Merge branch 'main' into chore/--build

.github/workflows/pr-checks.yml

@@ -59,14 +59,16 @@ jobs:
         mv ../action/tests/multi-language-repo/{*,.github} .
         mv ../action/.github/workflows .github
     - uses: ./../action/init
+      with:
+        db-location: "${{ runner.temp }}/customDbLocation"
     - name: Build code
       shell: bash
       run: ./build.sh
     - uses: ./../action/analyze
       env:
         TEST_MODE: true
     - run: |
-        cd "$RUNNER_TEMP/codeql_databases"
+        cd "$RUNNER_TEMP/customDbLocation"
         # List all directories as there will be precisely one directory per database
         # but there may be other files in this directory such as query suites.
         if [ "$(ls -d */ | wc -l)" != 6 ] || \
@@ -261,6 +263,12 @@ jobs:
     - uses: ./../action/analyze
       env:
         TEST_MODE: true
+    - run: |
+        cd "$RUNNER_TEMP/codeql_databases"
+        if [[ ! -d go ]]; then
+          echo "Did not find a Go database"
+          exit 1
+        fi
 
   multi-language-repo_rubocop:
     needs: [check-js, check-node-modules]
@@ -465,8 +473,10 @@ jobs:
 
     - name: Build code
       shell: powershell
+      # Note we want to make sure that the .win32env file is read correctly, so we unset the CODEQL_EXTRACTOR_CSHARP_ROOT from the .sh file.
       run: |
         cat ./codeql-runner/codeql-env.sh | Invoke-Expression
+        $Env:CODEQL_EXTRACTOR_CSHARP_ROOT = ""
         & $Env:CODEQL_RUNNER dotnet build
 
     - name: Run analyze

.github/workflows/python-deps.yml

@@ -6,37 +6,18 @@ on:
   pull_request:
 
 jobs:
-
   test-setup-python-scripts:
     runs-on: ${{ matrix.os }}
     strategy:
         fail-fast: false
         matrix:
           os: [ubuntu-latest, macos-latest]
-          include:
-            - test_dir: python-setup/tests/pipenv/requests-2
-              test_script: $GITHUB_WORKSPACE/python-setup/tests/check_requests_123.sh 2
-            - test_dir: python-setup/tests/pipenv/requests-3
-              test_script: $GITHUB_WORKSPACE/python-setup/tests/check_requests_123.sh 3
-
-            - test_dir: python-setup/tests/poetry/requests-2
-              test_script: $GITHUB_WORKSPACE/python-setup/tests/check_requests_123.sh 2
-            - test_dir: python-setup/tests/poetry/requests-3
-              test_script: $GITHUB_WORKSPACE/python-setup/tests/check_requests_123.sh 3
-
-            - test_dir: python-setup/tests/requirements/requests-2
-              test_script: $GITHUB_WORKSPACE/python-setup/tests/check_requests_123.sh 2
-            - test_dir: python-setup/tests/requirements/requests-3
-              test_script: $GITHUB_WORKSPACE/python-setup/tests/check_requests_123.sh 3
-
-            - test_dir: python-setup/tests/setup_py/requests-2
-              test_script: $GITHUB_WORKSPACE/python-setup/tests/check_requests_123.sh 2
-            - test_dir: python-setup/tests/setup_py/requests-3
-              test_script: $GITHUB_WORKSPACE/python-setup/tests/check_requests_123.sh 3
-
-            # This one shouldn't fail, but also won't install packages
-            - test_dir: python-setup/tests/requirements/non-standard-location
-              test_script: test -z $LGTM_INDEX_IMPORT_PATH
+          python_deps_type: [pipenv, poetry, requirements, setup_py]
+          python_version: [2, 3]
+
+    env:
+      PYTHON_DEPS_TYPE: ${{ matrix.python_deps_type }}
+      PYTHON_VERSION: ${{ matrix.python_version }}
 
     steps:
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
@@ -55,7 +36,7 @@ jobs:
         set -x
         $GITHUB_WORKSPACE/python-setup/install_tools.sh
 
