Skip to content

Commit

Permalink
Adds ref and SHA as inputs, and sarif-id as output
Browse files Browse the repository at this point in the history
  • Loading branch information
cw-alexcroteau committed Jan 24, 2022
1 parent 708446c commit 51971d1
Show file tree
Hide file tree
Showing 7 changed files with 51 additions and 6 deletions.
3 changes: 2 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@

## [UNRELEASED]

No user facing changes.
- Add sarif-id as an output for upload-sarif action and analyze action (if uploading)
- Accept ref and hash as inputs to override the ones provided by the runner

## 1.0.30 - 24 Jan 2022

Expand Down
8 changes: 8 additions & 0 deletions analyze/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,12 @@ inputs:
description: "The path at which the analyzed repository was checked out. Used to relativize any absolute paths in the uploaded SARIF file."
required: false
default: ${{ github.workspace }}
ref:
description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable."
required: false
sha:
description: "The hash of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable."
required: false
category:
description: String used by Code Scanning for matching the analyses
required: false
Expand All @@ -63,6 +69,8 @@ inputs:
outputs:
db-locations:
description: A map from language to absolute path for each database created by CodeQL.
sarif-id:
description: The ID of the uploaded sarif file.
runs:
using: "node12"
main: "../lib/analyze-action.js"
18 changes: 18 additions & 0 deletions src/actions-util.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,24 @@ test("getRef() returns head PR ref if GITHUB_REF no longer checked out", async (
callback.restore();
});

test("getRef() returns ref provided as an input and ignores current HEAD", async (t) => {
const getAdditionalInputStub = sinon.stub(actionsutil, "getOptionalInput");
getAdditionalInputStub.withArgs("ref").resolves("refs/pull/2/merge");
getAdditionalInputStub.withArgs("sha").resolves("b".repeat(40));

// These values are be ignored
process.env["GITHUB_REF"] = "refs/pull/1/merge";
process.env["GITHUB_SHA"] = "a".repeat(40);

const callback = sinon.stub(actionsutil, "getCommitOid");
callback.withArgs("refs/pull/1/merge").resolves("b".repeat(40));
callback.withArgs("HEAD").resolves("b".repeat(40));

const actualRef = await actionsutil.getRef();
t.deepEqual(actualRef, "refs/pull/2/head");
callback.restore();
});

test("computeAutomationID()", async (t) => {
let actualAutomationID = actionsutil.computeAutomationID(
".github/workflows/codeql-analysis.yml:analyze",
Expand Down
17 changes: 12 additions & 5 deletions src/actions-util.ts
Original file line number Diff line number Diff line change
Expand Up @@ -83,10 +83,10 @@ export const getCommitOid = async function (ref = "HEAD"): Promise<string> {
return commitOid.trim();
} catch (e) {
core.info(
`Failed to call git to get current commit. Continuing with data from environment: ${e}`
`Failed to call git to get current commit. Continuing with data from environment or input: ${e}`
);
core.info((e as Error).stack || "NO STACK");
return getRequiredEnvParam("GITHUB_SHA");
return getOptionalInput("sha") || getRequiredEnvParam("GITHUB_SHA");
}
};

Expand Down Expand Up @@ -431,8 +431,15 @@ export function computeAutomationID(
export async function getRef(): Promise<string> {
// Will be in the form "refs/heads/master" on a push event
// or in the form "refs/pull/N/merge" on a pull_request event
const ref = getRequiredEnvParam("GITHUB_REF");
const sha = getRequiredEnvParam("GITHUB_SHA");
const refInput = getOptionalInput("ref");
const ref = refInput || getRequiredEnvParam("GITHUB_REF");
const sha = getOptionalInput("sha") || getRequiredEnvParam("GITHUB_SHA");

// If the ref is a user-provided input, we have to skip logic
// and assume that it is really where they want to upload the results.
if (refInput) {
return refInput;
}

// For pull request refs we want to detect whether the workflow
// has run `git checkout HEAD^2` to analyze the 'head' ref rather
Expand Down Expand Up @@ -520,7 +527,7 @@ export async function createStatusReportBase(
cause?: string,
exception?: string
): Promise<StatusReportBase> {
const commitOid = process.env["GITHUB_SHA"] || "";
const commitOid = getOptionalInput("sha") || process.env["GITHUB_SHA"] || "";
const ref = await getRef();
const workflowRunIDStr = process.env["GITHUB_RUN_ID"];
let workflowRunID = -1;
Expand Down
1 change: 1 addition & 0 deletions src/analyze-action.ts
Original file line number Diff line number Diff line change
Expand Up @@ -193,6 +193,7 @@ async function run() {
apiDetails,
logger
);
core.setOutput('sarif-id');
} else {
logger.info("Not uploading results");
}
Expand Down
1 change: 1 addition & 0 deletions src/upload-sarif-action.ts
Original file line number Diff line number Diff line change
Expand Up @@ -63,6 +63,7 @@ async function run() {
apiDetails,
getActionsLogger()
);
core.setOutput('sarif-id');
if (actionsUtil.getRequiredInput("wait-for-processing") === "true") {
await upload_lib.waitForProcessing(
parseRepositoryNwo(getRequiredEnvParam("GITHUB_REPOSITORY")),
Expand Down
9 changes: 9 additions & 0 deletions upload-sarif/action.yml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,12 @@ inputs:
description: "The path at which the analyzed repository was checked out. Used to relativize any absolute paths in the uploaded SARIF file."
required: false
default: ${{ github.workspace }}
ref:
description: "The ref where results will be uploaded. If not provided, the Action will use the GITHUB_REF environment variable."
required: false
sha:
description: "The hash of the HEAD of the ref where results will be uploaded. If not provided, the Action will use the GITHUB_SHA environment variable."
required: false
token:
default: ${{ github.token }}
matrix:
Expand All @@ -24,6 +30,9 @@ inputs:
description: If true, the Action will wait for the uploaded SARIF to be processed before completing.
required: true
default: "false"
outputs:
sarif-id:
description: The ID of the uploaded sarif file.
runs:
using: 'node12'
main: '../lib/upload-sarif-action.js'

0 comments on commit 51971d1

Please sign in to comment.