From 43de3a9949c52a8cd5d93b2e0e72143ef35d69a6 Mon Sep 17 00:00:00 2001
From: Robert Brignull <robertbrignull@gmail.com>
Date: Thu, 30 Apr 2020 15:02:35 +0100
Subject: [PATCH] start uploading analysis_key parameter

---
 lib/shared-environment.js |  1 +
 lib/upload-lib.js         |  2 ++
 lib/util.js               | 41 +++++++++++++++++++++++++++++++++
 src/shared-environment.ts |  1 +
 src/upload-lib.ts         |  2 ++
 src/util.ts               | 48 +++++++++++++++++++++++++++++++++++++++
 6 files changed, 95 insertions(+)

diff --git a/lib/shared-environment.js b/lib/shared-environment.js
index 1a6a3d329..fabb260dd 100644
--- a/lib/shared-environment.js
+++ b/lib/shared-environment.js
@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.CODEQL_ACTION_CMD = 'CODEQL_ACTION_CMD';
 exports.CODEQL_ACTION_DATABASE_DIR = 'CODEQL_ACTION_DATABASE_DIR';
 exports.CODEQL_ACTION_LANGUAGES = 'CODEQL_ACTION_LANGUAGES';
+exports.CODEQL_ACTION_ANALYSIS_KEY = 'CODEQL_ACTION_ANALYSIS_KEY';
 exports.ODASA_TRACER_CONFIGURATION = 'ODASA_TRACER_CONFIGURATION';
 exports.CODEQL_ACTION_SCANNED_LANGUAGES = 'CODEQL_ACTION_SCANNED_LANGUAGES';
 exports.CODEQL_ACTION_TRACED_LANGUAGES = 'CODEQL_ACTION_TRACED_LANGUAGES';
diff --git a/lib/upload-lib.js b/lib/upload-lib.js
index f28f085a4..22d4e226d 100644
--- a/lib/upload-lib.js
+++ b/lib/upload-lib.js
@@ -83,6 +83,7 @@ async function uploadFiles(sarifFiles) {
         const commitOid = util.getRequiredEnvParam('GITHUB_SHA');
         const workflowRunIDStr = util.getRequiredEnvParam('GITHUB_RUN_ID');
         const ref = util.getRequiredEnvParam('GITHUB_REF'); // it's in the form "refs/heads/master"
+        const analysisKey = await util.getAnalysisKey();
         const analysisName = util.getRequiredEnvParam('GITHUB_WORKFLOW');
         const startedAt = process.env[sharedEnv.CODEQL_ACTION_STARTED_AT];
         core.debug("Uploading sarif files: " + JSON.stringify(sarifFiles));
@@ -104,6 +105,7 @@ async function uploadFiles(sarifFiles) {
         const payload = JSON.stringify({
             "commit_oid": commitOid,
             "ref": ref,
+            "analysis_key": analysisKey,
             "analysis_name": analysisName,
             "sarif": zipped_sarif,
             "workflow_run_id": workflowRunID,
diff --git a/lib/util.js b/lib/util.js
index d12a91044..3a2d90450 100644
--- a/lib/util.js
+++ b/lib/util.js
@@ -149,6 +149,47 @@ async function getLanguages() {
     return languages;
 }
 exports.getLanguages = getLanguages;
+/**
+ * Get the path of the currently executing workflow.
+ */
+async function getWorkflowPath() {
+    const repo_nwo = getRequiredEnvParam('GITHUB_REPOSITORY').split("/");
+    const owner = repo_nwo[0];
+    const repo = repo_nwo[1];
+    const run_id = getRequiredEnvParam('GITHUB_RUN_ID');
+    const ok = new octokit.Octokit({
+        auth: core.getInput('token'),
+        userAgent: "CodeQL Action",
+        log: console_log_level_1.default({ level: 'debug' })
+    });
+    const runsResponse = await ok.request('GET /repos/:owner/:repo/actions/runs/:run_id', {
+        owner,
+        repo,
+        run_id
+    });
+    const workflowUrl = runsResponse.data.workflow_url;
+    const workflowResponse = await ok.request('GET ' + workflowUrl);
+    return workflowResponse.data.path;
+}
+/**
+ * Get the analysis key paramter for the current job.
+ *
+ * This will combine the workflow path and current job name.
+ * Computing this the first time requires making requests to
+ * the github API, but after that the result will be cached.
+ */
+async function getAnalysisKey() {
+    let analysisKey = process.env[sharedEnv.CODEQL_ACTION_ANALYSIS_KEY];
+    if (analysisKey !== undefined) {
+        return analysisKey;
+    }
+    const workflowPath = await getWorkflowPath();
+    const jobName = getRequiredEnvParam('GITHUB_JOB');
+    analysisKey = workflowPath + ' - ' + jobName;
+    core.exportVariable(sharedEnv.CODEQL_ACTION_ANALYSIS_KEY, analysisKey);
+    return analysisKey;
+}
+exports.getAnalysisKey = getAnalysisKey;
 /**
  * Compose a StatusReport.
  *
diff --git a/src/shared-environment.ts b/src/shared-environment.ts
index c9c16e20e..fbc94edb9 100644
--- a/src/shared-environment.ts
+++ b/src/shared-environment.ts
@@ -1,6 +1,7 @@
 export const CODEQL_ACTION_CMD = 'CODEQL_ACTION_CMD';
 export const CODEQL_ACTION_DATABASE_DIR = 'CODEQL_ACTION_DATABASE_DIR';
 export const CODEQL_ACTION_LANGUAGES = 'CODEQL_ACTION_LANGUAGES';
+export const CODEQL_ACTION_ANALYSIS_KEY = 'CODEQL_ACTION_ANALYSIS_KEY';
 export const ODASA_TRACER_CONFIGURATION = 'ODASA_TRACER_CONFIGURATION';
 export const CODEQL_ACTION_SCANNED_LANGUAGES = 'CODEQL_ACTION_SCANNED_LANGUAGES';
 export const CODEQL_ACTION_TRACED_LANGUAGES = 'CODEQL_ACTION_TRACED_LANGUAGES';
diff --git a/src/upload-lib.ts b/src/upload-lib.ts
index 8c6a31e4e..74d4e6dfe 100644
--- a/src/upload-lib.ts
+++ b/src/upload-lib.ts
@@ -76,6 +76,7 @@ async function uploadFiles(sarifFiles: string[]) {
         const commitOid = util.getRequiredEnvParam('GITHUB_SHA');
         const workflowRunIDStr = util.getRequiredEnvParam('GITHUB_RUN_ID');
         const ref = util.getRequiredEnvParam('GITHUB_REF'); // it's in the form "refs/heads/master"
+        const analysisKey = await util.getAnalysisKey();
         const analysisName = util.getRequiredEnvParam('GITHUB_WORKFLOW');
         const startedAt = process.env[sharedEnv.CODEQL_ACTION_STARTED_AT];
 
