Merge branch 'main' into daverlo/min-disk-free

.eslintrc.json

@@ -18,15 +18,18 @@
         "import/no-amd": "error",
         "import/no-commonjs": "error",
         "import/no-dynamic-require": "error",
-        "import/no-extraneous-dependencies": ["error", {"devDependencies": false}],
+        "import/no-extraneous-dependencies": ["error"],
         "import/no-namespace": "off",
         "import/no-unresolved": "error",
         "import/no-webpack-loader-syntax": "error",
+        "import/order": ["error", {
+            "alphabetize": {"order": "asc"},
+            "newlines-between": "always"
+        }],
         "no-async-foreach/no-async-foreach": "error",
         "no-console": "off",
         "no-sequences": "error",
-        "one-var": ["error", "never"],
-        "sort-imports": ["error", { "allowSeparatedGroups": true }]
+        "one-var": ["error", "never"]
     },
     "overrides": [{
         // "temporarily downgraded during transition to eslint
@@ -46,11 +49,7 @@
             "@typescript-eslint/restrict-template-expressions": "off",
             "func-style": "off",
             "github/no-then": "off",
-            "import/no-extraneous-dependencies": "off",
-            "no-shadow": "off",
-            "no-throw-literal": "off",
-            "no-useless-escape": "off",
-            "sort-imports": "off"
+            "no-shadow": "off"
         }
     }]
 }

.github/workflows/codeql.yml

@@ -14,16 +14,6 @@ jobs:
 
     steps:
     - uses: actions/checkout@v2
-      with:
-        # Must fetch at least the immediate parents so that if this is
-        # a pull request then we can checkout the head of the pull request.
-        fetch-depth: 2
-
-    # If this run was triggered by a pull request event then checkout
-    # the head of the pull request instead of the merge commit.
-    - run: git checkout HEAD^2
-      if: ${{ github.event_name == 'pull_request' }}
-
     - uses: ./init
       with:
         languages: javascript

.github/workflows/python-deps.yml

@@ -0,0 +1,133 @@
+name: Test Python Package Installation on Linux and Mac
+
+on:
+  push:
+    branches: [main, v1]
+  pull_request:
+
+jobs:
+
+  test-setup-python-scripts:
+    runs-on: ${{ matrix.os }}
+    strategy:
+        fail-fast: false
+        matrix:
+          os: [ubuntu-latest, macos-latest]
+          include:
+            - test_dir: python-setup/tests/pipenv/requests-2
+              test_script: $GITHUB_WORKSPACE/python-setup/tests/check_requests_123.sh 2
+            - test_dir: python-setup/tests/pipenv/requests-3
+              test_script: $GITHUB_WORKSPACE/python-setup/tests/check_requests_123.sh 3
+
+            - test_dir: python-setup/tests/poetry/requests-2
+              test_script: $GITHUB_WORKSPACE/python-setup/tests/check_requests_123.sh 2
+            - test_dir: python-setup/tests/poetry/requests-3
+              test_script: $GITHUB_WORKSPACE/python-setup/tests/check_requests_123.sh 3
+
+            - test_dir: python-setup/tests/requirements/requests-2
+              test_script: $GITHUB_WORKSPACE/python-setup/tests/check_requests_123.sh 2
+            - test_dir: python-setup/tests/requirements/requests-3
+              test_script: $GITHUB_WORKSPACE/python-setup/tests/check_requests_123.sh 3
+
+            - test_dir: python-setup/tests/setup_py/requests-2
+              test_script: $GITHUB_WORKSPACE/python-setup/tests/check_requests_123.sh 2
+            - test_dir: python-setup/tests/setup_py/requests-3
+              test_script: $GITHUB_WORKSPACE/python-setup/tests/check_requests_123.sh 3
+
+            # This one shouldn't fail, but also won't install packages
+            - test_dir: python-setup/tests/requirements/non-standard-location
+              test_script: test -z $LGTM_INDEX_IMPORT_PATH
+
+    steps:
+    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+    - uses: actions/checkout@v2
+
+    - name: Initialize CodeQL
+      uses: ./init
+      with:
+        tools: latest
+        languages: python
+        setup-python-dependencies: false
+
+    - name: Test Auto Package Installation
+      run: |
+        set -x
+        $GITHUB_WORKSPACE/python-setup/install_tools.sh
+
+        cd $GITHUB_WORKSPACE/${{ matrix.test_dir }}
+
+        case ${{ matrix.os }} in
+            ubuntu-latest*)     basePath="/opt";;
+            macos-latest*)    basePath="/Users/runner";;
+        esac
+        echo ${basePath}
+
+        codeql_version="0.0.0-$(cat "$GITHUB_WORKSPACE/src/defaults.json" | jq -r .bundleVersion | rev | cut -d - -f 1 | rev)"
+        $GITHUB_WORKSPACE/python-setup/auto_install_packages.py "${basePath}/hostedtoolcache/CodeQL/$codeql_version/x64/codeql"
+    - name: Setup for extractor
+      run: |
+        echo $CODEQL_PYTHON
+        # only run if $CODEQL_PYTHON is set
+        if [ ! -z $CODEQL_PYTHON ]; then
+            $GITHUB_WORKSPACE/python-setup/tests/from_python_exe.py $CODEQL_PYTHON;
+        fi
+    - name: Verify packages installed
+      run: |
+        ${{ matrix.test_script }}
+
+  test-setup-python-scripts-windows:
+    runs-on: windows-latest
+    strategy:
+        fail-fast: false
+        matrix:
+          include:
+            - test_dir: python-setup/tests/pipenv/requests-2
+              python_version: 2
+            - test_dir: python-setup/tests/pipenv/requests-3
+              python_version: 3
+
+            - test_dir: python-setup/tests/poetry/requests-2
+              python_version: 2
+            - test_dir: python-setup/tests/poetry/requests-3
+              python_version: 3
+
+            - test_dir: python-setup/tests/requirements/requests-2
+              python_version: 2
+            - test_dir: python-setup/tests/requirements/requests-3
+              python_version: 3
+
+            - test_dir: python-setup/tests/setup_py/requests-2
+              python_version: 2
+            - test_dir: python-setup/tests/setup_py/requests-3
+              python_version: 3
+
+    steps:
+    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+    - uses: actions/checkout@v2
+
+    - name: Initialize CodeQL
+      uses: ./init
+      with:
+        tools: latest
+        languages: python
+        setup-python-dependencies: false
+
+    - name: Test Auto Package Installation
+      run: |
+        $cmd = $Env:GITHUB_WORKSPACE + "\\python-setup\\install_tools.ps1"
+        powershell -File $cmd
+
+        cd $Env:GITHUB_WORKSPACE\\${{ matrix.test_dir }}
+        $DefaultsPath = Join-Path (Join-Path $Env:GITHUB_WORKSPACE "src") "defaults.json"
+        $CodeQLBundleName = (Get-Content -Raw -Path $DefaultsPath | ConvertFrom-Json).bundleVersion
+        $CodeQLVersion = "0.0.0-" + $CodeQLBundleName.split("-")[-1]
+        py -3 $Env:GITHUB_WORKSPACE\\python-setup\\auto_install_packages.py C:\\hostedtoolcache\\windows\\CodeQL\\$CodeQLVersion\\x64\\codeql
+    - name: Setup for extractor
+      run: |
+        echo $Env:CODEQL_PYTHON
+
+        py -3 $Env:GITHUB_WORKSPACE\\python-setup\\tests\\from_python_exe.py $Env:CODEQL_PYTHON
+    - name: Verify packages installed
+      run: |
+        $cmd = $Env:GITHUB_WORKSPACE + "\\python-setup\\tests\\check_requests_123.ps1"
+        powershell -File $cmd ${{ matrix.python_version }}

