Merge branch 'main' into eslint-rule/no-shadow

github · Nov 20, 2020 · 7091b81 · 7091b81
2 parents 992a0cf + 6d232b4
commit 7091b81
Showing 20 changed files with 113 additions and 82 deletions.
diff --git a/.github/update-release-branch.py b/.github/update-release-branch.py
@@ -123,8 +123,8 @@ def get_pr_for_commit(repo, commit):
   if prs.totalCount > 0:
     # In the case that there are multiple PRs, return the earliest one
     prs = list(prs)
-    sorted(prs, key=lambda pr: int(pr.number))
-    return prs[0]
+    sorted_prs = sorted(prs, key=lambda pr: int(pr.number))
+    return sorted_prs[0]
   else:
     return None
 

diff --git a/.github/workflows/integration-testing.yml b/.github/workflows/integration-testing.yml
@@ -466,6 +466,8 @@ jobs:
   runner-upload-sarif:
     runs-on: ubuntu-latest
 
+    if: ${{ github.event_name != 'pull_request' || github.event.pull_request.base.repo.id == github.event.pull_request.head.repo.id }}
+
     steps:
     - uses: actions/checkout@v2
 

diff --git a/lib/actions-util.js b/lib/actions-util.js
diff --git a/lib/actions-util.js.map b/lib/actions-util.js.map
diff --git a/lib/analyze-action.js b/lib/analyze-action.js
diff --git a/lib/analyze-action.js.map b/lib/analyze-action.js.map
diff --git a/lib/autobuild-action.js b/lib/autobuild-action.js
diff --git a/lib/autobuild-action.js.map b/lib/autobuild-action.js.map
diff --git a/lib/init-action.js b/lib/init-action.js
diff --git a/lib/init-action.js.map b/lib/init-action.js.map
diff --git a/lib/tracer-config.test.js b/lib/tracer-config.test.js
diff --git a/lib/tracer-config.test.js.map b/lib/tracer-config.test.js.map
diff --git a/lib/upload-sarif-action.js b/lib/upload-sarif-action.js
diff --git a/lib/upload-sarif-action.js.map b/lib/upload-sarif-action.js.map
diff --git a/src/actions-util.ts b/src/actions-util.ts
@@ -295,6 +295,14 @@ export async function createStatusReportBase(
   return statusReport;
 }
 
+interface HTTPError {
+  status: number;
+}
+
+function isHTTPError(arg: any): arg is HTTPError {
+  return arg?.status !== undefined && Number.isInteger(arg.status);
+}
+
 /**
  * Send a status report to the code_scanning/analysis/status endpoint.
  *
@@ -305,14 +313,8 @@ export async function createStatusReportBase(
  * Returns whether sending the status report was successful of not.
  */
 export async function sendStatusReport<S extends StatusReportBase>(
-  statusReport: S,
-  ignoreFailures?: boolean
+  statusReport: S
 ): Promise<boolean> {
-  if (getRequiredEnvParam("GITHUB_SERVER_URL") !== GITHUB_DOTCOM_URL) {
-    core.debug("Not sending status report to GitHub Enterprise");
-    return true;
-  }
-
   if (isLocalRun()) {
     core.debug("Not sending status report because this is a local run");
     return true;
@@ -324,37 +326,56 @@ export async function sendStatusReport<S extends StatusReportBase>(
   const nwo = getRequiredEnvParam("GITHUB_REPOSITORY");
   const [owner, repo] = nwo.split("/");
   const client = api.getActionsApiClient();
-  const statusResponse = await client.request(
-    "PUT /repos/:owner/:repo/code-scanning/analysis/status",
-    {
-      owner,
-      repo,
-      data: statusReportJSON,
-    }
-  );
 
