diff --git a/.github/workflows/cli.yml b/.github/workflows/cli.yml index 1ce2fbfc4..189ac7d1e 100644 --- a/.github/workflows/cli.yml +++ b/.github/workflows/cli.yml @@ -1,6 +1,6 @@ name: "CodeScanning CLI" -on: [push, pull_request] +on: [pull_request] jobs: build: diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index dbf82c60d..944484407 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -1,6 +1,6 @@ name: "CodeQL action" -on: [push, pull_request] +on: [pull_request] jobs: build: diff --git a/.github/workflows/integration-testing.yml b/.github/workflows/integration-testing.yml index b805489eb..85fafe8e7 100644 --- a/.github/workflows/integration-testing.yml +++ b/.github/workflows/integration-testing.yml @@ -3,150 +3,191 @@ name: "Integration Testing" on: [push, pull_request] jobs: - multi-language-repo_test-autodetect-languages: - runs-on: ubuntu-latest + # multi-language-repo_test-autodetect-languages: + # runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - - uses: ./../action/init - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - env: - TEST_MODE: true - - run: | - cd "$RUNNER_TEMP/codeql_databases" - # List all directories as there will be precisely one directory per database - # but there may be other files in this directory such as query suites. - if [ "$(ls -d */ | wc -l)" != 6 ] || \ - [[ ! -d cpp ]] || \ - [[ ! -d csharp ]] || \ - [[ ! -d go ]] || \ - [[ ! -d java ]] || \ - [[ ! -d javascript ]] || \ - [[ ! -d python ]]; then - echo "Did not find expected number of databases. Database dir contains: $(ls)" - exit 1 - fi + # steps: + # - uses: actions/checkout@v2 + # - name: Move codeql-action + # shell: bash + # run: | + # mkdir ../action + # mv * .github ../action/ + # mv ../action/tests/multi-language-repo/{*,.github} . + # - uses: ./../action/init + # - name: Build code + # shell: bash + # run: ./build.sh + # - uses: ./../action/analyze + # env: + # TEST_MODE: true + # - run: | + # cd "$RUNNER_TEMP/codeql_databases" + # # List all directories as there will be precisely one directory per database + # # but there may be other files in this directory such as query suites. + # if [ "$(ls -d */ | wc -l)" != 6 ] || \ + # [[ ! -d cpp ]] || \ + # [[ ! -d csharp ]] || \ + # [[ ! -d go ]] || \ + # [[ ! -d java ]] || \ + # [[ ! -d javascript ]] || \ + # [[ ! -d python ]]; then + # echo "Did not find expected number of databases. Database dir contains: $(ls)" + # exit 1 + # fi - multi-language-repo_test-custom-queries-and-remote-config: - strategy: - fail-fast: false - matrix: - os: [ubuntu-latest, windows-latest, macos-latest] - runs-on: ${{ matrix.os }} + # multi-language-repo_test-custom-queries-and-remote-config: + # strategy: + # fail-fast: false + # matrix: + # os: [ubuntu-latest, windows-latest, macos-latest] + # runs-on: ${{ matrix.os }} - steps: - - uses: actions/checkout@v2 - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - - uses: ./../action/init - with: - languages: cpp,csharp,java,javascript,python - config-file: github/codeql-action/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - env: - TEST_MODE: true + # steps: + # - uses: actions/checkout@v2 + # - name: Move codeql-action + # shell: bash + # run: | + # mkdir ../action + # mv * .github ../action/ + # mv ../action/tests/multi-language-repo/{*,.github} . + # - uses: ./../action/init + # with: + # languages: cpp,csharp,java,javascript,python + # config-file: github/codeql-action/tests/multi-language-repo/.github/codeql/custom-queries.yml@${{ github.sha }} + # - name: Build code + # shell: bash + # run: ./build.sh + # - uses: ./../action/analyze + # env: + # TEST_MODE: true - # Currently is not possible to analyze Go in conjunction with other languages in macos - multi-language-repo_test-go-custom-queries: - strategy: - fail-fast: false - matrix: - os: [ubuntu-latest, windows-latest, macos-latest] - runs-on: ${{ matrix.os }} + # # Currently is not possible to analyze Go in conjunction with other languages in macos + # multi-language-repo_test-go-custom-queries: + # strategy: + # fail-fast: false + # matrix: + # os: [ubuntu-latest, windows-latest, macos-latest] + # runs-on: ${{ matrix.os }} - steps: - - uses: actions/setup-go@v2 - if: ${{ matrix.os == 'macos-latest' }} - with: - go-version: '^1.13.1' - - uses: actions/checkout@v2 - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - - uses: ./../action/init - with: - languages: go - config-file: ./.github/codeql/custom-queries.yml - - name: Build code - shell: bash - run: ./build.sh - - uses: ./../action/analyze - env: - TEST_MODE: true + # steps: + # - uses: actions/setup-go@v2 + # if: ${{ matrix.os == 'macos-latest' }} + # with: + # go-version: '^1.13.1' + # - uses: actions/checkout@v2 + # - name: Move codeql-action + # shell: bash + # run: | + # mkdir ../action + # mv * .github ../action/ + # mv ../action/tests/multi-language-repo/{*,.github} . + # - uses: ./../action/init + # with: + # languages: go + # config-file: ./.github/codeql/custom-queries.yml + # - name: Build code + # shell: bash + # run: ./build.sh + # - uses: ./../action/analyze + # env: + # TEST_MODE: true + + # multi-language-repo_rubocop: + # runs-on: ubuntu-latest - multi-language-repo_rubocop: + # steps: + # - uses: actions/checkout@v2 + # - name: Move codeql-action + # shell: bash + # run: | + # mkdir ../action + # mv * .github ../action/ + # mv ../action/tests/multi-language-repo/{*,.github} . + # - name: Set up Ruby + # uses: ruby/setup-ruby@v1 + # with: + # ruby-version: 2.6 + # - name: Install Code Scanning integration + # run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install + # - name: Install dependencies + # run: bundle install + # - name: Rubocop run + # run: | + # bash -c " + # bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif + # [[ $? -ne 2 ]] + # " + # - uses: ./../action/upload-sarif + # with: + # sarif_file: rubocop.sarif + # env: + # TEST_MODE: true + + # test-proxy: + # runs-on: ubuntu-latest + # container: + # image: ubuntu:18.04 + # options: --dns 127.0.0.1 + # services: + # squid-proxy: + # image: datadog/squid:latest + # ports: + # - 3128:3128 + # env: + # https_proxy: http://squid-proxy:3128 + # steps: + # - uses: actions/checkout@v2 + # - name: Move codeql-action + # shell: bash + # run: | + # mkdir ../action + # mv * .github ../action/ + # mv ../action/tests/multi-language-repo/{*,.github} . + # - uses: ./../action/init + # with: + # languages: javascript + # - uses: ./../action/analyze + # env: + # TEST_MODE: true + + +# Test the behaviour when asked to scan a compiled language but no code is compiled + java: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - - name: Set up Ruby - uses: ruby/setup-ruby@v1 - with: - ruby-version: 2.6 - - name: Install Code Scanning integration - run: bundle add code-scanning-rubocop --version 0.3.0 --skip-install - - name: Install dependencies - run: bundle install - - name: Rubocop run - run: | - bash -c " - bundle exec rubocop --require code_scanning --format CodeScanning::SarifFormatter -o rubocop.sarif - [[ $? -ne 2 ]] - " - - uses: ./../action/upload-sarif - with: - sarif_file: