diff --git a/.github/actions/prepare-test/action.yml b/.github/actions/prepare-test/action.yml index ecabaa69f3..5e2b5028f7 100644 --- a/.github/actions/prepare-test/action.yml +++ b/.github/actions/prepare-test/action.yml @@ -2,7 +2,7 @@ name: "Prepare test" description: Performs some preparation to run tests inputs: version: - description: "The version of the CodeQL CLI to use. Can be 'linked', 'default', 'nightly', 'nightly-latest', 'nightly-YYYYMMDD', or 'stable-vX.Y.Z" + description: "The version of the CodeQL CLI to use. Can be 'linked', 'default', 'toolcache', 'nightly', 'nightly-latest', 'nightly-YYYYMMDD', or 'stable-vX.Y.Z" required: true use-all-platform-bundle: description: "If true, we output a tools URL with codeql-bundle.tar.gz file rather than platform-specific URL" @@ -41,6 +41,9 @@ runs: elif [[ "$VERSION" == "linked" ]]; then echo "tools-url=linked" >> "$GITHUB_OUTPUT" exit 0 + elif [[ "$VERSION" == "toolcache" ]]; then + echo "tools-url=toolcache" >> "$GITHUB_OUTPUT" + exit 0 elif [[ "$VERSION" == "default" ]]; then echo "tools-url=" >> "$GITHUB_OUTPUT" exit 0 diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 8953919b9f..432b44289a 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -16,9 +16,12 @@ updates: - dependency-name: "eslint-plugin-import" versions: [">=2.30.0"] groups: - npm: + npm-minor: patterns: - "*" + update-types: + - "minor" + - "patch" - package-ecosystem: github-actions directories: - "/.github/workflows" @@ -28,6 +31,9 @@ updates: labels: - Rebuild groups: - actions: + actions-minor: patterns: - "*" + update-types: + - "minor" + - "patch" diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index 96e7f52f63..3b632d8f37 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,4 +1,13 @@ - + ### Risk assessment @@ -7,6 +16,44 @@ For internal use only. Please select the risk level of this change: - **Low risk:** Changes are fully under feature flags, or have been fully tested and validated in pre-production environments and are highly observable, or are documentation or test only. - **High risk:** Changes are not fully under feature flags, have limited visibility and/or cannot be tested outside of production. +#### Which use cases does this change impact? + + + +- **Advanced setup** - Impacts users who have custom workflows. +- **Default setup** - Impacts users who use default setup. +- **Code Scanning** - Impacts Code Scanning (i.e. `analysis-kinds: code-scanning`). +- **Code Quality** - Impacts Code Quality (i.e. `analysis-kinds: code-quality`). +- **Third-party analyses** - Impacts third-party analyses (i.e. `upload-sarif`). +- **GHES** - Impacts GitHub Enterprise Server. + +#### How did/will you validate this change? + + + +- **Test repository** - This change will be tested on a test repository before merging. +- **Unit tests** - I am depending on unit test coverage (i.e. tests in `.test.ts` files). +- **End-to-end tests** - I am depending on PR checks (i.e. tests in `pr-checks`). +- **Other** - Please provide details. +- **None** - I am not validating these changes. + +#### If something goes wrong after this change is released, what are the mitigation and rollback strategies? + + + +- **Feature flags** - All new or changed code paths can be fully disabled with corresponding feature flags. +- **Rollback** - Change can only be disabled by rolling back the release or releasing a new version with a fix. +- **Other** - Please provide details. + +#### How will you know if something goes wrong after this change is released? + + + +- **Telemetry** - I rely on existing telemetry or have made changes to the telemetry. + - **Dashboards** - I will watch relevant dashboards for issues after the release. Consider whether this requires this change to be released at a particular time rather than as part of a regular release. + - **Alerts** - New or existing monitors will trip if something goes wrong with this change. +- **Other** - Please provide details. + ### Merge / deployment checklist - Confirm this change is backwards compatible with existing workflows. diff --git a/.github/update-release-branch.py b/.github/update-release-branch.py index ce5c336d80..0ea816b8a9 100644 --- a/.github/update-release-branch.py +++ b/.github/update-release-branch.py @@ -371,10 +371,10 @@ def main(): # releases. run_git('revert', vOlder_update_commits[0], '--no-edit') - # Also revert the "Update checked-in dependencies" commit created by Actions. - update_dependencies_commit = run_git('log', '--grep', '^Update checked-in dependencies', '--format=%H').split()[0] - print(f' Reverting {update_dependencies_commit}') - run_git('revert', update_dependencies_commit, '--no-edit') + # Also revert the "Rebuild" commit created by Actions. + rebuild_commit = run_git('log', '--grep', '^Rebuild$', '--format=%H').split()[0] + print(f' Reverting {rebuild_commit}') + run_git('revert', rebuild_commit, '--no-edit') else: print(' Nothing to revert.') diff --git a/.github/workflows/__upload-quality-sarif.yml b/.github/workflows/__bundle-from-toolcache.yml similarity index 51% rename from .github/workflows/__upload-quality-sarif.yml rename to .github/workflows/__bundle-from-toolcache.yml index 9e1dceafc5..c8957ac58e 100644 --- a/.github/workflows/__upload-quality-sarif.yml +++ b/.github/workflows/__bundle-from-toolcache.yml @@ -3,7 +3,7 @@ # pr-checks/sync.sh # to regenerate this file. -name: 'PR Check - Upload-sarif: code quality endpoint' +name: 'PR Check - Bundle: From toolcache' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GO111MODULE: auto @@ -21,19 +21,9 @@ on: schedule: - cron: '0 5 * * *' workflow_dispatch: - inputs: - go-version: - type: string - description: The version of Go to install - required: false - default: '>=1.21.0' + inputs: {} workflow_call: - inputs: - go-version: - type: string - description: The version of Go to install - required: false - default: '>=1.21.0' + inputs: {} defaults: run: shell: bash @@ -41,14 +31,14 @@ concurrency: cancel-in-progress: ${{ github.event_name == 'pull_request' }} group: ${{ github.workflow }}-${{ github.ref }} jobs: - upload-quality-sarif: + bundle-from-toolcache: strategy: fail-fast: false matrix: include: - os: ubuntu-latest - version: default - name: 'Upload-sarif: code quality endpoint' + version: toolcache + name: 'Bundle: From toolcache' if: github.triggering_actor != 'dependabot[bot]' permissions: contents: read @@ -65,31 +55,32 @@ jobs: version: ${{ matrix.version }} use-all-platform-bundle: 'false' setup-kotlin: 'true' - - name: Install Go - uses: actions/setup-go@v6 + - name: Install @actions/tool-cache + run: npm install @actions/tool-cache + - name: Check toolcache contains CodeQL + continue-on-error: true + uses: actions/github-script@v8 with: - go-version: ${{ inputs.go-version || '>=1.21.0' }} - cache: false - - uses: ./../action/init + script: | + const toolcache = require('@actions/tool-cache'); + const allCodeqlVersions = toolcache.findAllVersions('CodeQL'); + if (allCodeqlVersions.length === 0) { + throw new Error(`CodeQL could not be found in the toolcache`); + } + - id: init + uses: ./../action/init with: + languages: javascript tools: ${{ steps.prepare-test.outputs.tools-url }} - languages: csharp,java,javascript,python - analysis-kinds: code-quality - - name: Build code - run: ./build.sh - # Generate some SARIF we can upload with the upload-sarif step - - uses: ./../action/analyze + - name: Check CodeQL is installed within the toolcache + uses: actions/github-script@v8 with: - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 - upload: never - - uses: ./../action/upload-sarif - id: upload-sarif - with: - ref: refs/heads/main - sha: 5e235361806c361d4d3f8859e3c897658025a9a2 - - name: Check output from `upload-sarif` step - if: '!(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)' - run: exit 1 + script: | + const toolcache = require('@actions/tool-cache'); + const allCodeqlVersions = toolcache.findAllVersions('CodeQL'); + console.log(`Found CodeQL versions: ${allCodeqlVersions}`); + if (allCodeqlVersions.length === 0) { + throw new Error('CodeQL not found in toolcache'); + } env: CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__rubocop-multi-language.yml b/.github/workflows/__rubocop-multi-language.yml index 48694e902c..7875144b62 100644 --- a/.github/workflows/__rubocop-multi-language.yml +++ b/.github/workflows/__rubocop-multi-language.yml @@ -56,7 +56,7 @@ jobs: use-all-platform-bundle: 'false' setup-kotlin: 'true' - name: Set up Ruby - uses: ruby/setup-ruby@0481980f17b760ef6bca5e8c55809102a0af1e5a # v1.263.0 + uses: ruby/setup-ruby@ab177d40ee5483edb974554986f56b33477e21d0 # v1.265.0 with: ruby-version: 2.6 - name: Install Code Scanning integration diff --git a/.github/workflows/__upload-sarif.yml b/.github/workflows/__upload-sarif.yml new file mode 100644 index 0000000000..91a1af5e05 --- /dev/null +++ b/.github/workflows/__upload-sarif.yml @@ -0,0 +1,158 @@ +# Warning: This file is generated automatically, and should not be modified. +# Instead, please modify the template in the pr-checks directory and run: +# pr-checks/sync.sh +# to regenerate this file. + +name: PR Check - Test different uses of `upload-sarif` +env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + GO111MODULE: auto +on: + push: + branches: + - main + - releases/v* + pull_request: + types: + - opened + - synchronize + - reopened + - ready_for_review + schedule: + - cron: '0 5 * * *' + workflow_dispatch: + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' + workflow_call: + inputs: + go-version: + type: string + description: The version of Go to install + required: false + default: '>=1.21.0' +defaults: + run: + shell: bash +concurrency: + cancel-in-progress: ${{ github.event_name == 'pull_request' }} + group: ${{ github.workflow }}-${{ github.ref }} +jobs: + upload-sarif: + strategy: + fail-fast: false + matrix: + include: + - os: ubuntu-latest + version: default + analysis-kinds: code-scanning + - os: ubuntu-latest + version: default + analysis-kinds: code-quality + - os: ubuntu-latest + version: default + analysis-kinds: code-scanning,code-quality + name: Test different uses of `upload-sarif` + if: github.triggering_actor != 'dependabot[bot]' + permissions: + contents: read + security-events: read + timeout-minutes: 45 + runs-on: ${{ matrix.os }} + steps: + - name: Check out repository + uses: actions/checkout@v5 + - name: Prepare test + id: prepare-test + uses: ./.github/actions/prepare-test + with: + version: ${{ matrix.version }} + use-all-platform-bundle: 'false' + setup-kotlin: 'true' + - name: Install Go + uses: actions/setup-go@v6 + with: + go-version: ${{ inputs.go-version || '>=1.21.0' }} + cache: false + - uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + languages: csharp,java,javascript,python + analysis-kinds: ${{ matrix.analysis-kinds }} + - name: Build code + run: ./build.sh + # Generate some SARIF we can upload with the upload-sarif step + - uses: ./../action/analyze + with: + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + upload: never + output: ${{ runner.temp }}/results + + - name: | + Upload all SARIF files for `analysis-kinds: ${{ matrix.analysis-kinds }}` + uses: ./../action/upload-sarif + id: upload-sarif + with: + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + sarif_file: ${{ runner.temp }}/results + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:all-files/ + - name: Fail for missing output from `upload-sarif` step for `code-scanning` + if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning) + run: exit 1 + - name: Fail for missing output from `upload-sarif` step for `code-quality` + if: contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality) + run: exit 1 + + - name: Upload single SARIF file for Code Scanning + uses: ./../action/upload-sarif + id: upload-single-sarif-code-scanning + if: contains(matrix.analysis-kinds, 'code-scanning') + with: + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + sarif_file: ${{ runner.temp }}/results/javascript.sarif + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-scanning/ + - name: Fail for missing output from `upload-single-sarif-code-scanning` step + if: contains(matrix.analysis-kinds, 'code-scanning') && + !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning) + run: exit 1 + - name: Upload single SARIF file for Code Quality + uses: ./../action/upload-sarif + id: upload-single-sarif-code-quality + if: contains(matrix.analysis-kinds, 'code-quality') + with: + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + sarif_file: ${{ runner.temp }}/results/javascript.quality.sarif + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-quality/ + - name: Fail for missing output from `upload-single-sarif-code-quality` step + if: contains(matrix.analysis-kinds, 'code-quality') && + !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality) + run: exit 1 + + - name: Change SARIF file extension + if: contains(matrix.analysis-kinds, 'code-scanning') + run: mv ${{ runner.temp }}/results/javascript.sarif ${{ runner.temp }}/results/javascript.sarif.json + - name: Upload single non-`.sarif` file + uses: ./../action/upload-sarif + id: upload-single-non-sarif + if: contains(matrix.analysis-kinds, 'code-scanning') + with: + ref: refs/heads/main + sha: 5e235361806c361d4d3f8859e3c897658025a9a2 + sarif_file: ${{ runner.temp }}/results/javascript.sarif.json + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:non-sarif/ + - name: Fail for missing output from `upload-single-non-sarif` step + if: contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning) + run: exit 1 + env: + CODEQL_ACTION_TEST_MODE: true diff --git a/.github/workflows/__with-checkout-path.yml b/.github/workflows/__with-checkout-path.yml index e12c9846a3..e706b5d391 100644 --- a/.github/workflows/__with-checkout-path.yml +++ b/.github/workflows/__with-checkout-path.yml @@ -103,29 +103,30 @@ jobs: - name: Verify SARIF after upload run: | + PAYLOAD_FILE="$RUNNER_TEMP/payload-code-scanning.json" EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6" EXPECTED_REF="v1.1.0" EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo" - ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)" - ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)" - ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)" + ACTUAL_COMMIT_OID="$(cat "$PAYLOAD_FILE" | jq -r .commit_oid)" + ACTUAL_REF="$(cat "$PAYLOAD_FILE" | jq -r .ref)" + ACTUAL_CHECKOUT_URI="$(cat "$PAYLOAD_FILE" | jq -r .checkout_uri)" if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi env: diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index 376730e386..5bae25a631 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -73,7 +73,7 @@ jobs: run: npm run lint-ci - name: Upload sarif - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 if: matrix.os == 'ubuntu-latest' && matrix.node-version == 24 with: sarif_file: eslint.sarif diff --git a/CHANGELOG.md b/CHANGELOG.md index b28a41390c..ea14fb687e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for the relevant changes to the CodeQL CLI and language packs. +## 3.30.8 - 10 Oct 2025 + +No user facing changes. + ## 3.30.7 - 06 Oct 2025 No user facing changes. diff --git a/lib/analyze-action-post.js b/lib/analyze-action-post.js index a9b163bc16..6ae2e40c27 100644 --- a/lib/analyze-action-post.js +++ b/lib/analyze-action-post.js @@ -24680,6 +24680,9 @@ var require_identifiers = __commonJS({ "use strict"; var numeric = /^[0-9]+$/; var compareIdentifiers = (a, b) => { + if (typeof a === "number" && typeof b === "number") { + return a === b ? 0 : a < b ? -1 : 1; + } const anum = numeric.test(a); const bnum = numeric.test(b); if (anum && bnum) { @@ -24786,7 +24789,25 @@ var require_semver = __commonJS({ if (!(other instanceof _SemVer)) { other = new _SemVer(other, this.options); } - return compareIdentifiers(this.major, other.major) || compareIdentifiers(this.minor, other.minor) || compareIdentifiers(this.patch, other.patch); + if (this.major < other.major) { + return -1; + } + if (this.major > other.major) { + return 1; + } + if (this.minor < other.minor) { + return -1; + } + if (this.minor > other.minor) { + return 1; + } + if (this.patch < other.patch) { + return -1; + } + if (this.patch > other.patch) { + return 1; + } + return 0; } comparePre(other) { if (!(other instanceof _SemVer)) { @@ -25121,8 +25142,8 @@ var require_compare = __commonJS({ "node_modules/semver/functions/compare.js"(exports2, module2) { "use strict"; var SemVer = require_semver(); - var compare = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); - module2.exports = compare; + var compare2 = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); + module2.exports = compare2; } }); @@ -25130,8 +25151,8 @@ var require_compare = __commonJS({ var require_rcompare = __commonJS({ "node_modules/semver/functions/rcompare.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var rcompare = (a, b, loose) => compare(b, a, loose); + var compare2 = require_compare(); + var rcompare = (a, b, loose) => compare2(b, a, loose); module2.exports = rcompare; } }); @@ -25140,8 +25161,8 @@ var require_rcompare = __commonJS({ var require_compare_loose = __commonJS({ "node_modules/semver/functions/compare-loose.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var compareLoose = (a, b) => compare(a, b, true); + var compare2 = require_compare(); + var compareLoose = (a, b) => compare2(a, b, true); module2.exports = compareLoose; } }); @@ -25184,8 +25205,8 @@ var require_rsort = __commonJS({ var require_gt = __commonJS({ "node_modules/semver/functions/gt.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var gt = (a, b, loose) => compare(a, b, loose) > 0; + var compare2 = require_compare(); + var gt = (a, b, loose) => compare2(a, b, loose) > 0; module2.exports = gt; } }); @@ -25194,8 +25215,8 @@ var require_gt = __commonJS({ var require_lt = __commonJS({ "node_modules/semver/functions/lt.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var lt = (a, b, loose) => compare(a, b, loose) < 0; + var compare2 = require_compare(); + var lt = (a, b, loose) => compare2(a, b, loose) < 0; module2.exports = lt; } }); @@ -25204,8 +25225,8 @@ var require_lt = __commonJS({ var require_eq = __commonJS({ "node_modules/semver/functions/eq.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var eq = (a, b, loose) => compare(a, b, loose) === 0; + var compare2 = require_compare(); + var eq = (a, b, loose) => compare2(a, b, loose) === 0; module2.exports = eq; } }); @@ -25214,8 +25235,8 @@ var require_eq = __commonJS({ var require_neq = __commonJS({ "node_modules/semver/functions/neq.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var neq = (a, b, loose) => compare(a, b, loose) !== 0; + var compare2 = require_compare(); + var neq = (a, b, loose) => compare2(a, b, loose) !== 0; module2.exports = neq; } }); @@ -25224,8 +25245,8 @@ var require_neq = __commonJS({ var require_gte = __commonJS({ "node_modules/semver/functions/gte.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var gte5 = (a, b, loose) => compare(a, b, loose) >= 0; + var compare2 = require_compare(); + var gte5 = (a, b, loose) => compare2(a, b, loose) >= 0; module2.exports = gte5; } }); @@ -25234,8 +25255,8 @@ var require_gte = __commonJS({ var require_lte = __commonJS({ "node_modules/semver/functions/lte.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var lte = (a, b, loose) => compare(a, b, loose) <= 0; + var compare2 = require_compare(); + var lte = (a, b, loose) => compare2(a, b, loose) <= 0; module2.exports = lte; } }); @@ -25547,6 +25568,7 @@ var require_range = __commonJS({ return result; }; var parseComparator = (comp, options) => { + comp = comp.replace(re[t.BUILD], ""); debug2("comp", comp, options); comp = replaceCarets(comp, options); debug2("caret", comp); @@ -26131,12 +26153,12 @@ var require_simplify = __commonJS({ "node_modules/semver/ranges/simplify.js"(exports2, module2) { "use strict"; var satisfies2 = require_satisfies(); - var compare = require_compare(); + var compare2 = require_compare(); module2.exports = (versions, range, options) => { const set2 = []; let first = null; let prev = null; - const v = versions.sort((a, b) => compare(a, b, options)); + const v = versions.sort((a, b) => compare2(a, b, options)); for (const version of v) { const included = satisfies2(version, range, options); if (included) { @@ -26184,7 +26206,7 @@ var require_subset = __commonJS({ var Comparator = require_comparator(); var { ANY } = Comparator; var satisfies2 = require_satisfies(); - var compare = require_compare(); + var compare2 = require_compare(); var subset = (sub, dom, options = {}) => { if (sub === dom) { return true; @@ -26244,7 +26266,7 @@ var require_subset = __commonJS({ } let gtltComp; if (gt && lt) { - gtltComp = compare(gt.semver, lt.semver, options); + gtltComp = compare2(gt.semver, lt.semver, options); if (gtltComp > 0) { return null; } else if (gtltComp === 0 && (gt.operator !== ">=" || lt.operator !== "<=")) { @@ -26324,14 +26346,14 @@ var require_subset = __commonJS({ if (!a) { return b; } - const comp = compare(a.semver, b.semver, options); + const comp = compare2(a.semver, b.semver, options); return comp > 0 ? a : comp < 0 ? b : b.operator === ">" && a.operator === ">=" ? b : a; }; var lowerLT = (a, b, options) => { if (!a) { return b; } - const comp = compare(a.semver, b.semver, options); + const comp = compare2(a.semver, b.semver, options); return comp < 0 ? a : comp > 0 ? b : b.operator === "<" && a.operator === "<=" ? b : a; }; module2.exports = subset; @@ -26355,7 +26377,7 @@ var require_semver2 = __commonJS({ var minor = require_minor(); var patch = require_patch(); var prerelease = require_prerelease(); - var compare = require_compare(); + var compare2 = require_compare(); var rcompare = require_rcompare(); var compareLoose = require_compare_loose(); var compareBuild = require_compare_build(); @@ -26393,7 +26415,7 @@ var require_semver2 = __commonJS({ minor, patch, prerelease, - compare, + compare: compare2, rcompare, compareLoose, compareBuild, @@ -26438,7 +26460,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "3.30.8", private: true, description: "CodeQL action", scripts: { @@ -26473,6 +26495,7 @@ var require_package = __commonJS({ "@actions/io": "^1.1.3", "@actions/tool-cache": "^2.0.2", "@octokit/plugin-retry": "^6.0.0", + "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", "check-disk-space": "^3.4.0", @@ -26486,14 +26509,14 @@ var require_package = __commonJS({ long: "^5.3.2", "node-forge": "^1.3.1", octokit: "^5.0.3", - semver: "^7.7.2", + semver: "^7.7.3", uuid: "^13.0.0" }, devDependencies: { "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -26504,7 +26527,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.46.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -26517,7 +26540,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { @@ -30261,13 +30284,13 @@ var require_semver3 = __commonJS({ function patch(a, loose) { return new SemVer(a, loose).patch; } - exports2.compare = compare; - function compare(a, b, loose) { + exports2.compare = compare2; + function compare2(a, b, loose) { return new SemVer(a, loose).compare(new SemVer(b, loose)); } exports2.compareLoose = compareLoose; function compareLoose(a, b) { - return compare(a, b, true); + return compare2(a, b, true); } exports2.compareBuild = compareBuild; function compareBuild(a, b, loose) { @@ -30277,7 +30300,7 @@ var require_semver3 = __commonJS({ } exports2.rcompare = rcompare; function rcompare(a, b, loose) { - return compare(b, a, loose); + return compare2(b, a, loose); } exports2.sort = sort; function sort(list, loose) { @@ -30293,27 +30316,27 @@ var require_semver3 = __commonJS({ } exports2.gt = gt; function gt(a, b, loose) { - return compare(a, b, loose) > 0; + return compare2(a, b, loose) > 0; } exports2.lt = lt; function lt(a, b, loose) { - return compare(a, b, loose) < 0; + return compare2(a, b, loose) < 0; } exports2.eq = eq; function eq(a, b, loose) { - return compare(a, b, loose) === 0; + return compare2(a, b, loose) === 0; } exports2.neq = neq; function neq(a, b, loose) { - return compare(a, b, loose) !== 0; + return compare2(a, b, loose) !== 0; } exports2.gte = gte5; function gte5(a, b, loose) { - return compare(a, b, loose) >= 0; + return compare2(a, b, loose) >= 0; } exports2.lte = lte; function lte(a, b, loose) { - return compare(a, b, loose) <= 0; + return compare2(a, b, loose) <= 0; } exports2.cmp = cmp; function cmp(a, op, b, loose) { @@ -95823,8 +95846,8 @@ var require_commonjs16 = __commonJS({ if (rootPath === this.root.name) { return this.root; } - for (const [compare, root] of Object.entries(this.roots)) { - if (this.sameRoot(rootPath, compare)) { + for (const [compare2, root] of Object.entries(this.roots)) { + if (this.sameRoot(rootPath, compare2)) { return this.roots[rootPath] = root; } } @@ -95833,9 +95856,9 @@ var require_commonjs16 = __commonJS({ /** * @internal */ - sameRoot(rootPath, compare = this.root.name) { + sameRoot(rootPath, compare2 = this.root.name) { rootPath = rootPath.toUpperCase().replace(/\//g, "\\").replace(uncDriveRegexp, "$1\\"); - return rootPath === compare; + return rootPath === compare2; } }; exports2.PathWin32 = PathWin32; @@ -99854,7 +99877,7 @@ var require_b4a = __commonJS({ function byteLength(string, encoding) { return Buffer.byteLength(string, encoding); } - function compare(a, b) { + function compare2(a, b) { return Buffer.compare(a, b); } function concat(buffers, totalLength) { @@ -99955,7 +99978,7 @@ var require_b4a = __commonJS({ allocUnsafe, allocUnsafeSlow, byteLength, - compare, + compare: compare2, concat, copy, equals, @@ -117805,6 +117828,11 @@ function isSafeArtifactUpload(codeQlVersion) { // src/feature-flags.ts var featureConfig = { + ["allow_toolcache_input" /* AllowToolcacheInput */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_ALLOW_TOOLCACHE_INPUT", + minimumVersion: void 0 + }, ["cleanup_trap_caches" /* CleanupTrapCaches */]: { defaultValue: false, envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", diff --git a/lib/analyze-action.js b/lib/analyze-action.js index c2788900b3..83d82ea52a 100644 --- a/lib/analyze-action.js +++ b/lib/analyze-action.js @@ -20602,14 +20602,14 @@ var require_dist_node4 = __commonJS({ var __toCommonJS2 = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod); var dist_src_exports = {}; __export2(dist_src_exports, { - RequestError: () => RequestError + RequestError: () => RequestError2 }); module2.exports = __toCommonJS2(dist_src_exports); var import_deprecation = require_dist_node3(); var import_once = __toESM2(require_once()); var logOnceCode = (0, import_once.default)((deprecation) => console.warn(deprecation)); var logOnceHeaders = (0, import_once.default)((deprecation) => console.warn(deprecation)); - var RequestError = class extends Error { + var RequestError2 = class extends Error { constructor(message, statusCode, options) { super(message); if (Error.captureStackTrace) { @@ -20701,7 +20701,7 @@ var require_dist_node5 = __commonJS({ const Ctor = Object.prototype.hasOwnProperty.call(proto, "constructor") && proto.constructor; return typeof Ctor === "function" && Ctor instanceof Ctor && Function.prototype.call(Ctor) === Function.prototype.call(value); } - var import_request_error = require_dist_node4(); + var import_request_error2 = require_dist_node4(); function getBufferResponse(response) { return response.arrayBuffer(); } @@ -20753,7 +20753,7 @@ var require_dist_node5 = __commonJS({ if (status < 400) { return; } - throw new import_request_error.RequestError(response.statusText, status, { + throw new import_request_error2.RequestError(response.statusText, status, { response: { url: url2, status, @@ -20764,7 +20764,7 @@ var require_dist_node5 = __commonJS({ }); } if (status === 304) { - throw new import_request_error.RequestError("Not modified", status, { + throw new import_request_error2.RequestError("Not modified", status, { response: { url: url2, status, @@ -20776,7 +20776,7 @@ var require_dist_node5 = __commonJS({ } if (status >= 400) { const data = await getResponseData(response); - const error2 = new import_request_error.RequestError(toErrorMessage(data), status, { + const error2 = new import_request_error2.RequestError(toErrorMessage(data), status, { response: { url: url2, status, @@ -20796,7 +20796,7 @@ var require_dist_node5 = __commonJS({ data }; }).catch((error2) => { - if (error2 instanceof import_request_error.RequestError) + if (error2 instanceof import_request_error2.RequestError) throw error2; else if (error2.name === "AbortError") throw error2; @@ -20808,7 +20808,7 @@ var require_dist_node5 = __commonJS({ message = error2.cause; } } - throw new import_request_error.RequestError(message, 500, { + throw new import_request_error2.RequestError(message, 500, { request: requestOptions }); }); @@ -21250,14 +21250,14 @@ var require_dist_node7 = __commonJS({ var __toCommonJS2 = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod); var dist_src_exports = {}; __export2(dist_src_exports, { - RequestError: () => RequestError + RequestError: () => RequestError2 }); module2.exports = __toCommonJS2(dist_src_exports); var import_deprecation = require_dist_node3(); var import_once = __toESM2(require_once()); var logOnceCode = (0, import_once.default)((deprecation) => console.warn(deprecation)); var logOnceHeaders = (0, import_once.default)((deprecation) => console.warn(deprecation)); - var RequestError = class extends Error { + var RequestError2 = class extends Error { constructor(message, statusCode, options) { super(message); if (Error.captureStackTrace) { @@ -21349,7 +21349,7 @@ var require_dist_node8 = __commonJS({ const Ctor = Object.prototype.hasOwnProperty.call(proto, "constructor") && proto.constructor; return typeof Ctor === "function" && Ctor instanceof Ctor && Function.prototype.call(Ctor) === Function.prototype.call(value); } - var import_request_error = require_dist_node7(); + var import_request_error2 = require_dist_node7(); function getBufferResponse(response) { return response.arrayBuffer(); } @@ -21401,7 +21401,7 @@ var require_dist_node8 = __commonJS({ if (status < 400) { return; } - throw new import_request_error.RequestError(response.statusText, status, { + throw new import_request_error2.RequestError(response.statusText, status, { response: { url: url2, status, @@ -21412,7 +21412,7 @@ var require_dist_node8 = __commonJS({ }); } if (status === 304) { - throw new import_request_error.RequestError("Not modified", status, { + throw new import_request_error2.RequestError("Not modified", status, { response: { url: url2, status, @@ -21424,7 +21424,7 @@ var require_dist_node8 = __commonJS({ } if (status >= 400) { const data = await getResponseData(response); - const error2 = new import_request_error.RequestError(toErrorMessage(data), status, { + const error2 = new import_request_error2.RequestError(toErrorMessage(data), status, { response: { url: url2, status, @@ -21444,7 +21444,7 @@ var require_dist_node8 = __commonJS({ data }; }).catch((error2) => { - if (error2 instanceof import_request_error.RequestError) + if (error2 instanceof import_request_error2.RequestError) throw error2; else if (error2.name === "AbortError") throw error2; @@ -21456,7 +21456,7 @@ var require_dist_node8 = __commonJS({ message = error2.cause; } } - throw new import_request_error.RequestError(message, 500, { + throw new import_request_error2.RequestError(message, 500, { request: requestOptions }); }); @@ -25039,7 +25039,7 @@ var require_to_regex_range = __commonJS({ stop = countZeros(max + 1, zeros) - 1; } stops = [...stops]; - stops.sort(compare2); + stops.sort(compare3); return stops; } function rangeToPattern(start, stop, options) { @@ -25111,7 +25111,7 @@ var require_to_regex_range = __commonJS({ for (let i = 0; i < a.length; i++) arr.push([a[i], b[i]]); return arr; } - function compare2(a, b) { + function compare3(a, b) { return a > b ? 1 : b > a ? -1 : 0; } function contains(arr, key, val2) { @@ -30529,6 +30529,9 @@ var require_identifiers = __commonJS({ "use strict"; var numeric = /^[0-9]+$/; var compareIdentifiers = (a, b) => { + if (typeof a === "number" && typeof b === "number") { + return a === b ? 0 : a < b ? -1 : 1; + } const anum = numeric.test(a); const bnum = numeric.test(b); if (anum && bnum) { @@ -30635,7 +30638,25 @@ var require_semver = __commonJS({ if (!