From 3f2a60be8a02f3d0d30c4cd412be8d71466ff676 Mon Sep 17 00:00:00 2001
From: Alex Kalyvitis <alexkappa@github.com>
Date: Thu, 18 Jun 2020 16:31:39 +0200
Subject: [PATCH] switch to semver instead of hash

---
 src/setup-tools.ts | 35 ++++++++++++++++++++++++++++-------
 1 file changed, 28 insertions(+), 7 deletions(-)

diff --git a/src/setup-tools.ts b/src/setup-tools.ts
index edc814191..43df99d05 100644
--- a/src/setup-tools.ts
+++ b/src/setup-tools.ts
@@ -1,6 +1,6 @@
 import * as core from '@actions/core';
 import * as toolcache from '@actions/tool-cache';
-import * as crypto from 'crypto';
+import * as semver from 'semver';
 import * as path from 'path';
 
 export class CodeQLSetup {
@@ -30,18 +30,17 @@ export class CodeQLSetup {
 }
 
 export async function setupCodeQL(): Promise<CodeQLSetup> {
-    const hash = crypto.createHash('sha256');
-    const codeqlURL = core.getInput('tools', { required: true });
-    const codeqlURLHash = hash.update(codeqlURL).digest('hex');
-
     try {
-        let codeqlFolder = toolcache.find('CodeQL', codeqlURLHash);
+        const codeqlURL = core.getInput('tools', { required: true });
+        const codeqlURLVersion = getCodeQLURLVersion(codeqlURL);  
+
+        let codeqlFolder = toolcache.find('CodeQL', codeqlURLVersion);
         if (codeqlFolder) {
             core.debug(`CodeQL found in cache ${codeqlFolder}`);
         } else {
             const codeqlPath = await toolcache.downloadTool(codeqlURL);
             const codeqlExtracted = await toolcache.extractTar(codeqlPath);
-            codeqlFolder = await toolcache.cacheDir(codeqlExtracted, 'CodeQL', codeqlURLHash);
+            codeqlFolder = await toolcache.cacheDir(codeqlExtracted, 'CodeQL', codeqlURLVersion);
         }
         return new CodeQLSetup(path.join(codeqlFolder, 'codeql'));
 
@@ -50,3 +49,25 @@ export async function setupCodeQL(): Promise<CodeQLSetup> {
         throw new Error("Unable to download and extract CodeQL CLI");
     }
 }
+
+export function getCodeQLURLVersion(url: string): string {
+    
+    const match = url.match(/codeql-bundle-([\d+(\.\d+)]+)/);
+    if (match === null || match.length < 2) {
+        throw new Error(`Malformed tools url: ${url}. Version could not be inferred`);
+    }
+
+    let version = match[1];
+
+    if (!semver.valid(version)) {
+        core.debug(`Bundle version ${version} is not in SemVer format. Will treat it as pre-release 0.0.0-${version}.`);
+        version = '0.0.0-' + version; 
+    }
+    
+    const s = semver.clean(version);
+    if (!s) {
+        throw new Error(`Malformed tools url ${url}. Version should be in SemVer format but have ${version} instead`);
+    }
+
+    return s;
+}
\ No newline at end of file