GITHUB_ACTION_REF` for local actions
2022-08-10 09:39:03 +01:00
6df93613d7
Address review comments from @henrymercer
2022-08-09 18:37:22 +01:00
010abe7de0
Merge remote-tracking branch 'origin/main' into angelapwen/post-init-cleanup
2022-08-08 13:41:15 +02:00
8f867dcb21
Introduce TRAP caching
2022-08-05 17:48:05 +01:00
0e3ae6e68a
fix: clarify upload-sarify category uniqueness error message
2022-08-05 10:59:35 -04:00
7f86ddc26d
Move debug log printing back to actions util
2022-08-02 12:41:08 +02:00
a758ec55e8
Add more info messages to user, rename log printing function
2022-08-02 12:36:56 +02:00
eeee462f05
Move debug artifact methods into separate file
2022-08-02 12:27:52 +02:00
5895ab0c0b
Address more PR comments, refactoring
2022-08-02 12:18:44 +02:00
44a27e6a51
Add top level comments, rename cleanup to post
2022-08-02 12:08:18 +02:00
a557279135
Clean up syntax per PR review
2022-08-02 12:01:02 +02:00
5229df1eef
Add unit test descriptions
2022-08-01 13:17:40 +02:00
5da7870265
Refactoring per PR comments
2022-08-01 12:52:16 +02:00
8a4a573d59
Error handling for JSON parsing
2022-08-01 12:12:49 +02:00
52de49c899
Refactor helper function to util
2022-08-01 11:42:55 +02:00
2c25894c5f
Zip partial database directory
2022-08-01 11:24:34 +02:00
a5def17768
Update default CodeQL version to 2.10.2
2022-07-29 14:07:22 -07:00
2746051310
Catch case where database isn't finalized
2022-07-29 12:00:07 +02:00
1016eba538
Move logs, SARIF actions uploads to post: hooks
2022-07-29 11:29:39 +02:00
907f1deb5b
Merge branch 'main' into aeisenberg/fix-config-files
2022-07-28 16:43:03 -07:00
b4ff463500
Autobuild: Remove CODEQL_RUNNER workaround
...
We do not need to prefix `$CODEQL_RUNNER` here on macOS to bypass SIP,
because we assume that the `init` step exported `DYLD_INSERT_LIBRARIES`
into the environment, which activates the Actions workaround for SIP.
See https://github.com/actions/runner/pull/416 .
2022-07-25 15:02:44 -07:00
4e46a69655
Merge branch 'main' into aeisenberg/fix-config-files
2022-07-25 11:20:15 -07:00
a32664975f
autobuild-action: Run autobuilders with $CODEQL_RUNNER set.
...
Without this, the tracer will not be injected on MacOS, as we need the
runner to circumvent SIP.
Also add a test that tests the autobuild-action to exercise this code path.
2022-07-21 15:51:54 +00:00
aa231930c1
Merge branch 'main' into alexet/codeql-2.10.1-update
2022-07-19 14:41:49 +01:00
c059f95c05
Fix lint errors.
2022-07-18 11:26:03 +00:00
75afbf4a30
Address review, add test.
2022-07-18 10:37:04 +00:00
01fa64cb90
Don't crash if we are unable to get a response from the feature-flag endpoint.
2022-07-18 10:14:40 +00:00
11111290fc
Update bundle to 2.10.1
2022-07-14 15:37:28 +01:00
01d16b1e01
Merge branch 'main' into aeisenberg/fix-config-files
2022-07-13 14:05:48 -07:00
7ce9ef9137
Use concat instead of push around `listFolders`
...
This avoids stack overflows when using the spread operator on
directories that have many, many children.
2022-07-12 13:23:01 -07:00
dca60ba711
Merge remote-tracking branch 'origin/main' into henrymercer/one-click-debug
2022-07-12 16:54:30 +01:00
b45ac1f8f8
Cleanup: Use optional chaining in a couple of places
2022-07-12 16:30:21 +01:00
b316baae94
Merge remote-tracking branch 'origin/main' into henrymercer/one-click-debug
2022-07-12 16:22:05 +01:00
e655fb331c
Use `core.isDebug()` instead of accessing env var
2022-07-12 16:19:13 +01:00
3dcdbc9add
Unset tracing variables after finalizing databases.
