diff --git a/init/action.yml b/init/action.yml index 86506f356e..d32045d0f0 100644 --- a/init/action.yml +++ b/init/action.yml @@ -5,7 +5,7 @@ inputs: tools: description: URL of CodeQL tools required: false - default: https://github.com/github/codeql-action/releases/download/codeql-bundle-20200630/codeql-bundle.tar.gz + # If not specified the Action will check in several places until it finds the CodeQL tools. languages: description: The languages to be analysed required: false diff --git a/lib/codeql.js b/lib/codeql.js index 7a9073da6a..8a5d88a0f3 100644 --- a/lib/codeql.js +++ b/lib/codeql.js @@ -6,13 +6,22 @@ var __importStar = (this && this.__importStar) || function (mod) { result["default"] = mod; return result; }; +var __importDefault = (this && this.__importDefault) || function (mod) { + return (mod && mod.__esModule) ? mod : { "default": mod }; +}; Object.defineProperty(exports, "__esModule", { value: true }); const core = __importStar(require("@actions/core")); const exec = __importStar(require("@actions/exec")); +const http = __importStar(require("@actions/http-client")); +const io = __importStar(require("@actions/io")); const toolcache = __importStar(require("@actions/tool-cache")); const fs = __importStar(require("fs")); const path = __importStar(require("path")); const semver = __importStar(require("semver")); +const stream = __importStar(require("stream")); +const globalutil = __importStar(require("util")); +const v4_1 = __importDefault(require("uuid/v4")); +const api = __importStar(require("./api-client")); const util = __importStar(require("./util")); /** * Stores the CodeQL object, and is populated by `setupCodeQL` or `getCodeQL`. @@ -24,16 +33,109 @@ let cachedCodeQL = undefined; * Value is set by setupCodeQL and read by getCodeQL. */ const CODEQL_ACTION_CMD = "CODEQL_ACTION_CMD"; +const CODEQL_BUNDLE_VERSION = "codeql-bundle-20200630"; +const CODEQL_BUNDLE_NAME = "codeql-bundle.tar.gz"; +const GITHUB_DOTCOM_API_URL = "https://api.github.com"; +const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action"; +function getInstanceAPIURL() { + return process.env["GITHUB_API_URL"] || GITHUB_DOTCOM_API_URL; +} +function getCodeQLActionRepository() { + // Actions do not know their own repository name, + // so we currently use this hack to find the name based on where our files are. + // This can be removed once the change to the runner in https://github.com/actions/runner/pull/585 is deployed. + const runnerTemp = util.getRequiredEnvParam("RUNNER_TEMP"); + const actionsDirectory = path.join(path.dirname(runnerTemp), "_actions"); + const relativeScriptPath = path.relative(actionsDirectory, __filename); + // This handles the case where the Action does not come from an Action repository, + // e.g. our integration tests which use the Action code from the current checkout. + if (relativeScriptPath.startsWith("..") || path.isAbsolute(relativeScriptPath)) { + return CODEQL_DEFAULT_ACTION_REPOSITORY; + } + const relativeScriptPathParts = relativeScriptPath.split(path.sep); + return relativeScriptPathParts[0] + "/" + relativeScriptPathParts[1]; +} +async function getCodeQLBundleDownloadURL() { + const codeQLActionRepository = getCodeQLActionRepository(); + const potentialDownloadSources = [ + // This GitHub instance, and this Action. + [getInstanceAPIURL(), codeQLActionRepository], + // This GitHub instance, and the canonical Action. + [getInstanceAPIURL(), CODEQL_DEFAULT_ACTION_REPOSITORY], + // GitHub.com, and the canonical Action. + [GITHUB_DOTCOM_API_URL, CODEQL_DEFAULT_ACTION_REPOSITORY], + ]; + // We now filter out any duplicates. + // Duplicates will happen either because the GitHub instance is GitHub.com, or because the Action is not a fork. + const uniqueDownloadSources = potentialDownloadSources.filter((url, index, self) => index === self.indexOf(url)); + for (let downloadSource of