From 8b4526fbb9acdef5c30452f2915f27825590f098 Mon Sep 17 00:00:00 2001 From: Dave Bartolomeo Date: Thu, 7 Nov 2024 14:31:14 -0500 Subject: [PATCH] Add `actions` extractor --- actions-extractor/codeql-extractor.yml | 44 ++++++++++++++++++++++ actions-extractor/tools/autobuild-impl.ps1 | 40 ++++++++++++++++++++ actions-extractor/tools/autobuild.cmd | 3 ++ actions-extractor/tools/autobuild.sh | 39 +++++++++++++++++++ 4 files changed, 126 insertions(+) create mode 100644 actions-extractor/codeql-extractor.yml create mode 100644 actions-extractor/tools/autobuild-impl.ps1 create mode 100644 actions-extractor/tools/autobuild.cmd create mode 100644 actions-extractor/tools/autobuild.sh diff --git a/actions-extractor/codeql-extractor.yml b/actions-extractor/codeql-extractor.yml new file mode 100644 index 000000000..ab7374910 --- /dev/null +++ b/actions-extractor/codeql-extractor.yml @@ -0,0 +1,44 @@ +name: "actions" +aliases: [] +display_name: "GitHub Actions" +version: 0.0.1 +column_kind: "utf16" +unicode_newlines: true +build_modes: + - none +file_coverage_languages: [] +github_api_languages: [] +scc_languages: [] +file_types: + - name: workflow + display_name: GitHub Actions workflow files + extensions: + - .yml + - .yaml +forwarded_extractor_name: javascript +options: + trap: + title: TRAP options + description: Options about how the extractor handles TRAP files + type: object + visibility: 3 + properties: + cache: + title: TRAP cache options + description: Options about how the extractor handles its TRAP cache + type: object + properties: + dir: + title: TRAP cache directory + description: The directory of the TRAP cache to use + type: string + bound: + title: TRAP cache bound + description: A soft limit (in MB) on the size of the TRAP cache + type: string + pattern: "[0-9]+" + write: + title: TRAP cache writeable + description: Whether to write to the TRAP cache as well as reading it + type: string + pattern: "(true|TRUE|false|FALSE)" diff --git a/actions-extractor/tools/autobuild-impl.ps1 b/actions-extractor/tools/autobuild-impl.ps1 new file mode 100644 index 000000000..6ae433f25 --- /dev/null +++ b/actions-extractor/tools/autobuild-impl.ps1 @@ -0,0 +1,40 @@ +if (($null -ne $env:LGTM_INDEX_INCLUDE) -or ($null -ne $env:LGTM_INDEX_EXCLUDE) -or ($null -ne $env:LGTM_INDEX_FILTERS)) { + Write-Output 'Path filters set. Passing them through to the JavaScript extractor.' +} else { + Write-Output 'No path filters set. Using the default filters.' + $DefaultPathFilters = @( + 'exclude:**/*', + 'include:.github/workflows/**/*.yml', + 'include:.github/workflows/**/*.yaml', + 'include:**/action.yml', + 'include:**/action.yaml' + ) + + $env:LGTM_INDEX_FILTERS = $DefaultPathFilters -join "`n" +} + +# Find the JavaScript extractor directory via `codeql resolve extractor`. +$CodeQL = Join-Path $env:CODEQL_DIST 'codeql.exe' +$env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT = &$CodeQL resolve extractor --language javascript +if ($LASTEXITCODE -ne 0) { + throw 'Failed to resolve JavaScript extractor.' +} + +Write-Output "Found JavaScript extractor at '${env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}'." + +# Run the JavaScript autobuilder. +$JavaScriptAutoBuild = Join-Path $env:CODEQL_EXTRACTOR_JAVASCRIPT_ROOT 'tools\autobuild.cmd' +Write-Output "Running JavaScript autobuilder at '${JavaScriptAutoBuild}'." + +# Copy the values of the Actions extractor environment variables to the JavaScript extractor environment variables. +$env:CODEQL_EXTRACTOR_JAVASCRIPT_DIAGNOSTIC_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_DIAGNOSTIC_DIR +$env:CODEQL_EXTRACTOR_JAVASCRIPT_LOG_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_LOG_DIR +$env:CODEQL_EXTRACTOR_JAVASCRIPT_SCRATCH_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_SCRATCH_DIR +$env:CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_SOURCE_ARCHIVE_DIR +$env:CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR = $env:CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR +$env:CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE = $env:CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE + +&$JavaScriptAutoBuild +if ($LASTEXITCODE -ne 0) { + throw "JavaScript autobuilder failed." +} diff --git a/actions-extractor/tools/autobuild.cmd b/actions-extractor/tools/autobuild.cmd new file mode 100644 index 000000000..ff5ca89d9 --- /dev/null +++ b/actions-extractor/tools/autobuild.cmd @@ -0,0 +1,3 @@ +@echo off +rem All of the work is done in the PowerShell script +powershell.exe %~dp0autobuild-impl.ps1 diff --git a/actions-extractor/tools/autobuild.sh b/actions-extractor/tools/autobuild.sh new file mode 100644 index 000000000..57adbf962 --- /dev/null +++ b/actions-extractor/tools/autobuild.sh @@ -0,0 +1,39 @@ +#!/bin/sh + +set -eu + +DEFAULT_PATH_FILTERS=$(cat << END +exclude:**/* +include:.github/workflows/**/*.yml +include:.github/workflows/**/*.yaml +include:**/action.yml +include:**/action.yaml +END +) + +if [ -n "${LGTM_INDEX_INCLUDE:-}" ] || [ -n "${LGTM_INDEX_EXCLUDE:-}" ] || [ -n "${LGTM_INDEX_FILTERS:-}" ] ; then + echo "Path filters set. Passing them through to the JavaScript extractor." +else + echo "No path filters set. Using the default filters." + LGTM_INDEX_FILTERS="${DEFAULT_PATH_FILTERS}" + export LGTM_INDEX_FILTERS +fi + +# Find the JavaScript extractor directory via `codeql resolve extractor`. +CODEQL_EXTRACTOR_JAVASCRIPT_ROOT="$($CODEQL_DIST/codeql resolve extractor --language javascript)" +export CODEQL_EXTRACTOR_JAVASCRIPT_ROOT + +echo "Found JavaScript extractor at '${CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}'." + +# Run the JavaScript autobuilder +JAVASCRIPT_AUTO_BUILD="${CODEQL_EXTRACTOR_JAVASCRIPT_ROOT}/tools/autobuild.sh" +echo "Running JavaScript autobuilder at '${JAVASCRIPT_AUTO_BUILD}'." + +# Copy the values of the Actions extractor environment variables to the JavaScript extractor environment variables. +env CODEQL_EXTRACTOR_JAVASCRIPT_DIAGNOSTIC_DIR="${CODEQL_EXTRACTOR_ACTIONS_DIAGNOSTIC_DIR}" \ + CODEQL_EXTRACTOR_JAVASCRIPT_LOG_DIR="${CODEQL_EXTRACTOR_ACTIONS_LOG_DIR}" \ + CODEQL_EXTRACTOR_JAVASCRIPT_SCRATCH_DIR="${CODEQL_EXTRACTOR_ACTIONS_SCRATCH_DIR}" \ + CODEQL_EXTRACTOR_JAVASCRIPT_SOURCE_ARCHIVE_DIR="${CODEQL_EXTRACTOR_ACTIONS_SOURCE_ARCHIVE_DIR}" \ + CODEQL_EXTRACTOR_JAVASCRIPT_TRAP_DIR="${CODEQL_EXTRACTOR_ACTIONS_TRAP_DIR}" \ + CODEQL_EXTRACTOR_JAVASCRIPT_WIP_DATABASE="${CODEQL_EXTRACTOR_ACTIONS_WIP_DATABASE}" \ + ${JAVASCRIPT_AUTO_BUILD}