(other instanceof _SemVer)) { other = new _SemVer(other, this.options); } - return compareIdentifiers(this.major, other.major) || compareIdentifiers(this.minor, other.minor) || compareIdentifiers(this.patch, other.patch); + if (this.major < other.major) { + return -1; + } + if (this.major > other.major) { + return 1; + } + if (this.minor < other.minor) { + return -1; + } + if (this.minor > other.minor) { + return 1; + } + if (this.patch < other.patch) { + return -1; + } + if (this.patch > other.patch) { + return 1; + } + return 0; } comparePre(other) { if (!(other instanceof _SemVer)) { @@ -30970,8 +30991,8 @@ var require_compare = __commonJS({ "node_modules/semver/functions/compare.js"(exports2, module2) { "use strict"; var SemVer = require_semver(); - var compare2 = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); - module2.exports = compare2; + var compare3 = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); + module2.exports = compare3; } }); @@ -30979,8 +31000,8 @@ var require_compare = __commonJS({ var require_rcompare = __commonJS({ "node_modules/semver/functions/rcompare.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var rcompare = (a, b, loose) => compare2(b, a, loose); + var compare3 = require_compare(); + var rcompare = (a, b, loose) => compare3(b, a, loose); module2.exports = rcompare; } }); @@ -30989,8 +31010,8 @@ var require_rcompare = __commonJS({ var require_compare_loose = __commonJS({ "node_modules/semver/functions/compare-loose.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var compareLoose = (a, b) => compare2(a, b, true); + var compare3 = require_compare(); + var compareLoose = (a, b) => compare3(a, b, true); module2.exports = compareLoose; } }); @@ -31033,8 +31054,8 @@ var require_rsort = __commonJS({ var require_gt = __commonJS({ "node_modules/semver/functions/gt.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var gt = (a, b, loose) => compare2(a, b, loose) > 0; + var compare3 = require_compare(); + var gt = (a, b, loose) => compare3(a, b, loose) > 0; module2.exports = gt; } }); @@ -31043,8 +31064,8 @@ var require_gt = __commonJS({ var require_lt = __commonJS({ "node_modules/semver/functions/lt.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var lt = (a, b, loose) => compare2(a, b, loose) < 0; + var compare3 = require_compare(); + var lt = (a, b, loose) => compare3(a, b, loose) < 0; module2.exports = lt; } }); @@ -31053,8 +31074,8 @@ var require_lt = __commonJS({ var require_eq = __commonJS({ "node_modules/semver/functions/eq.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var eq = (a, b, loose) => compare2(a, b, loose) === 0; + var compare3 = require_compare(); + var eq = (a, b, loose) => compare3(a, b, loose) === 0; module2.exports = eq; } }); @@ -31063,8 +31084,8 @@ var require_eq = __commonJS({ var require_neq = __commonJS({ "node_modules/semver/functions/neq.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var neq = (a, b, loose) => compare2(a, b, loose) !== 0; + var compare3 = require_compare(); + var neq = (a, b, loose) => compare3(a, b, loose) !== 0; module2.exports = neq; } }); @@ -31073,8 +31094,8 @@ var require_neq = __commonJS({ var require_gte = __commonJS({ "node_modules/semver/functions/gte.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var gte5 = (a, b, loose) => compare2(a, b, loose) >= 0; + var compare3 = require_compare(); + var gte5 = (a, b, loose) => compare3(a, b, loose) >= 0; module2.exports = gte5; } }); @@ -31083,8 +31104,8 @@ var require_gte = __commonJS({ var require_lte = __commonJS({ "node_modules/semver/functions/lte.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var lte = (a, b, loose) => compare2(a, b, loose) <= 0; + var compare3 = require_compare(); + var lte = (a, b, loose) => compare3(a, b, loose) <= 0; module2.exports = lte; } }); @@ -31396,6 +31417,7 @@ var require_range = __commonJS({ return result; }; var parseComparator = (comp, options) => { + comp = comp.replace(re[t.BUILD], ""); debug3("comp", comp, options); comp = replaceCarets(comp, options); debug3("caret", comp); @@ -31980,12 +32002,12 @@ var require_simplify = __commonJS({ "node_modules/semver/ranges/simplify.js"(exports2, module2) { "use strict"; var satisfies2 = require_satisfies(); - var compare2 = require_compare(); + var compare3 = require_compare(); module2.exports = (versions, range, options) => { const set2 = []; let first = null; let prev = null; - const v = versions.sort((a, b) => compare2(a, b, options)); + const v = versions.sort((a, b) => compare3(a, b, options)); for (const version of v) { const included = satisfies2(version, range, options); if (included) { @@ -32033,7 +32055,7 @@ var require_subset = __commonJS({ var Comparator = require_comparator(); var { ANY } = Comparator; var satisfies2 = require_satisfies(); - var compare2 = require_compare(); + var compare3 = require_compare(); var subset = (sub, dom, options = {}) => { if (sub === dom) { return true; @@ -32093,7 +32115,7 @@ var require_subset = __commonJS({ } let gtltComp; if (gt && lt) { - gtltComp = compare2(gt.semver, lt.semver, options); + gtltComp = compare3(gt.semver, lt.semver, options); if (gtltComp > 0) { return null; } else if (gtltComp === 0 && (gt.operator !== ">=" || lt.operator !== "<=")) { @@ -32173,14 +32195,14 @@ var require_subset = __commonJS({ if (!a) { return b; } - const comp = compare2(a.semver, b.semver, options); + const comp = compare3(a.semver, b.semver, options); return comp > 0 ? a : comp < 0 ? b : b.operator === ">" && a.operator === ">=" ? b : a; }; var lowerLT = (a, b, options) => { if (!a) { return b; } - const comp = compare2(a.semver, b.semver, options); + const comp = compare3(a.semver, b.semver, options); return comp < 0 ? a : comp > 0 ? b : b.operator === "<" && a.operator === "<=" ? b : a; }; module2.exports = subset; @@ -32204,7 +32226,7 @@ var require_semver2 = __commonJS({ var minor = require_minor(); var patch = require_patch(); var prerelease = require_prerelease(); - var compare2 = require_compare(); + var compare3 = require_compare(); var rcompare = require_rcompare(); var compareLoose = require_compare_loose(); var compareBuild = require_compare_build(); @@ -32242,7 +32264,7 @@ var require_semver2 = __commonJS({ minor, patch, prerelease, - compare: compare2, + compare: compare3, rcompare, compareLoose, compareBuild, @@ -32287,7 +32309,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "3.30.8", private: true, description: "CodeQL action", scripts: { @@ -32322,6 +32344,7 @@ var require_package = __commonJS({ "@actions/io": "^1.1.3", "@actions/tool-cache": "^2.0.2", "@octokit/plugin-retry": "^6.0.0", + "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", "check-disk-space": "^3.4.0", @@ -32335,14 +32358,14 @@ var require_package = __commonJS({ long: "^5.3.2", "node-forge": "^1.3.1", octokit: "^5.0.3", - semver: "^7.7.2", + semver: "^7.7.3", uuid: "^13.0.0" }, devDependencies: { "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -32353,7 +32376,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.46.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -32366,7 +32389,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { @@ -33745,14 +33768,14 @@ var require_dist_node14 = __commonJS({ var __toCommonJS2 = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod); var dist_src_exports = {}; __export2(dist_src_exports, { - RequestError: () => RequestError + RequestError: () => RequestError2 }); module2.exports = __toCommonJS2(dist_src_exports); var import_deprecation = require_dist_node3(); var import_once = __toESM2(require_once()); var logOnceCode = (0, import_once.default)((deprecation) => console.warn(deprecation)); var logOnceHeaders = (0, import_once.default)((deprecation) => console.warn(deprecation)); - var RequestError = class extends Error { + var RequestError2 = class extends Error { constructor(message, statusCode, options) { super(message); if (Error.captureStackTrace) { @@ -33854,7 +33877,7 @@ var require_dist_node15 = __commonJS({ throw error2; } var import_light = __toESM2(require_light()); - var import_request_error = require_dist_node14(); + var import_request_error2 = require_dist_node14(); async function wrapRequest(state, octokit, request, options) { const limiter = new import_light.default(); limiter.on("failed", function(error2, info4) { @@ -33875,7 +33898,7 @@ var require_dist_node15 = __commonJS({ if (response.data && response.data.errors && response.data.errors.length > 0 && /Something went wrong while executing your query/.test( response.data.errors[0].message )) { - const error2 = new import_request_error.RequestError(response.data.errors[0].message, 500, { + const error2 = new import_request_error2.RequestError(response.data.errors[0].message, 500, { request: options, response }); @@ -36110,13 +36133,13 @@ var require_semver3 = __commonJS({ function patch(a, loose) { return new SemVer(a, loose).patch; } - exports2.compare = compare2; - function compare2(a, b, loose) { + exports2.compare = compare3; + function compare3(a, b, loose) { return new SemVer(a, loose).compare(new SemVer(b, loose)); } exports2.compareLoose = compareLoose; function compareLoose(a, b) { - return compare2(a, b, true); + return compare3(a, b, true); } exports2.compareBuild = compareBuild; function compareBuild(a, b, loose) { @@ -36126,7 +36149,7 @@ var require_semver3 = __commonJS({ } exports2.rcompare = rcompare; function rcompare(a, b, loose) { - return compare2(b, a, loose); + return compare3(b, a, loose); } exports2.sort = sort; function sort(list, loose) { @@ -36142,27 +36165,27 @@ var require_semver3 = __commonJS({ } exports2.gt = gt; function gt(a, b, loose) { - return compare2(a, b, loose) > 0; + return compare3(a, b, loose) > 0; } exports2.lt = lt; function lt(a, b, loose) { - return compare2(a, b, loose) < 0; + return compare3(a, b, loose) < 0; } exports2.eq = eq; function eq(a, b, loose) { - return compare2(a, b, loose) === 0; + return compare3(a, b, loose) === 0; } exports2.neq = neq; function neq(a, b, loose) { - return compare2(a, b, loose) !== 0; + return compare3(a, b, loose) !== 0; } exports2.gte = gte5; function gte5(a, b, loose) { - return compare2(a, b, loose) >= 0; + return compare3(a, b, loose) >= 0; } exports2.lte = lte; function lte(a, b, loose) { - return compare2(a, b, loose) <= 0; + return compare3(a, b, loose) <= 0; } exports2.cmp = cmp; function cmp(a, op, b, loose) { @@ -89773,6 +89796,9 @@ function isGoodVersion(versionSpec) { function isInTestMode() { return process.env["CODEQL_ACTION_TEST_MODE" /* TEST_MODE */] === "true"; } +function shouldSkipSarifUpload() { + return isInTestMode() || process.env["CODEQL_ACTION_SKIP_SARIF_UPLOAD" /* SKIP_SARIF_UPLOAD */] === "true"; +} function getTestingEnvironment() { const testingEnvironment = process.env["CODEQL_ACTION_TESTING_ENVIRONMENT" /* TESTING_ENVIRONMENT */] || ""; if (testingEnvironment === "") { @@ -90039,9 +90065,12 @@ function getWorkflowRunAttempt() { function isSelfHostedRunner() { return process.env.RUNNER_ENVIRONMENT === "self-hosted"; } -function isDefaultSetup() { +function isDynamicWorkflow() { return getWorkflowEventName() === "dynamic"; } +function isDefaultSetup() { + return isDynamicWorkflow(); +} function prettyPrintInvocation(cmd, args) { return [cmd, ...args].map((x) => x.includes(" ") ? `'${x}'` : x).join(" "); } @@ -90364,6 +90393,45 @@ var path14 = __toESM(require("path")); var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); +// node_modules/@octokit/request-error/dist-src/index.js +var RequestError = class extends Error { + name; + /** + * http status code + */ + status; + /** + * Request options that lead to the error. + */ + request; + /** + * Response object if a response was received + */ + response; + constructor(message, statusCode, options) { + super(message); + this.name = "HttpError"; + this.status = Number.parseInt(statusCode); + if (Number.isNaN(this.status)) { + this.status = 0; + } + if ("response" in options) { + this.response = options.response; + } + const requestCopy = Object.assign({}, options.request); + if (options.request.headers.authorization) { + requestCopy.headers = Object.assign({}, options.request.headers, { + authorization: options.request.headers.authorization.replace( + /(? semver7.compare(b, a)); + logger.debug( + `Found the following versions of the CodeQL tools in the toolcache: ${JSON.stringify( + allVersions + )}.` + ); + if (allVersions.length > 0) { + const latestToolcacheVersion = allVersions[0]; + logger.info( + `CLI version ${latestToolcacheVersion} is the latest version in the toolcache.` + ); + return latestToolcacheVersion; + } + return void 0; +} function isReservedToolsValue(tools) { - return CODEQL_BUNDLE_VERSION_ALIAS.includes(tools) || CODEQL_NIGHTLY_TOOLS_INPUTS.includes(tools); + return CODEQL_BUNDLE_VERSION_ALIAS.includes(tools) || CODEQL_NIGHTLY_TOOLS_INPUTS.includes(tools) || tools === CODEQL_TOOLCACHE_INPUT; } // src/tracer-config.ts @@ -92651,7 +92776,7 @@ var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19"; var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; var CODEQL_VERSION_CACHE_CLEANUP = "2.17.1"; -async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, checkVersion) { +async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) { try { const { codeqlFolder, @@ -92665,6 +92790,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV tempDir, variant, defaultCliVersion, + features, logger ); logger.debug( @@ -92689,7 +92815,8 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV zstdAvailability }; } catch (e) { - const ErrorClass = e instanceof ConfigurationError || e instanceof Error && e.message.includes("ENOSPC") ? ConfigurationError : Error; + const ErrorClass = e instanceof ConfigurationError || e instanceof Error && e.message.includes("ENOSPC") || // out of disk space + e instanceof RequestError && e.status === 429 ? ConfigurationError : Error; throw new ErrorClass( `Unable to download and extract CodeQL CLI: ${getErrorMessage(e)}${e instanceof Error && e.stack ? ` @@ -94063,7 +94190,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi action_ref: actionRef, action_started_at: actionStartedAt.toISOString(), action_version: getActionVersion(), - analysis_kinds: config?.analysisKinds.join(","), + analysis_kinds: config?.analysisKinds?.join(","), analysis_key, build_mode: config?.buildMode, commit_oid: commitOid, @@ -94086,7 +94213,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning(`Could not determine the workflow event name: ${e}.`); } if (config) { - statusReport.languages = config.languages.join(","); + statusReport.languages = config.languages?.join(","); } if (diskInfo) { statusReport.runner_available_disk_space_bytes = diskInfo.numAvailableBytes; @@ -94764,7 +94891,7 @@ LongPrototype.greaterThanOrEqual = function greaterThanOrEqual(other) { }; LongPrototype.gte = LongPrototype.greaterThanOrEqual; LongPrototype.ge = LongPrototype.greaterThanOrEqual; -LongPrototype.compare = function compare(other) { +LongPrototype.compare = function compare2(other) { if (!isLong(other)) other = fromValue(other); if (this.eq(other)) return 0; var thisNeg = this.isNegative(), otherNeg = other.isNegative(); @@ -95315,7 +95442,7 @@ async function addFingerprints(sarif, sourceRoot, logger) { // src/init.ts var toolrunner4 = __toESM(require_toolrunner()); var io6 = __toESM(require_io()); -async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) { +async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) { logger.startGroup("Setup CodeQL tools"); const { codeql, @@ -95329,6 +95456,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe tempDir, variant, defaultCliVersion, + features, logger, true ); @@ -95475,6 +95603,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo tempDir, gitHubVersion.type, codeQLDefaultVersionInfo, + features, logger ); codeQL = initCodeQLResult.codeql; @@ -95530,23 +95659,23 @@ function getAutomationID2(category, analysis_key, environment) { } return computeAutomationID(analysis_key, environment); } -async function uploadPayload(payload, repositoryNwo, logger, target) { +async function uploadPayload(payload, repositoryNwo, logger, analysis) { logger.info("Uploading results"); - if (isInTestMode()) { + if (shouldSkipSarifUpload()) { const payloadSaveFile = path18.join( getTemporaryDirectory(), - "payload.json" + `payload-${analysis.kind}.json` ); logger.info( - `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}` + `SARIF upload disabled by an environment variable. Saving to ${payloadSaveFile}` ); logger.info(`Payload: ${JSON.stringify(payload, null, 2)}`); fs18.writeFileSync(payloadSaveFile, JSON.stringify(payload, null, 2)); - return "test-mode-sarif-id"; + return "dummy-sarif-id"; } const client = getApiClient(); try { - const response = await client.request(target, { + const response = await client.request(analysis.target, { owner: repositoryNwo.owner, repo: repositoryNwo.repo, data: payload @@ -95780,7 +95909,7 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features payload, getRepositoryNwo(), logger, - uploadTarget.target + uploadTarget ); logger.endGroup(); return { diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js index 4cde47d65b..35874c7473 100644 --- a/lib/autobuild-action.js +++ b/lib/autobuild-action.js @@ -24680,6 +24680,9 @@ var require_identifiers = __commonJS({ "use strict"; var numeric = /^[0-9]+$/; var compareIdentifiers = (a, b) => { + if (typeof a === "number" && typeof b === "number") { + return a === b ? 0 : a < b ? -1 : 1; + } const anum = numeric.test(a); const bnum = numeric.test(b); if (anum && bnum) { @@ -24786,7 +24789,25 @@ var require_semver = __commonJS({ if (!(other instanceof _SemVer)) { other = new _SemVer(other, this.options); } - return compareIdentifiers(this.major, other.major) || compareIdentifiers(this.minor, other.minor) || compareIdentifiers(this.patch, other.patch); + if (this.major < other.major) { + return -1; + } + if (this.major > other.major) { + return 1; + } + if (this.minor < other.minor) { + return -1; + } + if (this.minor > other.minor) { + return 1; + } + if (this.patch < other.patch) { + return -1; + } + if (this.patch > other.patch) { + return 1; + } + return 0; } comparePre(other) { if (!(other instanceof _SemVer)) { @@ -25121,8 +25142,8 @@ var require_compare = __commonJS({ "node_modules/semver/functions/compare.js"(exports2, module2) { "use strict"; var SemVer = require_semver(); - var compare = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); - module2.exports = compare; + var compare2 = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); + module2.exports = compare2; } }); @@ -25130,8 +25151,8 @@ var require_compare = __commonJS({ var require_rcompare = __commonJS({ "node_modules/semver/functions/rcompare.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var rcompare = (a, b, loose) => compare(b, a, loose); + var compare2 = require_compare(); + var rcompare = (a, b, loose) => compare2(b, a, loose); module2.exports = rcompare; } }); @@ -25140,8 +25161,8 @@ var require_rcompare = __commonJS({ var require_compare_loose = __commonJS({ "node_modules/semver/functions/compare-loose.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var compareLoose = (a, b) => compare(a, b, true); + var compare2 = require_compare(); + var compareLoose = (a, b) => compare2(a, b, true); module2.exports = compareLoose; } }); @@ -25184,8 +25205,8 @@ var require_rsort = __commonJS({ var require_gt = __commonJS({ "node_modules/semver/functions/gt.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var gt = (a, b, loose) => compare(a, b, loose) > 0; + var compare2 = require_compare(); + var gt = (a, b, loose) => compare2(a, b, loose) > 0; module2.exports = gt; } }); @@ -25194,8 +25215,8 @@ var require_gt = __commonJS({ var require_lt = __commonJS({ "node_modules/semver/functions/lt.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var lt = (a, b, loose) => compare(a, b, loose) < 0; + var compare2 = require_compare(); + var lt = (a, b, loose) => compare2(a, b, loose) < 0; module2.exports = lt; } }); @@ -25204,8 +25225,8 @@ var require_lt = __commonJS({ var require_eq = __commonJS({ "node_modules/semver/functions/eq.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var eq = (a, b, loose) => compare(a, b, loose) === 0; + var compare2 = require_compare(); + var eq = (a, b, loose) => compare2(a, b, loose) === 0; module2.exports = eq; } }); @@ -25214,8 +25235,8 @@ var require_eq = __commonJS({ var require_neq = __commonJS({ "node_modules/semver/functions/neq.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var neq = (a, b, loose) => compare(a, b, loose) !== 0; + var compare2 = require_compare(); + var neq = (a, b, loose) => compare2(a, b, loose) !== 0; module2.exports = neq; } }); @@ -25224,8 +25245,8 @@ var require_neq = __commonJS({ var require_gte = __commonJS({ "node_modules/semver/functions/gte.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var gte5 = (a, b, loose) => compare(a, b, loose) >= 0; + var compare2 = require_compare(); + var gte5 = (a, b, loose) => compare2(a, b, loose) >= 0; module2.exports = gte5; } }); @@ -25234,8 +25255,8 @@ var require_gte = __commonJS({ var require_lte = __commonJS({ "node_modules/semver/functions/lte.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var lte = (a, b, loose) => compare(a, b, loose) <= 0; + var compare2 = require_compare(); + var lte = (a, b, loose) => compare2(a, b, loose) <= 0; module2.exports = lte; } }); @@ -25547,6 +25568,7 @@ var require_range = __commonJS({ return result; }; var parseComparator = (comp, options) => { + comp = comp.replace(re[t.BUILD], ""); debug3("comp", comp, options); comp = replaceCarets(comp, options); debug3("caret", comp); @@ -26131,12 +26153,12 @@ var require_simplify = __commonJS({ "node_modules/semver/ranges/simplify.js"(exports2, module2) { "use strict"; var satisfies2 = require_satisfies(); - var compare = require_compare(); + var compare2 = require_compare(); module2.exports = (versions, range, options) => { const set2 = []; let first = null; let prev = null; - const v = versions.sort((a, b) => compare(a, b, options)); + const v = versions.sort((a, b) => compare2(a, b, options)); for (const version of v) { const included = satisfies2(version, range, options); if (included) { @@ -26184,7 +26206,7 @@ var require_subset = __commonJS({ var Comparator = require_comparator(); var { ANY } = Comparator; var satisfies2 = require_satisfies(); - var compare = require_compare(); + var compare2 = require_compare(); var subset = (sub, dom, options = {}) => { if (sub === dom) { return true; @@ -26244,7 +26266,7 @@ var require_subset = __commonJS({ } let gtltComp; if (gt && lt) { - gtltComp = compare(gt.semver, lt.semver, options); + gtltComp = compare2(gt.semver, lt.semver, options); if (gtltComp > 0) { return null; } else if (gtltComp === 0 && (gt.operator !== ">=" || lt.operator !== "<=")) { @@ -26324,14 +26346,14 @@ var require_subset = __commonJS({ if (!a) { return b; } - const comp = compare(a.semver, b.semver, options); + const comp = compare2(a.semver, b.semver, options); return comp > 0 ? a : comp < 0 ? b : b.operator === ">" && a.operator === ">=" ? b : a; }; var lowerLT = (a, b, options) => { if (!a) { return b; } - const comp = compare(a.semver, b.semver, options); + const comp = compare2(a.semver, b.semver, options); return comp < 0 ? a : comp > 0 ? b : b.operator === "<" && a.operator === "<=" ? b : a; }; module2.exports = subset; @@ -26355,7 +26377,7 @@ var require_semver2 = __commonJS({ var minor = require_minor(); var patch = require_patch(); var prerelease = require_prerelease(); - var compare = require_compare(); + var compare2 = require_compare(); var rcompare = require_rcompare(); var compareLoose = require_compare_loose(); var compareBuild = require_compare_build(); @@ -26393,7 +26415,7 @@ var require_semver2 = __commonJS({ minor, patch, prerelease, - compare, + compare: compare2, rcompare, compareLoose, compareBuild, @@ -26438,7 +26460,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "3.30.8", private: true, description: "CodeQL action", scripts: { @@ -26473,6 +26495,7 @@ var require_package = __commonJS({ "@actions/io": "^1.1.3", "@actions/tool-cache": "^2.0.2", "@octokit/plugin-retry": "^6.0.0", + "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", "check-disk-space": "^3.4.0", @@ -26486,14 +26509,14 @@ var require_package = __commonJS({ long: "^5.3.2", "node-forge": "^1.3.1", octokit: "^5.0.3", - semver: "^7.7.2", + semver: "^7.7.3", uuid: "^13.0.0" }, devDependencies: { "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -26504,7 +26527,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.46.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -26517,7 +26540,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { @@ -30261,13 +30284,13 @@ var require_semver3 = __commonJS({ function patch(a, loose) { return new SemVer(a, loose).patch; } - exports2.compare = compare; - function compare(a, b, loose) { + exports2.compare = compare2; + function compare2(a, b, loose) { return new SemVer(a, loose).compare(new SemVer(b, loose)); } exports2.compareLoose = compareLoose; function compareLoose(a, b) { - return compare(a, b, true); + return compare2(a, b, true); } exports2.compareBuild = compareBuild; function compareBuild(a, b, loose) { @@ -30277,7 +30300,7 @@ var require_semver3 = __commonJS({ } exports2.rcompare = rcompare; function rcompare(a, b, loose) { - return compare(b, a, loose); + return compare2(b, a, loose); } exports2.sort = sort; function sort(list, loose) { @@ -30293,27 +30316,27 @@ var require_semver3 = __commonJS({ } exports2.gt = gt; function gt(a, b, loose) { - return compare(a, b, loose) > 0; + return compare2(a, b, loose) > 0; } exports2.lt = lt; function lt(a, b, loose) { - return compare(a, b, loose) < 0; + return compare2(a, b, loose) < 0; } exports2.eq = eq; function eq(a, b, loose) { - return compare(a, b, loose) === 0; + return compare2(a, b, loose) === 0; } exports2.neq = neq; function neq(a, b, loose) { - return compare(a, b, loose) !== 0; + return compare2(a, b, loose) !== 0; } exports2.gte = gte5; function gte5(a, b, loose) { - return compare(a, b, loose) >= 0; + return compare2(a, b, loose) >= 0; } exports2.lte = lte; function lte(a, b, loose) { - return compare(a, b, loose) <= 0; + return compare2(a, b, loose) <= 0; } exports2.cmp = cmp; function cmp(a, op, b, loose) { @@ -78543,6 +78566,11 @@ function isSupportedToolsFeature(versionInfo, feature) { var DEFAULT_VERSION_FEATURE_FLAG_PREFIX = "default_codeql_version_"; var DEFAULT_VERSION_FEATURE_FLAG_SUFFIX = "_enabled"; var featureConfig = { + ["allow_toolcache_input" /* AllowToolcacheInput */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_ALLOW_TOOLCACHE_INPUT", + minimumVersion: void 0 + }, ["cleanup_trap_caches" /* CleanupTrapCaches */]: { defaultValue: false, envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", @@ -79812,7 +79840,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi action_ref: actionRef, action_started_at: actionStartedAt.toISOString(), action_version: getActionVersion(), - analysis_kinds: config?.analysisKinds.join(","), + analysis_kinds: config?.analysisKinds?.join(","), analysis_key, build_mode: config?.buildMode, commit_oid: commitOid, @@ -79835,7 +79863,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning(`Could not determine the workflow event name: ${e}.`); } if (config) { - statusReport.languages = config.languages.join(","); + statusReport.languages = config.languages?.join(","); } if (diskInfo) { statusReport.runner_available_disk_space_bytes = diskInfo.numAvailableBytes; diff --git a/lib/init-action-post.js b/lib/init-action-post.js index e138420a3e..99e28442fa 100644 --- a/lib/init-action-post.js +++ b/lib/init-action-post.js @@ -20602,14 +20602,14 @@ var require_dist_node4 = __commonJS({ var __toCommonJS2 = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod); var dist_src_exports = {}; __export2(dist_src_exports, { - RequestError: () => RequestError + RequestError: () => RequestError2 }); module2.exports = __toCommonJS2(dist_src_exports); var import_deprecation = require_dist_node3(); var import_once = __toESM2(require_once()); var logOnceCode = (0, import_once.default)((deprecation) => console.warn(deprecation)); var logOnceHeaders = (0, import_once.default)((deprecation) => console.warn(deprecation)); - var RequestError = class extends Error { + var RequestError2 = class extends Error { constructor(message, statusCode, options) { super(message); if (Error.captureStackTrace) { @@ -20701,7 +20701,7 @@ var require_dist_node5 = __commonJS({ const Ctor = Object.prototype.hasOwnProperty.call(proto, "constructor") && proto.constructor; return typeof Ctor === "function" && Ctor instanceof Ctor && Function.prototype.call(Ctor) === Function.prototype.call(value); } - var import_request_error = require_dist_node4(); + var import_request_error2 = require_dist_node4(); function getBufferResponse(response) { return response.arrayBuffer(); } @@ -20753,7 +20753,7 @@ var require_dist_node5 = __commonJS({ if (status < 400) { return; } - throw new import_request_error.RequestError(response.statusText, status, { + throw new import_request_error2.RequestError(response.statusText, status, { response: { url: url2, status, @@ -20764,7 +20764,7 @@ var require_dist_node5 = __commonJS({ }); } if (status === 304) { - throw new import_request_error.RequestError("Not modified", status, { + throw new import_request_error2.RequestError("Not modified", status, { response: { url: url2, status, @@ -20776,7 +20776,7 @@ var require_dist_node5 = __commonJS({ } if (status >= 400) { const data = await getResponseData(response); - const error2 = new import_request_error.RequestError(toErrorMessage(data), status, { + const error2 = new import_request_error2.RequestError(toErrorMessage(data), status, { response: { url: url2, status, @@ -20796,7 +20796,7 @@ var require_dist_node5 = __commonJS({ data }; }).catch((error2) => { - if (error2 instanceof import_request_error.RequestError) + if (error2 instanceof import_request_error2.RequestError) throw error2; else if (error2.name === "AbortError") throw error2; @@ -20808,7 +20808,7 @@ var require_dist_node5 = __commonJS({ message = error2.cause; } } - throw new import_request_error.RequestError(message, 500, { + throw new import_request_error2.RequestError(message, 500, { request: requestOptions }); }); @@ -21250,14 +21250,14 @@ var require_dist_node7 = __commonJS({ var __toCommonJS2 = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod); var dist_src_exports = {}; __export2(dist_src_exports, { - RequestError: () => RequestError + RequestError: () => RequestError2 }); module2.exports = __toCommonJS2(dist_src_exports); var import_deprecation = require_dist_node3(); var import_once = __toESM2(require_once()); var logOnceCode = (0, import_once.default)((deprecation) => console.warn(deprecation)); var logOnceHeaders = (0, import_once.default)((deprecation) => console.warn(deprecation)); - var RequestError = class extends Error { + var RequestError2 = class extends Error { constructor(message, statusCode, options) { super(message); if (Error.captureStackTrace) { @@ -21349,7 +21349,7 @@ var require_dist_node8 = __commonJS({ const Ctor = Object.prototype.hasOwnProperty.call(proto, "constructor") && proto.constructor; return typeof Ctor === "function" && Ctor instanceof Ctor && Function.prototype.call(Ctor) === Function.prototype.call(value); } - var import_request_error = require_dist_node7(); + var import_request_error2 = require_dist_node7(); function getBufferResponse(response) { return response.arrayBuffer(); } @@ -21401,7 +21401,7 @@ var require_dist_node8 = __commonJS({ if (status < 400) { return; } - throw new import_request_error.RequestError(response.statusText, status, { + throw new import_request_error2.RequestError(response.statusText, status, { response: { url: url2, status, @@ -21412,7 +21412,7 @@ var require_dist_node8 = __commonJS({ }); } if (status === 304) { - throw new import_request_error.RequestError("Not modified", status, { + throw new import_request_error2.RequestError("Not modified", status, { response: { url: url2, status, @@ -21424,7 +21424,7 @@ var require_dist_node8 = __commonJS({ } if (status >= 400) { const data = await getResponseData(response); - const error2 = new import_request_error.RequestError(toErrorMessage(data), status, { + const error2 = new import_request_error2.RequestError(toErrorMessage(data), status, { response: { url: url2, status, @@ -21444,7 +21444,7 @@ var require_dist_node8 = __commonJS({ data }; }).catch((error2) => { - if (error2 instanceof import_request_error.RequestError) + if (error2 instanceof import_request_error2.RequestError) throw error2; else if (error2.name === "AbortError") throw error2; @@ -21456,7 +21456,7 @@ var require_dist_node8 = __commonJS({ message = error2.cause; } } - throw new import_request_error.RequestError(message, 500, { + throw new import_request_error2.RequestError(message, 500, { request: requestOptions }); }); @@ -25039,7 +25039,7 @@ var require_to_regex_range = __commonJS({ stop = countZeros(max + 1, zeros) - 1; } stops = [...stops]; - stops.sort(compare2); + stops.sort(compare3); return stops; } function rangeToPattern(start, stop, options) { @@ -25111,7 +25111,7 @@ var require_to_regex_range = __commonJS({ for (let i = 0; i < a.length; i++) arr.push([a[i], b[i]]); return arr; } - function compare2(a, b) { + function compare3(a, b) { return a > b ? 