Skip to content

Commit

Permalink
Merge pull request #2150 from github/backport-v2.24.3-379614612
Browse files Browse the repository at this point in the history
Merge releases/v3 into releases/v2
  • Loading branch information
angelapwen authored Feb 15, 2024
2 parents 8b6a45a + 460939e commit 4a8f20f
Show file tree
Hide file tree
Showing 9 changed files with 165 additions and 26 deletions.
92 changes: 92 additions & 0 deletions .github/workflows/__config-input.yml

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,10 @@ See the [releases page](https://github.com/github/codeql-action/releases) for th

Note that the only difference between `v2` and `v3` of the CodeQL Action is the node version they support, with `v3` running on node 20 while we continue to release `v2` to support running on node 16. For example `3.22.11` was the first `v3` release and is functionally identical to `2.22.11`. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

## 2.24.3 - 15 Feb 2024

- Fix an issue where the CodeQL Action would fail to load a configuration specified by the `config` input to the `init` Action. [#2147](https://github.com/github/codeql-action/pull/2147)

## 2.24.2 - 15 Feb 2024

- Enable improved multi-threaded performance on larger runners for GitHub Enterprise Server users. This feature is already available to GitHub.com users. [#2141](https://github.com/github/codeql-action/pull/2141)
Expand Down
23 changes: 14 additions & 9 deletions lib/config-utils.js

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion lib/config-utils.js.map

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion node_modules/.package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

4 changes: 2 additions & 2 deletions package-lock.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "codeql",
"version": "2.24.2",
"version": "2.24.3",
"private": true,
"description": "CodeQL action",
"scripts": {
Expand Down
33 changes: 33 additions & 0 deletions pr-checks/checks/config-input.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
name: "Config input"
description: "Tests specifying configuration using the config input"
operatingSystems: ["ubuntu"]
versions: ["latest"]
steps:
- name: Copy queries into workspace
run: |
cp -a ../action/queries .
- uses: ./../action/init
with:
tools: ${{ steps.prepare-test.outputs.tools-url }}
languages: javascript
build-mode: none
config: |
disable-default-queries: true
queries:
- name: Run custom query
uses: ./queries/default-setup-environment-variables.ql
paths-ignore:
- tests
- lib
- uses: ./../action/analyze
with:
output: ${{ runner.temp }}/results

- name: Check SARIF
uses: ./../action/.github/actions/check-sarif
with:
sarif-file: ${{ runner.temp }}/results/javascript.sarif
queries-run: javascript/codeql-action/default-setup-env-vars
queries-not-run: javascript/codeql-action/default-setup-context-properties
29 changes: 17 additions & 12 deletions src/config-utils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -543,9 +543,17 @@ async function loadConfig({
let parsedYAML: UserConfig;

if (isLocal(configFile)) {
// Treat the config file as relative to the workspace
configFile = path.resolve(workspacePath, configFile);
parsedYAML = getLocalConfig(configFile, workspacePath);
if (configFile !== userConfigFromActionPath(tempDir)) {
// If the config file is not generated by the Action, it should be relative to the workspace.
configFile = path.resolve(workspacePath, configFile);
// Error if the config file is now outside of the workspace
if (!(configFile + path.sep).startsWith(workspacePath + path.sep)) {
throw new ConfigurationError(
getConfigFileOutsideWorkspaceErrorMessage(configFile),
);
}
}
parsedYAML = getLocalConfig(configFile);
} else {
parsedYAML = await getRemoteConfig(configFile, apiDetails);
}
Expand Down Expand Up @@ -823,6 +831,10 @@ function dbLocationOrDefault(
return dbLocation || path.resolve(tempDir, "codeql_databases");
}

function userConfigFromActionPath(tempDir: string): string {
return path.resolve(tempDir, "user-config-from-action.yml");
}

/**
* Load and return the config.
*
Expand All @@ -841,7 +853,7 @@ export async function initConfig(inputs: InitConfigInputs): Promise<Config> {
`Both a config file and config input were provided. Ignoring config file.`,
);
}
inputs.configFile = path.resolve(tempDir, "user-config-from-action.yml");
inputs.configFile = userConfigFromActionPath(tempDir);
fs.writeFileSync(inputs.configFile, inputs.configInput);
logger.debug(`Using config from action input: ${inputs.configFile}`);
}
Expand Down Expand Up @@ -883,14 +895,7 @@ function isLocal(configPath: string): boolean {
return configPath.indexOf("@") === -1;
}

function getLocalConfig(configFile: string, workspacePath: string): UserConfig {
// Error if the config file is now outside of the workspace
if (!(configFile + path.sep).startsWith(workspacePath + path.sep)) {
throw new ConfigurationError(
getConfigFileOutsideWorkspaceErrorMessage(configFile),
);
}

function getLocalConfig(configFile: string): UserConfig {
// Error if the file does not exist
if (!fs.existsSync(configFile)) {
throw new ConfigurationError(
Expand Down

0 comments on commit 4a8f20f

Please sign in to comment.