uniqueDownloadSources) { + let [apiURL, repository] = downloadSource; + // If we've reached the final case, short-circuit the API check since we know the bundle exists and is public. + if (apiURL === GITHUB_DOTCOM_API_URL && repository === CODEQL_DEFAULT_ACTION_REPOSITORY) { + break; + } + let [repositoryOwner, repositoryName] = repository.split("/"); + try { + const release = await api.getApiClient().repos.getReleaseByTag({ + owner: repositoryOwner, + repo: repositoryName, + tag: CODEQL_BUNDLE_VERSION + }); + for (let asset of release.data.assets) { + if (asset.name === CODEQL_BUNDLE_NAME) { + core.info(`Found CodeQL bundle in ${downloadSource[1]} on ${downloadSource[0]} with URL ${asset.url}.`); + return asset.url; + } + } + } + catch (e) { + core.info(`Looked for CodeQL bundle in ${downloadSource[1]} on ${downloadSource[0]} but got error ${e}.`); + } + } + return `https://github.com/${CODEQL_DEFAULT_ACTION_REPOSITORY}/releases/download/${CODEQL_BUNDLE_VERSION}/${CODEQL_BUNDLE_NAME}`; +} +// We have to download CodeQL manually because the toolcache doesn't support Accept headers. +// This can be removed once https://github.com/actions/toolkit/pull/530 is merged and released. +async function toolcacheDownloadTool(url, headers) { + const client = new http.HttpClient('CodeQL Action'); + const dest = path.join(util.getRequiredEnvParam('RUNNER_TEMP'), v4_1.default()); + const response = await client.get(url, headers); + if (response.message.statusCode !== 200) { + const err = new toolcache.HTTPError(response.message.statusCode); + core.info(`Failed to download from "${url}". Code(${response.message.statusCode}) Message(${response.message.statusMessage})`); + throw err; + } + const pipeline = globalutil.promisify(stream.pipeline); + await io.mkdirP(path.dirname(dest)); + await pipeline(response.message, fs.createWriteStream(dest)); + return dest; +} async function setupCodeQL() { try { - const codeqlURL = core.getInput('tools', { required: true }); - const codeqlURLVersion = getCodeQLURLVersion(codeqlURL); + let codeqlURL = core.getInput('tools'); + const codeqlURLVersion = getCodeQLURLVersion(codeqlURL || `/${CODEQL_BUNDLE_VERSION}/`); let codeqlFolder = toolcache.find('CodeQL', codeqlURLVersion); if (codeqlFolder) { core.debug(`CodeQL found in cache ${codeqlFolder}`); } else { - const codeqlPath = await toolcache.downloadTool(codeqlURL); + if (!codeqlURL) { + codeqlURL = await getCodeQLBundleDownloadURL(); + } + const headers = { accept: 'application/octet-stream' }; + // We only want to provide an authorization header if we are downloading + // from the same GitHub instance the Action is running on. + // This avoids leaking Enterprise tokens to dotcom. + if (codeqlURL.startsWith(getInstanceAPIURL() + "/")) { + core.debug('Downloading CodeQL bundle with token.'); + let token = core.getInput('token', { required: true }); + headers.authorization = `token ${token}`; + } + else { + core.debug('Downloading CodeQL bundle without token.'); + } + let codeqlPath = await toolcacheDownloadTool(codeqlURL, headers); + core.debug(`CodeQL bundle download to ${codeqlPath} complete.`); const codeqlExtracted = await toolcache.extractTar(codeqlPath); codeqlFolder = await toolcache.cacheDir(codeqlExtracted, 'CodeQL', codeqlURLVersion); } @@ -42,7 +144,7 @@ async function setupCodeQL() { codeqlCmd += ".exe"; } else if (process.platform !== 'linux' && process.platform !== 'darwin') { - throw new Error("Unsupported plaform: " + process.platform); + throw new Error("Unsupported platform: " + process.platform); } cachedCodeQL = getCodeQLForCmd(codeqlCmd); core.exportVariable(CODEQL_ACTION_CMD, codeqlCmd); diff --git a/lib/codeql.js.map b/lib/codeql.js.map index 6a30c4a436..98907c8f70 100644 --- a/lib/codeql.js.map +++ b/lib/codeql.js.map @@ -1 +1 @@ -{"version":3,"file":"codeql.js","sourceRoot":"","sources":["../src/codeql.