1 : b > a ? -1 : 0; } function contains(arr, key, val2) { @@ -30529,6 +30529,9 @@ var require_identifiers = __commonJS({ "use strict"; var numeric = /^[0-9]+$/; var compareIdentifiers = (a, b) => { + if (typeof a === "number" && typeof b === "number") { + return a === b ? 0 : a < b ? -1 : 1; + } const anum = numeric.test(a); const bnum = numeric.test(b); if (anum && bnum) { @@ -30635,7 +30638,25 @@ var require_semver = __commonJS({ if (!(other instanceof _SemVer)) { other = new _SemVer(other, this.options); } - return compareIdentifiers(this.major, other.major) || compareIdentifiers(this.minor, other.minor) || compareIdentifiers(this.patch, other.patch); + if (this.major < other.major) { + return -1; + } + if (this.major > other.major) { + return 1; + } + if (this.minor < other.minor) { + return -1; + } + if (this.minor > other.minor) { + return 1; + } + if (this.patch < other.patch) { + return -1; + } + if (this.patch > other.patch) { + return 1; + } + return 0; } comparePre(other) { if (!(other instanceof _SemVer)) { @@ -30970,8 +30991,8 @@ var require_compare = __commonJS({ "node_modules/semver/functions/compare.js"(exports2, module2) { "use strict"; var SemVer = require_semver(); - var compare2 = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); - module2.exports = compare2; + var compare3 = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); + module2.exports = compare3; } }); @@ -30979,8 +31000,8 @@ var require_compare = __commonJS({ var require_rcompare = __commonJS({ "node_modules/semver/functions/rcompare.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var rcompare = (a, b, loose) => compare2(b, a, loose); + var compare3 = require_compare(); + var rcompare = (a, b, loose) => compare3(b, a, loose); module2.exports = rcompare; } }); @@ -30989,8 +31010,8 @@ var require_rcompare = __commonJS({ var require_compare_loose = __commonJS({ "node_modules/semver/functions/compare-loose.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var compareLoose = (a, b) => compare2(a, b, true); + var compare3 = require_compare(); + var compareLoose = (a, b) => compare3(a, b, true); module2.exports = compareLoose; } }); @@ -31033,8 +31054,8 @@ var require_rsort = __commonJS({ var require_gt = __commonJS({ "node_modules/semver/functions/gt.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var gt = (a, b, loose) => compare2(a, b, loose) > 0; + var compare3 = require_compare(); + var gt = (a, b, loose) => compare3(a, b, loose) > 0; module2.exports = gt; } }); @@ -31043,8 +31064,8 @@ var require_gt = __commonJS({ var require_lt = __commonJS({ "node_modules/semver/functions/lt.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var lt = (a, b, loose) => compare2(a, b, loose) < 0; + var compare3 = require_compare(); + var lt = (a, b, loose) => compare3(a, b, loose) < 0; module2.exports = lt; } }); @@ -31053,8 +31074,8 @@ var require_lt = __commonJS({ var require_eq = __commonJS({ "node_modules/semver/functions/eq.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var eq = (a, b, loose) => compare2(a, b, loose) === 0; + var compare3 = require_compare(); + var eq = (a, b, loose) => compare3(a, b, loose) === 0; module2.exports = eq; } }); @@ -31063,8 +31084,8 @@ var require_eq = __commonJS({ var require_neq = __commonJS({ "node_modules/semver/functions/neq.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var neq = (a, b, loose) => compare2(a, b, loose) !== 0; + var compare3 = require_compare(); + var neq = (a, b, loose) => compare3(a, b, loose) !== 0; module2.exports = neq; } }); @@ -31073,8 +31094,8 @@ var require_neq = __commonJS({ var require_gte = __commonJS({ "node_modules/semver/functions/gte.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var gte5 = (a, b, loose) => compare2(a, b, loose) >= 0; + var compare3 = require_compare(); + var gte5 = (a, b, loose) => compare3(a, b, loose) >= 0; module2.exports = gte5; } }); @@ -31083,8 +31104,8 @@ var require_gte = __commonJS({ var require_lte = __commonJS({ "node_modules/semver/functions/lte.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var lte = (a, b, loose) => compare2(a, b, loose) <= 0; + var compare3 = require_compare(); + var lte = (a, b, loose) => compare3(a, b, loose) <= 0; module2.exports = lte; } }); @@ -31396,6 +31417,7 @@ var require_range = __commonJS({ return result; }; var parseComparator = (comp, options) => { + comp = comp.replace(re[t.BUILD], ""); debug3("comp", comp, options); comp = replaceCarets(comp, options); debug3("caret", comp); @@ -31980,12 +32002,12 @@ var require_simplify = __commonJS({ "node_modules/semver/ranges/simplify.js"(exports2, module2) { "use strict"; var satisfies2 = require_satisfies(); - var compare2 = require_compare(); + var compare3 = require_compare(); module2.exports = (versions, range, options) => { const set2 = []; let first = null; let prev = null; - const v = versions.sort((a, b) => compare2(a, b, options)); + const v = versions.sort((a, b) => compare3(a, b, options)); for (const version of v) { const included = satisfies2(version, range, options); if (included) { @@ -32033,7 +32055,7 @@ var require_subset = __commonJS({ var Comparator = require_comparator(); var { ANY } = Comparator; var satisfies2 = require_satisfies(); - var compare2 = require_compare(); + var compare3 = require_compare(); var subset = (sub, dom, options = {}) => { if (sub === dom) { return true; @@ -32093,7 +32115,7 @@ var require_subset = __commonJS({ } let gtltComp; if (gt && lt) { - gtltComp = compare2(gt.semver, lt.semver, options); + gtltComp = compare3(gt.semver, lt.semver, options); if (gtltComp > 0) { return null; } else if (gtltComp === 0 && (gt.operator !== ">=" || lt.operator !== "<=")) { @@ -32173,14 +32195,14 @@ var require_subset = __commonJS({ if (!a) { return b; } - const comp = compare2(a.semver, b.semver, options); + const comp = compare3(a.semver, b.semver, options); return comp > 0 ? a : comp < 0 ? b : b.operator === ">" && a.operator === ">=" ? b : a; }; var lowerLT = (a, b, options) => { if (!a) { return b; } - const comp = compare2(a.semver, b.semver, options); + const comp = compare3(a.semver, b.semver, options); return comp < 0 ? a : comp > 0 ? b : b.operator === "<" && a.operator === "<=" ? b : a; }; module2.exports = subset; @@ -32204,7 +32226,7 @@ var require_semver2 = __commonJS({ var minor = require_minor(); var patch = require_patch(); var prerelease = require_prerelease(); - var compare2 = require_compare(); + var compare3 = require_compare(); var rcompare = require_rcompare(); var compareLoose = require_compare_loose(); var compareBuild = require_compare_build(); @@ -32242,7 +32264,7 @@ var require_semver2 = __commonJS({ minor, patch, prerelease, - compare: compare2, + compare: compare3, rcompare, compareLoose, compareBuild, @@ -32287,7 +32309,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "3.30.8", private: true, description: "CodeQL action", scripts: { @@ -32322,6 +32344,7 @@ var require_package = __commonJS({ "@actions/io": "^1.1.3", "@actions/tool-cache": "^2.0.2", "@octokit/plugin-retry": "^6.0.0", + "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", "check-disk-space": "^3.4.0", @@ -32335,14 +32358,14 @@ var require_package = __commonJS({ long: "^5.3.2", "node-forge": "^1.3.1", octokit: "^5.0.3", - semver: "^7.7.2", + semver: "^7.7.3", uuid: "^13.0.0" }, devDependencies: { "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -32353,7 +32376,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.46.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -32366,7 +32389,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { @@ -33745,14 +33768,14 @@ var require_dist_node14 = __commonJS({ var __toCommonJS2 = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod); var dist_src_exports = {}; __export2(dist_src_exports, { - RequestError: () => RequestError + RequestError: () => RequestError2 }); module2.exports = __toCommonJS2(dist_src_exports); var import_deprecation = require_dist_node3(); var import_once = __toESM2(require_once()); var logOnceCode = (0, import_once.default)((deprecation) => console.warn(deprecation)); var logOnceHeaders = (0, import_once.default)((deprecation) => console.warn(deprecation)); - var RequestError = class extends Error { + var RequestError2 = class extends Error { constructor(message, statusCode, options) { super(message); if (Error.captureStackTrace) { @@ -33854,7 +33877,7 @@ var require_dist_node15 = __commonJS({ throw error2; } var import_light = __toESM2(require_light()); - var import_request_error = require_dist_node14(); + var import_request_error2 = require_dist_node14(); async function wrapRequest(state, octokit, request, options) { const limiter = new import_light.default(); limiter.on("failed", function(error2, info5) { @@ -33875,7 +33898,7 @@ var require_dist_node15 = __commonJS({ if (response.data && response.data.errors && response.data.errors.length > 0 && /Something went wrong while executing your query/.test( response.data.errors[0].message )) { - const error2 = new import_request_error.RequestError(response.data.errors[0].message, 500, { + const error2 = new import_request_error2.RequestError(response.data.errors[0].message, 500, { request: options, response }); @@ -36110,13 +36133,13 @@ var require_semver3 = __commonJS({ function patch(a, loose) { return new SemVer(a, loose).patch; } - exports2.compare = compare2; - function compare2(a, b, loose) { + exports2.compare = compare3; + function compare3(a, b, loose) { return new SemVer(a, loose).compare(new SemVer(b, loose)); } exports2.compareLoose = compareLoose; function compareLoose(a, b) { - return compare2(a, b, true); + return compare3(a, b, true); } exports2.compareBuild = compareBuild; function compareBuild(a, b, loose) { @@ -36126,7 +36149,7 @@ var require_semver3 = __commonJS({ } exports2.rcompare = rcompare; function rcompare(a, b, loose) { - return compare2(b, a, loose); + return compare3(b, a, loose); } exports2.sort = sort; function sort(list, loose) { @@ -36142,27 +36165,27 @@ var require_semver3 = __commonJS({ } exports2.gt = gt; function gt(a, b, loose) { - return compare2(a, b, loose) > 0; + return compare3(a, b, loose) > 0; } exports2.lt = lt; function lt(a, b, loose) { - return compare2(a, b, loose) < 0; + return compare3(a, b, loose) < 0; } exports2.eq = eq; function eq(a, b, loose) { - return compare2(a, b, loose) === 0; + return compare3(a, b, loose) === 0; } exports2.neq = neq; function neq(a, b, loose) { - return compare2(a, b, loose) !== 0; + return compare3(a, b, loose) !== 0; } exports2.gte = gte5; function gte5(a, b, loose) { - return compare2(a, b, loose) >= 0; + return compare3(a, b, loose) >= 0; } exports2.lte = lte; function lte(a, b, loose) { - return compare2(a, b, loose) <= 0; + return compare3(a, b, loose) <= 0; } exports2.cmp = cmp; function cmp(a, op, b, loose) { @@ -101672,8 +101695,8 @@ var require_commonjs16 = __commonJS({ if (rootPath === this.root.name) { return this.root; } - for (const [compare2, root] of Object.entries(this.roots)) { - if (this.sameRoot(rootPath, compare2)) { + for (const [compare3, root] of Object.entries(this.roots)) { + if (this.sameRoot(rootPath, compare3)) { return this.roots[rootPath] = root; } } @@ -101682,9 +101705,9 @@ var require_commonjs16 = __commonJS({ /** * @internal */ - sameRoot(rootPath, compare2 = this.root.name) { + sameRoot(rootPath, compare3 = this.root.name) { rootPath = rootPath.toUpperCase().replace(/\//g, "\\").replace(uncDriveRegexp, "$1\\"); - return rootPath === compare2; + return rootPath === compare3; } }; exports2.PathWin32 = PathWin32; @@ -105703,7 +105726,7 @@ var require_b4a = __commonJS({ function byteLength(string, encoding) { return Buffer.byteLength(string, encoding); } - function compare2(a, b) { + function compare3(a, b) { return Buffer.compare(a, b); } function concat(buffers, totalLength) { @@ -105804,7 +105827,7 @@ var require_b4a = __commonJS({ allocUnsafe, allocUnsafeSlow, byteLength, - compare: compare2, + compare: compare3, concat, copy, equals: equals2, @@ -111944,7 +111967,7 @@ var require_dist_node17 = __commonJS({ var once2 = _interopDefault(require_once()); var logOnceCode = once2((deprecation2) => console.warn(deprecation2)); var logOnceHeaders = once2((deprecation2) => console.warn(deprecation2)); - var RequestError = class extends Error { + var RequestError2 = class extends Error { constructor(message, statusCode, options) { super(message); if (Error.captureStackTrace) { @@ -111982,7 +112005,7 @@ var require_dist_node17 = __commonJS({ }); } }; - exports2.RequestError = RequestError; + exports2.RequestError = RequestError2; } }); @@ -128072,6 +128095,9 @@ function isGoodVersion(versionSpec) { function isInTestMode() { return process.env["CODEQL_ACTION_TEST_MODE" /* TEST_MODE */] === "true"; } +function shouldSkipSarifUpload() { + return isInTestMode() || process.env["CODEQL_ACTION_SKIP_SARIF_UPLOAD" /* SKIP_SARIF_UPLOAD */] === "true"; +} function getTestingEnvironment() { const testingEnvironment = process.env["CODEQL_ACTION_TESTING_ENVIRONMENT" /* TESTING_ENVIRONMENT */] || ""; if (testingEnvironment === "") { @@ -128337,9 +128363,12 @@ function getWorkflowRunAttempt() { function isSelfHostedRunner() { return process.env.RUNNER_ENVIRONMENT === "self-hosted"; } -function isDefaultSetup() { +function isDynamicWorkflow() { return getWorkflowEventName() === "dynamic"; } +function isDefaultSetup() { + return isDynamicWorkflow(); +} function prettyPrintInvocation(cmd, args) { return [cmd, ...args].map((x) => x.includes(" ") ? `'${x}'` : x).join(" "); } @@ -128595,6 +128624,45 @@ var path13 = __toESM(require("path")); var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); +// node_modules/@octokit/request-error/dist-src/index.js +var RequestError = class extends Error { + name; + /** + * http status code + */ + status; + /** + * Request options that lead to the error. + */ + request; + /** + * Response object if a response was received + */ + response; + constructor(message, statusCode, options) { + super(message); + this.name = "HttpError"; + this.status = Number.parseInt(statusCode); + if (Number.isNaN(this.status)) { + this.status = 0; + } + if ("response" in options) { + this.response = options.response; + } + const requestCopy = Object.assign({}, options.request); + if (options.request.headers.authorization) { + requestCopy.headers = Object.assign({}, options.request.headers, { + authorization: options.request.headers.authorization.replace( + /(? semver7.compare(b, a)); + logger.debug( + `Found the following versions of the CodeQL tools in the toolcache: ${JSON.stringify( + allVersions + )}.` + ); + if (allVersions.length > 0) { + const latestToolcacheVersion = allVersions[0]; + logger.info( + `CLI version ${latestToolcacheVersion} is the latest version in the toolcache.` + ); + return latestToolcacheVersion; + } + return void 0; +} function isReservedToolsValue(tools) { - return CODEQL_BUNDLE_VERSION_ALIAS.includes(tools) || CODEQL_NIGHTLY_TOOLS_INPUTS.includes(tools); + return CODEQL_BUNDLE_VERSION_ALIAS.includes(tools) || CODEQL_NIGHTLY_TOOLS_INPUTS.includes(tools) || tools === CODEQL_TOOLCACHE_INPUT; } // src/tracer-config.ts @@ -130600,7 +130725,7 @@ var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19"; var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; var CODEQL_VERSION_CACHE_CLEANUP = "2.17.1"; -async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, checkVersion) { +async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) { try { const { codeqlFolder, @@ -130614,6 +130739,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV tempDir, variant, defaultCliVersion, + features, logger ); logger.debug( @@ -130638,7 +130764,8 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV zstdAvailability }; } catch (e) { - const ErrorClass = e instanceof ConfigurationError || e instanceof Error && e.message.includes("ENOSPC") ? ConfigurationError : Error; + const ErrorClass = e instanceof ConfigurationError || e instanceof Error && e.message.includes("ENOSPC") || // out of disk space + e instanceof RequestError && e.status === 429 ? ConfigurationError : Error; throw new ErrorClass( `Unable to download and extract CodeQL CLI: ${getErrorMessage(e)}${e instanceof Error && e.stack ? ` @@ -131539,7 +131666,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi action_ref: actionRef, action_started_at: actionStartedAt.toISOString(), action_version: getActionVersion(), - analysis_kinds: config?.analysisKinds.join(","), + analysis_kinds: config?.analysisKinds?.join(","), analysis_key, build_mode: config?.buildMode, commit_oid: commitOid, @@ -131562,7 +131689,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning(`Could not determine the workflow event name: ${e}.`); } if (config) { - statusReport.languages = config.languages.join(","); + statusReport.languages = config.languages?.join(","); } if (diskInfo) { statusReport.runner_available_disk_space_bytes = diskInfo.numAvailableBytes; @@ -132240,7 +132367,7 @@ LongPrototype.greaterThanOrEqual = function greaterThanOrEqual(other) { }; LongPrototype.gte = LongPrototype.greaterThanOrEqual; LongPrototype.ge = LongPrototype.greaterThanOrEqual; -LongPrototype.compare = function compare(other) { +LongPrototype.compare = function compare2(other) { if (!isLong(other)) other = fromValue(other); if (this.eq(other)) return 0; var thisNeg = this.isNegative(), otherNeg = other.isNegative(); @@ -132791,7 +132918,7 @@ async function addFingerprints(sarif, sourceRoot, logger) { // src/init.ts var toolrunner4 = __toESM(require_toolrunner()); var io6 = __toESM(require_io()); -async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) { +async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) { logger.startGroup("Setup CodeQL tools"); const { codeql, @@ -132805,6 +132932,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe tempDir, variant, defaultCliVersion, + features, logger, true ); @@ -132951,6 +133079,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo tempDir, gitHubVersion.type, codeQLDefaultVersionInfo, + features, logger ); codeQL = initCodeQLResult.codeql; @@ -133006,23 +133135,23 @@ function getAutomationID2(category, analysis_key, environment) { } return computeAutomationID(analysis_key, environment); } -async function uploadPayload(payload, repositoryNwo, logger, target) { +async function uploadPayload(payload, repositoryNwo, logger, analysis) { logger.info("Uploading results"); - if (isInTestMode()) { + if (shouldSkipSarifUpload()) { const payloadSaveFile = path17.join( getTemporaryDirectory(), - "payload.json" + `payload-${analysis.kind}.json` ); logger.info( - `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}` + `SARIF upload disabled by an environment variable. Saving to ${payloadSaveFile}` ); logger.info(`Payload: ${JSON.stringify(payload, null, 2)}`); fs17.writeFileSync(payloadSaveFile, JSON.stringify(payload, null, 2)); - return "test-mode-sarif-id"; + return "dummy-sarif-id"; } const client = getApiClient(); try { - const response = await client.request(target, { + const response = await client.request(analysis.target, { owner: repositoryNwo.owner, repo: repositoryNwo.repo, data: payload @@ -133256,7 +133385,7 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features payload, getRepositoryNwo(), logger, - uploadTarget.target + uploadTarget ); logger.endGroup(); return { @@ -133585,7 +133714,7 @@ async function maybeUploadFailedSarif(config, repositoryNwo, features, logger) { const shouldUpload = getUploadInputOrThrow(workflow, jobName, matrix); if (!["always", "failure-only"].includes( getUploadValue(shouldUpload) - ) || isInTestMode()) { + ) || shouldSkipSarifUpload()) { return { upload_failed_run_skipped_because: "SARIF upload is disabled" }; } const category = getCategoryInputOrThrow(workflow, jobName, matrix); diff --git a/lib/init-action.js b/lib/init-action.js index 2f509ad0ee..d3436e53ff 100644 --- a/lib/init-action.js +++ b/lib/init-action.js @@ -19971,6 +19971,9 @@ var require_identifiers = __commonJS({ "use strict"; var numeric = /^[0-9]+$/; var compareIdentifiers = (a, b) => { + if (typeof a === "number" && typeof b === "number") { + return a === b ? 0 : a < b ? -1 : 1; + } const anum = numeric.test(a); const bnum = numeric.test(b); if (anum && bnum) { @@ -20077,7 +20080,25 @@ var require_semver = __commonJS({ if (!(other instanceof _SemVer)) { other = new _SemVer(other, this.options); } - return compareIdentifiers(this.major, other.major) || compareIdentifiers(this.minor, other.minor) || compareIdentifiers(this.patch, other.patch); + if (this.major < other.major) { + return -1; + } + if (this.major > other.major) { + return 1; + } + if (this.minor < other.minor) { + return -1; + } + if (this.minor > other.minor) { + return 1; + } + if (this.patch < other.patch) { + return -1; + } + if (this.patch > other.patch) { + return 1; + } + return 0; } comparePre(other) { if (!(other instanceof _SemVer)) { @@ -20412,8 +20433,8 @@ var require_compare = __commonJS({ "node_modules/semver/functions/compare.js"(exports2, module2) { "use strict"; var SemVer = require_semver(); - var compare = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); - module2.exports = compare; + var compare2 = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); + module2.exports = compare2; } }); @@ -20421,8 +20442,8 @@ var require_compare = __commonJS({ var require_rcompare = __commonJS({ "node_modules/semver/functions/rcompare.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var rcompare = (a, b, loose) => compare(b, a, loose); + var compare2 = require_compare(); + var rcompare = (a, b, loose) => compare2(b, a, loose); module2.exports = rcompare; } }); @@ -20431,8 +20452,8 @@ var require_rcompare = __commonJS({ var require_compare_loose = __commonJS({ "node_modules/semver/functions/compare-loose.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var compareLoose = (a, b) => compare(a, b, true); + var compare2 = require_compare(); + var compareLoose = (a, b) => compare2(a, b, true); module2.exports = compareLoose; } }); @@ -20475,8 +20496,8 @@ var require_rsort = __commonJS({ var require_gt = __commonJS({ "node_modules/semver/functions/gt.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var gt = (a, b, loose) => compare(a, b, loose) > 0; + var compare2 = require_compare(); + var gt = (a, b, loose) => compare2(a, b, loose) > 0; module2.exports = gt; } }); @@ -20485,8 +20506,8 @@ var require_gt = __commonJS({ var require_lt = __commonJS({ "node_modules/semver/functions/lt.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var lt2 = (a, b, loose) => compare(a, b, loose) < 0; + var compare2 = require_compare(); + var lt2 = (a, b, loose) => compare2(a, b, loose) < 0; module2.exports = lt2; } }); @@ -20495,8 +20516,8 @@ var require_lt = __commonJS({ var require_eq = __commonJS({ "node_modules/semver/functions/eq.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var eq = (a, b, loose) => compare(a, b, loose) === 0; + var compare2 = require_compare(); + var eq = (a, b, loose) => compare2(a, b, loose) === 0; module2.exports = eq; } }); @@ -20505,8 +20526,8 @@ var require_eq = __commonJS({ var require_neq = __commonJS({ "node_modules/semver/functions/neq.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var neq = (a, b, loose) => compare(a, b, loose) !== 0; + var compare2 = require_compare(); + var neq = (a, b, loose) => compare2(a, b, loose) !== 0; module2.exports = neq; } }); @@ -20515,8 +20536,8 @@ var require_neq = __commonJS({ var require_gte = __commonJS({ "node_modules/semver/functions/gte.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var gte5 = (a, b, loose) => compare(a, b, loose) >= 0; + var compare2 = require_compare(); + var gte5 = (a, b, loose) => compare2(a, b, loose) >= 0; module2.exports = gte5; } }); @@ -20525,8 +20546,8 @@ var require_gte = __commonJS({ var require_lte = __commonJS({ "node_modules/semver/functions/lte.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var lte = (a, b, loose) => compare(a, b, loose) <= 0; + var compare2 = require_compare(); + var lte = (a, b, loose) => compare2(a, b, loose) <= 0; module2.exports = lte; } }); @@ -20838,6 +20859,7 @@ var require_range = __commonJS({ return result; }; var parseComparator = (comp, options) => { + comp = comp.replace(re[t.BUILD], ""); debug3("comp", comp, options); comp = replaceCarets(comp, options); debug3("caret", comp); @@ -21422,12 +21444,12 @@ var require_simplify = __commonJS({ "node_modules/semver/ranges/simplify.js"(exports2, module2) { "use strict"; var satisfies2 = require_satisfies(); - var compare = require_compare(); + var compare2 = require_compare(); module2.exports = (versions, range, options) => { const set2 = []; let first = null; let prev = null; - const v = versions.sort((a, b) => compare(a, b, options)); + const v = versions.sort((a, b) => compare2(a, b, options)); for (const version of v) { const included = satisfies2(version, range, options); if (included) { @@ -21475,7 +21497,7 @@ var require_subset = __commonJS({ var Comparator = require_comparator(); var { ANY } = Comparator; var satisfies2 = require_satisfies(); - var compare = require_compare(); + var compare2 = require_compare(); var subset = (sub, dom, options = {}) => { if (sub === dom) { return true; @@ -21535,7 +21557,7 @@ var require_subset = __commonJS({ } let gtltComp; if (gt && lt2) { - gtltComp = compare(gt.semver, lt2.semver, options); + gtltComp = compare2(gt.semver, lt2.semver, options); if (gtltComp > 0) { return null; } else if (gtltComp === 0 && (gt.operator !== ">=" || lt2.operator !== "<=")) { @@ -21615,14 +21637,14 @@ var require_subset = __commonJS({ if (!a) { return b; } - const comp = compare(a.semver, b.semver, options); + const comp = compare2(a.semver, b.semver, options); return comp > 0 ? a : comp < 0 ? b : b.operator === ">" && a.operator === ">=" ? b : a; }; var lowerLT = (a, b, options) => { if (!a) { return b; } - const comp = compare(a.semver, b.semver, options); + const comp = compare2(a.semver, b.semver, options); return comp < 0 ? a : comp > 0 ? b : b.operator === "<" && a.operator === "<=" ? b : a; }; module2.exports = subset; @@ -21646,7 +21668,7 @@ var require_semver2 = __commonJS({ var minor = require_minor(); var patch = require_patch(); var prerelease = require_prerelease(); - var compare = require_compare(); + var compare2 = require_compare(); var rcompare = require_rcompare(); var compareLoose = require_compare_loose(); var compareBuild = require_compare_build(); @@ -21684,7 +21706,7 @@ var require_semver2 = __commonJS({ minor, patch, prerelease, - compare, + compare: compare2, rcompare, compareLoose, compareBuild, @@ -22510,14 +22532,14 @@ var require_dist_node4 = __commonJS({ var __toCommonJS2 = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod); var dist_src_exports = {}; __export2(dist_src_exports, { - RequestError: () => RequestError + RequestError: () => RequestError2 }); module2.exports = __toCommonJS2(dist_src_exports); var import_deprecation = require_dist_node3(); var import_once = __toESM2(require_once()); var logOnceCode = (0, import_once.default)((deprecation) => console.warn(deprecation)); var logOnceHeaders = (0, import_once.default)((deprecation) => console.warn(deprecation)); - var RequestError = class extends Error { + var RequestError2 = class extends Error { constructor(message, statusCode, options) { super(message); if (Error.captureStackTrace) { @@ -22609,7 +22631,7 @@ var require_dist_node5 = __commonJS({ const Ctor = Object.prototype.hasOwnProperty.call(proto, "constructor") && proto.constructor; return typeof Ctor === "function" && Ctor instanceof Ctor && Function.prototype.call(Ctor) === Function.prototype.call(value); } - var import_request_error = require_dist_node4(); + var import_request_error2 = require_dist_node4(); function getBufferResponse(response) { return response.arrayBuffer(); } @@ -22661,7 +22683,7 @@ var require_dist_node5 = __commonJS({ if (status < 400) { return; } - throw new import_request_error.RequestError(response.statusText, status, { + throw new import_request_error2.RequestError(response.statusText, status, { response: { url, status, @@ -22672,7 +22694,7 @@ var require_dist_node5 = __commonJS({ }); } if (status === 304) { - throw new import_request_error.RequestError("Not modified", status, { + throw new import_request_error2.RequestError("Not modified", status, { response: { url, status, @@ -22684,7 +22706,7 @@ var require_dist_node5 = __commonJS({ } if (status >= 400) { const data = await getResponseData(response); - const error2 = new import_request_error.RequestError(toErrorMessage(data), status, { + const error2 = new import_request_error2.RequestError(toErrorMessage(data), status, { response: { url, status, @@ -22704,7 +22726,7 @@ var require_dist_node5 = __commonJS({ data }; }).catch((error2) => { - if (error2 instanceof import_request_error.RequestError) + if (error2 instanceof import_request_error2.RequestError) throw error2; else if (error2.name === "AbortError") throw error2; @@ -22716,7 +22738,7 @@ var require_dist_node5 = __commonJS({ message = error2.cause; } } - throw new import_request_error.RequestError(message, 500, { + throw new import_request_error2.RequestError(message, 500, { request: requestOptions }); }); @@ -23158,14 +23180,14 @@ var require_dist_node7 = __commonJS({ var __toCommonJS2 = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod); var dist_src_exports = {}; __export2(dist_src_exports, { - RequestError: () => RequestError + RequestError: () => RequestError2 }); module2.exports = __toCommonJS2(dist_src_exports); var import_deprecation = require_dist_node3(); var import_once = __toESM2(require_once()); var logOnceCode = (0, import_once.default)((deprecation) => console.warn(deprecation)); var logOnceHeaders = (0, import_once.default)((deprecation) => console.warn(deprecation)); - var RequestError = class extends Error { + var RequestError2 = class extends Error { constructor(message, statusCode, options) { super(message); if (Error.captureStackTrace) { @@ -23257,7 +23279,7 @@ var require_dist_node8 = __commonJS({ const Ctor = Object.prototype.hasOwnProperty.call(proto, "constructor") && proto.constructor; return typeof Ctor === "function" && Ctor instanceof Ctor && Function.prototype.call(Ctor) === Function.prototype.call(value); } - var import_request_error = require_dist_node7(); + var import_request_error2 = require_dist_node7(); function getBufferResponse(response) { return response.arrayBuffer(); } @@ -23309,7 +23331,7 @@ var require_dist_node8 = __commonJS({ if (status < 400) { return; } - throw new import_request_error.RequestError(response.statusText, status, { + throw new import_request_error2.RequestError(response.statusText, status, { response: { url, status, @@ -23320,7 +23342,7 @@ var require_dist_node8 = __commonJS({ }); } if (status === 304) { - throw new import_request_error.RequestError("Not modified", status, { + throw new import_request_error2.RequestError("Not modified", status, { response: { url, status, @@ -23332,7 +23354,7 @@ var require_dist_node8 = __commonJS({ } if (status >= 400) { const data = await getResponseData(response); - const error2 = new import_request_error.RequestError(toErrorMessage(data), status, { + const error2 = new import_request_error2.RequestError(toErrorMessage(data), status, { response: { url, status, @@ -23352,7 +23374,7 @@ var require_dist_node8 = __commonJS({ data }; }).catch((error2) => { - if (error2 instanceof import_request_error.RequestError) + if (error2 instanceof import_request_error2.RequestError) throw error2; else if (error2.name === "AbortError") throw error2; @@ -23364,7 +23386,7 @@ var require_dist_node8 = __commonJS({ message = error2.cause; } } - throw new import_request_error.RequestError(message, 500, { + throw new import_request_error2.RequestError(message, 500, { request: requestOptions }); }); @@ -26947,7 +26969,7 @@ var require_to_regex_range = __commonJS({ stop = countZeros(max + 1, zeros) - 1; } stops = [...stops]; - stops.sort(compare); + stops.sort(compare2); return stops; } function rangeToPattern(start, stop, options) { @@ -27019,7 +27041,7 @@ var require_to_regex_range = __commonJS({ for (let i = 0; i < a.length; i++) arr.push([a[i], b[i]]); return arr; } - function compare(a, b) { + function compare2(a, b) { return a > b ? 