From db6e5fff065341ca19d3d8aff62ec335ea34a9d8 Mon Sep 17 00:00:00 2001 From: Henry Mercer Date: Fri, 2 Feb 2024 15:16:36 +0000 Subject: [PATCH] Extract separate function for `warnIfGoInstalledAfterInit` --- src/analyze-action.ts | 52 ++++++++----------------------------------- src/analyze.ts | 48 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 57 insertions(+), 43 deletions(-) diff --git a/src/analyze-action.ts b/src/analyze-action.ts index 4151ba97f..8483d9af8 100644 --- a/src/analyze-action.ts +++ b/src/analyze-action.ts @@ -3,7 +3,6 @@ import path from "path"; import { performance } from "perf_hooks"; import * as core from "@actions/core"; -import { safeWhich } from "@chrisgavin/safe-which"; import * as actionsUtil from "./actions-util"; import { @@ -13,13 +12,13 @@ import { runCleanup, runFinalize, runQueries, + warnIfGoInstalledAfterInit, } from "./analyze"; import { getApiDetails, getGitHubVersion } from "./api-client"; import { runAutobuild } from "./autobuild"; import { getCodeQL } from "./codeql"; import { Config, getConfig } from "./config-utils"; import { uploadDatabases } from "./database-upload"; -import { addDiagnostic, makeDiagnostic } from "./diagnostics"; import { EnvVar } from "./environment"; import { Features } from "./feature-flags"; import { Language } from "./languages"; @@ -140,6 +139,12 @@ async function runAutobuildIfLegacyGoWorkflow(config: Config, logger: Logger) { if (!config.languages.includes(Language.go)) { return; } + if (config.buildMode) { + logger.debug( + "Skipping legacy Go autobuild since a build mode has been specified.", + ); + return; + } if (process.env[EnvVar.DID_AUTOBUILD_GOLANG] === "true") { logger.debug("Won't run Go autobuild since it has already been run."); return; @@ -234,46 +239,7 @@ async function run() { logger, ); - // Check that `which go` still points at the same path it did when the `init` Action ran to ensure that no steps - // in-between performed any setup. We encourage users to perform all setup tasks before initializing CodeQL so that - // the setup tasks do not interfere with our analysis. - // Furthermore, if we installed a wrapper script in the `init` Action, we need to ensure that there isn't a step - // in the workflow after the `init` step which installs a different version of Go and takes precedence in the PATH, - // thus potentially circumventing our workaround that allows tracing to work. - const goInitPath = process.env[EnvVar.GO_BINARY_LOCATION]; - - if ( - process.env[EnvVar.DID_AUTOBUILD_GOLANG] !== "true" && - goInitPath !== undefined - ) { - const goBinaryPath = await safeWhich("go"); - - if (goInitPath !== goBinaryPath) { - core.warning( - `Expected \`which go\` to return ${goInitPath}, but got ${goBinaryPath}: please ensure that the correct version of Go is installed before the \`codeql-action/init\` Action is used.`, - ); - - addDiagnostic( - config, - Language.go, - makeDiagnostic( - "go/workflow/go-installed-after-codeql-init", - "Go was installed after the `codeql-action/init` Action was run", - { - markdownMessage: - "To avoid interfering with the CodeQL analysis, perform all installation steps before calling the `github/codeql-action/init` Action.", - visibility: { - statusPage: true, - telemetry: true, - cliSummaryTable: true, - }, - severity: "warning", - }, - ), - ); - } - } - + await warnIfGoInstalledAfterInit(config, logger); await runAutobuildIfLegacyGoWorkflow(config, logger); dbCreationTimings = await runFinalize( @@ -337,7 +303,7 @@ async function run() { // We don't upload results in test mode, so don't wait for processing if (util.isInTestMode()) { - core.debug("In test mode. Waiting for processing is disabled."); + logger.debug("In test mode. Waiting for processing is disabled."); } else if ( uploadResult !== undefined && actionsUtil.getRequiredInput("wait-for-processing") === "true" diff --git a/src/analyze.ts b/src/analyze.ts index 78d31e36d..60bafd34a 100644 --- a/src/analyze.ts +++ b/src/analyze.ts @@ -3,6 +3,7 @@ import * as path from "path"; import { performance } from "perf_hooks"; import * as toolrunner from "@actions/exec/lib/toolrunner"; +import { safeWhich } from "@chrisgavin/safe-which"; import del from "del"; import * as yaml from "js-yaml"; @@ -12,6 +13,8 @@ import { getCodeQL, } from "./codeql"; import * as configUtils from "./config-utils"; +import { addDiagnostic, makeDiagnostic } from "./diagnostics"; +import { EnvVar } from "./environment"; import { FeatureEnablement, Feature, @@ -419,6 +422,51 @@ export async function runFinalize( return timings; } +export async function warnIfGoInstalledAfterInit( + config: configUtils.Config, + logger: Logger, +) { + // Check that `which go` still points at the same path it did when the `init` Action ran to ensure that no steps + // in-between performed any setup. We encourage users to perform all setup tasks before initializing CodeQL so that + // the setup tasks do not interfere with our analysis. + // Furthermore, if we installed a wrapper script in the `init` Action, we need to ensure that there isn't a step + // in the workflow after the `init` step which installs a different version of Go and takes precedence in the PATH, + // thus potentially circumventing our workaround that allows tracing to work. + const goInitPath = process.env[EnvVar.GO_BINARY_LOCATION]; + + if ( + process.env[EnvVar.DID_AUTOBUILD_GOLANG] !== "true" && + goInitPath !== undefined + ) { + const goBinaryPath = await safeWhich("go"); + + if (goInitPath !== goBinaryPath) { + logger.warning( + `Expected \`which go\` to return ${goInitPath}, but got ${goBinaryPath}: please ensure that the correct version of Go is installed before the \`codeql-action/init\` Action is used.`, + ); + + addDiagnostic( + config, + Language.go, + makeDiagnostic( + "go/workflow/go-installed-after-codeql-init", + "Go was installed after the `codeql-action/init` Action was run", + { + markdownMessage: + "To avoid interfering with the CodeQL analysis, perform all installation steps before calling the `github/codeql-action/init` Action.", + visibility: { + statusPage: true, + telemetry: true, + cliSummaryTable: true, + }, + severity: "warning", + }, + ), + ); + } + } +} + export async function runCleanup( config: configUtils.Config, cleanupLevel: string,