Update scan action

Alvaro Muñoz · Alvaro Muñoz · commit a2ed07ec3525 · 2024-04-23T12:43:23.000+02:00
diff --git a/.github/action/dist/index.js b/.github/action/dist/index.js
@@ -28606,7 +28606,7 @@ async function newCodeQL() {
     return {
         language: "yaml",
         path: await findCodeQL(),
-        pack: "githubsecuritylab/actions-queries",
+        pack: "githubsecuritylab/actions-all",
         suite: `codeql-suites/${core.getInput("suite") || "actions-code-scanning"}.qls`,
         source_root: core.getInput("source-root"),
         output: core.getInput("sarif"),
@@ -28706,6 +28706,15 @@ async function codeqlDatabaseAnalyze(codeql, database_path) {
         "--output",
         codeql_output,
     ];
+    const extPackPath = process.env["EXTPACK_PATH"];
+    const extPackName = process.env["EXTPACK_NAME"];
+    if (extPackPath !== undefined &&
+        extPackName !== undefined &&
+        extPackPath !== "" &&
+        extPackName !== "") {
+        cmd.push("--additional-packs", extPackPath);
+        cmd.push("--extension-packs", extPackName);
+    }
     // remote pack or local pack
     if (codeql.pack.startsWith("githubsecuritylab/")) {
         var suite = codeql.pack + ":" + codeql.suite;
diff --git a/.github/action/package-lock.json b/.github/action/package-lock.json
diff --git a/.github/action/package.json b/.github/action/package.json
@@ -40,7 +40,7 @@
     "@actions/tool-cache": "^2.0.1"
   },
   "devDependencies": {
-    "@types/node": "^20.6.0",
+    "@types/node": "^20.12.7",
     "@vercel/ncc": "^0.38.0",
     "prettier": "^3.0.3",
     "typescript": "^5.2.2"
diff --git a/.github/action/src/codeql.ts b/.github/action/src/codeql.ts
@@ -149,7 +149,12 @@ export async function codeqlDatabaseAnalyze(
 
   const extPackPath = process.env["EXTPACK_PATH"];
   const extPackName = process.env["EXTPACK_NAME"];
-  if (extPackPath !== undefined && extPackName !== undefined) {
+  if (
+    extPackPath !== undefined &&
+    extPackName !== undefined &&
+    extPackPath !== "" &&
+    extPackName !== ""
+  ) {
     cmd.push("--additional-packs", extPackPath);
     cmd.push("--extension-packs", extPackName);
   }
diff --git a/action.yml b/action.yml
@@ -33,18 +33,9 @@ runs:
         mkdir workflow-extpack
         cd workflow-extpack
 
-        # Store the extension pack file
-        cat > models.json << 'EOF'
-        ${{ inputs.workflow-models }}
-        EOF
-
         # Store the extension pack file
         cat > models.yml << 'EOF'
-        extensions:
-          - addsTo:
-              pack: githubsecuritylab/actions-all
-              extensible: workflowDataModel
-            data: []
+        ${{ inputs.workflow-models }}
         EOF
 
         # Create QLPack
@@ -69,7 +60,7 @@ runs:
         INPUT_SOURCE-ROOT: ${{ inputs.source-root }}
         INPUT_SARIF-OUTPUT: ${{ inputs.sarif-output }}
         INPUT_SUITE: ${{ inputs.suite }}
-        EXTPACK_PATH: ${{ inputs.extpack-path }}
-        EXTPACK_NAME: ${{ inputs.extpack-name }}
+        EXTPACK_PATH: ${{ env.EXTPACK_PATH }}
+        EXTPACK_NAME: ${{ env.EXTPACK_NAME }}
       run: |
         node ${{ github.action_path }}/.github/action/dist/index.js