rubocop.sarif - env: - TEST_MODE: true - - test-proxy: + - uses: actions/checkout@v2 + - name: Move codeql-action + shell: bash + run: | + mkdir ../action + shopt -s dotglob + mv * ../action/ + # Do not copy anything back, so there's nothing left to scan + - uses: ./../action/init + with: + languages: java + - uses: ./../action/analyze + env: + TEST_MODE: true + + # Test the behaviour when asked to scan a non-compiled language but there is no code to scan + javascript: runs-on: ubuntu-latest - container: - image: ubuntu:18.04 - options: --dns 127.0.0.1 - services: - squid-proxy: - image: datadog/squid:latest - ports: - - 3128:3128 - env: - https_proxy: http://squid-proxy:3128 + steps: - - uses: actions/checkout@v2 - - name: Move codeql-action - shell: bash - run: | - mkdir ../action - mv * .github ../action/ - mv ../action/tests/multi-language-repo/{*,.github} . - - uses: ./../action/init - with: - languages: javascript - - uses: ./../action/analyze - env: - TEST_MODE: true + - uses: actions/checkout@v2 + - name: Move codeql-action + shell: bash + run: | + mkdir ../action + shopt -s dotglob + mv * ../action/ + # Do not copy anything back, so there's nothing left to scan + - uses: ./../action/init + with: + languages: javascript + - uses: ./../action/analyze + env: + TEST_MODE: true diff --git a/.github/workflows/pr-checks.yml b/.github/workflows/pr-checks.yml index fb30c74a7..c952c5255 100644 --- a/.github/workflows/pr-checks.yml +++ b/.github/workflows/pr-checks.yml @@ -1,6 +1,6 @@ name: "PR checks" -on: [push, pull_request] +on: [pull_request] jobs: tslint: diff --git a/lib/exec_wrapper.js b/lib/exec_wrapper.js index 4d1ee6f27..b1cd829eb 100644 --- a/lib/exec_wrapper.js +++ b/lib/exec_wrapper.js @@ -37,12 +37,27 @@ async function exec_wrapper(commandLine, args, options) { } } }; - const returnCode = await exec.exec(commandLine, args, { - listeners: listeners, - ...options - }); - if (stderr === stdout) { - console.log('foo bar'); + let returnCode; + try { + returnCode = await exec.exec(commandLine, args, { + listeners: listeners, + ...options + }); + } + catch (e) { + returnCode = 1; + } + if (returnCode === 0) { + throw new Error('The exit code was ' + returnCode + '?!'); + } + const regex = new RegExp("(No source code was seen during the build\\.|No JavaScript or TypeScript code found\\.)"); + if (regex.test(stderr) || regex.test(stdout)) { + throw new Error(`No source code was found. This can occur if the specified build commands failed to compile or process any code. + - Confirm that there is some source code for the specified language in the project. + - For codebases written in Go, JavaScript, TypeScript, and Python, do not specify + an explicit --command. + - For other languages, the --command must specify a "clean" build which compiles + https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning`); } return returnCode; } diff --git a/lib/exec_wrapper.js.map b/lib/exec_wrapper.js.map index 9782a3592..abc1307a2 100644 --- a/lib/exec_wrapper.js.map +++ b/lib/exec_wrapper.js.map @@ -1 +1 @@ -{"version":3,"file":"exec_wrapper.js","sourceRoot":"","sources":["../src/exec_wrapper.