-  if (!ignoreFailures) {
-    // If the status report request fails with a 403 or a 404, then this is a deliberate
-    // message from the endpoint that the SARIF upload can be expected to fail too,
-    // so the action should fail to avoid wasting actions minutes.
-    //
-    // Other failure responses (or lack thereof) could be transitory and should not
-    // cause the action to fail.
-    if (statusResponse.status === 403) {
-      core.setFailed(
-        "The repo on which this action is running is not opted-in to CodeQL code scanning."
-      );
-      return false;
-    }
-    if (statusResponse.status === 404) {
-      core.setFailed(
-        "Not authorized to used the CodeQL code scanning feature on this repo."
-      );
-      return false;
+  try {
+    await client.request(
+      "PUT /repos/:owner/:repo/code-scanning/analysis/status",
+      {
+        owner,
+        repo,
+        data: statusReportJSON,
+      }
+    );
+
+    return true;
+  } catch (e) {
+    if (isHTTPError(e)) {
+      switch (e.status) {
+        case 403:
+          core.setFailed(
+            "The repo on which this action is running is not opted-in to CodeQL code scanning."
+          );
+          return false;
+        case 404:
+          core.setFailed(
+            "Not authorized to used the CodeQL code scanning feature on this repo."
+          );
+          return false;
+        case 422:
+          // schema incompatibility when reporting status
+          // this means that this action version is no longer compatible with the API
+          // we still want to continue as it is likely the analysis endpoint will work
+          if (getRequiredEnvParam("GITHUB_SERVER_URL") !== GITHUB_DOTCOM_URL) {
+            core.warning(
+              "CodeQL Action version is incompatible with the code scanning endpoint. Please update to a compatible version of codeql-action."
+            );
+          } else {
+            core.warning(
+              "CodeQL Action is out-of-date. Please upgrade to the latest version of codeql-action."
+            );
+          }
+
+          return true;
+      }
     }
-  }
 
-  return true;
+    // something else has gone wrong and the request/response will be logged by octokit
+    // it's possible this is a transient error and we should continue scanning
+    core.error(
+      "An unexpected error occured when sending code scanning status report."
+    );
+    return true;
+  }
 }
 
 // Is the current action executing a local copy (i.e. we're running a workflow on the codeql-action repo itself)

diff --git a/src/analyze-action.ts b/src/analyze-action.ts
@@ -49,8 +49,7 @@ async function run() {
           "finish",
           "starting",
           startedAt
-        ),
-        true
+        )
       ))
     ) {
       return;

diff --git a/src/autobuild-action.ts b/src/autobuild-action.ts
@@ -50,8 +50,7 @@ async function run() {
           "autobuild",
           "starting",
           startedAt
-        ),
-        true
+        )
       ))
     ) {
       return;

diff --git a/src/init-action.ts b/src/init-action.ts
@@ -95,10 +95,10 @@ async function run() {
 
   try {
     actionsUtil.prepareLocalRunEnvironment();
+
     if (
       !(await actionsUtil.sendStatusReport(
-        await actionsUtil.createStatusReportBase("init", "starting", startedAt),
-        true
+        await actionsUtil.createStatusReportBase("init", "starting", startedAt)
       ))
     ) {
       return;

diff --git a/src/tracer-config.test.ts b/src/tracer-config.test.ts
@@ -64,7 +64,6 @@ test("getTracerConfigForLanguage - existing / critical vars", async (t) => {
     process.env["SEMMLE_COPY_EXECUTABLES_ROOT"] = "abc";
     process.env["SEMMLE_DEPTRACE_SOCKET"] = "abc";
     process.env["SEMMLE_JAVA_TOOL_OPTIONS"] = "abc";
-    process.env["SEMMLE_DEPTRACE_SOCKET"] = "abc";
     process.env["CODEQL_VAR"] = "abc";
 
     // Now CodeQL returns all these variables, and one more, with different values

diff --git a/src/upload-sarif-action.ts b/src/upload-sarif-action.ts
@@ -33,8 +33,7 @@ async function run() {
         "upload-sarif",
         "starting",
         startedAt
-      ),
-      true
+      )
     ))
   ) {
     return;