1 : b > a ? -1 : 0; } function contains(arr, key, val2) { @@ -32287,7 +32309,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "3.30.8", private: true, description: "CodeQL action", scripts: { @@ -32322,6 +32344,7 @@ var require_package = __commonJS({ "@actions/io": "^1.1.3", "@actions/tool-cache": "^2.0.2", "@octokit/plugin-retry": "^6.0.0", + "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", "check-disk-space": "^3.4.0", @@ -32335,14 +32358,14 @@ var require_package = __commonJS({ long: "^5.3.2", "node-forge": "^1.3.1", octokit: "^5.0.3", - semver: "^7.7.2", + semver: "^7.7.3", uuid: "^13.0.0" }, devDependencies: { "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -32353,7 +32376,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.46.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -32366,7 +32389,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { @@ -33745,14 +33768,14 @@ var require_dist_node14 = __commonJS({ var __toCommonJS2 = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod); var dist_src_exports = {}; __export2(dist_src_exports, { - RequestError: () => RequestError + RequestError: () => RequestError2 }); module2.exports = __toCommonJS2(dist_src_exports); var import_deprecation = require_dist_node3(); var import_once = __toESM2(require_once()); var logOnceCode = (0, import_once.default)((deprecation) => console.warn(deprecation)); var logOnceHeaders = (0, import_once.default)((deprecation) => console.warn(deprecation)); - var RequestError = class extends Error { + var RequestError2 = class extends Error { constructor(message, statusCode, options) { super(message); if (Error.captureStackTrace) { @@ -33854,7 +33877,7 @@ var require_dist_node15 = __commonJS({ throw error2; } var import_light = __toESM2(require_light()); - var import_request_error = require_dist_node14(); + var import_request_error2 = require_dist_node14(); async function wrapRequest(state, octokit, request, options) { const limiter = new import_light.default(); limiter.on("failed", function(error2, info4) { @@ -33875,7 +33898,7 @@ var require_dist_node15 = __commonJS({ if (response.data && response.data.errors && response.data.errors.length > 0 && /Something went wrong while executing your query/.test( response.data.errors[0].message )) { - const error2 = new import_request_error.RequestError(response.data.errors[0].message, 500, { + const error2 = new import_request_error2.RequestError(response.data.errors[0].message, 500, { request: options, response }); @@ -36110,13 +36133,13 @@ var require_semver3 = __commonJS({ function patch(a, loose) { return new SemVer(a, loose).patch; } - exports2.compare = compare; - function compare(a, b, loose) { + exports2.compare = compare2; + function compare2(a, b, loose) { return new SemVer(a, loose).compare(new SemVer(b, loose)); } exports2.compareLoose = compareLoose; function compareLoose(a, b) { - return compare(a, b, true); + return compare2(a, b, true); } exports2.compareBuild = compareBuild; function compareBuild(a, b, loose) { @@ -36126,7 +36149,7 @@ var require_semver3 = __commonJS({ } exports2.rcompare = rcompare; function rcompare(a, b, loose) { - return compare(b, a, loose); + return compare2(b, a, loose); } exports2.sort = sort; function sort(list, loose) { @@ -36142,27 +36165,27 @@ var require_semver3 = __commonJS({ } exports2.gt = gt; function gt(a, b, loose) { - return compare(a, b, loose) > 0; + return compare2(a, b, loose) > 0; } exports2.lt = lt2; function lt2(a, b, loose) { - return compare(a, b, loose) < 0; + return compare2(a, b, loose) < 0; } exports2.eq = eq; function eq(a, b, loose) { - return compare(a, b, loose) === 0; + return compare2(a, b, loose) === 0; } exports2.neq = neq; function neq(a, b, loose) { - return compare(a, b, loose) !== 0; + return compare2(a, b, loose) !== 0; } exports2.gte = gte5; function gte5(a, b, loose) { - return compare(a, b, loose) >= 0; + return compare2(a, b, loose) >= 0; } exports2.lte = lte; function lte(a, b, loose) { - return compare(a, b, loose) <= 0; + return compare2(a, b, loose) <= 0; } exports2.cmp = cmp; function cmp(a, op, b, loose) { @@ -85943,9 +85966,12 @@ var getFileType = async (filePath) => { function isSelfHostedRunner() { return process.env.RUNNER_ENVIRONMENT === "self-hosted"; } -function isDefaultSetup() { +function isDynamicWorkflow() { return getWorkflowEventName() === "dynamic"; } +function isDefaultSetup() { + return isDynamicWorkflow(); +} function prettyPrintInvocation(cmd, args) { return [cmd, ...args].map((x) => x.includes(" ") ? `'${x}'` : x).join(" "); } @@ -86977,6 +87003,11 @@ var DEFAULT_VERSION_FEATURE_FLAG_PREFIX = "default_codeql_version_"; var DEFAULT_VERSION_FEATURE_FLAG_SUFFIX = "_enabled"; var CODEQL_VERSION_ZSTD_BUNDLE = "2.19.0"; var featureConfig = { + ["allow_toolcache_input" /* AllowToolcacheInput */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_ALLOW_TOOLCACHE_INPUT", + minimumVersion: void 0 + }, ["cleanup_trap_caches" /* CleanupTrapCaches */]: { defaultValue: false, envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", @@ -87860,7 +87891,13 @@ async function getOverlayDatabaseMode(codeql, repository, features, languages, s return nonOverlayAnalysis; } if (buildMode !== "none" /* None */ && (await Promise.all( - languages.map(async (l) => await codeql.isTracedLanguage(l)) + languages.map( + async (l) => l !== "go" /* go */ && // Workaround to allow overlay analysis for Go with any build + // mode, since it does not yet support BMN. The Go autobuilder and/or extractor will + // ensure that overlay-base databases are only created for supported Go build setups, + // and that we'll fall back to full databases in other cases. + await codeql.isTracedLanguage(l) + ) )).some(Boolean)) { logger.warning( `Cannot build an ${overlayDatabaseMode} database because build-mode is set to "${buildMode}" instead of "none". Falling back to creating a normal full database instead.` @@ -88324,6 +88361,45 @@ var path16 = __toESM(require("path")); var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); +// node_modules/@octokit/request-error/dist-src/index.js +var RequestError = class extends Error { + name; + /** + * http status code + */ + status; + /** + * Request options that lead to the error. + */ + request; + /** + * Response object if a response was received + */ + response; + constructor(message, statusCode, options) { + super(message); + this.name = "HttpError"; + this.status = Number.parseInt(statusCode); + if (Number.isNaN(this.status)) { + this.status = 0; + } + if ("response" in options) { + this.response = options.response; + } + const requestCopy = Object.assign({}, options.request); + if (options.request.headers.authorization) { + requestCopy.headers = Object.assign({}, options.request.headers, { + authorization: options.request.headers.authorization.replace( + /(? semver7.compare(b, a)); + logger.debug( + `Found the following versions of the CodeQL tools in the toolcache: ${JSON.stringify( + allVersions + )}.` + ); + if (allVersions.length > 0) { + const latestToolcacheVersion = allVersions[0]; + logger.info( + `CLI version ${latestToolcacheVersion} is the latest version in the toolcache.` + ); + return latestToolcacheVersion; + } + return void 0; +} function isReservedToolsValue(tools) { - return CODEQL_BUNDLE_VERSION_ALIAS.includes(tools) || CODEQL_NIGHTLY_TOOLS_INPUTS.includes(tools); + return CODEQL_BUNDLE_VERSION_ALIAS.includes(tools) || CODEQL_NIGHTLY_TOOLS_INPUTS.includes(tools) || tools === CODEQL_TOOLCACHE_INPUT; } // src/tracer-config.ts @@ -89415,7 +89543,7 @@ var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19"; var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; var CODEQL_VERSION_CACHE_CLEANUP = "2.17.1"; -async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, checkVersion) { +async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) { try { const { codeqlFolder, @@ -89429,6 +89557,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV tempDir, variant, defaultCliVersion, + features, logger ); logger.debug( @@ -89453,7 +89582,8 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV zstdAvailability }; } catch (e) { - const ErrorClass = e instanceof ConfigurationError || e instanceof Error && e.message.includes("ENOSPC") ? ConfigurationError : Error; + const ErrorClass = e instanceof ConfigurationError || e instanceof Error && e.message.includes("ENOSPC") || // out of disk space + e instanceof RequestError && e.status === 429 ? ConfigurationError : Error; throw new ErrorClass( `Unable to download and extract CodeQL CLI: ${getErrorMessage(e)}${e instanceof Error && e.stack ? ` @@ -90001,7 +90131,7 @@ async function getJobRunUuidSarifOptions(codeql) { } // src/init.ts -async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) { +async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) { logger.startGroup("Setup CodeQL tools"); const { codeql, @@ -90015,6 +90145,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe tempDir, variant, defaultCliVersion, + features, logger, true ); @@ -90214,7 +90345,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi action_ref: actionRef, action_started_at: actionStartedAt.toISOString(), action_version: getActionVersion(), - analysis_kinds: config?.analysisKinds.join(","), + analysis_kinds: config?.analysisKinds?.join(","), analysis_key, build_mode: config?.buildMode, commit_oid: commitOid, @@ -90237,7 +90368,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning(`Could not determine the workflow event name: ${e}.`); } if (config) { - statusReport.languages = config.languages.join(","); + statusReport.languages = config.languages?.join(","); } if (diskInfo) { statusReport.runner_available_disk_space_bytes = diskInfo.numAvailableBytes; @@ -90663,6 +90794,7 @@ async function run() { getTemporaryDirectory(), gitHubVersion.type, codeQLDefaultVersionInfo, + features, logger ); codeql = initCodeQLResult.codeql; diff --git a/lib/resolve-environment-action.js b/lib/resolve-environment-action.js index 67cb394e74..729c498f43 100644 --- a/lib/resolve-environment-action.js +++ b/lib/resolve-environment-action.js @@ -24680,6 +24680,9 @@ var require_identifiers = __commonJS({ "use strict"; var numeric = /^[0-9]+$/; var compareIdentifiers = (a, b) => { + if (typeof a === "number" && typeof b === "number") { + return a === b ? 0 : a < b ? -1 : 1; + } const anum = numeric.test(a); const bnum = numeric.test(b); if (anum && bnum) { @@ -24786,7 +24789,25 @@ var require_semver = __commonJS({ if (!(other instanceof _SemVer)) { other = new _SemVer(other, this.options); } - return compareIdentifiers(this.major, other.major) || compareIdentifiers(this.minor, other.minor) || compareIdentifiers(this.patch, other.patch); + if (this.major < other.major) { + return -1; + } + if (this.major > other.major) { + return 1; + } + if (this.minor < other.minor) { + return -1; + } + if (this.minor > other.minor) { + return 1; + } + if (this.patch < other.patch) { + return -1; + } + if (this.patch > other.patch) { + return 1; + } + return 0; } comparePre(other) { if (!(other instanceof _SemVer)) { @@ -25121,8 +25142,8 @@ var require_compare = __commonJS({ "node_modules/semver/functions/compare.js"(exports2, module2) { "use strict"; var SemVer = require_semver(); - var compare = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); - module2.exports = compare; + var compare2 = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); + module2.exports = compare2; } }); @@ -25130,8 +25151,8 @@ var require_compare = __commonJS({ var require_rcompare = __commonJS({ "node_modules/semver/functions/rcompare.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var rcompare = (a, b, loose) => compare(b, a, loose); + var compare2 = require_compare(); + var rcompare = (a, b, loose) => compare2(b, a, loose); module2.exports = rcompare; } }); @@ -25140,8 +25161,8 @@ var require_rcompare = __commonJS({ var require_compare_loose = __commonJS({ "node_modules/semver/functions/compare-loose.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var compareLoose = (a, b) => compare(a, b, true); + var compare2 = require_compare(); + var compareLoose = (a, b) => compare2(a, b, true); module2.exports = compareLoose; } }); @@ -25184,8 +25205,8 @@ var require_rsort = __commonJS({ var require_gt = __commonJS({ "node_modules/semver/functions/gt.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var gt = (a, b, loose) => compare(a, b, loose) > 0; + var compare2 = require_compare(); + var gt = (a, b, loose) => compare2(a, b, loose) > 0; module2.exports = gt; } }); @@ -25194,8 +25215,8 @@ var require_gt = __commonJS({ var require_lt = __commonJS({ "node_modules/semver/functions/lt.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var lt = (a, b, loose) => compare(a, b, loose) < 0; + var compare2 = require_compare(); + var lt = (a, b, loose) => compare2(a, b, loose) < 0; module2.exports = lt; } }); @@ -25204,8 +25225,8 @@ var require_lt = __commonJS({ var require_eq = __commonJS({ "node_modules/semver/functions/eq.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var eq = (a, b, loose) => compare(a, b, loose) === 0; + var compare2 = require_compare(); + var eq = (a, b, loose) => compare2(a, b, loose) === 0; module2.exports = eq; } }); @@ -25214,8 +25235,8 @@ var require_eq = __commonJS({ var require_neq = __commonJS({ "node_modules/semver/functions/neq.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var neq = (a, b, loose) => compare(a, b, loose) !== 0; + var compare2 = require_compare(); + var neq = (a, b, loose) => compare2(a, b, loose) !== 0; module2.exports = neq; } }); @@ -25224,8 +25245,8 @@ var require_neq = __commonJS({ var require_gte = __commonJS({ "node_modules/semver/functions/gte.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var gte5 = (a, b, loose) => compare(a, b, loose) >= 0; + var compare2 = require_compare(); + var gte5 = (a, b, loose) => compare2(a, b, loose) >= 0; module2.exports = gte5; } }); @@ -25234,8 +25255,8 @@ var require_gte = __commonJS({ var require_lte = __commonJS({ "node_modules/semver/functions/lte.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var lte = (a, b, loose) => compare(a, b, loose) <= 0; + var compare2 = require_compare(); + var lte = (a, b, loose) => compare2(a, b, loose) <= 0; module2.exports = lte; } }); @@ -25547,6 +25568,7 @@ var require_range = __commonJS({ return result; }; var parseComparator = (comp, options) => { + comp = comp.replace(re[t.BUILD], ""); debug3("comp", comp, options); comp = replaceCarets(comp, options); debug3("caret", comp); @@ -26131,12 +26153,12 @@ var require_simplify = __commonJS({ "node_modules/semver/ranges/simplify.js"(exports2, module2) { "use strict"; var satisfies2 = require_satisfies(); - var compare = require_compare(); + var compare2 = require_compare(); module2.exports = (versions, range, options) => { const set2 = []; let first = null; let prev = null; - const v = versions.sort((a, b) => compare(a, b, options)); + const v = versions.sort((a, b) => compare2(a, b, options)); for (const version of v) { const included = satisfies2(version, range, options); if (included) { @@ -26184,7 +26206,7 @@ var require_subset = __commonJS({ var Comparator = require_comparator(); var { ANY } = Comparator; var satisfies2 = require_satisfies(); - var compare = require_compare(); + var compare2 = require_compare(); var subset = (sub, dom, options = {}) => { if (sub === dom) { return true; @@ -26244,7 +26266,7 @@ var require_subset = __commonJS({ } let gtltComp; if (gt && lt) { - gtltComp = compare(gt.semver, lt.semver, options); + gtltComp = compare2(gt.semver, lt.semver, options); if (gtltComp > 0) { return null; } else if (gtltComp === 0 && (gt.operator !== ">=" || lt.operator !== "<=")) { @@ -26324,14 +26346,14 @@ var require_subset = __commonJS({ if (!a) { return b; } - const comp = compare(a.semver, b.semver, options); + const comp = compare2(a.semver, b.semver, options); return comp > 0 ? a : comp < 0 ? b : b.operator === ">" && a.operator === ">=" ? b : a; }; var lowerLT = (a, b, options) => { if (!a) { return b; } - const comp = compare(a.semver, b.semver, options); + const comp = compare2(a.semver, b.semver, options); return comp < 0 ? a : comp > 0 ? b : b.operator === "<" && a.operator === "<=" ? b : a; }; module2.exports = subset; @@ -26355,7 +26377,7 @@ var require_semver2 = __commonJS({ var minor = require_minor(); var patch = require_patch(); var prerelease = require_prerelease(); - var compare = require_compare(); + var compare2 = require_compare(); var rcompare = require_rcompare(); var compareLoose = require_compare_loose(); var compareBuild = require_compare_build(); @@ -26393,7 +26415,7 @@ var require_semver2 = __commonJS({ minor, patch, prerelease, - compare, + compare: compare2, rcompare, compareLoose, compareBuild, @@ -26438,7 +26460,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "3.30.8", private: true, description: "CodeQL action", scripts: { @@ -26473,6 +26495,7 @@ var require_package = __commonJS({ "@actions/io": "^1.1.3", "@actions/tool-cache": "^2.0.2", "@octokit/plugin-retry": "^6.0.0", + "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", "check-disk-space": "^3.4.0", @@ -26486,14 +26509,14 @@ var require_package = __commonJS({ long: "^5.3.2", "node-forge": "^1.3.1", octokit: "^5.0.3", - semver: "^7.7.2", + semver: "^7.7.3", uuid: "^13.0.0" }, devDependencies: { "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -26504,7 +26527,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.46.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -26517,7 +26540,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { @@ -30261,13 +30284,13 @@ var require_semver3 = __commonJS({ function patch(a, loose) { return new SemVer(a, loose).patch; } - exports2.compare = compare; - function compare(a, b, loose) { + exports2.compare = compare2; + function compare2(a, b, loose) { return new SemVer(a, loose).compare(new SemVer(b, loose)); } exports2.compareLoose = compareLoose; function compareLoose(a, b) { - return compare(a, b, true); + return compare2(a, b, true); } exports2.compareBuild = compareBuild; function compareBuild(a, b, loose) { @@ -30277,7 +30300,7 @@ var require_semver3 = __commonJS({ } exports2.rcompare = rcompare; function rcompare(a, b, loose) { - return compare(b, a, loose); + return compare2(b, a, loose); } exports2.sort = sort; function sort(list, loose) { @@ -30293,27 +30316,27 @@ var require_semver3 = __commonJS({ } exports2.gt = gt; function gt(a, b, loose) { - return compare(a, b, loose) > 0; + return compare2(a, b, loose) > 0; } exports2.lt = lt; function lt(a, b, loose) { - return compare(a, b, loose) < 0; + return compare2(a, b, loose) < 0; } exports2.eq = eq; function eq(a, b, loose) { - return compare(a, b, loose) === 0; + return compare2(a, b, loose) === 0; } exports2.neq = neq; function neq(a, b, loose) { - return compare(a, b, loose) !== 0; + return compare2(a, b, loose) !== 0; } exports2.gte = gte5; function gte5(a, b, loose) { - return compare(a, b, loose) >= 0; + return compare2(a, b, loose) >= 0; } exports2.lte = lte; function lte(a, b, loose) { - return compare(a, b, loose) <= 0; + return compare2(a, b, loose) <= 0; } exports2.cmp = cmp; function cmp(a, op, b, loose) { @@ -78534,6 +78557,11 @@ function isSupportedToolsFeature(versionInfo, feature) { // src/feature-flags.ts var featureConfig = { + ["allow_toolcache_input" /* AllowToolcacheInput */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_ALLOW_TOOLCACHE_INPUT", + minimumVersion: void 0 + }, ["cleanup_trap_caches" /* CleanupTrapCaches */]: { defaultValue: false, envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", @@ -79439,7 +79467,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi action_ref: actionRef, action_started_at: actionStartedAt.toISOString(), action_version: getActionVersion(), - analysis_kinds: config?.analysisKinds.join(","), + analysis_kinds: config?.analysisKinds?.join(","), analysis_key, build_mode: config?.buildMode, commit_oid: commitOid, @@ -79462,7 +79490,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning(`Could not determine the workflow event name: ${e}.`); } if (config) { - statusReport.languages = config.languages.join(","); + statusReport.languages = config.languages?.join(","); } if (diskInfo) { statusReport.runner_available_disk_space_bytes = diskInfo.numAvailableBytes; diff --git a/lib/start-proxy-action-post.js b/lib/start-proxy-action-post.js index a52eadfc51..e404379014 100644 --- a/lib/start-proxy-action-post.js +++ b/lib/start-proxy-action-post.js @@ -24680,6 +24680,9 @@ var require_identifiers = __commonJS({ "use strict"; var numeric = /^[0-9]+$/; var compareIdentifiers = (a, b) => { + if (typeof a === "number" && typeof b === "number") { + return a === b ? 0 : a < b ? -1 : 1; + } const anum = numeric.test(a); const bnum = numeric.test(b); if (anum && bnum) { @@ -24786,7 +24789,25 @@ var require_semver = __commonJS({ if (!(other instanceof _SemVer)) { other = new _SemVer(other, this.options); } - return compareIdentifiers(this.major, other.major) || compareIdentifiers(this.minor, other.minor) || compareIdentifiers(this.patch, other.patch); + if (this.major < other.major) { + return -1; + } + if (this.major > other.major) { + return 1; + } + if (this.minor < other.minor) { + return -1; + } + if (this.minor > other.minor) { + return 1; + } + if (this.patch < other.patch) { + return -1; + } + if (this.patch > other.patch) { + return 1; + } + return 0; } comparePre(other) { if (!(other instanceof _SemVer)) { @@ -25121,8 +25142,8 @@ var require_compare = __commonJS({ "node_modules/semver/functions/compare.js"(exports2, module2) { "use strict"; var SemVer = require_semver(); - var compare = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); - module2.exports = compare; + var compare2 = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); + module2.exports = compare2; } }); @@ -25130,8 +25151,8 @@ var require_compare = __commonJS({ var require_rcompare = __commonJS({ "node_modules/semver/functions/rcompare.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var rcompare = (a, b, loose) => compare(b, a, loose); + var compare2 = require_compare(); + var rcompare = (a, b, loose) => compare2(b, a, loose); module2.exports = rcompare; } }); @@ -25140,8 +25161,8 @@ var require_rcompare = __commonJS({ var require_compare_loose = __commonJS({ "node_modules/semver/functions/compare-loose.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var compareLoose = (a, b) => compare(a, b, true); + var compare2 = require_compare(); + var compareLoose = (a, b) => compare2(a, b, true); module2.exports = compareLoose; } }); @@ -25184,8 +25205,8 @@ var require_rsort = __commonJS({ var require_gt = __commonJS({ "node_modules/semver/functions/gt.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var gt = (a, b, loose) => compare(a, b, loose) > 0; + var compare2 = require_compare(); + var gt = (a, b, loose) => compare2(a, b, loose) > 0; module2.exports = gt; } }); @@ -25194,8 +25215,8 @@ var require_gt = __commonJS({ var require_lt = __commonJS({ "node_modules/semver/functions/lt.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var lt = (a, b, loose) => compare(a, b, loose) < 0; + var compare2 = require_compare(); + var lt = (a, b, loose) => compare2(a, b, loose) < 0; module2.exports = lt; } }); @@ -25204,8 +25225,8 @@ var require_lt = __commonJS({ var require_eq = __commonJS({ "node_modules/semver/functions/eq.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var eq = (a, b, loose) => compare(a, b, loose) === 0; + var compare2 = require_compare(); + var eq = (a, b, loose) => compare2(a, b, loose) === 0; module2.exports = eq; } }); @@ -25214,8 +25235,8 @@ var require_eq = __commonJS({ var require_neq = __commonJS({ "node_modules/semver/functions/neq.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var neq = (a, b, loose) => compare(a, b, loose) !== 0; + var compare2 = require_compare(); + var neq = (a, b, loose) => compare2(a, b, loose) !== 0; module2.exports = neq; } }); @@ -25224,8 +25245,8 @@ var require_neq = __commonJS({ var require_gte = __commonJS({ "node_modules/semver/functions/gte.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var gte5 = (a, b, loose) => compare(a, b, loose) >= 0; + var compare2 = require_compare(); + var gte5 = (a, b, loose) => compare2(a, b, loose) >= 0; module2.exports = gte5; } }); @@ -25234,8 +25255,8 @@ var require_gte = __commonJS({ var require_lte = __commonJS({ "node_modules/semver/functions/lte.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var lte = (a, b, loose) => compare(a, b, loose) <= 0; + var compare2 = require_compare(); + var lte = (a, b, loose) => compare2(a, b, loose) <= 0; module2.exports = lte; } }); @@ -25547,6 +25568,7 @@ var require_range = __commonJS({ return result; }; var parseComparator = (comp, options) => { + comp = comp.replace(re[t.BUILD], ""); debug2("comp", comp, options); comp = replaceCarets(comp, options); debug2("caret", comp); @@ -26131,12 +26153,12 @@ var require_simplify = __commonJS({ "node_modules/semver/ranges/simplify.js"(exports2, module2) { "use strict"; var satisfies2 = require_satisfies(); - var compare = require_compare(); + var compare2 = require_compare(); module2.exports = (versions, range, options) => { const set2 = []; let first = null; let prev = null; - const v = versions.sort((a, b) => compare(a, b, options)); + const v = versions.sort((a, b) => compare2(a, b, options)); for (const version of v) { const included = satisfies2(version, range, options); if (included) { @@ -26184,7 +26206,7 @@ var require_subset = __commonJS({ var Comparator = require_comparator(); var { ANY } = Comparator; var satisfies2 = require_satisfies(); - var compare = require_compare(); + var compare2 = require_compare(); var subset = (sub, dom, options = {}) => { if (sub === dom) { return true; @@ -26244,7 +26266,7 @@ var require_subset = __commonJS({ } let gtltComp; if (gt && lt) { - gtltComp = compare(gt.semver, lt.semver, options); + gtltComp = compare2(gt.semver, lt.semver, options); if (gtltComp > 0) { return null; } else if (gtltComp === 0 && (gt.operator !== ">=" || lt.operator !== "<=")) { @@ -26324,14 +26346,14 @@ var require_subset = __commonJS({ if (!a) { return b; } - const comp = compare(a.semver, b.semver, options); + const comp = compare2(a.semver, b.semver, options); return comp > 0 ? a : comp < 0 ? b : b.operator === ">" && a.operator === ">=" ? b : a; }; var lowerLT = (a, b, options) => { if (!a) { return b; } - const comp = compare(a.semver, b.semver, options); + const comp = compare2(a.semver, b.semver, options); return comp < 0 ? a : comp > 0 ? b : b.operator === "<" && a.operator === "<=" ? b : a; }; module2.exports = subset; @@ -26355,7 +26377,7 @@ var require_semver2 = __commonJS({ var minor = require_minor(); var patch = require_patch(); var prerelease = require_prerelease(); - var compare = require_compare(); + var compare2 = require_compare(); var rcompare = require_rcompare(); var compareLoose = require_compare_loose(); var compareBuild = require_compare_build(); @@ -26393,7 +26415,7 @@ var require_semver2 = __commonJS({ minor, patch, prerelease, - compare, + compare: compare2, rcompare, compareLoose, compareBuild, @@ -26438,7 +26460,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "3.30.8", private: true, description: "CodeQL action", scripts: { @@ -26473,6 +26495,7 @@ var require_package = __commonJS({ "@actions/io": "^1.1.3", "@actions/tool-cache": "^2.0.2", "@octokit/plugin-retry": "^6.0.0", + "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", "check-disk-space": "^3.4.0", @@ -26486,14 +26509,14 @@ var require_package = __commonJS({ long: "^5.3.2", "node-forge": "^1.3.1", octokit: "^5.0.3", - semver: "^7.7.2", + semver: "^7.7.3", uuid: "^13.0.0" }, devDependencies: { "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -26504,7 +26527,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.46.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -26517,7 +26540,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { @@ -30261,13 +30284,13 @@ var require_semver3 = __commonJS({ function patch(a, loose) { return new SemVer(a, loose).patch; } - exports2.compare = compare; - function compare(a, b, loose) { + exports2.compare = compare2; + function compare2(a, b, loose) { return new SemVer(a, loose).compare(new SemVer(b, loose)); } exports2.compareLoose = compareLoose; function compareLoose(a, b) { - return compare(a, b, true); + return compare2(a, b, true); } exports2.compareBuild = compareBuild; function compareBuild(a, b, loose) { @@ -30277,7 +30300,7 @@ var require_semver3 = __commonJS({ } exports2.rcompare = rcompare; function rcompare(a, b, loose) { - return compare(b, a, loose); + return compare2(b, a, loose); } exports2.sort = sort; function sort(list, loose) { @@ -30293,27 +30316,27 @@ var require_semver3 = __commonJS({ } exports2.gt = gt; function gt(a, b, loose) { - return compare(a, b, loose) > 0; + return compare2(a, b, loose) > 0; } exports2.lt = lt; function lt(a, b, loose) { - return compare(a, b, loose) < 0; + return compare2(a, b, loose) < 0; } exports2.eq = eq; function eq(a, b, loose) { - return compare(a, b, loose) === 0; + return compare2(a, b, loose) === 0; } exports2.neq = neq; function neq(a, b, loose) { - return compare(a, b, loose) !== 0; + return compare2(a, b, loose) !== 0; } exports2.gte = gte5; function gte5(a, b, loose) { - return compare(a, b, loose) >= 0; + return compare2(a, b, loose) >= 0; } exports2.lte = lte; function lte(a, b, loose) { - return compare(a, b, loose) <= 0; + return compare2(a, b, loose) <= 0; } exports2.cmp = cmp; function cmp(a, op, b, loose) { @@ -94483,8 +94506,8 @@ var require_commonjs16 = __commonJS({ if (rootPath === this.root.name) { return this.root; } - for (const [compare, root] of Object.entries(this.roots)) { - if (this.sameRoot(rootPath, compare)) { + for (const [compare2, root] of Object.entries(this.roots)) { + if (this.sameRoot(rootPath, compare2)) { return this.roots[rootPath] = root; } } @@ -94493,9 +94516,9 @@ var require_commonjs16 = __commonJS({ /** * @internal */ - sameRoot(rootPath, compare = this.root.name) { + sameRoot(rootPath, compare2 = this.root.name) { rootPath = rootPath.toUpperCase().replace(/\//g, "\\").replace(uncDriveRegexp, "$1\\"); - return rootPath === compare; + return rootPath === compare2; } }; exports2.PathWin32 = PathWin32; @@ -98514,7 +98537,7 @@ var require_b4a = __commonJS({ function byteLength(string, encoding) { return Buffer.byteLength(string, encoding); } - function compare(a, b) { + function compare2(a, b) { return Buffer.compare(a, b); } function concat(buffers, totalLength) { @@ -98615,7 +98638,7 @@ var require_b4a = __commonJS({ allocUnsafe, allocUnsafeSlow, byteLength, - compare, + compare: compare2, concat, copy, equals, @@ -117214,6 +117237,11 @@ var semver3 = __toESM(require_semver2()); // src/feature-flags.ts var featureConfig = { + ["allow_toolcache_input" /* AllowToolcacheInput */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_ALLOW_TOOLCACHE_INPUT", + minimumVersion: void 0 + }, ["cleanup_trap_caches" /* CleanupTrapCaches */]: { defaultValue: false, envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", diff --git a/lib/start-proxy-action.js b/lib/start-proxy-action.js index f262402cf9..97da96bd7a 100644 --- a/lib/start-proxy-action.js +++ b/lib/start-proxy-action.js @@ -19971,6 +19971,9 @@ var require_identifiers = __commonJS({ "use strict"; var numeric = /^[0-9]+$/; var compareIdentifiers = (a, b) => { + if (typeof a === "number" && typeof b === "number") { + return a === b ? 0 : a < b ? -1 : 1; + } const anum = numeric.test(a); const bnum = numeric.test(b); if (anum && bnum) { @@ -20077,7 +20080,25 @@ var require_semver = __commonJS({ if (!