-        cd $GITHUB_WORKSPACE/${{ matrix.test_dir }}
+        cd $GITHUB_WORKSPACE/python-setup/tests/${PYTHON_DEPS_TYPE}/requests-${PYTHON_VERSION}
 
         case ${{ matrix.os }} in
             ubuntu-latest*)     basePath="/opt";;
@@ -71,35 +52,69 @@ jobs:
         if [ ! -z $CODEQL_PYTHON ]; then
             $GITHUB_WORKSPACE/python-setup/tests/from_python_exe.py $CODEQL_PYTHON;
         fi
+
     - name: Verify packages installed
       run: |
-        ${{ matrix.test_script }}
+        $GITHUB_WORKSPACE/python-setup/tests/check_requests_123.sh ${PYTHON_VERSION}
+
+  # This one shouldn't fail, but also won't install packages
+  test-setup-python-scripts-non-standard-location:
+    runs-on: ${{ matrix.os }}
+    strategy:
+        fail-fast: false
+        matrix:
+          os: [ubuntu-latest, macos-latest]
+
+    steps:
+    # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+    - uses: actions/checkout@v2
+
+    - name: Initialize CodeQL
+      uses: ./init
+      id: init
+      with:
+        tools: latest
+        languages: python
+        setup-python-dependencies: false
+
+    - name: Test Auto Package Installation
+      run: |
+        set -x
+        $GITHUB_WORKSPACE/python-setup/install_tools.sh
+
+        cd $GITHUB_WORKSPACE/python-setup/tests/requirements/non-standard-location
+
+        case ${{ matrix.os }} in
+            ubuntu-latest*)     basePath="/opt";;
+            macos-latest*)    basePath="/Users/runner";;
+        esac
+        echo ${basePath}
+
+        $GITHUB_WORKSPACE/python-setup/auto_install_packages.py "$(dirname ${{steps.init.outputs.codeql-path}})"
+
+    - name: Setup for extractor
+      run: |
+        echo $CODEQL_PYTHON
+        # only run if $CODEQL_PYTHON is set
+        if [ ! -z $CODEQL_PYTHON ]; then
+            $GITHUB_WORKSPACE/python-setup/tests/from_python_exe.py $CODEQL_PYTHON;
+        fi
+
+    - name: Verify packages installed
+      run: |
+        test -z $LGTM_INDEX_IMPORT_PATH
 
   test-setup-python-scripts-windows:
     runs-on: windows-latest
     strategy:
         fail-fast: false
         matrix:
-          include:
-            - test_dir: python-setup/tests/pipenv/requests-2
-              python_version: 2
-            - test_dir: python-setup/tests/pipenv/requests-3
-              python_version: 3
-
-            - test_dir: python-setup/tests/poetry/requests-2
-              python_version: 2
-            - test_dir: python-setup/tests/poetry/requests-3
-              python_version: 3
-
-            - test_dir: python-setup/tests/requirements/requests-2
-              python_version: 2
-            - test_dir: python-setup/tests/requirements/requests-3
-              python_version: 3
-
-            - test_dir: python-setup/tests/setup_py/requests-2
-              python_version: 2
-            - test_dir: python-setup/tests/setup_py/requests-3
-              python_version: 3
+          python_deps_type: [pipenv, poetry, requirements, setup_py]
+          python_version: [2, 3]
+
+    env:
+      PYTHON_DEPS_TYPE: ${{ matrix.python_deps_type }}
+      PYTHON_VERSION: ${{ matrix.python_version }}
 
     steps:
     # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
@@ -117,17 +132,19 @@ jobs:
         $cmd = $Env:GITHUB_WORKSPACE + "\\python-setup\\install_tools.ps1"
         powershell -File $cmd
 
