diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index dc25bc1657..7461132506 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -117550,10 +117550,191 @@ var PACK_IDENTIFIER_PATTERN = (function() { // src/feature-flags.ts var semver4 = __toESM(require_semver2()); -// src/overlay-database-utils.ts -var fs2 = __toESM(require("fs")); -var path2 = __toESM(require("path")); -var actionsCache = __toESM(require_cache3()); +// src/tools-features.ts +var semver3 = __toESM(require_semver2()); +function isSupportedToolsFeature(versionInfo, feature) { + return !!versionInfo.features && versionInfo.features[feature]; +} +var SafeArtifactUploadVersion = "2.20.3"; +function isSafeArtifactUpload(codeQlVersion) { + return !codeQlVersion ? true : semver3.gte(codeQlVersion, SafeArtifactUploadVersion); +} + +// src/feature-flags.ts +var featureConfig = { + ["cleanup_trap_caches" /* CleanupTrapCaches */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", + minimumVersion: void 0 + }, + ["cpp_dependency_installation_enabled" /* CppDependencyInstallation */]: { + defaultValue: false, + envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES", + legacyApi: true, + minimumVersion: "2.15.0" + }, + ["diff_informed_queries" /* DiffInformedQueries */]: { + defaultValue: true, + envVar: "CODEQL_ACTION_DIFF_INFORMED_QUERIES", + minimumVersion: "2.21.0" + }, + ["disable_csharp_buildless" /* DisableCsharpBuildless */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_DISABLE_CSHARP_BUILDLESS", + minimumVersion: void 0 + }, + ["disable_java_buildless_enabled" /* DisableJavaBuildlessEnabled */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_DISABLE_JAVA_BUILDLESS", + legacyApi: true, + minimumVersion: void 0 + }, + ["disable_kotlin_analysis_enabled" /* DisableKotlinAnalysisEnabled */]: { + defaultValue: false, + envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS", + legacyApi: true, + minimumVersion: void 0 + }, + ["export_diagnostics_enabled" /* ExportDiagnosticsEnabled */]: { + defaultValue: true, + envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS", + legacyApi: true, + minimumVersion: void 0 + }, + ["resolve_supported_languages_using_cli" /* ResolveSupportedLanguagesUsingCli */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_RESOLVE_SUPPORTED_LANGUAGES_USING_CLI", + minimumVersion: void 0, + toolsFeature: "builtinExtractorsSpecifyDefaultQueries" /* BuiltinExtractorsSpecifyDefaultQueries */ + }, + ["overlay_analysis" /* OverlayAnalysis */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", + minimumVersion: void 0 + }, + ["overlay_analysis_actions" /* OverlayAnalysisActions */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_ACTIONS", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_ACTIONS", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CPP", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CSHARP", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_GO", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVA", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVASCRIPT", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_PYTHON", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUBY", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUST", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_SWIFT", + minimumVersion: void 0 + }, + ["overlay_analysis_cpp" /* OverlayAnalysisCpp */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CPP", + minimumVersion: void 0 + }, + ["overlay_analysis_csharp" /* OverlayAnalysisCsharp */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP", + minimumVersion: void 0 + }, + ["overlay_analysis_go" /* OverlayAnalysisGo */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO", + minimumVersion: void 0 + }, + ["overlay_analysis_java" /* OverlayAnalysisJava */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVA", + minimumVersion: void 0 + }, + ["overlay_analysis_javascript" /* OverlayAnalysisJavascript */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVASCRIPT", + minimumVersion: void 0 + }, + ["overlay_analysis_python" /* OverlayAnalysisPython */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON", + minimumVersion: void 0 + }, + ["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY", + minimumVersion: void 0 + }, + ["overlay_analysis_rust" /* OverlayAnalysisRust */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", + minimumVersion: void 0 + }, + ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", + minimumVersion: void 0 + }, + ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", + minimumVersion: void 0, + toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */ + }, + ["use_repository_properties" /* UseRepositoryProperties */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", + minimumVersion: void 0 + }, + ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_QA_TELEMETRY", + legacyApi: true, + minimumVersion: void 0 + }, + ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS", + minimumVersion: "2.23.0" + } +}; // src/git-utils.ts var core7 = __toESM(require_core()); @@ -117718,6 +117899,11 @@ async function isAnalyzingDefaultBranch() { return currentRef === defaultBranch; } +// src/overlay-database-utils.ts +var fs2 = __toESM(require("fs")); +var path2 = __toESM(require("path")); +var actionsCache = __toESM(require_cache3()); + // src/logging.ts var core8 = __toESM(require_core()); function getActionsLogger() { @@ -117733,7 +117919,6 @@ function withGroup(groupName, f) { } // src/overlay-database-utils.ts -var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4"; var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 15e3; var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6; async function writeBaseDatabaseOidsFile(config, sourceRoot) { @@ -117793,192 +117978,6 @@ function computeChangedFiles(baseFileOids, overlayFileOids) { return changes; } -// src/tools-features.ts -var semver3 = __toESM(require_semver2()); -function isSupportedToolsFeature(versionInfo, feature) { - return !!versionInfo.features && versionInfo.features[feature]; -} -var SafeArtifactUploadVersion = "2.20.3"; -function isSafeArtifactUpload(codeQlVersion) { - return !codeQlVersion ? true : semver3.gte(codeQlVersion, SafeArtifactUploadVersion); -} - -// src/feature-flags.ts -var featureConfig = { - ["cleanup_trap_caches" /* CleanupTrapCaches */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", - minimumVersion: void 0 - }, - ["cpp_dependency_installation_enabled" /* CppDependencyInstallation */]: { - defaultValue: false, - envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES", - legacyApi: true, - minimumVersion: "2.15.0" - }, - ["diff_informed_queries" /* DiffInformedQueries */]: { - defaultValue: true, - envVar: "CODEQL_ACTION_DIFF_INFORMED_QUERIES", - minimumVersion: "2.21.0" - }, - ["disable_csharp_buildless" /* DisableCsharpBuildless */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_DISABLE_CSHARP_BUILDLESS", - minimumVersion: void 0 - }, - ["disable_java_buildless_enabled" /* DisableJavaBuildlessEnabled */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_DISABLE_JAVA_BUILDLESS", - legacyApi: true, - minimumVersion: void 0 - }, - ["disable_kotlin_analysis_enabled" /* DisableKotlinAnalysisEnabled */]: { - defaultValue: false, - envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS", - legacyApi: true, - minimumVersion: void 0 - }, - ["export_diagnostics_enabled" /* ExportDiagnosticsEnabled */]: { - defaultValue: true, - envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS", - legacyApi: true, - minimumVersion: void 0 - }, - ["resolve_supported_languages_using_cli" /* ResolveSupportedLanguagesUsingCli */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_RESOLVE_SUPPORTED_LANGUAGES_USING_CLI", - minimumVersion: void 0, - toolsFeature: "builtinExtractorsSpecifyDefaultQueries" /* BuiltinExtractorsSpecifyDefaultQueries */ - }, - ["overlay_analysis" /* OverlayAnalysis */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", - minimumVersion: CODEQL_OVERLAY_MINIMUM_VERSION - }, - ["overlay_analysis_actions" /* OverlayAnalysisActions */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_ACTIONS", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_ACTIONS", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CPP", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CSHARP", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_GO", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVA", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVASCRIPT", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_PYTHON", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUBY", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUST", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_SWIFT", - minimumVersion: void 0 - }, - ["overlay_analysis_cpp" /* OverlayAnalysisCpp */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CPP", - minimumVersion: void 0 - }, - ["overlay_analysis_csharp" /* OverlayAnalysisCsharp */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP", - minimumVersion: void 0 - }, - ["overlay_analysis_go" /* OverlayAnalysisGo */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO", - minimumVersion: void 0 - }, - ["overlay_analysis_java" /* OverlayAnalysisJava */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVA", - minimumVersion: void 0 - }, - ["overlay_analysis_javascript" /* OverlayAnalysisJavascript */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVASCRIPT", - minimumVersion: void 0 - }, - ["overlay_analysis_python" /* OverlayAnalysisPython */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON", - minimumVersion: void 0 - }, - ["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY", - minimumVersion: void 0 - }, - ["overlay_analysis_rust" /* OverlayAnalysisRust */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", - minimumVersion: void 0 - }, - ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", - minimumVersion: void 0 - }, - ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", - minimumVersion: void 0, - toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */ - }, - ["use_repository_properties" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, - ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_QA_TELEMETRY", - legacyApi: true, - minimumVersion: void 0 - }, - ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS", - minimumVersion: "2.23.0" - } -}; - // src/trap-caching.ts var actionsCache2 = __toESM(require_cache3()); diff --git a/lib/analyze-action.js b/lib/analyze-action.js index b675576c2b..f99d79fa4e 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -90625,907 +90625,906 @@ var PACK_IDENTIFIER_PATTERN = (function() { })(); // src/diff-informed-analysis-utils.ts -var fs8 = __toESM(require("fs")); -var path9 = __toESM(require("path")); - -// src/feature-flags.ts var fs7 = __toESM(require("fs")); var path8 = __toESM(require("path")); + +// src/feature-flags.ts +var fs6 = __toESM(require("fs")); +var path7 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json var bundleVersion = "codeql-bundle-v2.23.1"; var cliVersion = "2.23.1"; -// src/overlay-database-utils.ts -var crypto = __toESM(require("crypto")); -var fs6 = __toESM(require("fs")); -var path7 = __toESM(require("path")); -var actionsCache = __toESM(require_cache3()); +// src/tools-features.ts +var semver3 = __toESM(require_semver2()); +function isSupportedToolsFeature(versionInfo, feature) { + return !!versionInfo.features && versionInfo.features[feature]; +} -// src/git-utils.ts -var core7 = __toESM(require_core()); -var toolrunner2 = __toESM(require_toolrunner()); -var io3 = __toESM(require_io()); -var runGitCommand = async function(workingDirectory, args, customErrorMessage) { - let stdout = ""; - let stderr = ""; - core7.debug(`Running git command: git ${args.join(" ")}`); - try { - await new toolrunner2.ToolRunner(await io3.which("git", true), args, { - silent: true, - listeners: { - stdout: (data) => { - stdout += data.toString(); - }, - stderr: (data) => { - stderr += data.toString(); - } - }, - cwd: workingDirectory - }).exec(); - return stdout; - } catch (error2) { - let reason = stderr; - if (stderr.includes("not a git repository")) { - reason = "The checkout path provided to the action does not appear to be a git repository."; - } - core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); - throw error2; +// src/feature-flags.ts +var DEFAULT_VERSION_FEATURE_FLAG_PREFIX = "default_codeql_version_"; +var DEFAULT_VERSION_FEATURE_FLAG_SUFFIX = "_enabled"; +var CODEQL_VERSION_ZSTD_BUNDLE = "2.19.0"; +var featureConfig = { + ["cleanup_trap_caches" /* CleanupTrapCaches */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", + minimumVersion: void 0 + }, + ["cpp_dependency_installation_enabled" /* CppDependencyInstallation */]: { + defaultValue: false, + envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES", + legacyApi: true, + minimumVersion: "2.15.0" + }, + ["diff_informed_queries" /* DiffInformedQueries */]: { + defaultValue: true, + envVar: "CODEQL_ACTION_DIFF_INFORMED_QUERIES", + minimumVersion: "2.21.0" + }, + ["disable_csharp_buildless" /* DisableCsharpBuildless */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_DISABLE_CSHARP_BUILDLESS", + minimumVersion: void 0 + }, + ["disable_java_buildless_enabled" /* DisableJavaBuildlessEnabled */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_DISABLE_JAVA_BUILDLESS", + legacyApi: true, + minimumVersion: void 0 + }, + ["disable_kotlin_analysis_enabled" /* DisableKotlinAnalysisEnabled */]: { + defaultValue: false, + envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS", + legacyApi: true, + minimumVersion: void 0 + }, + ["export_diagnostics_enabled" /* ExportDiagnosticsEnabled */]: { + defaultValue: true, + envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS", + legacyApi: true, + minimumVersion: void 0 + }, + ["resolve_supported_languages_using_cli" /* ResolveSupportedLanguagesUsingCli */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_RESOLVE_SUPPORTED_LANGUAGES_USING_CLI", + minimumVersion: void 0, + toolsFeature: "builtinExtractorsSpecifyDefaultQueries" /* BuiltinExtractorsSpecifyDefaultQueries */ + }, + ["overlay_analysis" /* OverlayAnalysis */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", + minimumVersion: void 0 + }, + ["overlay_analysis_actions" /* OverlayAnalysisActions */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_ACTIONS", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_ACTIONS", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CPP", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CSHARP", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_GO", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVA", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVASCRIPT", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_PYTHON", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUBY", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUST", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_SWIFT", + minimumVersion: void 0 + }, + ["overlay_analysis_cpp" /* OverlayAnalysisCpp */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CPP", + minimumVersion: void 0 + }, + ["overlay_analysis_csharp" /* OverlayAnalysisCsharp */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP", + minimumVersion: void 0 + }, + ["overlay_analysis_go" /* OverlayAnalysisGo */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO", + minimumVersion: void 0 + }, + ["overlay_analysis_java" /* OverlayAnalysisJava */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVA", + minimumVersion: void 0 + }, + ["overlay_analysis_javascript" /* OverlayAnalysisJavascript */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVASCRIPT", + minimumVersion: void 0 + }, + ["overlay_analysis_python" /* OverlayAnalysisPython */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON", + minimumVersion: void 0 + }, + ["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY", + minimumVersion: void 0 + }, + ["overlay_analysis_rust" /* OverlayAnalysisRust */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", + minimumVersion: void 0 + }, + ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", + minimumVersion: void 0 + }, + ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", + minimumVersion: void 0, + toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */ + }, + ["use_repository_properties" /* UseRepositoryProperties */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", + minimumVersion: void 0 + }, + ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_QA_TELEMETRY", + legacyApi: true, + minimumVersion: void 0 + }, + ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS", + minimumVersion: "2.23.0" } }; -var getCommitOid = async function(checkoutPath, ref = "HEAD") { - try { - const stdout = await runGitCommand( - checkoutPath, - ["rev-parse", ref], - "Continuing with commit SHA from user input or environment." +var FEATURE_FLAGS_FILE_NAME = "cached-feature-flags.json"; +var Features = class { + constructor(gitHubVersion, repositoryNwo, tempDir, logger) { + this.logger = logger; + this.gitHubFeatureFlags = new GitHubFeatureFlags( + gitHubVersion, + repositoryNwo, + path7.join(tempDir, FEATURE_FLAGS_FILE_NAME), + logger ); - return stdout.trim(); - } catch { - return getOptionalInput("sha") || getRequiredEnvParam("GITHUB_SHA"); } -}; -var determineBaseBranchHeadCommitOid = async function(checkoutPathOverride) { - if (getWorkflowEventName() !== "pull_request") { - return void 0; + async getDefaultCliVersion(variant) { + return await this.gitHubFeatureFlags.getDefaultCliVersion(variant); } - const mergeSha = getRequiredEnvParam("GITHUB_SHA"); - const checkoutPath = checkoutPathOverride ?? getOptionalInput("checkout_path"); - try { - let commitOid = ""; - let baseOid = ""; - let headOid = ""; - const stdout = await runGitCommand( - checkoutPath, - ["show", "-s", "--format=raw", mergeSha], - "Will calculate the base branch SHA on the server." - ); - for (const data of stdout.split("\n")) { - if (data.startsWith("commit ") && commitOid === "") { - commitOid = data.substring(7); - } else if (data.startsWith("parent ")) { - if (baseOid === "") { - baseOid = data.substring(7); - } else if (headOid === "") { - headOid = data.substring(7); - } - } + /** + * + * @param feature The feature to check. + * @param codeql An optional CodeQL object. If provided, and a `minimumVersion` is specified for the + * feature, the version of the CodeQL CLI will be checked against the minimum version. + * If the version is less than the minimum version, the feature will be considered + * disabled. If not provided, and a `minimumVersion` is specified for the feature, the + * this function will throw. + * @returns true if the feature is enabled, false otherwise. + * + * @throws if a `minimumVersion` is specified for the feature, and `codeql` is not provided. + */ + async getValue(feature, codeql) { + if (!codeql && featureConfig[feature].minimumVersion) { + throw new Error( + `Internal error: A minimum version is specified for feature ${feature}, but no instance of CodeQL was provided.` + ); } - if (commitOid === mergeSha && headOid.length === 40 && baseOid.length === 40) { - return baseOid; + if (!codeql && featureConfig[feature].toolsFeature) { + throw new Error( + `Internal error: A required tools feature is specified for feature ${feature}, but no instance of CodeQL was provided.` + ); } - return void 0; - } catch { - return void 0; - } -}; -var decodeGitFilePath = function(filePath) { - if (filePath.startsWith('"') && filePath.endsWith('"')) { - filePath = filePath.substring(1, filePath.length - 1); - return filePath.replace( - /\\([abfnrtv\\"]|[0-7]{1,3})/g, - (_match, seq2) => { - switch (seq2[0]) { - case "a": - return "\x07"; - case "b": - return "\b"; - case "f": - return "\f"; - case "n": - return "\n"; - case "r": - return "\r"; - case "t": - return " "; - case "v": - return "\v"; - case "\\": - return "\\"; - case '"': - return '"'; - default: - return String.fromCharCode(parseInt(seq2, 8)); - } + const envVar = (process.env[featureConfig[feature].envVar] || "").toLocaleLowerCase(); + if (envVar === "false") { + this.logger.debug( + `Feature ${feature} is disabled via the environment variable ${featureConfig[feature].envVar}.` + ); + return false; + } + const minimumVersion = featureConfig[feature].minimumVersion; + if (codeql && minimumVersion) { + if (!await codeQlVersionAtLeast(codeql, minimumVersion)) { + this.logger.debug( + `Feature ${feature} is disabled because the CodeQL CLI version is older than the minimum version ${minimumVersion}.` + ); + return false; + } else { + this.logger.debug( + `CodeQL CLI version ${(await codeql.getVersion()).version} is newer than the minimum version ${minimumVersion} for feature ${feature}.` + ); } - ); - } - return filePath; -}; -var getFileOidsUnderPath = async function(basePath) { - const stdout = await runGitCommand( - basePath, - ["ls-files", "--recurse-submodules", "--format=%(objectname)_%(path)"], - "Cannot list Git OIDs of tracked files." - ); - const fileOidMap = {}; - const regex = /^([0-9a-f]{40})_(.+)$/; - for (const line of stdout.split("\n")) { - if (line) { - const match = line.match(regex); - if (match) { - const oid = match[1]; - const path20 = decodeGitFilePath(match[2]); - fileOidMap[path20] = oid; + } + const toolsFeature = featureConfig[feature].toolsFeature; + if (codeql && toolsFeature) { + if (!await codeql.supportsFeature(toolsFeature)) { + this.logger.debug( + `Feature ${feature} is disabled because the CodeQL CLI version does not support the required tools feature ${toolsFeature}.` + ); + return false; } else { - throw new Error(`Unexpected "git ls-files" output: ${line}`); + this.logger.debug( + `CodeQL CLI version ${(await codeql.getVersion()).version} supports the required tools feature ${toolsFeature} for feature ${feature}.` + ); } } - } - return fileOidMap; -}; -function getRefFromEnv() { - let refEnv; - try { - refEnv = getRequiredEnvParam("GITHUB_REF"); - } catch (e) { - const maybeRef = process.env["CODE_SCANNING_REF"]; - if (maybeRef === void 0 || maybeRef.length === 0) { - throw e; + if (envVar === "true") { + this.logger.debug( + `Feature ${feature} is enabled via the environment variable ${featureConfig[feature].envVar}.` + ); + return true; } - refEnv = maybeRef; - } - return refEnv; -} -async function getRef() { - const refInput = getOptionalInput("ref"); - const shaInput = getOptionalInput("sha"); - const checkoutPath = getOptionalInput("checkout_path") || getOptionalInput("source-root") || getRequiredEnvParam("GITHUB_WORKSPACE"); - const hasRefInput = !!refInput; - const hasShaInput = !!shaInput; - if ((hasRefInput || hasShaInput) && !(hasRefInput && hasShaInput)) { - throw new ConfigurationError( - "Both 'ref' and 'sha' are required if one of them is provided." + const apiValue = await this.gitHubFeatureFlags.getValue(feature); + if (apiValue !== void 0) { + this.logger.debug( + `Feature ${feature} is ${apiValue ? "enabled" : "disabled"} via the GitHub API.` + ); + return apiValue; + } + const defaultValue = featureConfig[feature].defaultValue; + this.logger.debug( + `Feature ${feature} is ${defaultValue ? "enabled" : "disabled"} due to its default value.` ); + return defaultValue; } - const ref = refInput || getRefFromEnv(); - const sha = shaInput || getRequiredEnvParam("GITHUB_SHA"); - if (refInput) { - return refInput; +}; +var GitHubFeatureFlags = class { + constructor(gitHubVersion, repositoryNwo, featureFlagsFile, logger) { + this.gitHubVersion = gitHubVersion; + this.repositoryNwo = repositoryNwo; + this.featureFlagsFile = featureFlagsFile; + this.logger = logger; + this.hasAccessedRemoteFeatureFlags = false; } - const pull_ref_regex = /refs\/pull\/(\d+)\/merge/; - if (!pull_ref_regex.test(ref)) { - return ref; + getCliVersionFromFeatureFlag(f) { + if (!f.startsWith(DEFAULT_VERSION_FEATURE_FLAG_PREFIX) || !f.endsWith(DEFAULT_VERSION_FEATURE_FLAG_SUFFIX)) { + return void 0; + } + const version = f.substring( + DEFAULT_VERSION_FEATURE_FLAG_PREFIX.length, + f.length - DEFAULT_VERSION_FEATURE_FLAG_SUFFIX.length + ).replace(/_/g, "."); + if (!semver4.valid(version)) { + this.logger.warning( + `Ignoring feature flag ${f} as it does not specify a valid CodeQL version.` + ); + return void 0; + } + return version; } - const head = await getCommitOid(checkoutPath, "HEAD"); - const hasChangedRef = sha !== head && await getCommitOid( - checkoutPath, - ref.replace(/^refs\/pull\//, "refs/remotes/pull/") - ) !== head; - if (hasChangedRef) { - const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core7.debug( - `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` + async getDefaultCliVersion(variant) { + if (variant === 0 /* DOTCOM */) { + return await this.getDefaultDotcomCliVersion(); + } + return { + cliVersion, + tagName: bundleVersion + }; + } + async getDefaultDotcomCliVersion() { + const response = await this.getAllFeatures(); + const enabledFeatureFlagCliVersions = Object.entries(response).map( + ([f, isEnabled]) => isEnabled ? this.getCliVersionFromFeatureFlag(f) : void 0 + ).filter((f) => f !== void 0); + if (enabledFeatureFlagCliVersions.length === 0) { + this.logger.warning( + `Feature flags do not specify a default CLI version. Falling back to the CLI version shipped with the Action. This is ${cliVersion}.` + ); + const result = { + cliVersion, + tagName: bundleVersion + }; + if (this.hasAccessedRemoteFeatureFlags) { + result.toolsFeatureFlagsValid = false; + } + return result; + } + const maxCliVersion = enabledFeatureFlagCliVersions.reduce( + (maxVersion, currentVersion) => currentVersion > maxVersion ? currentVersion : maxVersion, + enabledFeatureFlagCliVersions[0] ); - return newRef; - } else { - return ref; + this.logger.debug( + `Derived default CLI version of ${maxCliVersion} from feature flags.` + ); + return { + cliVersion: maxCliVersion, + tagName: `codeql-bundle-v${maxCliVersion}`, + toolsFeatureFlagsValid: true + }; } -} -function removeRefsHeadsPrefix(ref) { - return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref; -} -async function isAnalyzingDefaultBranch() { - if (process.env.CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH === "true") { - return true; + async getValue(feature) { + const response = await this.getAllFeatures(); + if (response === void 0) { + this.logger.debug(`No feature flags API response for ${feature}.`); + return void 0; + } + const features = response[feature]; + if (features === void 0) { + this.logger.debug(`Feature '${feature}' undefined in API response.`); + return void 0; + } + return !!features; } - let currentRef = await getRef(); - currentRef = removeRefsHeadsPrefix(currentRef); - const event = getWorkflowEvent(); - let defaultBranch = event?.repository?.default_branch; - if (getWorkflowEventName() === "schedule") { - defaultBranch = removeRefsHeadsPrefix(getRefFromEnv()); + async getAllFeatures() { + if (this.cachedApiResponse !== void 0) { + return this.cachedApiResponse; + } + const fileFlags = await this.readLocalFlags(); + if (fileFlags !== void 0) { + this.cachedApiResponse = fileFlags; + return fileFlags; + } + let remoteFlags = await this.loadApiResponse(); + if (remoteFlags === void 0) { + remoteFlags = {}; + } + this.cachedApiResponse = remoteFlags; + await this.writeLocalFlags(remoteFlags); + return remoteFlags; } - return currentRef === defaultBranch; -} - -// src/logging.ts -var core8 = __toESM(require_core()); -function getActionsLogger() { - return core8; -} -async function withGroupAsync(groupName, f) { - core8.startGroup(groupName); - try { - return await f(); - } finally { - core8.endGroup(); + async readLocalFlags() { + try { + if (fs6.existsSync(this.featureFlagsFile)) { + this.logger.debug( + `Loading feature flags from ${this.featureFlagsFile}` + ); + return JSON.parse( + fs6.readFileSync(this.featureFlagsFile, "utf8") + ); + } + } catch (e) { + this.logger.warning( + `Error reading cached feature flags file ${this.featureFlagsFile}: ${e}. Requesting from GitHub instead.` + ); + } + return void 0; } -} -function formatDuration(durationMs) { - if (durationMs < 1e3) { - return `${durationMs}ms`; + async writeLocalFlags(flags) { + try { + this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`); + fs6.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); + } catch (e) { + this.logger.warning( + `Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.` + ); + } } - if (durationMs < 60 * 1e3) { - return `${(durationMs / 1e3).toFixed(1)}s`; + async loadApiResponse() { + if (this.gitHubVersion.type !== 0 /* DOTCOM */ && this.gitHubVersion.type !== 2 /* GHE_DOTCOM */) { + this.logger.debug( + "Not running against github.com. Disabling all toggleable features." + ); + this.hasAccessedRemoteFeatureFlags = false; + return {}; + } + try { + const featuresToRequest = Object.entries(featureConfig).filter(([, config]) => !config.legacyApi).map(([f]) => f); + const FEATURES_PER_REQUEST = 25; + const featureChunks = []; + while (featuresToRequest.length > 0) { + featureChunks.push(featuresToRequest.splice(0, FEATURES_PER_REQUEST)); + } + let remoteFlags = {}; + for (const chunk of featureChunks) { + const response = await getApiClient().request( + "GET /repos/:owner/:repo/code-scanning/codeql-action/features", + { + owner: this.repositoryNwo.owner, + repo: this.repositoryNwo.repo, + features: chunk.join(",") + } + ); + const chunkFlags = response.data; + remoteFlags = { ...remoteFlags, ...chunkFlags }; + } + this.logger.debug( + "Loaded the following default values for the feature flags from the Code Scanning API:" + ); + for (const [feature, value] of Object.entries(remoteFlags).sort( + ([nameA], [nameB]) => nameA.localeCompare(nameB) + )) { + this.logger.debug(` ${feature}: ${value}`); + } + this.hasAccessedRemoteFeatureFlags = true; + return remoteFlags; + } catch (e) { + if (isHTTPError(e) && e.status === 403) { + this.logger.warning( + `This run of the CodeQL Action does not have permission to access Code Scanning API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the Action has the 'security-events: write' permission. Details: ${e.message}` + ); + this.hasAccessedRemoteFeatureFlags = false; + return {}; + } else { + throw new Error( + `Encountered an error while trying to determine feature enablement: ${e}` + ); + } + } } - const minutes = Math.floor(durationMs / (60 * 1e3)); - const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3); - return `${minutes}m${seconds}s`; -} +}; -// src/overlay-database-utils.ts -var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4"; -var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 15e3; -var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6; -async function writeBaseDatabaseOidsFile(config, sourceRoot) { - const gitFileOids = await getFileOidsUnderPath(sourceRoot); - const gitFileOidsJson = JSON.stringify(gitFileOids); - const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs6.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); -} -async function readBaseDatabaseOidsFile(config, logger) { - const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - try { - const contents = await fs6.promises.readFile( - baseDatabaseOidsFilePath, - "utf-8" - ); - return JSON.parse(contents); - } catch (e) { - logger.error( - `Failed to read overlay-base file OIDs from ${baseDatabaseOidsFilePath}: ${e.message || e}` +// src/diff-informed-analysis-utils.ts +async function getDiffInformedAnalysisBranches(codeql, features, logger) { + if (!await features.getValue("diff_informed_queries" /* DiffInformedQueries */, codeql)) { + return void 0; + } + const gitHubVersion = await getGitHubVersion(); + if (gitHubVersion.type === 1 /* GHES */ && satisfiesGHESVersion(gitHubVersion.version, "<3.19", true)) { + return void 0; + } + const branches = getPullRequestBranches(); + if (!branches) { + logger.info( + "Not performing diff-informed analysis because we are not analyzing a pull request." ); - throw e; } + return branches; } -function getBaseDatabaseOidsFilePath(config) { - return path7.join(config.dbLocation, "base-database-oids.json"); +function getDiffRangesJsonFilePath() { + return path8.join(getTemporaryDirectory(), "pr-diff-range.json"); } -async function writeOverlayChangesFile(config, sourceRoot, logger) { - const baseFileOids = await readBaseDatabaseOidsFile(config, logger); - const overlayFileOids = await getFileOidsUnderPath(sourceRoot); - const changedFiles = computeChangedFiles(baseFileOids, overlayFileOids); - logger.info( - `Found ${changedFiles.length} changed file(s) under ${sourceRoot}.