(other instanceof _SemVer)) { other = new _SemVer(other, this.options); } - return compareIdentifiers(this.major, other.major) || compareIdentifiers(this.minor, other.minor) || compareIdentifiers(this.patch, other.patch); + if (this.major < other.major) { + return -1; + } + if (this.major > other.major) { + return 1; + } + if (this.minor < other.minor) { + return -1; + } + if (this.minor > other.minor) { + return 1; + } + if (this.patch < other.patch) { + return -1; + } + if (this.patch > other.patch) { + return 1; + } + return 0; } comparePre(other) { if (!(other instanceof _SemVer)) { @@ -20838,6 +20859,7 @@ var require_range = __commonJS({ return result; }; var parseComparator = (comp, options) => { + comp = comp.replace(re[t.BUILD], ""); debug3("comp", comp, options); comp = replaceCarets(comp, options); debug3("caret", comp); @@ -44974,7 +44996,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "3.30.8", private: true, description: "CodeQL action", scripts: { @@ -45009,6 +45031,7 @@ var require_package = __commonJS({ "@actions/io": "^1.1.3", "@actions/tool-cache": "^2.0.2", "@octokit/plugin-retry": "^6.0.0", + "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", "check-disk-space": "^3.4.0", @@ -45022,14 +45045,14 @@ var require_package = __commonJS({ long: "^5.3.2", "node-forge": "^1.3.1", octokit: "^5.0.3", - semver: "^7.7.2", + semver: "^7.7.3", uuid: "^13.0.0" }, devDependencies: { "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -45040,7 +45063,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.46.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -45053,7 +45076,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { @@ -95087,8 +95110,7 @@ var LANGUAGE_TO_REGISTRY_TYPE = { rust: ["cargo_registry"], go: ["goproxy_server", "git_source"] }; -function getCredentials(logger, registrySecrets, registriesCredentials, languageString) { - const language = languageString ? parseLanguage(languageString) : void 0; +function getCredentials(logger, registrySecrets, registriesCredentials, language) { const registryTypeForLanguage = language ? LANGUAGE_TO_REGISTRY_TYPE[language] : void 0; let credentialsStr; if (registriesCredentials !== void 0) { @@ -95329,6 +95351,11 @@ var semver3 = __toESM(require_semver2()); // src/feature-flags.ts var featureConfig = { + ["allow_toolcache_input" /* AllowToolcacheInput */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_ALLOW_TOOLCACHE_INPUT", + minimumVersion: void 0 + }, ["cleanup_trap_caches" /* CleanupTrapCaches */]: { defaultValue: false, envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", @@ -95589,7 +95616,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi action_ref: actionRef, action_started_at: actionStartedAt.toISOString(), action_version: getActionVersion(), - analysis_kinds: config?.analysisKinds.join(","), + analysis_kinds: config?.analysisKinds?.join(","), analysis_key, build_mode: config?.buildMode, commit_oid: commitOid, @@ -95612,7 +95639,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning(`Could not determine the workflow event name: ${e}.`); } if (config) { - statusReport.languages = config.languages.join(","); + statusReport.languages = config.languages?.join(","); } if (diskInfo) { statusReport.runner_available_disk_space_bytes = diskInfo.numAvailableBytes; @@ -95755,12 +95782,12 @@ function generateCertificateAuthority() { const key = import_node_forge.pki.privateKeyToPem(keys.privateKey); return { cert: pem, key }; } -async function sendSuccessStatusReport(startedAt, registry_types, logger) { +async function sendSuccessStatusReport(startedAt, config, registry_types, logger) { const statusReportBase = await createStatusReportBase( "start-proxy" /* StartProxy */, "success", startedAt, - void 0, + config, await checkDiskUsage(logger), logger ); @@ -95776,15 +95803,18 @@ async function runWrapper() { const startedAt = /* @__PURE__ */ new Date(); persistInputs(); const logger = getActionsLogger(); + let language; try { const tempDir = getTemporaryDirectory(); const proxyLogFilePath = path.resolve(tempDir, "proxy.log"); core11.saveState("proxy-log-file", proxyLogFilePath); + const languageInput = getOptionalInput("language"); + language = languageInput ? parseLanguage(languageInput) : void 0; const credentials = getCredentials( logger, getOptionalInput("registry_secrets"), getOptionalInput("registries_credentials"), - getOptionalInput("language") + language ); if (credentials.length === 0) { logger.info("No credentials found, skipping proxy setup."); @@ -95803,6 +95833,9 @@ async function runWrapper() { await startProxy(proxyBin, proxyConfig, proxyLogFilePath, logger); await sendSuccessStatusReport( startedAt, + { + languages: language && [language] + }, proxyConfig.all_credentials.map((c) => c.type), logger ); @@ -95813,7 +95846,9 @@ async function runWrapper() { "start-proxy" /* StartProxy */, getActionsStatus(error2), startedAt, - void 0, + { + languages: language && [language] + }, await checkDiskUsage(logger), logger ); diff --git a/lib/upload-lib.js b/lib/upload-lib.js index a6342ff212..cfe7beee2d 100644 --- a/lib/upload-lib.js +++ b/lib/upload-lib.js @@ -21899,14 +21899,14 @@ var require_dist_node4 = __commonJS({ var __toCommonJS2 = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod); var dist_src_exports = {}; __export2(dist_src_exports, { - RequestError: () => RequestError + RequestError: () => RequestError2 }); module2.exports = __toCommonJS2(dist_src_exports); var import_deprecation = require_dist_node3(); var import_once = __toESM2(require_once()); var logOnceCode = (0, import_once.default)((deprecation) => console.warn(deprecation)); var logOnceHeaders = (0, import_once.default)((deprecation) => console.warn(deprecation)); - var RequestError = class extends Error { + var RequestError2 = class extends Error { constructor(message, statusCode, options) { super(message); if (Error.captureStackTrace) { @@ -21998,7 +21998,7 @@ var require_dist_node5 = __commonJS({ const Ctor = Object.prototype.hasOwnProperty.call(proto, "constructor") && proto.constructor; return typeof Ctor === "function" && Ctor instanceof Ctor && Function.prototype.call(Ctor) === Function.prototype.call(value); } - var import_request_error = require_dist_node4(); + var import_request_error2 = require_dist_node4(); function getBufferResponse(response) { return response.arrayBuffer(); } @@ -22050,7 +22050,7 @@ var require_dist_node5 = __commonJS({ if (status < 400) { return; } - throw new import_request_error.RequestError(response.statusText, status, { + throw new import_request_error2.RequestError(response.statusText, status, { response: { url: url2, status, @@ -22061,7 +22061,7 @@ var require_dist_node5 = __commonJS({ }); } if (status === 304) { - throw new import_request_error.RequestError("Not modified", status, { + throw new import_request_error2.RequestError("Not modified", status, { response: { url: url2, status, @@ -22073,7 +22073,7 @@ var require_dist_node5 = __commonJS({ } if (status >= 400) { const data = await getResponseData(response); - const error2 = new import_request_error.RequestError(toErrorMessage(data), status, { + const error2 = new import_request_error2.RequestError(toErrorMessage(data), status, { response: { url: url2, status, @@ -22093,7 +22093,7 @@ var require_dist_node5 = __commonJS({ data }; }).catch((error2) => { - if (error2 instanceof import_request_error.RequestError) + if (error2 instanceof import_request_error2.RequestError) throw error2; else if (error2.name === "AbortError") throw error2; @@ -22105,7 +22105,7 @@ var require_dist_node5 = __commonJS({ message = error2.cause; } } - throw new import_request_error.RequestError(message, 500, { + throw new import_request_error2.RequestError(message, 500, { request: requestOptions }); }); @@ -22547,14 +22547,14 @@ var require_dist_node7 = __commonJS({ var __toCommonJS2 = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod); var dist_src_exports = {}; __export2(dist_src_exports, { - RequestError: () => RequestError + RequestError: () => RequestError2 }); module2.exports = __toCommonJS2(dist_src_exports); var import_deprecation = require_dist_node3(); var import_once = __toESM2(require_once()); var logOnceCode = (0, import_once.default)((deprecation) => console.warn(deprecation)); var logOnceHeaders = (0, import_once.default)((deprecation) => console.warn(deprecation)); - var RequestError = class extends Error { + var RequestError2 = class extends Error { constructor(message, statusCode, options) { super(message); if (Error.captureStackTrace) { @@ -22646,7 +22646,7 @@ var require_dist_node8 = __commonJS({ const Ctor = Object.prototype.hasOwnProperty.call(proto, "constructor") && proto.constructor; return typeof Ctor === "function" && Ctor instanceof Ctor && Function.prototype.call(Ctor) === Function.prototype.call(value); } - var import_request_error = require_dist_node7(); + var import_request_error2 = require_dist_node7(); function getBufferResponse(response) { return response.arrayBuffer(); } @@ -22698,7 +22698,7 @@ var require_dist_node8 = __commonJS({ if (status < 400) { return; } - throw new import_request_error.RequestError(response.statusText, status, { + throw new import_request_error2.RequestError(response.statusText, status, { response: { url: url2, status, @@ -22709,7 +22709,7 @@ var require_dist_node8 = __commonJS({ }); } if (status === 304) { - throw new import_request_error.RequestError("Not modified", status, { + throw new import_request_error2.RequestError("Not modified", status, { response: { url: url2, status, @@ -22721,7 +22721,7 @@ var require_dist_node8 = __commonJS({ } if (status >= 400) { const data = await getResponseData(response); - const error2 = new import_request_error.RequestError(toErrorMessage(data), status, { + const error2 = new import_request_error2.RequestError(toErrorMessage(data), status, { response: { url: url2, status, @@ -22741,7 +22741,7 @@ var require_dist_node8 = __commonJS({ data }; }).catch((error2) => { - if (error2 instanceof import_request_error.RequestError) + if (error2 instanceof import_request_error2.RequestError) throw error2; else if (error2.name === "AbortError") throw error2; @@ -22753,7 +22753,7 @@ var require_dist_node8 = __commonJS({ message = error2.cause; } } - throw new import_request_error.RequestError(message, 500, { + throw new import_request_error2.RequestError(message, 500, { request: requestOptions }); }); @@ -26336,7 +26336,7 @@ var require_to_regex_range = __commonJS({ stop = countZeros(max + 1, zeros) - 1; } stops = [...stops]; - stops.sort(compare2); + stops.sort(compare3); return stops; } function rangeToPattern(start, stop, options) { @@ -26408,7 +26408,7 @@ var require_to_regex_range = __commonJS({ for (let i = 0; i < a.length; i++) arr.push([a[i], b[i]]); return arr; } - function compare2(a, b) { + function compare3(a, b) { return a > b ? 1 : b > a ? -1 : 0; } function contains(arr, key, val2) { @@ -31826,6 +31826,9 @@ var require_identifiers = __commonJS({ "use strict"; var numeric = /^[0-9]+$/; var compareIdentifiers = (a, b) => { + if (typeof a === "number" && typeof b === "number") { + return a === b ? 0 : a < b ? -1 : 1; + } const anum = numeric.test(a); const bnum = numeric.test(b); if (anum && bnum) { @@ -31932,7 +31935,25 @@ var require_semver = __commonJS({ if (!(other instanceof _SemVer)) { other = new _SemVer(other, this.options); } - return compareIdentifiers(this.major, other.major) || compareIdentifiers(this.minor, other.minor) || compareIdentifiers(this.patch, other.patch); + if (this.major < other.major) { + return -1; + } + if (this.major > other.major) { + return 1; + } + if (this.minor < other.minor) { + return -1; + } + if (this.minor > other.minor) { + return 1; + } + if (this.patch < other.patch) { + return -1; + } + if (this.patch > other.patch) { + return 1; + } + return 0; } comparePre(other) { if (!(other instanceof _SemVer)) { @@ -32267,8 +32288,8 @@ var require_compare = __commonJS({ "node_modules/semver/functions/compare.js"(exports2, module2) { "use strict"; var SemVer = require_semver(); - var compare2 = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); - module2.exports = compare2; + var compare3 = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); + module2.exports = compare3; } }); @@ -32276,8 +32297,8 @@ var require_compare = __commonJS({ var require_rcompare = __commonJS({ "node_modules/semver/functions/rcompare.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var rcompare = (a, b, loose) => compare2(b, a, loose); + var compare3 = require_compare(); + var rcompare = (a, b, loose) => compare3(b, a, loose); module2.exports = rcompare; } }); @@ -32286,8 +32307,8 @@ var require_rcompare = __commonJS({ var require_compare_loose = __commonJS({ "node_modules/semver/functions/compare-loose.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var compareLoose = (a, b) => compare2(a, b, true); + var compare3 = require_compare(); + var compareLoose = (a, b) => compare3(a, b, true); module2.exports = compareLoose; } }); @@ -32330,8 +32351,8 @@ var require_rsort = __commonJS({ var require_gt = __commonJS({ "node_modules/semver/functions/gt.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var gt = (a, b, loose) => compare2(a, b, loose) > 0; + var compare3 = require_compare(); + var gt = (a, b, loose) => compare3(a, b, loose) > 0; module2.exports = gt; } }); @@ -32340,8 +32361,8 @@ var require_gt = __commonJS({ var require_lt = __commonJS({ "node_modules/semver/functions/lt.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var lt = (a, b, loose) => compare2(a, b, loose) < 0; + var compare3 = require_compare(); + var lt = (a, b, loose) => compare3(a, b, loose) < 0; module2.exports = lt; } }); @@ -32350,8 +32371,8 @@ var require_lt = __commonJS({ var require_eq = __commonJS({ "node_modules/semver/functions/eq.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var eq = (a, b, loose) => compare2(a, b, loose) === 0; + var compare3 = require_compare(); + var eq = (a, b, loose) => compare3(a, b, loose) === 0; module2.exports = eq; } }); @@ -32360,8 +32381,8 @@ var require_eq = __commonJS({ var require_neq = __commonJS({ "node_modules/semver/functions/neq.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var neq = (a, b, loose) => compare2(a, b, loose) !== 0; + var compare3 = require_compare(); + var neq = (a, b, loose) => compare3(a, b, loose) !== 0; module2.exports = neq; } }); @@ -32370,8 +32391,8 @@ var require_neq = __commonJS({ var require_gte = __commonJS({ "node_modules/semver/functions/gte.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var gte5 = (a, b, loose) => compare2(a, b, loose) >= 0; + var compare3 = require_compare(); + var gte5 = (a, b, loose) => compare3(a, b, loose) >= 0; module2.exports = gte5; } }); @@ -32380,8 +32401,8 @@ var require_gte = __commonJS({ var require_lte = __commonJS({ "node_modules/semver/functions/lte.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var lte = (a, b, loose) => compare2(a, b, loose) <= 0; + var compare3 = require_compare(); + var lte = (a, b, loose) => compare3(a, b, loose) <= 0; module2.exports = lte; } }); @@ -32693,6 +32714,7 @@ var require_range = __commonJS({ return result; }; var parseComparator = (comp, options) => { + comp = comp.replace(re[t.BUILD], ""); debug2("comp", comp, options); comp = replaceCarets(comp, options); debug2("caret", comp); @@ -33277,12 +33299,12 @@ var require_simplify = __commonJS({ "node_modules/semver/ranges/simplify.js"(exports2, module2) { "use strict"; var satisfies2 = require_satisfies(); - var compare2 = require_compare(); + var compare3 = require_compare(); module2.exports = (versions, range, options) => { const set2 = []; let first = null; let prev = null; - const v = versions.sort((a, b) => compare2(a, b, options)); + const v = versions.sort((a, b) => compare3(a, b, options)); for (const version of v) { const included = satisfies2(version, range, options); if (included) { @@ -33330,7 +33352,7 @@ var require_subset = __commonJS({ var Comparator = require_comparator(); var { ANY } = Comparator; var satisfies2 = require_satisfies(); - var compare2 = require_compare(); + var compare3 = require_compare(); var subset = (sub, dom, options = {}) => { if (sub === dom) { return true; @@ -33390,7 +33412,7 @@ var require_subset = __commonJS({ } let gtltComp; if (gt && lt) { - gtltComp = compare2(gt.semver, lt.semver, options); + gtltComp = compare3(gt.semver, lt.semver, options); if (gtltComp > 0) { return null; } else if (gtltComp === 0 && (gt.operator !== ">=" || lt.operator !== "<=")) { @@ -33470,14 +33492,14 @@ var require_subset = __commonJS({ if (!a) { return b; } - const comp = compare2(a.semver, b.semver, options); + const comp = compare3(a.semver, b.semver, options); return comp > 0 ? a : comp < 0 ? b : b.operator === ">" && a.operator === ">=" ? b : a; }; var lowerLT = (a, b, options) => { if (!a) { return b; } - const comp = compare2(a.semver, b.semver, options); + const comp = compare3(a.semver, b.semver, options); return comp < 0 ? a : comp > 0 ? b : b.operator === "<" && a.operator === "<=" ? b : a; }; module2.exports = subset; @@ -33501,7 +33523,7 @@ var require_semver2 = __commonJS({ var minor = require_minor(); var patch = require_patch(); var prerelease = require_prerelease(); - var compare2 = require_compare(); + var compare3 = require_compare(); var rcompare = require_rcompare(); var compareLoose = require_compare_loose(); var compareBuild = require_compare_build(); @@ -33539,7 +33561,7 @@ var require_semver2 = __commonJS({ minor, patch, prerelease, - compare: compare2, + compare: compare3, rcompare, compareLoose, compareBuild, @@ -33584,7 +33606,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "3.30.8", private: true, description: "CodeQL action", scripts: { @@ -33619,6 +33641,7 @@ var require_package = __commonJS({ "@actions/io": "^1.1.3", "@actions/tool-cache": "^2.0.2", "@octokit/plugin-retry": "^6.0.0", + "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", "check-disk-space": "^3.4.0", @@ -33632,14 +33655,14 @@ var require_package = __commonJS({ long: "^5.3.2", "node-forge": "^1.3.1", octokit: "^5.0.3", - semver: "^7.7.2", + semver: "^7.7.3", uuid: "^13.0.0" }, devDependencies: { "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -33650,7 +33673,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.46.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -33663,7 +33686,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { @@ -35042,14 +35065,14 @@ var require_dist_node14 = __commonJS({ var __toCommonJS2 = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod); var dist_src_exports = {}; __export2(dist_src_exports, { - RequestError: () => RequestError + RequestError: () => RequestError2 }); module2.exports = __toCommonJS2(dist_src_exports); var import_deprecation = require_dist_node3(); var import_once = __toESM2(require_once()); var logOnceCode = (0, import_once.default)((deprecation) => console.warn(deprecation)); var logOnceHeaders = (0, import_once.default)((deprecation) => console.warn(deprecation)); - var RequestError = class extends Error { + var RequestError2 = class extends Error { constructor(message, statusCode, options) { super(message); if (Error.captureStackTrace) { @@ -35151,7 +35174,7 @@ var require_dist_node15 = __commonJS({ throw error2; } var import_light = __toESM2(require_light()); - var import_request_error = require_dist_node14(); + var import_request_error2 = require_dist_node14(); async function wrapRequest(state, octokit, request, options) { const limiter = new import_light.default(); limiter.on("failed", function(error2, info4) { @@ -35172,7 +35195,7 @@ var require_dist_node15 = __commonJS({ if (response.data && response.data.errors && response.data.errors.length > 0 && /Something went wrong while executing your query/.test( response.data.errors[0].message )) { - const error2 = new import_request_error.RequestError(response.data.errors[0].message, 500, { + const error2 = new import_request_error2.RequestError(response.data.errors[0].message, 500, { request: options, response }); @@ -37407,13 +37430,13 @@ var require_semver3 = __commonJS({ function patch(a, loose) { return new SemVer(a, loose).patch; } - exports2.compare = compare2; - function compare2(a, b, loose) { + exports2.compare = compare3; + function compare3(a, b, loose) { return new SemVer(a, loose).compare(new SemVer(b, loose)); } exports2.compareLoose = compareLoose; function compareLoose(a, b) { - return compare2(a, b, true); + return compare3(a, b, true); } exports2.compareBuild = compareBuild; function compareBuild(a, b, loose) { @@ -37423,7 +37446,7 @@ var require_semver3 = __commonJS({ } exports2.rcompare = rcompare; function rcompare(a, b, loose) { - return compare2(b, a, loose); + return compare3(b, a, loose); } exports2.sort = sort; function sort(list, loose) { @@ -37439,27 +37462,27 @@ var require_semver3 = __commonJS({ } exports2.gt = gt; function gt(a, b, loose) { - return compare2(a, b, loose) > 0; + return compare3(a, b, loose) > 0; } exports2.lt = lt; function lt(a, b, loose) { - return compare2(a, b, loose) < 0; + return compare3(a, b, loose) < 0; } exports2.eq = eq; function eq(a, b, loose) { - return compare2(a, b, loose) === 0; + return compare3(a, b, loose) === 0; } exports2.neq = neq; function neq(a, b, loose) { - return compare2(a, b, loose) !== 0; + return compare3(a, b, loose) !== 0; } exports2.gte = gte5; function gte5(a, b, loose) { - return compare2(a, b, loose) >= 0; + return compare3(a, b, loose) >= 0; } exports2.lte = lte; function lte(a, b, loose) { - return compare2(a, b, loose) <= 0; + return compare3(a, b, loose) <= 0; } exports2.cmp = cmp; function cmp(a, op, b, loose) { @@ -84830,6 +84853,7 @@ __export(upload_lib_exports, { shouldShowCombineSarifFilesDeprecationWarning: () => shouldShowCombineSarifFilesDeprecationWarning, throwIfCombineSarifFilesDisabled: () => throwIfCombineSarifFilesDisabled, uploadFiles: () => uploadFiles, + uploadPayload: () => uploadPayload, uploadSpecifiedFiles: () => uploadSpecifiedFiles, validateSarifFileSchema: () => validateSarifFileSchema, validateUniqueCategory: () => validateUniqueCategory, @@ -88340,6 +88364,9 @@ function isGoodVersion(versionSpec) { function isInTestMode() { return process.env["CODEQL_ACTION_TEST_MODE" /* TEST_MODE */] === "true"; } +function shouldSkipSarifUpload() { + return isInTestMode() || process.env["CODEQL_ACTION_SKIP_SARIF_UPLOAD" /* SKIP_SARIF_UPLOAD */] === "true"; +} function getTestingEnvironment() { const testingEnvironment = process.env["CODEQL_ACTION_TESTING_ENVIRONMENT" /* TESTING_ENVIRONMENT */] || ""; if (testingEnvironment === "") { @@ -88474,9 +88501,12 @@ function getWorkflowRunAttempt() { } return workflowRunAttempt; } -function isDefaultSetup() { +function isDynamicWorkflow() { return getWorkflowEventName() === "dynamic"; } +function isDefaultSetup() { + return isDynamicWorkflow(); +} function prettyPrintInvocation(cmd, args) { return [cmd, ...args].map((x) => x.includes(" ") ? `'${x}'` : x).join(" "); } @@ -88735,6 +88765,45 @@ var path12 = __toESM(require("path")); var core10 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); +// node_modules/@octokit/request-error/dist-src/index.js +var RequestError = class extends Error { + name; + /** + * http status code + */ + status; + /** + * Request options that lead to the error. + */ + request; + /** + * Response object if a response was received + */ + response; + constructor(message, statusCode, options) { + super(message); + this.name = "HttpError"; + this.status = Number.parseInt(statusCode); + if (Number.isNaN(this.status)) { + this.status = 0; + } + if ("response" in options) { + this.response = options.response; + } + const requestCopy = Object.assign({}, options.request); + if (options.request.headers.authorization) { + requestCopy.headers = Object.assign({}, options.request.headers, { + authorization: options.request.headers.authorization.replace( + /(? semver7.compare(b, a)); + logger.debug( + `Found the following versions of the CodeQL tools in the toolcache: ${JSON.stringify( + allVersions + )}.` + ); + if (allVersions.length > 0) { + const latestToolcacheVersion = allVersions[0]; + logger.info( + `CLI version ${latestToolcacheVersion} is the latest version in the toolcache.` + ); + return latestToolcacheVersion; + } + return void 0; +} function isReservedToolsValue(tools) { - return CODEQL_BUNDLE_VERSION_ALIAS.includes(tools) || CODEQL_NIGHTLY_TOOLS_INPUTS.includes(tools); + return CODEQL_BUNDLE_VERSION_ALIAS.includes(tools) || CODEQL_NIGHTLY_TOOLS_INPUTS.includes(tools) || tools === CODEQL_TOOLCACHE_INPUT; } // src/tracer-config.ts @@ -90434,7 +90560,7 @@ var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19"; var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; var CODEQL_VERSION_CACHE_CLEANUP = "2.17.1"; -async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, checkVersion) { +async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) { try { const { codeqlFolder, @@ -90448,6 +90574,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV tempDir, variant, defaultCliVersion, + features, logger ); logger.debug( @@ -90472,7 +90599,8 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV zstdAvailability }; } catch (e) { - const ErrorClass = e instanceof ConfigurationError || e instanceof Error && e.message.includes("ENOSPC") ? ConfigurationError : Error; + const ErrorClass = e instanceof ConfigurationError || e instanceof Error && e.message.includes("ENOSPC") || // out of disk space + e instanceof RequestError && e.status === 429 ? ConfigurationError : Error; throw new ErrorClass( `Unable to download and extract CodeQL CLI: ${getErrorMessage(e)}${e instanceof Error && e.stack ? ` @@ -91599,7 +91727,7 @@ LongPrototype.greaterThanOrEqual = function greaterThanOrEqual(other) { }; LongPrototype.gte = LongPrototype.greaterThanOrEqual; LongPrototype.ge = LongPrototype.greaterThanOrEqual; -LongPrototype.compare = function compare(other) { +LongPrototype.compare = function compare2(other) { if (!isLong(other)) other = fromValue(other); if (this.eq(other)) return 0; var thisNeg = this.isNegative(), otherNeg = other.isNegative(); @@ -92150,7 +92278,7 @@ async function addFingerprints(sarif, sourceRoot, logger) { // src/init.ts var toolrunner4 = __toESM(require_toolrunner()); var io5 = __toESM(require_io()); -async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) { +async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) { logger.startGroup("Setup CodeQL tools"); const { codeql, @@ -92164,6 +92292,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe tempDir, variant, defaultCliVersion, + features, logger, true ); @@ -92310,6 +92439,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo tempDir, gitHubVersion.type, codeQLDefaultVersionInfo, + features, logger ); codeQL = initCodeQLResult.codeql; @@ -92365,23 +92495,23 @@ function getAutomationID2(category, analysis_key, environment) { } return computeAutomationID(analysis_key, environment); } -async function uploadPayload(payload, repositoryNwo, logger, target) { +async function uploadPayload(payload, repositoryNwo, logger, analysis) { logger.info("Uploading results"); - if (isInTestMode()) { + if (shouldSkipSarifUpload()) { const payloadSaveFile = path14.join( getTemporaryDirectory(), - "payload.json" + `payload-${analysis.kind}.json` ); logger.info( - `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}` + `SARIF upload disabled by an environment variable. Saving to ${payloadSaveFile}` ); logger.info(`Payload: ${JSON.stringify(payload, null, 2)}`); fs13.writeFileSync(payloadSaveFile, JSON.stringify(payload, null, 2)); - return "test-mode-sarif-id"; + return "dummy-sarif-id"; } const client = getApiClient(); try { - const response = await client.request(target, { + const response = await client.request(analysis.target, { owner: repositoryNwo.owner, repo: repositoryNwo.repo, data: payload @@ -92663,7 +92793,7 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features payload, getRepositoryNwo(), logger, - uploadTarget.target + uploadTarget ); logger.endGroup(); return { @@ -92855,6 +92985,7 @@ function filterAlertsByDiffRange(logger, sarif) { shouldShowCombineSarifFilesDeprecationWarning, throwIfCombineSarifFilesDisabled, uploadFiles, + uploadPayload, uploadSpecifiedFiles, validateSarifFileSchema, validateUniqueCategory, diff --git a/lib/upload-sarif-action-post.js b/lib/upload-sarif-action-post.js index 233b73d473..67ac3d11f6 100644 --- a/lib/upload-sarif-action-post.js +++ b/lib/upload-sarif-action-post.js @@ -24680,6 +24680,9 @@ var require_identifiers = __commonJS({ "use strict"; var numeric = /^[0-9]+$/; var compareIdentifiers = (a, b) => { + if (typeof a === "number" && typeof b === "number") { + return a === b ? 0 : a < b ? -1 : 1; + } const anum = numeric.test(a); const bnum = numeric.test(b); if (anum && bnum) { @@ -24786,7 +24789,25 @@ var require_semver = __commonJS({ if (!(other instanceof _SemVer)) { other = new _SemVer(other, this.options); } - return compareIdentifiers(this.major, other.major) || compareIdentifiers(this.minor, other.minor) || compareIdentifiers(this.patch, other.patch); + if (this.major < other.major) { + return -1; + } + if (this.major > other.major) { + return 1; + } + if (this.minor < other.minor) { + return -1; + } + if (this.minor > other.minor) { + return 1; + } + if (this.patch < other.patch) { + return -1; + } + if (this.patch > other.patch) { + return 1; + } + return 0; } comparePre(other) { if (!(other instanceof _SemVer)) { @@ -25121,8 +25142,8 @@ var require_compare = __commonJS({ "node_modules/semver/functions/compare.js"(exports2, module2) { "use strict"; var SemVer = require_semver(); - var compare = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); - module2.exports = compare; + var compare2 = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); + module2.exports = compare2; } }); @@ -25130,8 +25151,8 @@ var require_compare = __commonJS({ var require_rcompare = __commonJS({ "node_modules/semver/functions/rcompare.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var rcompare = (a, b, loose) => compare(b, a, loose); + var compare2 = require_compare(); + var rcompare = (a, b, loose) => compare2(b, a, loose); module2.exports = rcompare; } }); @@ -25140,8 +25161,8 @@ var require_rcompare = __commonJS({ var require_compare_loose = __commonJS({ "node_modules/semver/functions/compare-loose.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var compareLoose = (a, b) => compare(a, b, true); + var compare2 = require_compare(); + var compareLoose = (a, b) => compare2(a, b, true); module2.exports = compareLoose; } }); @@ -25184,8 +25205,8 @@ var require_rsort = __commonJS({ var require_gt = __commonJS({ "node_modules/semver/functions/gt.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var gt = (a, b, loose) => compare(a, b, loose) > 0; + var compare2 = require_compare(); + var gt = (a, b, loose) => compare2(a, b, loose) > 0; module2.exports = gt; } }); @@ -25194,8 +25215,8 @@ var require_gt = __commonJS({ var require_lt = __commonJS({ "node_modules/semver/functions/lt.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var lt = (a, b, loose) => compare(a, b, loose) < 0; + var compare2 = require_compare(); + var lt = (a, b, loose) => compare2(a, b, loose) < 0; module2.exports = lt; } }); @@ -25204,8 +25225,8 @@ var require_lt = __commonJS({ var require_eq = __commonJS({ "node_modules/semver/functions/eq.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var eq = (a, b, loose) => compare(a, b, loose) === 0; + var compare2 = require_compare(); + var eq = (a, b, loose) => compare2(a, b, loose) === 0; module2.exports = eq; } }); @@ -25214,8 +25235,8 @@ var require_eq = __commonJS({ var require_neq = __commonJS({ "node_modules/semver/functions/neq.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var neq = (a, b, loose) => compare(a, b, loose) !== 0; + var compare2 = require_compare(); + var neq = (a, b, loose) => compare2(a, b, loose) !== 0; module2.exports = neq; } }); @@ -25224,8 +25245,8 @@ var require_neq = __commonJS({ var require_gte = __commonJS({ "node_modules/semver/functions/gte.