From 45b9e967ef1d83f6ce167f12a7e08f6d138de369 Mon Sep 17 00:00:00 2001 From: Esben Sparre Andreasen Date: Fri, 7 Aug 2020 13:08:29 +0200 Subject: [PATCH] support checkout of multiple refs for a single repository --- src/config-utils.test.ts | 2 +- src/external-queries.test.ts | 5 +++-- src/external-queries.ts | 8 +++++++- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/src/config-utils.test.ts b/src/config-utils.test.ts index 0c1e48693..b2cdcd293 100644 --- a/src/config-utils.test.ts +++ b/src/config-utils.test.ts @@ -310,7 +310,7 @@ test("API client used when reading remote config", async t => { const spyGetContents = mockGetContents(dummyResponse); // Create checkout directory for remote queries repository - fs.mkdirSync(path.join(tmpDir, 'foo/bar'), { recursive: true }); + fs.mkdirSync(path.join(tmpDir, 'foo/bar/dev'), { recursive: true }); setInput('config-file', 'octo-org/codeql-config/config.yaml@main'); setInput('languages', 'javascript'); diff --git a/src/external-queries.test.ts b/src/external-queries.test.ts index 87ed7d796..8c7bf2cef 100644 --- a/src/external-queries.test.ts +++ b/src/external-queries.test.ts @@ -10,12 +10,13 @@ setupTests(test); test("checkoutExternalQueries", async t => { await util.withTmpDir(async tmpDir => { + const ref = "df4c6869212341b601005567381944ed90906b6b"; await externalQueries.checkoutExternalRepository( "github/codeql-go", - "df4c6869212341b601005567381944ed90906b6b", + ref, tmpDir); // COPYRIGHT file existed in df4c6869212341b601005567381944ed90906b6b but not in the default branch - t.true(fs.existsSync(path.join(tmpDir, "github", "codeql-go", "COPYRIGHT"))); + t.true(fs.existsSync(path.join(tmpDir, "github", "codeql-go", ref, "COPYRIGHT"))); }); }); diff --git a/src/external-queries.ts b/src/external-queries.ts index 2fdcf61e9..8749d21b2 100644 --- a/src/external-queries.ts +++ b/src/external-queries.ts @@ -9,7 +9,13 @@ import * as path from 'path'; export async function checkoutExternalRepository(repository: string, ref: string, tempDir: string): Promise { core.info('Checking out ' + repository); - const checkoutLocation = path.join(tempDir, repository); + const checkoutLocation = path.join(tempDir, repository, ref); + + if (!checkoutLocation.startsWith(tempDir)) { + // this still permits locations that mess with sibling repositories in `tempDir`, but that is acceptable + throw new Error(`'${repository}@${ref}' is not a valid repository and reference.`); + } + if (!fs.existsSync(checkoutLocation)) { const repoURL = 'https://github.com/' + repository + '.git'; await exec.exec('git', ['clone', repoURL, checkoutLocation]);