` - ); - const changedFilesJson = JSON.stringify({ changes: changedFiles }); - const overlayChangesFile = path7.join( - getTemporaryDirectory(), - "overlay-changes.json" - ); +function writeDiffRangesJsonFile(logger, ranges) { + const jsonContents = JSON.stringify(ranges, null, 2); + const jsonFilePath = getDiffRangesJsonFilePath(); + fs7.writeFileSync(jsonFilePath, jsonContents); logger.debug( - `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` + `Wrote pr-diff-range JSON file to ${jsonFilePath}: +${jsonContents}` ); - await fs6.promises.writeFile(overlayChangesFile, changedFilesJson); - return overlayChangesFile; } -function computeChangedFiles(baseFileOids, overlayFileOids) { - const changes = []; - for (const [file, oid] of Object.entries(overlayFileOids)) { - if (!(file in baseFileOids) || baseFileOids[file] !== oid) { - changes.push(file); - } +function readDiffRangesJsonFile(logger) { + const jsonFilePath = getDiffRangesJsonFilePath(); + if (!fs7.existsSync(jsonFilePath)) { + logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); + return void 0; } - for (const file of Object.keys(baseFileOids)) { - if (!(file in overlayFileOids)) { - changes.push(file); + const jsonContents = fs7.readFileSync(jsonFilePath, "utf8"); + logger.debug( + `Read pr-diff-range JSON file from ${jsonFilePath}: +${jsonContents}` + ); + return JSON.parse(jsonContents); +} + +// src/git-utils.ts +var core7 = __toESM(require_core()); +var toolrunner2 = __toESM(require_toolrunner()); +var io3 = __toESM(require_io()); +var runGitCommand = async function(workingDirectory, args, customErrorMessage) { + let stdout = ""; + let stderr = ""; + core7.debug(`Running git command: git ${args.join(" ")}`); + try { + await new toolrunner2.ToolRunner(await io3.which("git", true), args, { + silent: true, + listeners: { + stdout: (data) => { + stdout += data.toString(); + }, + stderr: (data) => { + stderr += data.toString(); + } + }, + cwd: workingDirectory + }).exec(); + return stdout; + } catch (error2) { + let reason = stderr; + if (stderr.includes("not a git repository")) { + reason = "The checkout path provided to the action does not appear to be a git repository."; } + core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + throw error2; } - return changes; -} -var CACHE_VERSION = 1; -var CACHE_PREFIX = "codeql-overlay-base-database"; -var MAX_CACHE_OPERATION_MS = 6e5; -function checkOverlayBaseDatabase(config, logger, warningPrefix) { - const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - if (!fs6.existsSync(baseDatabaseOidsFilePath)) { - logger.warning( - `${warningPrefix}: ${baseDatabaseOidsFilePath} does not exist` +}; +var getCommitOid = async function(checkoutPath, ref = "HEAD") { + try { + const stdout = await runGitCommand( + checkoutPath, + ["rev-parse", ref], + "Continuing with commit SHA from user input or environment." ); - return false; + return stdout.trim(); + } catch { + return getOptionalInput("sha") || getRequiredEnvParam("GITHUB_SHA"); } - return true; -} -async function uploadOverlayBaseDatabaseToCache(codeql, config, logger) { - const overlayDatabaseMode = config.overlayDatabaseMode; - if (overlayDatabaseMode !== "overlay-base" /* OverlayBase */) { - logger.debug( - `Overlay database mode is ${overlayDatabaseMode}. Skip uploading overlay-base database to cache.` - ); - return false; +}; +var determineBaseBranchHeadCommitOid = async function(checkoutPathOverride) { + if (getWorkflowEventName() !== "pull_request") { + return void 0; } - if (!config.useOverlayDatabaseCaching) { - logger.debug( - "Overlay database caching is disabled. Skip uploading overlay-base database to cache." + const mergeSha = getRequiredEnvParam("GITHUB_SHA"); + const checkoutPath = checkoutPathOverride ?? getOptionalInput("checkout_path"); + try { + let commitOid = ""; + let baseOid = ""; + let headOid = ""; + const stdout = await runGitCommand( + checkoutPath, + ["show", "-s", "--format=raw", mergeSha], + "Will calculate the base branch SHA on the server." ); - return false; + for (const data of stdout.split("\n")) { + if (data.startsWith("commit ") && commitOid === "") { + commitOid = data.substring(7); + } else if (data.startsWith("parent ")) { + if (baseOid === "") { + baseOid = data.substring(7); + } else if (headOid === "") { + headOid = data.substring(7); + } + } + } + if (commitOid === mergeSha && headOid.length === 40 && baseOid.length === 40) { + return baseOid; + } + return void 0; + } catch { + return void 0; } - if (isInTestMode()) { - logger.debug( - "In test mode. Skip uploading overlay-base database to cache." +}; +var decodeGitFilePath = function(filePath) { + if (filePath.startsWith('"') && filePath.endsWith('"')) { + filePath = filePath.substring(1, filePath.length - 1); + return filePath.replace( + /\\([abfnrtv\\"]|[0-7]{1,3})/g, + (_match, seq2) => { + switch (seq2[0]) { + case "a": + return "\x07"; + case "b": + return "\b"; + case "f": + return "\f"; + case "n": + return "\n"; + case "r": + return "\r"; + case "t": + return " "; + case "v": + return "\v"; + case "\\": + return "\\"; + case '"': + return '"'; + default: + return String.fromCharCode(parseInt(seq2, 8)); + } + } ); - return false; } - const databaseIsValid = checkOverlayBaseDatabase( - config, - logger, - "Abort uploading overlay-base database to cache" + return filePath; +}; +var getFileOidsUnderPath = async function(basePath) { + const stdout = await runGitCommand( + basePath, + ["ls-files", "--recurse-submodules", "--format=%(objectname)_%(path)"], + "Cannot list Git OIDs of tracked files." ); - if (!databaseIsValid) { - return false; + const fileOidMap = {}; + const regex = /^([0-9a-f]{40})_(.+)$/; + for (const line of stdout.split("\n")) { + if (line) { + const match = line.match(regex); + if (match) { + const oid = match[1]; + const path20 = decodeGitFilePath(match[2]); + fileOidMap[path20] = oid; + } else { + throw new Error(`Unexpected "git ls-files" output: ${line}`); + } + } } - await withGroupAsync("Cleaning up databases", async () => { - await codeql.databaseCleanupCluster(config, "overlay"); - }); - const dbLocation = config.dbLocation; - const databaseSizeBytes = await tryGetFolderBytes(dbLocation, logger); - if (databaseSizeBytes === void 0) { - logger.warning( - "Failed to determine database size. Skip uploading overlay-base database to cache." - ); - return false; + return fileOidMap; +}; +function getRefFromEnv() { + let refEnv; + try { + refEnv = getRequiredEnvParam("GITHUB_REF"); + } catch (e) { + const maybeRef = process.env["CODE_SCANNING_REF"]; + if (maybeRef === void 0 || maybeRef.length === 0) { + throw e; + } + refEnv = maybeRef; } - if (databaseSizeBytes > OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES) { - const databaseSizeMB = Math.round(databaseSizeBytes / 1e6); - logger.warning( - `Database size (${databaseSizeMB} MB) exceeds maximum upload size (${OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB} MB). Skip uploading overlay-base database to cache.` + return refEnv; +} +async function getRef() { + const refInput = getOptionalInput("ref"); + const shaInput = getOptionalInput("sha"); + const checkoutPath = getOptionalInput("checkout_path") || getOptionalInput("source-root") || getRequiredEnvParam("GITHUB_WORKSPACE"); + const hasRefInput = !!refInput; + const hasShaInput = !!shaInput; + if ((hasRefInput || hasShaInput) && !(hasRefInput && hasShaInput)) { + throw new ConfigurationError( + "Both 'ref' and 'sha' are required if one of them is provided." ); - return false; } - const codeQlVersion = (await codeql.getVersion()).version; - const checkoutPath = getRequiredInput("checkout_path"); - const cacheSaveKey = await getCacheSaveKey( - config, - codeQlVersion, - checkoutPath - ); - logger.info( - `Uploading overlay-base database to Actions cache with key ${cacheSaveKey}` - ); - try { - const cacheId = await waitForResultWithTimeLimit( - MAX_CACHE_OPERATION_MS, - actionsCache.saveCache([dbLocation], cacheSaveKey), - () => { - } - ); - if (cacheId === void 0) { - logger.warning("Timed out while uploading overlay-base database"); - return false; - } - } catch (error2) { - logger.warning( - `Failed to upload overlay-base database to cache: ${error2 instanceof Error ? error2.message : String(error2)}` + const ref = refInput || getRefFromEnv(); + const sha = shaInput || getRequiredEnvParam("GITHUB_SHA"); + if (refInput) { + return refInput; + } + const pull_ref_regex = /refs\/pull\/(\d+)\/merge/; + if (!pull_ref_regex.test(ref)) { + return ref; + } + const head = await getCommitOid(checkoutPath, "HEAD"); + const hasChangedRef = sha !== head && await getCommitOid( + checkoutPath, + ref.replace(/^refs\/pull\//, "refs/remotes/pull/") + ) !== head; + if (hasChangedRef) { + const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); + core7.debug( + `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); - return false; + return newRef; + } else { + return ref; } - logger.info(`Successfully uploaded overlay-base database from ${dbLocation}`); - return true; -} -async function getCacheSaveKey(config, codeQlVersion, checkoutPath) { - const sha = await getCommitOid(checkoutPath); - const restoreKeyPrefix = await getCacheRestoreKeyPrefix( - config, - codeQlVersion - ); - return `${restoreKeyPrefix}${sha}`; } -async function getCacheRestoreKeyPrefix(config, codeQlVersion) { - const languages = [...config.languages].sort().join("_"); - const cacheKeyComponents = { - automationID: await getAutomationID() - // Add more components here as needed in the future - }; - const componentsHash = createCacheKeyHash(cacheKeyComponents); - return `${CACHE_PREFIX}-${CACHE_VERSION}-${componentsHash}-${languages}-${codeQlVersion}-`; +function removeRefsHeadsPrefix(ref) { + return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref; } -function createCacheKeyHash(components) { - const componentsJson = JSON.stringify(components); - return crypto.createHash("sha256").update(componentsJson).digest("hex").substring(0, 16); +async function isAnalyzingDefaultBranch() { + if (process.env.CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH === "true") { + return true; + } + let currentRef = await getRef(); + currentRef = removeRefsHeadsPrefix(currentRef); + const event = getWorkflowEvent(); + let defaultBranch = event?.repository?.default_branch; + if (getWorkflowEventName() === "schedule") { + defaultBranch = removeRefsHeadsPrefix(getRefFromEnv()); + } + return currentRef === defaultBranch; } -// src/tools-features.ts -var semver3 = __toESM(require_semver2()); -function isSupportedToolsFeature(versionInfo, feature) { - return !!versionInfo.features && versionInfo.features[feature]; +// src/overlay-database-utils.ts +var crypto = __toESM(require("crypto")); +var fs8 = __toESM(require("fs")); +var path9 = __toESM(require("path")); +var actionsCache = __toESM(require_cache3()); + +// src/logging.ts +var core8 = __toESM(require_core()); +function getActionsLogger() { + return core8; +} +async function withGroupAsync(groupName, f) { + core8.startGroup(groupName); + try { + return await f(); + } finally { + core8.endGroup(); + } +} +function formatDuration(durationMs) { + if (durationMs < 1e3) { + return `${durationMs}ms`; + } + if (durationMs < 60 * 1e3) { + return `${(durationMs / 1e3).toFixed(1)}s`; + } + const minutes = Math.floor(durationMs / (60 * 1e3)); + const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3); + return `${minutes}m${seconds}s`; } -// src/feature-flags.ts -var DEFAULT_VERSION_FEATURE_FLAG_PREFIX = "default_codeql_version_"; -var DEFAULT_VERSION_FEATURE_FLAG_SUFFIX = "_enabled"; -var CODEQL_VERSION_ZSTD_BUNDLE = "2.19.0"; -var featureConfig = { - ["cleanup_trap_caches" /* CleanupTrapCaches */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", - minimumVersion: void 0 - }, - ["cpp_dependency_installation_enabled" /* CppDependencyInstallation */]: { - defaultValue: false, - envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES", - legacyApi: true, - minimumVersion: "2.15.0" - }, - ["diff_informed_queries" /* DiffInformedQueries */]: { - defaultValue: true, - envVar: "CODEQL_ACTION_DIFF_INFORMED_QUERIES", - minimumVersion: "2.21.0" - }, - ["disable_csharp_buildless" /* DisableCsharpBuildless */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_DISABLE_CSHARP_BUILDLESS", - minimumVersion: void 0 - }, - ["disable_java_buildless_enabled" /* DisableJavaBuildlessEnabled */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_DISABLE_JAVA_BUILDLESS", - legacyApi: true, - minimumVersion: void 0 - }, - ["disable_kotlin_analysis_enabled" /* DisableKotlinAnalysisEnabled */]: { - defaultValue: false, - envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS", - legacyApi: true, - minimumVersion: void 0 - }, - ["export_diagnostics_enabled" /* ExportDiagnosticsEnabled */]: { - defaultValue: true, - envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS", - legacyApi: true, - minimumVersion: void 0 - }, - ["resolve_supported_languages_using_cli" /* ResolveSupportedLanguagesUsingCli */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_RESOLVE_SUPPORTED_LANGUAGES_USING_CLI", - minimumVersion: void 0, - toolsFeature: "builtinExtractorsSpecifyDefaultQueries" /* BuiltinExtractorsSpecifyDefaultQueries */ - }, - ["overlay_analysis" /* OverlayAnalysis */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", - minimumVersion: CODEQL_OVERLAY_MINIMUM_VERSION - }, - ["overlay_analysis_actions" /* OverlayAnalysisActions */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_ACTIONS", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_ACTIONS", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CPP", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CSHARP", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_GO", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVA", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVASCRIPT", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_PYTHON", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUBY", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUST", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_SWIFT", - minimumVersion: void 0 - }, - ["overlay_analysis_cpp" /* OverlayAnalysisCpp */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CPP", - minimumVersion: void 0 - }, - ["overlay_analysis_csharp" /* OverlayAnalysisCsharp */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP", - minimumVersion: void 0 - }, - ["overlay_analysis_go" /* OverlayAnalysisGo */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO", - minimumVersion: void 0 - }, - ["overlay_analysis_java" /* OverlayAnalysisJava */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVA", - minimumVersion: void 0 - }, - ["overlay_analysis_javascript" /* OverlayAnalysisJavascript */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVASCRIPT", - minimumVersion: void 0 - }, - ["overlay_analysis_python" /* OverlayAnalysisPython */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON", - minimumVersion: void 0 - }, - ["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY", - minimumVersion: void 0 - }, - ["overlay_analysis_rust" /* OverlayAnalysisRust */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", - minimumVersion: void 0 - }, - ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", - minimumVersion: void 0 - }, - ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", - minimumVersion: void 0, - toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */ - }, - ["use_repository_properties" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, - ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_QA_TELEMETRY", - legacyApi: true, - minimumVersion: void 0 - }, - ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS", - minimumVersion: "2.23.0" - } -}; -var FEATURE_FLAGS_FILE_NAME = "cached-feature-flags.json"; -var Features = class { - constructor(gitHubVersion, repositoryNwo, tempDir, logger) { - this.logger = logger; - this.gitHubFeatureFlags = new GitHubFeatureFlags( - gitHubVersion, - repositoryNwo, - path8.join(tempDir, FEATURE_FLAGS_FILE_NAME), - logger +// src/overlay-database-utils.ts +var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 15e3; +var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6; +async function writeBaseDatabaseOidsFile(config, sourceRoot) { + const gitFileOids = await getFileOidsUnderPath(sourceRoot); + const gitFileOidsJson = JSON.stringify(gitFileOids); + const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); + await fs8.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); +} +async function readBaseDatabaseOidsFile(config, logger) { + const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); + try { + const contents = await fs8.promises.readFile( + baseDatabaseOidsFilePath, + "utf-8" ); - } - async getDefaultCliVersion(variant) { - return await this.gitHubFeatureFlags.getDefaultCliVersion(variant); - } - /** - * - * @param feature The feature to check. - * @param codeql An optional CodeQL object. If provided, and a `minimumVersion` is specified for the - * feature, the version of the CodeQL CLI will be checked against the minimum version. - * If the version is less than the minimum version, the feature will be considered - * disabled. If not provided, and a `minimumVersion` is specified for the feature, the - * this function will throw. - * @returns true if the feature is enabled, false otherwise. - * - * @throws if a `minimumVersion` is specified for the feature, and `codeql` is not provided. - */ - async getValue(feature, codeql) { - if (!codeql && featureConfig[feature].minimumVersion) { - throw new Error( - `Internal error: A minimum version is specified for feature ${feature}, but no instance of CodeQL was provided.` - ); - } - if (!codeql && featureConfig[feature].toolsFeature) { - throw new Error( - `Internal error: A required tools feature is specified for feature ${feature}, but no instance of CodeQL was provided.` - ); - } - const envVar = (process.env[featureConfig[feature].envVar] || "").toLocaleLowerCase(); - if (envVar === "false") { - this.logger.debug( - `Feature ${feature} is disabled via the environment variable ${featureConfig[feature].envVar}.` - ); - return false; - } - const minimumVersion = featureConfig[feature].minimumVersion; - if (codeql && minimumVersion) { - if (!await codeQlVersionAtLeast(codeql, minimumVersion)) { - this.logger.debug( - `Feature ${feature} is disabled because the CodeQL CLI version is older than the minimum version ${minimumVersion}.` - ); - return false; - } else { - this.logger.debug( - `CodeQL CLI version ${(await codeql.getVersion()).version} is newer than the minimum version ${minimumVersion} for feature ${feature}.` - ); - } - } - const toolsFeature = featureConfig[feature].toolsFeature; - if (codeql && toolsFeature) { - if (!await codeql.supportsFeature(toolsFeature)) { - this.logger.debug( - `Feature ${feature} is disabled because the CodeQL CLI version does not support the required tools feature ${toolsFeature}.` - ); - return false; - } else { - this.logger.debug( - `CodeQL CLI version ${(await codeql.getVersion()).version} supports the required tools feature ${toolsFeature} for feature ${feature}.` - ); - } - } - if (envVar === "true") { - this.logger.debug( - `Feature ${feature} is enabled via the environment variable ${featureConfig[feature].envVar}.` - ); - return true; - } - const apiValue = await this.gitHubFeatureFlags.getValue(feature); - if (apiValue !== void 0) { - this.logger.debug( - `Feature ${feature} is ${apiValue ? "enabled" : "disabled"} via the GitHub API.` - ); - return apiValue; - } - const defaultValue = featureConfig[feature].defaultValue; - this.logger.debug( - `Feature ${feature} is ${defaultValue ? "enabled" : "disabled"} due to its default value.` + return JSON.parse(contents); + } catch (e) { + logger.error( + `Failed to read overlay-base file OIDs from ${baseDatabaseOidsFilePath}: ${e.message || e}` ); - return defaultValue; - } -}; -var GitHubFeatureFlags = class { - constructor(gitHubVersion, repositoryNwo, featureFlagsFile, logger) { - this.gitHubVersion = gitHubVersion; - this.repositoryNwo = repositoryNwo; - this.featureFlagsFile = featureFlagsFile; - this.logger = logger; - this.hasAccessedRemoteFeatureFlags = false; - } - getCliVersionFromFeatureFlag(f) { - if (!f.startsWith(DEFAULT_VERSION_FEATURE_FLAG_PREFIX) || !f.endsWith(DEFAULT_VERSION_FEATURE_FLAG_SUFFIX)) { - return void 0; - } - const version = f.substring( - DEFAULT_VERSION_FEATURE_FLAG_PREFIX.length, - f.length - DEFAULT_VERSION_FEATURE_FLAG_SUFFIX.length - ).replace(/_/g, "."); - if (!semver4.valid(version)) { - this.logger.warning( - `Ignoring feature flag ${f} as it does not specify a valid CodeQL version.` - ); - return void 0; - } - return version; - } - async getDefaultCliVersion(variant) { - if (variant === 0 /* DOTCOM */) { - return await this.getDefaultDotcomCliVersion(); - } - return { - cliVersion, - tagName: bundleVersion - }; + throw e; } - async getDefaultDotcomCliVersion() { - const response = await this.getAllFeatures(); - const enabledFeatureFlagCliVersions = Object.entries(response).map( - ([f, isEnabled]) => isEnabled ? this.getCliVersionFromFeatureFlag(f) : void 0 - ).filter((f) => f !== void 0); - if (enabledFeatureFlagCliVersions.length === 0) { - this.logger.warning( - `Feature flags do not specify a default CLI version. Falling back to the CLI version shipped with the Action. This is ${cliVersion}.` - ); - const result = { - cliVersion, - tagName: bundleVersion - }; - if (this.hasAccessedRemoteFeatureFlags) { - result.toolsFeatureFlagsValid = false; - } - return result; +} +function getBaseDatabaseOidsFilePath(config) { + return path9.join(config.dbLocation, "base-database-oids.json"); +} +async function writeOverlayChangesFile(config, sourceRoot, logger) { + const baseFileOids = await readBaseDatabaseOidsFile(config, logger); + const overlayFileOids = await getFileOidsUnderPath(sourceRoot); + const changedFiles = computeChangedFiles(baseFileOids, overlayFileOids); + logger.info( + `Found ${changedFiles.length} changed file(s) under ${sourceRoot}.` + ); + const changedFilesJson = JSON.stringify({ changes: changedFiles }); + const overlayChangesFile = path9.join( + getTemporaryDirectory(), + "overlay-changes.json" + ); + logger.debug( + `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` + ); + await fs8.promises.writeFile(overlayChangesFile, changedFilesJson); + return overlayChangesFile; +} +function computeChangedFiles(baseFileOids, overlayFileOids) { + const changes = []; + for (const [file, oid] of Object.entries(overlayFileOids)) { + if (!(file in baseFileOids) || baseFileOids[file] !== oid) { + changes.push(file); } - const maxCliVersion = enabledFeatureFlagCliVersions.reduce( - (maxVersion, currentVersion) => currentVersion > maxVersion ? currentVersion : maxVersion, - enabledFeatureFlagCliVersions[0] - ); - this.logger.debug( - `Derived default CLI version of ${maxCliVersion} from feature flags.` - ); - return { - cliVersion: maxCliVersion, - tagName: `codeql-bundle-v${maxCliVersion}`, - toolsFeatureFlagsValid: true - }; } - async getValue(feature) { - const response = await this.getAllFeatures(); - if (response === void 0) { - this.logger.debug(`No feature flags API response for ${feature}.`); - return void 0; - } - const features = response[feature]; - if (features === void 0) { - this.logger.debug(`Feature '${feature}' undefined in API response.`); - return void 0; + for (const file of Object.keys(baseFileOids)) { + if (!(file in overlayFileOids)) { + changes.push(file); } - return !!features; } - async getAllFeatures() { - if (this.cachedApiResponse !== void 0) { - return this.cachedApiResponse; - } - const fileFlags = await this.readLocalFlags(); - if (fileFlags !== void 0) { - this.cachedApiResponse = fileFlags; - return fileFlags; - } - let remoteFlags = await this.loadApiResponse(); - if (remoteFlags === void 0) { - remoteFlags = {}; - } - this.cachedApiResponse = remoteFlags; - await this.writeLocalFlags(remoteFlags); - return remoteFlags; + return changes; +} +var CACHE_VERSION = 1; +var CACHE_PREFIX = "codeql-overlay-base-database"; +var MAX_CACHE_OPERATION_MS = 6e5; +function checkOverlayBaseDatabase(config, logger, warningPrefix) { + const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); + if (!fs8.existsSync(baseDatabaseOidsFilePath)) { + logger.warning( + `${warningPrefix}: ${baseDatabaseOidsFilePath} does not exist` + ); + return false; } - async readLocalFlags() { - try { - if (fs7.existsSync(this.featureFlagsFile)) { - this.logger.debug( - `Loading feature flags from ${this.featureFlagsFile}` - ); - return JSON.parse( - fs7.readFileSync(this.featureFlagsFile, "utf8") - ); - } - } catch (e) { - this.logger.warning( - `Error reading cached feature flags file ${this.featureFlagsFile}: ${e}. Requesting from GitHub instead.` - ); - } - return void 0; + return true; +} +async function uploadOverlayBaseDatabaseToCache(codeql, config, logger) { + const overlayDatabaseMode = config.overlayDatabaseMode; + if (overlayDatabaseMode !== "overlay-base" /* OverlayBase */) { + logger.debug( + `Overlay database mode is ${overlayDatabaseMode}. Skip uploading overlay-base database to cache.` + ); + return false; } - async writeLocalFlags(flags) { - try { - this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`); - fs7.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); - } catch (e) { - this.logger.warning( - `Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.` - ); - } + if (!config.useOverlayDatabaseCaching) { + logger.debug( + "Overlay database caching is disabled. Skip uploading overlay-base database to cache." + ); + return false; } - async loadApiResponse() { - if (this.gitHubVersion.type !== 0 /* DOTCOM */ && this.gitHubVersion.type !== 2 /* GHE_DOTCOM */) { - this.logger.debug( - "Not running against github.com. Disabling all toggleable features." - ); - this.hasAccessedRemoteFeatureFlags = false; - return {}; - } - try { - const featuresToRequest = Object.entries(featureConfig).filter(([, config]) => !config.legacyApi).map(([f]) => f); - const FEATURES_PER_REQUEST = 25; - const featureChunks = []; - while (featuresToRequest.length > 0) { - featureChunks.push(featuresToRequest.splice(0, FEATURES_PER_REQUEST)); - } - let remoteFlags = {}; - for (const chunk of featureChunks) { - const response = await getApiClient().request( - "GET /repos/:owner/:repo/code-scanning/codeql-action/features", - { - owner: this.repositoryNwo.owner, - repo: this.repositoryNwo.repo, - features: chunk.join(",") - } - ); - const chunkFlags = response.data; - remoteFlags = { ...remoteFlags, ...chunkFlags }; - } - this.logger.debug( - "Loaded the following default values for the feature flags from the Code Scanning API:" - ); - for (const [feature, value] of Object.entries(remoteFlags).sort( - ([nameA], [nameB]) => nameA.localeCompare(nameB) - )) { - this.logger.debug(` ${feature}: ${value}`); - } - this.hasAccessedRemoteFeatureFlags = true; - return remoteFlags; - } catch (e) { - if (isHTTPError(e) && e.status === 403) { - this.logger.warning( - `This run of the CodeQL Action does not have permission to access Code Scanning API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the Action has the 'security-events: write' permission. Details: ${e.message}` - ); - this.hasAccessedRemoteFeatureFlags = false; - return {}; - } else { - throw new Error( - `Encountered an error while trying to determine feature enablement: ${e}` - ); - } - } + if (isInTestMode()) { + logger.debug( + "In test mode. Skip uploading overlay-base database to cache." + ); + return false; } -}; - -// src/diff-informed-analysis-utils.ts -async function getDiffInformedAnalysisBranches(codeql, features, logger) { - if (!await features.getValue("diff_informed_queries" /* DiffInformedQueries */, codeql)) { - return void 0; + const databaseIsValid = checkOverlayBaseDatabase( + config, + logger, + "Abort uploading overlay-base database to cache" + ); + if (!databaseIsValid) { + return false; } - const gitHubVersion = await getGitHubVersion(); - if (gitHubVersion.type === 1 /* GHES */ && satisfiesGHESVersion(gitHubVersion.version, "<3.19", true)) { - return void 0; + await withGroupAsync("Cleaning up databases", async () => { + await codeql.databaseCleanupCluster(config, "overlay"); + }); + const dbLocation = config.dbLocation; + const databaseSizeBytes = await tryGetFolderBytes(dbLocation, logger); + if (databaseSizeBytes === void 0) { + logger.warning( + "Failed to determine database size. Skip uploading overlay-base database to cache." + ); + return false; } - const branches = getPullRequestBranches(); - if (!branches) { - logger.info( - "Not performing diff-informed analysis because we are not analyzing a pull request." + if (databaseSizeBytes > OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES) { + const databaseSizeMB = Math.round(databaseSizeBytes / 1e6); + logger.warning( + `Database size (${databaseSizeMB} MB) exceeds maximum upload size (${OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB} MB). Skip uploading overlay-base database to cache.