feat: Update extractor and main workflow

Author: GeekMasher

src/extractors.rs

@@ -2,7 +2,6 @@ use std::path::PathBuf;
 
 use anyhow::Result;
 use ghastoolkit::Repository;
-use ghastoolkit::codeql::CodeQLExtractor;
 use octocrab::models::repos::{Asset, Release};
 
 async fn fetch_releases(client: &octocrab::Octocrab, repository: &Repository) -> Result<Release> {
@@ -32,31 +31,57 @@ async fn fetch_releases(client: &octocrab::Octocrab, repository: &Repository) ->
 pub async fn fetch_extractor(
     client: &octocrab::Octocrab,
     repository: &Repository,
+    attest: bool,
     output: &PathBuf,
-) -> Result<CodeQLExtractor> {
-    let release = fetch_releases(client, repository).await?;
-
-    let Some(release_asset) = release.assets.iter().find(|a| a.name.ends_with(".tar.gz")) else {
-        return Err(anyhow::anyhow!("No asset found"));
-    };
-    log::info!("Asset URL :: {}", release_asset.browser_download_url);
-
-    let asset: Asset = client.get(release_asset.url.clone(), None::<&()>).await?;
-
+) -> Result<PathBuf> {
     let extractor_tarball = output.join("extractor.tar.gz");
-    let extractor_path = output.join("extractor-pack").join("codeql-extractor.yml");
+    let extractor_pack = output.join("extractor-pack");
+    let extractor_path = extractor_pack.join("codeql-extractor.yml");
 
     let toolcache = ghactions::ToolCache::new();
 
     if !extractor_tarball.exists() {
         log::info!("Downloading asset to {:?}", extractor_tarball);
 
+        let release = fetch_releases(client, repository).await?;
+
+        let Some(release_asset) = release.assets.iter().find(|a| a.name.ends_with(".tar.gz"))
+        else {
+            return Err(anyhow::anyhow!("No asset found"));
+        };
+        log::info!("Asset URL :: {}", release_asset.browser_download_url);
+
+        let asset: Asset = client.get(release_asset.url.clone(), None::<&()>).await?;
+
         toolcache.download_asset(&asset, &extractor_tarball).await?;
     }
 
-    if extractor_path.exists() {
-        log::info!("Removing existing asset {:?}", extractor_path);
-        std::fs::remove_dir_all(&extractor_path)?;
+    if attest {
+        log::info!("Attesting asset {:?}", extractor_tarball);
+
+        let output = tokio::process::Command::new("gh")
+            .arg("attestation")
+            .arg("verify")
+            .arg("--owner")
+            .arg(repository.owner())
+            .arg(&extractor_tarball)
+            .output()
+            .await?;
+
+        if !output.status.success() {
+            return Err(anyhow::anyhow!(
+                "Attestation failed: {}",
+                String::from_utf8_lossy(&output.stderr)
+            ));
+        }
+        log::info!("Attestation successful");
+    } else {
+        log::info!("No attestation requested");
+    }
+
+    if extractor_pack.exists() {
+        log::info!("Removing existing asset {:?}", extractor_pack);
+        std::fs::remove_dir_all(&extractor_pack)?;
     }
 
     log::info!("Extracting asset to {:?}", extractor_path);
@@ -68,8 +93,5 @@ pub async fn fetch_extractor(
         return Err(anyhow::anyhow!("Extractor not found"));
     }
 
-    log::info!("Loading CodeQL Extractor from {:?}", extractor_path);
-    let extractor = CodeQLExtractor::load_path(extractor_path)?;
-
-    Ok(extractor)
+    Ok(extractor_path.canonicalize()?)
 }

src/main.rs

@@ -2,6 +2,7 @@ use std::path::PathBuf;
 
 use anyhow::{Context, Result};
 use ghactions::{ActionTrait, ToolCache, group, groupend};
+use ghastoolkit::CodeQL;
 use log::{debug, info};
 
 mod action;
@@ -14,7 +15,7 @@ async fn main() -> Result<()> {
     let action = Action::init()?;
     debug!("Action :: {:?}", action);
 
-    group!("Initialise Workflow");
+    group!("Setting up Extractor");
 
     let client = octocrab::instance();
 
@@ -32,14 +33,32 @@ async fn main() -> Result<()> {
         info!("Created Extractor Directory :: {:?}", extractor_path);
     }
 
-    let extractor = extractors::fetch_extractor(&client, &extractor_repo, &extractor_path).await?;
+    let extractor = extractors::fetch_extractor(
+        &client,
+        &extractor_repo,
+        action.attestation(),
+        &extractor_path,
+    )
+    .await
+    .context("Failed to fetch extractor")?;
     log::info!("Extractor :: {:?}", extractor);
 
-    groupend!();
+    let codeql = CodeQL::init()
+        .search_path(extractor)
+        .build()
+        .await
+        .context("Failed to create CodeQL instance")?;
+    log::info!("CodeQL :: {:?}", codeql);
+
+    let languages = codeql.get_languages().await?;
+    log::info!("Languages :: {:?}", languages);
 
-    group!("Download and install extractor");
+    // TODO: This is erroring during development
+    // action.set_extractor_path(extractor_path.display().to_string());
+
+    groupend!();
 
-    // TODO: Validate the extractor
+    group!("Running extractor");
 
     groupend!();