-        cd $Env:GITHUB_WORKSPACE\\${{ matrix.test_dir }}
+        cd $Env:GITHUB_WORKSPACE\\python-setup/tests/$Env:PYTHON_DEPS_TYPE/requests-$Env:PYTHON_VERSION
         $DefaultsPath = Join-Path (Join-Path $Env:GITHUB_WORKSPACE "src") "defaults.json"
         $CodeQLBundleName = (Get-Content -Raw -Path $DefaultsPath | ConvertFrom-Json).bundleVersion
         $CodeQLVersion = "0.0.0-" + $CodeQLBundleName.split("-")[-1]
         py -3 $Env:GITHUB_WORKSPACE\\python-setup\\auto_install_packages.py C:\\hostedtoolcache\\windows\\CodeQL\\$CodeQLVersion\\x64\\codeql
+
     - name: Setup for extractor
       run: |
         echo $Env:CODEQL_PYTHON
 
         py -3 $Env:GITHUB_WORKSPACE\\python-setup\\tests\\from_python_exe.py $Env:CODEQL_PYTHON
+
     - name: Verify packages installed
       run: |
         $cmd = $Env:GITHUB_WORKSPACE + "\\python-setup\\tests\\check_requests_123.ps1"
-        powershell -File $cmd ${{ matrix.python_version }}
+        powershell -File $cmd $Env:PYTHON_VERSION

.vscode/tasks.json

@@ -0,0 +1,15 @@
+{
+	"version": "2.0.0",
+	"tasks": [
+		{
+			"type": "typescript",
+			"tsconfig": "tsconfig.json",
+			"option": "watch",
+			"problemMatcher": [
+				"$tsc-watch"
+			],
+			"group": "build",
+			"label": "tsc: watch - tsconfig.json"
+		}
+	]
+}

CONTRIBUTING.md

@@ -22,6 +22,14 @@ Before you start, ensure that you have a recent version of node installed. You c
 
 This project also includes configuration to run tests from VSCode (with support for breakpoints) - open the test file you wish to run and choose "Debug AVA test file" from the Run menu in the Run panel.
 
+You may want to run `tsc --watch` from the command line or inside of vscode in order to ensure build artifacts are up to date as you are working.
+
+### Checking in compiled artifacts and `node_modules`
+
+Because CodeQL Action users consume the code directly from this repository, and there can be no build step during an GitHub Actions run, this repository contains all compiled artifacts and node modules. There is a PR check that will fail if any of the compiled artifacts are not up to date. Compiled artifacts are stored in the `lib/` directory. For all day-to-day development purposes, this folder can be ignored.
+
+Only run `npm install` if you are explicitly changing the set of dependencies in `package.json`. The `node_modules` directory should be up to date when you check out, but if for some reason, there is an inconsistency use `npm ci && npm run removeNPMAbsolutePaths` to ensure the directory is in a state consistent with the `package-lock.json`. There is a PR check to ensure the consistency of the `node_modules` directory.
+
 ### Running the action
 
 To see the effect of your changes and to test them, push your changes in a branch and then look at the [Actions output](https://github.com/github/codeql-action/actions) for that branch.  You can also exercise the code locally by running the automated tests.

analyze/action.yml

@@ -27,6 +27,9 @@ inputs:
     description: "The path at which the analyzed repository was checked out. Used to relativize any absolute paths in the uploaded SARIF file."
     required: false
     default: ${{ github.workspace }}
+  category:
+    description: String used by Code Scanning for matching the analyses
+    required: false
   token:
     default: ${{ github.token }}
   matrix:

init/action.yml

@@ -16,6 +16,9 @@ inputs:
   config-file:
     description: Path of the config file to use
     required: false
+  db-location:
+    description: Path where CodeQL databases should be created. If not specified, a temporary directory will be used.
+    required: false
   queries:
     description: Comma-separated list of additional queries to run. By default, this overrides the same setting in a configuration file; prefix with "+" to use both sets of queries.
     required: false