` ); + return false; } - return branches; -} -function getDiffRangesJsonFilePath() { - return path9.join(getTemporaryDirectory(), "pr-diff-range.json"); -} -function writeDiffRangesJsonFile(logger, ranges) { - const jsonContents = JSON.stringify(ranges, null, 2); - const jsonFilePath = getDiffRangesJsonFilePath(); - fs8.writeFileSync(jsonFilePath, jsonContents); - logger.debug( - `Wrote pr-diff-range JSON file to ${jsonFilePath}: -${jsonContents}` + const codeQlVersion = (await codeql.getVersion()).version; + const checkoutPath = getRequiredInput("checkout_path"); + const cacheSaveKey = await getCacheSaveKey( + config, + codeQlVersion, + checkoutPath ); -} -function readDiffRangesJsonFile(logger) { - const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs8.existsSync(jsonFilePath)) { - logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); - return void 0; + logger.info( + `Uploading overlay-base database to Actions cache with key ${cacheSaveKey}` + ); + try { + const cacheId = await waitForResultWithTimeLimit( + MAX_CACHE_OPERATION_MS, + actionsCache.saveCache([dbLocation], cacheSaveKey), + () => { + } + ); + if (cacheId === void 0) { + logger.warning("Timed out while uploading overlay-base database"); + return false; + } + } catch (error2) { + logger.warning( + `Failed to upload overlay-base database to cache: ${error2 instanceof Error ? error2.message : String(error2)}` + ); + return false; } - const jsonContents = fs8.readFileSync(jsonFilePath, "utf8"); - logger.debug( - `Read pr-diff-range JSON file from ${jsonFilePath}: -${jsonContents}` + logger.info(`Successfully uploaded overlay-base database from ${dbLocation}`); + return true; +} +async function getCacheSaveKey(config, codeQlVersion, checkoutPath) { + const sha = await getCommitOid(checkoutPath); + const restoreKeyPrefix = await getCacheRestoreKeyPrefix( + config, + codeQlVersion ); - return JSON.parse(jsonContents); + return `${restoreKeyPrefix}${sha}`; +} +async function getCacheRestoreKeyPrefix(config, codeQlVersion) { + const languages = [...config.languages].sort().join("_"); + const cacheKeyComponents = { + automationID: await getAutomationID() + // Add more components here as needed in the future + }; + const componentsHash = createCacheKeyHash(cacheKeyComponents); + return `${CACHE_PREFIX}-${CACHE_VERSION}-${componentsHash}-${languages}-${codeQlVersion}-`; +} +function createCacheKeyHash(components) { + const componentsJson = JSON.stringify(components); + return crypto.createHash("sha256").update(componentsJson).digest("hex").substring(0, 16); } // src/trap-caching.ts diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 6f7f8d3a98..8ae1f9d8fb 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -78290,249 +78290,14 @@ var PACK_IDENTIFIER_PATTERN = (function() { })(); // src/feature-flags.ts -var fs3 = __toESM(require("fs")); -var path3 = __toESM(require("path")); +var fs2 = __toESM(require("fs")); +var path2 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json var bundleVersion = "codeql-bundle-v2.23.1"; var cliVersion = "2.23.1"; -// src/overlay-database-utils.ts -var fs2 = __toESM(require("fs")); -var path2 = __toESM(require("path")); -var actionsCache = __toESM(require_cache3()); - -// src/git-utils.ts -var core7 = __toESM(require_core()); -var toolrunner2 = __toESM(require_toolrunner()); -var io3 = __toESM(require_io()); -var runGitCommand = async function(workingDirectory, args, customErrorMessage) { - let stdout = ""; - let stderr = ""; - core7.debug(`Running git command: git ${args.join(" ")}`); - try { - await new toolrunner2.ToolRunner(await io3.which("git", true), args, { - silent: true, - listeners: { - stdout: (data) => { - stdout += data.toString(); - }, - stderr: (data) => { - stderr += data.toString(); - } - }, - cwd: workingDirectory - }).exec(); - return stdout; - } catch (error2) { - let reason = stderr; - if (stderr.includes("not a git repository")) { - reason = "The checkout path provided to the action does not appear to be a git repository."; - } - core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); - throw error2; - } -}; -var getCommitOid = async function(checkoutPath, ref = "HEAD") { - try { - const stdout = await runGitCommand( - checkoutPath, - ["rev-parse", ref], - "Continuing with commit SHA from user input or environment." - ); - return stdout.trim(); - } catch { - return getOptionalInput("sha") || getRequiredEnvParam("GITHUB_SHA"); - } -}; -var decodeGitFilePath = function(filePath) { - if (filePath.startsWith('"') && filePath.endsWith('"')) { - filePath = filePath.substring(1, filePath.length - 1); - return filePath.replace( - /\\([abfnrtv\\"]|[0-7]{1,3})/g, - (_match, seq2) => { - switch (seq2[0]) { - case "a": - return "\x07"; - case "b": - return "\b"; - case "f": - return "\f"; - case "n": - return "\n"; - case "r": - return "\r"; - case "t": - return " "; - case "v": - return "\v"; - case "\\": - return "\\"; - case '"': - return '"'; - default: - return String.fromCharCode(parseInt(seq2, 8)); - } - } - ); - } - return filePath; -}; -var getFileOidsUnderPath = async function(basePath) { - const stdout = await runGitCommand( - basePath, - ["ls-files", "--recurse-submodules", "--format=%(objectname)_%(path)"], - "Cannot list Git OIDs of tracked files." - ); - const fileOidMap = {}; - const regex = /^([0-9a-f]{40})_(.+)$/; - for (const line of stdout.split("\n")) { - if (line) { - const match = line.match(regex); - if (match) { - const oid = match[1]; - const path7 = decodeGitFilePath(match[2]); - fileOidMap[path7] = oid; - } else { - throw new Error(`Unexpected "git ls-files" output: ${line}`); - } - } - } - return fileOidMap; -}; -function getRefFromEnv() { - let refEnv; - try { - refEnv = getRequiredEnvParam("GITHUB_REF"); - } catch (e) { - const maybeRef = process.env["CODE_SCANNING_REF"]; - if (maybeRef === void 0 || maybeRef.length === 0) { - throw e; - } - refEnv = maybeRef; - } - return refEnv; -} -async function getRef() { - const refInput = getOptionalInput("ref"); - const shaInput = getOptionalInput("sha"); - const checkoutPath = getOptionalInput("checkout_path") || getOptionalInput("source-root") || getRequiredEnvParam("GITHUB_WORKSPACE"); - const hasRefInput = !!refInput; - const hasShaInput = !!shaInput; - if ((hasRefInput || hasShaInput) && !(hasRefInput && hasShaInput)) { - throw new ConfigurationError( - "Both 'ref' and 'sha' are required if one of them is provided." - ); - } - const ref = refInput || getRefFromEnv(); - const sha = shaInput || getRequiredEnvParam("GITHUB_SHA"); - if (refInput) { - return refInput; - } - const pull_ref_regex = /refs\/pull\/(\d+)\/merge/; - if (!pull_ref_regex.test(ref)) { - return ref; - } - const head = await getCommitOid(checkoutPath, "HEAD"); - const hasChangedRef = sha !== head && await getCommitOid( - checkoutPath, - ref.replace(/^refs\/pull\//, "refs/remotes/pull/") - ) !== head; - if (hasChangedRef) { - const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core7.debug( - `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` - ); - return newRef; - } else { - return ref; - } -} -function removeRefsHeadsPrefix(ref) { - return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref; -} -async function isAnalyzingDefaultBranch() { - if (process.env.CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH === "true") { - return true; - } - let currentRef = await getRef(); - currentRef = removeRefsHeadsPrefix(currentRef); - const event = getWorkflowEvent(); - let defaultBranch = event?.repository?.default_branch; - if (getWorkflowEventName() === "schedule") { - defaultBranch = removeRefsHeadsPrefix(getRefFromEnv()); - } - return currentRef === defaultBranch; -} - -// src/logging.ts -var core8 = __toESM(require_core()); -function getActionsLogger() { - return core8; -} - -// src/overlay-database-utils.ts -var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4"; -var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 15e3; -var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6; -async function writeBaseDatabaseOidsFile(config, sourceRoot) { - const gitFileOids = await getFileOidsUnderPath(sourceRoot); - const gitFileOidsJson = JSON.stringify(gitFileOids); - const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs2.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); -} -async function readBaseDatabaseOidsFile(config, logger) { - const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - try { - const contents = await fs2.promises.readFile( - baseDatabaseOidsFilePath, - "utf-8" - ); - return JSON.parse(contents); - } catch (e) { - logger.error( - `Failed to read overlay-base file OIDs from ${baseDatabaseOidsFilePath}: ${e.message || e}` - ); - throw e; - } -} -function getBaseDatabaseOidsFilePath(config) { - return path2.join(config.dbLocation, "base-database-oids.json"); -} -async function writeOverlayChangesFile(config, sourceRoot, logger) { - const baseFileOids = await readBaseDatabaseOidsFile(config, logger); - const overlayFileOids = await getFileOidsUnderPath(sourceRoot); - const changedFiles = computeChangedFiles(baseFileOids, overlayFileOids); - logger.info( - `Found ${changedFiles.length} changed file(s) under ${sourceRoot}.` - ); - const changedFilesJson = JSON.stringify({ changes: changedFiles }); - const overlayChangesFile = path2.join( - getTemporaryDirectory(), - "overlay-changes.json" - ); - logger.debug( - `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` - ); - await fs2.promises.writeFile(overlayChangesFile, changedFilesJson); - return overlayChangesFile; -} -function computeChangedFiles(baseFileOids, overlayFileOids) { - const changes = []; - for (const [file, oid] of Object.entries(overlayFileOids)) { - if (!(file in baseFileOids) || baseFileOids[file] !== oid) { - changes.push(file); - } - } - for (const file of Object.keys(baseFileOids)) { - if (!(file in overlayFileOids)) { - changes.push(file); - } - } - return changes; -} - // src/tools-features.ts var semver3 = __toESM(require_semver2()); function isSupportedToolsFeature(versionInfo, feature) { @@ -78591,7 +78356,7 @@ var featureConfig = { ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", - minimumVersion: CODEQL_OVERLAY_MINIMUM_VERSION + minimumVersion: void 0 }, ["overlay_analysis_actions" /* OverlayAnalysisActions */]: { defaultValue: false, @@ -78723,7 +78488,7 @@ var Features = class { this.gitHubFeatureFlags = new GitHubFeatureFlags( gitHubVersion, repositoryNwo, - path3.join(tempDir, FEATURE_FLAGS_FILE_NAME), + path2.join(tempDir, FEATURE_FLAGS_FILE_NAME), logger ); } @@ -78902,12 +78667,12 @@ var GitHubFeatureFlags = class { } async readLocalFlags() { try { - if (fs3.existsSync(this.featureFlagsFile)) { + if (fs2.existsSync(this.featureFlagsFile)) { this.logger.debug( `Loading feature flags from ${this.featureFlagsFile}` ); return JSON.parse( - fs3.readFileSync(this.featureFlagsFile, "utf8") + fs2.readFileSync(this.featureFlagsFile, "utf8") ); } } catch (e) { @@ -78920,7 +78685,7 @@ var GitHubFeatureFlags = class { async writeLocalFlags(flags) { try { this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`); - fs3.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); + fs2.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); } catch (e) { this.logger.warning( `Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.` @@ -78981,6 +78746,240 @@ var GitHubFeatureFlags = class { } }; +// src/git-utils.ts +var core7 = __toESM(require_core()); +var toolrunner2 = __toESM(require_toolrunner()); +var io3 = __toESM(require_io()); +var runGitCommand = async function(workingDirectory, args, customErrorMessage) { + let stdout = ""; + let stderr = ""; + core7.debug(`Running git command: git ${args.join(" ")}`); + try { + await new toolrunner2.ToolRunner(await io3.which("git", true), args, { + silent: true, + listeners: { + stdout: (data) => { + stdout += data.toString(); + }, + stderr: (data) => { + stderr += data.toString(); + } + }, + cwd: workingDirectory + }).exec(); + return stdout; + } catch (error2) { + let reason = stderr; + if (stderr.includes("not a git repository")) { + reason = "The checkout path provided to the action does not appear to be a git repository."; + } + core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + throw error2; + } +}; +var getCommitOid = async function(checkoutPath, ref = "HEAD") { + try { + const stdout = await runGitCommand( + checkoutPath, + ["rev-parse", ref], + "Continuing with commit SHA from user input or environment." + ); + return stdout.trim(); + } catch { + return getOptionalInput("sha") || getRequiredEnvParam("GITHUB_SHA"); + } +}; +var decodeGitFilePath = function(filePath) { + if (filePath.startsWith('"') && filePath.endsWith('"')) { + filePath = filePath.substring(1, filePath.length - 1); + return filePath.replace( + /\\([abfnrtv\\"]|[0-7]{1,3})/g, + (_match, seq2) => { + switch (seq2[0]) { + case "a": + return "\x07"; + case "b": + return "\b"; + case "f": + return "\f"; + case "n": + return "\n"; + case "r": + return "\r"; + case "t": + return " "; + case "v": + return "\v"; + case "\\": + return "\\"; + case '"': + return '"'; + default: + return String.fromCharCode(parseInt(seq2, 8)); + } + } + ); + } + return filePath; +}; +var getFileOidsUnderPath = async function(basePath) { + const stdout = await runGitCommand( + basePath, + ["ls-files", "--recurse-submodules", "--format=%(objectname)_%(path)"], + "Cannot list Git OIDs of tracked files." + ); + const fileOidMap = {}; + const regex = /^([0-9a-f]{40})_(.+)$/; + for (const line of stdout.split("\n")) { + if (line) { + const match = line.match(regex); + if (match) { + const oid = match[1]; + const path7 = decodeGitFilePath(match[2]); + fileOidMap[path7] = oid; + } else { + throw new Error(`Unexpected "git ls-files" output: ${line}`); + } + } + } + return fileOidMap; +}; +function getRefFromEnv() { + let refEnv; + try { + refEnv = getRequiredEnvParam("GITHUB_REF"); + } catch (e) { + const maybeRef = process.env["CODE_SCANNING_REF"]; + if (maybeRef === void 0 || maybeRef.length === 0) { + throw e; + } + refEnv = maybeRef; + } + return refEnv; +} +async function getRef() { + const refInput = getOptionalInput("ref"); + const shaInput = getOptionalInput("sha"); + const checkoutPath = getOptionalInput("checkout_path") || getOptionalInput("source-root") || getRequiredEnvParam("GITHUB_WORKSPACE"); + const hasRefInput = !!refInput; + const hasShaInput = !!shaInput; + if ((hasRefInput || hasShaInput) && !(hasRefInput && hasShaInput)) { + throw new ConfigurationError( + "Both 'ref' and 'sha' are required if one of them is provided." + ); + } + const ref = refInput || getRefFromEnv(); + const sha = shaInput || getRequiredEnvParam("GITHUB_SHA"); + if (refInput) { + return refInput; + } + const pull_ref_regex = /refs\/pull\/(\d+)\/merge/; + if (!pull_ref_regex.test(ref)) { + return ref; + } + const head = await getCommitOid(checkoutPath, "HEAD"); + const hasChangedRef = sha !== head && await getCommitOid( + checkoutPath, + ref.replace(/^refs\/pull\//, "refs/remotes/pull/") + ) !== head; + if (hasChangedRef) { + const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); + core7.debug( + `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` + ); + return newRef; + } else { + return ref; + } +} +function removeRefsHeadsPrefix(ref) { + return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref; +} +async function isAnalyzingDefaultBranch() { + if (process.env.CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH === "true") { + return true; + } + let currentRef = await getRef(); + currentRef = removeRefsHeadsPrefix(currentRef); + const event = getWorkflowEvent(); + let defaultBranch = event?.repository?.default_branch; + if (getWorkflowEventName() === "schedule") { + defaultBranch = removeRefsHeadsPrefix(getRefFromEnv()); + } + return currentRef === defaultBranch; +} + +// src/overlay-database-utils.ts +var fs3 = __toESM(require("fs")); +var path3 = __toESM(require("path")); +var actionsCache = __toESM(require_cache3()); + +// src/logging.ts +var core8 = __toESM(require_core()); +function getActionsLogger() { + return core8; +} + +// src/overlay-database-utils.ts +var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 15e3; +var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6; +async function writeBaseDatabaseOidsFile(config, sourceRoot) { + const gitFileOids = await getFileOidsUnderPath(sourceRoot); + const gitFileOidsJson = JSON.stringify(gitFileOids); + const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); + await fs3.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); +} +async function readBaseDatabaseOidsFile(config, logger) { + const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); + try { + const contents = await fs3.promises.readFile( + baseDatabaseOidsFilePath, + "utf-8" + ); + return JSON.parse(contents); + } catch (e) { + logger.error( + `Failed to read overlay-base file OIDs from ${baseDatabaseOidsFilePath}: ${e.message || e}` + ); + throw e; + } +} +function getBaseDatabaseOidsFilePath(config) { + return path3.join(config.dbLocation, "base-database-oids.json"); +} +async function writeOverlayChangesFile(config, sourceRoot, logger) { + const baseFileOids = await readBaseDatabaseOidsFile(config, logger); + const overlayFileOids = await getFileOidsUnderPath(sourceRoot); + const changedFiles = computeChangedFiles(baseFileOids, overlayFileOids); + logger.info( + `Found ${changedFiles.length} changed file(s) under ${sourceRoot}.` + ); + const changedFilesJson = JSON.stringify({ changes: changedFiles }); + const overlayChangesFile = path3.join( + getTemporaryDirectory(), + "overlay-changes.json" + ); + logger.debug( + `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` + ); + await fs3.promises.writeFile(overlayChangesFile, changedFilesJson); + return overlayChangesFile; +} +function computeChangedFiles(baseFileOids, overlayFileOids) { + const changes = []; + for (const [file, oid] of Object.entries(overlayFileOids)) { + if (!(file in baseFileOids) || baseFileOids[file] !== oid) { + changes.push(file); + } + } + for (const file of Object.keys(baseFileOids)) { + if (!(file in overlayFileOids)) { + changes.push(file); + } + } + return changes; +} + // src/trap-caching.ts var actionsCache2 = __toESM(require_cache3()); diff --git a/lib/init-action-post.js b/lib/init-action-post.js index 51599e118d..889c63fb5c 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -128831,306 +128831,18 @@ var PACK_IDENTIFIER_PATTERN = (function() { })(); // src/diff-informed-analysis-utils.ts -var fs8 = __toESM(require("fs")); -var path9 = __toESM(require("path")); - -// src/feature-flags.ts var fs7 = __toESM(require("fs")); var path8 = __toESM(require("path")); + +// src/feature-flags.ts +var fs6 = __toESM(require("fs")); +var path7 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json var bundleVersion = "codeql-bundle-v2.23.1"; var cliVersion = "2.23.1"; -// src/overlay-database-utils.ts -var fs6 = __toESM(require("fs")); -var path7 = __toESM(require("path")); -var actionsCache = __toESM(require_cache3()); - -// src/git-utils.ts -var core7 = __toESM(require_core()); -var toolrunner2 = __toESM(require_toolrunner()); -var io3 = __toESM(require_io()); -var runGitCommand = async function(workingDirectory, args, customErrorMessage) { - let stdout = ""; - let stderr = ""; - core7.debug(`Running git command: git ${args.join(" ")}`); - try { - await new toolrunner2.ToolRunner(await io3.which("git", true), args, { - silent: true, - listeners: { - stdout: (data) => { - stdout += data.toString(); - }, - stderr: (data) => { - stderr += data.toString(); - } - }, - cwd: workingDirectory - }).exec(); - return stdout; - } catch (error2) { - let reason = stderr; - if (stderr.includes("not a git repository")) { - reason = "The checkout path provided to the action does not appear to be a git repository."; - } - core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); - throw error2; - } -}; -var getCommitOid = async function(checkoutPath, ref = "HEAD") { - try { - const stdout = await runGitCommand( - checkoutPath, - ["rev-parse", ref], - "Continuing with commit SHA from user input or environment." - ); - return stdout.trim(); - } catch { - return getOptionalInput("sha") || getRequiredEnvParam("GITHUB_SHA"); - } -}; -var determineBaseBranchHeadCommitOid = async function(checkoutPathOverride) { - if (getWorkflowEventName() !== "pull_request") { - return void 0; - } - const mergeSha = getRequiredEnvParam("GITHUB_SHA"); - const checkoutPath = checkoutPathOverride ?? getOptionalInput("checkout_path"); - try { - let commitOid = ""; - let baseOid = ""; - let headOid = ""; - const stdout = await runGitCommand( - checkoutPath, - ["show", "-s", "--format=raw", mergeSha], - "Will calculate the base branch SHA on the server." - ); - for (const data of stdout.split("\n")) { - if (data.startsWith("commit ") && commitOid === "") { - commitOid = data.substring(7); - } else if (data.startsWith("parent ")) { - if (baseOid === "") { - baseOid = data.substring(7); - } else if (headOid === "") { - headOid = data.substring(7); - } - } - } - if (commitOid === mergeSha && headOid.length === 40 && baseOid.length === 40) { - return baseOid; - } - return void 0; - } catch { - return void 0; - } -}; -var decodeGitFilePath = function(filePath) { - if (filePath.startsWith('"') && filePath.endsWith('"')) { - filePath = filePath.substring(1, filePath.length - 1); - return filePath.replace( - /\\([abfnrtv\\"]|[0-7]{1,3})/g, - (_match, seq2) => { - switch (seq2[0]) { - case "a": - return "\x07"; - case "b": - return "\b"; - case "f": - return "\f"; - case "n": - return "\n"; - case "r": - return "\r"; - case "t": - return " "; - case "v": - return "\v"; - case "\\": - return "\\"; - case '"': - return '"'; - default: - return String.fromCharCode(parseInt(seq2, 8)); - } - } - ); - } - return filePath; -}; -var getFileOidsUnderPath = async function(basePath) { - const stdout = await runGitCommand( - basePath, - ["ls-files", "--recurse-submodules", "--format=%(objectname)_%(path)"], - "Cannot list Git OIDs of tracked files." - ); - const fileOidMap = {}; - const regex = /^([0-9a-f]{40})_(.+)$/; - for (const line of stdout.split("\n")) { - if (line) { - const match = line.match(regex); - if (match) { - const oid = match[1]; - const path19 = decodeGitFilePath(match[2]); - fileOidMap[path19] = oid; - } else { - throw new Error(`Unexpected "git ls-files" output: ${line}`); - } - } - } - return fileOidMap; -}; -function getRefFromEnv() { - let refEnv; - try { - refEnv = getRequiredEnvParam("GITHUB_REF"); - } catch (e) { - const maybeRef = process.env["CODE_SCANNING_REF"]; - if (maybeRef === void 0 || maybeRef.length === 0) { - throw e; - } - refEnv = maybeRef; - } - return refEnv; -} -async function getRef() { - const refInput = getOptionalInput("ref"); - const shaInput = getOptionalInput("sha"); - const checkoutPath = getOptionalInput("checkout_path") || getOptionalInput("source-root") || getRequiredEnvParam("GITHUB_WORKSPACE"); - const hasRefInput = !!refInput; - const hasShaInput = !!shaInput; - if ((hasRefInput || hasShaInput) && !(hasRefInput && hasShaInput)) { - throw new ConfigurationError( - "Both 'ref' and 'sha' are required if one of them is provided." - ); - } - const ref = refInput || getRefFromEnv(); - const sha = shaInput || getRequiredEnvParam("GITHUB_SHA"); - if (refInput) { - return refInput; - } - const pull_ref_regex = /refs\/pull\/(\d+)\/merge/; - if (!pull_ref_regex.test(ref)) { - return ref; - } - const head = await getCommitOid(checkoutPath, "HEAD"); - const hasChangedRef = sha !== head && await getCommitOid( - checkoutPath, - ref.replace(/^refs\/pull\//, "refs/remotes/pull/") - ) !== head; - if (hasChangedRef) { - const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core7.debug( - `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` - ); - return newRef; - } else { - return ref; - } -} -function removeRefsHeadsPrefix(ref) { - return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref; -} -async function isAnalyzingDefaultBranch() { - if (process.env.CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH === "true") { - return true; - } - let currentRef = await getRef(); - currentRef = removeRefsHeadsPrefix(currentRef); - const event = getWorkflowEvent(); - let defaultBranch = event?.repository?.default_branch; - if (getWorkflowEventName() === "schedule") { - defaultBranch = removeRefsHeadsPrefix(getRefFromEnv()); - } - return currentRef === defaultBranch; -} - -// src/logging.ts -var core8 = __toESM(require_core()); -function getActionsLogger() { - return core8; -} -function withGroup(groupName, f) { - core8.startGroup(groupName); - try { - return f(); - } finally { - core8.endGroup(); - } -} -function formatDuration(durationMs) { - if (durationMs < 1e3) { - return `${durationMs}ms`; - } - if (durationMs < 60 * 1e3) { - return `${(durationMs / 1e3).toFixed(1)}s`; - } - const minutes = Math.floor(durationMs / (60 * 1e3)); - const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3); - return `${minutes}m${seconds}s`; -} - -// src/overlay-database-utils.ts -var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4"; -var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 15e3; -var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6; -async function writeBaseDatabaseOidsFile(config, sourceRoot) { - const gitFileOids = await getFileOidsUnderPath(sourceRoot); - const gitFileOidsJson = JSON.stringify(gitFileOids); - const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs6.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); -} -async function readBaseDatabaseOidsFile(config, logger) { - const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - try { - const contents = await fs6.promises.readFile( - baseDatabaseOidsFilePath, - "utf-8" - ); - return JSON.parse(contents); - } catch (e) { - logger.error( - `Failed to read overlay-base file OIDs from ${baseDatabaseOidsFilePath}: ${e.message || e}` - ); - throw e; - } -} -function getBaseDatabaseOidsFilePath(config) { - return path7.join(config.dbLocation, "base-database-oids.json"); -} -async function writeOverlayChangesFile(config, sourceRoot, logger) { - const baseFileOids = await readBaseDatabaseOidsFile(config, logger); - const overlayFileOids = await getFileOidsUnderPath(sourceRoot); - const changedFiles = computeChangedFiles(baseFileOids, overlayFileOids); - logger.info( - `Found ${changedFiles.length} changed file(s) under ${sourceRoot}.` - ); - const changedFilesJson = JSON.stringify({ changes: changedFiles }); - const overlayChangesFile = path7.join( - getTemporaryDirectory(), - "overlay-changes.json" - ); - logger.debug( - `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` - ); - await fs6.promises.writeFile(overlayChangesFile, changedFilesJson); - return overlayChangesFile; -} -function computeChangedFiles(baseFileOids, overlayFileOids) { - const changes = []; - for (const [file, oid] of Object.entries(overlayFileOids)) { - if (!(file in baseFileOids) || baseFileOids[file] !== oid) { - changes.push(file); - } - } - for (const file of Object.keys(baseFileOids)) { - if (!(file in overlayFileOids)) { - changes.push(file); - } - } - return changes; -} - // src/tools-features.ts var semver3 = __toESM(require_semver2()); function isSupportedToolsFeature(versionInfo, feature) { @@ -129194,7 +128906,7 @@ var featureConfig = { ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", - minimumVersion: CODEQL_OVERLAY_MINIMUM_VERSION + minimumVersion: void 0 }, ["overlay_analysis_actions" /* OverlayAnalysisActions */]: { defaultValue: false, @@ -129326,7 +129038,7 @@ var Features = class { this.gitHubFeatureFlags = new GitHubFeatureFlags( gitHubVersion, repositoryNwo, - path8.join(tempDir, FEATURE_FLAGS_FILE_NAME), + path7.join(tempDir, FEATURE_FLAGS_FILE_NAME), logger ); } @@ -129389,217 +129101,504 @@ var Features = class { ); } } - if (envVar === "true") { + if (envVar === "true") { + this.logger.debug( + `Feature ${feature} is enabled via the environment variable ${featureConfig[feature].envVar}.` + ); + return true; + } + const apiValue = await this.gitHubFeatureFlags.getValue(feature); + if (apiValue !== void 0) { + this.logger.debug( + `Feature ${feature} is ${apiValue ? "enabled" : "disabled"} via the GitHub API.` + ); + return apiValue; + } + const defaultValue = featureConfig[feature].defaultValue; + this.logger.debug( + `Feature ${feature} is ${defaultValue ? "enabled" : "disabled"} due to its default value.` + ); + return defaultValue; + } +}; +var GitHubFeatureFlags = class { + constructor(gitHubVersion, repositoryNwo, featureFlagsFile, logger) { + this.gitHubVersion = gitHubVersion; + this.repositoryNwo = repositoryNwo; + this.featureFlagsFile = featureFlagsFile; + this.logger = logger; + this.hasAccessedRemoteFeatureFlags = false; + } + getCliVersionFromFeatureFlag(f) { + if (!f.startsWith(DEFAULT_VERSION_FEATURE_FLAG_PREFIX) || !f.endsWith(DEFAULT_VERSION_FEATURE_FLAG_SUFFIX)) { + return void 0; + } + const version = f.substring( + DEFAULT_VERSION_FEATURE_FLAG_PREFIX.length, + f.length - DEFAULT_VERSION_FEATURE_FLAG_SUFFIX.length + ).replace(/_/g, "."); + if (!semver4.valid(version)) { + this.logger.warning( + `Ignoring feature flag ${f} as it does not specify a valid CodeQL version.` + ); + return void 0; + } + return version; + } + async getDefaultCliVersion(variant) { + if (variant === 0 /* DOTCOM */) { + return await this.getDefaultDotcomCliVersion(); + } + return { + cliVersion, + tagName: bundleVersion + }; + } + async getDefaultDotcomCliVersion() { + const response = await this.getAllFeatures(); + const enabledFeatureFlagCliVersions = Object.entries(response).map( + ([f, isEnabled]) => isEnabled ? this.getCliVersionFromFeatureFlag(f) : void 0 + ).filter((f) => f !== void 0); + if (enabledFeatureFlagCliVersions.length === 0) { + this.logger.warning( + `Feature flags do not specify a default CLI version. Falling back to the CLI version shipped with the Action. This is ${cliVersion}.` + ); + const result = { + cliVersion, + tagName: bundleVersion + }; + if (this.hasAccessedRemoteFeatureFlags) { + result.toolsFeatureFlagsValid = false; + } + return result; + } + const maxCliVersion = enabledFeatureFlagCliVersions.reduce( + (maxVersion, currentVersion) => currentVersion > maxVersion ? currentVersion : maxVersion, + enabledFeatureFlagCliVersions[0] + ); + this.logger.debug( + `Derived default CLI version of ${maxCliVersion} from feature flags.` + ); + return { + cliVersion: maxCliVersion, + tagName: `codeql-bundle-v${maxCliVersion}`, + toolsFeatureFlagsValid: true + }; + } + async getValue(feature) { + const response = await this.getAllFeatures(); + if (response === void 0) { + this.logger.debug(`No feature flags API response for ${feature}.`); + return void 0; + } + const features = response[feature]; + if (features === void 0) { + this.logger.debug(`Feature '${feature}' undefined in API response.`); + return void 0; + } + return !!features; + } + async getAllFeatures() { + if (this.cachedApiResponse !== void 0) { + return this.cachedApiResponse; + } + const fileFlags = await this.readLocalFlags(); + if (fileFlags !== void 0) { + this.cachedApiResponse = fileFlags; + return fileFlags; + } + let remoteFlags = await this.loadApiResponse(); + if (remoteFlags === void 0) { + remoteFlags = {}; + } + this.cachedApiResponse = remoteFlags; + await this.writeLocalFlags(remoteFlags); + return remoteFlags; + } + async readLocalFlags() { + try { + if (fs6.existsSync(this.featureFlagsFile)) { + this.logger.debug( + `Loading feature flags from ${this.featureFlagsFile}` + ); + return JSON.parse( + fs6.readFileSync(this.featureFlagsFile, "utf8") + ); + } + } catch (e) { + this.logger.warning( + `Error reading cached feature flags file ${this.featureFlagsFile}: ${e}. Requesting from GitHub instead.` + ); + } + return void 0; + } + async writeLocalFlags(flags) { + try { + this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`); + fs6.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); + } catch (e) { + this.logger.warning( + `Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.` + ); + } + } + async loadApiResponse() { + if (this.gitHubVersion.type !== 0 /* DOTCOM */ && this.gitHubVersion.type !== 2 /* GHE_DOTCOM */) { this.logger.debug( - `Feature ${feature} is enabled via the environment variable ${featureConfig[feature].envVar}.` + "Not running against github.com. Disabling all toggleable features." ); - return true; + this.hasAccessedRemoteFeatureFlags = false; + return {}; } - const apiValue = await this.gitHubFeatureFlags.getValue(feature); - if (apiValue !== void 0) { + try { + const featuresToRequest = Object.entries(featureConfig).filter(([, config]) => !config.legacyApi).map(([f]) => f); + const FEATURES_PER_REQUEST = 25; + const featureChunks = []; + while (featuresToRequest.length > 0) { + featureChunks.push(featuresToRequest.splice(0, FEATURES_PER_REQUEST)); + } + let remoteFlags = {}; + for (const chunk of featureChunks) { + const response = await getApiClient().request( + "GET /repos/:owner/:repo/code-scanning/codeql-action/features", + { + owner: this.repositoryNwo.owner, + repo: this.repositoryNwo.repo, + features: chunk.join(",") + } + ); + const chunkFlags = response.data; + remoteFlags = { ...remoteFlags, ...chunkFlags }; + } this.logger.debug( - `Feature ${feature} is ${apiValue ? "enabled" : "disabled"} via the GitHub API.` + "Loaded the following default values for the feature flags from the Code Scanning API:" ); - return apiValue; + for (const [feature, value] of Object.entries(remoteFlags).sort( + ([nameA], [nameB]) => nameA.localeCompare(nameB) + )) { + this.logger.debug(` ${feature}: ${value}`); + } + this.hasAccessedRemoteFeatureFlags = true; + return remoteFlags; + } catch (e) { + if (isHTTPError(e) && e.status === 403) { + this.logger.warning( + `This run of the CodeQL Action does not have permission to access Code Scanning API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the Action has the 'security-events: write' permission. Details: ${e.message}` + ); + this.hasAccessedRemoteFeatureFlags = false; + return {}; + } else { + throw new Error( + `Encountered an error while trying to determine feature enablement: ${e}` + ); + } } - const defaultValue = featureConfig[feature].defaultValue; - this.logger.debug( - `Feature ${feature} is ${defaultValue ? "enabled" : "disabled"} due to its default value.