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var gte5 = (a, b, loose) => compare(a, b, loose) >= 0; + var compare2 = require_compare(); + var gte5 = (a, b, loose) => compare2(a, b, loose) >= 0; module2.exports = gte5; } }); @@ -25234,8 +25255,8 @@ var require_gte = __commonJS({ var require_lte = __commonJS({ "node_modules/semver/functions/lte.js"(exports2, module2) { "use strict"; - var compare = require_compare(); - var lte = (a, b, loose) => compare(a, b, loose) <= 0; + var compare2 = require_compare(); + var lte = (a, b, loose) => compare2(a, b, loose) <= 0; module2.exports = lte; } }); @@ -25547,6 +25568,7 @@ var require_range = __commonJS({ return result; }; var parseComparator = (comp, options) => { + comp = comp.replace(re[t.BUILD], ""); debug2("comp", comp, options); comp = replaceCarets(comp, options); debug2("caret", comp); @@ -26131,12 +26153,12 @@ var require_simplify = __commonJS({ "node_modules/semver/ranges/simplify.js"(exports2, module2) { "use strict"; var satisfies2 = require_satisfies(); - var compare = require_compare(); + var compare2 = require_compare(); module2.exports = (versions, range, options) => { const set2 = []; let first = null; let prev = null; - const v = versions.sort((a, b) => compare(a, b, options)); + const v = versions.sort((a, b) => compare2(a, b, options)); for (const version of v) { const included = satisfies2(version, range, options); if (included) { @@ -26184,7 +26206,7 @@ var require_subset = __commonJS({ var Comparator = require_comparator(); var { ANY } = Comparator; var satisfies2 = require_satisfies(); - var compare = require_compare(); + var compare2 = require_compare(); var subset = (sub, dom, options = {}) => { if (sub === dom) { return true; @@ -26244,7 +26266,7 @@ var require_subset = __commonJS({ } let gtltComp; if (gt && lt) { - gtltComp = compare(gt.semver, lt.semver, options); + gtltComp = compare2(gt.semver, lt.semver, options); if (gtltComp > 0) { return null; } else if (gtltComp === 0 && (gt.operator !== ">=" || lt.operator !== "<=")) { @@ -26324,14 +26346,14 @@ var require_subset = __commonJS({ if (!a) { return b; } - const comp = compare(a.semver, b.semver, options); + const comp = compare2(a.semver, b.semver, options); return comp > 0 ? a : comp < 0 ? b : b.operator === ">" && a.operator === ">=" ? b : a; }; var lowerLT = (a, b, options) => { if (!a) { return b; } - const comp = compare(a.semver, b.semver, options); + const comp = compare2(a.semver, b.semver, options); return comp < 0 ? a : comp > 0 ? b : b.operator === "<" && a.operator === "<=" ? b : a; }; module2.exports = subset; @@ -26355,7 +26377,7 @@ var require_semver2 = __commonJS({ var minor = require_minor(); var patch = require_patch(); var prerelease = require_prerelease(); - var compare = require_compare(); + var compare2 = require_compare(); var rcompare = require_rcompare(); var compareLoose = require_compare_loose(); var compareBuild = require_compare_build(); @@ -26393,7 +26415,7 @@ var require_semver2 = __commonJS({ minor, patch, prerelease, - compare, + compare: compare2, rcompare, compareLoose, compareBuild, @@ -26438,7 +26460,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "3.30.8", private: true, description: "CodeQL action", scripts: { @@ -26473,6 +26495,7 @@ var require_package = __commonJS({ "@actions/io": "^1.1.3", "@actions/tool-cache": "^2.0.2", "@octokit/plugin-retry": "^6.0.0", + "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", "check-disk-space": "^3.4.0", @@ -26486,14 +26509,14 @@ var require_package = __commonJS({ long: "^5.3.2", "node-forge": "^1.3.1", octokit: "^5.0.3", - semver: "^7.7.2", + semver: "^7.7.3", uuid: "^13.0.0" }, devDependencies: { "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -26504,7 +26527,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.46.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -26517,7 +26540,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { @@ -88567,8 +88590,8 @@ var require_commonjs16 = __commonJS({ if (rootPath === this.root.name) { return this.root; } - for (const [compare, root] of Object.entries(this.roots)) { - if (this.sameRoot(rootPath, compare)) { + for (const [compare2, root] of Object.entries(this.roots)) { + if (this.sameRoot(rootPath, compare2)) { return this.roots[rootPath] = root; } } @@ -88577,9 +88600,9 @@ var require_commonjs16 = __commonJS({ /** * @internal */ - sameRoot(rootPath, compare = this.root.name) { + sameRoot(rootPath, compare2 = this.root.name) { rootPath = rootPath.toUpperCase().replace(/\//g, "\\").replace(uncDriveRegexp, "$1\\"); - return rootPath === compare; + return rootPath === compare2; } }; exports2.PathWin32 = PathWin32; @@ -92598,7 +92621,7 @@ var require_b4a = __commonJS({ function byteLength(string, encoding) { return Buffer.byteLength(string, encoding); } - function compare(a, b) { + function compare2(a, b) { return Buffer.compare(a, b); } function concat(buffers, totalLength) { @@ -92699,7 +92722,7 @@ var require_b4a = __commonJS({ allocUnsafe, allocUnsafeSlow, byteLength, - compare, + compare: compare2, concat, copy, equals, @@ -108085,13 +108108,13 @@ var require_semver3 = __commonJS({ function patch(a, loose) { return new SemVer(a, loose).patch; } - exports2.compare = compare; - function compare(a, b, loose) { + exports2.compare = compare2; + function compare2(a, b, loose) { return new SemVer(a, loose).compare(new SemVer(b, loose)); } exports2.compareLoose = compareLoose; function compareLoose(a, b) { - return compare(a, b, true); + return compare2(a, b, true); } exports2.compareBuild = compareBuild; function compareBuild(a, b, loose) { @@ -108101,7 +108124,7 @@ var require_semver3 = __commonJS({ } exports2.rcompare = rcompare; function rcompare(a, b, loose) { - return compare(b, a, loose); + return compare2(b, a, loose); } exports2.sort = sort; function sort(list, loose) { @@ -108117,27 +108140,27 @@ var require_semver3 = __commonJS({ } exports2.gt = gt; function gt(a, b, loose) { - return compare(a, b, loose) > 0; + return compare2(a, b, loose) > 0; } exports2.lt = lt; function lt(a, b, loose) { - return compare(a, b, loose) < 0; + return compare2(a, b, loose) < 0; } exports2.eq = eq; function eq(a, b, loose) { - return compare(a, b, loose) === 0; + return compare2(a, b, loose) === 0; } exports2.neq = neq; function neq(a, b, loose) { - return compare(a, b, loose) !== 0; + return compare2(a, b, loose) !== 0; } exports2.gte = gte5; function gte5(a, b, loose) { - return compare(a, b, loose) >= 0; + return compare2(a, b, loose) >= 0; } exports2.lte = lte; function lte(a, b, loose) { - return compare(a, b, loose) <= 0; + return compare2(a, b, loose) <= 0; } exports2.cmp = cmp; function cmp(a, op, b, loose) { @@ -117377,6 +117400,11 @@ function isSafeArtifactUpload(codeQlVersion) { // src/feature-flags.ts var featureConfig = { + ["allow_toolcache_input" /* AllowToolcacheInput */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_ALLOW_TOOLCACHE_INPUT", + minimumVersion: void 0 + }, ["cleanup_trap_caches" /* CleanupTrapCaches */]: { defaultValue: false, envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js index 7ad72583b5..291a37ba21 100644 --- a/lib/upload-sarif-action.js +++ b/lib/upload-sarif-action.js @@ -20602,14 +20602,14 @@ var require_dist_node4 = __commonJS({ var __toCommonJS2 = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod); var dist_src_exports = {}; __export2(dist_src_exports, { - RequestError: () => RequestError + RequestError: () => RequestError2 }); module2.exports = __toCommonJS2(dist_src_exports); var import_deprecation = require_dist_node3(); var import_once = __toESM2(require_once()); var logOnceCode = (0, import_once.default)((deprecation) => console.warn(deprecation)); var logOnceHeaders = (0, import_once.default)((deprecation) => console.warn(deprecation)); - var RequestError = class extends Error { + var RequestError2 = class extends Error { constructor(message, statusCode, options) { super(message); if (Error.captureStackTrace) { @@ -20701,7 +20701,7 @@ var require_dist_node5 = __commonJS({ const Ctor = Object.prototype.hasOwnProperty.call(proto, "constructor") && proto.constructor; return typeof Ctor === "function" && Ctor instanceof Ctor && Function.prototype.call(Ctor) === Function.prototype.call(value); } - var import_request_error = require_dist_node4(); + var import_request_error2 = require_dist_node4(); function getBufferResponse(response) { return response.arrayBuffer(); } @@ -20753,7 +20753,7 @@ var require_dist_node5 = __commonJS({ if (status < 400) { return; } - throw new import_request_error.RequestError(response.statusText, status, { + throw new import_request_error2.RequestError(response.statusText, status, { response: { url: url2, status, @@ -20764,7 +20764,7 @@ var require_dist_node5 = __commonJS({ }); } if (status === 304) { - throw new import_request_error.RequestError("Not modified", status, { + throw new import_request_error2.RequestError("Not modified", status, { response: { url: url2, status, @@ -20776,7 +20776,7 @@ var require_dist_node5 = __commonJS({ } if (status >= 400) { const data = await getResponseData(response); - const error2 = new import_request_error.RequestError(toErrorMessage(data), status, { + const error2 = new import_request_error2.RequestError(toErrorMessage(data), status, { response: { url: url2, status, @@ -20796,7 +20796,7 @@ var require_dist_node5 = __commonJS({ data }; }).catch((error2) => { - if (error2 instanceof import_request_error.RequestError) + if (error2 instanceof import_request_error2.RequestError) throw error2; else if (error2.name === "AbortError") throw error2; @@ -20808,7 +20808,7 @@ var require_dist_node5 = __commonJS({ message = error2.cause; } } - throw new import_request_error.RequestError(message, 500, { + throw new import_request_error2.RequestError(message, 500, { request: requestOptions }); }); @@ -21250,14 +21250,14 @@ var require_dist_node7 = __commonJS({ var __toCommonJS2 = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod); var dist_src_exports = {}; __export2(dist_src_exports, { - RequestError: () => RequestError + RequestError: () => RequestError2 }); module2.exports = __toCommonJS2(dist_src_exports); var import_deprecation = require_dist_node3(); var import_once = __toESM2(require_once()); var logOnceCode = (0, import_once.default)((deprecation) => console.warn(deprecation)); var logOnceHeaders = (0, import_once.default)((deprecation) => console.warn(deprecation)); - var RequestError = class extends Error { + var RequestError2 = class extends Error { constructor(message, statusCode, options) { super(message); if (Error.captureStackTrace) { @@ -21349,7 +21349,7 @@ var require_dist_node8 = __commonJS({ const Ctor = Object.prototype.hasOwnProperty.call(proto, "constructor") && proto.constructor; return typeof Ctor === "function" && Ctor instanceof Ctor && Function.prototype.call(Ctor) === Function.prototype.call(value); } - var import_request_error = require_dist_node7(); + var import_request_error2 = require_dist_node7(); function getBufferResponse(response) { return response.arrayBuffer(); } @@ -21401,7 +21401,7 @@ var require_dist_node8 = __commonJS({ if (status < 400) { return; } - throw new import_request_error.RequestError(response.statusText, status, { + throw new import_request_error2.RequestError(response.statusText, status, { response: { url: url2, status, @@ -21412,7 +21412,7 @@ var require_dist_node8 = __commonJS({ }); } if (status === 304) { - throw new import_request_error.RequestError("Not modified", status, { + throw new import_request_error2.RequestError("Not modified", status, { response: { url: url2, status, @@ -21424,7 +21424,7 @@ var require_dist_node8 = __commonJS({ } if (status >= 400) { const data = await getResponseData(response); - const error2 = new import_request_error.RequestError(toErrorMessage(data), status, { + const error2 = new import_request_error2.RequestError(toErrorMessage(data), status, { response: { url: url2, status, @@ -21444,7 +21444,7 @@ var require_dist_node8 = __commonJS({ data }; }).catch((error2) => { - if (error2 instanceof import_request_error.RequestError) + if (error2 instanceof import_request_error2.RequestError) throw error2; else if (error2.name === "AbortError") throw error2; @@ -21456,7 +21456,7 @@ var require_dist_node8 = __commonJS({ message = error2.cause; } } - throw new import_request_error.RequestError(message, 500, { + throw new import_request_error2.RequestError(message, 500, { request: requestOptions }); }); @@ -25039,7 +25039,7 @@ var require_to_regex_range = __commonJS({ stop = countZeros(max + 1, zeros) - 1; } stops = [...stops]; - stops.sort(compare2); + stops.sort(compare3); return stops; } function rangeToPattern(start, stop, options) { @@ -25111,7 +25111,7 @@ var require_to_regex_range = __commonJS({ for (let i = 0; i < a.length; i++) arr.push([a[i], b[i]]); return arr; } - function compare2(a, b) { + function compare3(a, b) { return a > b ? 1 : b > a ? -1 : 0; } function contains(arr, key, val2) { @@ -30529,6 +30529,9 @@ var require_identifiers = __commonJS({ "use strict"; var numeric = /^[0-9]+$/; var compareIdentifiers = (a, b) => { + if (typeof a === "number" && typeof b === "number") { + return a === b ? 0 : a < b ? -1 : 1; + } const anum = numeric.test(a); const bnum = numeric.test(b); if (anum && bnum) { @@ -30635,7 +30638,25 @@ var require_semver = __commonJS({ if (!(other instanceof _SemVer)) { other = new _SemVer(other, this.options); } - return compareIdentifiers(this.major, other.major) || compareIdentifiers(this.minor, other.minor) || compareIdentifiers(this.patch, other.patch); + if (this.major < other.major) { + return -1; + } + if (this.major > other.major) { + return 1; + } + if (this.minor < other.minor) { + return -1; + } + if (this.minor > other.minor) { + return 1; + } + if (this.patch < other.patch) { + return -1; + } + if (this.patch > other.patch) { + return 1; + } + return 0; } comparePre(other) { if (!(other instanceof _SemVer)) { @@ -30970,8 +30991,8 @@ var require_compare = __commonJS({ "node_modules/semver/functions/compare.js"(exports2, module2) { "use strict"; var SemVer = require_semver(); - var compare2 = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); - module2.exports = compare2; + var compare3 = (a, b, loose) => new SemVer(a, loose).compare(new SemVer(b, loose)); + module2.exports = compare3; } }); @@ -30979,8 +31000,8 @@ var require_compare = __commonJS({ var require_rcompare = __commonJS({ "node_modules/semver/functions/rcompare.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var rcompare = (a, b, loose) => compare2(b, a, loose); + var compare3 = require_compare(); + var rcompare = (a, b, loose) => compare3(b, a, loose); module2.exports = rcompare; } }); @@ -30989,8 +31010,8 @@ var require_rcompare = __commonJS({ var require_compare_loose = __commonJS({ "node_modules/semver/functions/compare-loose.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var compareLoose = (a, b) => compare2(a, b, true); + var compare3 = require_compare(); + var compareLoose = (a, b) => compare3(a, b, true); module2.exports = compareLoose; } }); @@ -31033,8 +31054,8 @@ var require_rsort = __commonJS({ var require_gt = __commonJS({ "node_modules/semver/functions/gt.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var gt = (a, b, loose) => compare2(a, b, loose) > 0; + var compare3 = require_compare(); + var gt = (a, b, loose) => compare3(a, b, loose) > 0; module2.exports = gt; } }); @@ -31043,8 +31064,8 @@ var require_gt = __commonJS({ var require_lt = __commonJS({ "node_modules/semver/functions/lt.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var lt = (a, b, loose) => compare2(a, b, loose) < 0; + var compare3 = require_compare(); + var lt = (a, b, loose) => compare3(a, b, loose) < 0; module2.exports = lt; } }); @@ -31053,8 +31074,8 @@ var require_lt = __commonJS({ var require_eq = __commonJS({ "node_modules/semver/functions/eq.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var eq = (a, b, loose) => compare2(a, b, loose) === 0; + var compare3 = require_compare(); + var eq = (a, b, loose) => compare3(a, b, loose) === 0; module2.exports = eq; } }); @@ -31063,8 +31084,8 @@ var require_eq = __commonJS({ var require_neq = __commonJS({ "node_modules/semver/functions/neq.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var neq = (a, b, loose) => compare2(a, b, loose) !== 0; + var compare3 = require_compare(); + var neq = (a, b, loose) => compare3(a, b, loose) !== 0; module2.exports = neq; } }); @@ -31073,8 +31094,8 @@ var require_neq = __commonJS({ var require_gte = __commonJS({ "node_modules/semver/functions/gte.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var gte5 = (a, b, loose) => compare2(a, b, loose) >= 0; + var compare3 = require_compare(); + var gte5 = (a, b, loose) => compare3(a, b, loose) >= 0; module2.exports = gte5; } }); @@ -31083,8 +31104,8 @@ var require_gte = __commonJS({ var require_lte = __commonJS({ "node_modules/semver/functions/lte.js"(exports2, module2) { "use strict"; - var compare2 = require_compare(); - var lte = (a, b, loose) => compare2(a, b, loose) <= 0; + var compare3 = require_compare(); + var lte = (a, b, loose) => compare3(a, b, loose) <= 0; module2.exports = lte; } }); @@ -31396,6 +31417,7 @@ var require_range = __commonJS({ return result; }; var parseComparator = (comp, options) => { + comp = comp.replace(re[t.BUILD], ""); debug4("comp", comp, options); comp = replaceCarets(comp, options); debug4("caret", comp); @@ -31980,12 +32002,12 @@ var require_simplify = __commonJS({ "node_modules/semver/ranges/simplify.js"(exports2, module2) { "use strict"; var satisfies2 = require_satisfies(); - var compare2 = require_compare(); + var compare3 = require_compare(); module2.exports = (versions, range, options) => { const set2 = []; let first = null; let prev = null; - const v = versions.sort((a, b) => compare2(a, b, options)); + const v = versions.sort((a, b) => compare3(a, b, options)); for (const version of v) { const included = satisfies2(version, range, options); if (included) { @@ -32033,7 +32055,7 @@ var require_subset = __commonJS({ var Comparator = require_comparator(); var { ANY } = Comparator; var satisfies2 = require_satisfies(); - var compare2 = require_compare(); + var compare3 = require_compare(); var subset = (sub, dom, options = {}) => { if (sub === dom) { return true; @@ -32093,7 +32115,7 @@ var require_subset = __commonJS({ } let gtltComp; if (gt && lt) { - gtltComp = compare2(gt.semver, lt.semver, options); + gtltComp = compare3(gt.semver, lt.semver, options); if (gtltComp > 0) { return null; } else if (gtltComp === 0 && (gt.operator !== ">=" || lt.operator !== "<=")) { @@ -32173,14 +32195,14 @@ var require_subset = __commonJS({ if (!a) { return b; } - const comp = compare2(a.semver, b.semver, options); + const comp = compare3(a.semver, b.semver, options); return comp > 0 ? a : comp < 0 ? b : b.operator === ">" && a.operator === ">=" ? b : a; }; var lowerLT = (a, b, options) => { if (!a) { return b; } - const comp = compare2(a.semver, b.semver, options); + const comp = compare3(a.semver, b.semver, options); return comp < 0 ? a : comp > 0 ? b : b.operator === "<" && a.operator === "<=" ? b : a; }; module2.exports = subset; @@ -32204,7 +32226,7 @@ var require_semver2 = __commonJS({ var minor = require_minor(); var patch = require_patch(); var prerelease = require_prerelease(); - var compare2 = require_compare(); + var compare3 = require_compare(); var rcompare = require_rcompare(); var compareLoose = require_compare_loose(); var compareBuild = require_compare_build(); @@ -32242,7 +32264,7 @@ var require_semver2 = __commonJS({ minor, patch, prerelease, - compare: compare2, + compare: compare3, rcompare, compareLoose, compareBuild, @@ -32287,7 +32309,7 @@ var require_package = __commonJS({ "package.json"(exports2, module2) { module2.exports = { name: "codeql", - version: "3.30.7", + version: "3.30.8", private: true, description: "CodeQL action", scripts: { @@ -32322,6 +32344,7 @@ var require_package = __commonJS({ "@actions/io": "^1.1.3", "@actions/tool-cache": "^2.0.2", "@octokit/plugin-retry": "^6.0.0", + "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", archiver: "^7.0.1", "check-disk-space": "^3.4.0", @@ -32335,14 +32358,14 @@ var require_package = __commonJS({ long: "^5.3.2", "node-forge": "^1.3.1", octokit: "^5.0.3", - semver: "^7.7.2", + semver: "^7.7.3", uuid: "^13.0.0" }, devDependencies: { "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -32353,7 +32376,7 @@ var require_package = __commonJS({ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.46.0", "@typescript-eslint/parser": "^8.41.0", ava: "^6.4.1", esbuild: "^0.25.10", @@ -32366,7 +32389,7 @@ var require_package = __commonJS({ glob: "^11.0.3", nock: "^14.0.10", sinon: "^21.0.0", - typescript: "^5.9.2" + typescript: "^5.9.3" }, overrides: { "@actions/tool-cache": { @@ -33745,14 +33768,14 @@ var require_dist_node14 = __commonJS({ var __toCommonJS2 = (mod) => __copyProps2(__defProp2({}, "__esModule", { value: true }), mod); var dist_src_exports = {}; __export2(dist_src_exports, { - RequestError: () => RequestError + RequestError: () => RequestError2 }); module2.exports = __toCommonJS2(dist_src_exports); var import_deprecation = require_dist_node3(); var import_once = __toESM2(require_once()); var logOnceCode = (0, import_once.default)((deprecation) => console.warn(deprecation)); var logOnceHeaders = (0, import_once.default)((deprecation) => console.warn(deprecation)); - var RequestError = class extends Error { + var RequestError2 = class extends Error { constructor(message, statusCode, options) { super(message); if (Error.captureStackTrace) { @@ -33854,7 +33877,7 @@ var require_dist_node15 = __commonJS({ throw error2; } var import_light = __toESM2(require_light()); - var import_request_error = require_dist_node14(); + var import_request_error2 = require_dist_node14(); async function wrapRequest(state, octokit, request, options) { const limiter = new import_light.default(); limiter.on("failed", function(error2, info4) { @@ -33875,7 +33898,7 @@ var require_dist_node15 = __commonJS({ if (response.data && response.data.errors && response.data.errors.length > 0 && /Something went wrong while executing your query/.test( response.data.errors[0].message )) { - const error2 = new import_request_error.RequestError(response.data.errors[0].message, 500, { + const error2 = new import_request_error2.RequestError(response.data.errors[0].message, 500, { request: options, response }); @@ -36110,13 +36133,13 @@ var require_semver3 = __commonJS({ function patch(a, loose) { return new SemVer(a, loose).patch; } - exports2.compare = compare2; - function compare2(a, b, loose) { + exports2.compare = compare3; + function compare3(a, b, loose) { return new SemVer(a, loose).compare(new SemVer(b, loose)); } exports2.compareLoose = compareLoose; function compareLoose(a, b) { - return compare2(a, b, true); + return compare3(a, b, true); } exports2.compareBuild = compareBuild; function compareBuild(a, b, loose) { @@ -36126,7 +36149,7 @@ var require_semver3 = __commonJS({ } exports2.rcompare = rcompare; function rcompare(a, b, loose) { - return compare2(b, a, loose); + return compare3(b, a, loose); } exports2.sort = sort; function sort(list, loose) { @@ -36142,27 +36165,27 @@ var require_semver3 = __commonJS({ } exports2.gt = gt; function gt(a, b, loose) { - return compare2(a, b, loose) > 0; + return compare3(a, b, loose) > 0; } exports2.lt = lt; function lt(a, b, loose) { - return compare2(a, b, loose) < 0; + return compare3(a, b, loose) < 0; } exports2.eq = eq; function eq(a, b, loose) { - return compare2(a, b, loose) === 0; + return compare3(a, b, loose) === 0; } exports2.neq = neq; function neq(a, b, loose) { - return compare2(a, b, loose) !== 0; + return compare3(a, b, loose) !== 0; } exports2.gte = gte5; function gte5(a, b, loose) { - return compare2(a, b, loose) >= 0; + return compare3(a, b, loose) >= 0; } exports2.lte = lte; function lte(a, b, loose) { - return compare2(a, b, loose) <= 0; + return compare3(a, b, loose) <= 0; } exports2.cmp = cmp; function cmp(a, op, b, loose) { @@ -88457,6 +88480,9 @@ function isGoodVersion(versionSpec) { function isInTestMode() { return process.env["CODEQL_ACTION_TEST_MODE" /* TEST_MODE */] === "true"; } +function shouldSkipSarifUpload() { + return isInTestMode() || process.env["CODEQL_ACTION_SKIP_SARIF_UPLOAD" /* SKIP_SARIF_UPLOAD */] === "true"; +} function getTestingEnvironment() { const testingEnvironment = process.env["CODEQL_ACTION_TESTING_ENVIRONMENT" /* TESTING_ENVIRONMENT */] || ""; if (testingEnvironment === "") { @@ -88671,9 +88697,12 @@ function getWorkflowRunAttempt() { function isSelfHostedRunner() { return process.env.RUNNER_ENVIRONMENT === "self-hosted"; } -function isDefaultSetup() { +function isDynamicWorkflow() { return getWorkflowEventName() === "dynamic"; } +function isDefaultSetup() { + return isDynamicWorkflow(); +} function prettyPrintInvocation(cmd, args) { return [cmd, ...args].map((x) => x.includes(" ") ? `'${x}'` : x).join(" "); } @@ -89241,6 +89270,11 @@ var DEFAULT_VERSION_FEATURE_FLAG_PREFIX = "default_codeql_version_"; var DEFAULT_VERSION_FEATURE_FLAG_SUFFIX = "_enabled"; var CODEQL_VERSION_ZSTD_BUNDLE = "2.19.0"; var featureConfig = { + ["allow_toolcache_input" /* AllowToolcacheInput */]: { + defaultValue: false, + envVar: "CODEQL_ACTION_ALLOW_TOOLCACHE_INPUT", + minimumVersion: void 0 + }, ["cleanup_trap_caches" /* CleanupTrapCaches */]: { defaultValue: false, envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", @@ -89850,7 +89884,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi action_ref: actionRef, action_started_at: actionStartedAt.toISOString(), action_version: getActionVersion(), - analysis_kinds: config?.analysisKinds.join(","), + analysis_kinds: config?.analysisKinds?.join(","), analysis_key, build_mode: config?.buildMode, commit_oid: commitOid, @@ -89873,7 +89907,7 @@ async function createStatusReportBase(actionName, status, actionStartedAt, confi logger.warning(`Could not determine the workflow event name: ${e}.`); } if (config) { - statusReport.languages = config.languages.join(","); + statusReport.languages = config.languages?.join(","); } if (diskInfo) { statusReport.runner_available_disk_space_bytes = diskInfo.numAvailableBytes; @@ -89983,6 +90017,45 @@ var path13 = __toESM(require("path")); var core11 = __toESM(require_core()); var toolrunner3 = __toESM(require_toolrunner()); +// node_modules/@octokit/request-error/dist-src/index.js +var RequestError = class extends Error { + name; + /** + * http status code + */ + status; + /** + * Request options that lead to the error. + */ + request; + /** + * Response object if a response was received + */ + response; + constructor(message, statusCode, options) { + super(message); + this.name = "HttpError"; + this.status = Number.parseInt(statusCode); + if (Number.isNaN(this.status)) { + this.status = 0; + } + if ("response" in options) { + this.response = options.response; + } + const requestCopy = Object.assign({}, options.request); + if (options.request.headers.authorization) { + requestCopy.headers = Object.assign({}, options.request.headers, { + authorization: options.request.headers.authorization.replace( + /(? semver7.compare(b, a)); + logger.debug( + `Found the following versions of the CodeQL tools in the toolcache: ${JSON.stringify( + allVersions + )}.` + ); + if (allVersions.length > 0) { + const latestToolcacheVersion = allVersions[0]; + logger.info( + `CLI version ${latestToolcacheVersion} is the latest version in the toolcache.` + ); + return latestToolcacheVersion; + } + return void 0; +} function isReservedToolsValue(tools) { - return CODEQL_BUNDLE_VERSION_ALIAS.includes(tools) || CODEQL_NIGHTLY_TOOLS_INPUTS.includes(tools); + return CODEQL_BUNDLE_VERSION_ALIAS.includes(tools) || CODEQL_NIGHTLY_TOOLS_INPUTS.includes(tools) || tools === CODEQL_TOOLCACHE_INPUT; } // src/tracer-config.ts @@ -91106,7 +91231,7 @@ var GHES_VERSION_MOST_RECENTLY_DEPRECATED = "3.13"; var GHES_MOST_RECENT_DEPRECATION_DATE = "2025-06-19"; var EXTRACTION_DEBUG_MODE_VERBOSITY = "progress++"; var CODEQL_VERSION_CACHE_CLEANUP = "2.17.1"; -async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger, checkVersion) { +async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger, checkVersion) { try { const { codeqlFolder, @@ -91120,6 +91245,7 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV tempDir, variant, defaultCliVersion, + features, logger ); logger.debug( @@ -91144,7 +91270,8 @@ async function setupCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliV zstdAvailability }; } catch (e) { - const ErrorClass = e instanceof ConfigurationError || e instanceof Error && e.message.includes("ENOSPC") ? ConfigurationError : Error; + const ErrorClass = e instanceof ConfigurationError || e instanceof Error && e.message.includes("ENOSPC") || // out of disk space + e instanceof RequestError && e.status === 429 ? ConfigurationError : Error; throw new ErrorClass( `Unable to download and extract CodeQL CLI: ${getErrorMessage(e)}${e instanceof Error && e.stack ? ` @@ -92271,7 +92398,7 @@ LongPrototype.greaterThanOrEqual = function greaterThanOrEqual(other) { }; LongPrototype.gte = LongPrototype.greaterThanOrEqual; LongPrototype.ge = LongPrototype.greaterThanOrEqual; -LongPrototype.compare = function compare(other) { +LongPrototype.compare = function compare2(other) { if (!isLong(other)) other = fromValue(other); if (this.eq(other)) return 0; var thisNeg = this.isNegative(), otherNeg = other.isNegative(); @@ -92822,7 +92949,7 @@ async function addFingerprints(sarif, sourceRoot, logger) { // src/init.ts var toolrunner4 = __toESM(require_toolrunner()); var io5 = __toESM(require_io()); -async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, logger) { +async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVersion, features, logger) { logger.startGroup("Setup CodeQL tools"); const { codeql, @@ -92836,6 +92963,7 @@ async function initCodeQL(toolsInput, apiDetails, tempDir, variant, defaultCliVe tempDir, variant, defaultCliVersion, + features, logger, true ); @@ -92982,6 +93110,7 @@ async function combineSarifFilesUsingCLI(sarifFiles, gitHubVersion, features, lo tempDir, gitHubVersion.type, codeQLDefaultVersionInfo, + features, logger ); codeQL = initCodeQLResult.codeql; @@ -93037,23 +93166,23 @@ function getAutomationID2(category, analysis_key, environment) { } return computeAutomationID(analysis_key, environment); } -async function uploadPayload(payload, repositoryNwo, logger, target) { +async function uploadPayload(payload, repositoryNwo, logger, analysis) { logger.info("Uploading results"); - if (isInTestMode()) { + if (shouldSkipSarifUpload()) { const payloadSaveFile = path15.join( getTemporaryDirectory(), - "payload.json" + `payload-${analysis.kind}.json` ); logger.info( - `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}` + `SARIF upload disabled by an environment variable. Saving to ${payloadSaveFile}` ); logger.info(`Payload: ${JSON.stringify(payload, null, 2)}`); fs14.writeFileSync(payloadSaveFile, JSON.stringify(payload, null, 2)); - return "test-mode-sarif-id"; + return "dummy-sarif-id"; } const client = getApiClient(); try { - const response = await client.request(target, { + const response = await client.request(analysis.target, { owner: repositoryNwo.owner, repo: repositoryNwo.repo, data: payload @@ -93304,7 +93433,7 @@ async function uploadSpecifiedFiles(sarifPaths, checkoutPath, category, features payload, getRepositoryNwo(), logger, - uploadTarget.target + uploadTarget ); logger.endGroup(); return { @@ -93570,8 +93699,10 @@ async function run() { core13.setOutput("sarif-id", codeScanningResult.sarifID); } core13.setOutput("sarif-ids", JSON.stringify(uploadResults)); - if (isInTestMode()) { - core13.debug("In test mode. Waiting for processing is disabled."); + if (shouldSkipSarifUpload()) { + core13.debug( + "SARIF upload disabled by an environment variable. Waiting for processing is disabled." + ); } else if (getRequiredInput("wait-for-processing") === "true") { if (codeScanningResult !