...
The tracer is very good at preserving itself, so unsetting the tracing-specific
variables from within a process will not end tracing for children of
that process.
The way the actions process model works means that we're running inside
a process for the entire build step that was launched with the tracer
variables set, so we'll have the tracer injected into the entire build
step and its children.
If we unset the variables in end-tracing, we will get into an intermediate
state: Not all variables in there are preserved by the tracer,
but the tracer is still active.
Usually, that wouldn't be a problem, but the autobuilders called from
the finalize step will suddenly run under a half-configured tracer.
Particularly, this half-configured tracer is unable to execute the dotnet
CLI without hangs, as the environment variable that prevents hangs for
dotnet on MacOS has been unset, but the tracer is still active.
This is an issue for the the go autobuilder, that invokes
user-provided build scripts in the hope of installing dependencies.
If that build script then invokes dotnet, it will hang.
This is only of concern for the Lua tracer that now implements proper
multi-language tracing: Previously, when encountering the go autobuilder,
the tracer disabled itself entirely, thus side-stepping any hangs.
In the new, multi-language tracing world, the tracer will stay active
as long as there is at least one other language that's been set up
for tracing.
Thus, we also get hangs when invoking the dotnet CLI through the go
autobuilder.
2022-07-12 11:33:44 +00:00
fc926423a5
Merge remote-tracking branch 'origin/main' into henrymercer/run-unit-tests-on-windows
2022-07-11 17:57:19 +01:00
7e94a6cbca
Print diagnostic messages when debug logging enabled
...
This commit prints diagnostic messages to the Actions log when debug
logging is enabled by passing `debug: true` to `codeql-action/init` or
enabling Actions step debug logging.
2022-07-01 18:56:12 +01:00
53850d88bb
Enable one-click debugging via the "Enable debug logging" rerun option
2022-07-01 17:56:57 +01:00
c736697abf
Remove toolcache decorator
...
This decorator enabled us to use the functionality of the Actions
toolcache within the runner too.
Now that we've deleted the runner we no longer need it.
2022-06-30 09:16:10 +01:00
53bc5e6c78
Merge remote-tracking branch 'origin/main' into aibaars/python-setup-no-pycache
2022-06-30 09:10:41 +02:00
8688a09e14
When using codescanning config call run queries a single time
...
When the codescanning config is being used by the CLI, there is a
single query suite that is generated that contains all queries to be
run by the analysis. This is different from the traditional way, where
there are potentially three query suites: builtin, custom, and packs.
We need to ensure that when the codescanning config is being used,
only a single call to run queries is used, and this call uses the
single generated query suite.
Also, this commit changes the cutoff version for codescanning config to
2.10.1. Earlier versions work, but there were some bugs that are only
fixed in 2.10.1 and later.
2022-06-29 12:50:24 -07:00
130a51dbc6
Handle Windows absolute paths in `resolveUriToFile`
2022-06-29 18:59:33 +01:00
c2fd5d10f6
Don't make temporary directories symlinks
...
`toolcache.extractTar` currently falls over when `ACTIONS_TEMP` contains
a symlink, and the runner no longer exists, so it's unlikely our
customers would be running with temporary directories that contain
symlinks.
2022-06-29 18:59:33 +01:00
30681e79db
Separate paths with `/` in `resolveUriToFile`
2022-06-29 18:59:32 +01:00
c15604920a
Workaround `PATH` casing issues on Windows
2022-06-29 18:59:32 +01:00
4792297702
Fix test failures on Windows related to path separators
2022-06-29 18:59:32 +01:00
6fabde2be8
Add packs and queries from input
...
This commit adds the packs and queries from the actions input to the
config file used by the CodeQL CLI.