` + } +}; + +// src/diff-informed-analysis-utils.ts +function getDiffRangesJsonFilePath() { + return path8.join(getTemporaryDirectory(), "pr-diff-range.json"); +} +function readDiffRangesJsonFile(logger) { + const jsonFilePath = getDiffRangesJsonFilePath(); + if (!fs7.existsSync(jsonFilePath)) { + logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); + return void 0; + } + const jsonContents = fs7.readFileSync(jsonFilePath, "utf8"); + logger.debug( + `Read pr-diff-range JSON file from ${jsonFilePath}: +${jsonContents}` + ); + return JSON.parse(jsonContents); +} + +// src/git-utils.ts +var core7 = __toESM(require_core()); +var toolrunner2 = __toESM(require_toolrunner()); +var io3 = __toESM(require_io()); +var runGitCommand = async function(workingDirectory, args, customErrorMessage) { + let stdout = ""; + let stderr = ""; + core7.debug(`Running git command: git ${args.join(" ")}`); + try { + await new toolrunner2.ToolRunner(await io3.which("git", true), args, { + silent: true, + listeners: { + stdout: (data) => { + stdout += data.toString(); + }, + stderr: (data) => { + stderr += data.toString(); + } + }, + cwd: workingDirectory + }).exec(); + return stdout; + } catch (error2) { + let reason = stderr; + if (stderr.includes("not a git repository")) { + reason = "The checkout path provided to the action does not appear to be a git repository."; + } + core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + throw error2; + } +}; +var getCommitOid = async function(checkoutPath, ref = "HEAD") { + try { + const stdout = await runGitCommand( + checkoutPath, + ["rev-parse", ref], + "Continuing with commit SHA from user input or environment." ); - return defaultValue; + return stdout.trim(); + } catch { + return getOptionalInput("sha") || getRequiredEnvParam("GITHUB_SHA"); } }; -var GitHubFeatureFlags = class { - constructor(gitHubVersion, repositoryNwo, featureFlagsFile, logger) { - this.gitHubVersion = gitHubVersion; - this.repositoryNwo = repositoryNwo; - this.featureFlagsFile = featureFlagsFile; - this.logger = logger; - this.hasAccessedRemoteFeatureFlags = false; +var determineBaseBranchHeadCommitOid = async function(checkoutPathOverride) { + if (getWorkflowEventName() !== "pull_request") { + return void 0; } - getCliVersionFromFeatureFlag(f) { - if (!f.startsWith(DEFAULT_VERSION_FEATURE_FLAG_PREFIX) || !f.endsWith(DEFAULT_VERSION_FEATURE_FLAG_SUFFIX)) { - return void 0; + const mergeSha = getRequiredEnvParam("GITHUB_SHA"); + const checkoutPath = checkoutPathOverride ?? getOptionalInput("checkout_path"); + try { + let commitOid = ""; + let baseOid = ""; + let headOid = ""; + const stdout = await runGitCommand( + checkoutPath, + ["show", "-s", "--format=raw", mergeSha], + "Will calculate the base branch SHA on the server." + ); + for (const data of stdout.split("\n")) { + if (data.startsWith("commit ") && commitOid === "") { + commitOid = data.substring(7); + } else if (data.startsWith("parent ")) { + if (baseOid === "") { + baseOid = data.substring(7); + } else if (headOid === "") { + headOid = data.substring(7); + } + } } - const version = f.substring( - DEFAULT_VERSION_FEATURE_FLAG_PREFIX.length, - f.length - DEFAULT_VERSION_FEATURE_FLAG_SUFFIX.length - ).replace(/_/g, "."); - if (!semver4.valid(version)) { - this.logger.warning( - `Ignoring feature flag ${f} as it does not specify a valid CodeQL version.` - ); - return void 0; + if (commitOid === mergeSha && headOid.length === 40 && baseOid.length === 40) { + return baseOid; } - return version; + return void 0; + } catch { + return void 0; } - async getDefaultCliVersion(variant) { - if (variant === 0 /* DOTCOM */) { - return await this.getDefaultDotcomCliVersion(); - } - return { - cliVersion, - tagName: bundleVersion - }; +}; +var decodeGitFilePath = function(filePath) { + if (filePath.startsWith('"') && filePath.endsWith('"')) { + filePath = filePath.substring(1, filePath.length - 1); + return filePath.replace( + /\\([abfnrtv\\"]|[0-7]{1,3})/g, + (_match, seq2) => { + switch (seq2[0]) { + case "a": + return "\x07"; + case "b": + return "\b"; + case "f": + return "\f"; + case "n": + return "\n"; + case "r": + return "\r"; + case "t": + return " "; + case "v": + return "\v"; + case "\\": + return "\\"; + case '"': + return '"'; + default: + return String.fromCharCode(parseInt(seq2, 8)); + } + } + ); } - async getDefaultDotcomCliVersion() { - const response = await this.getAllFeatures(); - const enabledFeatureFlagCliVersions = Object.entries(response).map( - ([f, isEnabled]) => isEnabled ? this.getCliVersionFromFeatureFlag(f) : void 0 - ).filter((f) => f !== void 0); - if (enabledFeatureFlagCliVersions.length === 0) { - this.logger.warning( - `Feature flags do not specify a default CLI version. Falling back to the CLI version shipped with the Action. This is ${cliVersion}.` - ); - const result = { - cliVersion, - tagName: bundleVersion - }; - if (this.hasAccessedRemoteFeatureFlags) { - result.toolsFeatureFlagsValid = false; + return filePath; +}; +var getFileOidsUnderPath = async function(basePath) { + const stdout = await runGitCommand( + basePath, + ["ls-files", "--recurse-submodules", "--format=%(objectname)_%(path)"], + "Cannot list Git OIDs of tracked files." + ); + const fileOidMap = {}; + const regex = /^([0-9a-f]{40})_(.+)$/; + for (const line of stdout.split("\n")) { + if (line) { + const match = line.match(regex); + if (match) { + const oid = match[1]; + const path19 = decodeGitFilePath(match[2]); + fileOidMap[path19] = oid; + } else { + throw new Error(`Unexpected "git ls-files" output: ${line}`); } - return result; } - const maxCliVersion = enabledFeatureFlagCliVersions.reduce( - (maxVersion, currentVersion) => currentVersion > maxVersion ? currentVersion : maxVersion, - enabledFeatureFlagCliVersions[0] + } + return fileOidMap; +}; +function getRefFromEnv() { + let refEnv; + try { + refEnv = getRequiredEnvParam("GITHUB_REF"); + } catch (e) { + const maybeRef = process.env["CODE_SCANNING_REF"]; + if (maybeRef === void 0 || maybeRef.length === 0) { + throw e; + } + refEnv = maybeRef; + } + return refEnv; +} +async function getRef() { + const refInput = getOptionalInput("ref"); + const shaInput = getOptionalInput("sha"); + const checkoutPath = getOptionalInput("checkout_path") || getOptionalInput("source-root") || getRequiredEnvParam("GITHUB_WORKSPACE"); + const hasRefInput = !!refInput; + const hasShaInput = !!shaInput; + if ((hasRefInput || hasShaInput) && !(hasRefInput && hasShaInput)) { + throw new ConfigurationError( + "Both 'ref' and 'sha' are required if one of them is provided." ); - this.logger.debug( - `Derived default CLI version of ${maxCliVersion} from feature flags.` + } + const ref = refInput || getRefFromEnv(); + const sha = shaInput || getRequiredEnvParam("GITHUB_SHA"); + if (refInput) { + return refInput; + } + const pull_ref_regex = /refs\/pull\/(\d+)\/merge/; + if (!pull_ref_regex.test(ref)) { + return ref; + } + const head = await getCommitOid(checkoutPath, "HEAD"); + const hasChangedRef = sha !== head && await getCommitOid( + checkoutPath, + ref.replace(/^refs\/pull\//, "refs/remotes/pull/") + ) !== head; + if (hasChangedRef) { + const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); + core7.debug( + `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` ); - return { - cliVersion: maxCliVersion, - tagName: `codeql-bundle-v${maxCliVersion}`, - toolsFeatureFlagsValid: true - }; + return newRef; + } else { + return ref; } - async getValue(feature) { - const response = await this.getAllFeatures(); - if (response === void 0) { - this.logger.debug(`No feature flags API response for ${feature}.`); - return void 0; - } - const features = response[feature]; - if (features === void 0) { - this.logger.debug(`Feature '${feature}' undefined in API response.`); - return void 0; - } - return !!features; +} +function removeRefsHeadsPrefix(ref) { + return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref; +} +async function isAnalyzingDefaultBranch() { + if (process.env.CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH === "true") { + return true; } - async getAllFeatures() { - if (this.cachedApiResponse !== void 0) { - return this.cachedApiResponse; - } - const fileFlags = await this.readLocalFlags(); - if (fileFlags !== void 0) { - this.cachedApiResponse = fileFlags; - return fileFlags; - } - let remoteFlags = await this.loadApiResponse(); - if (remoteFlags === void 0) { - remoteFlags = {}; - } - this.cachedApiResponse = remoteFlags; - await this.writeLocalFlags(remoteFlags); - return remoteFlags; + let currentRef = await getRef(); + currentRef = removeRefsHeadsPrefix(currentRef); + const event = getWorkflowEvent(); + let defaultBranch = event?.repository?.default_branch; + if (getWorkflowEventName() === "schedule") { + defaultBranch = removeRefsHeadsPrefix(getRefFromEnv()); } - async readLocalFlags() { - try { - if (fs7.existsSync(this.featureFlagsFile)) { - this.logger.debug( - `Loading feature flags from ${this.featureFlagsFile}` - ); - return JSON.parse( - fs7.readFileSync(this.featureFlagsFile, "utf8") - ); - } - } catch (e) { - this.logger.warning( - `Error reading cached feature flags file ${this.featureFlagsFile}: ${e}. Requesting from GitHub instead.` - ); - } - return void 0; + return currentRef === defaultBranch; +} + +// src/overlay-database-utils.ts +var fs8 = __toESM(require("fs")); +var path9 = __toESM(require("path")); +var actionsCache = __toESM(require_cache3()); + +// src/logging.ts +var core8 = __toESM(require_core()); +function getActionsLogger() { + return core8; +} +function withGroup(groupName, f) { + core8.startGroup(groupName); + try { + return f(); + } finally { + core8.endGroup(); } - async writeLocalFlags(flags) { - try { - this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`); - fs7.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); - } catch (e) { - this.logger.warning( - `Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.` - ); - } +} +function formatDuration(durationMs) { + if (durationMs < 1e3) { + return `${durationMs}ms`; } - async loadApiResponse() { - if (this.gitHubVersion.type !== 0 /* DOTCOM */ && this.gitHubVersion.type !== 2 /* GHE_DOTCOM */) { - this.logger.debug( - "Not running against github.com. Disabling all toggleable features." - ); - this.hasAccessedRemoteFeatureFlags = false; - return {}; - } - try { - const featuresToRequest = Object.entries(featureConfig).filter(([, config]) => !config.legacyApi).map(([f]) => f); - const FEATURES_PER_REQUEST = 25; - const featureChunks = []; - while (featuresToRequest.length > 0) { - featureChunks.push(featuresToRequest.splice(0, FEATURES_PER_REQUEST)); - } - let remoteFlags = {}; - for (const chunk of featureChunks) { - const response = await getApiClient().request( - "GET /repos/:owner/:repo/code-scanning/codeql-action/features", - { - owner: this.repositoryNwo.owner, - repo: this.repositoryNwo.repo, - features: chunk.join(",") - } - ); - const chunkFlags = response.data; - remoteFlags = { ...remoteFlags, ...chunkFlags }; - } - this.logger.debug( - "Loaded the following default values for the feature flags from the Code Scanning API:" - ); - for (const [feature, value] of Object.entries(remoteFlags).sort( - ([nameA], [nameB]) => nameA.localeCompare(nameB) - )) { - this.logger.debug(` ${feature}: ${value}`); - } - this.hasAccessedRemoteFeatureFlags = true; - return remoteFlags; - } catch (e) { - if (isHTTPError(e) && e.status === 403) { - this.logger.warning( - `This run of the CodeQL Action does not have permission to access Code Scanning API endpoints. As a result, it will not be opted into any experimental features. This could be because the Action is running on a pull request from a fork. If not, please ensure the Action has the 'security-events: write' permission. Details: ${e.message}` - ); - this.hasAccessedRemoteFeatureFlags = false; - return {}; - } else { - throw new Error( - `Encountered an error while trying to determine feature enablement: ${e}` - ); - } - } + if (durationMs < 60 * 1e3) { + return `${(durationMs / 1e3).toFixed(1)}s`; } -}; + const minutes = Math.floor(durationMs / (60 * 1e3)); + const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3); + return `${minutes}m${seconds}s`; +} -// src/diff-informed-analysis-utils.ts -function getDiffRangesJsonFilePath() { - return path9.join(getTemporaryDirectory(), "pr-diff-range.json"); +// src/overlay-database-utils.ts +var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 15e3; +var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6; +async function writeBaseDatabaseOidsFile(config, sourceRoot) { + const gitFileOids = await getFileOidsUnderPath(sourceRoot); + const gitFileOidsJson = JSON.stringify(gitFileOids); + const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); + await fs8.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); } -function readDiffRangesJsonFile(logger) { - const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs8.existsSync(jsonFilePath)) { - logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); - return void 0; +async function readBaseDatabaseOidsFile(config, logger) { + const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); + try { + const contents = await fs8.promises.readFile( + baseDatabaseOidsFilePath, + "utf-8" + ); + return JSON.parse(contents); + } catch (e) { + logger.error( + `Failed to read overlay-base file OIDs from ${baseDatabaseOidsFilePath}: ${e.message || e}` + ); + throw e; } - const jsonContents = fs8.readFileSync(jsonFilePath, "utf8"); +} +function getBaseDatabaseOidsFilePath(config) { + return path9.join(config.dbLocation, "base-database-oids.json"); +} +async function writeOverlayChangesFile(config, sourceRoot, logger) { + const baseFileOids = await readBaseDatabaseOidsFile(config, logger); + const overlayFileOids = await getFileOidsUnderPath(sourceRoot); + const changedFiles = computeChangedFiles(baseFileOids, overlayFileOids); + logger.info( + `Found ${changedFiles.length} changed file(s) under ${sourceRoot}.` + ); + const changedFilesJson = JSON.stringify({ changes: changedFiles }); + const overlayChangesFile = path9.join( + getTemporaryDirectory(), + "overlay-changes.json" + ); logger.debug( - `Read pr-diff-range JSON file from ${jsonFilePath}: -${jsonContents}` + `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` ); - return JSON.parse(jsonContents); + await fs8.promises.writeFile(overlayChangesFile, changedFilesJson); + return overlayChangesFile; +} +function computeChangedFiles(baseFileOids, overlayFileOids) { + const changes = []; + for (const [file, oid] of Object.entries(overlayFileOids)) { + if (!(file in baseFileOids) || baseFileOids[file] !== oid) { + changes.push(file); + } + } + for (const file of Object.keys(baseFileOids)) { + if (!(file in overlayFileOids)) { + changes.push(file); + } + } + return changes; } // src/trap-caching.ts diff --git a/lib/init-action.js b/lib/init-action.js index c02ecd2ecd..df8f1b6a8e 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -3677,17 +3677,17 @@ var require_util2 = __commonJS({ } function isValidReasonPhrase(statusText) { for (let i = 0; i < statusText.length; ++i) { - const c = statusText.charCodeAt(i); - if (!(c === 9 || // HTAB - c >= 32 && c <= 126 || // SP / VCHAR - c >= 128 && c <= 255)) { + const c2 = statusText.charCodeAt(i); + if (!(c2 === 9 || // HTAB + c2 >= 32 && c2 <= 126 || // SP / VCHAR + c2 >= 128 && c2 <= 255)) { return false; } } return true; } - function isTokenCharCode(c) { - switch (c) { + function isTokenCharCode(c2) { + switch (c2) { case 34: case 40: case 41: @@ -3707,7 +3707,7 @@ var require_util2 = __commonJS({ case 125: return false; default: - return c >= 33 && c <= 126; + return c2 >= 33 && c2 <= 126; } } function isValidHTTPToken(characters) { @@ -6655,7 +6655,7 @@ var require_constants3 = __commonJS({ exports2.HEADER_CHARS.push(i); } } - exports2.CONNECTION_TOKEN_CHARS = exports2.HEADER_CHARS.filter((c) => c !== 44); + exports2.CONNECTION_TOKEN_CHARS = exports2.HEADER_CHARS.filter((c2) => c2 !== 44); exports2.MAJOR = exports2.NUM_MAP; exports2.MINOR = exports2.MAJOR; var HEADER_STATE; @@ -8706,7 +8706,7 @@ var require_pool_base = __commonJS({ pool.emit("drain", origin, [pool, ...targets]); } if (pool[kClosedResolve] && queue.isEmpty()) { - Promise.all(pool[kClients].map((c) => c.close())).then(pool[kClosedResolve]); + Promise.all(pool[kClients].map((c2) => c2.close())).then(pool[kClosedResolve]); } }; this[kOnConnect] = (origin, targets) => { @@ -8755,7 +8755,7 @@ var require_pool_base = __commonJS({ } async [kClose]() { if (this[kQueue].isEmpty()) { - return Promise.all(this[kClients].map((c) => c.close())); + return Promise.all(this[kClients].map((c2) => c2.close())); } else { return new Promise((resolve9) => { this[kClosedResolve] = resolve9; @@ -8770,7 +8770,7 @@ var require_pool_base = __commonJS({ } item.handler.onError(err); } - return Promise.all(this[kClients].map((c) => c.destroy(err))); + return Promise.all(this[kClients].map((c2) => c2.destroy(err))); } [kDispatch](opts, handler) { const dispatcher = this[kGetDispatcher](); @@ -14518,8 +14518,8 @@ var require_util4 = __commonJS({ return new TextDecoder(encoding).decode(sliced); } function BOMSniffing(ioQueue) { - const [a, b, c] = ioQueue; - if (a === 239 && b === 187 && c === 191) { + const [a, b, c2] = ioQueue; + if (a === 239 && b === 187 && c2 === 191) { return "UTF-8"; } else if (a === 254 && b === 255) { return "UTF-16BE"; @@ -17907,7 +17907,7 @@ var require_lib = __commonJS({ } }; exports2.HttpClient = HttpClient2; - var lowercaseKeys = (obj) => Object.keys(obj).reduce((c, k) => (c[k.toLowerCase()] = obj[k], c), {}); + var lowercaseKeys = (obj) => Object.keys(obj).reduce((c2, k) => (c2[k.toLowerCase()] = obj[k], c2), {}); } }); @@ -19256,39 +19256,39 @@ var require_toolrunner = __commonJS({ let inQuotes = false; let escaped = false; let arg = ""; - function append(c) { - if (escaped && c !== '"') { + function append(c2) { + if (escaped && c2 !== '"') { arg += "\\"; } - arg += c; + arg += c2; escaped = false; } for (let i = 0; i < argString.length; i++) { - const c = argString.charAt(i); - if (c === '"') { + const c2 = argString.charAt(i); + if (c2 === '"') { if (!escaped) { inQuotes = !inQuotes; } else { - append(c); + append(c2); } continue; } - if (c === "\\" && escaped) { - append(c); + if (c2 === "\\" && escaped) { + append(c2); continue; } - if (c === "\\" && inQuotes) { + if (c2 === "\\" && inQuotes) { escaped = true; continue; } - if (c === " " && !inQuotes) { + if (c2 === " " && !inQuotes) { if (arg.length > 0) { args.push(arg); arg = ""; } continue; } - append(c); + append(c2); } if (arg.length > 0) { args.push(arg.trim()); @@ -20690,19 +20690,19 @@ var require_range = __commonJS({ this.loose = !!options.loose; this.includePrerelease = !!options.includePrerelease; this.raw = range.trim().replace(SPACE_CHARACTERS, " "); - this.set = this.raw.split("||").map((r) => this.parseRange(r.trim())).filter((c) => c.length); + this.set = this.raw.split("||").map((r) => this.parseRange(r.trim())).filter((c2) => c2.length); if (!this.set.length) { throw new TypeError(`Invalid SemVer Range: ${this.raw}`); } if (this.set.length > 1) { const first = this.set[0]; - this.set = this.set.filter((c) => !isNullSet(c[0])); + this.set = this.set.filter((c2) => !isNullSet(c2[0])); if (this.set.length === 0) { this.set = [first]; } else if (this.set.length > 1) { - for (const c of this.set) { - if (c.length === 1 && isAny(c[0])) { - this.set = [c]; + for (const c2 of this.set) { + if (c2.length === 1 && isAny(c2[0])) { + this.set = [c2]; break; } } @@ -20823,8 +20823,8 @@ var require_range = __commonJS({ caretTrimReplace } = require_re(); var { FLAG_INCLUDE_PRERELEASE, FLAG_LOOSE } = require_constants6(); - var isNullSet = (c) => c.value === "<0.0.0-0"; - var isAny = (c) => c.value === ""; + var isNullSet = (c2) => c2.value === "<0.0.0-0"; + var isAny = (c2) => c2.value === ""; var isSatisfiable = (comparators, options) => { let result = true; const remainingComparators = comparators.slice(); @@ -20851,7 +20851,7 @@ var require_range = __commonJS({ }; var isX = (id) => !id || id.toLowerCase() === "x" || id === "*"; var replaceTildes = (comp, options) => { - return comp.trim().split(/\s+/).map((c) => replaceTilde(c, options)).join(" "); + return comp.trim().split(/\s+/).map((c2) => replaceTilde(c2, options)).join(" "); }; var replaceTilde = (comp, options) => { const r = options.loose ? re[t.TILDELOOSE] : re[t.TILDE]; @@ -20875,7 +20875,7 @@ var require_range = __commonJS({ }); }; var replaceCarets = (comp, options) => { - return comp.trim().split(/\s+/).map((c) => replaceCaret(c, options)).join(" "); + return comp.trim().split(/\s+/).map((c2) => replaceCaret(c2, options)).join(" "); }; var replaceCaret = (comp, options) => { debug3("caret", comp, options); @@ -20923,7 +20923,7 @@ var require_range = __commonJS({ }; var replaceXRanges = (comp, options) => { debug3("replaceXRanges", comp, options); - return comp.split(/\s+/).map((c) => replaceXRange(c, options)).join(" "); + return comp.split(/\s+/).map((c2) => replaceXRange(c2, options)).join(" "); }; var replaceXRange = (comp, options) => { comp = comp.trim(); @@ -21176,7 +21176,7 @@ var require_to_comparators = __commonJS({ "node_modules/semver/ranges/to-comparators.js"(exports2, module2) { "use strict"; var Range2 = require_range(); - var toComparators = (range, options) => new Range2(range, options).set.map((comp) => comp.map((c) => c.value).join(" ").trim().split(" ")); + var toComparators = (range, options) => new Range2(range, options).set.map((comp) => comp.map((c2) => c2.value).join(" ").trim().split(" ")); module2.exports = toComparators; } }); @@ -21521,13 +21521,13 @@ var require_subset = __commonJS({ } const eqSet = /* @__PURE__ */ new Set(); let gt, lt2; - for (const c of sub) { - if (c.operator === ">" || c.operator === ">=") { - gt = higherGT(gt, c, options); - } else if (c.operator === "<" || c.operator === "<=") { - lt2 = lowerLT(lt2, c, options); + for (const c2 of sub) { + if (c2.operator === ">" || c2.operator === ">=") { + gt = higherGT(gt, c2, options); + } else if (c2.operator === "<" || c2.operator === "<=") { + lt2 = lowerLT(lt2, c2, options); } else { - eqSet.add(c.semver); + eqSet.add(c2.semver); } } if (eqSet.size > 1) { @@ -21549,8 +21549,8 @@ var require_subset = __commonJS({ if (lt2 && !satisfies2(eq, String(lt2), options)) { return null; } - for (const c of dom) { - if (!satisfies2(eq, String(c), options)) { + for (const c2 of dom) { + if (!satisfies2(eq, String(c2), options)) { return false; } } @@ -21563,40 +21563,40 @@ var require_subset = __commonJS({ if (needDomLTPre && needDomLTPre.prerelease.length === 1 && lt2.operator === "<" && needDomLTPre.prerelease[0] === 0) { needDomLTPre = false; } - for (const c of dom) { - hasDomGT = hasDomGT || c.operator === ">" || c.operator === ">="; - hasDomLT = hasDomLT || c.operator === "<" || c.operator === "<="; + for (const c2 of dom) { + hasDomGT = hasDomGT || c2.operator === ">" || c2.operator === ">="; + hasDomLT = hasDomLT || c2.operator === "<" || c2.operator === "<="; if (gt) { if (needDomGTPre) { - if (c.semver.prerelease && c.semver.prerelease.length && c.semver.major === needDomGTPre.major && c.semver.minor === needDomGTPre.minor && c.semver.patch === needDomGTPre.patch) { + if (c2.semver.prerelease && c2.semver.prerelease.length && c2.semver.major === needDomGTPre.major && c2.semver.minor === needDomGTPre.minor && c2.semver.patch === needDomGTPre.patch) { needDomGTPre = false; } } - if (c.operator === ">" || c.operator === ">=") { - higher = higherGT(gt, c, options); - if (higher === c && higher !== gt) { + if (c2.operator === ">" || c2.operator === ">=") { + higher = higherGT(gt, c2, options); + if (higher === c2 && higher !== gt) { return false; } - } else if (gt.operator === ">=" && !satisfies2(gt.semver, String(c), options)) { + } else if (gt.operator === ">=" && !satisfies2(gt.semver, String(c2), options)) { return false; } } if (lt2) { if (needDomLTPre) { - if (c.semver.prerelease && c.semver.prerelease.length && c.semver.major === needDomLTPre.major && c.semver.minor === needDomLTPre.minor && c.semver.patch === needDomLTPre.patch) { + if (c2.semver.prerelease && c2.semver.prerelease.length && c2.semver.major === needDomLTPre.major && c2.semver.minor === needDomLTPre.minor && c2.semver.patch === needDomLTPre.patch) { needDomLTPre = false; } } - if (c.operator === "<" || c.operator === "<=") { - lower = lowerLT(lt2, c, options); - if (lower === c && lower !== lt2) { + if (c2.operator === "<" || c2.operator === "<=") { + lower = lowerLT(lt2, c2, options); + if (lower === c2 && lower !== lt2) { return false; } - } else if (lt2.operator === "<=" && !satisfies2(lt2.semver, String(c), options)) { + } else if (lt2.operator === "<=" && !satisfies2(lt2.semver, String(c2), options)) { return false; } } - if (!c.operator && (lt2 || gt) && gtltComp !== 0) { + if (!c2.operator && (lt2 || gt) && gtltComp !== 0) { return false; } } @@ -22184,8 +22184,8 @@ var require_dist_node2 = __commonJS({ }).join(""); } function encodeUnreserved(str2) { - return encodeURIComponent(str2).replace(/[!'()*]/g, function(c) { - return "%" + c.charCodeAt(0).toString(16).toUpperCase(); + return encodeURIComponent(str2).replace(/[!'()*]/g, function(c2) { + return "%" + c2.charCodeAt(0).toString(16).toUpperCase(); }); } function encodeValue(operator, value, key) { @@ -22924,8 +22924,8 @@ var require_dist_node6 = __commonJS({ }).join(""); } function encodeUnreserved(str2) { - return encodeURIComponent(str2).replace(/[!'()*]/g, function(c) { - return "%" + c.charCodeAt(0).toString(16).toUpperCase(); + return encodeURIComponent(str2).replace(/[!'()*]/g, function(c2) { + return "%" + c2.charCodeAt(0).toString(16).toUpperCase(); }); } function encodeValue(operator, value, key) { @@ -34429,25 +34429,25 @@ var require_brace_expansion = __commonJS({ var pad = n.some(isPadded); N = []; for (var i = x; test(i, y); i += incr) { - var c; + var c2; if (isAlphaSequence) { - c = String.fromCharCode(i); - if (c === "\\") - c = ""; + c2 = String.fromCharCode(i); + if (c2 === "\\") + c2 = ""; } else { - c = String(i); + c2 = String(i); if (pad) { - var need = width - c.length; + var need = width - c2.length; if (need > 0) { var z = new Array(need + 1).join("0"); if (i < 0) - c = "-" + z + c.slice(1); + c2 = "-" + z + c2.slice(1); else - c = z + c; + c2 = z + c2; } } } - N.push(c); + N.push(c2); } } else { N = concatMap(n, function(el) { @@ -34495,8 +34495,8 @@ var require_minimatch = __commonJS({ var twoStarNoDot = "(?:(?!(?:\\/|^)\\.).)*?"; var reSpecials = charSet("().*{}+?[]^$\\!"); function charSet(s) { - return s.split("").reduce(function(set2, c) { - set2[c] = true; + return s.split("").reduce(function(set2, c2) { + set2[c2] = true; return set2; }, {}); } @@ -34699,14 +34699,14 @@ var require_minimatch = __commonJS({ stateChar = false; } } - for (var i = 0, len = pattern.length, c; i < len && (c = pattern.charAt(i)); i++) { - this.debug("%s %s %s %j", pattern, i, re, c); - if (escaping && reSpecials[c]) { - re += "\\" + c; + for (var i = 0, len = pattern.length, c2; i < len && (c2 = pattern.charAt(i)); i++) { + this.debug("%s %s %s %j", pattern, i, re, c2); + if (escaping && reSpecials[c2]) { + re += "\\" + c2; escaping = false; continue; } - switch (c) { + switch (c2) { /* istanbul ignore next */ case "/": { return false; @@ -34722,16 +34722,16 @@ var require_minimatch = __commonJS({ case "+": case "@": case "!": - this.debug("%s %s %s %j <-- stateChar", pattern, i, re, c); + this.debug("%s %s %s %j <-- stateChar", pattern, i, re, c2); if (inClass) { this.debug(" in class"); - if (c === "!" && i === classStart + 1) c = "^"; - re += c; + if (c2 === "!" && i === classStart + 1) c2 = "^"; + re += c2; continue; } self2.debug("call clearStateChar %j", stateChar); clearStateChar(); - stateChar = c; + stateChar = c2; if (options.noext) clearStateChar(); continue; case "(": @@ -34781,17 +34781,17 @@ var require_minimatch = __commonJS({ case "[": clearStateChar(); if (inClass) { - re += "\\" + c; + re += "\\" + c2; continue; } inClass = true; classStart = i; reClassStart = re.length; - re += c; + re += c2; continue; case "]": if (i === classStart + 1 || !inClass) { - re += "\\" + c; + re += "\\" + c2; escaping = false; continue; } @@ -34807,16 +34807,16 @@ var require_minimatch = __commonJS({ } hasMagic = true; inClass = false; - re += c; + re += c2; continue; default: clearStateChar(); if (escaping) { escaping = false; - } else if (reSpecials[c] && !(c === "^" && inClass)) { + } else if (reSpecials[c2] && !(c2 === "^" && inClass)) { re += "\\"; } - re += c; + re += c2; } } if (inClass) { @@ -35289,25 +35289,25 @@ var require_internal_pattern = __commonJS({ static getLiteral(segment) { let literal = ""; for (let i = 0; i < segment.length; i++) { - const c = segment[i]; - if (c === "\\" && !IS_WINDOWS && i + 1 < segment.length) { + const c2 = segment[i]; + if (c2 === "\\" && !IS_WINDOWS && i + 1 < segment.length) { literal += segment[++i]; continue; - } else if (c === "*" || c === "?") { + } else if (c2 === "*" || c2 === "?") { return ""; - } else if (c === "[" && i + 1 < segment.length) { + } else if (c2 === "[" && i + 1 < segment.length) { let set2 = ""; let closed = -1; for (let i2 = i + 1; i2 < segment.length; i2++) { - const c2 = segment[i2]; - if (c2 === "\\" && !IS_WINDOWS && i2 + 1 < segment.length) { + const c22 = segment[i2]; + if (c22 === "\\" && !IS_WINDOWS && i2 + 1 < segment.length) { set2 += segment[++i2]; continue; - } else if (c2 === "]") { + } else if (c22 === "]") { closed = i2; break; } else { - set2 += c2; + set2 += c22; } } if (closed >= 0) { @@ -35321,7 +35321,7 @@ var require_internal_pattern = __commonJS({ } } } - literal += c; + literal += c2; } return literal; } @@ -36320,8 +36320,8 @@ var require_semver3 = __commonJS({ this.raw = range.trim().split(/\s+/).join(" "); this.set = this.raw.split("||").map(function(range2) { return this.parseRange(range2.trim()); - }, this).filter(function(c) { - return c.length; + }, this).filter(function(c2) { + return c2.length; }); if (!this.set.length) { throw new TypeError("Invalid SemVer Range: " + this.raw); @@ -36390,8 +36390,8 @@ var require_semver3 = __commonJS({ exports2.toComparators = toComparators; function toComparators(range, options) { return new Range2(range, options).set.map(function(comp) { - return comp.map(function(c) { - return c.value; + return comp.map(function(c2) { + return c2.value; }).join(" ").trim().split(" "); }); } @@ -38098,10 +38098,10 @@ function __rest(s, e) { return t; } function __decorate(decorators, target, key, desc) { - var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; + var c2 = arguments.length, r = c2 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); - else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; - return c > 3 && r && Object.defineProperty(target, key, r), r; + else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c2 < 3 ? d(r) : c2 > 3 ? d(target, key, r) : d(target, key)) || r; + return c2 > 3 && r && Object.defineProperty(target, key, r), r; } function __param(paramIndex, decorator) { return function(target, key) { @@ -39817,8 +39817,8 @@ var require_browser = __commonJS({ if (!this.useColors) { return; } - const c = "color: " + this.color; - args.splice(1, 0, c, "color: inherit"); + const c2 = "color: " + this.color; + args.splice(1, 0, c2, "color: inherit"); let index = 0; let lastC = 0; args[0].replace(/%[a-zA-Z%]/g, (match) => { @@ -39830,7 +39830,7 @@ var require_browser = __commonJS({ lastC = index; } }); - args.splice(lastC, 0, c); + args.splice(lastC, 0, c2); } exports2.log = console.debug || console.log || (() => { }); @@ -40114,8 +40114,8 @@ var require_node = __commonJS({ function formatArgs(args) { const { namespace: name, useColors: useColors2 } = this; if (useColors2) { - const c = this.color; - const colorCode = "\x1B[3" + (c < 8 ? c : "8;5;" + c); + const c2 = this.color; + const colorCode = "\x1B[3" + (c2 < 8 ? c2 : "8;5;" + c2); const prefix = ` ${colorCode};1m${name} \x1B[0m`; args[0] = prefix + args[0].split("\n").join("\n" + prefix); args.push(colorCode + "m+" + module2.exports.humanize(this.diff) + "\x1B[0m"); @@ -42315,10 +42315,10 @@ function __rest2(s, e) { return t; } function __decorate2(decorators, target, key, desc) { - var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; + var c2 = arguments.length, r = c2 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); - else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; - return c > 3 && r && Object.defineProperty(target, key, r), r; + else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c2 < 3 ? d(r) : c2 > 3 ? d(target, key, r) : d(target, key)) || r; + return c2 > 3 && r && Object.defineProperty(target, key, r), r; } function __param2(paramIndex, decorator) { return function(target, key) { @@ -43052,10 +43052,10 @@ function __rest3(s, e) { return t; } function __decorate3(decorators, target, key, desc) { - var c = arguments.length, r = c < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; + var c2 = arguments.length, r = c2 < 3 ? target : desc === null ? desc = Object.getOwnPropertyDescriptor(target, key) : desc, d; if (typeof Reflect === "object" && typeof Reflect.decorate === "function") r = Reflect.decorate(decorators, target, key, desc); - else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c < 3 ? d(r) : c > 3 ? d(target, key, r) : d(target, key)) || r; - return c > 3 && r && Object.defineProperty(target, key, r), r; + else for (var i = decorators.length - 1; i >= 0; i--) if (d = decorators[i]) r = (c2 < 3 ? d(r) : c2 > 3 ? d(target, key, r) : d(target, key)) || r; + return c2 > 3 && r && Object.defineProperty(target, key, r), r; } function __param3(paramIndex, decorator) { return function(target, key) { @@ -48663,7 +48663,7 @@ var require_dist6 = __commonJS({ onProgress(callback) { this.pollProgressCallbacks.push(callback); return () => { - this.pollProgressCallbacks = this.pollProgressCallbacks.filter((c) => c !