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AACtC,oDAAsC;AACtC,+DAAiD;AACjD,uCAAyB;AACzB,2CAA6B;AAC7B,+CAAiC;AAEjC,6CAA+B;AAyD/B;;;GAGG;AACH,IAAI,YAAY,GAAuB,SAAS,CAAC;AAEjD;;;GAGG;AACH,MAAM,iBAAiB,GAAG,mBAAmB,CAAC;AAEvC,KAAK,UAAU,WAAW;IAC/B,IAAI;QACF,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;QAC7D,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,SAAS,CAAC,CAAC;QAExD,IAAI,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAC9D,IAAI,YAAY,EAAE;YAChB,IAAI,CAAC,KAAK,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;SACrD;aAAM;YACL,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,YAAY,CAAC,SAAS,CAAC,CAAC;YAC3D,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC/D,YAAY,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;SACtF;QAED,IAAI,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC5D,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,SAAS,IAAI,MAAM,CAAC;SACrB;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE;YACxE,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;SAC7D;QAED,YAAY,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;QAC1C,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;QAClD,OAAO,YAAY,CAAC;KAErB;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;KAC9D;AACH,CAAC;AA7BD,kCA6BC;AAED,SAAgB,mBAAmB,CAAC,GAAW;IAE7C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAClD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;QACtC,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,iCAAiC,CAAC,CAAC;KAC/E;IAED,IAAI,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAEvB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE;QAC1B,IAAI,CAAC,KAAK,CAAC,kBAAkB,OAAO,gEAAgE,OAAO,GAAG,CAAC,CAAC;QAChH,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC;KAC9B;IAED,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAChC,IAAI,CAAC,CAAC,EAAE;QACN,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,iDAAiD,OAAO,UAAU,CAAC,CAAC;KAC/G;IAED,OAAO,CAAC,CAAC;AACX,CAAC;AApBD,kDAoBC;AAED,SAAgB,SAAS;IACvB,IAAI,YAAY,KAAK,SAAS,EAAE;QAC9B,MAAM,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,CAAC;QAC9D,YAAY,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;KAC3C;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAND,8BAMC;AAED,SAAS,eAAe,CAAI,aAA8B,EAAE,UAAkB;IAC5E,IAAI,OAAO,aAAa,CAAC,UAAU,CAAC,KAAK,UAAU,EAAE;QACnD,MAAM,WAAW,GAAG,GAAG,EAAE;YACvB,MAAM,IAAI,KAAK,CAAC,SAAS,GAAG,UAAU,GAAG,+BAA+B,CAAC,CAAC;QAC5E,CAAC,CAAC;QACF,OAAO,WAAkB,CAAC;KAC3B;IACD,OAAO,aAAa,CAAC,UAAU,CAAC,CAAC;AACnC,CAAC;AAED;;;;;GAKG;AACH,SAAgB,SAAS,CAAC,aAA8B;IACtD,YAAY,GAAG;QACb,MAAM,EAAE,eAAe,CAAC,aAAa,EAAE,QAAQ,CAAC;QAChD,YAAY,EAAE,eAAe,CAAC,aAAa,EAAE,cAAc,CAAC;QAC5D,YAAY,EAAE,eAAe,CAAC,aAAa,EAAE,cAAc,CAAC;QAC5D,YAAY,EAAE,eAAe,CAAC,aAAa,EAAE,cAAc,CAAC;QAC5D,YAAY,EAAE,eAAe,CAAC,aAAa,EAAE,cAAc,CAAC;QAC5D,sBAAsB,EAAE,eAAe,CAAC,aAAa,EAAE,wBAAwB,CAAC;QAChF,gBAAgB,EAAE,eAAe,CAAC,aAAa,EAAE,kBAAkB,CAAC;QACpE,cAAc,EAAE,eAAe,CAAC,aAAa,EAAE,gBAAgB,CAAC;QAChE,eAAe,EAAE,eAAe,CAAC,aAAa,EAAE,iBAAiB,CAAC;KACnE,CAAC;AACJ,CAAC;AAZD,8BAYC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,OAAO;QACL,MAAM,EAAE;YACN,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC;QACD,YAAY,EAAE,KAAK;YACjB,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnB,SAAS;gBACT,eAAe;aAChB,CAAC,CAAC;QACL,CAAC;QACD,YAAY,EAAE,KAAK,WAAU,YAAoB,EAAE,YAAgC;YACjF,IAAI,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;YAC/D,MAAM,eAAe,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,kBAAkB,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAChF,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnB,UAAU;gBACV,eAAe;gBACf,YAAY;gBACZ,GAAG,eAAe;gBAClB,OAAO,CAAC,QAAQ;gBAChB,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,eAAe,CAAC;gBACxC,OAAO;aACR,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACvD,CAAC;QACD,YAAY,EAAE,KAAK,WAAU,YAAoB,EAAE,QAAgB,EAAE,UAAkB;YACrF,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnB,UAAU;gBACV,MAAM;gBACN,YAAY;gBACZ,aAAa,GAAG,QAAQ;gBACxB,gBAAgB,GAAG,UAAU;aAC9B,CAAC,CAAC;QACL,CAAC;QACD,YAAY,EAAE,KAAK,WAAU,QAAgB;YAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,cAAc,CAAC;YAChF,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAE9E,+DAA+D;YAC/D,0FAA0F;YAC1F,qDAAqD;YACrD,8EAA8E;YAC9E,gHAAgH;YAChH,IAAI,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,EAAE,CAAC;YAC7D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,wBAAwB,EAAE,+BAA+B,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAE1I,MAAM,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAChC,CAAC;QACD,sBAAsB,EAAE,KAAK,WAAU,YAAoB,EAAE,QAAgB;YAC3E,yBAAyB;YACzB,IAAI,aAAa,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,CAAC,IAAI,CACb,GAAG,EACH;gBACE,SAAS;gBACT,WAAW;gBACX,eAAe;gBACf,aAAa,GAAG,QAAQ;aACzB,EACD;gBACE,MAAM,EAAE,IAAI;gBACZ,SAAS,EAAE;oBACT,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,GAAG,aAAa,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;oBACvD,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;iBAClD;aACF,CAAC,CAAC;YAEL,oBAAoB;YACpB,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;YAC1D,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,OAAO,EAAE,WAAW,GAAG,GAAG,CAAC,CAAC;YAEzF,oBAAoB;YACpB,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnB,UAAU;gBACV,eAAe;gBACf,YAAY;gBACZ,IAAI;gBACJ,YAAY;aACb,CAAC,CAAC;QACL,CAAC;QACD,gBAAgB,EAAE,KAAK,WAAU,YAAoB;YACnD,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnB,UAAU;gBACV,UAAU;gBACV,YAAY;aACb,CAAC,CAAC;QACL,CAAC;QACD,cAAc,EAAE,KAAK,WAAU,OAAiB,EAAE,eAAmC;YACnF,MAAM,UAAU,GAAG;gBACjB,SAAS;gBACT,SAAS;gBACT,GAAG,OAAO;gBACV,qBAAqB;aACtB,CAAC;YACF,IAAI,eAAe,KAAK,SAAS,EAAE;gBACjC,UAAU,CAAC,IAAI,CAAC,eAAe,EAAE,eAAe,CAAC,CAAC;aACnD;YACD,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE;gBAC/B,SAAS,EAAE;oBACT,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;wBACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;oBAC5B,CAAC;iBACF;aACF,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;QACD,eAAe,EAAE,KAAK,WAAU,YAAoB,EAAE,SAAiB,EAAE,UAAkB;YACzF,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnB,UAAU;gBACV,SAAS;gBACT,IAAI,CAAC,aAAa,EAAE;gBACpB,IAAI,CAAC,cAAc,EAAE;gBACrB,YAAY;gBACZ,uBAAuB;gBACvB,WAAW,GAAG,SAAS;gBACvB,yBAAyB;gBACzB,UAAU;aACX,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC"} \ No newline at end of file +{"version":3,"file":"codeql.js","sourceRoot":"","sources":["../src/codeql.ts"],"names":[],"mappings":";;;;;;;;;;;;AAAA,oDAAsC;AACtC,oDAAsC;AACtC,2DAA6C;AAE7C,gDAAkC;AAClC,+DAAiD;AACjD,uCAAyB;AACzB,2CAA6B;AAC7B,+CAAiC;AACjC,+CAAiC;AACjC,iDAAmC;AACnC,iDAA6B;AAE7B,kDAAoC;AACpC,6CAA+B;AAyD/B;;;GAGG;AACH,IAAI,YAAY,GAAuB,SAAS,CAAC;AAEjD;;;GAGG;AACH,MAAM,iBAAiB,GAAG,mBAAmB,CAAC;AAE9C,MAAM,qBAAqB,GAAG,wBAAwB,CAAC;AACvD,MAAM,kBAAkB,GAAG,sBAAsB,CAAC;AAClD,MAAM,qBAAqB,GAAG,wBAAwB,CAAC;AACvD,MAAM,gCAAgC,GAAG,sBAAsB,CAAC;AAEhE,SAAS,iBAAiB;IACxB,OAAO,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,IAAI,qBAAqB,CAAC;AAChE,CAAC;AAED,SAAS,yBAAyB;IAChC,iDAAiD;IACjD,+EAA+E;IAC/E,+GAA+G;IAC/G,MAAM,UAAU,GAAG,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,CAAC;IAC3D,MAAM,gBAAgB,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC,EAAE,UAAU,CAAC,CAAC;IACzE,MAAM,kBAAkB,GAAG,IAAI,CAAC,QAAQ,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;IACvE,kFAAkF;IAClF,kFAAkF;IAClF,IAAI,kBAAkB,CAAC,UAAU,CAAC,IAAI,CAAC,IAAI,IAAI,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE;QAC9E,OAAO,gCAAgC,CAAC;KACzC;IACD,MAAM,uBAAuB,GAAG,kBAAkB,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IACnE,OAAO,uBAAuB,CAAC,CAAC,CAAC,GAAG,GAAG,GAAG,uBAAuB,CAAC,CAAC,CAAC,CAAC;AACvE,CAAC;AAED,KAAK,UAAU,0BAA0B;IACvC,MAAM,sBAAsB,GAAG,yBAAyB,EAAE,CAAC;IAC3D,MAAM,wBAAwB,GAAG;QAC/B,yCAAyC;QACzC,CAAC,iBAAiB,EAAE,EAAE,sBAAsB,CAAC;QAC7C,kDAAkD;QAClD,CAAC,iBAAiB,EAAE,EAAE,gCAAgC,CAAC;QACvD,wCAAwC;QACxC,CAAC,qBAAqB,EAAE,