When the `+` is used, the actions input value is combined with the
config value and when it is not used, the input value overrides the
config value.
This commit also adds a bunch of integration tests for this feature.
In order to avoid adding too many new jobs, all of the tests are
run sequentially in a single job (matrixed across relevant operating
systems and OSes).
2022-06-28 14:07:51 -07:00
237260b693
Revert "Revert usage of `--codescanning-config` flag"
...
This reverts commit 43d066495c
2022-06-28 13:03:04 -07:00
41d6ac4d2a
Remove toolcache decorator
...
This decorator enabled us to use the functionality of the Actions
toolcache within the runner too.
Now that we've deleted the runner we no longer need it.
2022-06-28 18:22:09 +01:00
1616e0ef98
Simplify tests for the Lua tracer FF in analyze-action.
2022-06-28 10:29:00 +00:00
821fe9b476
Merge branch 'main' into criemen/lua-tracer-ff-2
2022-06-28 10:43:04 +02:00
2a70419420
Revert "Revert "Add capability to filter queries #1098""
...
This reverts commit 99d4397d88
2022-06-27 13:13:55 -07:00
ab7316e0c5
Implement unit tests for reading the Lua tracer FF in analyze-action.
2022-06-27 16:04:29 +00:00
f422a50448
Honor the Lua tracer FF for `database trace-command` invocations for scanned languages.
...
In theory, a scanned language will not setup the build tracer, and so
shouldn't care about lua versus legacy tracing. However, `go` is a
special case where the autobuilder runs under the build tracer, that
then gets disabled immediately again, unless a special environment
variable is used.
Therefore, we need to thread through the feature flag to this
`database trace-command` invocation. For other scanned languages,
this should be a no-op, as no tracing is ever set up.
2022-06-27 16:04:29 +00:00
ed40e306f5
Update default CodeQL version to 2.10.0
2022-06-27 09:01:12 -07:00
cae9a1f462
Run npm build
2022-06-27 16:40:40 +02:00
1653a84fbc
Allow scans with packs for languages not being scanned
...
Previously, we were being too strict about checking that a pack's
language was being scanned. It was a failure if a pack language
was specified for a language not being scanned.
2022-06-22 14:37:31 -07:00
99d4397d88
Revert "Add capability to filter queries #1098"
...
https://github.com/github/codeql-action/pull/1098
This reverts commit 777b77840959ca9b59cbeec34d5f0540b280032c
2022-06-21 13:49:33 -07:00
99acb8dda6
Bump lua tracer version requirement.
...
The old version had a bug related to go autobuilding, so we only want to
respect the feature flag for the version that has the fix.
2022-06-20 14:05:26 +00:00
ccf5d70ab3
Update default CodeQL version to 2.9.4
2022-06-20 09:39:11 +01:00
80ecdcdf69
Merge pull request #1098 from github/aeisenberg/remove-queries
...
Add capability to filter queries
2022-06-15 17:52:46 -07:00
7c412c67ba
Merge branch 'aeisenberg/check-sarif-action' into aeisenberg/remove-queries
2022-06-16 02:42:30 +02:00
6db77eec0d
Merge remote-tracking branch 'upstream/main' into aeisenberg/remove-queries
2022-06-15 17:21:05 -07:00
97f9db4fb9
Update supported GitHub Enterprise Server versions.
2022-06-16 00:11:36 +00:00
a27dc4fee4
update security extended test for all platforms
2022-06-15 11:42:22 +01:00
a568674c69
add tests for ML powered queries 0.3.0 and CLI 2.9.3
2022-06-15 11:42:22 +01:00
f8f4c0b33e
compile the modified TypeScript to Javascript
2022-06-15 11:42:22 +01:00
06e27d3e3d
Merge branch 'aeisenberg/js-yaml-typings' into aeisenberg/remove-queries
2022-06-14 12:08:16 -07:00
40b280032c
Add capability to filter queries
...
This change adds a `query-filters` property to the codeql-config file.