== callback); + this.pollProgressCallbacks = this.pollProgressCallbacks.filter((c2) => c2 !== callback); }; } /** @@ -71156,8 +71156,8 @@ ${key}:${decodeURIComponent(lowercaseQueries[key])}`; */ static parse(permissions) { const accountSASPermissions = new _AccountSASPermissions(); - for (const c of permissions) { - switch (c) { + for (const c2 of permissions) { + switch (c2) { case "r": accountSASPermissions.read = true; break; @@ -71198,7 +71198,7 @@ ${key}:${decodeURIComponent(lowercaseQueries[key])}`; accountSASPermissions.permanentDelete = true; break; default: - throw new RangeError(`Invalid permission character: ${c}`); + throw new RangeError(`Invalid permission character: ${c2}`); } } return accountSASPermissions; @@ -71320,8 +71320,8 @@ ${key}:${decodeURIComponent(lowercaseQueries[key])}`; */ static parse(resourceTypes) { const accountSASResourceTypes = new _AccountSASResourceTypes(); - for (const c of resourceTypes) { - switch (c) { + for (const c2 of resourceTypes) { + switch (c2) { case "s": accountSASResourceTypes.service = true; break; @@ -71332,7 +71332,7 @@ ${key}:${decodeURIComponent(lowercaseQueries[key])}`; accountSASResourceTypes.object = true; break; default: - throw new RangeError(`Invalid resource type: ${c}`); + throw new RangeError(`Invalid resource type: ${c2}`); } } return accountSASResourceTypes; @@ -71372,8 +71372,8 @@ ${key}:${decodeURIComponent(lowercaseQueries[key])}`; */ static parse(services) { const accountSASServices = new _AccountSASServices(); - for (const c of services) { - switch (c) { + for (const c2 of services) { + switch (c2) { case "b": accountSASServices.blob = true; break; @@ -71387,7 +71387,7 @@ ${key}:${decodeURIComponent(lowercaseQueries[key])}`; accountSASServices.table = true; break; default: - throw new RangeError(`Invalid service character: ${c}`); + throw new RangeError(`Invalid service character: ${c2}`); } } return accountSASServices; @@ -74549,9 +74549,9 @@ var require_json_format_contract = __commonJS({ exports2.jsonWriteOptions = jsonWriteOptions; function mergeJsonOptions(a, b) { var _a, _b; - let c = Object.assign(Object.assign({}, a), b); - c.typeRegistry = [...(_a = a === null || a === void 0 ? void 0 : a.typeRegistry) !== null && _a !== void 0 ? _a : [], ...(_b = b === null || b === void 0 ? void 0 : b.typeRegistry) !== null && _b !== void 0 ? _b : []]; - return c; + let c2 = Object.assign(Object.assign({}, a), b); + c2.typeRegistry = [...(_a = a === null || a === void 0 ? void 0 : a.typeRegistry) !== null && _a !== void 0 ? _a : [], ...(_b = b === null || b === void 0 ? void 0 : b.typeRegistry) !== null && _b !== void 0 ? _b : []]; + return c2; } exports2.mergeJsonOptions = mergeJsonOptions; } @@ -76688,14 +76688,14 @@ var require_rpc_options = __commonJS({ function copy(a, into) { if (!a) return; - let c = into; + let c2 = into; for (let [k, v] of Object.entries(a)) { if (v instanceof Date) - c[k] = new Date(v.getTime()); + c2[k] = new Date(v.getTime()); else if (Array.isArray(v)) - c[k] = v.concat(); + c2[k] = v.concat(); else - c[k] = v; + c2[k] = v; } } } @@ -79848,25 +79848,25 @@ var require_internal_pattern2 = __commonJS({ static getLiteral(segment) { let literal = ""; for (let i = 0; i < segment.length; i++) { - const c = segment[i]; - if (c === "\\" && !IS_WINDOWS && i + 1 < segment.length) { + const c2 = segment[i]; + if (c2 === "\\" && !IS_WINDOWS && i + 1 < segment.length) { literal += segment[++i]; continue; - } else if (c === "*" || c === "?") { + } else if (c2 === "*" || c2 === "?") { return ""; - } else if (c === "[" && i + 1 < segment.length) { + } else if (c2 === "[" && i + 1 < segment.length) { let set2 = ""; let closed = -1; for (let i2 = i + 1; i2 < segment.length; i2++) { - const c2 = segment[i2]; - if (c2 === "\\" && !IS_WINDOWS && i2 + 1 < segment.length) { + const c22 = segment[i2]; + if (c22 === "\\" && !IS_WINDOWS && i2 + 1 < segment.length) { set2 += segment[++i2]; continue; - } else if (c2 === "]") { + } else if (c22 === "]") { closed = i2; break; } else { - set2 += c2; + set2 += c22; } } if (closed >= 0) { @@ -79880,7 +79880,7 @@ var require_internal_pattern2 = __commonJS({ } } } - literal += c; + literal += c2; } return literal; } @@ -81116,9 +81116,9 @@ var require_tool_cache = __commonJS({ core14.debug("finished caching tool"); } function isExplicitVersion(versionSpec) { - const c = semver9.clean(versionSpec) || ""; - core14.debug(`isExplicit: ${c}`); - const valid3 = semver9.valid(c) != null; + const c2 = semver9.clean(versionSpec) || ""; + core14.debug(`isExplicit: ${c2}`); + const valid3 = semver9.valid(c2) != null; core14.debug(`explicit? ${valid3}`); return valid3; } @@ -83091,14 +83091,14 @@ var bool = new type("tag:yaml.org,2002:bool", { }, defaultStyle: "lowercase" }); -function isHexCode(c) { - return 48 <= c && c <= 57 || 65 <= c && c <= 70 || 97 <= c && c <= 102; +function isHexCode(c2) { + return 48 <= c2 && c2 <= 57 || 65 <= c2 && c2 <= 70 || 97 <= c2 && c2 <= 102; } -function isOctCode(c) { - return 48 <= c && c <= 55; +function isOctCode(c2) { + return 48 <= c2 && c2 <= 55; } -function isDecCode(c) { - return 48 <= c && c <= 57; +function isDecCode(c2) { + return 48 <= c2 && c2 <= 57; } function resolveYamlInteger(data) { if (data === null) return false; @@ -83528,57 +83528,57 @@ var PATTERN_TAG_URI = /^(?:!|[^,\[\]\{\}])(?:%[0-9a-f]{2}|[0-9a-z\-#;\/\?:@&=\+\ function _class(obj) { return Object.prototype.toString.call(obj); } -function is_EOL(c) { - return c === 10 || c === 13; +function is_EOL(c2) { + return c2 === 10 || c2 === 13; } -function is_WHITE_SPACE(c) { - return c === 9 || c === 32; +function is_WHITE_SPACE(c2) { + return c2 === 9 || c2 === 32; } -function is_WS_OR_EOL(c) { - return c === 9 || c === 32 || c === 10 || c === 13; +function is_WS_OR_EOL(c2) { + return c2 === 9 || c2 === 32 || c2 === 10 || c2 === 13; } -function is_FLOW_INDICATOR(c) { - return c === 44 || c === 91 || c === 93 || c === 123 || c === 125; +function is_FLOW_INDICATOR(c2) { + return c2 === 44 || c2 === 91 || c2 === 93 || c2 === 123 || c2 === 125; } -function fromHexCode(c) { +function fromHexCode(c2) { var lc; - if (48 <= c && c <= 57) { - return c - 48; + if (48 <= c2 && c2 <= 57) { + return c2 - 48; } - lc = c | 32; + lc = c2 | 32; if (97 <= lc && lc <= 102) { return lc - 97 + 10; } return -1; } -function escapedHexLen(c) { - if (c === 120) { +function escapedHexLen(c2) { + if (c2 === 120) { return 2; } - if (c === 117) { + if (c2 === 117) { return 4; } - if (c === 85) { + if (c2 === 85) { return 8; } return 0; } -function fromDecimalCode(c) { - if (48 <= c && c <= 57) { - return c - 48; +function fromDecimalCode(c2) { + if (48 <= c2 && c2 <= 57) { + return c2 - 48; } return -1; } -function simpleEscapeSequence(c) { - return c === 48 ? "\0" : c === 97 ? "\x07" : c === 98 ? "\b" : c === 116 ? " " : c === 9 ? " " : c === 110 ? "\n" : c === 118 ? "\v" : c === 102 ? "\f" : c === 114 ? "\r" : c === 101 ? "\x1B" : c === 32 ? " " : c === 34 ? '"' : c === 47 ? "/" : c === 92 ? "\\" : c === 78 ? "\x85" : c === 95 ? "\xA0" : c === 76 ? "\u2028" : c === 80 ? "\u2029" : ""; +function simpleEscapeSequence(c2) { + return c2 === 48 ? "\0" : c2 === 97 ? "\x07" : c2 === 98 ? "\b" : c2 === 116 ? " " : c2 === 9 ? " " : c2 === 110 ? "\n" : c2 === 118 ? "\v" : c2 === 102 ? "\f" : c2 === 114 ? "\r" : c2 === 101 ? "\x1B" : c2 === 32 ? " " : c2 === 34 ? '"' : c2 === 47 ? "/" : c2 === 92 ? "\\" : c2 === 78 ? "\x85" : c2 === 95 ? "\xA0" : c2 === 76 ? "\u2028" : c2 === 80 ? "\u2029" : ""; } -function charFromCodepoint(c) { - if (c <= 65535) { - return String.fromCharCode(c); +function charFromCodepoint(c2) { + if (c2 <= 65535) { + return String.fromCharCode(c2); } return String.fromCharCode( - (c - 65536 >> 10) + 55296, - (c - 65536 & 1023) + 56320 + (c2 - 65536 >> 10) + 55296, + (c2 - 65536 & 1023) + 56320 ); } var simpleEscapeCheck = new Array(256); @@ -84817,31 +84817,31 @@ function testImplicitResolving(state, str2) { } return false; } -function isWhitespace(c) { - return c === CHAR_SPACE || c === CHAR_TAB; +function isWhitespace(c2) { + return c2 === CHAR_SPACE || c2 === CHAR_TAB; } -function isPrintable(c) { - return 32 <= c && c <= 126 || 161 <= c && c <= 55295 && c !== 8232 && c !== 8233 || 57344 <= c && c <= 65533 && c !== CHAR_BOM || 65536 <= c && c <= 1114111; +function isPrintable(c2) { + return 32 <= c2 && c2 <= 126 || 161 <= c2 && c2 <= 55295 && c2 !== 8232 && c2 !== 8233 || 57344 <= c2 && c2 <= 65533 && c2 !== CHAR_BOM || 65536 <= c2 && c2 <= 1114111; } -function isNsCharOrWhitespace(c) { - return isPrintable(c) && c !== CHAR_BOM && c !== CHAR_CARRIAGE_RETURN && c !== CHAR_LINE_FEED; +function isNsCharOrWhitespace(c2) { + return isPrintable(c2) && c2 !== CHAR_BOM && c2 !== CHAR_CARRIAGE_RETURN && c2 !== CHAR_LINE_FEED; } -function isPlainSafe(c, prev, inblock) { - var cIsNsCharOrWhitespace = isNsCharOrWhitespace(c); - var cIsNsChar = cIsNsCharOrWhitespace && !isWhitespace(c); +function isPlainSafe(c2, prev, inblock) { + var cIsNsCharOrWhitespace = isNsCharOrWhitespace(c2); + var cIsNsChar = cIsNsCharOrWhitespace && !isWhitespace(c2); return ( // ns-plain-safe (inblock ? ( // c = flow-in cIsNsCharOrWhitespace - ) : cIsNsCharOrWhitespace && c !== CHAR_COMMA && c !== CHAR_LEFT_SQUARE_BRACKET && c !== CHAR_RIGHT_SQUARE_BRACKET && c !== CHAR_LEFT_CURLY_BRACKET && c !== CHAR_RIGHT_CURLY_BRACKET) && c !== CHAR_SHARP && !(prev === CHAR_COLON && !cIsNsChar) || isNsCharOrWhitespace(prev) && !isWhitespace(prev) && c === CHAR_SHARP || prev === CHAR_COLON && cIsNsChar + ) : cIsNsCharOrWhitespace && c2 !== CHAR_COMMA && c2 !== CHAR_LEFT_SQUARE_BRACKET && c2 !== CHAR_RIGHT_SQUARE_BRACKET && c2 !== CHAR_LEFT_CURLY_BRACKET && c2 !== CHAR_RIGHT_CURLY_BRACKET) && c2 !== CHAR_SHARP && !(prev === CHAR_COLON && !cIsNsChar) || isNsCharOrWhitespace(prev) && !isWhitespace(prev) && c2 === CHAR_SHARP || prev === CHAR_COLON && cIsNsChar ); } -function isPlainSafeFirst(c) { - return isPrintable(c) && c !== CHAR_BOM && !isWhitespace(c) && c !== CHAR_MINUS && c !== CHAR_QUESTION && c !== CHAR_COLON && c !== CHAR_COMMA && c !== CHAR_LEFT_SQUARE_BRACKET && c !== CHAR_RIGHT_SQUARE_BRACKET && c !== CHAR_LEFT_CURLY_BRACKET && c !== CHAR_RIGHT_CURLY_BRACKET && c !== CHAR_SHARP && c !== CHAR_AMPERSAND && c !== CHAR_ASTERISK && c !== CHAR_EXCLAMATION && c !== CHAR_VERTICAL_LINE && c !== CHAR_EQUALS && c !== CHAR_GREATER_THAN && c !== CHAR_SINGLE_QUOTE && c !== CHAR_DOUBLE_QUOTE && c !== CHAR_PERCENT && c !== CHAR_COMMERCIAL_AT && c !== CHAR_GRAVE_ACCENT; +function isPlainSafeFirst(c2) { + return isPrintable(c2) && c2 !== CHAR_BOM && !isWhitespace(c2) && c2 !== CHAR_MINUS && c2 !== CHAR_QUESTION && c2 !== CHAR_COLON && c2 !== CHAR_COMMA && c2 !== CHAR_LEFT_SQUARE_BRACKET && c2 !== CHAR_RIGHT_SQUARE_BRACKET && c2 !== CHAR_LEFT_CURLY_BRACKET && c2 !== CHAR_RIGHT_CURLY_BRACKET && c2 !== CHAR_SHARP && c2 !== CHAR_AMPERSAND && c2 !== CHAR_ASTERISK && c2 !== CHAR_EXCLAMATION && c2 !== CHAR_VERTICAL_LINE && c2 !== CHAR_EQUALS && c2 !== CHAR_GREATER_THAN && c2 !== CHAR_SINGLE_QUOTE && c2 !== CHAR_DOUBLE_QUOTE && c2 !== CHAR_PERCENT && c2 !== CHAR_COMMERCIAL_AT && c2 !== CHAR_GRAVE_ACCENT; } -function isPlainSafeLast(c) { - return !isWhitespace(c) && c !== CHAR_COLON; +function isPlainSafeLast(c2) { + return !isWhitespace(c2) && c2 !== CHAR_COLON; } function codePointAt(string, pos) { var first = string.charCodeAt(pos), second; @@ -86558,414 +86558,14 @@ function generateCodeScanningConfig(logger, originalUserInput, augmentationPrope } // src/feature-flags.ts -var fs7 = __toESM(require("fs")); -var path9 = __toESM(require("path")); +var fs6 = __toESM(require("fs")); +var path8 = __toESM(require("path")); var semver4 = __toESM(require_semver2()); // src/defaults.json var bundleVersion = "codeql-bundle-v2.23.1"; var cliVersion = "2.23.1"; -// src/overlay-database-utils.ts -var crypto = __toESM(require("crypto")); -var fs6 = __toESM(require("fs")); -var path8 = __toESM(require("path")); -var actionsCache = __toESM(require_cache3()); - -// src/git-utils.ts -var core7 = __toESM(require_core()); -var toolrunner2 = __toESM(require_toolrunner()); -var io3 = __toESM(require_io()); -var runGitCommand = async function(workingDirectory, args, customErrorMessage) { - let stdout = ""; - let stderr = ""; - core7.debug(`Running git command: git ${args.join(" ")}`); - try { - await new toolrunner2.ToolRunner(await io3.which("git", true), args, { - silent: true, - listeners: { - stdout: (data) => { - stdout += data.toString(); - }, - stderr: (data) => { - stderr += data.toString(); - } - }, - cwd: workingDirectory - }).exec(); - return stdout; - } catch (error2) { - let reason = stderr; - if (stderr.includes("not a git repository")) { - reason = "The checkout path provided to the action does not appear to be a git repository."; - } - core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); - throw error2; - } -}; -var getCommitOid = async function(checkoutPath, ref = "HEAD") { - try { - const stdout = await runGitCommand( - checkoutPath, - ["rev-parse", ref], - "Continuing with commit SHA from user input or environment." - ); - return stdout.trim(); - } catch { - return getOptionalInput("sha") || getRequiredEnvParam("GITHUB_SHA"); - } -}; -var decodeGitFilePath = function(filePath) { - if (filePath.startsWith('"') && filePath.endsWith('"')) { - filePath = filePath.substring(1, filePath.length - 1); - return filePath.replace( - /\\([abfnrtv\\"]|[0-7]{1,3})/g, - (_match, seq2) => { - switch (seq2[0]) { - case "a": - return "\x07"; - case "b": - return "\b"; - case "f": - return "\f"; - case "n": - return "\n"; - case "r": - return "\r"; - case "t": - return " "; - case "v": - return "\v"; - case "\\": - return "\\"; - case '"': - return '"'; - default: - return String.fromCharCode(parseInt(seq2, 8)); - } - } - ); - } - return filePath; -}; -var getGitRoot = async function(sourceRoot) { - try { - const stdout = await runGitCommand( - sourceRoot, - ["rev-parse", "--show-toplevel"], - `Cannot find Git repository root from the source root ${sourceRoot}.` - ); - return stdout.trim(); - } catch { - return void 0; - } -}; -var getFileOidsUnderPath = async function(basePath) { - const stdout = await runGitCommand( - basePath, - ["ls-files", "--recurse-submodules", "--format=%(objectname)_%(path)"], - "Cannot list Git OIDs of tracked files." - ); - const fileOidMap = {}; - const regex = /^([0-9a-f]{40})_(.+)$/; - for (const line of stdout.split("\n")) { - if (line) { - const match = line.match(regex); - if (match) { - const oid = match[1]; - const path20 = decodeGitFilePath(match[2]); - fileOidMap[path20] = oid; - } else { - throw new Error(`Unexpected "git ls-files" output: ${line}`); - } - } - } - return fileOidMap; -}; -function getRefFromEnv() { - let refEnv; - try { - refEnv = getRequiredEnvParam("GITHUB_REF"); - } catch (e) { - const maybeRef = process.env["CODE_SCANNING_REF"]; - if (maybeRef === void 0 || maybeRef.length === 0) { - throw e; - } - refEnv = maybeRef; - } - return refEnv; -} -async function getRef() { - const refInput = getOptionalInput("ref"); - const shaInput = getOptionalInput("sha"); - const checkoutPath = getOptionalInput("checkout_path") || getOptionalInput("source-root") || getRequiredEnvParam("GITHUB_WORKSPACE"); - const hasRefInput = !!refInput; - const hasShaInput = !!shaInput; - if ((hasRefInput || hasShaInput) && !(hasRefInput && hasShaInput)) { - throw new ConfigurationError( - "Both 'ref' and 'sha' are required if one of them is provided." - ); - } - const ref = refInput || getRefFromEnv(); - const sha = shaInput || getRequiredEnvParam("GITHUB_SHA"); - if (refInput) { - return refInput; - } - const pull_ref_regex = /refs\/pull\/(\d+)\/merge/; - if (!pull_ref_regex.test(ref)) { - return ref; - } - const head = await getCommitOid(checkoutPath, "HEAD"); - const hasChangedRef = sha !== head && await getCommitOid( - checkoutPath, - ref.replace(/^refs\/pull\//, "refs/remotes/pull/") - ) !== head; - if (hasChangedRef) { - const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core7.debug( - `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` - ); - return newRef; - } else { - return ref; - } -} -function removeRefsHeadsPrefix(ref) { - return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref; -} -async function isAnalyzingDefaultBranch() { - if (process.env.CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH === "true") { - return true; - } - let currentRef = await getRef(); - currentRef = removeRefsHeadsPrefix(currentRef); - const event = getWorkflowEvent(); - let defaultBranch = event?.repository?.default_branch; - if (getWorkflowEventName() === "schedule") { - defaultBranch = removeRefsHeadsPrefix(getRefFromEnv()); - } - return currentRef === defaultBranch; -} - -// src/logging.ts -var core8 = __toESM(require_core()); -function getActionsLogger() { - return core8; -} -async function withGroupAsync(groupName, f) { - core8.startGroup(groupName); - try { - return await f(); - } finally { - core8.endGroup(); - } -} -function formatDuration(durationMs) { - if (durationMs < 1e3) { - return `${durationMs}ms`; - } - if (durationMs < 60 * 1e3) { - return `${(durationMs / 1e3).toFixed(1)}s`; - } - const minutes = Math.floor(durationMs / (60 * 1e3)); - const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3); - return `${minutes}m${seconds}s`; -} - -// src/overlay-database-utils.ts -var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4"; -var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 15e3; -var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6; -async function writeBaseDatabaseOidsFile(config, sourceRoot) { - const gitFileOids = await getFileOidsUnderPath(sourceRoot); - const gitFileOidsJson = JSON.stringify(gitFileOids); - const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs6.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); -} -async function readBaseDatabaseOidsFile(config, logger) { - const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - try { - const contents = await fs6.promises.readFile( - baseDatabaseOidsFilePath, - "utf-8" - ); - return JSON.parse(contents); - } catch (e) { - logger.error( - `Failed to read overlay-base file OIDs from ${baseDatabaseOidsFilePath}: ${e.message || e}` - ); - throw e; - } -} -function getBaseDatabaseOidsFilePath(config) { - return path8.join(config.dbLocation, "base-database-oids.json"); -} -async function writeOverlayChangesFile(config, sourceRoot, logger) { - const baseFileOids = await readBaseDatabaseOidsFile(config, logger); - const overlayFileOids = await getFileOidsUnderPath(sourceRoot); - const changedFiles = computeChangedFiles(baseFileOids, overlayFileOids); - logger.info( - `Found ${changedFiles.length} changed file(s) under ${sourceRoot}.` - ); - const changedFilesJson = JSON.stringify({ changes: changedFiles }); - const overlayChangesFile = path8.join( - getTemporaryDirectory(), - "overlay-changes.json" - ); - logger.debug( - `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` - ); - await fs6.promises.writeFile(overlayChangesFile, changedFilesJson); - return overlayChangesFile; -} -function computeChangedFiles(baseFileOids, overlayFileOids) { - const changes = []; - for (const [file, oid] of Object.entries(overlayFileOids)) { - if (!(file in baseFileOids) || baseFileOids[file] !== oid) { - changes.push(file); - } - } - for (const file of Object.keys(baseFileOids)) { - if (!(file in overlayFileOids)) { - changes.push(file); - } - } - return changes; -} -var CACHE_VERSION = 1; -var CACHE_PREFIX = "codeql-overlay-base-database"; -var MAX_CACHE_OPERATION_MS = 6e5; -function checkOverlayBaseDatabase(config, logger, warningPrefix) { - const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - if (!fs6.existsSync(baseDatabaseOidsFilePath)) { - logger.warning( - `${warningPrefix}: ${baseDatabaseOidsFilePath} does not exist` - ); - return false; - } - return true; -} -async function downloadOverlayBaseDatabaseFromCache(codeql, config, logger) { - const overlayDatabaseMode = config.overlayDatabaseMode; - if (overlayDatabaseMode !== "overlay" /* Overlay */) { - logger.debug( - `Overlay database mode is ${overlayDatabaseMode}. Skip downloading overlay-base database from cache.` - ); - return void 0; - } - if (!config.useOverlayDatabaseCaching) { - logger.debug( - "Overlay database caching is disabled. Skip downloading overlay-base database from cache." - ); - return void 0; - } - if (isInTestMode()) { - logger.debug( - "In test mode. Skip downloading overlay-base database from cache." - ); - return void 0; - } - const dbLocation = config.dbLocation; - const codeQlVersion = (await codeql.getVersion()).version; - const cacheRestoreKeyPrefix = await getCacheRestoreKeyPrefix( - config, - codeQlVersion - ); - logger.info( - `Looking in Actions cache for overlay-base database with restore key ${cacheRestoreKeyPrefix}` - ); - let databaseDownloadDurationMs = 0; - try { - const databaseDownloadStart = performance.now(); - const foundKey = await waitForResultWithTimeLimit( - // This ten-minute limit for the cache restore operation is mainly to - // guard against the possibility that the cache service is unresponsive - // and hangs outside the data download. - // - // Data download (which is normally the most time-consuming part of the - // restore operation) should not run long enough to hit this limit. Even - // for an extremely large 10GB database, at a download speed of 40MB/s - // (see below), the download should complete within five minutes. If we - // do hit this limit, there are likely more serious problems other than - // mere slow download speed. - // - // This is important because we don't want any ongoing file operations - // on the database directory when we do hit this limit. Hitting this - // time limit takes us to a fallback path where we re-initialize the - // database from scratch at dbLocation, and having the cache restore - // operation continue to write into dbLocation in the background would - // really mess things up. We want to hit this limit only in the case - // of a hung cache service, not just slow download speed. - MAX_CACHE_OPERATION_MS, - actionsCache.restoreCache( - [dbLocation], - cacheRestoreKeyPrefix, - void 0, - { - // Azure SDK download (which is the default) uses 128MB segments; see - // https://github.com/actions/toolkit/blob/main/packages/cache/README.md. - // Setting segmentTimeoutInMs to 3000 translates to segment download - // speed of about 40 MB/s, which should be achievable unless the - // download is unreliable (in which case we do want to abort). - segmentTimeoutInMs: 3e3 - } - ), - () => { - logger.info("Timed out downloading overlay-base database from cache"); - } - ); - databaseDownloadDurationMs = Math.round( - performance.now() - databaseDownloadStart - ); - if (foundKey === void 0) { - logger.info("No overlay-base database found in Actions cache"); - return void 0; - } - logger.info( - `Downloaded overlay-base database in cache with key ${foundKey}` - ); - } catch (error2) { - logger.warning( - `Failed to download overlay-base database from cache: ${error2 instanceof Error ? error2.message : String(error2)}` - ); - return void 0; - } - const databaseIsValid = checkOverlayBaseDatabase( - config, - logger, - "Downloaded overlay-base database is invalid" - ); - if (!databaseIsValid) { - logger.warning("Downloaded overlay-base database failed validation"); - return void 0; - } - const databaseSizeBytes = await tryGetFolderBytes(dbLocation, logger); - if (databaseSizeBytes === void 0) { - logger.info( - "Filesystem error while accessing downloaded overlay-base database" - ); - return void 0; - } - logger.info(`Successfully downloaded overlay-base database to ${dbLocation}`); - return { - databaseSizeBytes: Math.round(databaseSizeBytes), - databaseDownloadDurationMs - }; -} -async function getCacheRestoreKeyPrefix(config, codeQlVersion) { - const languages = [...config.languages].sort().join("_"); - const cacheKeyComponents = { - automationID: await getAutomationID() - // Add more components here as needed in the future - }; - const componentsHash = createCacheKeyHash(cacheKeyComponents); - return `${CACHE_PREFIX}-${CACHE_VERSION}-${componentsHash}-${languages}-${codeQlVersion}-`; -} -function createCacheKeyHash(components) { - const componentsJson = JSON.stringify(components); - return crypto.createHash("sha256").update(componentsJson).digest("hex").substring(0, 16); -} - // src/tools-features.ts var semver3 = __toESM(require_semver2()); function isSupportedToolsFeature(versionInfo, feature) { @@ -87025,7 +86625,7 @@ var featureConfig = { ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", - minimumVersion: CODEQL_OVERLAY_MINIMUM_VERSION + minimumVersion: void 0 }, ["overlay_analysis_actions" /* OverlayAnalysisActions */]: { defaultValue: false, @@ -87157,7 +86757,7 @@ var Features = class { this.gitHubFeatureFlags = new GitHubFeatureFlags( gitHubVersion, repositoryNwo, - path9.join(tempDir, FEATURE_FLAGS_FILE_NAME), + path8.join(tempDir, FEATURE_FLAGS_FILE_NAME), logger ); } @@ -87336,12 +86936,12 @@ var GitHubFeatureFlags = class { } async readLocalFlags() { try { - if (fs7.existsSync(this.featureFlagsFile)) { + if (fs6.existsSync(this.featureFlagsFile)) { this.logger.debug( `Loading feature flags from ${this.featureFlagsFile}` ); return JSON.parse( - fs7.readFileSync(this.featureFlagsFile, "utf8") + fs6.readFileSync(this.featureFlagsFile, "utf8") ); } } catch (e) { @@ -87354,7 +86954,7 @@ var GitHubFeatureFlags = class { async writeLocalFlags(flags) { try { this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`); - fs7.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); + fs6.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); } catch (e) { this.logger.warning( `Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.` @@ -87436,6 +87036,181 @@ async function getDiffInformedAnalysisBranches(codeql, features, logger) { return branches; } +// src/git-utils.ts +var core7 = __toESM(require_core()); +var toolrunner2 = __toESM(require_toolrunner()); +var io3 = __toESM(require_io()); +var runGitCommand = async function(workingDirectory, args, customErrorMessage) { + let stdout = ""; + let stderr = ""; + core7.debug(`Running git command: git ${args.join(" ")}`); + try { + await new toolrunner2.ToolRunner(await io3.which("git", true), args, { + silent: true, + listeners: { + stdout: (data) => { + stdout += data.toString(); + }, + stderr: (data) => { + stderr += data.toString(); + } + }, + cwd: workingDirectory + }).exec(); + return stdout; + } catch (error2) { + let reason = stderr; + if (stderr.includes("not a git repository")) { + reason = "The checkout path provided to the action does not appear to be a git repository."; + } + core7.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + throw error2; + } +}; +var getCommitOid = async function(checkoutPath, ref = "HEAD") { + try { + const stdout = await runGitCommand( + checkoutPath, + ["rev-parse", ref], + "Continuing with commit SHA from user input or environment." + ); + return stdout.trim(); + } catch { + return getOptionalInput("sha") || getRequiredEnvParam("GITHUB_SHA"); + } +}; +var decodeGitFilePath = function(filePath) { + if (filePath.startsWith('"') && filePath.endsWith('"')) { + filePath = filePath.substring(1, filePath.length - 1); + return filePath.replace( + /\\([abfnrtv\\"]|[0-7]{1,3})/g, + (_match, seq2) => { + switch (seq2[0]) { + case "a": + return "\x07"; + case "b": + return "\b"; + case "f": + return "\f"; + case "n": + return "\n"; + case "r": + return "\r"; + case "t": + return " "; + case "v": + return "\v"; + case "\\": + return "\\"; + case '"': + return '"'; + default: + return String.fromCharCode(parseInt(seq2, 8)); + } + } + ); + } + return filePath; +}; +var getGitRoot = async function(sourceRoot) { + try { + const stdout = await runGitCommand( + sourceRoot, + ["rev-parse", "--show-toplevel"], + `Cannot find Git repository root from the source root ${sourceRoot}.` + ); + return stdout.trim(); + } catch { + return void 0; + } +}; +var getFileOidsUnderPath = async function(basePath) { + const stdout = await runGitCommand( + basePath, + ["ls-files", "--recurse-submodules", "--format=%(objectname)_%(path)"], + "Cannot list Git OIDs of tracked files." + ); + const fileOidMap = {}; + const regex = /^([0-9a-f]{40})_(.+)$/; + for (const line of stdout.split("\n")) { + if (line) { + const match = line.match(regex); + if (match) { + const oid = match[1]; + const path20 = decodeGitFilePath(match[2]); + fileOidMap[path20] = oid; + } else { + throw new Error(`Unexpected "git ls-files" output: ${line}`); + } + } + } + return fileOidMap; +}; +function getRefFromEnv() { + let refEnv; + try { + refEnv = getRequiredEnvParam("GITHUB_REF"); + } catch (e) { + const maybeRef = process.env["CODE_SCANNING_REF"]; + if (maybeRef === void 0 || maybeRef.length === 0) { + throw e; + } + refEnv = maybeRef; + } + return refEnv; +} +async function getRef() { + const refInput = getOptionalInput("ref"); + const shaInput = getOptionalInput("sha"); + const checkoutPath = getOptionalInput("checkout_path") || getOptionalInput("source-root") || getRequiredEnvParam("GITHUB_WORKSPACE"); + const hasRefInput = !!refInput; + const hasShaInput = !!shaInput; + if ((hasRefInput || hasShaInput) && !(hasRefInput && hasShaInput)) { + throw new ConfigurationError( + "Both 'ref' and 'sha' are required if one of them is provided." + ); + } + const ref = refInput || getRefFromEnv(); + const sha = shaInput || getRequiredEnvParam("GITHUB_SHA"); + if (refInput) { + return refInput; + } + const pull_ref_regex = /refs\/pull\/(\d+)\/merge/; + if (!pull_ref_regex.test(ref)) { + return ref; + } + const head = await getCommitOid(checkoutPath, "HEAD"); + const hasChangedRef = sha !== head && await getCommitOid( + checkoutPath, + ref.replace(/^refs\/pull\//, "refs/remotes/pull/") + ) !