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAG/B,KAAK,UAAU,YAAY,CAAC,WAAmB,EAAE,IAAe,EAAE,OAAwB;;IAE/F,MAAM,gBAAgB,SAAG,OAAO,0CAAE,SAAS,CAAC;IAE5C,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,IAAI,SAAS,GAAG;QACd,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,OAAA,gBAAgB,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC1C,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAC/B;iBAAM;gBACL,iFAAiF;gBACjF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aAC5B;QAEH,CAAC;QACD,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,OAAA,gBAAgB,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC1C,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAC/B;iBAAM;gBACL,iFAAiF;gBACjF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aAC5B;QACH,CAAC;KACF,CAAC;IAEF,MAAM,UAAU,GAAG,MAAM,IAAI,CAAC,IAAI,CAChC,WAAW,EACX,IAAI,EACJ;QACE,SAAS,EAAE,SAAS;QACpB,GAAG,OAAO;KACX,CAAC,CAAC;IAEL,IAAI,MAAM,KAAK,MAAM,EAAG;QACtB,OAAO,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC;KACxB;IAED,OAAO,UAAU,CAAC;AAEpB,CAAC;AA3CD,oCA2CC"} \ No newline at end of file +{"version":3,"file":"exec_wrapper.js","sourceRoot":"","sources":["../src/exec_wrapper.ts"],"names":[],"mappings":";;;;;;;;;AAAA,oDAAsC;AAG/B,KAAK,UAAU,YAAY,CAAC,WAAmB,EAAE,IAAe,EAAE,OAAwB;;IAE/F,MAAM,gBAAgB,SAAG,OAAO,0CAAE,SAAS,CAAC;IAE5C,IAAI,MAAM,GAAG,EAAE,CAAC;IAChB,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,IAAI,SAAS,GAAG;QACd,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,OAAA,gBAAgB,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC1C,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAC/B;iBAAM;gBACL,iFAAiF;gBACjF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aAC5B;QAEH,CAAC;QACD,MAAM,EAAE,CAAC,IAAY,EAAE,EAAE;;YACvB,MAAM,IAAI,IAAI,CAAC,QAAQ,EAAE,CAAC;YAC1B,IAAI,OAAA,gBAAgB,0CAAE,MAAM,MAAK,SAAS,EAAE;gBAC1C,gBAAgB,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;aAC/B;iBAAM;gBACL,iFAAiF;gBACjF,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;aAC5B;QACH,CAAC;KACF,CAAC;IAEF,IAAI,UAAkB,CAAC;IACvB,IAAI;QACF,UAAU,GAAG,MAAM,IAAI,CAAC,IAAI,CAC1B,WAAW,EACX,IAAI,EACJ;YACE,SAAS,EAAE,SAAS;YACpB,GAAG,OAAO;SACX,CAAC,CAAC;KACN;IAAC,OAAO,CAAC,EAAE;QACV,UAAU,GAAG,CAAC,CAAC;KAChB;IACD,IAAI,UAAU,KAAK,CAAC,EAAE;QACpB,MAAM,IAAI,KAAK,CAAC,oBAAoB,GAAG,UAAU,GAAG,IAAI,CAAC,CAAC;KAC3D;IAED,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,yFAAyF,CAAC,CAAC;IAEpH,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,CAAC,IAAI,CAAC,MAAM,CAAC,EAAG;QAC7C,MAAM,IAAI,KAAK,CAAC;;;;;yHAKqG,CAAC,CAAC;KACxH;IAED,OAAO,UAAU,CAAC;AACpB,CAAC;AAzDD,oCAyDC"} \ No newline at end of file diff --git a/src/exec_wrapper.ts b/src/exec_wrapper.ts index 484e64121..3b5690489 100644 --- a/src/exec_wrapper.ts +++ b/src/exec_wrapper.ts @@ -30,18 +30,32 @@ export async function exec_wrapper(commandLine: string, args?: string[], options } }; - const returnCode = await exec.exec( - commandLine, - args, - { - listeners: listeners, - ...options - }); - - if (stderr === stdout ) { - console.log('foo bar'); + let returnCode: number; + try { + returnCode = await exec.exec( + commandLine, + args, + { + listeners: listeners, + ...options + }); + } catch (e) { + returnCode = 1; + } + if (returnCode === 0) { + throw new Error('The exit code was ' + returnCode + '?!'); } - return returnCode; + const regex = new RegExp("(No source code was seen during the build\\.|No JavaScript or TypeScript code found\\.)"); + if (regex.test(stderr) || regex.test(stdout) ) { + throw new Error(`No source code was found. This can occur if the specified build commands failed to compile or process any code. + - Confirm that there is some source code for the specified language in the project. + - For codebases written in Go, JavaScript, TypeScript, and Python, do not specify + an explicit --command. + - For other languages, the --command must specify a "clean" build which compiles + https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning`); + } + + return returnCode; }