== void 0) { await waitForProcessing( diff --git a/package-lock.json b/package-lock.json index e4854d5dd5..ccb4f9ad53 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "codeql", - "version": "4.30.7", + "version": "4.30.8", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "codeql", - "version": "4.30.7", + "version": "4.30.8", "license": "MIT", "dependencies": { "@actions/artifact": "^2.3.1", @@ -20,6 +20,7 @@ "@actions/io": "^1.1.3", "@actions/tool-cache": "^2.0.2", "@octokit/plugin-retry": "^6.0.0", + "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", "archiver": "^7.0.1", "check-disk-space": "^3.4.0", @@ -33,14 +34,14 @@ "long": "^5.3.2", "node-forge": "^1.3.1", "octokit": "^5.0.3", - "semver": "^7.7.2", + "semver": "^7.7.3", "uuid": "^13.0.0" }, "devDependencies": { "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -51,7 +52,7 @@ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.46.0", "@typescript-eslint/parser": "^8.41.0", "ava": "^6.4.1", "esbuild": "^0.25.10", @@ -64,7 +65,7 @@ "glob": "^11.0.3", "nock": "^14.0.10", "sinon": "^21.0.0", - "typescript": "^5.9.2" + "typescript": "^5.9.3" } }, "node_modules/@aashutoshrathi/word-wrap": { @@ -1346,9 +1347,9 @@ } }, "node_modules/@eslint/js": { - "version": "9.36.0", - "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.36.0.tgz", - "integrity": "sha512-uhCbYtYynH30iZErszX78U+nR3pJU3RHGQ57NXy5QupD4SBVwDeU8TNBy+MjMngc1UyIW9noKqsRqfjQTBU2dw==", + "version": "9.37.0", + "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.37.0.tgz", + "integrity": "sha512-jaS+NJ+hximswBG6pjNX0uEJZkrT0zwpVi3BA3vX22aFGjJjmgSTSmPpZCRKmoBL5VY/M6p0xsSJx7rk7sy5gg==", "dev": true, "license": "MIT", "engines": { @@ -2175,7 +2176,6 @@ "version": "26.0.0", "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-26.0.0.tgz", "integrity": "sha512-7AtcfKtpo77j7Ts73b4OWhOZHTKo/gGY8bB3bNBQz4H+GRSWqx2yvj8TXRsbdTE0eRmYmXOEY66jM7mJ7LzfsA==", - "dev": true, "license": "MIT" }, "node_modules/@octokit/openapi-webhooks-types": { @@ -2299,31 +2299,17 @@ } }, "node_modules/@octokit/request-error": { - "version": "7.0.0", - "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.0.0.tgz", - "integrity": "sha512-KRA7VTGdVyJlh0cP5Tf94hTiYVVqmt2f3I6mnimmaVz4UG3gQV/k4mDJlJv3X67iX6rmN7gSHCF8ssqeMnmhZg==", + "version": "7.0.1", + "resolved": "https://registry.npmjs.org/@octokit/request-error/-/request-error-7.0.1.tgz", + "integrity": "sha512-CZpFwV4+1uBrxu7Cw8E5NCXDWFNf18MSY23TdxCBgjw1tXXHvTrZVsXlW8hgFTOLw8RQR1BBrMvYRtuyaijHMA==", + "license": "MIT", "dependencies": { - "@octokit/types": "^14.0.0" + "@octokit/types": "^15.0.0" }, "engines": { "node": ">= 20" } }, - "node_modules/@octokit/request-error/node_modules/@octokit/openapi-types": { - "version": "25.1.0", - "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-25.1.0.tgz", - "integrity": "sha512-idsIggNXUKkk0+BExUn1dQ92sfysJrje03Q0bv0e+KPLrvyqZF8MnBpFz8UNfYDwB3Ie7Z0TByjWfzxt7vseaA==", - "license": "MIT" - }, - "node_modules/@octokit/request-error/node_modules/@octokit/types": { - "version": "14.1.0", - "resolved": "https://registry.npmjs.org/@octokit/types/-/types-14.1.0.tgz", - "integrity": "sha512-1y6DgTy8Jomcpu33N+p5w58l6xyt55Ar2I91RPiIA0xCJBXyUAhXCcmZaDWSANiha7R9a6qJJ2CRomGPZ6f46g==", - "license": "MIT", - "dependencies": { - "@octokit/openapi-types": "^25.1.0" - } - }, "node_modules/@octokit/request/node_modules/@octokit/openapi-types": { "version": "25.1.0", "resolved": "https://registry.npmjs.org/@octokit/openapi-types/-/openapi-types-25.1.0.tgz", @@ -2348,7 +2334,6 @@ "version": "15.0.0", "resolved": "https://registry.npmjs.org/@octokit/types/-/types-15.0.0.tgz", "integrity": "sha512-8o6yDfmoGJUIeR9OfYU0/TUJTnMPG2r68+1yEdUeG2Fdqpj8Qetg0ziKIgcBm0RW/j29H41WP37CYCEhp6GoHQ==", - "dev": true, "license": "MIT", "dependencies": { "@octokit/openapi-types": "^26.0.0" @@ -2712,17 +2697,17 @@ "license": "MIT" }, "node_modules/@typescript-eslint/eslint-plugin": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.44.1.tgz", - "integrity": "sha512-molgphGqOBT7t4YKCSkbasmu1tb1MgrZ2szGzHbclF7PNmOkSTQVHy+2jXOSnxvR3+Xe1yySHFZoqMpz3TfQsw==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.46.0.tgz", + "integrity": "sha512-hA8gxBq4ukonVXPy0OKhiaUh/68D0E88GSmtC1iAEnGaieuDi38LhS7jdCHRLi6ErJBNDGCzvh5EnzdPwUc0DA==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/regexpp": "^4.10.0", - "@typescript-eslint/scope-manager": "8.44.1", - "@typescript-eslint/type-utils": "8.44.1", - "@typescript-eslint/utils": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1", + "@typescript-eslint/scope-manager": "8.46.0", + "@typescript-eslint/type-utils": "8.46.0", + "@typescript-eslint/utils": "8.46.0", + "@typescript-eslint/visitor-keys": "8.46.0", "graphemer": "^1.4.0", "ignore": "^7.0.0", "natural-compare": "^1.4.0", @@ -2736,20 +2721,20 @@ "url": "https://opencollective.com/typescript-eslint" }, "peerDependencies": { - "@typescript-eslint/parser": "^8.44.1", + "@typescript-eslint/parser": "^8.46.0", "eslint": "^8.57.0 || ^9.0.0", "typescript": ">=4.8.4 <6.0.0" } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/scope-manager": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.44.1.tgz", - "integrity": "sha512-NdhWHgmynpSvyhchGLXh+w12OMT308Gm25JoRIyTZqEbApiBiQHD/8xgb6LqCWCFcxFtWwaVdFsLPQI3jvhywg==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.0.tgz", + "integrity": "sha512-lWETPa9XGcBes4jqAMYD9fW0j4n6hrPtTJwWDmtqgFO/4HF4jmdH/Q6wggTw5qIT5TXjKzbt7GsZUBnWoO3dqw==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1" + "@typescript-eslint/types": "8.46.0", + "@typescript-eslint/visitor-keys": "8.46.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2760,9 +2745,9 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/types": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.1.tgz", - "integrity": "sha512-Lk7uj7y9uQUOEguiDIDLYLJOrYHQa7oBiURYVFqIpGxclAFQ78f6VUOM8lI2XEuNOKNB7XuvM2+2cMXAoq4ALQ==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.0.tgz", + "integrity": "sha512-bHGGJyVjSE4dJJIO5yyEWt/cHyNwga/zXGJbJJ8TiO01aVREK6gCTu3L+5wrkb1FbDkQ+TKjMNe9R/QQQP9+rA==", "dev": true, "license": "MIT", "engines": { @@ -2774,16 +2759,16 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/typescript-estree": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.44.1.tgz", - "integrity": "sha512-qnQJ+mVa7szevdEyvfItbO5Vo+GfZ4/GZWWDRRLjrxYPkhM+6zYB2vRYwCsoJLzqFCdZT4mEqyJoyzkunsZ96A==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.0.tgz", + "integrity": "sha512-ekDCUfVpAKWJbRfm8T1YRrCot1KFxZn21oV76v5Fj4tr7ELyk84OS+ouvYdcDAwZL89WpEkEj2DKQ+qg//+ucg==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/project-service": "8.44.1", - "@typescript-eslint/tsconfig-utils": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1", + "@typescript-eslint/project-service": "8.46.0", + "@typescript-eslint/tsconfig-utils": "8.46.0", + "@typescript-eslint/types": "8.46.0", + "@typescript-eslint/visitor-keys": "8.46.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", @@ -2803,16 +2788,16 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/utils": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.44.1.tgz", - "integrity": "sha512-DpX5Fp6edTlocMCwA+mHY8Mra+pPjRZ0TfHkXI8QFelIKcbADQz1LUPNtzOFUriBB2UYqw4Pi9+xV4w9ZczHFg==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.46.0.tgz", + "integrity": "sha512-nD6yGWPj1xiOm4Gk0k6hLSZz2XkNXhuYmyIrOWcHoPuAhjT9i5bAG+xbWPgFeNR8HPHHtpNKdYUXJl/D3x7f5g==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", - "@typescript-eslint/scope-manager": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/typescript-estree": "8.44.1" + "@typescript-eslint/scope-manager": "8.46.0", + "@typescript-eslint/types": "8.46.0", + "@typescript-eslint/typescript-estree": "8.46.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2827,13 +2812,13 @@ } }, "node_modules/@typescript-eslint/eslint-plugin/node_modules/@typescript-eslint/visitor-keys": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.44.1.tgz", - "integrity": "sha512-576+u0QD+Jp3tZzvfRfxon0EA2lzcDt3lhUbsC6Lgzy9x2VR4E+JUiNyGHi5T8vk0TV+fpJ5GLG1JsJuWCaKhw==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.0.tgz", + "integrity": "sha512-FrvMpAK+hTbFy7vH5j1+tMYHMSKLE6RzluFJlkFNKD0p9YsUT75JlBSmr5so3QRzvMwU5/bIEdeNrxm8du8l3Q==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", + "@typescript-eslint/types": "8.46.0", "eslint-visitor-keys": "^4.2.1" }, "engines": { @@ -2906,16 +2891,16 @@ } }, "node_modules/@typescript-eslint/parser": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.44.1.tgz", - "integrity": "sha512-EHrrEsyhOhxYt8MTg4zTF+DJMuNBzWwgvvOYNj/zm1vnaD/IC5zCXFehZv94Piqa2cRFfXrTFxIvO95L7Qc/cw==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.46.0.tgz", + "integrity": "sha512-n1H6IcDhmmUEG7TNVSspGmiHHutt7iVKtZwRppD7e04wha5MrkV1h3pti9xQLcCMt6YWsncpoT0HMjkH1FNwWQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/scope-manager": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/typescript-estree": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1", + "@typescript-eslint/scope-manager": "8.46.0", + "@typescript-eslint/types": "8.46.0", + "@typescript-eslint/typescript-estree": "8.46.0", + "@typescript-eslint/visitor-keys": "8.46.0", "debug": "^4.3.4" }, "engines": { @@ -2931,14 +2916,14 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/scope-manager": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.44.1.tgz", - "integrity": "sha512-NdhWHgmynpSvyhchGLXh+w12OMT308Gm25JoRIyTZqEbApiBiQHD/8xgb6LqCWCFcxFtWwaVdFsLPQI3jvhywg==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.0.tgz", + "integrity": "sha512-lWETPa9XGcBes4jqAMYD9fW0j4n6hrPtTJwWDmtqgFO/4HF4jmdH/Q6wggTw5qIT5TXjKzbt7GsZUBnWoO3dqw==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1" + "@typescript-eslint/types": "8.46.0", + "@typescript-eslint/visitor-keys": "8.46.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -2949,9 +2934,9 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/types": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.1.tgz", - "integrity": "sha512-Lk7uj7y9uQUOEguiDIDLYLJOrYHQa7oBiURYVFqIpGxclAFQ78f6VUOM8lI2XEuNOKNB7XuvM2+2cMXAoq4ALQ==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.0.tgz", + "integrity": "sha512-bHGGJyVjSE4dJJIO5yyEWt/cHyNwga/zXGJbJJ8TiO01aVREK6gCTu3L+5wrkb1FbDkQ+TKjMNe9R/QQQP9+rA==", "dev": true, "license": "MIT", "engines": { @@ -2963,16 +2948,16 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/typescript-estree": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.44.1.tgz", - "integrity": "sha512-qnQJ+mVa7szevdEyvfItbO5Vo+GfZ4/GZWWDRRLjrxYPkhM+6zYB2vRYwCsoJLzqFCdZT4mEqyJoyzkunsZ96A==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.0.tgz", + "integrity": "sha512-ekDCUfVpAKWJbRfm8T1YRrCot1KFxZn21oV76v5Fj4tr7ELyk84OS+ouvYdcDAwZL89WpEkEj2DKQ+qg//+ucg==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/project-service": "8.44.1", - "@typescript-eslint/tsconfig-utils": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1", + "@typescript-eslint/project-service": "8.46.0", + "@typescript-eslint/tsconfig-utils": "8.46.0", + "@typescript-eslint/types": "8.46.0", + "@typescript-eslint/visitor-keys": "8.46.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", @@ -2992,13 +2977,13 @@ } }, "node_modules/@typescript-eslint/parser/node_modules/@typescript-eslint/visitor-keys": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.44.1.tgz", - "integrity": "sha512-576+u0QD+Jp3tZzvfRfxon0EA2lzcDt3lhUbsC6Lgzy9x2VR4E+JUiNyGHi5T8vk0TV+fpJ5GLG1JsJuWCaKhw==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.0.tgz", + "integrity": "sha512-FrvMpAK+hTbFy7vH5j1+tMYHMSKLE6RzluFJlkFNKD0p9YsUT75JlBSmr5so3QRzvMwU5/bIEdeNrxm8du8l3Q==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", + "@typescript-eslint/types": "8.46.0", "eslint-visitor-keys": "^4.2.1" }, "engines": { @@ -3062,14 +3047,14 @@ } }, "node_modules/@typescript-eslint/project-service": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.44.1.tgz", - "integrity": "sha512-ycSa60eGg8GWAkVsKV4E6Nz33h+HjTXbsDT4FILyL8Obk5/mx4tbvCNsLf9zret3ipSumAOG89UcCs/KRaKYrA==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.46.0.tgz", + "integrity": "sha512-OEhec0mH+U5Je2NZOeK1AbVCdm0ChyapAyTeXVIYTPXDJ3F07+cu87PPXcGoYqZ7M9YJVvFnfpGg1UmCIqM+QQ==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/tsconfig-utils": "^8.44.1", - "@typescript-eslint/types": "^8.44.1", + "@typescript-eslint/tsconfig-utils": "^8.46.0", + "@typescript-eslint/types": "^8.46.0", "debug": "^4.3.4" }, "engines": { @@ -3084,9 +3069,9 @@ } }, "node_modules/@typescript-eslint/project-service/node_modules/@typescript-eslint/types": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.1.tgz", - "integrity": "sha512-Lk7uj7y9uQUOEguiDIDLYLJOrYHQa7oBiURYVFqIpGxclAFQ78f6VUOM8lI2XEuNOKNB7XuvM2+2cMXAoq4ALQ==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.0.tgz", + "integrity": "sha512-bHGGJyVjSE4dJJIO5yyEWt/cHyNwga/zXGJbJJ8TiO01aVREK6gCTu3L+5wrkb1FbDkQ+TKjMNe9R/QQQP9+rA==", "dev": true, "license": "MIT", "engines": { @@ -3116,9 +3101,9 @@ } }, "node_modules/@typescript-eslint/tsconfig-utils": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.44.1.tgz", - "integrity": "sha512-B5OyACouEjuIvof3o86lRMvyDsFwZm+4fBOqFHccIctYgBjqR3qT39FBYGN87khcgf0ExpdCBeGKpKRhSFTjKQ==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.46.0.tgz", + "integrity": "sha512-WrYXKGAHY836/N7zoK/kzi6p8tXFhasHh8ocFL9VZSAkvH956gfeRfcnhs3xzRy8qQ/dq3q44v1jvQieMFg2cw==", "dev": true, "license": "MIT", "engines": { @@ -3133,15 +3118,15 @@ } }, "node_modules/@typescript-eslint/type-utils": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.44.1.tgz", - "integrity": "sha512-KdEerZqHWXsRNKjF9NYswNISnFzXfXNDfPxoTh7tqohU/PRIbwTmsjGK6V9/RTYWau7NZvfo52lgVk+sJh0K3g==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.46.0.tgz", + "integrity": "sha512-hy+lvYV1lZpVs2jRaEYvgCblZxUoJiPyCemwbQZ+NGulWkQRy0HRPYAoef/CNSzaLt+MLvMptZsHXHlkEilaeg==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/typescript-estree": "8.44.1", - "@typescript-eslint/utils": "8.44.1", + "@typescript-eslint/types": "8.46.0", + "@typescript-eslint/typescript-estree": "8.46.0", + "@typescript-eslint/utils": "8.46.0", "debug": "^4.3.4", "ts-api-utils": "^2.1.0" }, @@ -3158,14 +3143,14 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/scope-manager": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.44.1.tgz", - "integrity": "sha512-NdhWHgmynpSvyhchGLXh+w12OMT308Gm25JoRIyTZqEbApiBiQHD/8xgb6LqCWCFcxFtWwaVdFsLPQI3jvhywg==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.46.0.tgz", + "integrity": "sha512-lWETPa9XGcBes4jqAMYD9fW0j4n6hrPtTJwWDmtqgFO/4HF4jmdH/Q6wggTw5qIT5TXjKzbt7GsZUBnWoO3dqw==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1" + "@typescript-eslint/types": "8.46.0", + "@typescript-eslint/visitor-keys": "8.46.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -3176,9 +3161,9 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/types": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.1.tgz", - "integrity": "sha512-Lk7uj7y9uQUOEguiDIDLYLJOrYHQa7oBiURYVFqIpGxclAFQ78f6VUOM8lI2XEuNOKNB7XuvM2+2cMXAoq4ALQ==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.46.0.tgz", + "integrity": "sha512-bHGGJyVjSE4dJJIO5yyEWt/cHyNwga/zXGJbJJ8TiO01aVREK6gCTu3L+5wrkb1FbDkQ+TKjMNe9R/QQQP9+rA==", "dev": true, "license": "MIT", "engines": { @@ -3190,16 +3175,16 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/typescript-estree": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.44.1.tgz", - "integrity": "sha512-qnQJ+mVa7szevdEyvfItbO5Vo+GfZ4/GZWWDRRLjrxYPkhM+6zYB2vRYwCsoJLzqFCdZT4mEqyJoyzkunsZ96A==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.46.0.tgz", + "integrity": "sha512-ekDCUfVpAKWJbRfm8T1YRrCot1KFxZn21oV76v5Fj4tr7ELyk84OS+ouvYdcDAwZL89WpEkEj2DKQ+qg//+ucg==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/project-service": "8.44.1", - "@typescript-eslint/tsconfig-utils": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/visitor-keys": "8.44.1", + "@typescript-eslint/project-service": "8.46.0", + "@typescript-eslint/tsconfig-utils": "8.46.0", + "@typescript-eslint/types": "8.46.0", + "@typescript-eslint/visitor-keys": "8.46.0", "debug": "^4.3.4", "fast-glob": "^3.3.2", "is-glob": "^4.0.3", @@ -3219,16 +3204,16 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/utils": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.44.1.tgz", - "integrity": "sha512-DpX5Fp6edTlocMCwA+mHY8Mra+pPjRZ0TfHkXI8QFelIKcbADQz1LUPNtzOFUriBB2UYqw4Pi9+xV4w9ZczHFg==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.46.0.tgz", + "integrity": "sha512-nD6yGWPj1xiOm4Gk0k6hLSZz2XkNXhuYmyIrOWcHoPuAhjT9i5bAG+xbWPgFeNR8HPHHtpNKdYUXJl/D3x7f5g==", "dev": true, "license": "MIT", "dependencies": { "@eslint-community/eslint-utils": "^4.7.0", - "@typescript-eslint/scope-manager": "8.44.1", - "@typescript-eslint/types": "8.44.1", - "@typescript-eslint/typescript-estree": "8.44.1" + "@typescript-eslint/scope-manager": "8.46.0", + "@typescript-eslint/types": "8.46.0", + "@typescript-eslint/typescript-estree": "8.46.0" }, "engines": { "node": "^18.18.0 || ^20.9.0 || >=21.1.0" @@ -3243,13 +3228,13 @@ } }, "node_modules/@typescript-eslint/type-utils/node_modules/@typescript-eslint/visitor-keys": { - "version": "8.44.1", - "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.44.1.tgz", - "integrity": "sha512-576+u0QD+Jp3tZzvfRfxon0EA2lzcDt3lhUbsC6Lgzy9x2VR4E+JUiNyGHi5T8vk0TV+fpJ5GLG1JsJuWCaKhw==", + "version": "8.46.0", + "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.46.0.tgz", + "integrity": "sha512-FrvMpAK+hTbFy7vH5j1+tMYHMSKLE6RzluFJlkFNKD0p9YsUT75JlBSmr5so3QRzvMwU5/bIEdeNrxm8du8l3Q==", "dev": true, "license": "MIT", "dependencies": { - "@typescript-eslint/types": "8.44.1", + "@typescript-eslint/types": "8.46.0", "eslint-visitor-keys": "^4.2.1" }, "engines": { @@ -8225,9 +8210,10 @@ "license": "ISC" }, "node_modules/semver": { - "version": "7.7.2", - "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.2.tgz", - "integrity": "sha512-RF0Fw+rO5AMf9MAyaRXI4AV0Ulj5lMHqVxxdSgiVbixSCXoEmmX/jk0CuJw4+3SqroYO9VoUh+HcuJivvtJemA==", + "version": "7.7.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz", + "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==", + "license": "ISC", "bin": { "semver": "bin/semver.js" }, @@ -9043,9 +9029,9 @@ } }, "node_modules/typescript": { - "version": "5.9.2", - "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.2.tgz", - "integrity": "sha512-CWBzXQrc/qOkhidw1OzBTQuYRbfyxDXJMVJ1XNwUHGROVmuaeiEm3OslpZ1RV96d7SKKjZKrSJu3+t/xlw3R9A==", + "version": "5.9.3", + "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz", + "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==", "dev": true, "license": "Apache-2.0", "bin": { diff --git a/package.json b/package.json index 32b427bb41..8ef86904b7 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "codeql", - "version": "3.30.7", + "version": "3.30.8", "private": true, "description": "CodeQL action", "scripts": { @@ -35,6 +35,7 @@ "@actions/io": "^1.1.3", "@actions/tool-cache": "^2.0.2", "@octokit/plugin-retry": "^6.0.0", + "@octokit/request-error": "^7.0.1", "@schemastore/package": "0.0.10", "archiver": "^7.0.1", "check-disk-space": "^3.4.0", @@ -48,14 +49,14 @@ "long": "^5.3.2", "node-forge": "^1.3.1", "octokit": "^5.0.3", - "semver": "^7.7.2", + "semver": "^7.7.3", "uuid": "^13.0.0" }, "devDependencies": { "@ava/typescript": "6.0.0", "@eslint/compat": "^1.4.0", "@eslint/eslintrc": "^3.3.1", - "@eslint/js": "^9.36.0", + "@eslint/js": "^9.37.0", "@microsoft/eslint-formatter-sarif": "^3.1.0", "@octokit/types": "^15.0.0", "@types/archiver": "^6.0.3", @@ -66,7 +67,7 @@ "@types/node-forge": "^1.3.14", "@types/semver": "^7.7.1", "@types/sinon": "^17.0.4", - "@typescript-eslint/eslint-plugin": "^8.44.1", + "@typescript-eslint/eslint-plugin": "^8.46.0", "@typescript-eslint/parser": "^8.41.0", "ava": "^6.4.1", "esbuild": "^0.25.10", @@ -79,7 +80,7 @@ "glob": "^11.0.3", "nock": "^14.0.10", "sinon": "^21.0.0", - "typescript": "^5.9.2" + "typescript": "^5.9.3" }, "overrides": { "@actions/tool-cache": { diff --git a/pr-checks/checks/bundle-from-toolcache.yml b/pr-checks/checks/bundle-from-toolcache.yml new file mode 100644 index 0000000000..5a53ec12d9 --- /dev/null +++ b/pr-checks/checks/bundle-from-toolcache.yml @@ -0,0 +1,32 @@ +name: "Bundle: From toolcache" +description: "The CodeQL bundle should be cached within the toolcache" +versions: + - toolcache +steps: + - name: Install @actions/tool-cache + run: npm install @actions/tool-cache + - name: Check toolcache contains CodeQL + continue-on-error: true + uses: actions/github-script@v8 + with: + script: | + const toolcache = require('@actions/tool-cache'); + const allCodeqlVersions = toolcache.findAllVersions('CodeQL'); + if (allCodeqlVersions.length === 0) { + throw new Error(`CodeQL could not be found in the toolcache`); + } + - id: init + uses: ./../action/init + with: + languages: javascript + tools: ${{ steps.prepare-test.outputs.tools-url }} + - name: Check CodeQL is installed within the toolcache + uses: actions/github-script@v8 + with: + script: | + const toolcache = require('@actions/tool-cache'); + const allCodeqlVersions = toolcache.findAllVersions('CodeQL'); + console.log(`Found CodeQL versions: ${allCodeqlVersions}`); + if (allCodeqlVersions.length === 0) { + throw new Error('CodeQL not found in toolcache'); + } diff --git a/pr-checks/checks/rubocop-multi-language.yml b/pr-checks/checks/rubocop-multi-language.yml index 27bcf070db..c3299de08d 100644 --- a/pr-checks/checks/rubocop-multi-language.yml +++ b/pr-checks/checks/rubocop-multi-language.yml @@ -4,7 +4,7 @@ description: "Tests using RuboCop to analyze a multi-language repository and the versions: ["default"] steps: - name: Set up Ruby - uses: ruby/setup-ruby@0481980f17b760ef6bca5e8c55809102a0af1e5a # v1.263.0 + uses: ruby/setup-ruby@ab177d40ee5483edb974554986f56b33477e21d0 # v1.265.0 with: ruby-version: 2.6 - name: Install Code Scanning integration diff --git a/pr-checks/checks/upload-quality-sarif.yml b/pr-checks/checks/upload-quality-sarif.yml deleted file mode 100644 index 1d4dd9d28d..0000000000 --- a/pr-checks/checks/upload-quality-sarif.yml +++ /dev/null @@ -1,26 +0,0 @@ -name: "Upload-sarif: code quality endpoint" -description: "Checks that uploading SARIFs to the code quality endpoint works" -versions: ["default"] -installGo: true -steps: - - uses: ./../action/init - with: - tools: ${{ steps.prepare-test.outputs.tools-url }} - languages: csharp,java,javascript,python - analysis-kinds: code-quality - - name: Build code - run: ./build.sh - # Generate some SARIF we can upload with the upload-sarif step - - uses: ./../action/analyze - with: - ref: 'refs/heads/main' - sha: '5e235361806c361d4d3f8859e3c897658025a9a2' - upload: never - - uses: ./../action/upload-sarif - id: upload-sarif - with: - ref: 'refs/heads/main' - sha: '5e235361806c361d4d3f8859e3c897658025a9a2' - - name: "Check output from `upload-sarif` step" - if: '!(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)' - run: exit 1 diff --git a/pr-checks/checks/upload-sarif.yml b/pr-checks/checks/upload-sarif.yml new file mode 100644 index 0000000000..1801a27407 --- /dev/null +++ b/pr-checks/checks/upload-sarif.yml @@ -0,0 +1,81 @@ +name: "Test different uses of `upload-sarif`" +description: "Checks that uploading SARIFs to the code quality endpoint works" +versions: ["default"] +analysisKinds: ["code-scanning", "code-quality", "code-scanning,code-quality"] +installGo: true +steps: + - uses: ./../action/init + with: + tools: ${{ steps.prepare-test.outputs.tools-url }} + languages: csharp,java,javascript,python + analysis-kinds: ${{ matrix.analysis-kinds }} + - name: Build code + run: ./build.sh + # Generate some SARIF we can upload with the upload-sarif step + - uses: ./../action/analyze + with: + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' + upload: never + output: ${{ runner.temp }}/results + + - name: | + Upload all SARIF files for `analysis-kinds: ${{ matrix.analysis-kinds }}` + uses: ./../action/upload-sarif + id: upload-sarif + with: + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' + sarif_file: ${{ runner.temp }}/results + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:all-files/ + - name: "Fail for missing output from `upload-sarif` step for `code-scanning`" + if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-scanning)" + run: exit 1 + - name: "Fail for missing output from `upload-sarif` step for `code-quality`" + if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-sarif.outputs.sarif-ids).code-quality)" + run: exit 1 + + - name: Upload single SARIF file for Code Scanning + uses: ./../action/upload-sarif + id: upload-single-sarif-code-scanning + if: "contains(matrix.analysis-kinds, 'code-scanning')" + with: + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' + sarif_file: ${{ runner.temp }}/results/javascript.sarif + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-scanning/ + - name: "Fail for missing output from `upload-single-sarif-code-scanning` step" + if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-sarif-code-scanning.outputs.sarif-ids).code-scanning)" + run: exit 1 + - name: Upload single SARIF file for Code Quality + uses: ./../action/upload-sarif + id: upload-single-sarif-code-quality + if: "contains(matrix.analysis-kinds, 'code-quality')" + with: + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' + sarif_file: ${{ runner.temp }}/results/javascript.quality.sarif + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:single-code-quality/ + - name: "Fail for missing output from `upload-single-sarif-code-quality` step" + if: "contains(matrix.analysis-kinds, 'code-quality') && !(fromJSON(steps.upload-single-sarif-code-quality.outputs.sarif-ids).code-quality)" + run: exit 1 + + - name: Change SARIF file extension + if: "contains(matrix.analysis-kinds, 'code-scanning')" + run: mv ${{ runner.temp }}/results/javascript.sarif ${{ runner.temp }}/results/javascript.sarif.json + - name: Upload single non-`.sarif` file + uses: ./../action/upload-sarif + id: upload-single-non-sarif + if: "contains(matrix.analysis-kinds, 'code-scanning')" + with: + ref: 'refs/heads/main' + sha: '5e235361806c361d4d3f8859e3c897658025a9a2' + sarif_file: ${{ runner.temp }}/results/javascript.sarif.json + category: | + ${{ github.workflow }}:upload-sarif/analysis-kinds:${{ matrix.analysis-kinds }}/os:${{ matrix.os }}/version:${{ matrix.version }}/test:non-sarif/ + - name: "Fail for missing output from `upload-single-non-sarif` step" + if: "contains(matrix.analysis-kinds, 'code-scanning') && !(fromJSON(steps.upload-single-non-sarif.outputs.sarif-ids).code-scanning)" + run: exit 1 diff --git a/pr-checks/checks/with-checkout-path.yml b/pr-checks/checks/with-checkout-path.yml index 641dcf2205..d0662be010 100644 --- a/pr-checks/checks/with-checkout-path.yml +++ b/pr-checks/checks/with-checkout-path.yml @@ -37,28 +37,29 @@ steps: - name: Verify SARIF after upload run: | + PAYLOAD_FILE="$RUNNER_TEMP/payload-code-scanning.json" EXPECTED_COMMIT_OID="474bbf07f9247ffe1856c6a0f94aeeb10e7afee6" EXPECTED_REF="v1.1.0" EXPECTED_CHECKOUT_URI_SUFFIX="/x/y/z/some-path/tests/multi-language-repo" - ACTUAL_COMMIT_OID="$(cat "$RUNNER_TEMP/payload.json" | jq -r .commit_oid)" - ACTUAL_REF="$(cat "$RUNNER_TEMP/payload.json" | jq -r .ref)" - ACTUAL_CHECKOUT_URI="$(cat "$RUNNER_TEMP/payload.json" | jq -r .checkout_uri)" + ACTUAL_COMMIT_OID="$(cat "$PAYLOAD_FILE" | jq -r .commit_oid)" + ACTUAL_REF="$(cat "$PAYLOAD_FILE" | jq -r .ref)" + ACTUAL_CHECKOUT_URI="$(cat "$PAYLOAD_FILE" | jq -r .checkout_uri)" if [[ "$EXPECTED_COMMIT_OID" != "$ACTUAL_COMMIT_OID" ]]; then echo "::error Invalid commit oid. Expected: $EXPECTED_COMMIT_OID Actual: $ACTUAL_COMMIT_OID" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi if [[ "$EXPECTED_REF" != "$ACTUAL_REF" ]]; then echo "::error Invalid ref. Expected: '$EXPECTED_REF' Actual: '$ACTUAL_REF'" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi if [[ "$ACTUAL_CHECKOUT_URI" != *$EXPECTED_CHECKOUT_URI_SUFFIX ]]; then echo "::error Invalid checkout URI suffix. Expected suffix: $EXPECTED_CHECKOUT_URI_SUFFIX Actual uri: $ACTUAL_CHECKOUT_URI" - echo "$RUNNER_TEMP/payload.json" + echo "$PAYLOAD_FILE" exit 1 fi diff --git a/src/actions-util.ts b/src/actions-util.ts index 8058e5772d..a2d691b42d 100644 --- a/src/actions-util.ts +++ b/src/actions-util.ts @@ -247,9 +247,14 @@ export function isSelfHostedRunner() { return process.env.RUNNER_ENVIRONMENT === "self-hosted"; } +/** Determines whether the workflow trigger is `dynamic`. */ +export function isDynamicWorkflow(): boolean { + return getWorkflowEventName() === "dynamic"; +} + /** Determines whether we are running in default setup. */ export function isDefaultSetup(): boolean { - return getWorkflowEventName() === "dynamic"; + return isDynamicWorkflow(); } export function prettyPrintInvocation(cmd: string, args: string[]): string { diff --git a/src/codeql.test.ts b/src/codeql.test.ts index a5422b1e38..24d88069b8 100644 --- a/src/codeql.test.ts +++ b/src/codeql.test.ts @@ -74,6 +74,7 @@ async function installIntoToolcache({ cliVersion !== undefined ? { cliVersion, tagName } : SAMPLE_DEFAULT_CLI_VERSION, + createFeatures([]), getRunnerLogger(true), false, ); @@ -122,6 +123,8 @@ async function stubCodeql(): Promise { } test("downloads and caches explicitly requested bundles that aren't in the toolcache", async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -140,6 +143,7 @@ test("downloads and caches explicitly requested bundles that aren't in the toolc tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, getRunnerLogger(true), false, ); @@ -154,6 +158,8 @@ test("downloads and caches explicitly requested bundles that aren't in the toolc }); test("caches semantically versioned bundles using their semantic version number", async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); const url = mockBundleDownloadApi({ @@ -166,6 +172,7 @@ test("caches semantically versioned bundles using their semantic version number" tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, getRunnerLogger(true), false, ); @@ -181,6 +188,8 @@ test("caches semantically versioned bundles using their semantic version number" }); test("downloads an explicitly requested bundle even if a different version is cached", async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -199,6 +208,7 @@ test("downloads an explicitly requested bundle even if a different version is ca tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, getRunnerLogger(true), false, ); @@ -227,6 +237,8 @@ for (const { expectedToolcacheVersion, } of EXPLICITLY_REQUESTED_BUNDLE_TEST_CASES) { test(`caches explicitly requested bundle ${tagName} as ${expectedToolcacheVersion}`, async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -243,6 +255,7 @@ for (const { tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, getRunnerLogger(true), false, ); @@ -266,6 +279,8 @@ for (const toolcacheVersion of [ `uses tools from toolcache when ${SAMPLE_DEFAULT_CLI_VERSION.cliVersion} is requested and ` + `${toolcacheVersion} is installed`, async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -281,6 +296,7 @@ for (const toolcacheVersion of [ tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, getRunnerLogger(true), false, ); @@ -295,6 +311,8 @@ for (const toolcacheVersion of [ } test(`uses a cached bundle when no tools input is given on GHES`, async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -313,6 +331,7 @@ test(`uses a cached bundle when no tools input is given on GHES`, async (t) => { cliVersion: defaults.cliVersion, tagName: defaults.bundleVersion, }, + features, getRunnerLogger(true), false, ); @@ -328,6 +347,8 @@ test(`uses a cached bundle when no tools input is given on GHES`, async (t) => { }); test(`downloads bundle if only an unpinned version is cached on GHES`, async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -349,6 +370,7 @@ test(`downloads bundle if only an unpinned version is cached on GHES`, async (t) cliVersion: defaults.cliVersion, tagName: defaults.bundleVersion, }, + features, getRunnerLogger(true), false, ); @@ -364,6 +386,8 @@ test(`downloads bundle if only an unpinned version is cached on GHES`, async (t) }); test('downloads bundle if "latest" tools specified but not cached', async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -382,6 +406,7 @@ test('downloads bundle if "latest" tools specified but not cached', async (t) => tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, getRunnerLogger(true), false, ); @@ -397,6 +422,8 @@ test('downloads bundle if "latest" tools specified but not cached', async (t) => }); test("bundle URL from another repo is cached as 0.0.0-bundleVersion", async (t) => { + const features = createFeatures([]); + await util.withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -417,6 +444,7 @@ test("bundle URL from another repo is cached as 0.0.0-bundleVersion", async (t) tmpDir, util.GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, getRunnerLogger(true), false, ); diff --git a/src/codeql.ts b/src/codeql.ts index 16b105a3df..ccb7be08da 100644 --- a/src/codeql.ts +++ b/src/codeql.ts @@ -3,6 +3,7 @@ import * as path from "path"; import * as core from "@actions/core"; import * as toolrunner from "@actions/exec/lib/toolrunner"; +import { RequestError } from "@octokit/request-error"; import * as yaml from "js-yaml"; import { @@ -308,6 +309,7 @@ const CODEQL_VERSION_CACHE_CLEANUP = "2.17.1"; * @param tempDir * @param variant * @param defaultCliVersion + * @param features Information about the features that are enabled. * @param logger * @param checkVersion Whether to check that CodeQL CLI meets the minimum * version requirement. Must be set to true outside tests. @@ -319,6 +321,7 @@ export async function setupCodeQL( tempDir: string, variant: util.GitHubVariant, defaultCliVersion: CodeQLDefaultVersionInfo, + features: FeatureEnablement, logger: Logger, checkVersion: boolean, ): Promise<{ @@ -341,6 +344,7 @@ export async function setupCodeQL( tempDir, variant, defaultCliVersion, + features, logger, ); @@ -370,7 +374,8 @@ export async function setupCodeQL( } catch (e) { const ErrorClass = e instanceof util.ConfigurationError || - (e instanceof Error && e.message.includes("ENOSPC")) // out of disk space + (e instanceof Error && e.message.includes("ENOSPC")) || // out of disk space + (e instanceof RequestError && e.status === 429) // rate limited ? util.ConfigurationError : Error; diff --git a/src/config-utils.ts b/src/config-utils.ts index fe4b392ab2..e6c87bf5a6 100644 --- a/src/config-utils.ts +++ b/src/config-utils.ts @@ -723,7 +723,14 @@ export async function getOverlayDatabaseMode( buildMode !