== head; + if (hasChangedRef) { + const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); + core7.debug( + `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` + ); + return newRef; + } else { + return ref; + } +} +function removeRefsHeadsPrefix(ref) { + return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref; +} +async function isAnalyzingDefaultBranch() { + if (process.env.CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH === "true") { + return true; + } + let currentRef = await getRef(); + currentRef = removeRefsHeadsPrefix(currentRef); + const event = getWorkflowEvent(); + let defaultBranch = event?.repository?.default_branch; + if (getWorkflowEventName() === "schedule") { + defaultBranch = removeRefsHeadsPrefix(getRefFromEnv()); + } + return currentRef === defaultBranch; +} + // src/languages.ts var KnownLanguage = /* @__PURE__ */ ((KnownLanguage2) => { KnownLanguage2["actions"] = "actions"; @@ -87451,6 +87226,266 @@ var KnownLanguage = /* @__PURE__ */ ((KnownLanguage2) => { return KnownLanguage2; })(KnownLanguage || {}); +// src/overlay-database-utils.ts +var crypto = __toESM(require("crypto")); +var fs7 = __toESM(require("fs")); +var path9 = __toESM(require("path")); +var actionsCache = __toESM(require_cache3()); + +// src/logging.ts +var core8 = __toESM(require_core()); +function getActionsLogger() { + return core8; +} +async function withGroupAsync(groupName, f) { + core8.startGroup(groupName); + try { + return await f(); + } finally { + core8.endGroup(); + } +} +function formatDuration(durationMs) { + if (durationMs < 1e3) { + return `${durationMs}ms`; + } + if (durationMs < 60 * 1e3) { + return `${(durationMs / 1e3).toFixed(1)}s`; + } + const minutes = Math.floor(durationMs / (60 * 1e3)); + const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3); + return `${minutes}m${seconds}s`; +} + +// src/overlay-database-utils.ts +var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4"; +var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 15e3; +var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6; +async function writeBaseDatabaseOidsFile(config, sourceRoot) { + const gitFileOids = await getFileOidsUnderPath(sourceRoot); + const gitFileOidsJson = JSON.stringify(gitFileOids); + const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); + await fs7.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); +} +async function readBaseDatabaseOidsFile(config, logger) { + const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); + try { + const contents = await fs7.promises.readFile( + baseDatabaseOidsFilePath, + "utf-8" + ); + return JSON.parse(contents); + } catch (e) { + logger.error( + `Failed to read overlay-base file OIDs from ${baseDatabaseOidsFilePath}: ${e.message || e}` + ); + throw e; + } +} +function getBaseDatabaseOidsFilePath(config) { + return path9.join(config.dbLocation, "base-database-oids.json"); +} +async function writeOverlayChangesFile(config, sourceRoot, logger) { + const baseFileOids = await readBaseDatabaseOidsFile(config, logger); + const overlayFileOids = await getFileOidsUnderPath(sourceRoot); + const changedFiles = computeChangedFiles(baseFileOids, overlayFileOids); + logger.info( + `Found ${changedFiles.length} changed file(s) under ${sourceRoot}.` + ); + const changedFilesJson = JSON.stringify({ changes: changedFiles }); + const overlayChangesFile = path9.join( + getTemporaryDirectory(), + "overlay-changes.json" + ); + logger.debug( + `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` + ); + await fs7.promises.writeFile(overlayChangesFile, changedFilesJson); + return overlayChangesFile; +} +function computeChangedFiles(baseFileOids, overlayFileOids) { + const changes = []; + for (const [file, oid] of Object.entries(overlayFileOids)) { + if (!(file in baseFileOids) || baseFileOids[file] !== oid) { + changes.push(file); + } + } + for (const file of Object.keys(baseFileOids)) { + if (!(file in overlayFileOids)) { + changes.push(file); + } + } + return changes; +} +var CACHE_VERSION = 1; +var CACHE_PREFIX = "codeql-overlay-base-database"; +var MAX_CACHE_OPERATION_MS = 6e5; +function checkOverlayBaseDatabase(config, logger, warningPrefix) { + const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); + if (!fs7.existsSync(baseDatabaseOidsFilePath)) { + logger.warning( + `${warningPrefix}: ${baseDatabaseOidsFilePath} does not exist` + ); + return false; + } + return true; +} +async function downloadOverlayBaseDatabaseFromCache(codeql, config, logger) { + const overlayDatabaseMode = config.overlayDatabaseMode; + if (overlayDatabaseMode !== "overlay" /* Overlay */) { + logger.debug( + `Overlay database mode is ${overlayDatabaseMode}. Skip downloading overlay-base database from cache.` + ); + return void 0; + } + if (!config.useOverlayDatabaseCaching) { + logger.debug( + "Overlay database caching is disabled. Skip downloading overlay-base database from cache." + ); + return void 0; + } + if (isInTestMode()) { + logger.debug( + "In test mode. Skip downloading overlay-base database from cache." + ); + return void 0; + } + const dbLocation = config.dbLocation; + const codeQlVersion = (await codeql.getVersion()).version; + const cacheRestoreKeyPrefix = await getCacheRestoreKeyPrefix( + config, + codeQlVersion + ); + logger.info( + `Looking in Actions cache for overlay-base database with restore key ${cacheRestoreKeyPrefix}` + ); + let databaseDownloadDurationMs = 0; + try { + const databaseDownloadStart = performance.now(); + const foundKey = await waitForResultWithTimeLimit( + // This ten-minute limit for the cache restore operation is mainly to + // guard against the possibility that the cache service is unresponsive + // and hangs outside the data download. + // + // Data download (which is normally the most time-consuming part of the + // restore operation) should not run long enough to hit this limit. Even + // for an extremely large 10GB database, at a download speed of 40MB/s + // (see below), the download should complete within five minutes. If we + // do hit this limit, there are likely more serious problems other than + // mere slow download speed. + // + // This is important because we don't want any ongoing file operations + // on the database directory when we do hit this limit. Hitting this + // time limit takes us to a fallback path where we re-initialize the + // database from scratch at dbLocation, and having the cache restore + // operation continue to write into dbLocation in the background would + // really mess things up. We want to hit this limit only in the case + // of a hung cache service, not just slow download speed. + MAX_CACHE_OPERATION_MS, + actionsCache.restoreCache( + [dbLocation], + cacheRestoreKeyPrefix, + void 0, + { + // Azure SDK download (which is the default) uses 128MB segments; see + // https://github.com/actions/toolkit/blob/main/packages/cache/README.md. + // Setting segmentTimeoutInMs to 3000 translates to segment download + // speed of about 40 MB/s, which should be achievable unless the + // download is unreliable (in which case we do want to abort). + segmentTimeoutInMs: 3e3 + } + ), + () => { + logger.info("Timed out downloading overlay-base database from cache"); + } + ); + databaseDownloadDurationMs = Math.round( + performance.now() - databaseDownloadStart + ); + if (foundKey === void 0) { + logger.info("No overlay-base database found in Actions cache"); + return void 0; + } + logger.info( + `Downloaded overlay-base database in cache with key ${foundKey}` + ); + } catch (error2) { + logger.warning( + `Failed to download overlay-base database from cache: ${error2 instanceof Error ? error2.message : String(error2)}` + ); + return void 0; + } + const databaseIsValid = checkOverlayBaseDatabase( + config, + logger, + "Downloaded overlay-base database is invalid" + ); + if (!databaseIsValid) { + logger.warning("Downloaded overlay-base database failed validation"); + return void 0; + } + const databaseSizeBytes = await tryGetFolderBytes(dbLocation, logger); + if (databaseSizeBytes === void 0) { + logger.info( + "Filesystem error while accessing downloaded overlay-base database" + ); + return void 0; + } + logger.info(`Successfully downloaded overlay-base database to ${dbLocation}`); + return { + databaseSizeBytes: Math.round(databaseSizeBytes), + databaseDownloadDurationMs + }; +} +async function getCacheRestoreKeyPrefix(config, codeQlVersion) { + const languages = [...config.languages].sort().join("_"); + const cacheKeyComponents = { + automationID: await getAutomationID() + // Add more components here as needed in the future + }; + const componentsHash = createCacheKeyHash(cacheKeyComponents); + return `${CACHE_PREFIX}-${CACHE_VERSION}-${componentsHash}-${languages}-${codeQlVersion}-`; +} +function createCacheKeyHash(components) { + const componentsJson = JSON.stringify(components); + return crypto.createHash("sha256").update(componentsJson).digest("hex").substring(0, 16); +} + +// src/overlay-language-aliases.json +var overlay_language_aliases_exports = {}; +__export(overlay_language_aliases_exports, { + c: () => c, + "c#": () => c_, + "c++": () => c__, + "c-c++": () => c_c__, + "c-cpp": () => c_cpp, + default: () => overlay_language_aliases_default, + "java-kotlin": () => java_kotlin, + "javascript-typescript": () => javascript_typescript, + kotlin: () => kotlin, + typescript: () => typescript +}); +var c = "cpp"; +var c__ = "cpp"; +var c_c__ = "cpp"; +var c_cpp = "cpp"; +var c_ = "csharp"; +var java_kotlin = "java"; +var kotlin = "java"; +var javascript_typescript = "javascript"; +var typescript = "javascript"; +var overlay_language_aliases_default = { + c, + "c++": c__, + "c-c++": c_c__, + "c-cpp": c_cpp, + "c#": c_, + "java-kotlin": java_kotlin, + kotlin, + "javascript-typescript": javascript_typescript, + typescript +}; + // src/trap-caching.ts var fs8 = __toESM(require("fs")); var path10 = __toESM(require("path")); @@ -87646,6 +87681,20 @@ async function getLanguages(codeql, languagesInput, repository, sourceRoot, feat } return languages; } +async function getUnverifiedLanguagesForOverlay(languagesInput, repository, sourceRoot, logger) { + const { rawLanguages } = await getRawLanguages( + languagesInput, + repository, + sourceRoot, + logger + ); + const languageAliases = overlay_language_aliases_exports; + const languagesSet = []; + for (const language of rawLanguages) { + languagesSet.push(languageAliases[language] || language); + } + return languagesSet; +} function getRawLanguagesNoAutodetect(languagesInput) { return (languagesInput || "").split(",").map((x) => x.trim().toLowerCase()).filter((x) => x.length > 0); } @@ -87674,13 +87723,12 @@ async function initActionState({ debugDatabaseName, repository, tempDir, - codeql, sourceRoot, githubVersion, features, repositoryProperties, logger -}, userConfig) { +}, userConfig, codeql) { const analysisKinds = await parseAnalysisKinds(analysisKindsInput); if (!analysisKinds.includes("code-quality" /* CodeQuality */) && qualityQueriesInput !== void 0) { analysisKinds.push("code-quality" /* CodeQuality */); @@ -87758,7 +87806,24 @@ async function downloadCacheWithTime(trapCachingEnabled, codeQL, languages, logg } return { trapCaches, trapCacheDownloadTime }; } -async function loadUserConfig(configFile, workspacePath, apiDetails, tempDir) { +function amendInputConfigFile(inputs, logger) { + if (inputs.configInput) { + if (inputs.configFile) { + logger.warning( + `Both a config file and config input were provided. Ignoring config file.` + ); + } + inputs.configFile = userConfigFromActionPath(inputs.tempDir); + fs9.writeFileSync(inputs.configFile, inputs.configInput); + logger.debug(`Using config from action input: ${inputs.configFile}`); + } +} +async function loadUserConfig(configFile, workspacePath, apiDetails, tempDir, logger) { + if (!configFile) { + logger.debug("No configuration file was provided"); + return {}; + } + logger.debug(`Using configuration file: ${configFile}`); if (isLocal(configFile)) { if (configFile !== userConfigFromActionPath(tempDir)) { configFile = path11.resolve(workspacePath, configFile); @@ -87797,21 +87862,27 @@ var OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES = { rust: "overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */, swift: "overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */ }; -async function isOverlayAnalysisFeatureEnabled(repository, features, codeql, languages, codeScanningConfig) { +async function isOverlayAnalysisFeatureEnabled(codeScanningConfig, languagesInput, repository, sourceRoot, features, logger) { if (!["github", "dsp-testing"].includes(repository.owner)) { return false; } - if (!await features.getValue("overlay_analysis" /* OverlayAnalysis */, codeql)) { + if (!await features.getValue("overlay_analysis" /* OverlayAnalysis */)) { return false; } + const languages = await getUnverifiedLanguagesForOverlay( + languagesInput, + repository, + sourceRoot, + logger + ); let enableForCodeScanningOnly = false; for (const language of languages) { const feature = OVERLAY_ANALYSIS_FEATURES[language]; - if (feature && await features.getValue(feature, codeql)) { + if (feature && await features.getValue(feature)) { continue; } const codeScanningFeature = OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES[language]; - if (codeScanningFeature && await features.getValue(codeScanningFeature, codeql)) { + if (codeScanningFeature && await features.getValue(codeScanningFeature)) { enableForCodeScanningOnly = true; continue; } @@ -87822,7 +87893,7 @@ async function isOverlayAnalysisFeatureEnabled(repository, features, codeql, lan } return true; } -async function getOverlayDatabaseMode(codeql, repository, features, languages, sourceRoot, buildMode, codeScanningConfig, logger) { +async function getOverlayDatabaseMode(codeql, repository, features, languages, languagesInput, sourceRoot, buildMode, codeScanningConfig, logger) { let overlayDatabaseMode = "none" /* None */; let useOverlayDatabaseCaching = false; const modeEnv = process.env.CODEQL_OVERLAY_DATABASE_MODE; @@ -87832,11 +87903,12 @@ async function getOverlayDatabaseMode(codeql, repository, features, languages, s `Setting overlay database mode to ${overlayDatabaseMode} from the CODEQL_OVERLAY_DATABASE_MODE environment variable.` ); } else if (await isOverlayAnalysisFeatureEnabled( + codeScanningConfig, + languagesInput, repository, + sourceRoot, features, - codeql, - languages, - codeScanningConfig + logger )) { if (isAnalyzingPullRequest()) { overlayDatabaseMode = "overlay" /* Overlay */; @@ -87859,7 +87931,7 @@ async function getOverlayDatabaseMode(codeql, repository, features, languages, s if (overlayDatabaseMode === "none" /* None */) { return nonOverlayAnalysis; } - if (buildMode !== "none" /* None */ && (await Promise.all( + if (codeql !== void 0 && languages !== void 0 && buildMode !== "none" /* None */ && (await Promise.all( languages.map(async (l) => await codeql.isTracedLanguage(l)) )).some(Boolean)) { logger.warning( @@ -87867,7 +87939,7 @@ async function getOverlayDatabaseMode(codeql, repository, features, languages, s ); return nonOverlayAnalysis; } - if (!await codeQlVersionAtLeast(codeql, CODEQL_OVERLAY_MINIMUM_VERSION)) { + if (codeql !== void 0 && !await codeQlVersionAtLeast(codeql, CODEQL_OVERLAY_MINIMUM_VERSION)) { logger.warning( `Cannot build an ${overlayDatabaseMode} database because the CodeQL CLI is older than ${CODEQL_OVERLAY_MINIMUM_VERSION}. Falling back to creating a normal full database instead.` ); @@ -87884,6 +87956,46 @@ async function getOverlayDatabaseMode(codeql, repository, features, languages, s useOverlayDatabaseCaching }; } +async function getPreliminaryOverlayDatabaseMode(inputs) { + const userConfig = await loadUserConfig( + inputs.configFile, + inputs.workspacePath, + inputs.apiDetails, + inputs.tempDir, + inputs.logger + ); + const languages = await getUnverifiedLanguagesForOverlay( + inputs.languagesInput, + inputs.repository, + inputs.sourceRoot, + inputs.logger + ); + const augmentationProperties = await calculateAugmentation( + inputs.packsInput, + inputs.queriesInput, + inputs.repositoryProperties, + languages + ); + const computedConfig = generateCodeScanningConfig( + inputs.logger, + userConfig, + augmentationProperties + ); + return getOverlayDatabaseMode( + void 0, + // codeql + inputs.repository, + inputs.features, + void 0, + // languages + inputs.languagesInput, + inputs.sourceRoot, + void 0, + // buildMode + computedConfig, + inputs.logger + ); +} function dbLocationOrDefault(dbLocation, tempDir) { return dbLocation || path11.resolve(tempDir, "codeql_databases"); } @@ -87893,31 +88005,16 @@ function userConfigFromActionPath(tempDir) { function hasQueryCustomisation(userConfig) { return isDefined(userConfig["disable-default-queries"]) || isDefined(userConfig.queries) || isDefined(userConfig["query-filters"]); } -async function initConfig(inputs) { +async function initConfig(inputs, codeql) { const { logger, tempDir } = inputs; - if (inputs.configInput) { - if (inputs.configFile) { - logger.warning( - `Both a config file and config input were provided. Ignoring config file.` - ); - } - inputs.configFile = userConfigFromActionPath(tempDir); - fs9.writeFileSync(inputs.configFile, inputs.configInput); - logger.debug(`Using config from action input: ${inputs.configFile}`); - } - let userConfig = {}; - if (!inputs.configFile) { - logger.debug("No configuration file was provided"); - } else { - logger.debug(`Using configuration file: ${inputs.configFile}`); - userConfig = await loadUserConfig( - inputs.configFile, - inputs.workspacePath, - inputs.apiDetails, - tempDir - ); - } - const config = await initActionState(inputs, userConfig); + const userConfig = await loadUserConfig( + inputs.configFile, + inputs.workspacePath, + inputs.apiDetails, + tempDir, + logger + ); + const config = await initActionState(inputs, userConfig, codeql); if (config.analysisKinds.length === 1 && isCodeQualityEnabled(config)) { if (hasQueryCustomisation(config.computedConfig)) { throw new ConfigurationError( @@ -87930,10 +88027,11 @@ async function initConfig(inputs) { config.computedConfig["query-filters"] = []; } const { overlayDatabaseMode, useOverlayDatabaseCaching } = await getOverlayDatabaseMode( - inputs.codeql, + codeql, inputs.repository, inputs.features, config.languages, + inputs.languagesInput, inputs.sourceRoot, config.buildMode, config.computedConfig, @@ -87944,11 +88042,7 @@ async function initConfig(inputs) { ); config.overlayDatabaseMode = overlayDatabaseMode; config.useOverlayDatabaseCaching = useOverlayDatabaseCaching; - if (overlayDatabaseMode === "overlay" /* Overlay */ || await shouldPerformDiffInformedAnalysis( - inputs.codeql, - inputs.features, - logger - )) { + if (overlayDatabaseMode === "overlay" /* Overlay */ || await shouldPerformDiffInformedAnalysis(codeql, inputs.features, logger)) { config.extraQueryExclusions.push({ exclude: { tags: "exclude-from-incremental" } }); @@ -90023,9 +90117,9 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe zstdAvailability }; } -async function initConfig2(inputs) { +async function initConfig2(inputs, codeql) { return await withGroupAsync("Load language configuration", async () => { - return await initConfig(inputs); + return await initConfig(inputs, codeql); }); } async function runDatabaseInitCluster(databaseInitEnvironment, codeql, config, sourceRoot, processName, qlconfigFile, logger) { @@ -90643,6 +90737,40 @@ async function run() { if (statusReportBase !== void 0) { await sendStatusReport(statusReportBase); } + const inputs = { + analysisKindsInput: getRequiredInput("analysis-kinds"), + languagesInput: getOptionalInput("languages"), + queriesInput: getOptionalInput("queries"), + qualityQueriesInput: getOptionalInput("quality-queries"), + packsInput: getOptionalInput("packs"), + buildModeInput: getOptionalInput("build-mode"), + configFile, + dbLocation: getOptionalInput("db-location"), + configInput: getOptionalInput("config"), + trapCachingEnabled: getTrapCachingEnabled(), + dependencyCachingEnabled: getDependencyCachingEnabled(), + // Debug mode is enabled if: + // - The `init` Action is passed `debug: true`. + // - Actions step debugging is enabled (e.g. by [enabling debug logging for a rerun](https://docs.github.com/en/actions/managing-workflow-runs/re-running-workflows-and-jobs#re-running-all-the-jobs-in-a-workflow), + // or by setting the `ACTIONS_STEP_DEBUG` secret to `true`). + debugMode: getOptionalInput("debug") === "true" || core13.isDebug(), + debugArtifactName: getOptionalInput("debug-artifact-name") || DEFAULT_DEBUG_ARTIFACT_NAME, + debugDatabaseName: getOptionalInput("debug-database-name") || DEFAULT_DEBUG_DATABASE_NAME, + repository: repositoryNwo, + tempDir: getTemporaryDirectory(), + workspacePath: getRequiredEnvParam("GITHUB_WORKSPACE"), + sourceRoot, + githubVersion: gitHubVersion, + apiDetails, + features, + repositoryProperties, + logger + }; + amendInputConfigFile(inputs, logger); + await withGroupAsync( + "Compute preliminary overlay database mode", + async () => getPreliminaryOverlayDatabaseMode(inputs) + ); const codeQLDefaultVersionInfo = await features.getDefaultCliVersion( gitHubVersion.type ); @@ -90688,42 +90816,12 @@ async function run() { logger.info("Experimental Rust analysis enabled"); } } - const qualityQueriesInput = getOptionalInput("quality-queries"); - if (qualityQueriesInput !== void 0) { + if (inputs.qualityQueriesInput !== void 0) { logger.warning( "The `quality-queries` input is deprecated and will be removed in a future version of the CodeQL Action. Use the `analysis-kinds` input to configure different analysis kinds instead." ); } - config = await initConfig2({ - analysisKindsInput: getRequiredInput("analysis-kinds"), - languagesInput: getOptionalInput("languages"), - queriesInput: getOptionalInput("queries"), - qualityQueriesInput, - packsInput: getOptionalInput("packs"), - buildModeInput: getOptionalInput("build-mode"), - configFile, - dbLocation: getOptionalInput("db-location"), - configInput: getOptionalInput("config"), - trapCachingEnabled: getTrapCachingEnabled(), - dependencyCachingEnabled: getDependencyCachingEnabled(), - // Debug mode is enabled if: - // - The `init` Action is passed `debug: true`. - // - Actions step debugging is enabled (e.g. by [enabling debug logging for a rerun](https://docs.github.com/en/actions/managing-workflow-runs/re-running-workflows-and-jobs#re-running-all-the-jobs-in-a-workflow), - // or by setting the `ACTIONS_STEP_DEBUG` secret to `true`). - debugMode: getOptionalInput("debug") === "true" || core13.isDebug(), - debugArtifactName: getOptionalInput("debug-artifact-name") || DEFAULT_DEBUG_ARTIFACT_NAME, - debugDatabaseName: getOptionalInput("debug-database-name") || DEFAULT_DEBUG_DATABASE_NAME, - repository: repositoryNwo, - tempDir: getTemporaryDirectory(), - codeql, - workspacePath: getRequiredEnvParam("GITHUB_WORKSPACE"), - sourceRoot, - githubVersion: gitHubVersion, - apiDetails, - features, - repositoryProperties, - logger - }); + config = await initConfig2(inputs, codeql); await checkInstallPython311(config.languages, codeql); } catch (unwrappedError) { const error2 = wrapError(unwrappedError); diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index d189820028..44954d9dcb 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -78291,10 +78291,187 @@ var PACK_IDENTIFIER_PATTERN = (function() { // src/feature-flags.ts var semver4 = __toESM(require_semver2()); -// src/overlay-database-utils.ts -var fs2 = __toESM(require("fs")); -var path2 = __toESM(require("path")); -var actionsCache = __toESM(require_cache3()); +// src/tools-features.ts +var semver3 = __toESM(require_semver2()); +function isSupportedToolsFeature(versionInfo, feature) { + return !!versionInfo.features && versionInfo.features[feature]; +} + +// src/feature-flags.ts +var featureConfig = { + ["cleanup_trap_caches" /* CleanupTrapCaches */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", + minimumVersion: void 0 + }, + ["cpp_dependency_installation_enabled" /* CppDependencyInstallation */]: { + defaultValue: false, + envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES", + legacyApi: true, + minimumVersion: "2.15.0" + }, + ["diff_informed_queries" /* DiffInformedQueries */]: { + defaultValue: true, + envVar: "CODEQL_ACTION_DIFF_INFORMED_QUERIES", + minimumVersion: "2.21.0" + }, + ["disable_csharp_buildless" /* DisableCsharpBuildless */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_DISABLE_CSHARP_BUILDLESS", + minimumVersion: void 0 + }, + ["disable_java_buildless_enabled" /* DisableJavaBuildlessEnabled */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_DISABLE_JAVA_BUILDLESS", + legacyApi: true, + minimumVersion: void 0 + }, + ["disable_kotlin_analysis_enabled" /* DisableKotlinAnalysisEnabled */]: { + defaultValue: false, + envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS", + legacyApi: true, + minimumVersion: void 0 + }, + ["export_diagnostics_enabled" /* ExportDiagnosticsEnabled */]: { + defaultValue: true, + envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS", + legacyApi: true, + minimumVersion: void 0 + }, + ["resolve_supported_languages_using_cli" /* ResolveSupportedLanguagesUsingCli */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_RESOLVE_SUPPORTED_LANGUAGES_USING_CLI", + minimumVersion: void 0, + toolsFeature: "builtinExtractorsSpecifyDefaultQueries" /* BuiltinExtractorsSpecifyDefaultQueries */ + }, + ["overlay_analysis" /* OverlayAnalysis */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", + minimumVersion: void 0 + }, + ["overlay_analysis_actions" /* OverlayAnalysisActions */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_ACTIONS", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_ACTIONS", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CPP", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CSHARP", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_GO", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVA", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVASCRIPT", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_PYTHON", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUBY", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUST", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_SWIFT", + minimumVersion: void 0 + }, + ["overlay_analysis_cpp" /* OverlayAnalysisCpp */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CPP", + minimumVersion: void 0 + }, + ["overlay_analysis_csharp" /* OverlayAnalysisCsharp */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP", + minimumVersion: void 0 + }, + ["overlay_analysis_go" /* OverlayAnalysisGo */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO", + minimumVersion: void 0 + }, + ["overlay_analysis_java" /* OverlayAnalysisJava */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVA", + minimumVersion: void 0 + }, + ["overlay_analysis_javascript" /* OverlayAnalysisJavascript */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVASCRIPT", + minimumVersion: void 0 + }, + ["overlay_analysis_python" /* OverlayAnalysisPython */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON", + minimumVersion: void 0 + }, + ["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY", + minimumVersion: void 0 + }, + ["overlay_analysis_rust" /* OverlayAnalysisRust */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", + minimumVersion: void 0 + }, + ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", + minimumVersion: void 0 + }, + ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", + minimumVersion: void 0, + toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */ + }, + ["use_repository_properties" /* UseRepositoryProperties */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", + minimumVersion: void 0 + }, + ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_QA_TELEMETRY", + legacyApi: true, + minimumVersion: void 0 + }, + ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS", + minimumVersion: "2.23.0" + } +}; // src/git-utils.ts var core7 = __toESM(require_core()); @@ -78459,6 +78636,11 @@ async function isAnalyzingDefaultBranch() { return currentRef === defaultBranch; } +// src/overlay-database-utils.ts +var fs2 = __toESM(require("fs")); +var path2 = __toESM(require("path")); +var actionsCache = __toESM(require_cache3()); + // src/logging.ts var core8 = __toESM(require_core()); function getActionsLogger() { @@ -78466,7 +78648,6 @@ function getActionsLogger() { } // src/overlay-database-utils.ts -var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4"; var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 15e3; var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6; async function writeBaseDatabaseOidsFile(config, sourceRoot) { @@ -78526,188 +78707,6 @@ function computeChangedFiles(baseFileOids, overlayFileOids) { return changes; } -// src/tools-features.ts -var semver3 = __toESM(require_semver2()); -function isSupportedToolsFeature(versionInfo, feature) { - return !!versionInfo.features && versionInfo.features[feature]; -} - -// src/feature-flags.ts -var featureConfig = { - ["cleanup_trap_caches" /* CleanupTrapCaches */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", - minimumVersion: void 0 - }, - ["cpp_dependency_installation_enabled" /* CppDependencyInstallation */]: { - defaultValue: false, - envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES", - legacyApi: true, - minimumVersion: "2.15.0" - }, - ["diff_informed_queries" /* DiffInformedQueries */]: { - defaultValue: true, - envVar: "CODEQL_ACTION_DIFF_INFORMED_QUERIES", - minimumVersion: "2.21.0" - }, - ["disable_csharp_buildless" /* DisableCsharpBuildless */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_DISABLE_CSHARP_BUILDLESS", - minimumVersion: void 0 - }, - ["disable_java_buildless_enabled" /* DisableJavaBuildlessEnabled */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_DISABLE_JAVA_BUILDLESS", - legacyApi: true, - minimumVersion: void 0 - }, - ["disable_kotlin_analysis_enabled" /* DisableKotlinAnalysisEnabled */]: { - defaultValue: false, - envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS", - legacyApi: true, - minimumVersion: void 0 - }, - ["export_diagnostics_enabled" /* ExportDiagnosticsEnabled */]: { - defaultValue: true, - envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS", - legacyApi: true, - minimumVersion: void 0 - }, - ["resolve_supported_languages_using_cli" /* ResolveSupportedLanguagesUsingCli */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_RESOLVE_SUPPORTED_LANGUAGES_USING_CLI", - minimumVersion: void 0, - toolsFeature: "builtinExtractorsSpecifyDefaultQueries" /* BuiltinExtractorsSpecifyDefaultQueries */ - }, - ["overlay_analysis" /* OverlayAnalysis */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", - minimumVersion: CODEQL_OVERLAY_MINIMUM_VERSION - }, - ["overlay_analysis_actions" /* OverlayAnalysisActions */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_ACTIONS", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_ACTIONS", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CPP", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CSHARP", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_GO", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVA", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVASCRIPT", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_PYTHON", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUBY", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUST", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_SWIFT", - minimumVersion: void 0 - }, - ["overlay_analysis_cpp" /* OverlayAnalysisCpp */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CPP", - minimumVersion: void 0 - }, - ["overlay_analysis_csharp" /* OverlayAnalysisCsharp */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP", - minimumVersion: void 0 - }, - ["overlay_analysis_go" /* OverlayAnalysisGo */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO", - minimumVersion: void 0 - }, - ["overlay_analysis_java" /* OverlayAnalysisJava */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVA", - minimumVersion: void 0 - }, - ["overlay_analysis_javascript" /* OverlayAnalysisJavascript */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVASCRIPT", - minimumVersion: void 0 - }, - ["overlay_analysis_python" /* OverlayAnalysisPython */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON", - minimumVersion: void 0 - }, - ["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY", - minimumVersion: void 0 - }, - ["overlay_analysis_rust" /* OverlayAnalysisRust */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", - minimumVersion: void 0 - }, - ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", - minimumVersion: void 0 - }, - ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", - minimumVersion: void 0, - toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */ - }, - ["use_repository_properties" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, - ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_QA_TELEMETRY", - legacyApi: true, - minimumVersion: void 0 - }, - ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS", - minimumVersion: "2.23.0" - } -}; - // src/trap-caching.ts var actionsCache2 = __toESM(require_cache3()); diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index 94843206b9..b726c08184 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -117190,25 +117190,6 @@ var PACK_IDENTIFIER_PATTERN = (function() { // src/feature-flags.ts var semver4 = __toESM(require_semver2()); -// src/overlay-database-utils.ts -var actionsCache = __toESM(require_cache3()); - -// src/git-utils.ts -var core7 = __toESM(require_core()); -var toolrunner2 = __toESM(require_toolrunner()); -var io3 = __toESM(require_io()); - -// src/logging.ts -var core8 = __toESM(require_core()); -function getActionsLogger() { - return core8; -} - -// src/overlay-database-utils.ts -var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4"; -var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 15e3; -var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6; - // src/tools-features.ts var semver3 = __toESM(require_semver2()); @@ -117262,7 +117243,7 @@ var featureConfig = { ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", - minimumVersion: CODEQL_OVERLAY_MINIMUM_VERSION + minimumVersion: void 0 }, ["overlay_analysis_actions" /* OverlayAnalysisActions */]: { defaultValue: false, @@ -117388,6 +117369,24 @@ var featureConfig = { } }; +// src/git-utils.ts +var core7 = __toESM(require_core()); +var toolrunner2 = __toESM(require_toolrunner()); +var io3 = __toESM(require_io()); + +// src/overlay-database-utils.ts +var actionsCache = __toESM(require_cache3()); + +// src/logging.ts +var core8 = __toESM(require_core()); +function getActionsLogger() { + return core8; +} + +// src/overlay-database-utils.ts +var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 15e3; +var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6; + // src/trap-caching.ts var actionsCache2 = __toESM(require_cache3()); diff --git a/lib/upload-lib.js b/lib/upload-lib.js index aa85164d4e..61f14b8aaa 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -88942,8 +88942,8 @@ var PACK_IDENTIFIER_PATTERN = (function() { })(); // src/diff-informed-analysis-utils.ts -var fs6 = __toESM(require("fs")); -var path8 = __toESM(require("path")); +var fs5 = __toESM(require("fs")); +var path7 = __toESM(require("path")); // src/feature-flags.ts var semver4 = __toESM(require_semver2()); @@ -88952,10 +88952,206 @@ var semver4 = __toESM(require_semver2()); var bundleVersion = "codeql-bundle-v2.23.1"; var cliVersion = "2.23.1"; -// src/overlay-database-utils.ts -var fs5 = __toESM(require("fs")); -var path7 = __toESM(require("path")); -var actionsCache = __toESM(require_cache3()); +// src/tools-features.ts +var semver3 = __toESM(require_semver2()); +function isSupportedToolsFeature(versionInfo, feature) { + return !!versionInfo.features && versionInfo.features[feature]; +} + +// src/feature-flags.ts +var CODEQL_VERSION_ZSTD_BUNDLE = "2.19.0"; +var featureConfig = { + ["cleanup_trap_caches" /* CleanupTrapCaches */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", + minimumVersion: void 0 + }, + ["cpp_dependency_installation_enabled" /* CppDependencyInstallation */]: { + defaultValue: false, + envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES", + legacyApi: true, + minimumVersion: "2.15.0" + }, + ["diff_informed_queries" /* DiffInformedQueries */]: { + defaultValue: true, + envVar: "CODEQL_ACTION_DIFF_INFORMED_QUERIES", + minimumVersion: "2.21.0" + }, + ["disable_csharp_buildless" /* DisableCsharpBuildless */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_DISABLE_CSHARP_BUILDLESS", + minimumVersion: void 0 + }, + ["disable_java_buildless_enabled" /* DisableJavaBuildlessEnabled */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_DISABLE_JAVA_BUILDLESS", + legacyApi: true, + minimumVersion: void 0 + }, + ["disable_kotlin_analysis_enabled" /* DisableKotlinAnalysisEnabled */]: { + defaultValue: false, + envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS", + legacyApi: true, + minimumVersion: void 0 + }, + ["export_diagnostics_enabled" /* ExportDiagnosticsEnabled */]: { + defaultValue: true, + envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS", + legacyApi: true, + minimumVersion: void 0 + }, + ["resolve_supported_languages_using_cli" /* ResolveSupportedLanguagesUsingCli */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_RESOLVE_SUPPORTED_LANGUAGES_USING_CLI", + minimumVersion: void 0, + toolsFeature: "builtinExtractorsSpecifyDefaultQueries" /* BuiltinExtractorsSpecifyDefaultQueries */ + }, + ["overlay_analysis" /* OverlayAnalysis */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", + minimumVersion: void 0 + }, + ["overlay_analysis_actions" /* OverlayAnalysisActions */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_ACTIONS", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_ACTIONS", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CPP", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CSHARP", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_GO", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVA", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVASCRIPT", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_PYTHON", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUBY", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUST", + minimumVersion: void 0 + }, + ["overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_SWIFT", + minimumVersion: void 0 + }, + ["overlay_analysis_cpp" /* OverlayAnalysisCpp */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CPP", + minimumVersion: void 0 + }, + ["overlay_analysis_csharp" /* OverlayAnalysisCsharp */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP", + minimumVersion: void 0 + }, + ["overlay_analysis_go" /* OverlayAnalysisGo */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO", + minimumVersion: void 0 + }, + ["overlay_analysis_java" /* OverlayAnalysisJava */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVA", + minimumVersion: void 0 + }, + ["overlay_analysis_javascript" /* OverlayAnalysisJavascript */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVASCRIPT", + minimumVersion: void 0 + }, + ["overlay_analysis_python" /* OverlayAnalysisPython */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON", + minimumVersion: void 0 + }, + ["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY", + minimumVersion: void 0 + }, + ["overlay_analysis_rust" /* OverlayAnalysisRust */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", + minimumVersion: void 0 + }, + ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", + minimumVersion: void 0 + }, + ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", + minimumVersion: void 0, + toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */ + }, + ["use_repository_properties" /* UseRepositoryProperties */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", + minimumVersion: void 0 + }, + ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_QA_TELEMETRY", + legacyApi: true, + minimumVersion: void 0 + }, + ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS", + minimumVersion: "2.23.0" + } +}; + +// src/diff-informed-analysis-utils.ts +function getDiffRangesJsonFilePath() { + return path7.join(getTemporaryDirectory(), "pr-diff-range.json"); +} +function readDiffRangesJsonFile(logger) { + const jsonFilePath = getDiffRangesJsonFilePath(); + if (!fs5.existsSync(jsonFilePath)) { + logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); + return void 0; + } + const jsonContents = fs5.readFileSync(jsonFilePath, "utf8"); + logger.debug( + `Read pr-diff-range JSON file from ${jsonFilePath}: +${jsonContents}` + ); + return JSON.parse(jsonContents); +} // src/git-utils.ts var core7 = __toESM(require_core()); @@ -89154,6 +89350,11 @@ async function isAnalyzingDefaultBranch() { return currentRef === defaultBranch; } +// src/overlay-database-utils.ts +var fs6 = __toESM(require("fs")); +var path8 = __toESM(require("path")); +var actionsCache = __toESM(require_cache3()); + // src/logging.ts var core8 = __toESM(require_core()); function formatDuration(durationMs) { @@ -89169,19 +89370,18 @@ function formatDuration(durationMs) { } // src/overlay-database-utils.ts -var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4"; var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 15e3; var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6; async function writeBaseDatabaseOidsFile(config, sourceRoot) { const gitFileOids = await getFileOidsUnderPath(sourceRoot); const gitFileOidsJson = JSON.stringify(gitFileOids); const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs5.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); + await fs6.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); } async function readBaseDatabaseOidsFile(config, logger) { const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); try { - const contents = await fs5.promises.readFile( + const contents = await fs6.promises.readFile( baseDatabaseOidsFilePath, "utf-8" ); @@ -89194,7 +89394,7 @@ async function readBaseDatabaseOidsFile(config, logger) { } } function getBaseDatabaseOidsFilePath(config) { - return path7.join(config.dbLocation, "base-database-oids.json"); + return path8.join(config.dbLocation, "base-database-oids.json"); } async function writeOverlayChangesFile(config, sourceRoot, logger) { const baseFileOids = await readBaseDatabaseOidsFile(config, logger); @@ -89204,14 +89404,14 @@ async function writeOverlayChangesFile(config, sourceRoot, logger) { `Found ${changedFiles.length} changed file(s) under ${sourceRoot}.` ); const changedFilesJson = JSON.stringify({ changes: changedFiles }); - const overlayChangesFile = path7.join( + const overlayChangesFile = path8.join( getTemporaryDirectory(), "overlay-changes.json" ); logger.debug( `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` ); - await fs5.promises.writeFile(overlayChangesFile, changedFilesJson); + await fs6.promises.writeFile(overlayChangesFile, changedFilesJson); return overlayChangesFile; } function computeChangedFiles(baseFileOids, overlayFileOids) { @@ -89229,207 +89429,6 @@ function computeChangedFiles(baseFileOids, overlayFileOids) { return changes; } -// src/tools-features.ts -var semver3 = __toESM(require_semver2()); -function isSupportedToolsFeature(versionInfo, feature) { - return !!versionInfo.features && versionInfo.features[feature]; -} - -// src/feature-flags.ts -var CODEQL_VERSION_ZSTD_BUNDLE = "2.19.0"; -var featureConfig = { - ["cleanup_trap_caches" /* CleanupTrapCaches */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", - minimumVersion: void 0 - }, - ["cpp_dependency_installation_enabled" /* CppDependencyInstallation */]: { - defaultValue: false, - envVar: "CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES", - legacyApi: true, - minimumVersion: "2.15.0" - }, - ["diff_informed_queries" /* DiffInformedQueries */]: { - defaultValue: true, - envVar: "CODEQL_ACTION_DIFF_INFORMED_QUERIES", - minimumVersion: "2.21.0" - }, - ["disable_csharp_buildless" /* DisableCsharpBuildless */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_DISABLE_CSHARP_BUILDLESS", - minimumVersion: void 0 - }, - ["disable_java_buildless_enabled" /* DisableJavaBuildlessEnabled */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_DISABLE_JAVA_BUILDLESS", - legacyApi: true, - minimumVersion: void 0 - }, - ["disable_kotlin_analysis_enabled" /* DisableKotlinAnalysisEnabled */]: { - defaultValue: false, - envVar: "CODEQL_DISABLE_KOTLIN_ANALYSIS", - legacyApi: true, - minimumVersion: void 0 - }, - ["export_diagnostics_enabled" /* ExportDiagnosticsEnabled */]: { - defaultValue: true, - envVar: "CODEQL_ACTION_EXPORT_DIAGNOSTICS", - legacyApi: true, - minimumVersion: void 0 - }, - ["resolve_supported_languages_using_cli" /* ResolveSupportedLanguagesUsingCli */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_RESOLVE_SUPPORTED_LANGUAGES_USING_CLI", - minimumVersion: void 0, - toolsFeature: "builtinExtractorsSpecifyDefaultQueries" /* BuiltinExtractorsSpecifyDefaultQueries */ - }, - ["overlay_analysis" /* OverlayAnalysis */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", - minimumVersion: CODEQL_OVERLAY_MINIMUM_VERSION - }, - ["overlay_analysis_actions" /* OverlayAnalysisActions */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_ACTIONS", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_actions" /* OverlayAnalysisCodeScanningActions */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_ACTIONS", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_cpp" /* OverlayAnalysisCodeScanningCpp */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CPP", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_csharp" /* OverlayAnalysisCodeScanningCsharp */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_CSHARP", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_go" /* OverlayAnalysisCodeScanningGo */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_GO", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_java" /* OverlayAnalysisCodeScanningJava */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVA", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_javascript" /* OverlayAnalysisCodeScanningJavascript */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_JAVASCRIPT", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_python" /* OverlayAnalysisCodeScanningPython */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_PYTHON", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_ruby" /* OverlayAnalysisCodeScanningRuby */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUBY", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_rust" /* OverlayAnalysisCodeScanningRust */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_RUST", - minimumVersion: void 0 - }, - ["overlay_analysis_code_scanning_swift" /* OverlayAnalysisCodeScanningSwift */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CODE_SCANNING_SWIFT", - minimumVersion: void 0 - }, - ["overlay_analysis_cpp" /* OverlayAnalysisCpp */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CPP", - minimumVersion: void 0 - }, - ["overlay_analysis_csharp" /* OverlayAnalysisCsharp */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_CSHARP", - minimumVersion: void 0 - }, - ["overlay_analysis_go" /* OverlayAnalysisGo */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_GO", - minimumVersion: void 0 - }, - ["overlay_analysis_java" /* OverlayAnalysisJava */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVA", - minimumVersion: void 0 - }, - ["overlay_analysis_javascript" /* OverlayAnalysisJavascript */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_JAVASCRIPT", - minimumVersion: void 0 - }, - ["overlay_analysis_python" /* OverlayAnalysisPython */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_PYTHON", - minimumVersion: void 0 - }, - ["overlay_analysis_ruby" /* OverlayAnalysisRuby */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUBY", - minimumVersion: void 0 - }, - ["overlay_analysis_rust" /* OverlayAnalysisRust */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_RUST", - minimumVersion: void 0 - }, - ["overlay_analysis_swift" /* OverlayAnalysisSwift */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS_SWIFT", - minimumVersion: void 0 - }, - ["python_default_is_to_not_extract_stdlib" /* PythonDefaultIsToNotExtractStdlib */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_DISABLE_PYTHON_STANDARD_LIBRARY_EXTRACTION", - minimumVersion: void 0, - toolsFeature: "pythonDefaultIsToNotExtractStdlib" /* PythonDefaultIsToNotExtractStdlib */ - }, - ["use_repository_properties" /* UseRepositoryProperties */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_USE_REPOSITORY_PROPERTIES", - minimumVersion: void 0 - }, - ["qa_telemetry_enabled" /* QaTelemetryEnabled */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_QA_TELEMETRY", - legacyApi: true, - minimumVersion: void 0 - }, - ["java_minimize_dependency_jars" /* JavaMinimizeDependencyJars */]: { - defaultValue: false, - envVar: "CODEQL_ACTION_JAVA_MINIMIZE_DEPENDENCY_JARS", - minimumVersion: "2.23.0" - } -}; - -// src/diff-informed-analysis-utils.ts -function getDiffRangesJsonFilePath() { - return path8.join(getTemporaryDirectory(), "pr-diff-range.json"); -} -function readDiffRangesJsonFile(logger) { - const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs6.existsSync(jsonFilePath)) { - logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); - return void 0; - } - const jsonContents = fs6.readFileSync(jsonFilePath, "utf8"); - logger.debug( - `Read pr-diff-range JSON file from ${jsonFilePath}: -${jsonContents}` - ); - return JSON.parse(jsonContents); -} - // src/trap-caching.ts var actionsCache2 = __toESM(require_cache3()); diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index cefb82f74f..0ef319dbc1 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -117341,33 +117341,6 @@ var PACK_IDENTIFIER_PATTERN = (function() { // src/feature-flags.ts var semver4 = __toESM(require_semver2()); -// src/overlay-database-utils.ts -var actionsCache = __toESM(require_cache3()); - -// src/git-utils.ts -var core7 = __toESM(require_core()); -var toolrunner2 = __toESM(require_toolrunner()); -var io3 = __toESM(require_io()); - -// src/logging.ts -var core8 = __toESM(require_core()); -function getActionsLogger() { - return core8; -} -function withGroup(groupName, f) { - core8.startGroup(groupName); - try { - return f(); - } finally { - core8.endGroup(); - } -} - -// src/overlay-database-utils.ts -var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4"; -var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 15e3; -var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6; - // src/tools-features.ts var semver3 = __toESM(require_semver2()); var SafeArtifactUploadVersion = "2.20.3"; @@ -117425,7 +117398,7 @@ var featureConfig = { ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", - minimumVersion: CODEQL_OVERLAY_MINIMUM_VERSION + minimumVersion: void 0 }, ["overlay_analysis_actions" /* OverlayAnalysisActions */]: { defaultValue: false, @@ -117551,6 +117524,32 @@ var featureConfig = { } }; +// src/git-utils.ts +var core7 = __toESM(require_core()); +var toolrunner2 = __toESM(require_toolrunner()); +var io3 = __toESM(require_io()); + +// src/overlay-database-utils.ts +var actionsCache = __toESM(require_cache3()); + +// src/logging.ts +var core8 = __toESM(require_core()); +function getActionsLogger() { + return core8; +} +function withGroup(groupName, f) { + core8.startGroup(groupName); + try { + return f(); + } finally { + core8.endGroup(); + } +} + +// src/overlay-database-utils.ts +var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 15e3; +var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6; + // src/trap-caching.ts var actionsCache2 = __toESM(require_cache3()); diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index a79e1b0689..b73ee73af7 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -88927,294 +88927,14 @@ function wrapApiConfigurationError(e) { } // src/feature-flags.ts -var fs6 = __toESM(require("fs")); -var path8 = __toESM(require("path")); +var fs5 = __toESM(require("fs")); +var path7 = __toESM(require("path")); var semver3 = __toESM(require_semver2()); // src/defaults.json var bundleVersion = "codeql-bundle-v2.23.1"; var cliVersion = "2.23.1"; -// src/overlay-database-utils.ts -var fs5 = __toESM(require("fs")); -var path7 = __toESM(require("path")); -var actionsCache = __toESM(require_cache3()); - -// src/git-utils.ts -var core6 = __toESM(require_core()); -var toolrunner2 = __toESM(require_toolrunner()); -var io3 = __toESM(require_io()); -var runGitCommand = async function(workingDirectory, args, customErrorMessage) { - let stdout = ""; - let stderr = ""; - core6.debug(`Running git command: git ${args.join(" ")}`); - try { - await new toolrunner2.ToolRunner(await io3.which("git", true), args, { - silent: true, - listeners: { - stdout: (data) => { - stdout += data.toString(); - }, - stderr: (data) => { - stderr += data.toString(); - } - }, - cwd: workingDirectory - }).exec(); - return stdout; - } catch (error2) { - let reason = stderr; - if (stderr.includes("not a git repository")) { - reason = "The checkout path provided to the action does not appear to be a git repository."; - } - core6.info(`git call failed. ${customErrorMessage} Error: ${reason}`); - throw error2; - } -}; -var getCommitOid = async function(checkoutPath, ref = "HEAD") { - try { - const stdout = await runGitCommand( - checkoutPath, - ["rev-parse", ref], - "Continuing with commit SHA from user input or environment." - ); - return stdout.trim(); - } catch { - return getOptionalInput("sha") || getRequiredEnvParam("GITHUB_SHA"); - } -}; -var determineBaseBranchHeadCommitOid = async function(checkoutPathOverride) { - if (getWorkflowEventName() !== "pull_request") { - return void 0; - } - const mergeSha = getRequiredEnvParam("GITHUB_SHA"); - const checkoutPath = checkoutPathOverride ?? getOptionalInput("checkout_path"); - try { - let commitOid = ""; - let baseOid = ""; - let headOid = ""; - const stdout = await runGitCommand( - checkoutPath, - ["show", "-s", "--format=raw", mergeSha], - "Will calculate the base branch SHA on the server." - ); - for (const data of stdout.split("\n")) { - if (data.startsWith("commit ") && commitOid === "") { - commitOid = data.substring(7); - } else if (data.startsWith("parent ")) { - if (baseOid === "") { - baseOid = data.substring(7); - } else if (headOid === "") { - headOid = data.substring(7); - } - } - } - if (commitOid === mergeSha && headOid.length === 40 && baseOid.length === 40) { - return baseOid; - } - return void 0; - } catch { - return void 0; - } -}; -var decodeGitFilePath = function(filePath) { - if (filePath.startsWith('"') && filePath.endsWith('"')) { - filePath = filePath.substring(1, filePath.length - 1); - return filePath.replace( - /\\([abfnrtv\\"]|[0-7]{1,3})/g, - (_match, seq2) => { - switch (seq2[0]) { - case "a": - return "\x07"; - case "b": - return "\b"; - case "f": - return "\f"; - case "n": - return "\n"; - case "r": - return "\r"; - case "t": - return " "; - case "v": - return "\v"; - case "\\": - return "\\"; - case '"': - return '"'; - default: - return String.fromCharCode(parseInt(seq2, 8)); - } - } - ); - } - return filePath; -}; -var getFileOidsUnderPath = async function(basePath) { - const stdout = await runGitCommand( - basePath, - ["ls-files", "--recurse-submodules", "--format=%(objectname)_%(path)"], - "Cannot list Git OIDs of tracked files." - ); - const fileOidMap = {}; - const regex = /^([0-9a-f]{40})_(.+)$/; - for (const line of stdout.split("\n")) { - if (line) { - const match = line.match(regex); - if (match) { - const oid = match[1]; - const path16 = decodeGitFilePath(match[2]); - fileOidMap[path16] = oid; - } else { - throw new Error(`Unexpected "git ls-files" output: ${line}`); - } - } - } - return fileOidMap; -}; -function getRefFromEnv() { - let refEnv; - try { - refEnv = getRequiredEnvParam("GITHUB_REF"); - } catch (e) { - const maybeRef = process.env["CODE_SCANNING_REF"]; - if (maybeRef === void 0 || maybeRef.length === 0) { - throw e; - } - refEnv = maybeRef; - } - return refEnv; -} -async function getRef() { - const refInput = getOptionalInput("ref"); - const shaInput = getOptionalInput("sha"); - const checkoutPath = getOptionalInput("checkout_path") || getOptionalInput("source-root") || getRequiredEnvParam("GITHUB_WORKSPACE"); - const hasRefInput = !!refInput; - const hasShaInput = !!shaInput; - if ((hasRefInput || hasShaInput) && !(hasRefInput && hasShaInput)) { - throw new ConfigurationError( - "Both 'ref' and 'sha' are required if one of them is provided." - ); - } - const ref = refInput || getRefFromEnv(); - const sha = shaInput || getRequiredEnvParam("GITHUB_SHA"); - if (refInput) { - return refInput; - } - const pull_ref_regex = /refs\/pull\/(\d+)\/merge/; - if (!pull_ref_regex.test(ref)) { - return ref; - } - const head = await getCommitOid(checkoutPath, "HEAD"); - const hasChangedRef = sha !== head && await getCommitOid( - checkoutPath, - ref.replace(/^refs\/pull\//, "refs/remotes/pull/") - ) !== head; - if (hasChangedRef) { - const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); - core6.debug( - `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` - ); - return newRef; - } else { - return ref; - } -} -function removeRefsHeadsPrefix(ref) { - return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref; -} -async function isAnalyzingDefaultBranch() { - if (process.env.CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH === "true") { - return true; - } - let currentRef = await getRef(); - currentRef = removeRefsHeadsPrefix(currentRef); - const event = getWorkflowEvent(); - let defaultBranch = event?.repository?.default_branch; - if (getWorkflowEventName() === "schedule") { - defaultBranch = removeRefsHeadsPrefix(getRefFromEnv()); - } - return currentRef === defaultBranch; -} - -// src/logging.ts -var core7 = __toESM(require_core()); -function getActionsLogger() { - return core7; -} -function formatDuration(durationMs) { - if (durationMs < 1e3) { - return `${durationMs}ms`; - } - if (durationMs < 60 * 1e3) { - return `${(durationMs / 1e3).toFixed(1)}s`; - } - const minutes = Math.floor(durationMs / (60 * 1e3)); - const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3); - return `${minutes}m${seconds}s`; -} - -// src/overlay-database-utils.ts -var CODEQL_OVERLAY_MINIMUM_VERSION = "2.22.4"; -var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 15e3; -var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6; -async function writeBaseDatabaseOidsFile(config, sourceRoot) { - const gitFileOids = await getFileOidsUnderPath(sourceRoot); - const gitFileOidsJson = JSON.stringify(gitFileOids); - const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - await fs5.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); -} -async function readBaseDatabaseOidsFile(config, logger) { - const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); - try { - const contents = await fs5.promises.readFile( - baseDatabaseOidsFilePath, - "utf-8" - ); - return JSON.parse(contents); - } catch (e) { - logger.error( - `Failed to read overlay-base file OIDs from ${baseDatabaseOidsFilePath}: ${e.message || e}` - ); - throw e; - } -} -function getBaseDatabaseOidsFilePath(config) { - return path7.join(config.dbLocation, "base-database-oids.json"); -} -async function writeOverlayChangesFile(config, sourceRoot, logger) { - const baseFileOids = await readBaseDatabaseOidsFile(config, logger); - const overlayFileOids = await getFileOidsUnderPath(sourceRoot); - const changedFiles = computeChangedFiles(baseFileOids, overlayFileOids); - logger.info( - `Found ${changedFiles.length} changed file(s) under ${sourceRoot}.` - ); - const changedFilesJson = JSON.stringify({ changes: changedFiles }); - const overlayChangesFile = path7.join( - getTemporaryDirectory(), - "overlay-changes.json" - ); - logger.debug( - `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` - ); - await fs5.promises.writeFile(overlayChangesFile, changedFilesJson); - return overlayChangesFile; -} -function computeChangedFiles(baseFileOids, overlayFileOids) { - const changes = []; - for (const [file, oid] of Object.entries(overlayFileOids)) { - if (!(file in baseFileOids) || baseFileOids[file] !== oid) { - changes.push(file); - } - } - for (const file of Object.keys(baseFileOids)) { - if (!(file in overlayFileOids)) { - changes.push(file); - } - } - return changes; -} - // src/tools-features.ts var semver2 = __toESM(require_semver2()); function isSupportedToolsFeature(versionInfo, feature) { @@ -89274,7 +88994,7 @@ var featureConfig = { ["overlay_analysis" /* OverlayAnalysis */]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", - minimumVersion: CODEQL_OVERLAY_MINIMUM_VERSION + minimumVersion: void 0 }, ["overlay_analysis_actions" /* OverlayAnalysisActions */]: { defaultValue: false, @@ -89406,7 +89126,7 @@ var Features = class { this.gitHubFeatureFlags = new GitHubFeatureFlags( gitHubVersion, repositoryNwo, - path8.join(tempDir, FEATURE_FLAGS_FILE_NAME), + path7.join(tempDir, FEATURE_FLAGS_FILE_NAME), logger ); } @@ -89585,12 +89305,12 @@ var GitHubFeatureFlags = class { } async readLocalFlags() { try { - if (fs6.existsSync(this.featureFlagsFile)) { + if (fs5.existsSync(this.featureFlagsFile)) { this.logger.debug( `Loading feature flags from ${this.featureFlagsFile}` ); return JSON.parse( - fs6.readFileSync(this.featureFlagsFile, "utf8") + fs5.readFileSync(this.featureFlagsFile, "utf8") ); } } catch (e) { @@ -89603,7 +89323,7 @@ var GitHubFeatureFlags = class { async writeLocalFlags(flags) { try { this.logger.debug(`Writing feature flags to ${this.featureFlagsFile}`); - fs6.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); + fs5.writeFileSync(this.featureFlagsFile, JSON.stringify(flags)); } catch (e) { this.logger.warning( `Error writing cached feature flags file ${this.featureFlagsFile}: ${e}.` @@ -89664,6 +89384,23 @@ var GitHubFeatureFlags = class { } }; +// src/logging.ts +var core6 = __toESM(require_core()); +function getActionsLogger() { + return core6; +} +function formatDuration(durationMs) { + if (durationMs < 1e3) { + return `${durationMs}ms`; + } + if (durationMs < 60 * 1e3) { + return `${(durationMs / 1e3).toFixed(1)}s`; + } + const minutes = Math.floor(durationMs / (60 * 1e3)); + const seconds = Math.floor(durationMs % (60 * 1e3) / 1e3); + return `${minutes}m${seconds}s`; +} + // src/status-report.ts var os = __toESM(require("os")); var core9 = __toESM(require_core()); @@ -89673,7 +89410,7 @@ var fs8 = __toESM(require("fs")); var path10 = __toESM(require("path")); // src/caching-utils.ts -var core8 = __toESM(require_core()); +var core7 = __toESM(require_core()); // src/config/db-config.ts var semver4 = __toESM(require_semver2()); @@ -89685,18 +89422,18 @@ var PACK_IDENTIFIER_PATTERN = (function() { })(); // src/diff-informed-analysis-utils.ts -var fs7 = __toESM(require("fs")); -var path9 = __toESM(require("path")); +var fs6 = __toESM(require("fs")); +var path8 = __toESM(require("path")); function getDiffRangesJsonFilePath() { - return path9.join(getTemporaryDirectory(), "pr-diff-range.json"); + return path8.join(getTemporaryDirectory(), "pr-diff-range.json"); } function readDiffRangesJsonFile(logger) { const jsonFilePath = getDiffRangesJsonFilePath(); - if (!fs7.existsSync(jsonFilePath)) { + if (!fs6.existsSync(jsonFilePath)) { logger.debug(`Diff ranges JSON file does not exist at ${jsonFilePath}`); return void 0; } - const jsonContents = fs7.readFileSync(jsonFilePath, "utf8"); + const jsonContents = fs6.readFileSync(jsonFilePath, "utf8"); logger.debug( `Read pr-diff-range JSON file from ${jsonFilePath}: ${jsonContents}` @@ -89704,6 +89441,266 @@ ${jsonContents}` return JSON.parse(jsonContents); } +// src/git-utils.ts +var core8 = __toESM(require_core()); +var toolrunner2 = __toESM(require_toolrunner()); +var io3 = __toESM(require_io()); +var runGitCommand = async function(workingDirectory, args, customErrorMessage) { + let stdout = ""; + let stderr = ""; + core8.debug(`Running git command: git ${args.join(" ")}`); + try { + await new toolrunner2.ToolRunner(await io3.which("git", true), args, { + silent: true, + listeners: { + stdout: (data) => { + stdout += data.toString(); + }, + stderr: (data) => { + stderr += data.toString(); + } + }, + cwd: workingDirectory + }).exec(); + return stdout; + } catch (error2) { + let reason = stderr; + if (stderr.includes("not a git repository")) { + reason = "The checkout path provided to the action does not appear to be a git repository."; + } + core8.info(`git call failed. ${customErrorMessage} Error: ${reason}`); + throw error2; + } +}; +var getCommitOid = async function(checkoutPath, ref = "HEAD") { + try { + const stdout = await runGitCommand( + checkoutPath, + ["rev-parse", ref], + "Continuing with commit SHA from user input or environment." + ); + return stdout.trim(); + } catch { + return getOptionalInput("sha") || getRequiredEnvParam("GITHUB_SHA"); + } +}; +var determineBaseBranchHeadCommitOid = async function(checkoutPathOverride) { + if (getWorkflowEventName() !