@@ -103,6 +104,7 @@ async function uploadFiles(sarifFiles: string[]) {
         const payload = JSON.stringify({
             "commit_oid": commitOid,
             "ref": ref,
+            "analysis_key": analysisKey,
             "analysis_name": analysisName,
             "sarif": zipped_sarif,
             "workflow_run_id": workflowRunID,
diff --git a/src/util.ts b/src/util.ts
index cfdd2419c..708aa56c0 100644
--- a/src/util.ts
+++ b/src/util.ts
@@ -150,6 +150,54 @@ export async function getLanguages(): Promise<string[]> {
     return languages;
 }
 
+/**
+ * Get the path of the currently executing workflow.
+ */
+async function getWorkflowPath(): Promise<string> {
+    const repo_nwo = getRequiredEnvParam('GITHUB_REPOSITORY').split("/");
+    const owner = repo_nwo[0];
+    const repo = repo_nwo[1];
+    const run_id = getRequiredEnvParam('GITHUB_RUN_ID');
+
+    const ok = new octokit.Octokit({
+        auth: core.getInput('token'),
+        userAgent: "CodeQL Action",
+        log: consoleLogLevel({ level: 'debug' })
+    });
+
+    const runsResponse = await ok.request('GET /repos/:owner/:repo/actions/runs/:run_id', {
+        owner,
+        repo,
+        run_id
+    });
+    const workflowUrl = runsResponse.data.workflow_url;
+
+    const workflowResponse = await ok.request('GET ' + workflowUrl);
+
+    return workflowResponse.data.path;
+}
+
+/**
+ * Get the analysis key paramter for the current job.
+ *
+ * This will combine the workflow path and current job name.
+ * Computing this the first time requires making requests to
+ * the github API, but after that the result will be cached.
+ */
+export async function getAnalysisKey(): Promise<string> {
+    let analysisKey = process.env[sharedEnv.CODEQL_ACTION_ANALYSIS_KEY];
+    if (analysisKey !== undefined) {
+        return analysisKey;
+    }
+
+    const workflowPath = await getWorkflowPath();
+    const jobName = getRequiredEnvParam('GITHUB_JOB');
+
+    analysisKey = workflowPath + ' - ' + jobName;
+    core.exportVariable(sharedEnv.CODEQL_ACTION_ANALYSIS_KEY, analysisKey);
+    return analysisKey;
+}
+
 interface StatusReport {
     "workflow_run_id": number;
     "workflow_name": string;