This property is an array of `exclude`/`include` entries for a query
suite. These filters are appended to the generated query suite files
and used to filter queries after they are selected.
A related change is that now, all pack references are run in a single
query suite, which has the query filters appended to them.
2022-06-14 12:07:49 -07:00
0efcf74ce0
Add typings for js-yaml
2022-06-14 07:50:47 -07:00
f7c46e5cbc
Avoid use of rmdir
...
This is a deprecated method on node v16.
2022-06-13 22:40:09 +00:00
1b5ea4afdc
Merge branch 'main' into swift-support
2022-06-03 01:13:47 +01:00
b36688d5b7
Update default CodeQL to 2.9.3
2022-05-27 09:16:45 -07:00
bfe9d7da56
Add Swift as a supported language.
2022-05-27 16:29:13 +01:00
255ffd480f
Merge branch 'main' into criemen/lua-tracing-ff
2022-05-25 11:53:06 +02:00
4b775686a0
Choose the correct version to enable the Lua tracer for.
2022-05-25 07:39:11 +00:00
970e0879d9
Fix linter errors.
2022-05-16 09:40:10 +00:00
db50adab01
Add tests for the Lua feature flag.
2022-05-16 09:16:41 +00:00
9e9a8428c3
Introduce a feature-flag to enable/disable lua-based tracing.
...
This allows us to gradually roll out (or even roll back)
Lua-based tracing in case problems occur.
2022-05-16 09:16:38 +00:00
1725087693
Update default CodeQL to 2.9.2
2022-05-16 09:40:19 +01:00
54b4854fda
Bump @actions/tool-cache to 2.0.0
...
This allows us to drop our direct dependency on `@actions/http-client`.
2022-05-13 11:54:40 +01:00
533ce91971
Merge remote-tracking branch 'origin/main' into henrymercer/run-atm-on-windows
2022-05-11 19:32:14 +01:00
4e0668d05e
Fix integration tests on v1
...
The GitHub API client coerces `fake-server-url` to the Dotcom API URL,
which means commands like `util.getGitHubVersion` will call the Dotcom
API with the `fake-token`, resulting in 401s.
We therefore use the Dotcom URL instead and additionally stub
`util.getGitHubVersion` as a good practice (it's no longer necessary).
2022-05-11 15:53:57 +01:00
3c6dd303a8
Update codeql to 2.9.1
2022-05-03 15:58:57 +01:00
366e88c2c1
Fix processing errors being caught and logged as a warning rather than failing the workflow run.
2022-05-03 10:06:19 +01:00
b11fe85402
Merge branch 'main' into aeisenberg/packs-with-paths
2022-04-29 11:10:16 -07:00
922dc2b976
Use the `--resolve-query-specs` parameter of `pack download`
...
This will allow the command to resolve packs with paths.
Also, use a more concise version of `tr`.
2022-04-29 10:54:01 -07:00
395afb1dd9
Fix unit test assertion on Windows
2022-04-29 18:18:19 +01:00
06b15c22b1
Allow pack specifiers to include paths
...
Also, this cleans up our pack-related integration tests.
We are now testing with the most recent CLIs.
2022-04-28 17:14:30 -07:00
d9e30cb001
Run ML-powered queries on Windows with CodeQL CLI 2.9.0+
2022-04-28 19:18:15 +01:00
ea676e3184
Don't wait for processing in test mode
...
In test mode, we don't upload results, so there's no point waiting for
processing.
2022-04-28 19:14:14 +01:00
7c2be06006
Factor out test mode determination code
2022-04-28 19:13:22 +01:00
2bf00f719d
Merge branch 'main' into henrymercer/prompt-v1-to-v2-upgrades
2022-04-28 14:17:36 +01:00
02083c307e
Add a comment to explain why we show the upgrade message on GHES 3.4
2022-04-28 14:16:32 +01:00
35ef6a2db3
Move `formatGitHubVersion` into util.test.ts
2022-04-28 14:16:32 +01:00
5227afabbe
Tweak wording of message
2022-04-28 14:16:32 +01:00
0256599547
Prompt customers to upgrade from v1 to v2
2022-04-27 16:11:24 +01:00
6dd9baf8be
Fix status reporting error on Windows
2022-04-26 08:06:57 -07:00
23b7196b6b
Bump default CodeQL version to 2.9.0
2022-04-21 23:12:38 +02:00
e7869d541b
Merge main into wait-for-processing-2.