.github/workflows/release-runner.yml

@@ -0,0 +1,54 @@
+name: Release runner
+
+on:
+  workflow_dispatch:
+    inputs:
+      bundle-tag:
+        description: 'Tag of the bundle release (e.g., "codeql-bundle-20200826")'
+        required: false
+
+jobs:
+  release-runner:
+    runs-on: ubuntu-latest
+    env:
+      RELEASE_TAG: "${{ github.event.inputs.bundle-tag }}"
+
+    strategy:
+      matrix:
+        extension: ["linux", "macos", "win.exe"]
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Build runner
+        run: |
+          cd runner
+          npm install
+          npm run build-runner
+
+      - uses: actions/upload-artifact@v2
+        with:
+          name: codeql-runner-${{matrix.extension}}
+          path: runner/dist/codeql-runner-${{matrix.extension}}
+
+      - name: Resolve Upload URL for the release
+        if: ${{ github.event.inputs.bundle-tag != null }}
+        id: save_url
+        run: |
+          UPLOAD_URL=$(curl -sS \
+                "https://api.github.com/repos/${GITHUB_REPOSITORY}/releases/tags/${RELEASE_TAG}" \
+                -H "Accept: application/json" \
+                -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" | jq .upload_url | sed s/\"//g)
+          echo ${UPLOAD_URL}
+          echo "::set-output name=upload_url::${UPLOAD_URL}"
+
+      - name: Upload Platform Package
+        if: ${{ github.event.inputs.bundle-tag != null }}
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: ${{ steps.save_url.outputs.upload_url }}
+          asset_path: runner/dist/codeql-runner-${{matrix.extension}}
+          asset_name: codeql-runner-${{matrix.extension}}
+          asset_content_type: application/octet-stream

README.md

@@ -22,7 +22,16 @@ on:
   push:
   pull_request:
   schedule:
-    - cron: '0 0 * * 0'
+    #        ┌───────────── minute (0 - 59)
+    #        │ ┌───────────── hour (0 - 23)
+    #        │ │ ┌───────────── day of the month (1 - 31)
+    #        │ │ │ ┌───────────── month (1 - 12 or JAN-DEC)
+    #        │ │ │ │ ┌───────────── day of the week (0 - 6 or SUN-SAT)
+    #        │ │ │ │ │
+    #        │ │ │ │ │
+    #        │ │ │ │ │
+    #        * * * * *
+    - cron: '30 1 * * 0'
 
 jobs:
   CodeQL-Build:

init/action.yml

@@ -19,6 +19,10 @@ inputs:
   queries:
     description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
     required: false
+  setup-python-dependencies:
+    description: Try to auto-install your python dependencies
+    required: true
+    default: 'true'
 runs:
   using: 'node12'
   main: '../lib/init-action.js'

lib/defaults.json

@@ -1,3 +1,3 @@
 {
-    "bundleVersion": "codeql-bundle-20200826"
+    "bundleVersion": "codeql-bundle-20201028"
 }