gCAAgC,CAAC;KAC1D,CAAC;IACF,oCAAoC;IACpC,gHAAgH;IAChH,MAAM,qBAAqB,GAAG,wBAAwB,CAAC,MAAM,CAAC,CAAC,GAAG,EAAE,KAAK,EAAE,IAAI,EAAE,EAAE,CAAC,KAAK,KAAK,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,CAAC;IACjH,KAAK,IAAI,cAAc,IAAI,qBAAqB,EAAE;QAChD,IAAI,CAAC,MAAM,EAAE,UAAU,CAAC,GAAG,cAAc,CAAC;QAC1C,8GAA8G;QAC9G,IAAI,MAAM,KAAK,qBAAqB,IAAI,UAAU,KAAK,gCAAgC,EAAE;YACvF,MAAM;SACP;QACD,IAAI,CAAC,eAAe,EAAE,cAAc,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC9D,IAAI;YACF,MAAM,OAAO,GAAG,MAAM,GAAG,CAAC,YAAY,EAAE,CAAC,KAAK,CAAC,eAAe,CAAC;gBAC7D,KAAK,EAAE,eAAe;gBACtB,IAAI,EAAE,cAAc;gBACpB,GAAG,EAAE,qBAAqB;aAC3B,CAAC,CAAC;YACH,KAAK,IAAI,KAAK,IAAI,OAAO,CAAC,IAAI,CAAC,MAAM,EAAE;gBACrC,IAAI,KAAK,CAAC,IAAI,KAAK,kBAAkB,EAAE;oBACrC,IAAI,CAAC,IAAI,CAAC,0BAA0B,cAAc,CAAC,CAAC,CAAC,OAAO,cAAc,CAAC,CAAC,CAAC,aAAa,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC;oBACxG,OAAO,KAAK,CAAC,GAAG,CAAC;iBAClB;aACF;SACF;QAAC,OAAO,CAAC,EAAE;YACV,IAAI,CAAC,IAAI,CAAC,+BAA+B,cAAc,CAAC,CAAC,CAAC,OAAO,cAAc,CAAC,CAAC,CAAC,kBAAkB,CAAC,GAAG,CAAC,CAAC;SAC3G;KACF;IACD,OAAO,sBAAsB,gCAAgC,sBAAsB,qBAAqB,IAAI,kBAAkB,EAAE,CAAC;AACnI,CAAC;AAED,4FAA4F;AAC5F,+FAA+F;AAC/F,KAAK,UAAU,qBAAqB,CAAC,GAAW,EAAE,OAAkB;IAClE,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,UAAU,CAAC,eAAe,CAAC,CAAC;IACpD,MAAM,IAAI,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,CAAC,aAAa,CAAC,EAAE,YAAM,EAAE,CAAC,CAAC;IAC1E,MAAM,QAAQ,GAA4B,MAAM,MAAM,CAAC,GAAG,CAAC,GAAG,EAAE,OAAO,CAAC,CAAC;IACzE,IAAI,QAAQ,CAAC,OAAO,CAAC,UAAU,KAAK,GAAG,EAAE;QACvC,MAAM,GAAG,GAAG,IAAI,SAAS,CAAC,SAAS,CAAC,QAAQ,CAAC,OAAO,CAAC,UAAU,CAAC,CAAC;QACjE,IAAI,CAAC,IAAI,CACP,4BAA4B,GAAG,WAAW,QAAQ,CAAC,OAAO,CAAC,UAAU,aAAa,QAAQ,CAAC,OAAO,CAAC,aAAa,GAAG,CACpH,CAAC;QACF,MAAM,GAAG,CAAC;KACX;IACD,MAAM,QAAQ,GAAG,UAAU,CAAC,SAAS,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IACvD,MAAM,EAAE,CAAC,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC;IACpC,MAAM,QAAQ,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC,CAAC;IAC7D,OAAO,IAAI,CAAC;AACd,CAAC;AAEM,KAAK,UAAU,WAAW;IAC/B,IAAI;QACF,IAAI,SAAS,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;QACvC,MAAM,gBAAgB,GAAG,mBAAmB,CAAC,SAAS,IAAI,IAAI,qBAAqB,GAAG,CAAC,CAAC;QAExF,IAAI,YAAY,GAAG,SAAS,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAC9D,IAAI,YAAY,EAAE;YAChB,IAAI,CAAC,KAAK,CAAC,yBAAyB,YAAY,EAAE,CAAC,CAAC;SACrD;aAAM;YACL,IAAI,CAAC,SAAS,EAAE;gBACd,SAAS,GAAG,MAAM,0BAA0B,EAAE,CAAC;aAChD;YAED,MAAM,OAAO,GAAa,EAAC,MAAM,EAAE,0BAA0B,EAAC,CAAC;YAC/D,wEAAwE;YACxE,0DAA0D;YAC1D,mDAAmD;YACnD,IAAI,SAAS,CAAC,UAAU,CAAC,iBAAiB,EAAE,GAAG,GAAG,CAAC,EAAE;gBACnD,IAAI,CAAC,KAAK,CAAC,uCAAuC,CAAC,CAAC;gBACpD,IAAI,KAAK,GAAG,IAAI,CAAC,QAAQ,CAAC,OAAO,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;gBACvD,OAAO,CAAC,aAAa,GAAG,SAAS,KAAK,EAAE,CAAC;aAC1C;iBAAM;gBACL,IAAI,CAAC,KAAK,CAAC,0CAA0C,CAAC,CAAC;aACxD;YACD,IAAI,UAAU,GAAG,MAAM,qBAAqB,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YACjE,IAAI,CAAC,KAAK,CAAC,6BAA6B,UAAU,YAAY,CAAC,CAAC;YAEhE,MAAM,eAAe,GAAG,MAAM,SAAS,CAAC,UAAU,CAAC,UAAU,CAAC,CAAC;YAC/D,YAAY,GAAG,MAAM,SAAS,CAAC,QAAQ,CAAC,eAAe,EAAE,QAAQ,EAAE,gBAAgB,CAAC,CAAC;SACtF;QAED,IAAI,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAC5D,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,EAAE;YAChC,SAAS,IAAI,MAAM,CAAC;SACrB;aAAM,IAAI,OAAO,CAAC,QAAQ,KAAK,OAAO,IAAI,OAAO,CAAC,QAAQ,KAAK,QAAQ,EAAE;YACxE,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,OAAO,CAAC,QAAQ,CAAC,CAAC;SAC9D;QAED,YAAY,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;QAC1C,IAAI,CAAC,cAAc,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;QAClD,OAAO,YAAY,CAAC;KAErB;IAAC,OAAO,CAAC,EAAE;QACV,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;QACd,MAAM,IAAI,KAAK,CAAC,2CAA2C,CAAC,CAAC;KAC9D;AACH,CAAC;AA9CD,kCA8CC;AAED,SAAgB,mBAAmB,CAAC,GAAW;IAE7C,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAClD,IAAI,KAAK,KAAK,IAAI,IAAI,KAAK,CAAC,MAAM,GAAG,CAAC,EAAE