2022-04-14 08:49:44 +01:00
b0c570ef83
autobuild: add working-directory input
2022-04-08 13:37:42 -07:00
426a3951ee
Exclude pull requests from actions/runs request
...
This will save time when fetcing the current run and we
don't use the pull requests for anything anyway. It is
ok to leave out.
2022-04-07 14:02:44 -07:00
5d3e1a701c
Update default CodeQL version to 2.8.5
2022-04-07 13:41:02 +01:00
43d066495c
Revert usage of `--codescanning-config` flag
2022-04-05 09:41:07 +01:00
e26813cf98
Run version `~0.2.0` of the ML-powered query pack for v2.8.4+ of the CLI
2022-03-31 14:58:41 +01:00
2c03704a6c
Allow the version of the ML-powered pack to depend on the CLI version
2022-03-31 14:58:29 +01:00
dd6b592e3e
Simplify ML-powered query status report definition
...
We now limit the cardinality of the ML-powered JS queries status report
field server-side. With no need for a limit on the cardinality of the
status report client-side, we can simplify how we produce it.
2022-03-31 14:55:32 +01:00
1ea2f2d7f1
Merge branch 'main' into henrymercer/update-actions-major-versions
2022-03-30 20:00:06 +01:00
a2949f47b3
Update actions/checkout from v2 to v3
2022-03-30 19:46:09 +01:00
e6f3e049b4
Add descriptions to each test
2022-03-30 18:17:06 +01:00
e83a1d469e
Stop running ML-powered queries on Windows
2022-03-30 18:05:12 +01:00
9885f86fab
Re-enable waiting for processing by default, using the new API semantics.
2022-03-30 12:24:59 +01:00
f1060fbba0
Bump default CodeQL version to 2.8.4
2022-03-29 16:55:25 +01:00
d625a00cee
Start running ATM queries again
2022-03-28 09:06:45 +01:00
88db5e75ec
Merge branch 'main' into aeisenberg/checkout-path-commitoid
2022-03-25 10:31:47 -07:00
d068f5372a
Fix failing tests
2022-03-25 10:00:47 -07:00
85cfdb24f4
Don't download packs when it isn't needed
2022-03-25 11:26:13 +00:00
c3010cb18a
Status reporting: fix codeql_version field name
2022-03-23 11:32:03 -07:00
c592f89989
Merge branch 'main' into update-supported-enterprise-server-versions
2022-03-21 13:12:12 +00:00
0a713019c3
refactor: replace deprecated String.prototype.substr()
...
.substr() is deprecated so we replace it with .slice() which works similarily but isn't deprecated
Signed-off-by: Tobias Speicher <rootcommander@gmail.com>
2022-03-20 17:08:43 +01:00
243ebf6e35
Update supported GitHub Enterprise Server versions.
2022-03-18 00:09:57 +00:00
f60bb5cc38
Include CodeQL CLI and action versions in status reports
2022-03-17 10:07:29 -07:00
ea5898d606
Restore compatibility with GHES 3.1: address code review comments
2022-03-14 15:44:16 -07:00
Marco Gario
Henry Mercer
Angela P Wen
Henry Mercer
Edoardo Pirovano
Stephan Brandauer
Cornelius Riemenschneider
Edoardo Pirovano
Andrew Eisenberg
GitHub
alexet
github-actions[bot]
Chuan-kai Lin
Josh Soref
Cornelius Riemenschneider
David Verdeguer
Chris Gavin
CI
Aditya Sharad
Arthur Baars
tombolton
Mathias Vorreiter Pedersen
Henning Makholm
Tobias Speicher