== "pull_request") { + return void 0; + } + const mergeSha = getRequiredEnvParam("GITHUB_SHA"); + const checkoutPath = checkoutPathOverride ?? getOptionalInput("checkout_path"); + try { + let commitOid = ""; + let baseOid = ""; + let headOid = ""; + const stdout = await runGitCommand( + checkoutPath, + ["show", "-s", "--format=raw", mergeSha], + "Will calculate the base branch SHA on the server." + ); + for (const data of stdout.split("\n")) { + if (data.startsWith("commit ") && commitOid === "") { + commitOid = data.substring(7); + } else if (data.startsWith("parent ")) { + if (baseOid === "") { + baseOid = data.substring(7); + } else if (headOid === "") { + headOid = data.substring(7); + } + } + } + if (commitOid === mergeSha && headOid.length === 40 && baseOid.length === 40) { + return baseOid; + } + return void 0; + } catch { + return void 0; + } +}; +var decodeGitFilePath = function(filePath) { + if (filePath.startsWith('"') && filePath.endsWith('"')) { + filePath = filePath.substring(1, filePath.length - 1); + return filePath.replace( + /\\([abfnrtv\\"]|[0-7]{1,3})/g, + (_match, seq2) => { + switch (seq2[0]) { + case "a": + return "\x07"; + case "b": + return "\b"; + case "f": + return "\f"; + case "n": + return "\n"; + case "r": + return "\r"; + case "t": + return " "; + case "v": + return "\v"; + case "\\": + return "\\"; + case '"': + return '"'; + default: + return String.fromCharCode(parseInt(seq2, 8)); + } + } + ); + } + return filePath; +}; +var getFileOidsUnderPath = async function(basePath) { + const stdout = await runGitCommand( + basePath, + ["ls-files", "--recurse-submodules", "--format=%(objectname)_%(path)"], + "Cannot list Git OIDs of tracked files." + ); + const fileOidMap = {}; + const regex = /^([0-9a-f]{40})_(.+)$/; + for (const line of stdout.split("\n")) { + if (line) { + const match = line.match(regex); + if (match) { + const oid = match[1]; + const path16 = decodeGitFilePath(match[2]); + fileOidMap[path16] = oid; + } else { + throw new Error(`Unexpected "git ls-files" output: ${line}`); + } + } + } + return fileOidMap; +}; +function getRefFromEnv() { + let refEnv; + try { + refEnv = getRequiredEnvParam("GITHUB_REF"); + } catch (e) { + const maybeRef = process.env["CODE_SCANNING_REF"]; + if (maybeRef === void 0 || maybeRef.length === 0) { + throw e; + } + refEnv = maybeRef; + } + return refEnv; +} +async function getRef() { + const refInput = getOptionalInput("ref"); + const shaInput = getOptionalInput("sha"); + const checkoutPath = getOptionalInput("checkout_path") || getOptionalInput("source-root") || getRequiredEnvParam("GITHUB_WORKSPACE"); + const hasRefInput = !!refInput; + const hasShaInput = !!shaInput; + if ((hasRefInput || hasShaInput) && !(hasRefInput && hasShaInput)) { + throw new ConfigurationError( + "Both 'ref' and 'sha' are required if one of them is provided." + ); + } + const ref = refInput || getRefFromEnv(); + const sha = shaInput || getRequiredEnvParam("GITHUB_SHA"); + if (refInput) { + return refInput; + } + const pull_ref_regex = /refs\/pull\/(\d+)\/merge/; + if (!pull_ref_regex.test(ref)) { + return ref; + } + const head = await getCommitOid(checkoutPath, "HEAD"); + const hasChangedRef = sha !== head && await getCommitOid( + checkoutPath, + ref.replace(/^refs\/pull\//, "refs/remotes/pull/") + ) !== head; + if (hasChangedRef) { + const newRef = ref.replace(pull_ref_regex, "refs/pull/$1/head"); + core8.debug( + `No longer on merge commit, rewriting ref from ${ref} to ${newRef}.` + ); + return newRef; + } else { + return ref; + } +} +function removeRefsHeadsPrefix(ref) { + return ref.startsWith("refs/heads/") ? ref.slice("refs/heads/".length) : ref; +} +async function isAnalyzingDefaultBranch() { + if (process.env.CODE_SCANNING_IS_ANALYZING_DEFAULT_BRANCH === "true") { + return true; + } + let currentRef = await getRef(); + currentRef = removeRefsHeadsPrefix(currentRef); + const event = getWorkflowEvent(); + let defaultBranch = event?.repository?.default_branch; + if (getWorkflowEventName() === "schedule") { + defaultBranch = removeRefsHeadsPrefix(getRefFromEnv()); + } + return currentRef === defaultBranch; +} + +// src/overlay-database-utils.ts +var fs7 = __toESM(require("fs")); +var path9 = __toESM(require("path")); +var actionsCache = __toESM(require_cache3()); +var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB = 15e3; +var OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_BYTES = OVERLAY_BASE_DATABASE_MAX_UPLOAD_SIZE_MB * 1e6; +async function writeBaseDatabaseOidsFile(config, sourceRoot) { + const gitFileOids = await getFileOidsUnderPath(sourceRoot); + const gitFileOidsJson = JSON.stringify(gitFileOids); + const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); + await fs7.promises.writeFile(baseDatabaseOidsFilePath, gitFileOidsJson); +} +async function readBaseDatabaseOidsFile(config, logger) { + const baseDatabaseOidsFilePath = getBaseDatabaseOidsFilePath(config); + try { + const contents = await fs7.promises.readFile( + baseDatabaseOidsFilePath, + "utf-8" + ); + return JSON.parse(contents); + } catch (e) { + logger.error( + `Failed to read overlay-base file OIDs from ${baseDatabaseOidsFilePath}: ${e.message || e}` + ); + throw e; + } +} +function getBaseDatabaseOidsFilePath(config) { + return path9.join(config.dbLocation, "base-database-oids.json"); +} +async function writeOverlayChangesFile(config, sourceRoot, logger) { + const baseFileOids = await readBaseDatabaseOidsFile(config, logger); + const overlayFileOids = await getFileOidsUnderPath(sourceRoot); + const changedFiles = computeChangedFiles(baseFileOids, overlayFileOids); + logger.info( + `Found ${changedFiles.length} changed file(s) under ${sourceRoot}.` + ); + const changedFilesJson = JSON.stringify({ changes: changedFiles }); + const overlayChangesFile = path9.join( + getTemporaryDirectory(), + "overlay-changes.json" + ); + logger.debug( + `Writing overlay changed files to ${overlayChangesFile}: ${changedFilesJson}` + ); + await fs7.promises.writeFile(overlayChangesFile, changedFilesJson); + return overlayChangesFile; +} +function computeChangedFiles(baseFileOids, overlayFileOids) { + const changes = []; + for (const [file, oid] of Object.entries(overlayFileOids)) { + if (!(file in baseFileOids) || baseFileOids[file] !== oid) { + changes.push(file); + } + } + for (const file of Object.keys(baseFileOids)) { + if (!(file in overlayFileOids)) { + changes.push(file); + } + } + return changes; +} + // src/trap-caching.ts var actionsCache2 = __toESM(require_cache3()); diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index 566a719ca0..34f15ddc73 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -65,16 +65,6 @@ function createTestInitConfigInputs( debugDatabaseName: "", repository: { owner: "github", repo: "example" }, tempDir: "", - codeql: createStubCodeQL({ - async betterResolveLanguages() { - return { - extractors: { - html: [{ extractor_root: "" }], - javascript: [{ extractor_root: "" }], - }, - }; - }, - }), workspacePath: "", sourceRoot: "", githubVersion, @@ -99,6 +89,20 @@ function createConfigFile(inputFileContents: string, tmpDir: string): string { return configFilePath; } +// Returns a default CodeQL stub for tests +function createDefaultTestCodeQL() { + return createStubCodeQL({ + async betterResolveLanguages() { + return { + extractors: { + html: [{ extractor_root: "" }], + javascript: [{ extractor_root: "" }], + }, + }; + }, + }); +} + type GetContentsResponse = { content?: string } | object[]; function mockGetContents( @@ -153,19 +157,19 @@ test("load empty config", async (t) => { languagesInput: languages, repository: { owner: "github", repo: "example" }, tempDir, - codeql, logger, }), + codeql, ); const expectedConfig = await configUtils.initActionState( createTestInitConfigInputs({ languagesInput: languages, tempDir, - codeql, logger, }), {}, + codeql, ); t.deepEqual(config, expectedConfig); @@ -193,9 +197,9 @@ test("load code quality config", async (t) => { languagesInput: languages, repository: { owner: "github", repo: "example" }, tempDir, - codeql, logger, }), + codeql, ); // And the config we expect it to result in @@ -277,10 +281,10 @@ test("initActionState doesn't throw if there are queries configured in the repos languagesInput: languages, repository: { owner: "github", repo: "example" }, tempDir, - codeql, repositoryProperties, logger, }), + codeql, ); t.deepEqual(config, expectedConfig); @@ -313,10 +317,10 @@ test("loading a saved config produces the same config", async (t) => { createTestInitConfigInputs({ languagesInput: "javascript,python", tempDir, - codeql, workspacePath: tempDir, logger, }), + codeql, ); await configUtils.saveConfig(config1, logger); @@ -364,10 +368,10 @@ test("loading config with version mismatch throws", async (t) => { createTestInitConfigInputs({ languagesInput: "javascript,python", tempDir, - codeql, workspacePath: tempDir, logger, }), + codeql, ); // initConfig does not save the config, so we do it here. await configUtils.saveConfig(config, logger); @@ -394,6 +398,7 @@ test("load input outside of workspace", async (t) => { tempDir, workspacePath: tempDir, }), + createDefaultTestCodeQL(), ); throw new Error("initConfig did not throw error"); } catch (err) { @@ -421,6 +426,7 @@ test("load non-local input with invalid repo syntax", async (t) => { tempDir, workspacePath: tempDir, }), + createDefaultTestCodeQL(), ); throw new Error("initConfig did not throw error"); } catch (err) { @@ -450,6 +456,7 @@ test("load non-existent input", async (t) => { tempDir, workspacePath: tempDir, }), + createDefaultTestCodeQL(), ); throw new Error("initConfig did not throw error"); } catch (err) { @@ -534,9 +541,9 @@ test("load non-empty input", async (t) => { debugArtifactName: "my-artifact", debugDatabaseName: "my-db", tempDir, - codeql, workspacePath: tempDir, }), + codeql, ); // Should exactly equal the object we constructed earlier @@ -582,16 +589,15 @@ test("Using config input and file together, config input should be used.", async // Only JS, python packs will be ignored const languagesInput = "javascript"; - const config = await configUtils.initConfig( - createTestInitConfigInputs({ - languagesInput, - configFile: configFilePath, - configInput, - tempDir, - codeql, - workspacePath: tempDir, - }), - ); + const inputs = createTestInitConfigInputs({ + languagesInput, + configFile: configFilePath, + configInput, + tempDir, + workspacePath: tempDir, + }); + configUtils.amendInputConfigFile(inputs, inputs.logger); + const config = await configUtils.initConfig(inputs, codeql); t.deepEqual(config.originalUserInput, yaml.load(configInput)); }); @@ -637,9 +643,9 @@ test("API client used when reading remote config", async (t) => { languagesInput, configFile, tempDir, - codeql, workspacePath: tempDir, }), + codeql, ); t.assert(spyGetContents.called); }); @@ -658,6 +664,7 @@ test("Remote config handles the case where a directory is provided", async (t) = tempDir, workspacePath: tempDir, }), + createDefaultTestCodeQL(), ); throw new Error("initConfig did not throw error"); } catch (err) { @@ -686,6 +693,7 @@ test("Invalid format of remote config handled correctly", async (t) => { tempDir, workspacePath: tempDir, }), + createDefaultTestCodeQL(), ); throw new Error("initConfig did not throw error"); } catch (err) { @@ -712,9 +720,9 @@ test("No detected languages", async (t) => { await configUtils.initConfig( createTestInitConfigInputs({ tempDir, - codeql, workspacePath: tempDir, }), + codeql, ); throw new Error("initConfig did not throw error"); } catch (err) { @@ -737,6 +745,7 @@ test("Unknown languages", async (t) => { tempDir, workspacePath: tempDir, }), + createDefaultTestCodeQL(), ); throw new Error("initConfig did not throw error"); } catch (err) { @@ -987,7 +996,7 @@ interface OverlayDatabaseModeTestSetup { isDefaultBranch: boolean; repositoryOwner: string; buildMode: BuildMode | undefined; - languages: Language[]; + languages: string[]; codeqlVersion: string; gitRoot: string | undefined; codeScanningConfig: configUtils.UserConfig; @@ -1014,6 +1023,8 @@ const getOverlayDatabaseModeMacro = test.macro({ expected: { overlayDatabaseMode: OverlayDatabaseMode; useOverlayDatabaseCaching: boolean; + preliminaryOverlayDatabaseMode?: OverlayDatabaseMode; + preliminaryUseOverlayDatabaseCaching?: boolean; }, ) => { return await withTmpDir(async (tempDir) => { @@ -1075,13 +1086,51 @@ const getOverlayDatabaseModeMacro = test.macro({ repository, features, setup.languages, + setup.languages.join(","), tempDir, // sourceRoot setup.buildMode, setup.codeScanningConfig, logger, ); - t.deepEqual(result, expected); + const expectedResult = { + overlayDatabaseMode: expected.overlayDatabaseMode, + useOverlayDatabaseCaching: expected.useOverlayDatabaseCaching, + }; + t.deepEqual(result, expectedResult); + + let configFile: string | undefined; + if (Object.keys(setup.codeScanningConfig).length > 0) { + configFile = createConfigFile( + yaml.dump(setup.codeScanningConfig), + tempDir, + ); + } + + // Test getPreliminaryOverlayDatabaseMode as well + const preliminaryResult = + await configUtils.getPreliminaryOverlayDatabaseMode( + createTestInitConfigInputs({ + languagesInput: setup.languages.join(","), + configFile, + features, + tempDir, + workspacePath: tempDir, + sourceRoot: tempDir, + repository, + logger, + }), + ); + + const expectedPreliminaryResult = { + overlayDatabaseMode: + expected.preliminaryOverlayDatabaseMode ?? + expected.overlayDatabaseMode, + useOverlayDatabaseCaching: + expected.preliminaryUseOverlayDatabaseCaching ?? + expected.useOverlayDatabaseCaching, + }; + t.deepEqual(preliminaryResult, expectedPreliminaryResult); } finally { // Restore the original environment process.env = originalEnv; @@ -1336,6 +1385,20 @@ test( }, ); +test( + getOverlayDatabaseModeMacro, + "Overlay analysis on PR when feature enabled via language alias", + { + languages: ["javascript-typescript"], + features: [Feature.OverlayAnalysis, Feature.OverlayAnalysisJavascript], + isPullRequest: true, + }, + { + overlayDatabaseMode: OverlayDatabaseMode.Overlay, + useOverlayDatabaseCaching: true, + }, +); + test( getOverlayDatabaseModeMacro, "Overlay analysis on PR when feature enabled with custom analysis", @@ -1492,6 +1555,20 @@ test( }, ); +test( + getOverlayDatabaseModeMacro, + "No overlay analysis on PR when the language is unknown", + { + languages: ["cobol"], + features: [Feature.OverlayAnalysis], + isPullRequest: true, + }, + { + overlayDatabaseMode: OverlayDatabaseMode.None, + useOverlayDatabaseCaching: false, + }, +); + test( getOverlayDatabaseModeMacro, "Overlay PR analysis by env for dsp-testing", @@ -1559,6 +1636,8 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, + preliminaryOverlayDatabaseMode: OverlayDatabaseMode.Overlay, + preliminaryUseOverlayDatabaseCaching: false, }, ); @@ -1573,6 +1652,8 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, + preliminaryOverlayDatabaseMode: OverlayDatabaseMode.Overlay, + preliminaryUseOverlayDatabaseCaching: false, }, ); @@ -1586,6 +1667,8 @@ test( { overlayDatabaseMode: OverlayDatabaseMode.None, useOverlayDatabaseCaching: false, + preliminaryOverlayDatabaseMode: OverlayDatabaseMode.Overlay, + preliminaryUseOverlayDatabaseCaching: false, }, ); diff --git a/src/config-utils.ts b/src/config-utils.ts index fe4b392ab2..0c5f36f226 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -33,6 +33,7 @@ import { CODEQL_OVERLAY_MINIMUM_VERSION, OverlayDatabaseMode, } from "./overlay-database-utils"; +import * as overlayLanguageAliases from "./overlay-language-aliases.json"; import { RepositoryNwo } from "./repository"; import { downloadTrapCaches } from "./trap-caching"; import { @@ -331,6 +332,36 @@ export async function getLanguages( return languages; } +/** + * Get the (unverified) languages for overlay analysis. + * + * This is a simplified version of `getLanguages` that only resolves language + * aliases but does not check if the languages are actually supported by the + * CodeQL CLI. It is intended to be used for overlay analysis preparations + * before the CodeQL CLI is available. + */ +async function getUnverifiedLanguagesForOverlay( + languagesInput: string | undefined, + repository: RepositoryNwo, + sourceRoot: string, + logger: Logger, +): Promise { + // Obtain languages without filtering them. + const { rawLanguages } = await getRawLanguages( + languagesInput, + repository, + sourceRoot, + logger, + ); + const languageAliases = overlayLanguageAliases as Record; + + const languagesSet: string[] = []; + for (const language of rawLanguages) { + languagesSet.push(languageAliases[language] || language); + } + return languagesSet; +} + export function getRawLanguagesNoAutodetect( languagesInput: string | undefined, ): string[] { @@ -389,7 +420,6 @@ export interface InitConfigInputs { debugDatabaseName: string; repository: RepositoryNwo; tempDir: string; - codeql: CodeQL; workspacePath: string; sourceRoot: string; githubVersion: GitHubVersion; @@ -419,7 +449,6 @@ export async function initActionState( debugDatabaseName, repository, tempDir, - codeql, sourceRoot, githubVersion, features, @@ -427,6 +456,7 @@ export async function initActionState( logger, }: InitConfigInputs, userConfig: UserConfig, + codeql: CodeQL, ): Promise { const analysisKinds = await parseAnalysisKinds(analysisKindsInput); @@ -539,12 +569,48 @@ async function downloadCacheWithTime( return { trapCaches, trapCacheDownloadTime }; } +/** + * Amends the input config file if configInput is provided. + * If configInput is set, it takes precedence over configFile. + * + * This function should be called only once on any specific `InitConfigInputs` + * object. Otherwise it could emit a false warning. + */ +export function amendInputConfigFile( + inputs: InitConfigInputs, + logger: Logger, +): void { + // if configInput is set, it takes precedence over configFile + if (inputs.configInput) { + if (inputs.configFile) { + logger.warning( + `Both a config file and config input were provided. Ignoring config file.`, + ); + } + inputs.configFile = userConfigFromActionPath(inputs.tempDir); + fs.writeFileSync(inputs.configFile, inputs.configInput); + logger.debug(`Using config from action input: ${inputs.configFile}`); + } +} + +/** + * Load user configuration from a file or return an empty configuration + * if no config file is specified. + */ async function loadUserConfig( - configFile: string, + configFile: string | undefined, workspacePath: string, apiDetails: api.GitHubApiCombinedDetails, tempDir: string, + logger: Logger, ): Promise { + if (!configFile) { + logger.debug("No configuration file was provided"); + return {}; + } + + logger.debug(`Using configuration file: ${configFile}`); + if (isLocal(configFile)) { if (configFile !== userConfigFromActionPath(tempDir)) { // If the config file is not generated by the Action, it should be relative to the workspace. @@ -589,32 +655,38 @@ const OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES: Record = { }; async function isOverlayAnalysisFeatureEnabled( + codeScanningConfig: UserConfig, + languagesInput: string | undefined, repository: RepositoryNwo, + sourceRoot: string, features: FeatureEnablement, - codeql: CodeQL, - languages: Language[], - codeScanningConfig: UserConfig, + logger: Logger, ): Promise { // TODO: Remove the repository owner check once support for overlay analysis // stabilizes, and no more backward-incompatible changes are expected. if (!["github", "dsp-testing"].includes(repository.owner)) { return false; } - if (!(await features.getValue(Feature.OverlayAnalysis, codeql))) { + if (!(await features.getValue(Feature.OverlayAnalysis))) { return false; } + + const languages = await getUnverifiedLanguagesForOverlay( + languagesInput, + repository, + sourceRoot, + logger, + ); + let enableForCodeScanningOnly = false; for (const language of languages) { const feature = OVERLAY_ANALYSIS_FEATURES[language]; - if (feature && (await features.getValue(feature, codeql))) { + if (feature && (await features.getValue(feature))) { continue; } const codeScanningFeature = OVERLAY_ANALYSIS_CODE_SCANNING_FEATURES[language]; - if ( - codeScanningFeature && - (await features.getValue(codeScanningFeature, codeql)) - ) { + if (codeScanningFeature && (await features.getValue(codeScanningFeature))) { enableForCodeScanningOnly = true; continue; } @@ -652,14 +724,18 @@ async function isOverlayAnalysisFeatureEnabled( * For `Overlay` and `OverlayBase`, the function performs further checks and * reverts to `None` if any check should fail. * + * If `codeql` or `languages` is undefined, the function will skip checks that + * depend on them. + * * @returns An object containing the overlay database mode and whether the * action should perform overlay-base database caching. */ export async function getOverlayDatabaseMode( - codeql: CodeQL, + codeql: CodeQL | undefined, repository: RepositoryNwo, features: FeatureEnablement, - languages: Language[], + languages: Language[] | undefined, + languagesInput: string | undefined, sourceRoot: string, buildMode: BuildMode | undefined, codeScanningConfig: UserConfig, @@ -686,11 +762,12 @@ export async function getOverlayDatabaseMode( ); } else if ( await isOverlayAnalysisFeatureEnabled( + codeScanningConfig, + languagesInput, repository, + sourceRoot, features, - codeql, - languages, - codeScanningConfig, + logger, ) ) { if (isAnalyzingPullRequest()) { @@ -720,6 +797,8 @@ export async function getOverlayDatabaseMode( } if ( + codeql !== undefined && + languages !== undefined && buildMode !== BuildMode.None && ( await Promise.all( @@ -734,7 +813,10 @@ export async function getOverlayDatabaseMode( ); return nonOverlayAnalysis; } - if (!(await codeQlVersionAtLeast(codeql, CODEQL_OVERLAY_MINIMUM_VERSION))) { + if ( + codeql !== undefined && + !(await codeQlVersionAtLeast(codeql, CODEQL_OVERLAY_MINIMUM_VERSION)) + ) { logger.warning( `Cannot build an ${overlayDatabaseMode} database because ` + `the CodeQL CLI is older than ${CODEQL_OVERLAY_MINIMUM_VERSION}. ` + @@ -757,6 +839,62 @@ export async function getOverlayDatabaseMode( }; } +/** + * Get preliminary overlay database mode using only the information available + * in InitConfigInputs, without depending on CodeQL. + * + * This is a simplified version of getOverlayDatabaseMode that can be called + * before the CodeQL CLI is available. + * + * @param inputs The initialization configuration inputs. + * @returns An object containing the overlay database mode and whether the + * action should perform overlay-base database caching. + */ +export async function getPreliminaryOverlayDatabaseMode( + inputs: InitConfigInputs, +): Promise<{ + overlayDatabaseMode: OverlayDatabaseMode; + useOverlayDatabaseCaching: boolean; +}> { + const userConfig = await loadUserConfig( + inputs.configFile, + inputs.workspacePath, + inputs.apiDetails, + inputs.tempDir, + inputs.logger, + ); + + const languages = await getUnverifiedLanguagesForOverlay( + inputs.languagesInput, + inputs.repository, + inputs.sourceRoot, + inputs.logger, + ); + const augmentationProperties = await calculateAugmentation( + inputs.packsInput, + inputs.queriesInput, + inputs.repositoryProperties, + languages, + ); + const computedConfig = generateCodeScanningConfig( + inputs.logger, + userConfig, + augmentationProperties, + ); + + return getOverlayDatabaseMode( + undefined, // codeql + inputs.repository, + inputs.features, + undefined, // languages + inputs.languagesInput, + inputs.sourceRoot, + undefined, // buildMode + computedConfig, + inputs.logger, + ); +} + function dbLocationOrDefault( dbLocation: string | undefined, tempDir: string, @@ -787,35 +925,20 @@ function hasQueryCustomisation(userConfig: UserConfig): boolean { * This will parse the config from the user input if present, or generate * a default config. The parsed config is then stored to a known location. */ -export async function initConfig(inputs: InitConfigInputs): Promise { +export async function initConfig( + inputs: InitConfigInputs, + codeql: CodeQL, +): Promise { const { logger, tempDir } = inputs; - // if configInput is set, it takes precedence over configFile - if (inputs.configInput) { - if (inputs.configFile) { - logger.warning( - `Both a config file and config input were provided. Ignoring config file.`, - ); - } - inputs.configFile = userConfigFromActionPath(tempDir); - fs.writeFileSync(inputs.configFile, inputs.configInput); - logger.debug(`Using config from action input: ${inputs.configFile}`); - } - - let userConfig: UserConfig = {}; - if (!inputs.configFile) { - logger.debug("No configuration file was provided"); - } else { - logger.debug(`Using configuration file: ${inputs.configFile}`); - userConfig = await loadUserConfig( - inputs.configFile, - inputs.workspacePath, - inputs.apiDetails, - tempDir, - ); - } - - const config = await initActionState(inputs, userConfig); + const userConfig = await loadUserConfig( + inputs.configFile, + inputs.workspacePath, + inputs.apiDetails, + tempDir, + logger, + ); + const config = await initActionState(inputs, userConfig, codeql); // If Code Quality analysis is the only enabled analysis kind, then we will initialise // the database for Code Quality. That entails disabling the default queries and only @@ -842,10 +965,11 @@ export async function initConfig(inputs: InitConfigInputs): Promise { // rest of the config has been populated. const { overlayDatabaseMode, useOverlayDatabaseCaching } = await getOverlayDatabaseMode( - inputs.codeql, + codeql, inputs.repository, inputs.features, config.languages, + inputs.languagesInput, inputs.sourceRoot, config.buildMode, config.computedConfig, @@ -860,11 +984,7 @@ export async function initConfig(inputs: InitConfigInputs): Promise { if ( overlayDatabaseMode === OverlayDatabaseMode.Overlay || - (await shouldPerformDiffInformedAnalysis( - inputs.codeql, - inputs.features, - logger, - )) + (await shouldPerformDiffInformedAnalysis(codeql, inputs.features, logger)) ) { config.extraQueryExclusions.push({ exclude: { tags: "exclude-from-incremental" }, diff --git a/src/feature-flags.ts b/src/feature-flags.ts index 2938f5108c..423ca1272c 100644 --- a/src/feature-flags.ts +++ b/src/feature-flags.ts @@ -7,7 +7,6 @@ import { getApiClient } from "./api-client"; import type { CodeQL } from "./codeql"; import * as defaults from "./defaults.json"; import { Logger } from "./logging"; -import { CODEQL_OVERLAY_MINIMUM_VERSION } from "./overlay-database-utils"; import { RepositoryNwo } from "./repository"; import { ToolsFeature } from "./tools-features"; import * as util from "./util"; @@ -157,7 +156,7 @@ export const featureConfig: Record< [Feature.OverlayAnalysis]: { defaultValue: false, envVar: "CODEQL_ACTION_OVERLAY_ANALYSIS", - minimumVersion: CODEQL_OVERLAY_MINIMUM_VERSION, + minimumVersion: undefined, }, [Feature.OverlayAnalysisActions]: { defaultValue: false, diff --git a/src/init-action.ts b/src/init-action.ts index 2b4dba3fcf..634e21f513 100644 --- a/src/init-action.ts +++ b/src/init-action.ts @@ -42,7 +42,7 @@ import { runDatabaseInitCluster, } from "./init"; import { KnownLanguage } from "./languages"; -import { getActionsLogger, Logger } from "./logging"; +import { getActionsLogger, Logger, withGroupAsync } from "./logging"; import { downloadOverlayBaseDatabaseFromCache, OverlayBaseDatabaseDownloadStats, @@ -233,6 +233,45 @@ async function run() { if (statusReportBase !== undefined) { await sendStatusReport(statusReportBase); } + + const inputs: configUtils.InitConfigInputs = { + analysisKindsInput: getRequiredInput("analysis-kinds"), + languagesInput: getOptionalInput("languages"), + queriesInput: getOptionalInput("queries"), + qualityQueriesInput: getOptionalInput("quality-queries"), + packsInput: getOptionalInput("packs"), + buildModeInput: getOptionalInput("build-mode"), + configFile, + dbLocation: getOptionalInput("db-location"), + configInput: getOptionalInput("config"), + trapCachingEnabled: getTrapCachingEnabled(), + dependencyCachingEnabled: getDependencyCachingEnabled(), + // Debug mode is enabled if: + // - The `init` Action is passed `debug: true`. + // - Actions step debugging is enabled (e.g. by [enabling debug logging for a rerun](https://docs.github.com/en/actions/managing-workflow-runs/re-running-workflows-and-jobs#re-running-all-the-jobs-in-a-workflow), + // or by setting the `ACTIONS_STEP_DEBUG` secret to `true`). + debugMode: getOptionalInput("debug") === "true" || core.isDebug(), + debugArtifactName: + getOptionalInput("debug-artifact-name") || DEFAULT_DEBUG_ARTIFACT_NAME, + debugDatabaseName: + getOptionalInput("debug-database-name") || DEFAULT_DEBUG_DATABASE_NAME, + repository: repositoryNwo, + tempDir: getTemporaryDirectory(), + workspacePath: getRequiredEnvParam("GITHUB_WORKSPACE"), + sourceRoot, + githubVersion: gitHubVersion, + apiDetails, + features, + repositoryProperties, + logger, + }; + configUtils.amendInputConfigFile(inputs, logger); + + await withGroupAsync( + "Compute preliminary overlay database mode", + async () => configUtils.getPreliminaryOverlayDatabaseMode(inputs), + ); + const codeQLDefaultVersionInfo = await features.getDefaultCliVersion( gitHubVersion.type, ); @@ -288,47 +327,14 @@ async function run() { } // Warn that `quality-queries` is deprecated if there is an argument for it. - const qualityQueriesInput = getOptionalInput("quality-queries"); - - if (qualityQueriesInput !== undefined) { + if (inputs.qualityQueriesInput !== undefined) { logger.warning( "The `quality-queries` input is deprecated and will be removed in a future version of the CodeQL Action. " + "Use the `analysis-kinds` input to configure different analysis kinds instead.", ); } - config = await initConfig({ - analysisKindsInput: getRequiredInput("analysis-kinds"), - languagesInput: getOptionalInput("languages"), - queriesInput: getOptionalInput("queries"), - qualityQueriesInput, - packsInput: getOptionalInput("packs"), - buildModeInput: getOptionalInput("build-mode"), - configFile, - dbLocation: getOptionalInput("db-location"), - configInput: getOptionalInput("config"), - trapCachingEnabled: getTrapCachingEnabled(), - dependencyCachingEnabled: getDependencyCachingEnabled(), - // Debug mode is enabled if: - // - The `init` Action is passed `debug: true`. - // - Actions step debugging is enabled (e.g. by [enabling debug logging for a rerun](https://docs.github.com/en/actions/managing-workflow-runs/re-running-workflows-and-jobs#re-running-all-the-jobs-in-a-workflow), - // or by setting the `ACTIONS_STEP_DEBUG` secret to `true`). - debugMode: getOptionalInput("debug") === "true" || core.isDebug(), - debugArtifactName: - getOptionalInput("debug-artifact-name") || DEFAULT_DEBUG_ARTIFACT_NAME, - debugDatabaseName: - getOptionalInput("debug-database-name") || DEFAULT_DEBUG_DATABASE_NAME, - repository: repositoryNwo, - tempDir: getTemporaryDirectory(), - codeql, - workspacePath: getRequiredEnvParam("GITHUB_WORKSPACE"), - sourceRoot, - githubVersion: gitHubVersion, - apiDetails, - features, - repositoryProperties, - logger, - }); + config = await initConfig(inputs, codeql); await checkInstallPython311(config.languages, codeql); } catch (unwrappedError) { diff --git a/src/init.ts b/src/init.ts index 687afc1227..d7c6cb5cc6 100644 --- a/src/init.ts +++ b/src/init.ts @@ -60,9 +60,10 @@ export async function initCodeQL( export async function initConfig( inputs: configUtils.InitConfigInputs, + codeql: CodeQL, ): Promise { return await withGroupAsync("Load language configuration", async () => { - return await configUtils.initConfig(inputs); + return await configUtils.initConfig(inputs, codeql); }); } diff --git a/src/overlay-language-aliases.json b/src/overlay-language-aliases.json new file mode 100644 index 0000000000..bb80aa4124 --- /dev/null +++ b/src/overlay-language-aliases.json @@ -0,0 +1,11 @@ +{ + "c": "cpp", + "c++": "cpp", + "c-c++": "cpp", + "c-cpp": "cpp", + "c#": "csharp", + "java-kotlin": "java", + "kotlin": "java", + "javascript-typescript": "javascript", + "typescript": "javascript" +}