;QACtC,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,iCAAiC,CAAC,CAAC;KAC/E;IAED,IAAI,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;IAEvB,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,EAAE;QAC1B,IAAI,CAAC,KAAK,CAAC,kBAAkB,OAAO,gEAAgE,OAAO,GAAG,CAAC,CAAC;QAChH,OAAO,GAAG,QAAQ,GAAG,OAAO,CAAC;KAC9B;IAED,MAAM,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;IAChC,IAAI,CAAC,CAAC,EAAE;QACN,MAAM,IAAI,KAAK,CAAC,uBAAuB,GAAG,iDAAiD,OAAO,UAAU,CAAC,CAAC;KAC/G;IAED,OAAO,CAAC,CAAC;AACX,CAAC;AApBD,kDAoBC;AAED,SAAgB,SAAS;IACvB,IAAI,YAAY,KAAK,SAAS,EAAE;QAC9B,MAAM,SAAS,GAAG,IAAI,CAAC,mBAAmB,CAAC,iBAAiB,CAAC,CAAC;QAC9D,YAAY,GAAG,eAAe,CAAC,SAAS,CAAC,CAAC;KAC3C;IACD,OAAO,YAAY,CAAC;AACtB,CAAC;AAND,8BAMC;AAED,SAAS,eAAe,CAAI,aAA8B,EAAE,UAAkB;IAC5E,IAAI,OAAO,aAAa,CAAC,UAAU,CAAC,KAAK,UAAU,EAAE;QACnD,MAAM,WAAW,GAAG,GAAG,EAAE;YACvB,MAAM,IAAI,KAAK,CAAC,SAAS,GAAG,UAAU,GAAG,+BAA+B,CAAC,CAAC;QAC5E,CAAC,CAAC;QACF,OAAO,WAAkB,CAAC;KAC3B;IACD,OAAO,aAAa,CAAC,UAAU,CAAC,CAAC;AACnC,CAAC;AAED;;;;;GAKG;AACH,SAAgB,SAAS,CAAC,aAA8B;IACtD,YAAY,GAAG;QACb,MAAM,EAAE,eAAe,CAAC,aAAa,EAAE,QAAQ,CAAC;QAChD,YAAY,EAAE,eAAe,CAAC,aAAa,EAAE,cAAc,CAAC;QAC5D,YAAY,EAAE,eAAe,CAAC,aAAa,EAAE,cAAc,CAAC;QAC5D,YAAY,EAAE,eAAe,CAAC,aAAa,EAAE,cAAc,CAAC;QAC5D,YAAY,EAAE,eAAe,CAAC,aAAa,EAAE,cAAc,CAAC;QAC5D,sBAAsB,EAAE,eAAe,CAAC,aAAa,EAAE,wBAAwB,CAAC;QAChF,gBAAgB,EAAE,eAAe,CAAC,aAAa,EAAE,kBAAkB,CAAC;QACpE,cAAc,EAAE,eAAe,CAAC,aAAa,EAAE,gBAAgB,CAAC;QAChE,eAAe,EAAE,eAAe,CAAC,aAAa,EAAE,iBAAiB,CAAC;KACnE,CAAC;AACJ,CAAC;AAZD,8BAYC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,OAAO;QACL,MAAM,EAAE;YACN,OAAO,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;QAC3B,CAAC;QACD,YAAY,EAAE,KAAK;YACjB,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnB,SAAS;gBACT,eAAe;aAChB,CAAC,CAAC;QACL,CAAC;QACD,YAAY,EAAE,KAAK,WAAU,YAAoB,EAAE,YAAgC;YACjF,IAAI,OAAO,GAAG,IAAI,CAAC,OAAO,CAAC,YAAY,EAAE,SAAS,EAAE,SAAS,CAAC,CAAC;YAC/D,MAAM,eAAe,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,kBAAkB,GAAG,YAAY,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;YAChF,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnB,UAAU;gBACV,eAAe;gBACf,YAAY;gBACZ,GAAG,eAAe;gBAClB,OAAO,CAAC,QAAQ;gBAChB,IAAI,CAAC,OAAO,CAAC,SAAS,EAAE,eAAe,CAAC;gBACxC,OAAO;aACR,CAAC,CAAC;YACH,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;QACvD,CAAC;QACD,YAAY,EAAE,KAAK,WAAU,YAAoB,EAAE,QAAgB,EAAE,UAAkB;YACrF,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnB,UAAU;gBACV,MAAM;gBACN,YAAY;gBACZ,aAAa,GAAG,QAAQ;gBACxB,gBAAgB,GAAG,UAAU;aAC9B,CAAC,CAAC;QACL,CAAC;QACD,YAAY,EAAE,KAAK,WAAU,QAAgB;YAC3C,MAAM,OAAO,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,cAAc,CAAC;YAChF,MAAM,YAAY,GAAG,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;YAE9E,+DAA+D;YAC/D,0FAA0F;YAC1F,qDAAqD;YACrD,8EAA8E;YAC9E,gHAAgH;YAChH,IAAI,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,IAAI,EAAE,CAAC;YAC7D,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,GAAG,CAAC,GAAG,eAAe,CAAC,KAAK,CAAC,KAAK,CAAC,EAAE,wBAAwB,EAAE,+BAA+B,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;YAE1I,MAAM,IAAI,CAAC,IAAI,CAAC,YAAY,CAAC,CAAC;QAChC,CAAC;QACD,sBAAsB,EAAE,KAAK,WAAU,YAAoB,EAAE,QAAgB;YAC3E,yBAAyB;YACzB,IAAI,aAAa,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,CAAC,IAAI,CACb,GAAG,EACH;gBACE,SAAS;gBACT,WAAW;gBACX,eAAe;gBACf,aAAa,GAAG,QAAQ;aACzB,EACD;gBACE,MAAM,EAAE,IAAI;gBACZ,SAAS,EAAE;oBACT,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,GAAG,aAAa,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC,CAAC;oBACvD,MAAM,EAAE,CAAC,IAAI,EAAE,EAAE,GAAG,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;iBAClD;aACF,CAAC,CAAC;YAEL,oBAAoB;YACpB,MAAM,GAAG,GAAG,OAAO,CAAC,QAAQ,KAAK,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC;YAC1D,MAAM,YAAY,GAAG,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,EAAE,OAAO,EAAE,WAAW,GAAG,GAAG,CAAC,CAAC;YAEzF,oBAAoB;YACpB,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnB,UAAU;gBACV,eAAe;gBACf,YAAY;gBACZ,IAAI;gBACJ,YAAY;aACb,CAAC,CAAC;QACL,CAAC;QACD,gBAAgB,EAAE,KAAK,WAAU,YAAoB;YACnD,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnB,UAAU;gBACV,UAAU;gBACV,YAAY;aACb,CAAC,CAAC;QACL,CAAC;QACD,cAAc,EAAE,KAAK,WAAU,OAAiB,EAAE,eAAmC;YACnF,MAAM,UAAU,GAAG;gBACjB,SAAS;gBACT,SAAS;gBACT,GAAG,OAAO;gBACV,qBAAqB;aACtB,CAAC;YACF,IAAI,eAAe,KAAK,SAAS,EAAE;gBACjC,UAAU,CAAC,IAAI,CAAC,eAAe,EAAE,eAAe,CAAC,CAAC;aACnD;YACD,IAAI,MAAM,GAAG,EAAE,CAAC;YAChB,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,UAAU,EAAE;gBAC/B,SAAS,EAAE;oBACT,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;wBACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;oBAC5B,CAAC;iBACF;aACF,CAAC,CAAC;YAEH,OAAO,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC5B,CAAC;QACD,eAAe,EAAE,KAAK,WAAU,YAAoB,EAAE,SAAiB,EAAE,UAAkB;YACzF,MAAM,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACnB,UAAU;gBACV,SAAS;gBACT,IAAI,CAAC,aAAa,EAAE;gBACpB,IAAI,CAAC,cAAc,EAAE;gBACrB,YAAY;gBACZ,uBAAuB;gBACvB,WAAW,GAAG,SAAS;gBACvB,yBAAyB;gBACzB,UAAU;aACX,CAAC,CAAC;QACL,CAAC;KACF,CAAC;AACJ,CAAC"} \ No newline at end of file diff --git a/src/codeql.ts b/src/codeql.ts index 5c16030f7c..4d35cc9025 100644 --- a/src/codeql.ts +++ b/src/codeql.ts @@ -1,10 +1,17 @@ import * as core from '@actions/core'; import * as exec from '@actions/exec'; +import * as http from '@actions/http-client'; +import { IHeaders } from '@actions/http-client/interfaces'; +import * as io from '@actions/io'; import * as toolcache from '@actions/tool-cache'; import * as fs from 'fs'; import * as path from 'path'; import * as semver from 'semver'; +import * as stream from 'stream'; +import * as globalutil from 'util'; +import uuidV4 from 'uuid/v4'; +import * as api from './api-client'; import * as util from './util'; export interface CodeQL { @@ -74,16 +81,116 @@ let cachedCodeQL: CodeQL | undefined = undefined; */ const CODEQL_ACTION_CMD = "CODEQL_ACTION_CMD"; +const CODEQL_BUNDLE_VERSION = "codeql-bundle-20200630"; +const CODEQL_BUNDLE_NAME = "codeql-bundle.tar.gz"; +const GITHUB_DOTCOM_API_URL = "https://api.github.com"; +const CODEQL_DEFAULT_ACTION_REPOSITORY = "github/codeql-action"; + +function getInstanceAPIURL(): string { + return process.env["GITHUB_API_URL"] || GITHUB_DOTCOM_API_URL; +} + +function getCodeQLActionRepository(): string { + // Actions do not know their own repository name, + // so we currently use this hack to find the name based on where our files are. + // This can be removed once the change to the runner in https://github.com/actions/runner/pull/585 is deployed. + const runnerTemp = util.getRequiredEnvParam("RUNNER_TEMP"); + const actionsDirectory = path.join(path.dirname(runnerTemp), "_actions"); + const relativeScriptPath = path.relative(actionsDirectory, __filename); + // This handles the case where the Action does not come from an Action repository, + // e.g. our integration tests which use the Action code from the current checkout. + if (relativeScriptPath.startsWith("..") || path.isAbsolute(relativeScriptPath)) { + return CODEQL_DEFAULT_ACTION_REPOSITORY; + } + const relativeScriptPathParts = relativeScriptPath.split(path.sep); + return relativeScriptPathParts[0] + "/" + relativeScriptPathParts[1]; +} + +async function getCodeQLBundleDownloadURL(): Promise { + const codeQLActionRepository = getCodeQLActionRepository(); + const potentialDownloadSources = [ + // This GitHub instance, and this Action. + [getInstanceAPIURL(), codeQLActionRepository], + // This GitHub instance, and the canonical Action. + [getInstanceAPIURL(), CODEQL_DEFAULT_ACTION_REPOSITORY], + // GitHub.com, and the canonical Action. + [GITHUB_DOTCOM_API_URL, CODEQL_DEFAULT_ACTION_REPOSITORY], + ]; + // We now filter out any duplicates. + // Duplicates will happen either because the GitHub instance is GitHub.com, or because the Action is not a