== BuildMode.None && ( await Promise.all( - languages.map(async (l) => await codeql.isTracedLanguage(l)), + languages.map( + async (l) => + l !== KnownLanguage.go && // Workaround to allow overlay analysis for Go with any build + // mode, since it does not yet support BMN. The Go autobuilder and/or extractor will + // ensure that overlay-base databases are only created for supported Go build setups, + // and that we'll fall back to full databases in other cases. + (await codeql.isTracedLanguage(l)), + ), ) ).some(Boolean) ) { diff --git a/src/environment.ts b/src/environment.ts index e1daeedc2d..7f554c7627 100644 --- a/src/environment.ts +++ b/src/environment.ts @@ -128,4 +128,10 @@ export enum EnvVar { * whether the upload is disabled. This is intended for testing and debugging purposes. */ SARIF_DUMP_DIR = "CODEQL_ACTION_SARIF_DUMP_DIR", + + /** + * Whether to skip uploading SARIF results to GitHub. Intended for testing purposes. + * This setting is more specific than `CODEQL_ACTION_TEST_MODE`, which implies this option. + */ + SKIP_SARIF_UPLOAD = "CODEQL_ACTION_SKIP_SARIF_UPLOAD", } diff --git a/src/feature-flags.ts b/src/feature-flags.ts index 2938f5108c..3a548ffa1a 100644 --- a/src/feature-flags.ts +++ b/src/feature-flags.ts @@ -43,6 +43,7 @@ export interface FeatureEnablement { * Legacy features should end with `_enabled`. */ export enum Feature { + AllowToolcacheInput = "allow_toolcache_input", CleanupTrapCaches = "cleanup_trap_caches", CppDependencyInstallation = "cpp_dependency_installation_enabled", DiffInformedQueries = "diff_informed_queries", @@ -73,9 +74,9 @@ export enum Feature { OverlayAnalysisRust = "overlay_analysis_rust", OverlayAnalysisSwift = "overlay_analysis_swift", PythonDefaultIsToNotExtractStdlib = "python_default_is_to_not_extract_stdlib", - UseRepositoryProperties = "use_repository_properties", QaTelemetryEnabled = "qa_telemetry_enabled", ResolveSupportedLanguagesUsingCli = "resolve_supported_languages_using_cli", + UseRepositoryProperties = "use_repository_properties", } export const featureConfig: Record< @@ -109,6 +110,11 @@ export const featureConfig: Record< toolsFeature?: ToolsFeature; } > = { + [Feature.AllowToolcacheInput]: { + defaultValue: false, + envVar: "CODEQL_ACTION_ALLOW_TOOLCACHE_INPUT", + minimumVersion: undefined, + }, [Feature.CleanupTrapCaches]: { defaultValue: false, envVar: "CODEQL_ACTION_CLEANUP_TRAP_CACHES", diff --git a/src/init-action-post-helper.ts b/src/init-action-post-helper.ts index 97bf21adac..7d46095e91 100644 --- a/src/init-action-post-helper.ts +++ b/src/init-action-post-helper.ts @@ -19,8 +19,8 @@ import { delay, getErrorMessage, getRequiredEnvParam, - isInTestMode, parseMatrixInput, + shouldSkipSarifUpload, wrapError, } from "./util"; import { @@ -81,7 +81,7 @@ async function maybeUploadFailedSarif( !["always", "failure-only"].includes( actionsUtil.getUploadValue(shouldUpload), ) || - isInTestMode() + shouldSkipSarifUpload() ) { return { upload_failed_run_skipped_because: "SARIF upload is disabled" }; } diff --git a/src/init-action.ts b/src/init-action.ts index 114ad6cab1..0dbe957a76 100644 --- a/src/init-action.ts +++ b/src/init-action.ts @@ -248,6 +248,7 @@ async function run() { getTemporaryDirectory(), gitHubVersion.type, codeQLDefaultVersionInfo, + features, logger, ); codeql = initCodeQLResult.codeql; diff --git a/src/init.ts b/src/init.ts index 687afc1227..7ca6a3e39d 100644 --- a/src/init.ts +++ b/src/init.ts @@ -9,7 +9,7 @@ import { getOptionalInput, isSelfHostedRunner } from "./actions-util"; import { GitHubApiDetails } from "./api-client"; import { CodeQL, setupCodeQL } from "./codeql"; import * as configUtils from "./config-utils"; -import { CodeQLDefaultVersionInfo } from "./feature-flags"; +import { CodeQLDefaultVersionInfo, FeatureEnablement } from "./feature-flags"; import { KnownLanguage, Language } from "./languages"; import { Logger, withGroupAsync } from "./logging"; import { ToolsSource } from "./setup-codeql"; @@ -23,6 +23,7 @@ export async function initCodeQL( tempDir: string, variant: util.GitHubVariant, defaultCliVersion: CodeQLDefaultVersionInfo, + features: FeatureEnablement, logger: Logger, ): Promise<{ codeql: CodeQL; @@ -44,6 +45,7 @@ export async function initCodeQL( tempDir, variant, defaultCliVersion, + features, logger, true, ); diff --git a/src/setup-codeql.test.ts b/src/setup-codeql.test.ts index 6e4a1dc072..3046b6ff56 100644 --- a/src/setup-codeql.test.ts +++ b/src/setup-codeql.test.ts @@ -1,6 +1,7 @@ import * as path from "path"; -import test from "ava"; +import * as toolcache from "@actions/tool-cache"; +import test, { ExecutionContext } from "ava"; import * as sinon from "sinon"; import * as actionsUtil from "./actions-util"; @@ -12,6 +13,7 @@ import { LoggedMessage, SAMPLE_DEFAULT_CLI_VERSION, SAMPLE_DOTCOM_API_DETAILS, + createFeatures, getRecordingLogger, initializeFeatures, mockBundleDownloadApi, @@ -90,6 +92,8 @@ test("getCodeQLActionRepository", (t) => { }); test("getCodeQLSource sets CLI version for a semver tagged bundle", async (t) => { + const features = createFeatures([]); + await withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); const tagName = "codeql-bundle-v1.2.3"; @@ -100,6 +104,7 @@ test("getCodeQLSource sets CLI version for a semver tagged bundle", async (t) => SAMPLE_DOTCOM_API_DETAILS, GitHubVariant.DOTCOM, false, + features, getRunnerLogger(true), ); @@ -109,6 +114,8 @@ test("getCodeQLSource sets CLI version for a semver tagged bundle", async (t) => }); test("getCodeQLSource correctly returns bundled CLI version when tools == linked", async (t) => { + const features = createFeatures([]); + await withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); const source = await setupCodeql.getCodeQLSource( @@ -117,6 +124,7 @@ test("getCodeQLSource correctly returns bundled CLI version when tools == linked SAMPLE_DOTCOM_API_DETAILS, GitHubVariant.DOTCOM, false, + features, getRunnerLogger(true), ); @@ -128,6 +136,7 @@ test("getCodeQLSource correctly returns bundled CLI version when tools == linked test("getCodeQLSource correctly returns bundled CLI version when tools == latest", async (t) => { const loggedMessages: LoggedMessage[] = []; const logger = getRecordingLogger(loggedMessages); + const features = createFeatures([]); await withTmpDir(async (tmpDir) => { setupActionsVars(tmpDir, tmpDir); @@ -137,6 +146,7 @@ test("getCodeQLSource correctly returns bundled CLI version when tools == latest SAMPLE_DOTCOM_API_DETAILS, GitHubVariant.DOTCOM, false, + features, logger, ); @@ -161,6 +171,7 @@ test("getCodeQLSource correctly returns bundled CLI version when tools == latest test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to use linked tools", async (t) => { const loggedMessages: LoggedMessage[] = []; const logger = getRecordingLogger(loggedMessages); + const features = createFeatures([]); // Stub the downloadCodeQL function to prevent downloading artefacts // during testing from being called. @@ -185,6 +196,7 @@ test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to use "tmp/codeql_action_test/", GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, logger, ); @@ -207,6 +219,7 @@ test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to use test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to download a non-default bundle", async (t) => { const loggedMessages: LoggedMessage[] = []; const logger = getRecordingLogger(loggedMessages); + const features = createFeatures([]); const bundleUrl = "https://github.com/github/codeql-action/releases/download/codeql-bundle-v2.16.0/codeql-bundle-linux64.tar.gz"; @@ -235,6 +248,7 @@ test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to dow "tmp/codeql_action_test/", GitHubVariant.DOTCOM, SAMPLE_DEFAULT_CLI_VERSION, + features, logger, ); @@ -254,6 +268,160 @@ test("setupCodeQLBundle logs the CodeQL CLI version being used when asked to dow }); }); +test("getCodeQLSource correctly returns latest version from toolcache when tools == toolcache", async (t) => { + const loggedMessages: LoggedMessage[] = []; + const logger = getRecordingLogger(loggedMessages); + const features = createFeatures([Feature.AllowToolcacheInput]); + + process.env["GITHUB_EVENT_NAME"] = "dynamic"; + + const latestToolcacheVersion = "3.2.1"; + const latestVersionPath = "/path/to/latest"; + const testVersions = ["2.3.1", latestToolcacheVersion, "1.2.3"]; + const findAllVersionsStub = sinon + .stub(toolcache, "findAllVersions") + .returns(testVersions); + const findStub = sinon.stub(toolcache, "find"); + findStub + .withArgs("CodeQL", latestToolcacheVersion) + .returns(latestVersionPath); + + await withTmpDir(async (tmpDir) => { + setupActionsVars(tmpDir, tmpDir); + const source = await setupCodeql.getCodeQLSource( + "toolcache", + SAMPLE_DEFAULT_CLI_VERSION, + SAMPLE_DOTCOM_API_DETAILS, + GitHubVariant.DOTCOM, + false, + features, + logger, + ); + + // Check that the toolcache functions were called with the expected arguments + t.assert( + findAllVersionsStub.calledOnceWith("CodeQL"), + `toolcache.findAllVersions("CodeQL") wasn't called`, + ); + t.assert( + findStub.calledOnceWith("CodeQL", latestToolcacheVersion), + `toolcache.find("CodeQL", ${latestToolcacheVersion}) wasn't called`, + ); + + // Check that `sourceType` and `toolsVersion` match expectations. + t.is(source.sourceType, "toolcache"); + t.is(source.toolsVersion, latestToolcacheVersion); + + // Check that key messages we would expect to find in the log are present. + const expectedMessages: string[] = [ + `Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: toolcache'.`, + `CLI version ${latestToolcacheVersion} is the latest version in the toolcache.`, + `Using CodeQL CLI version ${latestToolcacheVersion} from toolcache at ${latestVersionPath}`, + ]; + for (const expectedMessage of expectedMessages) { + t.assert( + loggedMessages.some( + (msg) => + typeof msg.message === "string" && + msg.message.includes(expectedMessage), + ), + `Expected '${expectedMessage}' in the logger output, but didn't find it in:\n ${loggedMessages.map((m) => ` - '${m.message}'`).join("\n")}`, + ); + } + }); +}); + +const toolcacheInputFallbackMacro = test.macro({ + exec: async ( + t: ExecutionContext, + featureList: Feature[], + environment: Record, + testVersions: string[], + expectedMessages: string[], + ) => { + const loggedMessages: LoggedMessage[] = []; + const logger = getRecordingLogger(loggedMessages); + const features = createFeatures(featureList); + + for (const [k, v] of Object.entries(environment)) { + process.env[k] = v; + } + + const findAllVersionsStub = sinon + .stub(toolcache, "findAllVersions") + .returns(testVersions); + + await withTmpDir(async (tmpDir) => { + setupActionsVars(tmpDir, tmpDir); + const source = await setupCodeql.getCodeQLSource( + "toolcache", + SAMPLE_DEFAULT_CLI_VERSION, + SAMPLE_DOTCOM_API_DETAILS, + GitHubVariant.DOTCOM, + false, + features, + logger, + ); + + // Check that the toolcache functions were called with the expected arguments + t.assert( + findAllVersionsStub.calledWith("CodeQL"), + `toolcache.findAllVersions("CodeQL") wasn't called`, + ); + + // Check that `sourceType` and `toolsVersion` match expectations. + t.is(source.sourceType, "download"); + t.is(source.toolsVersion, SAMPLE_DEFAULT_CLI_VERSION.cliVersion); + + // Check that key messages we would expect to find in the log are present. + for (const expectedMessage of expectedMessages) { + t.assert( + loggedMessages.some( + (msg) => + typeof msg.message === "string" && + msg.message.includes(expectedMessage), + ), + `Expected '${expectedMessage}' in the logger output, but didn't find it in:\n ${loggedMessages.map((m) => ` - '${m.message}'`).join("\n")}`, + ); + } + }); + }, + title: (providedTitle = "") => + `getCodeQLSource falls back to downloading the CLI if ${providedTitle}`, +}); + +test( + "the toolcache doesn't have a CodeQL CLI when tools == toolcache", + toolcacheInputFallbackMacro, + [Feature.AllowToolcacheInput], + { GITHUB_EVENT_NAME: "dynamic" }, + [], + [ + `Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: toolcache'.`, + `Found no CodeQL CLI in the toolcache, ignoring 'tools: toolcache'...`, + ], +); + +test( + "the workflow trigger is not `dynamic`", + toolcacheInputFallbackMacro, + [Feature.AllowToolcacheInput], + { GITHUB_EVENT_NAME: "pull_request" }, + [], + [ + `Ignoring 'tools: toolcache' because the workflow was not triggered dynamically.`, + ], +); + +test( + "the feature flag is not enabled", + toolcacheInputFallbackMacro, + [], + { GITHUB_EVENT_NAME: "dynamic" }, + [], + [`Ignoring 'tools: toolcache' because the feature is not enabled.`], +); + test('tryGetTagNameFromUrl extracts the right tag name for a repo name containing "codeql-bundle"', (t) => { t.is( setupCodeql.tryGetTagNameFromUrl( @@ -263,3 +431,15 @@ test('tryGetTagNameFromUrl extracts the right tag name for a repo name containin "codeql-bundle-v2.19.0", ); }); + +test("getLatestToolcacheVersion returns undefined if there are no CodeQL CLIs in the toolcache", (t) => { + sinon.stub(toolcache, "findAllVersions").returns([]); + t.is(setupCodeql.getLatestToolcacheVersion(getRunnerLogger(true)), undefined); +}); + +test("getLatestToolcacheVersion returns latest version in the toolcache", (t) => { + const testVersions = ["2.3.1", "3.2.1", "1.2.3"]; + sinon.stub(toolcache, "findAllVersions").returns(testVersions); + + t.is(setupCodeql.getLatestToolcacheVersion(getRunnerLogger(true)), "3.2.1"); +}); diff --git a/src/setup-codeql.ts b/src/setup-codeql.ts index 127bb1b930..9ee0c4b82a 100644 --- a/src/setup-codeql.ts +++ b/src/setup-codeql.ts @@ -7,12 +7,14 @@ import { default as deepEqual } from "fast-deep-equal"; import * as semver from "semver"; import { v4 as uuidV4 } from "uuid"; -import { isRunningLocalAction } from "./actions-util"; +import { isDynamicWorkflow, isRunningLocalAction } from "./actions-util"; import * as api from "./api-client"; import * as defaults from "./defaults.json"; import { CODEQL_VERSION_ZSTD_BUNDLE, CodeQLDefaultVersionInfo, + Feature, + FeatureEnablement, } from "./feature-flags"; import { Logger } from "./logging"; import * as tar from "./tar"; @@ -38,6 +40,7 @@ const CODEQL_NIGHTLIES_REPOSITORY_NAME = "codeql-cli-nightlies"; const CODEQL_BUNDLE_VERSION_ALIAS: string[] = ["linked", "latest"]; const CODEQL_NIGHTLY_TOOLS_INPUTS = ["nightly", "nightly-latest"]; +const CODEQL_TOOLCACHE_INPUT = "toolcache"; function getCodeQLBundleExtension( compressionMethod: tar.CompressionMethod, @@ -275,6 +278,7 @@ export async function getCodeQLSource( apiDetails: api.GitHubApiDetails, variant: util.GitHubVariant, tarSupportsZstd: boolean, + features: FeatureEnablement, logger: Logger, ): Promise { if ( @@ -346,6 +350,54 @@ export async function getCodeQLSource( "`tools: latest` has been renamed to `tools: linked`, but the old name is still supported. No action is required.", ); } + } else if ( + toolsInput !== undefined && + toolsInput === CODEQL_TOOLCACHE_INPUT + ) { + let latestToolcacheVersion: string | undefined; + + // We only allow `toolsInput === "toolcache"` for `dynamic` events. In general, using `toolsInput === "toolcache"` + // can lead to alert wobble and so it shouldn't be used for an analysis where results are intended to be uploaded. + // We also allow this in test mode. + const allowToolcacheValueFF = await features.getValue( + Feature.AllowToolcacheInput, + ); + const allowToolcacheValue = + allowToolcacheValueFF && (isDynamicWorkflow() || util.isInTestMode()); + if (allowToolcacheValue) { + // If `toolsInput === "toolcache"`, try to find the latest version of the CLI that's available in the toolcache + // and use that. We perform this check here since we can set `cliVersion` directly and don't want to default to + // the linked version. + logger.info( + `Attempting to use the latest CodeQL CLI version in the toolcache, as requested by 'tools: ${toolsInput}'.`, + ); + + latestToolcacheVersion = getLatestToolcacheVersion(logger); + if (latestToolcacheVersion) { + cliVersion = latestToolcacheVersion; + } + } + + if (latestToolcacheVersion === undefined) { + if (allowToolcacheValue) { + logger.info( + `Found no CodeQL CLI in the toolcache, ignoring 'tools: ${toolsInput}'...`, + ); + } else { + if (allowToolcacheValueFF) { + logger.warning( + `Ignoring 'tools: ${toolsInput}' because the workflow was not triggered dynamically.`, + ); + } else { + logger.info( + `Ignoring 'tools: ${toolsInput}' because the feature is not enabled.`, + ); + } + } + + cliVersion = defaultCliVersion.cliVersion; + tagName = defaultCliVersion.tagName; + } } else if (toolsInput !== undefined) { // If a tools URL was provided, then use that. tagName = tryGetTagNameFromUrl(toolsInput, logger); @@ -696,6 +748,7 @@ export async function setupCodeQLBundle( tempDir: string, variant: util.GitHubVariant, defaultCliVersion: CodeQLDefaultVersionInfo, + features: FeatureEnablement, logger: Logger, ) { if (!(await util.isBinaryAccessible("tar", logger))) { @@ -711,6 +764,7 @@ export async function setupCodeQLBundle( apiDetails, variant, zstdAvailability.available, + features, logger, ); @@ -816,9 +870,38 @@ async function getNightlyToolsUrl(logger: Logger) { } } +/** + * Gets the latest version of the CodeQL CLI that is available in the toolcache, or `undefined` + * if no CodeQL CLI is available in the toolcache. + * + * @param logger The logger to use. + * @returns The latest version of the CodeQL CLI that is available in the toolcache, or `undefined` if there is none. + */ +export function getLatestToolcacheVersion(logger: Logger): string | undefined { + const allVersions = toolcache + .findAllVersions("CodeQL") + .sort((a, b) => semver.compare(b, a)); + logger.debug( + `Found the following versions of the CodeQL tools in the toolcache: ${JSON.stringify( + allVersions, + )}.`, + ); + + if (allVersions.length > 0) { + const latestToolcacheVersion = allVersions[0]; + logger.info( + `CLI version ${latestToolcacheVersion} is the latest version in the toolcache.`, + ); + return latestToolcacheVersion; + } + + return undefined; +} + function isReservedToolsValue(tools: string): boolean { return ( CODEQL_BUNDLE_VERSION_ALIAS.includes(tools) || - CODEQL_NIGHTLY_TOOLS_INPUTS.includes(tools) + CODEQL_NIGHTLY_TOOLS_INPUTS.includes(tools) || + tools === CODEQL_TOOLCACHE_INPUT ); } diff --git a/src/start-proxy-action.ts b/src/start-proxy-action.ts index 966c954b44..013382716b 100644 --- a/src/start-proxy-action.ts +++ b/src/start-proxy-action.ts @@ -7,11 +7,14 @@ import { pki } from "node-forge"; import * as actionsUtil from "./actions-util"; import { getApiDetails, getAuthorizationHeaderFor } from "./api-client"; +import { Config } from "./config-utils"; +import { KnownLanguage } from "./languages"; import { getActionsLogger, Logger } from "./logging"; import { Credential, getCredentials, getDownloadUrl, + parseLanguage, UPDATEJOB_PROXY, } from "./start-proxy"; import { @@ -98,6 +101,7 @@ interface StartProxyStatus extends StatusReportBase { async function sendSuccessStatusReport( startedAt: Date, + config: Partial, registry_types: string[], logger: Logger, ) { @@ -105,7 +109,7 @@ async function sendSuccessStatusReport( ActionName.StartProxy, "success", startedAt, - undefined, + config, await util.checkDiskUsage(logger), logger, ); @@ -125,6 +129,7 @@ async function runWrapper() { actionsUtil.persistInputs(); const logger = getActionsLogger(); + let language: KnownLanguage | undefined; try { // Setup logging for the proxy @@ -133,11 +138,13 @@ async function runWrapper() { core.saveState("proxy-log-file", proxyLogFilePath); // Get the configuration options + const languageInput = actionsUtil.getOptionalInput("language"); + language = languageInput ? parseLanguage(languageInput) : undefined; const credentials = getCredentials( logger, actionsUtil.getOptionalInput("registry_secrets"), actionsUtil.getOptionalInput("registries_credentials"), - actionsUtil.getOptionalInput("language"), + language, ); if (credentials.length === 0) { @@ -165,6 +172,9 @@ async function runWrapper() { // Report success if we have reached this point. await sendSuccessStatusReport( startedAt, + { + languages: language && [language], + }, proxyConfig.all_credentials.map((c) => c.type), logger, ); @@ -178,7 +188,9 @@ async function runWrapper() { ActionName.StartProxy, getActionsStatus(error), startedAt, - undefined, + { + languages: language && [language], + }, await util.checkDiskUsage(logger), logger, ); diff --git a/src/start-proxy.test.ts b/src/start-proxy.test.ts index dfd55d72fc..edd1377c00 100644 --- a/src/start-proxy.test.ts +++ b/src/start-proxy.test.ts @@ -109,7 +109,7 @@ test("getCredentials filters by language when specified", async (t) => { getRunnerLogger(true), undefined, toEncodedJSON(mixedCredentials), - "java", + KnownLanguage.java, ); t.is(credentials.length, 1); t.is(credentials[0].type, "maven_repository"); @@ -120,7 +120,7 @@ test("getCredentials returns all for a language when specified", async (t) => { getRunnerLogger(true), undefined, toEncodedJSON(mixedCredentials), - "go", + KnownLanguage.go, ); t.is(credentials.length, 2); diff --git a/src/start-proxy.ts b/src/start-proxy.ts index dd1e443b76..2888e1a58d 100644 --- a/src/start-proxy.ts +++ b/src/start-proxy.ts @@ -79,9 +79,8 @@ export function getCredentials( logger: Logger, registrySecrets: string | undefined, registriesCredentials: string | undefined, - languageString: string | undefined, + language: KnownLanguage | undefined, ): Credential[] { - const language = languageString ? parseLanguage(languageString) : undefined; const registryTypeForLanguage = language ? LANGUAGE_TO_REGISTRY_TYPE[language] : undefined; diff --git a/src/status-report.test.ts b/src/status-report.test.ts index b535ef2126..8421dcceef 100644 --- a/src/status-report.test.ts +++ b/src/status-report.test.ts @@ -92,6 +92,49 @@ test("createStatusReportBase", async (t) => { }); }); +test("createStatusReportBase - empty configuration", async (t) => { + await withTmpDir(async (tmpDir: string) => { + setupEnvironmentAndStub(tmpDir); + + const statusReport = await createStatusReportBase( + ActionName.StartProxy, + "success", + new Date("May 19, 2023 05:19:00"), + {}, + { numAvailableBytes: 100, numTotalBytes: 500 }, + getRunnerLogger(false), + ); + + if (t.truthy(statusReport)) { + t.is(statusReport.action_name, ActionName.StartProxy); + t.is(statusReport.status, "success"); + } + }); +}); + +test("createStatusReportBase - partial configuration", async (t) => { + await withTmpDir(async (tmpDir: string) => { + setupEnvironmentAndStub(tmpDir); + + const statusReport = await createStatusReportBase( + ActionName.StartProxy, + "success", + new Date("May 19, 2023 05:19:00"), + { + languages: ["go"], + }, + { numAvailableBytes: 100, numTotalBytes: 500 }, + getRunnerLogger(false), + ); + + if (t.truthy(statusReport)) { + t.is(statusReport.action_name, ActionName.StartProxy); + t.is(statusReport.status, "success"); + t.is(statusReport.languages, "go"); + } + }); +}); + test("createStatusReportBase_firstParty", async (t) => { await withTmpDir(async (tmpDir: string) => { setupEnvironmentAndStub(tmpDir); diff --git a/src/status-report.ts b/src/status-report.ts index 9bfd14677d..46b16a5ef1 100644 --- a/src/status-report.ts +++ b/src/status-report.ts @@ -260,7 +260,7 @@ export async function createStatusReportBase( actionName: ActionName, status: ActionStatus, actionStartedAt: Date, - config: Config | undefined, + config: Partial | undefined, diskInfo: DiskUsage | undefined, logger: Logger, cause?: string, @@ -299,7 +299,7 @@ export async function createStatusReportBase( action_ref: actionRef, action_started_at: actionStartedAt.toISOString(), action_version: getActionVersion(), - analysis_kinds: config?.analysisKinds.join(","), + analysis_kinds: config?.analysisKinds?.join(","), analysis_key, build_mode: config?.buildMode, commit_oid: commitOid, @@ -324,7 +324,7 @@ export async function createStatusReportBase( } if (config) { - statusReport.languages = config.languages.join(","); + statusReport.languages = config.languages?.join(","); } if (diskInfo) { diff --git a/src/upload-lib.test.ts b/src/upload-lib.test.ts index a1fdf218e1..7a5be6382f 100644 --- a/src/upload-lib.test.ts +++ b/src/upload-lib.test.ts @@ -1,9 +1,14 @@ import * as fs from "fs"; import * as path from "path"; +import * as github from "@actions/github"; +import { HTTPError } from "@actions/tool-cache"; import test from "ava"; +import * as sinon from "sinon"; +import * as analyses from "./analyses"; import { AnalysisKind, CodeQuality, CodeScanning } from "./analyses"; +import * as api from "./api-client"; import { getRunnerLogger, Logger } from "./logging"; import { setupTests } from "./testing-utils"; import * as uploadLib from "./upload-lib"; @@ -867,3 +872,91 @@ function createMockSarif(id?: string, tool?: string) { ], }; } + +function uploadPayloadFixtures(analysis: analyses.AnalysisConfig) { + const mockData = { + payload: { sarif: "base64data", commit_sha: "abc123" }, + owner: "test-owner", + repo: "test-repo", + response: { + status: 200, + data: { id: "uploaded-sarif-id" }, + headers: {}, + url: analysis.target, + }, + }; + const client = github.getOctokit("123"); + sinon.stub(api, "getApiClient").value(() => client); + const requestStub = sinon.stub(client, "request"); + + const upload = async () => + uploadLib.uploadPayload( + mockData.payload, + { + owner: mockData.owner, + repo: mockData.repo, + }, + getRunnerLogger(true), + analysis, + ); + + return { + upload, + requestStub, + mockData, + }; +} + +for (const analysis of [CodeScanning, CodeQuality]) { + test(`uploadPayload on ${analysis.name} uploads successfully`, async (t) => { + const { upload, requestStub, mockData } = uploadPayloadFixtures(analysis); + requestStub + .withArgs(analysis.target, { + owner: mockData.owner, + repo: mockData.repo, + data: mockData.payload, + }) + .onFirstCall() + .returns(Promise.resolve(mockData.response)); + const result = await upload(); + t.is(result, mockData.response.data.id); + t.true(requestStub.calledOnce); + }); + + for (const envVar of [ + "CODEQL_ACTION_SKIP_SARIF_UPLOAD", + "CODEQL_ACTION_TEST_MODE", + ]) { + test(`uploadPayload on ${analysis.name} skips upload when ${envVar} is set`, async (t) => { + const { upload, requestStub, mockData } = uploadPayloadFixtures(analysis); + await withTmpDir(async (tmpDir) => { + process.env.RUNNER_TEMP = tmpDir; + process.env[envVar] = "true"; + const result = await upload(); + t.is(result, "dummy-sarif-id"); + t.false(requestStub.called); + + const payloadFile = path.join(tmpDir, `payload-${analysis.kind}.json`); + t.true(fs.existsSync(payloadFile)); + + const savedPayload = JSON.parse(fs.readFileSync(payloadFile, "utf8")); + t.deepEqual(savedPayload, mockData.payload); + }); + }); + } + + test(`uploadPayload on ${analysis.name} wraps request errors using wrapApiConfigurationError`, async (t) => { + const { upload, requestStub } = uploadPayloadFixtures(analysis); + const wrapApiConfigurationErrorStub = sinon.stub( + api, + "wrapApiConfigurationError", + ); + const originalError = new HTTPError(404); + const wrappedError = new Error("Wrapped error message"); + requestStub.rejects(originalError); + wrapApiConfigurationErrorStub.withArgs(originalError).returns(wrappedError); + await t.throwsAsync(upload, { + is: wrappedError, + }); + }); +} diff --git a/src/upload-lib.ts b/src/upload-lib.ts index cfa362b678..26ae88f32f 100644 --- a/src/upload-lib.ts +++ b/src/upload-lib.ts @@ -262,6 +262,7 @@ async function combineSarifFilesUsingCLI( tempDir, gitHubVersion.type, codeQLDefaultVersionInfo, + features, logger, ); @@ -346,34 +347,36 @@ function getAutomationID( return api.computeAutomationID(analysis_key, environment); } -// Upload the given payload. -// If the request fails then this will retry a small number of times. -async function uploadPayload( +/** + * Upload the given payload. + * If the request fails then this will retry a small number of times. + * This is exported for testing purposes only. + */ +export async function uploadPayload( payload: any, repositoryNwo: RepositoryNwo, logger: Logger, - target: analyses.SARIF_UPLOAD_ENDPOINT, + analysis: analyses.AnalysisConfig, ): Promise { logger.info("Uploading results"); - // If in test mode we don't want to upload the results - if (util.isInTestMode()) { + if (util.shouldSkipSarifUpload()) { const payloadSaveFile = path.join( actionsUtil.getTemporaryDirectory(), - "payload.json", + `payload-${analysis.kind}.json`, ); logger.info( - `In test mode. Results are not uploaded. Saving to ${payloadSaveFile}`, + `SARIF upload disabled by an environment variable. Saving to ${payloadSaveFile}`, ); logger.info(`Payload: ${JSON.stringify(payload, null, 2)}`); fs.writeFileSync(payloadSaveFile, JSON.stringify(payload, null, 2)); - return "test-mode-sarif-id"; + return "dummy-sarif-id"; } const client = api.getApiClient(); try { - const response = await client.request(target, { + const response = await client.request(analysis.target, { owner: repositoryNwo.owner, repo: repositoryNwo.repo, data: payload, @@ -807,7 +810,7 @@ export async function uploadSpecifiedFiles( payload, getRepositoryNwo(), logger, - uploadTarget.target, + uploadTarget, ); logger.endGroup(); diff --git a/src/upload-sarif-action.ts b/src/upload-sarif-action.ts index b9eced9d39..a2ef43eb44 100644 --- a/src/upload-sarif-action.ts +++ b/src/upload-sarif-action.ts @@ -23,7 +23,7 @@ import { checkDiskUsage, getErrorMessage, initializeEnvironment, - isInTestMode, + shouldSkipSarifUpload, wrapError, } from "./util"; @@ -113,8 +113,10 @@ async function run() { core.setOutput("sarif-ids", JSON.stringify(uploadResults)); // We don't upload results in test mode, so don't wait for processing - if (isInTestMode()) { - core.debug("In test mode. Waiting for processing is disabled."); + if (shouldSkipSarifUpload()) { + core.debug( + "SARIF upload disabled by an environment variable. Waiting for processing is disabled.", + ); } else if (actionsUtil.getRequiredInput("wait-for-processing") === "true") { if (codeScanningResult !== undefined) { await upload_lib.waitForProcessing( diff --git a/src/util.ts b/src/util.ts index e7c29ed12e..e1f7a15ecc 100644 --- a/src/util.ts +++ b/src/util.ts @@ -764,12 +764,19 @@ export function isGoodVersion(versionSpec: string) { /** * Returns whether we are in test mode. This is used by CodeQL Action PR checks. * - * In test mode, we don't upload SARIF results or status reports to the GitHub API. + * In test mode, we skip several uploads (SARIF results, status reports, DBs, ...). */ export function isInTestMode(): boolean { return process.env[EnvVar.TEST_MODE] === "true"; } +/** + * Returns whether we specifically want to skip uploading SARIF files. + */ +export function shouldSkipSarifUpload(): boolean { + return isInTestMode() || process.env[EnvVar.SKIP_SARIF_UPLOAD] === "true"; +} + /** * Get the testing environment. *