fork. + const uniqueDownloadSources = potentialDownloadSources.filter((url, index, self) => index === self.indexOf(url)); + for (let downloadSource of uniqueDownloadSources) { + let [apiURL, repository] = downloadSource; + // If we've reached the final case, short-circuit the API check since we know the bundle exists and is public. + if (apiURL === GITHUB_DOTCOM_API_URL && repository === CODEQL_DEFAULT_ACTION_REPOSITORY) { + break; + } + let [repositoryOwner, repositoryName] = repository.split("/"); + try { + const release = await api.getApiClient().repos.getReleaseByTag({ + owner: repositoryOwner, + repo: repositoryName, + tag: CODEQL_BUNDLE_VERSION + }); + for (let asset of release.data.assets) { + if (asset.name === CODEQL_BUNDLE_NAME) { + core.info(`Found CodeQL bundle in ${downloadSource[1]} on ${downloadSource[0]} with URL ${asset.url}.`); + return asset.url; + } + } + } catch (e) { + core.info(`Looked for CodeQL bundle in ${downloadSource[1]} on ${downloadSource[0]} but got error ${e}.`); + } + } + return `https://github.com/${CODEQL_DEFAULT_ACTION_REPOSITORY}/releases/download/${CODEQL_BUNDLE_VERSION}/${CODEQL_BUNDLE_NAME}`; +} + +// We have to download CodeQL manually because the toolcache doesn't support Accept headers. +// This can be removed once https://github.com/actions/toolkit/pull/530 is merged and released. +async function toolcacheDownloadTool(url: string, headers?: IHeaders): Promise { + const client = new http.HttpClient('CodeQL Action'); + const dest = path.join(util.getRequiredEnvParam('RUNNER_TEMP'), uuidV4()); + const response: http.HttpClientResponse = await client.get(url, headers); + if (response.message.statusCode !== 200) { + const err = new toolcache.HTTPError(response.message.statusCode); + core.info( + `Failed to download from "${url}". Code(${response.message.statusCode}) Message(${response.message.statusMessage})` + ); + throw err; + } + const pipeline = globalutil.promisify(stream.pipeline); + await io.mkdirP(path.dirname(dest)); + await pipeline(response.message, fs.createWriteStream(dest)); + return dest; +} + export async function setupCodeQL(): Promise { try { - const codeqlURL = core.getInput('tools', { required: true }); - const codeqlURLVersion = getCodeQLURLVersion(codeqlURL); + let codeqlURL = core.getInput('tools'); + const codeqlURLVersion = getCodeQLURLVersion(codeqlURL || `/${CODEQL_BUNDLE_VERSION}/`); let codeqlFolder = toolcache.find('CodeQL', codeqlURLVersion); if (codeqlFolder) { core.debug(`CodeQL found in cache ${codeqlFolder}`); } else { - const codeqlPath = await toolcache.downloadTool(codeqlURL); + if (!codeqlURL) { + codeqlURL = await getCodeQLBundleDownloadURL(); + } + + const headers: IHeaders = {accept: 'application/octet-stream'}; + // We only want to provide an authorization header if we are downloading + // from the same GitHub instance the Action is running on. + // This avoids leaking Enterprise tokens to dotcom. + if (codeqlURL.startsWith(getInstanceAPIURL() + "/")) { + core.debug('Downloading CodeQL bundle with token.'); + let token = core.getInput('token', { required: true }); + headers.authorization = `token ${token}`; + } else { + core.debug('Downloading CodeQL bundle without token.'); + } + let codeqlPath = await toolcacheDownloadTool(codeqlURL, headers); + core.debug(`CodeQL bundle download to ${codeqlPath} complete.`); + const codeqlExtracted = await toolcache.extractTar(codeqlPath); codeqlFolder = await toolcache.cacheDir(codeqlExtracted, 'CodeQL', codeqlURLVersion); } @@ -92,7 +199,7 @@ export async function setupCodeQL(): Promise { if (process.platform === 'win32') { codeqlCmd += ".exe"; } else if (process.platform !== 'linux' && process.platform !== 'darwin') { - throw new Error("Unsupported plaform: " + process.platform); + throw new Error("Unsupported platform: " + process.platform); } cachedCodeQL = getCodeQLForCmd(codeqlCmd);